From alex at nkpanama.com Fri Jun 1 01:12:19 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Jun 1 01:13:01 2007 Subject: Default Virus Actions In-Reply-To: <465F4B76.4020909@pixelhammer.com> References: <2579c6b20705311308o37a4ca14u97197e50049083cd@mail.gmail.com> <465F2C72.5080407@nkpanama.com> <465F4B76.4020909@pixelhammer.com> Message-ID: <465F6463.6080509@nkpanama.com> DAve wrote: > Alex Neuman van der Hans wrote: >> One thing I've noticed about this list is that people will not flame >> you as easily as other lists/chatrooms/forums. It's been years since >> I've seen an unwarranted flame - and even some who may have deserved >> getting flamed got a decent "please rephrase your question" or "try >> to explain what you mean by so and so" instead of getting "kicked in >> the groin". :-) >> > > Yea, I've been on THAT list ;^) > > DAve > And I'm sure you've also visited their IRC channel and their forum... :-) From rcooper at dwford.com Fri Jun 1 01:22:41 2007 From: rcooper at dwford.com (Rick Cooper) Date: Fri Jun 1 01:22:49 2007 Subject: inodes problem In-Reply-To: <465F1C3A.5090803@ecs.soton.ac.uk> References: <2007531101223.631487@pcn> <465F1C3A.5090803@ecs.soton.ac.uk> Message-ID: <077301c7a3e2$f86b33a0$0301a8c0@SAHOMELT> _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, May 31, 2007 3:04 PM To: MailScanner discussion Subject: Re: inodes problem Sometimes mailscanner benefits from a sleep of 10 or so seconds between a stop and a start. It gives the children some time to finish dying off. I wonder if it's killing it, waiting for a couple of seconds for it to die and then 'kill -9' it, without giving it long enough to clear up. My init.d script gives is 30 seconds to clear up. Funnily enough, there's a reason for that. If the cpanel authors think they know better, then what can I say? [Rick Cooper] In my own script I use a while loop that waits up to 120 seconds for MailScanner to stop. Increments a counter at the top, checks to see if the process is still running (top of the loop), if so waits one second (prints a dot first) and repeats until either the MailScanner parent is gone or the counter has decremented to zero. Prints an error message if MailScanner is not killed gracefully. It seems like it can take a bit some times depending on what MS (or children) is doing at the time. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070531/6d3aa954/attachment.html From Jason at SYO.Com Fri Jun 1 03:03:27 2007 From: Jason at SYO.Com (Jason Gottschalk) Date: Fri Jun 1 03:03:29 2007 Subject: How to store and delete a message In-Reply-To: References: <451805095.20070531135138@SYO.Com> <1566947004.20070531150553@SYO.Com> Message-ID: <1324498411.20070531220327@SYO.Com> Hello Scott, Just one account, actually. I figured it out. I have to use two rules. The first issue was that I didn't realize there was a "non spam" item in the mailscanner.conf file until Julian pressed the issue. I found that the "non spam" was set to "store deliver" rather than a ruleset. So I changed it to a ruleset and then placed my rule in there to delete the message. So here is what I have now, which, btw, is precisely what I was looking for. nonspam.action.rules: From:Him@HisDomain.com delete FromOrTo: Default Store Deliver Archive.Rules: FromOrTo: Him@HisDomain.Com /sites/hisdomain/mail/approve/mbox FromOrTo: Default So now I get what I want, his e-mail is stored for administrative approval before it is released. (There is a script that puts the message in /var/spool/mqueue after it is approved.) Thursday, May 31, 2007, 5:13:03 PM, you wrote: Scott> Jason Gottschalk spake the following on 5/31/2007 12:05 PM: >> Hello Scott, >> >> Can I write to a mbox from the spam rules? or do I need half of my >> goal in the spam ruleset and the other half of my gola in the archive >> ruleset. >> >> And if it is split, will the archive process before the spam? >> Scott> Are you trying to archive "everything" or just non-spam? Scott> Do you have one archive, or one for each recipient? Scott> -- Scott> MailScanner is like deodorant... Scott> You hope everybody uses it, and Scott> you notice quickly if they don't!!!! -- Best regards, Jason Gottschalk mailto:Jason@SYO.Com SYO Computer Engineering Services, Inc. 586-286-2557 From ugob at lubik.ca Fri Jun 1 06:18:20 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Fri Jun 1 06:18:35 2007 Subject: OT: VMware In-Reply-To: <31e7748d0705310555y6b25c9d5u81d3141f09f1c680@mail.gmail.com> References: <31e7748d0705310555y6b25c9d5u81d3141f09f1c680@mail.gmail.com> Message-ID: Rodney Green wrote: > Hello, > > I've seen VMware mentioned in a recent thread. What are the benefits of > using such a solution for an e-mail server? > I'm downloading VMware Server; the "free" version. Is this what you guys > are using? Is it indeed free? > > I just never thought of using virtualization for an e-mail server. It's > an interesting idea and would like to hear from > people already doing it. I'm planning to test a MailScanner box in an OpenVZ virtual machine when I have time... Ugo From Jeff.Mills at versacold.com.au Fri Jun 1 06:37:07 2007 From: Jeff.Mills at versacold.com.au (Jeff Mills) Date: Fri Jun 1 06:37:13 2007 Subject: OT: VMware References: <31e7748d0705310555y6b25c9d5u81d3141f09f1c680@mail.gmail.com> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Ugo Bellavance > Sent: Friday, 1 June 2007 3:18 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: OT: VMware > > Rodney Green wrote: > > Hello, > > > > I've seen VMware mentioned in a recent thread. What are the > benefits > > of using such a solution for an e-mail server? > > I'm downloading VMware Server; the "free" version. Is this what you > > guys are using? Is it indeed free? > > > > I just never thought of using virtualization for an e-mail server. > > It's an interesting idea and would like to hear from people already > > doing it. > > I'm planning to test a MailScanner box in an OpenVZ virtual > machine when I have time... > I'm running a MailScanner box on VMWare - Gentoo Linux Its been working flawlessly for the last few months. We are using the enterprise version though, not the free version. However, they are pretty similar. The enterprise version just as some nice features such as automatic load balancing over physical hardware, and automatically restarting a VM on another box if the physical hardware dies etc. Also central management etc is a big help to us. The enterprise version is also an O/S in itself. You do not need to preload the hardware with an operating system before installing VMWare. From glenn.steen at gmail.com Fri Jun 1 08:38:24 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 1 08:38:27 2007 Subject: How to store and delete a message In-Reply-To: <1324498411.20070531220327@SYO.Com> References: <451805095.20070531135138@SYO.Com> <1566947004.20070531150553@SYO.Com> <1324498411.20070531220327@SYO.Com> Message-ID: <223f97700706010038q7aeb899dr3edb066e4e697ba2@mail.gmail.com> On 01/06/07, Jason Gottschalk wrote: > Hello Scott, > > Just one account, actually. > > I figured it out. > > I have to use two rules. The first issue was that I didn't realize > there was a "non spam" item in the mailscanner.conf file until Julian > pressed the issue. I found that the "non spam" was set to "store > deliver" rather than a ruleset. > > So I changed it to a ruleset and then placed my rule in there to > delete the message. > > So here is what I have now, which, btw, is precisely what I was looking > for. > > > nonspam.action.rules: > From:Him@HisDomain.com delete > FromOrTo: Default Store Deliver > > Archive.Rules: > FromOrTo: Him@HisDomain.Com /sites/hisdomain/mail/approve/mbox > FromOrTo: Default > > > So now I get what I want, his e-mail is stored for administrative > approval before it is released. (There is a script that puts the > message in /var/spool/mqueue after it is approved.) > Just one thing... Archive Mail archives _everything_,spam and viruses as well. Since you store every message, you could have worked with the quarantine (the nonspam subdirectory) instead... And if you use MailWatch, you would have a nice tool to view the mails under review too:-). Just a though...:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From j.ede at birchenallhowden.co.uk Fri Jun 1 08:50:55 2007 From: j.ede at birchenallhowden.co.uk (Jason Ede) Date: Fri Jun 1 08:51:30 2007 Subject: SpamCheck report In-Reply-To: <465EFC09.9010808@ecs.soton.ac.uk> References: <462304A8.6030103@ddihealth.com><46230EAC.5070600@ddihealth.com><46231A7E.4080003@netmagicsolutions.com><462498A6.2020507@ddihealth.com><03203FB5-AC29-4B0B-BFB3-F9802A419917@elec.ucl.ac.be><77F6B238A9BA7847840CFF3DFDC46E190BB0FE@server03.BHL2.local> <024CA64E-2F65-4219-9D66-EBCE566BB31F@elec.ucl.ac.be><77F6B238A9BA7847840CFF3DFDC46E1905204B@server03.BHL2.local> <465ABD96.1020706@ecs.soton.ac.uk><77F6B238A9BA7847840CFF3DFDC46E190BB1F3@server03.BHL2.local> <465EFC09.9010808@ecs.soton.ac.uk> Message-ID: <77F6B238A9BA7847840CFF3DFDC46E190BB1FD@server03.BHL2.local> Cheers, I can't seem to make this work... Suspect I'm not calling it right... Assuming I've renamed functions in the routine from VirusScanning to SpamChecks I call it via Spam Checks = &SpamChecks I get this in my logs... Jun 1 08:44:54 server02 MailScanner[19947]: Config: calling custom init function SpamChecks Jun 1 08:44:54 server02 MailScanner[19947]: Syntax error in line 1, value "" for spamchecks is not one of allowed values "yes","no" So I assumed that the command line had to have the ruleset name following it so I tried Spam Checks = &SpamChecks %rules-dir%/scan-spam.rules (tried both with and without "" enclosing rule) I then get... Jun 1 08:48:08 server02 MailScanner[20134]: Config: calling custom init function MailWatchLogging Jun 1 08:48:08 server02 MailScanner[20134]: Started SQL Logging child Jun 1 08:48:08 server02 MailScanner[20134]: User's home directory /var/spool/postfix is not writable Jun 1 08:48:08 server02 MailScanner[20134]: You need to set the "SpamAssassin User State Dir" to a directory that the "Run As User" can write to Jun 1 08:48:09 server02 MailScanner[20134]: Using SpamAssassin results cache Jun 1 08:48:09 server02 MailScanner[20134]: Connected to SpamAssassin cache database Jun 1 08:48:09 server02 MailScanner[20134]: Enabling SpamAssassin auto-whitelist functionality... And mailscanner restarts every few seconds... (SpamAssassin User State Dir is set and has been fine till now!) What am I missing? Jason From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 31 May 2007 17:47 To: MailScanner discussion Subject: Re: SpamCheck report Jason Ede wrote: X-BHL-MailScanner- Spamcheck: Authenticated X-BHL-MailScanner-Information: Please contact the ISP for more information X-BHL-MailScanner: Found to be clean X-BHL-MailScanner-SpamCheck: X-BHL-MailScanner-From: j.ede@birchenallhowden.co.uk X-Spam-Status: No Ok, I've found the custom ruleset from function file... I think I can see roughly what's going on, but I've a couple of questions... The $option is the external name of the config option... I can't seem to work out what this should be... (I'm using the custom function on the 'Spam Checks' config option, but that doesn't comply with what $option should be How do I then specify what ruleset is then used? The External name is the same as the MailScanner.conf name but with all in lowercase, with all spaces and punctuation removed, so in your case it's just "spamchecks". Jason -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 28 May 2007 12:32 To: MailScanner discussion Subject: Re: SpamCheck report Jason Ede wrote: Hmmm.... Simple, but neat :-) Can you use a custom function and a ruleset at the same time? Yes. Take a look in the example in the /usr/lib/MailScanner/MailScanner/CustomFunctions directory. i.e. using the authenticated header check along with an ordinary ruleset containing a list of whitelisted addresses? Jason --------------------------------------------------------------------- --- *From:* mailscanner-bounces@lists.mailscanner.info on behalf of Pascal Maes *Sent:* Sun 27/05/2007 19:26 *To:* MailScanner discussion *Subject:* Re: SpamCheck report Le 27 mai 07 ? 15:51, Jason Ede a ?crit : Hi, I don't suppose you'd be willing to share that custom function? We'd like to do the same, but the only way I can see to do that so far is to have postfix include the SASL login username in the header which I'm loathe to do if I can really avoid it. Jason Why not ? The first idea comes from the list so I could post it again. But first, thanks to Julian for his quick answer. ------8<------8<------8<------8<------8<------8<------8<------8<----- -8< ------8<------ package MailScanner::CustomConfig; use strict 'vars'; use strict 'refs'; no strict 'subs'; # Allow bare words for parameter %'s use vars qw($VERSION); ### The package version, both in 1.23 style *and* usable by MakeMaker: $VERSION = substr q$Revision: 2331 $, 10; sub InitCheckSMTPAuth { # Empty } sub EndCheckSMTPAuth { # Empty } sub CheckSMTPAuth { my ($message) = @_; return 1 unless $message; foreach (@{$message->{headers}}) { if (/PUT HERE THE STRING ABOUT THE AUTHENTICATION/) { MailScanner::Log::InfoLog("Message %s from (%s) is authenticated ($1)", $message->{id}, $message->{ fromuser}); $global::MS->{mta}->AddHeader($message, 'X-MailScanner- Spamcheck:', 'Authenticated'); return 0; } } return 1; } 1; ------8<------8<------8<------8<------8<------8<------8<------8<----- -8< ------8<------ -- Pascal -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ----------------------------------------------------------- The information in this e-mail and any attachments is confidential. It is intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, or person responsible for delivering this information to the intended recipient, please notify the sender or email postmaster@birchenallhowden.co.uk and delete it from your computer systems. Unless you are the intended recipient or his/her representative you are not authorised to, and must not, read, copy, distribute, use or retain this message or any part of it. All messages are scanned by Mailscanner and are believed to be clean. Recipients are advised to apply their own virus checks to any message on delivery. No liability is accepted by BirchenallHowden Ltd for any losses caused by viruses contracted during transit over the internet or present in any receiving system. BirchenallHowden Ltd, 233 Edmund Road, Sheffield S2 4EL. ----- *BirchenallHowden* Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ----------------------------------------------------------- The information in this e-mail and any attachments is confidential. It is intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, or person responsible for delivering this information to the intended recipient, please notify the sender or email postmaster@birchenallhowden.co.uk and delete it from your computer systems. Unless you are the intended recipient or his/her representative you are not authorised to, and must not, read, copy, distribute, use or retain this message or any part of it. All messages are scanned by Mailscanner and are believed to be clean. Recipients are advised to apply their own virus checks to any message on delivery. No liability is accepted by BirchenallHowden Ltd for any losses caused by viruses contracted during transit over the internet or present in any receiving system. BirchenallHowden Ltd, 233 Edmund Road, Sheffield, S2 4EL Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. For all you IT requirements visit transtec Computers . ----------------------------------------------------------- The information in this e-mail and any attachments is confidential. It is intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, or person responsible for delivering this information to the intended recipient, please notify the sender or email postmaster@birchenallhowden.co.uk and delete it from your computer systems. Unless you are the intended recipient or his/her representative you are not authorised to, and must not, read, copy, distribute, use or retain this message or any part of it. All messages are scanned by Mailscanner and are believed to be clean. Recipients are advised to apply their own virus checks to any message on delivery. No liability is accepted by BirchenallHowden Ltd for any losses caused by viruses contracted during transit over the internet or present in any receiving system. BirchenallHowden Ltd, 233 Edmund Road, Sheffield, S2 4EL -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070601/358d4c5a/attachment.html From oliver.weinmann at vega.de Fri Jun 1 09:01:50 2007 From: oliver.weinmann at vega.de (Oliver Weinmann) Date: Fri Jun 1 09:02:22 2007 Subject: Problem with blocked content emails Message-ID: <7149796D3C44874AA501840BD72E576CE01F1C@zaphod.vegagroup.net> Dear All, Some html messages are beeing blocked, message is: MailScanner: Found a script in HTML message I don't want to disable the scanning for scripts, so i added the sender of this email to the spam.whitelist. This doesn't seem to work. Is there any other solution? Regards, Oli From MailScanner at ecs.soton.ac.uk Fri Jun 1 09:17:33 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 1 09:19:03 2007 Subject: New Clamav 0.90.3 In-Reply-To: <465F3E88.4060502@fractalweb.com> References: <465F08B1.2060009@ecs.soton.ac.uk> <465F1AF8.7010709@nkpanama.com> <465F3E88.4060502@fractalweb.com> Message-ID: <465FD61D.2060007@ecs.soton.ac.uk> Chris Yuzik wrote: > Scott Silva wrote: >> Alex Neuman spake the following on 5/31/2007 11:59 AM: >> >>> You could almost say his response time *improved*! :-) >> Because he hasn't had to run the "work" process. But that probably >> won't last >> too much longer. >> > Ok, that's funny. I was just reading an aricle detailing the > inner-workings of load averages. > > So Julian, what is your load average these days? ;-) I try to keep it below about 0.4 whenever possible. But my folks are coming to see me today, so it'll a bit higher :-) It's not going up to 1 until I have to run the "work" process, which won't happen for another month yet. That tends to consume all available resources, and result in a load avg of 2 or 3 for long periods of time. The only saviour at that point is the "lunch" command which consumes a lot of resources but does nothing. Surprisingly useful at times... Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From j.ede at birchenallhowden.co.uk Fri Jun 1 09:48:05 2007 From: j.ede at birchenallhowden.co.uk (Jason Ede) Date: Fri Jun 1 09:58:20 2007 Subject: New Clamav 0.90.3 In-Reply-To: <465FD61D.2060007@ecs.soton.ac.uk> References: <465F08B1.2060009@ecs.soton.ac.uk> <465F1AF8.7010709@nkpanama.com> <465F3E88.4060502@fractalweb.com> <465FD61D.2060007@ecs.soton.ac.uk> Message-ID: <77F6B238A9BA7847840CFF3DFDC46E190BB205@server03.BHL2.local> > Chris Yuzik wrote: > > Scott Silva wrote: > >> Alex Neuman spake the following on 5/31/2007 11:59 AM: > >> > >>> You could almost say his response time *improved*! :-) > >> Because he hasn't had to run the "work" process. But that probably > >> won't last > >> too much longer. > >> > > Ok, that's funny. I was just reading an aricle detailing the > > inner-workings of load averages. > > > > So Julian, what is your load average these days? ;-) > I try to keep it below about 0.4 whenever possible. But my folks are > coming to see me today, so it'll a bit higher :-) > It's not going up to 1 until I have to run the "work" process, which > won't happen for another month yet. That tends to consume all available > resources, and result in a load avg of 2 or 3 for long periods of time. > The only saviour at that point is the "lunch" command which consumes a > lot of resources but does nothing. Surprisingly useful at times... But I bet that?s not as useful as the beer command, which I've been reliably informed works very well with the lunch command, although really need to specify the long format as the short format doesn't seem to work properly... > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ----------------------------------------------------------- The information in this e-mail and any attachments is confidential. It is intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, or person responsible for delivering this information to the intended recipient, please notify the sender or email postmaster@birchenallhowden.co.uk and delete it from your computer systems. Unless you are the intended recipient or his/her representative you are not authorised to, and must not, read, copy, distribute, use or retain this message or any part of it. All messages are scanned by Mailscanner and are believed to be clean. Recipients are advised to apply their own virus checks to any message on delivery. No liability is accepted by BirchenallHowden Ltd for any losses caused by viruses contracted during transit over the internet or present in any receiving system. BirchenallHowden Ltd, 233 Edmund Road, Sheffield, S2 4EL From MailScanner at ecs.soton.ac.uk Fri Jun 1 10:34:59 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 1 10:38:55 2007 Subject: SpamCheck report In-Reply-To: <77F6B238A9BA7847840CFF3DFDC46E190BB1FD@server03.BHL2.local> References: <462304A8.6030103@ddihealth.com><46230EAC.5070600@ddihealth.com><46231A7E.4080003@netmagicsolutions.com><462498A6.2020507@ddihealth.com><03203FB5-AC29-4B0B-BFB3-F9802A419917@elec.ucl.ac.be><77F6B238A9BA7847840CFF3DFDC46E190BB0FE@server03.BHL2.local> <024CA64E-2F65-4219-9D66-EBCE566BB31F@elec.ucl.ac.be><77F6B238A9BA7847840CFF3DFDC46E1905204B@server03.BHL2.local> <465ABD96.1020706@ecs.soton.ac.uk><77F6B238A9BA7847840CFF3DFDC46E190BB1F3@server03.BHL2.local> <465EFC09.9010808@ecs.soton.ac.uk> <77F6B238A9BA7847840CFF3DFDC46E190BB1FD@server03.BHL2.local> Message-ID: <465FE843.1040700@ecs.soton.ac.uk> It doesn't matter what you call your Custom Function, just call it whatever you put in the MailScanner.conf line, so Spam Checks = &MyCustFunc is just fine, your Custom Function is called MyCustFunc. You don't normally need any parameters to the Custom Function. The result of the Function is the value you want to supply to that configuration option, with one exception: Instead of returning no or yes, you should return 0 or 1. Other than that you return the value you want that config option to have. Just like a ruleset applies tests to the from+to addresses of the message to work out the value, a Custom Function runs a bit of your code to work out the value. Jason Ede wrote: > > Cheers, > > > > I can't seem to make this work... Suspect I'm not calling it right... > > > > Assuming I've renamed functions in the routine from VirusScanning to > SpamChecks > > > > I call it via > > > > Spam Checks = &SpamChecks > > > > I get this in my logs... > > Jun 1 08:44:54 server02 MailScanner[19947]: Config: calling custom > init function SpamChecks > > Jun 1 08:44:54 server02 MailScanner[19947]: Syntax error in line 1, > value "" for spamchecks is not one of allowed values "yes","no" > > > > So I assumed that the command line had to have the ruleset name > following it so I tried > > > > Spam Checks = &SpamChecks %rules-dir%/scan-spam.rules > > > > (tried both with and without "" enclosing rule) > > > > I then get... > > > > Jun 1 08:48:08 server02 MailScanner[20134]: Config: calling custom > init function MailWatchLogging > > Jun 1 08:48:08 server02 MailScanner[20134]: Started SQL Logging child > > Jun 1 08:48:08 server02 MailScanner[20134]: User's home directory > /var/spool/postfix is not writable > > Jun 1 08:48:08 server02 MailScanner[20134]: You need to set the > "SpamAssassin User State Dir" to a directory that the "Run As User" > can write to > > Jun 1 08:48:09 server02 MailScanner[20134]: Using SpamAssassin > results cache > > Jun 1 08:48:09 server02 MailScanner[20134]: Connected to SpamAssassin > cache database > > Jun 1 08:48:09 server02 MailScanner[20134]: Enabling SpamAssassin > auto-whitelist functionality... > > > > And mailscanner restarts every few seconds... (SpamAssassin User State > Dir is set and has been fine till now!) > > > > What am I missing? > > > > Jason > > > > > > *From:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Julian Field > *Sent:* 31 May 2007 17:47 > *To:* MailScanner discussion > *Subject:* Re: SpamCheck report > > > > > > Jason Ede wrote: > > X-BHL-MailScanner- Spamcheck: Authenticated > X-BHL-MailScanner-Information: Please contact the ISP for more information > X-BHL-MailScanner: Found to be clean > X-BHL-MailScanner-SpamCheck: > X-BHL-MailScanner-From: j.ede@birchenallhowden.co.uk > X-Spam-Status: No > > Ok, I've found the custom ruleset from function file... I think I can see roughly what's going on, but I've a couple of questions... > > The $option is the external name of the config option... I can't seem to work out what this should be... (I'm using the custom function on the 'Spam Checks' config option, but that doesn't comply with what $option should be > > How do I then specify what ruleset is then used? > > > The External name is the same as the MailScanner.conf name but with > all in lowercase, with all spaces and punctuation removed, so in your > case it's just "spamchecks". > > > Jason > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info ] On Behalf Of Julian Field > > Sent: 28 May 2007 12:32 > > To: MailScanner discussion > > Subject: Re: SpamCheck report > > > > > > > > Jason Ede wrote: > > > > Hmmm.... Simple, but neat :-) > > > > Can you use a custom function and a ruleset at the same time? > > > > Yes. Take a look in the example in the > > /usr/lib/MailScanner/MailScanner/CustomFunctions directory. > > > > i.e. using the authenticated header check along with an ordinary > > ruleset containing a list of whitelisted addresses? > > > > Jason > > > > --------------------------------------------------------------------- > > > > --- > > > > *From:* mailscanner-bounces@lists.mailscanner.info on behalf of > > > > Pascal > > > > Maes > > *Sent:* Sun 27/05/2007 19:26 > > *To:* MailScanner discussion > > *Subject:* Re: SpamCheck report > > > > > > Le 27 mai 07 ? 15:51, Jason Ede a ?crit : > > > > > > Hi, > > > > I don't suppose you'd be willing to share that custom function? > > > > We'd > > > > like to do the same, but the only way I can see to do that so far > > is to > > have postfix include the SASL login username in the header which > > > > I'm > > > > loathe to do if I can really avoid it. > > > > Jason > > > > > > Why not ? > > The first idea comes from the list so I could post it again. > > But first, thanks to Julian for his quick answer. > > > > ------8<------8<------8<------8<------8<------8<------8<------8<----- > > > > -8< > > > > ------8<------ > > > > package MailScanner::CustomConfig; > > > > use strict 'vars'; > > use strict 'refs'; > > no strict 'subs'; # Allow bare words for parameter %'s > > > > use vars qw($VERSION); > > > > ### The package version, both in 1.23 style *and* usable by > > > > MakeMaker: > > > > $VERSION = substr q$Revision: 2331 $, 10; > > > > sub InitCheckSMTPAuth > > { > > # Empty > > } > > > > sub EndCheckSMTPAuth > > { > > # Empty > > } > > > > sub CheckSMTPAuth > > { > > my ($message) = @_; > > return 1 unless $message; > > > > foreach (@{$message->{headers}}) > > { > > if (/PUT HERE THE STRING ABOUT THE AUTHENTICATION/) > > { > > MailScanner::Log::InfoLog("Message %s from (%s) is > > authenticated ($1)", $message->{id}, $message->{ > > fromuser}); > > $global::MS->{mta}->AddHeader($message, 'X-MailScanner- > > Spamcheck:', 'Authenticated'); > > return 0; > > } > > } > > return 1; > > } > > > > 1; > > > > ------8<------8<------8<------8<------8<------8<------8<------8<----- > > > > -8< > > > > ------8<------ > > > > > > -- > > Pascal > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > ----------------------------------------------------------- > > The information in this e-mail and any attachments is confidential. > > > > It > > > > is intended solely for the attention and use of the named > > addressee(s). If you are not the intended recipient, or person > > responsible for delivering this information to the intended > > > > recipient, > > > > please notify the sender or email postmaster@birchenallhowden.co.uk > > and delete it from your computer systems. Unless you are the intended > > recipient or his/her representative you are not authorised to, and > > must not, read, copy, distribute, use or retain this message or any > > part of it. All messages are scanned by Mailscanner and are believed > > to be clean. Recipients are advised to apply their own virus checks > > > > to > > > > any message on delivery. No liability is accepted by BirchenallHowden > > Ltd for any losses caused by viruses contracted during transit over > > the internet or present in any receiving system. BirchenallHowden > > > > Ltd, > > > > 233 Edmund Road, Sheffield S2 4EL. > > ----- *BirchenallHowden* > > > > Jules > > > > -- > > Julian Field MEng CITP > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > MailScanner customisation, or any advanced system administration help? > > Contact me at Jules@Jules.FM > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > For all your IT requirements visit www.transtec.co.uk > > > > > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > For all your IT requirements visit www.transtec.co.uk > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > ----------------------------------------------------------- > The information in this e-mail and any attachments is confidential. It is intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, or person responsible for delivering this information to the intended recipient, please notify the sender or email postmaster@birchenallhowden.co.uk and delete it from your computer systems. Unless you are the intended recipient or his/her representative you are not authorised to, and must not, read, copy, distribute, use or retain this message or any part of it. All messages are scanned by Mailscanner and are believed to be clean. Recipients are advised to apply their own virus checks to any message on delivery. No liability is accepted by BirchenallHowden Ltd for any losses caused by viruses contracted during transit over the internet or present in any receiving system. BirchenallHowden Ltd, 233 Edmund Road, > Sheffield, S2 4EL > > > > > > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > For all you IT requirements visit transtec Computers > . > > > ----------------------------------------------------------- > The information in this e-mail and any attachments is confidential. It > is intended solely for the attention and use of the named > addressee(s). If you are not the intended recipient, or person > responsible for delivering this information to the intended recipient, > please notify the sender or email postmaster@birchenallhowden.co.uk > and delete it from your computer systems. Unless you are the intended > recipient or his/her representative you are not authorised to, and > must not, read, copy, distribute, use or retain this message or any > part of it. All messages are scanned by Mailscanner and are believed > to be clean. Recipients are advised to apply their own virus checks to > any message on delivery. No liability is accepted by BirchenallHowden > Ltd for any losses caused by viruses contracted during transit over > the internet or present in any receiving system. BirchenallHowden Ltd, > 233 Edmund Road, Sheffield S2 4EL. > ----- *BirchenallHowden* Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070601/1b326e2a/attachment-0001.html From MailScanner at ecs.soton.ac.uk Fri Jun 1 10:36:57 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 1 10:39:00 2007 Subject: Problem with blocked content emails In-Reply-To: <7149796D3C44874AA501840BD72E576CE01F1C@zaphod.vegagroup.net> References: <7149796D3C44874AA501840BD72E576CE01F1C@zaphod.vegagroup.net> Message-ID: <465FE8B9.2020106@ecs.soton.ac.uk> Looking for scripts in messages has nothing to do with spam.whitelist.rules, which is supplied as an example of a ruleset. You can apply a ruleset to any configuration option you like, and call the ruleset whatever you like. Look for the word "disarm" in MailScanner.conf and you will find the set of config options that are connected with HTML content scanning. Oliver Weinmann wrote: > Dear All, > > Some html messages are beeing blocked, message is: > > MailScanner: Found a script in HTML message > > I don't want to disable the scanning for scripts, so i added the sender > of this email to the spam.whitelist. This doesn't seem to work. > > Is there any other solution? > > Regards, > > Oli > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Fri Jun 1 10:55:48 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 1 10:58:06 2007 Subject: MailScanner ANNOUNCE: Release 4.60.8 Message-ID: <465FED24.8070005@ecs.soton.ac.uk> Hi folks! Time for another new release, as it seems to have been quite a busy month. The major new features this month are: - Support for milters in Postfix 2.3 and 2.4. - All the attachments in a message can be compressed into a single zip file, saving space on mail servers when people have attached large uncompressed files. Look in the MailScanner.conf file for the "Zip Attachments" setting and you will find 4 settings giving you control over this feature. - A lot of the installed Perl modules have been upgraded to their latest releases. Download as usual from www.mailscanner.info The full Change Log for this release is: * New Features and Improvements * 1 Improved Sophos.install script so that it sets up /etc/ld.so.conf ready for installation of Perl-SAVI module required for "sophossavi" virus scanner. 1 Custom Functions can now receive parameters not only to their Init and End functions, but also to their run-time calculation functions (i.e. the real custom function itself used when processing each message). The Custom Function is now passed not only the message, but also a ref to a list of parameters specified in the MailScanner.conf file. 1 Improvement to phishing net. 1 'clamavmodule' scanner no longer detects encrypted zips/rars as viruses, leaving MailScanner to do the check later in the dangerous content scanning. The consequence is that MailWatch will allow them to be released from quarantine. 2 Updated a whole load of Perl modules in the pre-requisites lists for both MailScanner and SpamAssassin. 2 Added a "--nomodules" command-line option to the MailScanner install.sh script to skip installing required Perl modules. 2-2 Fixed bugs introduced by 4.60.2 in generic installer. Only affects 'other Linux and non-Linux' installer. 2-4 Fixed more non-Linux installer problems. 4 Added more modules to the list output by "MailScanner --version". 4 Improved phishing net detection of HTML tags, courtesy of snifer_@hotmail.com. 4 Added patches to provide full "p record" support in Postfix 2.3 and 2.4, courtesy of Glenn Steen . 5 Added a new feature, to compress all the attachments in a message and replace them with a single zip file. Set "Zip Attachments = yes" (no by default), and set "Attachments Zip Filename = MessageAttachments.zip" 6 Added 2 new configuration options for the "Zip Attachments" feature: Attachments Min Total Size To Zip = 100k Attachment Extensions Not To Zip = .zip .rar .tgz .gz .mpg .mpeg .mp3 .rpm Hopefully these are fairly self-explanatory. * Fixes * 1 Phishing net now correctly handles HTML tags inside links. 1 Deprecated clamscan flag replaced with supported one to stop it printing the summary. 1 Added '-b' to nod32-1.99 command-line options in SweepViruses.pm to stop scanner producing licensing details. Thanks to UxBoD. 1 Removed test in RPM distribution's test for RedHat 6 as it will clash with RHEL 6 and Fedora. Anyone still running RedHat 6 has bigger problems! :-) 1 Worked round Perl bug in returning number of RBLs hit by a message. 1 Fixed problem causing some password-protected RAR archives to be missed. 3 Fixed bug introduced in earlier beta in RBL code. 6-2 Patch to Exim to handle named ACL variables as well as numbered ones. Courtesy of Maarten Vink. 7 Added v320.pre to mcp directory. 7 Postfix 2.3/2.4 patch fix. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From j.mcneil at alphabasesystems.co.uk Fri Jun 1 12:35:46 2007 From: j.mcneil at alphabasesystems.co.uk (James McNeil (Alpha Base Systems)) Date: Fri Jun 1 12:35:07 2007 Subject: Problem with mangled e-mails Message-ID: <46600492.5040301@alphabasesystems.co.uk> Hi, I apologise if this is the wrong place for this however I have exhausted the documentation and 'googling' for the problem I am seeing. I am running Mailscanner 4.58.9 on CentOS 4.5 with Sendmail 8.13.1 and am seeing e-mails being altered with an exclamation mark and line break(s) inserted most often in HTML e-mails causing links etc to break, two examples of this from the same e-mail are below. I was wondering if anyone else has experienced this and how they resolved it. I thought it might be to do with the phishing checks but disabled this to no avail.
T! he package entails 20:1 contention ratio at 1MB speed and 8 st! atic IP addresses /table>
To follow up on this service request, go to http://*****************************/admin/ViewRequest.php?case_ref=4246
-- with thanks and best regards, James From j.ede at birchenallhowden.co.uk Fri Jun 1 11:22:19 2007 From: j.ede at birchenallhowden.co.uk (Jason Ede) Date: Fri Jun 1 12:46:15 2007 Subject: SpamCheck report In-Reply-To: <465FE843.1040700@ecs.soton.ac.uk> References: <462304A8.6030103@ddihealth.com><46230EAC.5070600@ddihealth.com><46231A7E.4080003@netmagicsolutions.com><462498A6.2020507@ddihealth.com><03203FB5-AC29-4B0B-BFB3-F9802A419917@elec.ucl.ac.be><77F6B238A9BA7847840CFF3DFDC46E190BB0FE@server03.BHL2.local> <024CA64E-2F65-4219-9D66-EBCE566BB31F@elec.ucl.ac.be><77F6B238A9BA7847840CFF3DFDC46E1905204B@server03.BHL2.local> <465ABD96.1020706@ecs.soton.ac.uk><77F6B238A9BA7847840CFF3DFDC46E190BB1F3@server03.BHL2.local> <465EFC09.9010808@ecs.soton.ac.uk><77F6B238A9BA7847840CFF3DFDC46E190BB1FD@server03.BHL2.local> <465FE843.1040700@ecs.soton.ac.uk> Message-ID: <77F6B238A9BA7847840CFF3DFDC46E190BB20E@server03.BHL2.local> Julian, I've managed to get that part working. Its if I try to use the Custom-RuleSet from function as well... Maybe I'm not quite getting how that works. I'd like to use a custom function to determine whether to use the spamchecks or not. I'd then also like to use the scan-spam.rules whitelist as well, and its this part that is causing the problem... Jason From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 01 June 2007 10:35 To: MailScanner discussion Subject: Re: SpamCheck report It doesn't matter what you call your Custom Function, just call it whatever you put in the MailScanner.conf line, so Spam Checks = &MyCustFunc is just fine, your Custom Function is called MyCustFunc. You don't normally need any parameters to the Custom Function. The result of the Function is the value you want to supply to that configuration option, with one exception: Instead of returning no or yes, you should return 0 or 1. Other than that you return the value you want that config option to have. Just like a ruleset applies tests to the from+to addresses of the message to work out the value, a Custom Function runs a bit of your code to work out the value. Jason Ede wrote: Cheers, I can't seem to make this work... Suspect I'm not calling it right... Assuming I've renamed functions in the routine from VirusScanning to SpamChecks I call it via Spam Checks = &SpamChecks I get this in my logs... Jun 1 08:44:54 server02 MailScanner[19947]: Config: calling custom init function SpamChecks Jun 1 08:44:54 server02 MailScanner[19947]: Syntax error in line 1, value "" for spamchecks is not one of allowed values "yes","no" So I assumed that the command line had to have the ruleset name following it so I tried Spam Checks = &SpamChecks %rules-dir%/scan-spam.rules (tried both with and without "" enclosing rule) I then get... Jun 1 08:48:08 server02 MailScanner[20134]: Config: calling custom init function MailWatchLogging Jun 1 08:48:08 server02 MailScanner[20134]: Started SQL Logging child Jun 1 08:48:08 server02 MailScanner[20134]: User's home directory /var/spool/postfix is not writable Jun 1 08:48:08 server02 MailScanner[20134]: You need to set the "SpamAssassin User State Dir" to a directory that the "Run As User" can write to Jun 1 08:48:09 server02 MailScanner[20134]: Using SpamAssassin results cache Jun 1 08:48:09 server02 MailScanner[20134]: Connected to SpamAssassin cache database Jun 1 08:48:09 server02 MailScanner[20134]: Enabling SpamAssassin auto-whitelist functionality... And mailscanner restarts every few seconds... (SpamAssassin User State Dir is set and has been fine till now!) What am I missing? Jason From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 31 May 2007 17:47 To: MailScanner discussion Subject: Re: SpamCheck report Jason Ede wrote: X-BHL-MailScanner- Spamcheck: Authenticated X-BHL-MailScanner-Information: Please contact the ISP for more information X-BHL-MailScanner: Found to be clean X-BHL-MailScanner-SpamCheck: X-BHL-MailScanner-From: j.ede@birchenallhowden.co.uk X-Spam-Status: No Ok, I've found the custom ruleset from function file... I think I can see roughly what's going on, but I've a couple of questions... The $option is the external name of the config option... I can't seem to work out what this should be... (I'm using the custom function on the 'Spam Checks' config option, but that doesn't comply with what $option should be How do I then specify what ruleset is then used? The External name is the same as the MailScanner.conf name but with all in lowercase, with all spaces and punctuation removed, so in your case it's just "spamchecks". Jason -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 28 May 2007 12:32 To: MailScanner discussion Subject: Re: SpamCheck report Jason Ede wrote: Hmmm.... Simple, but neat :-) Can you use a custom function and a ruleset at the same time? Yes. Take a look in the example in the /usr/lib/MailScanner/MailScanner/CustomFunctions directory. i.e. using the authenticated header check along with an ordinary ruleset containing a list of whitelisted addresses? Jason --------------------------------------------------------------------- --- *From:* mailscanner-bounces@lists.mailscanner.info on behalf of Pascal Maes *Sent:* Sun 27/05/2007 19:26 *To:* MailScanner discussion *Subject:* Re: SpamCheck report Le 27 mai 07 ? 15:51, Jason Ede a ?crit : Hi, I don't suppose you'd be willing to share that custom function? We'd like to do the same, but the only way I can see to do that so far is to have postfix include the SASL login username in the header which I'm loathe to do if I can really avoid it. Jason Why not ? The first idea comes from the list so I could post it again. But first, thanks to Julian for his quick answer. ------8<------8<------8<------8<------8<------8<------8<------8<----- -8< ------8<------ package MailScanner::CustomConfig; use strict 'vars'; use strict 'refs'; no strict 'subs'; # Allow bare words for parameter %'s use vars qw($VERSION); ### The package version, both in 1.23 style *and* usable by MakeMaker: $VERSION = substr q$Revision: 2331 $, 10; sub InitCheckSMTPAuth { # Empty } sub EndCheckSMTPAuth { # Empty } sub CheckSMTPAuth { my ($message) = @_; return 1 unless $message; foreach (@{$message->{headers}}) { if (/PUT HERE THE STRING ABOUT THE AUTHENTICATION/) { MailScanner::Log::InfoLog("Message %s from (%s) is authenticated ($1)", $message->{id}, $message->{ fromuser}); $global::MS->{mta}->AddHeader($message, 'X-MailScanner- Spamcheck:', 'Authenticated'); return 0; } } return 1; } 1; ------8<------8<------8<------8<------8<------8<------8<------8<----- -8< ------8<------ -- Pascal -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ----------------------------------------------------------- The information in this e-mail and any attachments is confidential. It is intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, or person responsible for delivering this information to the intended recipient, please notify the sender or email postmaster@birchenallhowden.co.uk and delete it from your computer systems. Unless you are the intended recipient or his/her representative you are not authorised to, and must not, read, copy, distribute, use or retain this message or any part of it. All messages are scanned by Mailscanner and are believed to be clean. Recipients are advised to apply their own virus checks to any message on delivery. No liability is accepted by BirchenallHowden Ltd for any losses caused by viruses contracted during transit over the internet or present in any receiving system. BirchenallHowden Ltd, 233 Edmund Road, Sheffield S2 4EL. ----- *BirchenallHowden* Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ----------------------------------------------------------- The information in this e-mail and any attachments is confidential. It is intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, or person responsible for delivering this information to the intended recipient, please notify the sender or email postmaster@birchenallhowden.co.uk and delete it from your computer systems. Unless you are the intended recipient or his/her representative you are not authorised to, and must not, read, copy, distribute, use or retain this message or any part of it. All messages are scanned by Mailscanner and are believed to be clean. Recipients are advised to apply their own virus checks to any message on delivery. No liability is accepted by BirchenallHowden Ltd for any losses caused by viruses contracted during transit over the internet or present in any receiving system. BirchenallHowden Ltd, 233 Edmund Road, Sheffield, S2 4EL Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. For all you IT requirements visit transtec Computers . ----------------------------------------------------------- The information in this e-mail and any attachments is confidential. It is intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, or person responsible for delivering this information to the intended recipient, please notify the sender or email postmaster@birchenallhowden.co.uk and delete it from your computer systems. Unless you are the intended recipient or his/her representative you are not authorised to, and must not, read, copy, distribute, use or retain this message or any part of it. All messages are scanned by Mailscanner and are believed to be clean. Recipients are advised to apply their own virus checks to any message on delivery. No liability is accepted by BirchenallHowden Ltd for any losses caused by viruses contracted during transit over the internet or present in any receiving system. BirchenallHowden Ltd, 233 Edmund Road, Sheffield S2 4EL. ----- BirchenallHowden Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. For all you IT requirements visit transtec Computers . ----------------------------------------------------------- The information in this e-mail and any attachments is confidential. It is intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, or person responsible for delivering this information to the intended recipient, please notify the sender or email postmaster@birchenallhowden.co.uk and delete it from your computer systems. Unless you are the intended recipient or his/her representative you are not authorised to, and must not, read, copy, distribute, use or retain this message or any part of it. All messages are scanned by Mailscanner and are believed to be clean. Recipients are advised to apply their own virus checks to any message on delivery. No liability is accepted by BirchenallHowden Ltd for any losses caused by viruses contracted during transit over the internet or present in any receiving system. BirchenallHowden Ltd, 233 Edmund Road, Sheffield, S2 4EL -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070601/83db026e/attachment.html From brose at med.wayne.edu Fri Jun 1 13:41:12 2007 From: brose at med.wayne.edu (Rose, Bobby) Date: Fri Jun 1 13:41:22 2007 Subject: Symantec Ent AV Support In-Reply-To: <465FED24.8070005@ecs.soton.ac.uk> References: <465FED24.8070005@ecs.soton.ac.uk> Message-ID: <8F2A53954C22554EB75D9643FCCE0C6B026413BB@MED-CORE03-MS1.med.wayne.edu> Did this ever get worked out? I searched the list and found the question was asked before about a year ago but I don't see an option for it. -=Bobby From lhaig at haigmail.com Fri Jun 1 14:21:28 2007 From: lhaig at haigmail.com (Lance Haig) Date: Fri Jun 1 14:21:17 2007 Subject: OT: VMware In-Reply-To: References: <31e7748d0705310555y6b25c9d5u81d3141f09f1c680@mail.gmail.com> Message-ID: <46601D58.2080808@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I Use a VM created by http://www.global-domination.org/ESVA.php it is called ESVA It is running on Fc6 with postfix and is a very good system. I use the free VMware server software running 2MS boxes and 2 other boxes. regards Lance Jeff Mills wrote: > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Ugo Bellavance >> Sent: Friday, 1 June 2007 3:18 PM >> To: mailscanner@lists.mailscanner.info >> Subject: Re: OT: VMware >> >> Rodney Green wrote: >>> Hello, >>> >>> I've seen VMware mentioned in a recent thread. What are the >> benefits >>> of using such a solution for an e-mail server? >>> I'm downloading VMware Server; the "free" version. Is this what you >>> guys are using? Is it indeed free? >>> >>> I just never thought of using virtualization for an e-mail server. >>> It's an interesting idea and would like to hear from people already >>> doing it. >> I'm planning to test a MailScanner box in an OpenVZ virtual >> machine when I have time... >> > > I'm running a MailScanner box on VMWare - Gentoo Linux > Its been working flawlessly for the last few months. > We are using the enterprise version though, not the free version. > However, they are pretty similar. The enterprise version just as some > nice features such as automatic load balancing over physical hardware, > and automatically restarting a VM on another box if the physical > hardware dies etc. Also central management etc is a big help to us. > The enterprise version is also an O/S in itself. You do not need to > preload the hardware with an operating system before installing VMWare. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message was scanned by HaigMail and is believed to be clean. > Click here to report this message as spam. > http://mail03.redarmour.co.uk/cgi-bin/learn-msg.cgi?id=A1BD827F04.B38D6 > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGYB1XOw09RVRgt9wRAiv4AKDURVYJSd0OmqQHtlsZxvFXCxYl0QCdHbP7 n663A0nTlDvWNkNCNT8FBvs= =WJtF -----END PGP SIGNATURE----- From Richard.Frovarp at sendit.nodak.edu Fri Jun 1 15:07:13 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Fri Jun 1 15:07:17 2007 Subject: OT: VMware In-Reply-To: <31e7748d0705310555y6b25c9d5u81d3141f09f1c680@mail.gmail.com> References: <31e7748d0705310555y6b25c9d5u81d3141f09f1c680@mail.gmail.com> Message-ID: <46602811.7090506@sendit.nodak.edu> Rodney Green wrote: > Hello, > > I've seen VMware mentioned in a recent thread. What are the benefits > of using such a solution for an e-mail server? > I'm downloading VMware Server; the "free" version. Is this what you > guys are using? Is it indeed free? > > I just never thought of using virtualization for an e-mail server. > It's an interesting idea and would like to hear from > people already doing it. > > Thanks, > Rod We're running the free version. Was replacing hardware of a single 1 GHz P3 and 256 MB of RAM, with a dual socket, dual core 3.2 GHz, which seemed like overkill. So we dropped VMWare Server on it. One of the vm's is our internal mail MailScanner box. It was handling 30K messages a day no problem at all (school is out now so traffic has dropped). Our other MailScanner boxes where being overwhelmed, so we wanted to provide a fast lane for internal mail. It has worked perfectly for this purpose. From mark at farmorg.co.uk Fri Jun 1 16:14:46 2007 From: mark at farmorg.co.uk (Mark Farmer) Date: Fri Jun 1 16:15:06 2007 Subject: Too many false whitelist Message-ID: <466037E6.8010404@farmorg.co.uk> Hi all My first post here. Sorry if this been discussed before but i've been searching and not getting the answer I need. I have MailScanner installed & running. I'm monitoring things in Mailwatch and seeing a lot of spam being marked as whitelisted. I have compiled a fairly short whitelist of my own but non of the addresses in there match the ones getting through. Does Spamassassin have a whitelist of it's own? I have been looking for it with the idea of deleting it, but have not found it. I read in the Spamassassin man page about doing: spamassassin --remove-addr-from-whitelist= But that seems a very long winded way to remove addresses ie 1 by 1??? I've been scratching my head on this for weeks now, can anyone point me in the right direction please? Many thanks -- Mark Farmer RHCT Registered Linux User 353158 Running Gentoo, Centos & Fedora Linux From Q.G.Campbell at newcastle.ac.uk Fri Jun 1 16:26:37 2007 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Fri Jun 1 16:28:12 2007 Subject: MailScanner ANNOUNCE: Release 4.60.8 - build errors In-Reply-To: <465FED24.8070005@ecs.soton.ac.uk> References: <465FED24.8070005@ecs.soton.ac.uk> Message-ID: <4165CF7A7F12DE4B96622CCBB90586470A6EF323@largo.campus.ncl.ac.uk> Julian I have encountered build problems with 4.60.8-1. I scripted the './install.sh' command and did a 'grep -i error' on the output. It found the following lines some of which I cannot ignore: ---- cut here Do not worry too much about errors from the next command. Do not worry too much about errors from the next command. Do not worry too much about errors from the next command. Do not worry too much about errors from the next command. Do not worry too much about errors from the next command. Do not worry too much about errors from the next command. Do not worry too much about errors from the next command. Do not worry too much about errors from the next command. t/attach_errors.......ok Do not worry too much about errors from the next command. Do not worry too much about errors from the next command. Do not worry too much about errors from the next command. Do not worry too much about errors from the next command. t/tbt_06errormess.........ok make: *** [test_dynamic] Error 255 error: Bad exit status from /var/tmp/rpm-tmp.78245 (%build) RPM build errors: make: *** [test_dynamic] Error 255 error: Bad exit status from /var/tmp/rpm-tmp.17185 (%build) RPM build errors: make: *** [test_dynamic] Error 9 error: Bad exit status from /var/tmp/rpm-tmp.3246 (%build) RPM build errors: Execution of t/bigexp.t aborted due to compilation errors. Execution of t/option_l.t aborted due to compilation errors. make: *** [test_dynamic] Error 255 error: Bad exit status from /var/tmp/rpm-tmp.52814 (%build) RPM build errors: NOTE: If you get lots of errors here, run the install.sh script ---- cut here System is Red Hat Enterprise Linux AS release 4 (Nahant Update 4). gcc -v gives: [root@cheviot9 MailScanner-4.60.8-1]# gcc -v Reading specs from /usr/lib/gcc/i386-redhat-linux/3.4.6/specs Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --enable-shared --enable-threads=posix --disable-checking --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-java-awt=gtk --host=i386-redhat-linux Thread model: posix gcc version 3.4.6 20060404 (Red Hat 3.4.6-3) This platform has built a dozen or more earlier versions of MailScanner without problems. Quentin From steve.freegard at fsl.com Fri Jun 1 16:34:33 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Fri Jun 1 16:34:32 2007 Subject: Too many false whitelist In-Reply-To: <466037E6.8010404@farmorg.co.uk> References: <466037E6.8010404@farmorg.co.uk> Message-ID: <46603C89.3080401@fsl.com> Hi Mark, Mark Farmer wrote: > Hi all > > My first post here. Sorry if this been discussed before but i've been > searching and not getting the answer I need. > > I have MailScanner installed & running. I'm monitoring things in > Mailwatch and seeing a lot of spam being marked as whitelisted. > I have compiled a fairly short whitelist of my own but non of the > addresses in there match the ones getting through. > Does Spamassassin have a whitelist of it's own? I have been looking for > it with the idea of deleting it, but have not found it. MailWatch does indeed show anything whitelisted in SpamAssassin as being whitelisted overall. Look at the SpamAssassin Report and see if the USER_IN_WHITELIST or USER_IN_DEF_WHITELIST rules are firing; if they are - you are probably using the SARE_WHITELIST ruleset enabled via rules_du_jour or sa-update so you'll probably have to remove it from these utilities and delete the rulesets from /etc/mail/spamassassin, the names of the rulesets are 70_sare_whitelist_rcvd.cf and 70_sare_whitelist_spf.cf. Kind regards, Steve. -- Steve Freegard Development Director Fort Systems Ltd. From MailScanner at ecs.soton.ac.uk Fri Jun 1 16:37:53 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 1 16:39:15 2007 Subject: MailScanner ANNOUNCE: Release 4.60.8 - build errors In-Reply-To: <4165CF7A7F12DE4B96622CCBB90586470A6EF323@largo.campus.ncl.ac.uk> References: <465FED24.8070005@ecs.soton.ac.uk> <4165CF7A7F12DE4B96622CCBB90586470A6EF323@largo.campus.ncl.ac.uk> Message-ID: <46603D51.10108@ecs.soton.ac.uk> Without the context of the following Perl build errors, that's not much help. Quentin Campbell wrote: > make: *** [test_dynamic] Error 255 > error: Bad exit status from /var/tmp/rpm-tmp.78245 (%build) > RPM build errors: > make: *** [test_dynamic] Error 255 > error: Bad exit status from /var/tmp/rpm-tmp.17185 (%build) > RPM build errors: > make: *** [test_dynamic] Error 9 > error: Bad exit status from /var/tmp/rpm-tmp.3246 (%build) > RPM build errors: > Execution of t/bigexp.t aborted due to compilation errors. > Execution of t/option_l.t aborted due to compilation errors. > make: *** [test_dynamic] Error 255 > error: Bad exit status from /var/tmp/rpm-tmp.52814 (%build) > RPM build errors: > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From rcooper at dwford.com Fri Jun 1 17:02:34 2007 From: rcooper at dwford.com (Rick Cooper) Date: Fri Jun 1 17:02:40 2007 Subject: Clamd Support Patches Message-ID: <0a1001c7a466$44a6ccb0$0301a8c0@SAHOMELT> Julian, Got your "out of office" (duh, guess I should have realized eh?) message so I am forwarding to list. -----Original Message----- From: Rick Cooper [mailto:rcooper@dwford.com] Sent: Friday, June 01, 2007 11:16 AM To: Julian Field (MailScanner@ecs.soton.ac.uk) Subject: Clamd Support Patches Julian, I remembered to send off list this time. These are patched against the new stable release. I added the Multi-Threaded option and made the lock file optional as discussed on the list, and I remembered to add the use IO::Socket:: stuff this time. Of course the clamd-wrapper won't be required anymore. Thanks Rick Cooper -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: virus.scanners.conf.diff Type: application/octet-stream Size: 611 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070601/0eb5a585/virus.scanners.conf.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: ConfigDefs.pl.diff Type: application/octet-stream Size: 855 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070601/0eb5a585/ConfigDefs.pl.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: MailScanner.conf.diff Type: application/octet-stream Size: 1100 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070601/0eb5a585/MailScanner.conf.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: SweepViruses.pm.diff Type: application/octet-stream Size: 10569 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070601/0eb5a585/SweepViruses.pm.obj From ssilva at sgvwater.com Fri Jun 1 16:56:18 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 1 17:04:54 2007 Subject: New Clamav 0.90.3 In-Reply-To: <77F6B238A9BA7847840CFF3DFDC46E190BB205@server03.BHL2.local> References: <465F08B1.2060009@ecs.soton.ac.uk> <465F1AF8.7010709@nkpanama.com> <465F3E88.4060502@fractalweb.com> <465FD61D.2060007@ecs.soton.ac.uk> <77F6B238A9BA7847840CFF3DFDC46E190BB205@server03.BHL2.local> Message-ID: Jason Ede spake the following on 6/1/2007 1:48 AM: >> Chris Yuzik wrote: >>> Scott Silva wrote: >>>> Alex Neuman spake the following on 5/31/2007 11:59 AM: >>>> >>>>> You could almost say his response time *improved*! :-) >>>> Because he hasn't had to run the "work" process. But that probably >>>> won't last >>>> too much longer. >>>> >>> Ok, that's funny. I was just reading an aricle detailing the >>> inner-workings of load averages. >>> >>> So Julian, what is your load average these days? ;-) >> I try to keep it below about 0.4 whenever possible. But my folks are >> coming to see me today, so it'll a bit higher :-) >> It's not going up to 1 until I have to run the "work" process, which >> won't happen for another month yet. That tends to consume all available >> resources, and result in a load avg of 2 or 3 for long periods of time. >> The only saviour at that point is the "lunch" command which consumes a >> lot of resources but does nothing. Surprisingly useful at times... > > But I bet that?s not as useful as the beer command, which I've been reliably informed works very well with the lunch command, although really need to specify the long format as the short format doesn't seem to work properly... > I don't think Julian runs the beer process, but there are many other processes that are similar and have the same output.. But I think he is running in restricted mode right now until the doctor daemon is finished running. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Fri Jun 1 16:57:51 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 1 17:08:20 2007 Subject: How to store and delete a message In-Reply-To: <1324498411.20070531220327@SYO.Com> References: <451805095.20070531135138@SYO.Com> <1566947004.20070531150553@SYO.Com> <1324498411.20070531220327@SYO.Com> Message-ID: Jason Gottschalk spake the following on 5/31/2007 7:03 PM: > Hello Scott, > > Just one account, actually. > > I figured it out. > > I have to use two rules. The first issue was that I didn't realize > there was a "non spam" item in the mailscanner.conf file until Julian > pressed the issue. I found that the "non spam" was set to "store > deliver" rather than a ruleset. > > So I changed it to a ruleset and then placed my rule in there to > delete the message. > > So here is what I have now, which, btw, is precisely what I was looking > for. > > > nonspam.action.rules: > From:Him@HisDomain.com delete > FromOrTo: Default Store Deliver > > Archive.Rules: > FromOrTo: Him@HisDomain.Com /sites/hisdomain/mail/approve/mbox > FromOrTo: Default > > > So now I get what I want, his e-mail is stored for administrative > approval before it is released. (There is a script that puts the > message in /var/spool/mqueue after it is approved.) > Sounds like someone got in trouble. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Fri Jun 1 17:03:44 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 1 17:12:33 2007 Subject: Symantec Ent AV Support In-Reply-To: <8F2A53954C22554EB75D9643FCCE0C6B026413BB@MED-CORE03-MS1.med.wayne.edu> References: <465FED24.8070005@ecs.soton.ac.uk> <8F2A53954C22554EB75D9643FCCE0C6B026413BB@MED-CORE03-MS1.med.wayne.edu> Message-ID: Rose, Bobby spake the following on 6/1/2007 5:41 AM: > > Did this ever get worked out? I searched the list and found the > question was asked before about a year ago but I don't see an option for > it. > > -=Bobby > Julian usually will add these if you send him a licensed copy to work with. The speed at which it is done depends on the demand, or the amount of the contribution. ;-) It would be up to him and how much available time he has. I think he needs a licensed copy as opposed to a demo because he would have to support it for the long term and not just a one-off shot. If the virus scanner isn't popular enough, or doesn't have a proper command-line component, it might not be able to be done. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Fri Jun 1 17:13:27 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 1 17:15:07 2007 Subject: Clamd Support Patches In-Reply-To: <0a1001c7a466$44a6ccb0$0301a8c0@SAHOMELT> References: <0a1001c7a466$44a6ccb0$0301a8c0@SAHOMELT> Message-ID: <466045A7.3020008@ecs.soton.ac.uk> I still get the mail, it just gives me to right to not bother to answer it if I don't want to :-) Rick Cooper wrote: > Julian, > > Got your "out of office" (duh, guess I should have realized eh?) message so > I am forwarding to list. > > -----Original Message----- > From: Rick Cooper [mailto:rcooper@dwford.com] > Sent: Friday, June 01, 2007 11:16 AM > To: Julian Field (MailScanner@ecs.soton.ac.uk) > Subject: Clamd Support Patches > > Julian, > > I remembered to send off list this time. > > These are patched against the new stable release. I added the Multi-Threaded > option and made the lock file optional as discussed on the list, and I > remembered to add the use IO::Socket:: stuff this time. Of course the > clamd-wrapper won't be required anymore. > > Thanks > > > > Rick Cooper > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Fri Jun 1 16:58:47 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 1 17:15:23 2007 Subject: Default Virus Actions In-Reply-To: <465F6463.6080509@nkpanama.com> References: <2579c6b20705311308o37a4ca14u97197e50049083cd@mail.gmail.com> <465F2C72.5080407@nkpanama.com> <465F4B76.4020909@pixelhammer.com> <465F6463.6080509@nkpanama.com> Message-ID: Alex Neuman van der Hans spake the following on 5/31/2007 5:12 PM: > DAve wrote: >> Alex Neuman van der Hans wrote: >>> One thing I've noticed about this list is that people will not flame >>> you as easily as other lists/chatrooms/forums. It's been years since >>> I've seen an unwarranted flame - and even some who may have deserved >>> getting flamed got a decent "please rephrase your question" or "try >>> to explain what you mean by so and so" instead of getting "kicked in >>> the groin". :-) >>> >> >> Yea, I've been on THAT list ;^) >> >> DAve >> > And I'm sure you've also visited their IRC channel and their forum... :-) Hey! I think I'm on that list, too! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From Jason at SYO.Com Fri Jun 1 17:46:36 2007 From: Jason at SYO.Com (Jason Gottschalk) Date: Fri Jun 1 17:46:38 2007 Subject: How to store and delete a message In-Reply-To: <223f97700706010038q7aeb899dr3edb066e4e697ba2@mail.gmail.com> References: <451805095.20070531135138@SYO.Com> <1566947004.20070531150553@SYO.Com> <1324498411.20070531220327@SYO.Com> <223f97700706010038q7aeb899dr3edb066e4e697ba2@mail.gmail.com> Message-ID: <1697304033.20070601124636@SYO.Com> Hello Glenn, Friday, June 1, 2007, 3:38:24 AM, you wrote: Glenn> On 01/06/07, Jason Gottschalk wrote: >> Hello Scott, >> >> Just one account, actually. >> >> I figured it out. >> >> I have to use two rules. The first issue was that I didn't realize >> there was a "non spam" item in the mailscanner.conf file until Julian >> pressed the issue. I found that the "non spam" was set to "store >> deliver" rather than a ruleset. >> >> So I changed it to a ruleset and then placed my rule in there to >> delete the message. >> >> So here is what I have now, which, btw, is precisely what I was looking >> for. >> >> >> nonspam.action.rules: >> From:Him@HisDomain.com delete >> FromOrTo: Default Store Deliver >> >> Archive.Rules: >> FromOrTo: Him@HisDomain.Com /sites/hisdomain/mail/approve/mbox >> FromOrTo: Default >> >> >> So now I get what I want, his e-mail is stored for administrative >> approval before it is released. (There is a script that puts the >> message in /var/spool/mqueue after it is approved.) >> Glenn> Just one thing... Archive Mail archives _everything_,spam and viruses as well. Glenn> Since you store every message, you could have worked with the Glenn> quarantine (the nonspam subdirectory) instead... And if you use Glenn> MailWatch, you would have a nice tool to view the mails under review Glenn> too:-). Can you explain this more? It sounds brilliant, but I don't follow you. I started storing every message because bayes_99 suddenly started marking 20% of the ham as spam, I need a way to find and release my customers e-mail after it had been marked as spam. Are you saying if I turned that off, the only messages showing up in quarantine would be Him@Hiusdomain.cmo and those with a virus? -- Best regards, Jason Gottschalk mailto:Jason@SYO.Com SYO Computer Engineering Services, Inc. 586-286-2557 From ssilva at sgvwater.com Fri Jun 1 18:17:06 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 1 18:17:42 2007 Subject: How to store and delete a message In-Reply-To: <1697304033.20070601124636@SYO.Com> References: <451805095.20070531135138@SYO.Com> <1566947004.20070531150553@SYO.Com> <1324498411.20070531220327@SYO.Com> <223f97700706010038q7aeb899dr3edb066e4e697ba2@mail.gmail.com> <1697304033.20070601124636@SYO.Com> Message-ID: Jason Gottschalk spake the following on 6/1/2007 9:46 AM: > Hello Glenn, > Friday, June 1, 2007, 3:38:24 AM, you wrote: > Glenn> On 01/06/07, Jason Gottschalk wrote: >>> Hello Scott, >>> >>> Just one account, actually. >>> >>> I figured it out. >>> >>> I have to use two rules. The first issue was that I didn't realize >>> there was a "non spam" item in the mailscanner.conf file until Julian >>> pressed the issue. I found that the "non spam" was set to "store >>> deliver" rather than a ruleset. >>> >>> So I changed it to a ruleset and then placed my rule in there to >>> delete the message. >>> >>> So here is what I have now, which, btw, is precisely what I was looking >>> for. >>> >>> >>> nonspam.action.rules: >>> From:Him@HisDomain.com delete >>> FromOrTo: Default Store Deliver >>> >>> Archive.Rules: >>> FromOrTo: Him@HisDomain.Com /sites/hisdomain/mail/approve/mbox >>> FromOrTo: Default >>> >>> >>> So now I get what I want, his e-mail is stored for administrative >>> approval before it is released. (There is a script that puts the >>> message in /var/spool/mqueue after it is approved.) >>> > Glenn> Just one thing... Archive Mail archives _everything_,spam and viruses as well. > Glenn> Since you store every message, you could have worked with the > Glenn> quarantine (the nonspam subdirectory) instead... And if you use > Glenn> MailWatch, you would have a nice tool to view the mails under review > Glenn> too:-). > > Can you explain this more? It sounds brilliant, but I don't follow > you. > > I started storing every message because bayes_99 suddenly started > marking 20% of the ham as spam, I need a way to find and release my > customers e-mail after it had been marked as spam. > > Are you saying if I turned that off, the only messages showing up in > quarantine would be Him@Hiusdomain.cmo and those with a virus? > > > On my systems, I have a store directive in every spam/non-spam action. With mailwatch I can view / release / re-learn everything I keep there. You can also set it to only keep X number of days in the quarantine. So I have room to keep 30 days worth of messages. If they haven't come looking for it by then, off to the bit bucket it goes. Archive mail is more for the permanent archival of messages. Maybe by a legal requirement, or for whatever other reason. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Fri Jun 1 18:18:32 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 1 18:20:08 2007 Subject: Clamd Support Patches In-Reply-To: <466045A7.3020008@ecs.soton.ac.uk> References: <0a1001c7a466$44a6ccb0$0301a8c0@SAHOMELT> <466045A7.3020008@ecs.soton.ac.uk> Message-ID: Julian Field spake the following on 6/1/2007 9:13 AM: > I still get the mail, it just gives me to right to not bother to answer > it if I don't want to :-) And also give the sender someone ELSE to bother instead! ;-) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From glenn.steen at gmail.com Fri Jun 1 19:00:49 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 1 19:00:53 2007 Subject: How to store and delete a message In-Reply-To: References: <451805095.20070531135138@SYO.Com> <1566947004.20070531150553@SYO.Com> <1324498411.20070531220327@SYO.Com> <223f97700706010038q7aeb899dr3edb066e4e697ba2@mail.gmail.com> <1697304033.20070601124636@SYO.Com> Message-ID: <223f97700706011100u1d5d7df2we621ed7aee2cf36e@mail.gmail.com> On 01/06/07, Scott Silva wrote: > Jason Gottschalk spake the following on 6/1/2007 9:46 AM: > > Hello Glenn, > > Friday, June 1, 2007, 3:38:24 AM, you wrote: > > Glenn> On 01/06/07, Jason Gottschalk wrote: > >>> Hello Scott, > >>> > >>> Just one account, actually. > >>> > >>> I figured it out. > >>> > >>> I have to use two rules. The first issue was that I didn't realize > >>> there was a "non spam" item in the mailscanner.conf file until Julian > >>> pressed the issue. I found that the "non spam" was set to "store > >>> deliver" rather than a ruleset. > >>> > >>> So I changed it to a ruleset and then placed my rule in there to > >>> delete the message. > >>> > >>> So here is what I have now, which, btw, is precisely what I was looking > >>> for. > >>> > >>> > >>> nonspam.action.rules: > >>> From:Him@HisDomain.com delete > >>> FromOrTo: Default Store Deliver > >>> > >>> Archive.Rules: > >>> FromOrTo: Him@HisDomain.Com /sites/hisdomain/mail/approve/mbox > >>> FromOrTo: Default > >>> > >>> > >>> So now I get what I want, his e-mail is stored for administrative > >>> approval before it is released. (There is a script that puts the > >>> message in /var/spool/mqueue after it is approved.) > >>> > > Glenn> Just one thing... Archive Mail archives _everything_,spam and viruses as well. > > Glenn> Since you store every message, you could have worked with the > > Glenn> quarantine (the nonspam subdirectory) instead... And if you use > > Glenn> MailWatch, you would have a nice tool to view the mails under review > > Glenn> too:-). > > > > Can you explain this more? It sounds brilliant, but I don't follow > > you. > > > > I started storing every message because bayes_99 suddenly started > > marking 20% of the ham as spam, I need a way to find and release my > > customers e-mail after it had been marked as spam. > > > > Are you saying if I turned that off, the only messages showing up in > > quarantine would be Him@Hiusdomain.cmo and those with a virus? > > > > > > > On my systems, I have a store directive in every spam/non-spam action. With > mailwatch I can view / release / re-learn everything I keep there. You can > also set it to only keep X number of days in the quarantine. So I have room to > keep 30 days worth of messages. If they haven't come looking for it by then, > off to the bit bucket it goes. > Archive mail is more for the permanent archival of messages. Maybe by a legal > requirement, or for whatever other reason. > Thanks for the explanation Scotty, couldn't have said it better myself... Now, off to the engine room with you... There's something up with the dilithium ions in the warpdrive...:-) Jason, have a look at http://mailwatch.sf.net ... a very nice tool...;) Cheers (literally.... Not only the usual friday beer, but Jules allotment of red too:-):-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at nkpanama.com Fri Jun 1 19:09:54 2007 From: alex at nkpanama.com (Alex Neuman) Date: Fri Jun 1 19:13:02 2007 Subject: Default Virus Actions In-Reply-To: References: <2579c6b20705311308o37a4ca14u97197e50049083cd@mail.gmail.com> <465F2C72.5080407@nkpanama.com> <465F4B76.4020909@pixelhammer.com> <465F6463.6080509@nkpanama.com> Message-ID: <466060F2.2090205@nkpanama.com> Enough about postfix already! It makes MailScanner cause swapping! ;-) Scott Silva wrote: > Alex Neuman van der Hans spake the following on 5/31/2007 5:12 PM: > >> DAve wrote: >> >>> Alex Neuman van der Hans wrote: >>> >>>> One thing I've noticed about this list is that people will not flame >>>> you as easily as other lists/chatrooms/forums. It's been years since >>>> I've seen an unwarranted flame - and even some who may have deserved >>>> getting flamed got a decent "please rephrase your question" or "try >>>> to explain what you mean by so and so" instead of getting "kicked in >>>> the groin". :-) >>>> >>>> >>> Yea, I've been on THAT list ;^) >>> >>> DAve >>> >>> >> And I'm sure you've also visited their IRC channel and their forum... :-) >> > Hey! I think I'm on that list, too! > > > From Denis.Beauchemin at USherbrooke.ca Fri Jun 1 19:37:25 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Jun 1 19:37:38 2007 Subject: FuzzyOcr 3.5.1 not seeing my images In-Reply-To: <4626789B.9070007@USherbrooke.ca> References: <4626100B.8030801@USherbrooke.ca> <1176901125.16165.14.camel@gblades-suse.linguaphone-intranet.co.uk> <4626789B.9070007@USherbrooke.ca> Message-ID: <46606765.7090206@USherbrooke.ca> Denis Beauchemin a ?crit : > Gareth a ?crit : >> On Wed, 2007-04-18 at 13:33, Denis Beauchemin wrote: >> >> >>> Gareth, >>> >>> I looked at the code and added some calls to infolog() which >>> resulted in $pdatalen being 0. >>> Looks like the call to decode() is either broken or the email it is >>> working with is incomplete... >>> >>> Denis >>> >> >> I would run up perl CPAN and perform an update just to make sure you >> have the latest copy of all the modules installed. >> >> >> > Gareth, > > It didn't solve my problem... > > Digging some more, I found something interesting: I stopped MS but not > sendmail, then sent one email with a spammy picture. In mqueue.in I > ran "spamassassin -D < d*" and got this error message: > [7149] dbg: FuzzyOcr: Skipping OCR, no image files found... > > I then copied both q* and d* (cat q* d* >new.email) into a new file > and experimented with the whole email. Turns out I have to remove all > (?) sendmail control lines and "H*" control characters before FuzzyOcr > sees the picture... > > I just don't know in which format the email is presented to SA by > MS... I will keep digging... > > Denis > I just upgraded to SA 3.2.0 (thanks Julian) and it solved my problem! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070601/862d97a7/smime.bin From mcrider at hoecoop.org Fri Jun 1 20:36:09 2007 From: mcrider at hoecoop.org (Michael Crider) Date: Fri Jun 1 20:36:13 2007 Subject: Attachments messed up going to Exchange SOLVED In-Reply-To: <465EA3A0.4010108@xplanation.com> References: <465DA421.5080104@hoecoop.org> <465DA8D3.6010506@nkpanama.com> <465EA3A0.4010108@xplanation.com> Message-ID: <46607529.3030907@hoecoop.org> Thank you, Paul. That was the problem exactly. The filename she was sending was 69 characters. I shortened it to 21 characters and it went through just fine. I printed the article for my file of future reference material. Michael Paul Bijnens wrote: > On 2007-05-30 19:02, Scott Silva wrote: > > >> Sender is using Thunderbird, receiver is using Outbroke (outlook), so Rich >> text is not the issue. >> >> > > If the LookOut receiver sees the filenames of the attachment only > as ".dat" files, instead of the original name, then you problaby run > into: > > http://kb.mozillazine.org/Attachments_renamed > > The explanation there is about thunderbird 1.5. > I'm using thunderbird 2.0 and the default setting for that parameter > is "3", which seems to solve the problem for Outlook and Thunderbird > receipients at the same time, by adding mimeheaders so that both are > picking up the right name. > > If you're too lazy to read/understand the article, > then do in thunderbird: > > Preferences -> Advanced -> Config Editor... > > find parameter "mail.strictly_mime.parm_folding" > and set the value to "0" instead of "2". > If the value is "3", you're already using Thunderbird 2.0, > which does not generate the problem the LookOut lusers. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Fri Jun 1 19:27:42 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 1 20:36:53 2007 Subject: Default Virus Actions In-Reply-To: <466060F2.2090205@nkpanama.com> References: <2579c6b20705311308o37a4ca14u97197e50049083cd@mail.gmail.com> <465F2C72.5080407@nkpanama.com> <465F4B76.4020909@pixelhammer.com> <465F6463.6080509@nkpanama.com> <466060F2.2090205@nkpanama.com> Message-ID: Alex Neuman spake the following on 6/1/2007 11:09 AM: > Enough about postfix already! It makes MailScanner cause swapping! ;-) > They just have MailScanner envy!! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mogens at fumlersoft.dk Fri Jun 1 20:42:31 2007 From: mogens at fumlersoft.dk (Mogens Melander) Date: Fri Jun 1 20:42:10 2007 Subject: New Clamav 0.90.3 In-Reply-To: <77F6B238A9BA7847840CFF3DFDC46E190BB205@server03.BHL2.local> References: <465F08B1.2060009@ecs.soton.ac.uk> <465F1AF8.7010709@nkpanama.com> <465F3E88.4060502@fractalweb.com> <465FD61D.2060007@ecs.soton.ac.uk> <77F6B238A9BA7847840CFF3DFDC46E190BB205@server03.BHL2.local> Message-ID: <53321.222.123.0.244.1180726951.squirrel@mail.parkhotel.dk> On Fri, June 1, 2007 10:48, Jason Ede wrote: >> Chris Yuzik wrote: >> > Scott Silva wrote: >> >> Alex Neuman spake the following on 5/31/2007 11:59 AM: >> >> >> >>> You could almost say his response time *improved*! :-) >> >> Because he hasn't had to run the "work" process. But that probably >> >> won't last >> >> too much longer. >> >> >> > Ok, that's funny. I was just reading an aricle detailing the >> > inner-workings of load averages. >> > >> > So Julian, what is your load average these days? ;-) >> I try to keep it below about 0.4 whenever possible. But my folks are >> coming to see me today, so it'll a bit higher :-) >> It's not going up to 1 until I have to run the "work" process, which >> won't happen for another month yet. That tends to consume all available >> resources, and result in a load avg of 2 or 3 for long periods of time. >> The only saviour at that point is the "lunch" command which consumes a >> lot of resources but does nothing. Surprisingly useful at times... > > But I bet that?s not as useful as the beer command, which I've been > reliably informed works very well with the lunch command, although really > need to specify the long format as the short format doesn't seem to work > properly... You should know by now. The options to the lunch command can be a fixed value, a ruleset or an custom function. I personally prefere the costum function, so i can change the value of the beer option, depending of the day of the week. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. From ssilva at sgvwater.com Fri Jun 1 19:26:26 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 1 20:42:45 2007 Subject: How to store and delete a message In-Reply-To: <223f97700706011100u1d5d7df2we621ed7aee2cf36e@mail.gmail.com> References: <451805095.20070531135138@SYO.Com> <1566947004.20070531150553@SYO.Com> <1324498411.20070531220327@SYO.Com> <223f97700706010038q7aeb899dr3edb066e4e697ba2@mail.gmail.com> <1697304033.20070601124636@SYO.Com> <223f97700706011100u1d5d7df2we621ed7aee2cf36e@mail.gmail.com> Message-ID: Glenn Steen spake the following on 6/1/2007 11:00 AM: > On 01/06/07, Scott Silva wrote: >> Jason Gottschalk spake the following on 6/1/2007 9:46 AM: >> > Hello Glenn, >> > Friday, June 1, 2007, 3:38:24 AM, you wrote: >> > Glenn> On 01/06/07, Jason Gottschalk wrote: >> >>> Hello Scott, >> >>> >> >>> Just one account, actually. >> >>> >> >>> I figured it out. >> >>> >> >>> I have to use two rules. The first issue was that I didn't realize >> >>> there was a "non spam" item in the mailscanner.conf file until Julian >> >>> pressed the issue. I found that the "non spam" was set to "store >> >>> deliver" rather than a ruleset. >> >>> >> >>> So I changed it to a ruleset and then placed my rule in there to >> >>> delete the message. >> >>> >> >>> So here is what I have now, which, btw, is precisely what I was >> looking >> >>> for. >> >>> >> >>> >> >>> nonspam.action.rules: >> >>> From:Him@HisDomain.com delete >> >>> FromOrTo: Default Store Deliver >> >>> >> >>> Archive.Rules: >> >>> FromOrTo: Him@HisDomain.Com /sites/hisdomain/mail/approve/mbox >> >>> FromOrTo: Default >> >>> >> >>> >> >>> So now I get what I want, his e-mail is stored for administrative >> >>> approval before it is released. (There is a script that puts the >> >>> message in /var/spool/mqueue after it is approved.) >> >>> >> > Glenn> Just one thing... Archive Mail archives _everything_,spam and >> viruses as well. >> > Glenn> Since you store every message, you could have worked with the >> > Glenn> quarantine (the nonspam subdirectory) instead... And if you use >> > Glenn> MailWatch, you would have a nice tool to view the mails under >> review >> > Glenn> too:-). >> > >> > Can you explain this more? It sounds brilliant, but I don't follow >> > you. >> > >> > I started storing every message because bayes_99 suddenly started >> > marking 20% of the ham as spam, I need a way to find and release my >> > customers e-mail after it had been marked as spam. >> > >> > Are you saying if I turned that off, the only messages showing up in >> > quarantine would be Him@Hiusdomain.cmo and those with a virus? >> > >> > >> > >> On my systems, I have a store directive in every spam/non-spam action. >> With >> mailwatch I can view / release / re-learn everything I keep there. You >> can >> also set it to only keep X number of days in the quarantine. So I have >> room to >> keep 30 days worth of messages. If they haven't come looking for it by >> then, >> off to the bit bucket it goes. >> Archive mail is more for the permanent archival of messages. Maybe by >> a legal >> requirement, or for whatever other reason. >> > Thanks for the explanation Scotty, couldn't have said it better > myself... Now, off to the engine room with you... There's something up > with the dilithium ions in the warpdrive...:-) > > Jason, have a look at http://mailwatch.sf.net ... a very nice tool...;) > > Cheers (literally.... Not only the usual friday beer, but Jules > allotment of red too:-):-) Aye Captain! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From hvdkooij at vanderkooij.org Fri Jun 1 20:57:04 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Jun 1 20:57:47 2007 Subject: New Clamav 0.90.3 In-Reply-To: <465FD61D.2060007@ecs.soton.ac.uk> References: <465F08B1.2060009@ecs.soton.ac.uk> <465F1AF8.7010709@nkpanama.com> <465F3E88.4060502@fractalweb.com> <465FD61D.2060007@ecs.soton.ac.uk> Message-ID: On Fri, 1 Jun 2007, Julian Field wrote: > I try to keep it below about 0.4 whenever possible. But my folks are coming > to see me today, so it'll a bit higher :-) tidy --visible-only works great with the dad process. The mom process is not fooled that easily. But then again the mom process has a unique non-liniear approch to the nice settings if you call it with the --with-compassion settings. (And then it seems this is often the default setting.) Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From mark at farmorg.co.uk Fri Jun 1 22:00:28 2007 From: mark at farmorg.co.uk (Mark Farmer) Date: Fri Jun 1 22:00:42 2007 Subject: Too many false whitelist In-Reply-To: <46603C89.3080401@fsl.com> References: <466037E6.8010404@farmorg.co.uk> <46603C89.3080401@fsl.com> Message-ID: <466088EC.4000503@farmorg.co.uk> Steve Freegard wrote: > Hi Mark, > MailWatch does indeed show anything whitelisted in SpamAssassin as being > whitelisted overall. > > Look at the SpamAssassin Report and see if the USER_IN_WHITELIST or > USER_IN_DEF_WHITELIST rules are firing; if they are - you are probably > using the SARE_WHITELIST ruleset enabled via rules_du_jour or sa-update > so you'll probably have to remove it from these utilities and delete the > rulesets from /etc/mail/spamassassin, the names of the rulesets are > 70_sare_whitelist_rcvd.cf and 70_sare_whitelist_spf.cf. Thanks Steve for the quick response. I am not sure where to find the Spamassassin report you mentioned, but looking at the Spamassassin section of the Mailwatch detail there is no mention of those rules there. Also, I searched all of the files in /etc/mail/spamassassin & /usr/share/spamassassin for the sending domain name and found no such entry. Am I missing something here? -- Mark Farmer RHCT Registered Linux User 353158 Running Gentoo, Centos & Fedora Linux mark at farmorg dot co dot uk www.farmorg.co.uk From simon.pollitt at maptek.com.au Sat Jun 2 04:35:32 2007 From: simon.pollitt at maptek.com.au (Simon Pollitt) Date: Sat Jun 2 04:40:10 2007 Subject: Releasing from quarantine - postfix Message-ID: <20070602130532.x9s634h2osksg4oo@mail.maptek.com.au> (Tried to send this last week but it didn't get through?) I have a newly installed single instance (HOLD method) postfix + Mailscanner install, slightly complicated by running "inside" Bynari Insight. All is going well as far as scanning, blocking and mailing - until I've tried to release a message from quarantine. I've followed the instructions at: http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:release_quarantined_mail with the directory modifications for Insight: ***** #!/bin/sh if [ -z "$1" ]; then echo "Syntax: $0 i.e. 5B604228086.932F0 (case sensitive)" exit fi #change in the quarantine folder folder=`find /var/spool/MailScanner/quarantine/ -name $1 ` cd $folder #set the mailfile executable mailname=`echo $1 | cut -d . -f1` chmod u+x $mailname #lets get the first character char=`echo $1 | cut -b 1-1` #copy the mail cp -a $mailname /opt/insight/var/spool/postfix/incoming/ echo Mail $mailname released ***** The problem is that, while this script runs just fine and pushes the message into the "incoming" directory, it then goes through the Mailscanner scanning process again - which it of course fails... My postfix config uses: MTA = postfix Incoming Queue Dir = /opt/insight/var/spool/postfix/hold Outgoing Queue Dir = /opt/insight/var/spool/postfix/incoming and header_checks contains: /^Received:/ HOLD I believe that all of the settings are correct because viruses and especially spam are being detected like crazy. I am occasionally getting duplicate messages delivered and also (even more occasionally) getting messages without bodies being delivered - this does make me suspicious that something is not configured cleanly here. Any suggestions as to where I might look to re-spool messages from quarantine and also how concerned about the duplicates I should be? I would be most thankful for any assistance, Simon From mailscanner at lists.mailscanner.info Sat Jun 2 04:42:23 2007 From: mailscanner at lists.mailscanner.info (Allie@viagra.com) Date: Sat Jun 2 04:42:26 2007 Subject: Lovers package at discount price! Message-ID: <20070602094225.2466.qmail@duron> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070602/de24c31c/attachment.html From hvdkooij at vanderkooij.org Sat Jun 2 08:26:58 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Jun 2 08:27:37 2007 Subject: Lovers package at discount price! (fwd) Message-ID: Was whitelisting the mailinglist not the right thing? ---------- Forwarded message ---------- Subject: Lovers package at discount price! X-BeenThere: mailscanner@lists.mailscanner.info .... X-Mailman-Version: 2.1.5 X-vanderkooij.org-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (not cached, score=9.462, required 4, BAYES_80 3.00, HTML_MESSAGE 0.00, RCVD_IN_BL_SPAMCOP_NET 1.96, URIBL_BLACK 3.00, URIBL_JP_SURBL 1.50) X-vanderkooij.org-MailScanner-From: mailscanner-bounces@lists.mailscanner.info X-vanderkooij.org-MailScanner-To: hvdkooij@vanderkooij.org X-Spam-Status: No From res at ausics.net Sat Jun 2 08:48:42 2007 From: res at ausics.net (Res) Date: Sat Jun 2 08:48:53 2007 Subject: Lovers package at discount price! (fwd) In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 2 Jun 2007, Hugo van der Kooij wrote: > Was whitelisting the mailinglist not the right thing? I think its amazing our own mailing list doesn't use MailScanner to protect it :P - -- Cheers Res -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGYSDcsWhAmSIQh7MRAojJAJ9nd1ruiQCQQSM6PHQ8E57iscIhogCeO2aY iEB/6jh6s+5tSP9ARKGu1JI= =14db -----END PGP SIGNATURE----- From ms-list at alexb.ch Sat Jun 2 09:03:55 2007 From: ms-list at alexb.ch (Alex Broens) Date: Sat Jun 2 09:04:00 2007 Subject: Lovers package at discount price! (fwd) In-Reply-To: References: Message-ID: <4661246B.5090800@alexb.ch> use SA: whitelist_to mailscanner@lists.mailscanner.info On 6/2/2007 9:26 AM, Hugo van der Kooij wrote: > > Was whitelisting the mailinglist not the right thing? > > ---------- Forwarded message ---------- > Subject: Lovers package at discount price! > X-BeenThere: mailscanner@lists.mailscanner.info > .... > X-Mailman-Version: 2.1.5 > X-vanderkooij.org-MailScanner-SpamCheck: not spam (whitelisted), > SpamAssassin (not cached, score=9.462, required 4, BAYES_80 3.00, > HTML_MESSAGE 0.00, RCVD_IN_BL_SPAMCOP_NET 1.96, URIBL_BLACK 3.00, > URIBL_JP_SURBL 1.50) > X-vanderkooij.org-MailScanner-From: > mailscanner-bounces@lists.mailscanner.info > X-vanderkooij.org-MailScanner-To: hvdkooij@vanderkooij.org > X-Spam-Status: No From hvdkooij at vanderkooij.org Sat Jun 2 11:08:08 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Jun 2 11:08:49 2007 Subject: Lovers package at discount price! (fwd) In-Reply-To: <4661246B.5090800@alexb.ch> References: <4661246B.5090800@alexb.ch> Message-ID: On Sat, 2 Jun 2007, Alex Broens wrote: > use SA: > > whitelist_to mailscanner@lists.mailscanner.info I HAD (note the past tense) whitelisted the mailinglist. But as the mailinglist itself is not protected (enough) it seems I have to be aware of the content here as well. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) Please, don't top post: A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? From lists at masonc.com Sat Jun 2 13:56:39 2007 From: lists at masonc.com (Chris Mason (Lists)) Date: Sat Jun 2 13:56:56 2007 Subject: OT: Spam King Arrested! In-Reply-To: References: Message-ID: <46616907.6040808@masonc.com> Scott Silva wrote: > One down --- thousands to go! > I wonder about that. If a change of policy and tolerance in the US towards these lowlifes meant that they started to get locked up, if spam was to be treated like DVD piracy and the US Gov sent delegations to other countries and demanded action, would the volume drop significantly? In most cases it is relatively easy to "follow the money" and fine those who benefit. The exception to those is the stock spams which try to influence the market, but again, probably easy enough to see the patterns and find out who is gaining from the scams. If the US Gov. gave a damn about spam, I think we would see a dramatic reduction in volume and the hard core spammers looking for other work. -- Chris Mason (264) 497-5670 Fax: (264) 497-8463 Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271 Cell: 264-235-5670 Yahoo IM: netconcepts_anguilla@yahoo.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Jun 2 14:32:53 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 2 14:34:01 2007 Subject: Beta release 4.61.1 Message-ID: <46617185.6030000@ecs.soton.ac.uk> This beta includes direct communication with clamd, and no longer uses clamd-wrapper or clamdscan. This should be faster than the clamd support in the previous version. Thanks for Rick Cooper for this contribution. Download as usual from www.mailscanner.info. The Change Log is: * New Features and Improvements * 1 Direct support for the "clamd" virus scanner -- now talks directly to the clamd daemon without any overhead of calling clamd-wrapper or clamdscan. As a result, this should be faster than the previous clamd support. It also has a much smaller memory footprint than the "clamavmodule" scanner. This is all thanks to Rick Cooper who wrote the original code. New configuration options are - Clamd Port = 3310 - Clamd Socket = /tmp/clamd - Clamd Lock File = /var/lock/subsys/clamd - Clamd Use Threads = no The use of these settings is explained in the MailScanner.conf file. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Sat Jun 2 16:53:30 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 2 16:54:35 2007 Subject: Test post Message-ID: <4661927A.5030409@ecs.soton.ac.uk> ping Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From philippe at beau.nom.fr Sat Jun 2 17:04:31 2007 From: philippe at beau.nom.fr (Philippe BEAU) Date: Sat Jun 2 17:04:34 2007 Subject: Test post In-Reply-To: <4661927A.5030409@ecs.soton.ac.uk> References: <4661927A.5030409@ecs.soton.ac.uk> Message-ID: <4661950F.208@beau.nom.fr> Julian Field a ?crit : > ping > > Jules > pong From MailScanner at ecs.soton.ac.uk Sat Jun 2 14:32:53 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 2 17:09:55 2007 Subject: Beta release 4.61.1 Message-ID: <46617185.6030000@ecs.soton.ac.uk> This beta includes direct communication with clamd, and no longer uses clamd-wrapper or clamdscan. This should be faster than the clamd support in the previous version. Thanks for Rick Cooper for this contribution. Download as usual from www.mailscanner.info. The Change Log is: * New Features and Improvements * 1 Direct support for the "clamd" virus scanner -- now talks directly to the clamd daemon without any overhead of calling clamd-wrapper or clamdscan. As a result, this should be faster than the previous clamd support. It also has a much smaller memory footprint than the "clamavmodule" scanner. This is all thanks to Rick Cooper who wrote the original code. New configuration options are - Clamd Port = 3310 - Clamd Socket = /tmp/clamd - Clamd Lock File = /var/lock/subsys/clamd - Clamd Use Threads = no The use of these settings is explained in the MailScanner.conf file. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From edwardbruce at sbcglobal.net Sat Jun 2 17:53:45 2007 From: edwardbruce at sbcglobal.net (Ed) Date: Sat Jun 2 17:54:42 2007 Subject: OT: Spam King Arrested! In-Reply-To: <46616907.6040808@masonc.com> References: <46616907.6040808@masonc.com> Message-ID: <4661A099.50707@sbcglobal.net> Chris Mason (Lists) wrote: > Scott Silva wrote: >> One down --- thousands to go! >> > I wonder about that. If a change of policy and tolerance in the US > towards these lowlifes meant that they started to get locked up, if > spam was to be treated like DVD piracy and the US Gov sent delegations > to other countries and demanded action, would the volume drop > significantly? In most cases it is relatively easy to "follow the > money" and fine those who benefit. The exception to those is the stock > spams which try to influence the market, but again, probably easy > enough to see the patterns and find out who is gaining from the scams. > > If the US Gov. gave a damn about spam, I think we would see a dramatic > reduction in volume and the hard core spammers looking for other work. > But the only people that really care are the users, us. The backbone providers love it cause they need to provide more fiber to carry all that spam. From root at doctor.nl2k.ab.ca Sat Jun 2 17:55:45 2007 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Sat Jun 2 17:58:22 2007 Subject: Test post In-Reply-To: <4661927A.5030409@ecs.soton.ac.uk> References: <4661927A.5030409@ecs.soton.ac.uk> Message-ID: <20070602165544.GB25915@doctor.nl2k.ab.ca> On Sat, Jun 02, 2007 at 04:53:30PM +0100, Julian Field wrote: > ping > > Jules > Pong! > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Sat Jun 2 19:25:11 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Jun 2 19:25:54 2007 Subject: OT: Spam King Arrested! In-Reply-To: <4661A099.50707@sbcglobal.net> References: <46616907.6040808@masonc.com> <4661A099.50707@sbcglobal.net> Message-ID: On Sat, 2 Jun 2007, Ed wrote: > Chris Mason (Lists) wrote: >> Scott Silva wrote: >> > One down --- thousands to go! >> > >> I wonder about that. If a change of policy and tolerance in the US towards >> these lowlifes meant that they started to get locked up, if spam was to be >> treated like DVD piracy and the US Gov sent delegations to other countries >> and demanded action, would the volume drop significantly? In most cases it >> is relatively easy to "follow the money" and fine those who benefit. The >> exception to those is the stock spams which try to influence the market, >> but again, probably easy enough to see the patterns and find out who is >> gaining from the scams. >> >> If the US Gov. gave a damn about spam, I think we would see a dramatic >> reduction in volume and the hard core spammers looking for other work. >> > But the only people that really care are the users, us. The backbone > providers love it cause they need to provide more fiber to carry all that > spam. Most if not all ISP's have spend more money due to spam because they need to run more SMTP servers. So they have an interrest in getting the problem solved. The bad thing is that a lot of them still allow unchecked SMTP traffic from their own network. So the SPAM bot networks can still do pretty much what they like. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From gdoris at rogers.com Sat Jun 2 19:41:08 2007 From: gdoris at rogers.com (Gerry Doris) Date: Sat Jun 2 19:41:38 2007 Subject: Beta release 4.61.1 In-Reply-To: <46617185.6030000@ecs.soton.ac.uk> References: <46617185.6030000@ecs.soton.ac.uk> Message-ID: <4661B9C4.2010509@rogers.com> Julian Field wrote: > This beta includes direct communication with clamd, and no longer uses > clamd-wrapper or clamdscan. This should be faster than the clamd support > in the previous version. > Thanks for Rick Cooper for this contribution. > > Download as usual from www.mailscanner.info. > > The Change Log is: > > * New Features and Improvements * > 1 Direct support for the "clamd" virus scanner -- now talks directly to the > clamd daemon without any overhead of calling clamd-wrapper or clamdscan. > As a result, this should be faster than the previous clamd support. > It also has a much smaller memory footprint than the "clamavmodule" > scanner. > This is all thanks to Rick Cooper who wrote the original code. > New configuration options are > - Clamd Port = 3310 > - Clamd Socket = /tmp/clamd > - Clamd Lock File = /var/lock/subsys/clamd > - Clamd Use Threads = no > The use of these settings is explained in the MailScanner.conf file. > > Jules > Do I need to remove clamavmodule as one of my virus scanners and replace it with clamav or do I just remove it? From rcooper at dwford.com Sat Jun 2 19:52:13 2007 From: rcooper at dwford.com (Rick Cooper) Date: Sat Jun 2 19:52:17 2007 Subject: Beta release 4.61.1 In-Reply-To: <4661B9C4.2010509@rogers.com> References: <46617185.6030000@ecs.soton.ac.uk> <4661B9C4.2010509@rogers.com> Message-ID: <0be901c7a547$222ca240$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Gerry Doris > Sent: Saturday, June 02, 2007 2:41 PM > To: MailScanner discussion > Subject: Re: Beta release 4.61.1 > > Julian Field wrote: > > This beta includes direct communication with clamd, and no > longer uses > > clamd-wrapper or clamdscan. This should be faster than the > clamd support > > in the previous version. > > Thanks for Rick Cooper for this contribution. > > > > Download as usual from www.mailscanner.info. > > [..] > > > Do I need to remove clamavmodule as one of my virus scanners > and replace > it with clamav or do I just remove it? > -- You would replace clamavmodule with clamd. Of course the clamd daemon has to be setup and running. Also note it will use the settings from your clamd.conf and not those within MailScanner. If you are already running the daemon then it should be find. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Sat Jun 2 20:35:13 2007 From: rcooper at dwford.com (Rick Cooper) Date: Sat Jun 2 20:35:17 2007 Subject: Beta release 4.61.1 In-Reply-To: <46617185.6030000@ecs.soton.ac.uk> References: <46617185.6030000@ecs.soton.ac.uk> Message-ID: <0bed01c7a54d$23df2580$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: Saturday, June 02, 2007 9:33 AM > To: MailScanner discussion; MailScanner beta testers > Subject: Beta release 4.61.1 > > This beta includes direct communication with clamd, and no > longer uses > clamd-wrapper or clamdscan. This should be faster than the > clamd support > in the previous version. > Thanks for Rick Cooper for this contribution. > Julian, Line 3097, I defer to your judgment on that issue Line 3211, That comment isn't relevant anymore and could be removed. I decided to use a Session rather than two connections, however that may have been the wrong choice in the long run. I defer to your opinion on this issue. Using a session allows for issuing multiple within a single connection otherwise you have to reconnect to the daemon for each command so PING/PONG, reconnect, CONTSCAN/result and done or PING/PONG/CONTSCAN/result. This method requires a file-by-file scan approach (as with clamavmodule) because the daemon doesn't tell you when it's finished the scan, you will just set there waiting for output until the connection times out. If I did not use SESSION but tested the daemon, reopened the connection and then sent the CONTSCAN/MULTISCAN command and handed clamd the entire directory it would scan every file, returning the infected files, and end the connection. Personally I think the overhead of reopening the connection after the PING is pretty much nothing and scanning the entire directory with one command would certainly help SMP hosts using threads, I didn't really see a real advantage on a normal CONTSCAN but I never sent it 100 files to check. I also noted MailScanner seems to get pissed off if I scan an entire batch at once verses a single message. When I scan the entire batch for some reason it doesn't seem to know who ( the ip at the end of the virus was sent by log line is gone) sent the virus. I didn't have time to try and work that out but scanning an entire batch at one time would certainly be an asset, if you have a clue about why MS doesn't know where the virus came from even though the message-id is passed (to the parser) with the report/file name just like one file at a time. I also noted when this happens the entire message body is removed as a result, a bad thing. Anyway if people would prefer entire directory at one pass, easy to rewrite that... If you have a clue as to the entire batch problem (parser not expecting multiple message-ids or something?) it would also be easy to scan entire batch at once and that did improve the overall scan time (by clam) for a batch considerably. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From itdept at fractalweb.com Sat Jun 2 22:01:16 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Sat Jun 2 22:01:41 2007 Subject: 4.61.1 clamd test unsuccessful Message-ID: <4661DA9C.7050707@fractalweb.com> I just installed MailScanner 4.61.1 on one of our test servers, ensured "clamd" was running and set as the antivirus scanner and then sent the eicar test file to myself, and unfortunately it waltzed right through. Changed back to "clamavmodule" and the system caught it. Any ideas what went wrong? From itdept at fractalweb.com Sat Jun 2 22:08:17 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Sat Jun 2 22:08:39 2007 Subject: Lovers package at discount price! (fwd) In-Reply-To: References: Message-ID: <4661DC41.70008@fractalweb.com> Res wrote: > I think its amazing our own mailing list doesn't use MailScanner to > protect it :P > Gee Res, So someone actually went and signed up to the mailing list, verified their email address to the list manager, then sent this "special offer" to us? Looks like a pretty good deal to me. I'm sure glad they sent this great offer to us. I'm a bit confused on some of the products though. What exactly is "Viagra Soft"? Is that like a half-dose or something? ;-) Chris From rcooper at dwford.com Sat Jun 2 22:21:51 2007 From: rcooper at dwford.com (Rick Cooper) Date: Sat Jun 2 22:21:57 2007 Subject: Beta release 4.61.1 In-Reply-To: <0bed01c7a54d$23df2580$0301a8c0@SAHOMELT> References: <46617185.6030000@ecs.soton.ac.uk> <0bed01c7a54d$23df2580$0301a8c0@SAHOMELT> Message-ID: <10f401c7a55c$09b8aaa0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Rick Cooper > Sent: Saturday, June 02, 2007 3:35 PM > To: 'MailScanner discussion' > Subject: RE: Beta release 4.61.1 > > [...] > > Line 3097, I defer to your judgment on that issue > Line 3211, That comment isn't relevant anymore and could be removed. I > decided to use a Session rather than two connections, however > that may have > been the wrong choice in the long run. I defer to your opinion on this > issue. Using a session allows for issuing multiple within a single > connection otherwise you have to reconnect to the daemon for Sorry to reply to myself, I have the entire batch at once problem solved, but I am going to test for a while before I submit the new patch for SweepViruses.pm. In the last test I did I gave it a batch of 20 messages with two infected archives (one zip, one rar) and it scanned the whole batch about as fast as a single message. Below is the information I got using Time::HiRes to measure. (the entire batch consists of a single message that is the same message as the single, just resent 20 times) Single Message ELAPSED TIME : 0.032859 Batch Of 20 ELAPSED TIME : 0.625119 So I think scanning the whole batch at once would be the way to go. I will move it to a couple of production servers and run it for the weekend, actually since I am out of town Monday if all goes well I will send a new SweepViruses.pm patch Tues morning Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Sat Jun 2 22:23:54 2007 From: rcooper at dwford.com (Rick Cooper) Date: Sat Jun 2 22:23:59 2007 Subject: 4.61.1 clamd test unsuccessful In-Reply-To: <4661DA9C.7050707@fractalweb.com> References: <4661DA9C.7050707@fractalweb.com> Message-ID: <10f501c7a55c$532338e0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Chris Yuzik > Sent: Saturday, June 02, 2007 5:01 PM > To: MailScanner discussion > Subject: 4.61.1 clamd test unsuccessful > > I just installed MailScanner 4.61.1 on one of our test > servers, ensured > "clamd" was running and set as the antivirus scanner and then > sent the > eicar test file to myself, and unfortunately it waltzed right > through. > Changed back to "clamavmodule" and the system caught it. > > Any ideas what went wrong? > > -- Any chance you can run in debug mode and show me the output? Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Jun 2 23:00:38 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 2 23:02:14 2007 Subject: Beta release 4.61.1 In-Reply-To: <10f401c7a55c$09b8aaa0$0301a8c0@SAHOMELT> References: <46617185.6030000@ecs.soton.ac.uk> <0bed01c7a54d$23df2580$0301a8c0@SAHOMELT> <10f401c7a55c$09b8aaa0$0301a8c0@SAHOMELT> Message-ID: <4661E886.8030101@ecs.soton.ac.uk> Rick Cooper wrote: > > So I think scanning the whole batch at once would be the way to go. I will > move it to a couple of production servers and run it for the weekend, > actually since I am out of town Monday if all goes well I will send a new > SweepViruses.pm patch Tues morning > Please make it a patch to the current SweepViruses.pm as that is now the working code. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From res at ausics.net Sat Jun 2 23:29:20 2007 From: res at ausics.net (Res) Date: Sat Jun 2 23:29:32 2007 Subject: Lovers package at discount price! (fwd) In-Reply-To: <4661DC41.70008@fractalweb.com> References: <4661DC41.70008@fractalweb.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 2 Jun 2007, Chris Yuzik wrote: > So someone actually went and signed up to the mailing list, verified their > email address to the list manager, then sent this "special offer" to us? They do this constantly to confirmed registration apps with phpBB's :) So much so I changed the one thats run on my pvt site to deny registrations unless your on an APNIC associated IP, since they mostly came from Russia and the U.S, problem solved since :) > Looks like a pretty good deal to me. I'm sure glad they sent this great offer > to us. I'm a bit confused on some of the products though. What exactly is > "Viagra Soft"? Is that like a half-dose or something? No idea Chris, maybe they can clarify for you :) I could say more of what I think it means, but I think those comments would "cross the line" on this list :D - -- Cheers Res -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGYe9CsWhAmSIQh7MRAgIzAJ9EvHN1iI9y9Is1kZBsbgUkD9ZwugCfaYYf yP41ro4RfNAJ4BAETMiLt6s= =ozCS -----END PGP SIGNATURE----- From r.berber at computer.org Sun Jun 3 00:30:49 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Sun Jun 3 00:31:18 2007 Subject: Beta release 4.61.1 In-Reply-To: <0be901c7a547$222ca240$0301a8c0@SAHOMELT> References: <46617185.6030000@ecs.soton.ac.uk> <4661B9C4.2010509@rogers.com> <0be901c7a547$222ca240$0301a8c0@SAHOMELT> Message-ID: Rick Cooper wrote: [snip] > Also note it will use the settings from your clamd.conf and not those within > MailScanner. If you are already running the daemon then it should be fin[e]. How does it know where the clamd.conf is? -- Ren? Berber From r.berber at computer.org Sun Jun 3 01:10:06 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Sun Jun 3 01:10:28 2007 Subject: Beta release 4.61.1 In-Reply-To: References: <46617185.6030000@ecs.soton.ac.uk> <4661B9C4.2010509@rogers.com> <0be901c7a547$222ca240$0301a8c0@SAHOMELT> Message-ID: Ren? Berber wrote: > Rick Cooper wrote: > > [snip] >> Also note it will use the settings from your clamd.conf and not those within >> MailScanner. If you are already running the daemon then it should be fin[e]. > > How does it know where the clamd.conf is? Sorry, you meant the "scanning settings" not all the settings, right? So the use of a socket still has to be configured in MailScanner.conf, and the location of clamd.conf is not relevant. Also, the configuration mentions the use of "Incoming Work Group" but you seem to assume that clamd is running as user/group clamav, which is not mentioned anywhere or certain. Or the equivalent about permissions, clamd needs read perms on the incoming directory, which is what the 2 options seem to do. -- Ren? Berber From rcooper at dwford.com Sun Jun 3 04:21:01 2007 From: rcooper at dwford.com (Rick Cooper) Date: Sun Jun 3 04:21:10 2007 Subject: Beta release 4.61.1 In-Reply-To: References: <46617185.6030000@ecs.soton.ac.uk> <4661B9C4.2010509@rogers.com><0be901c7a547$222ca240$0301a8c0@SAHOMELT> Message-ID: <116201c7a58e$37e6a530$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Ren? Berber > Sent: Saturday, June 02, 2007 7:31 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: Beta release 4.61.1 > > Rick Cooper wrote: > > [snip] > > Also note it will use the settings from your clamd.conf and > not those within > > MailScanner. If you are already running the daemon then it > should be fin[e]. > > How does it know where the clamd.conf is? The location isn't relevent to MailScanner as it's talking to the daemon which has already read it's configuration. Just need to to know where to connect to, the unix socket or IP address. If it's an IP address then of course the port number. The defaults are what the normal clamd defaults are but may vary depending on your distro (I build from source and use the developer's defaults). Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Sun Jun 3 04:30:12 2007 From: rcooper at dwford.com (Rick Cooper) Date: Sun Jun 3 04:30:17 2007 Subject: Beta release 4.61.1 In-Reply-To: References: <46617185.6030000@ecs.soton.ac.uk><4661B9C4.2010509@rogers.com> <0be901c7a547$222ca240$0301a8c0@SAHOMELT> Message-ID: <116301c7a58f$7ea57ef0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Ren? Berber > Sent: Saturday, June 02, 2007 8:10 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: Beta release 4.61.1 > > Ren? Berber wrote: > > Rick Cooper wrote: > > [...] > > Also, the configuration mentions the use of "Incoming Work > Group" but you seem > to assume that clamd is running as user/group clamav, which > is not mentioned > anywhere or certain. Or the equivalent about permissions, > clamd needs read > perms on the incoming directory, which is what the 2 options > seem to do. > -- > Ren? Berber > Those were there for the clamdscan (I didn't put them there). Frankly if you use the default settings clamd is run as root so it's not relevant. However if you do configure clamd to drop privileges and run as another user it would matter. That is why I didn't remove those option but I think the explanation needs altered so it's clear that it doesn't matter if you are running clamd in the default manner which is as root. My own setup has clamd listening to both a UNIX socket and the standard port on 127.0.0.1. The only time this would/should be different would be the case where you have clamd running on a different host in which case you would, of course, have to use TCP and it might be running as a non root user. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From r.berber at computer.org Sun Jun 3 06:04:07 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Sun Jun 3 06:04:42 2007 Subject: Beta release 4.61.1 In-Reply-To: <116301c7a58f$7ea57ef0$0301a8c0@SAHOMELT> References: <46617185.6030000@ecs.soton.ac.uk><4661B9C4.2010509@rogers.com> <0be901c7a547$222ca240$0301a8c0@SAHOMELT> <116301c7a58f$7ea57ef0$0301a8c0@SAHOMELT> Message-ID: Rick Cooper wrote: > Those were there for the clamdscan (I didn't put them there). Frankly if you > use the default settings clamd is run as root so it's not relevant. However > if you do configure clamd to drop privileges and run as another user it > would matter. That is why I didn't remove those option but I think the > explanation needs altered so it's clear that it doesn't matter if you are > running clamd in the default manner which is as root. My own setup has clamd > listening to both a UNIX socket and the standard port on 127.0.0.1. The only > time this would/should be different would be the case where you have clamd > running on a different host in which case you would, of course, have to use > TCP and it might be running as a non root user. OK, thanks for your replies. It's working fine after the change. -- Ren? Berber From mogens at fumlersoft.dk Sun Jun 3 07:51:57 2007 From: mogens at fumlersoft.dk (Mogens Melander) Date: Sun Jun 3 07:51:13 2007 Subject: OT: Spam King Arrested! In-Reply-To: <46616907.6040808@masonc.com> References: <46616907.6040808@masonc.com> Message-ID: <19683.222.123.0.244.1180853517.squirrel@mail.parkhotel.dk> On Sat, June 2, 2007 14:56, Chris Mason (Lists) wrote: > Scott Silva wrote: >> One down --- thousands to go! >> > I wonder about that. If a change of policy and tolerance in the US > towards these lowlifes meant that they started to get locked up, if spam > was to be treated like DVD piracy and the US Gov sent delegations to > other countries and demanded action, would the volume drop > significantly? Hmm, what kind of delegation are we talking about? The delegation that went to Irak is still figthing, and the delegation that went to sweeden (piratebay) they are still laughing abaout. BTW. i'm from Denmark, the small dot below sweeden, and just above Germany 8^) In a free world, US Gov. policies have litle impact. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. From glenn.steen at gmail.com Sun Jun 3 10:53:30 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Jun 3 10:53:38 2007 Subject: Lovers package at discount price! (fwd) In-Reply-To: References: Message-ID: <223f97700706030253h6f5de2b9lc6bfea916f223f43@mail.gmail.com> On 02/06/07, Hugo van der Kooij wrote: > > Was whitelisting the mailinglist not the right thing? Didn't you count on things like this happening? We whitelist precisely because the list _will_ contain spam/malware samples... And we should thank the loser sending us this sample... See it as a community service:-D > ---------- Forwarded message ---------- > Subject: Lovers package at discount price! > X-BeenThere: mailscanner@lists.mailscanner.info > .... > X-Mailman-Version: 2.1.5 > X-vanderkooij.org-MailScanner-SpamCheck: not spam (whitelisted), > SpamAssassin (not cached, score=9.462, required 4, BAYES_80 3.00, > HTML_MESSAGE 0.00, RCVD_IN_BL_SPAMCOP_NET 1.96, URIBL_BLACK 3.00, > URIBL_JP_SURBL 1.50) > X-vanderkooij.org-MailScanner-From: mailscanner-bounces@lists.mailscanner.info > X-vanderkooij.org-MailScanner-To: hvdkooij@vanderkooij.org > X-Spam-Status: No > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sun Jun 3 11:35:38 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Jun 3 11:35:42 2007 Subject: Releasing from quarantine - postfix In-Reply-To: <20070602130532.x9s634h2osksg4oo@mail.maptek.com.au> References: <20070602130532.x9s634h2osksg4oo@mail.maptek.com.au> Message-ID: <223f97700706030335m797dde01l32fc4ea9d700bb8a@mail.gmail.com> On 02/06/07, Simon Pollitt wrote: > (Tried to send this last week but it didn't get through?) > > I have a newly installed single instance (HOLD method) postfix + > Mailscanner install, slightly complicated by running "inside" Bynari > Insight. > > All is going well as far as scanning, blocking and mailing - until > I've tried to release a message from quarantine. > > I've followed the instructions at: > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:release_quarantined_mail Question 1) Do you quarantine the queue file or the decoded message? Seems like the queue file, from your scriptlet. There are some gotchas you need consider in your script, and some whitelisting/"avoidance of rescan" you need do... Did you do that? > with the directory modifications for Insight: I'm not too familiar with that one... Do you have an informative link for a lazy bum like me?:-) > ***** > #!/bin/sh > > if [ -z "$1" ]; then > echo "Syntax: $0 i.e. 5B604228086.932F0 (case sensitive)" > exit > fi > > #change in the quarantine folder > folder=`find /var/spool/MailScanner/quarantine/ -name $1 ` > cd $folder This cd only works for virus/dangerous content quarantine items. The spam/non-spam quarantine just has the queue file, no directory to cd into (it will be in .../MailScanner/quarantine//spam). Of cours, if you don't have "store" in Spam Actions/high Scoring Spam Actions/Non Spam Actions ... then it doesn't matter. > #set the mailfile executable > mailname=`echo $1 | cut -d . -f1` > chmod u+x $mailname > > #lets get the first character > char=`echo $1 | cut -b 1-1` > > #copy the mail > cp -a $mailname /opt/insight/var/spool/postfix/incoming/ > > echo Mail $mailname released > ***** > > The problem is that, while this script runs just fine and pushes the > message into the "incoming" directory, it then goes through the > Mailscanner scanning process again - which it of course fails... You either need whitelist 127.0.0.1, or make sure you copy it into a queue that will not use the HOLD thing... Perhaps a second instance of Postfix or something similar...:-). > My postfix config uses: > MTA = postfix > Incoming Queue Dir = /opt/insight/var/spool/postfix/hold > Outgoing Queue Dir = /opt/insight/var/spool/postfix/incoming > > and header_checks contains: > /^Received:/ HOLD > > I believe that all of the settings are correct because viruses and > especially spam are being detected like crazy. I am occasionally > getting duplicate messages delivered and also (even more occasionally) > getting messages without bodies being delivered - this does make me > suspicious that something is not configured cleanly here. > > Any suggestions as to where I might look to re-spool messages from > quarantine and also how concerned about the duplicates I should be? I > would be most thankful for any assistance, > > Simon > > The duplicates/mangled messages are a problem you should focus on.... Seems you have more than one consumer of your hold directory, which is _really_ bad. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sun Jun 3 12:09:06 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Jun 3 12:09:12 2007 Subject: OT: Spam King Arrested! In-Reply-To: <19683.222.123.0.244.1180853517.squirrel@mail.parkhotel.dk> References: <46616907.6040808@masonc.com> <19683.222.123.0.244.1180853517.squirrel@mail.parkhotel.dk> Message-ID: <223f97700706030409i51ca1328r4b0c42334af06448@mail.gmail.com> On 03/06/07, Mogens Melander wrote: > > On Sat, June 2, 2007 14:56, Chris Mason (Lists) wrote: > > Scott Silva wrote: > >> One down --- thousands to go! > >> > > I wonder about that. If a change of policy and tolerance in the US > > towards these lowlifes meant that they started to get locked up, if spam > > was to be treated like DVD piracy and the US Gov sent delegations to > > other countries and demanded action, would the volume drop > > significantly? > > Hmm, what kind of delegation are we talking about? The delegation that > went to Irak is still figthing, and the delegation that went to sweeden > (piratebay) they are still laughing abaout. BTW. i'm from Denmark, the > small dot below sweeden, and just above Germany 8^) Have anything in paticular wrong with your keeboard there, Mogens? Slight problem with and it seems.... It's Sweden, as you perfectly well know;-). Enjoy the game yesterday?:-):-) Don't tell me you were one of the moronic runners.....:-D. > In a free world, US Gov. policies have litle impact. Quite true. When they start threatening us, we'll go through the motions though (as with Pirate Bay), no country wants to have trade embargos and whatnot. > -- > Later > > Mogens Melander > +45 40 85 71 38 > +66 870 133 224 Commuting from Thailand? Lucky b*****d:-)! Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From root at doctor.nl2k.ab.ca Sun Jun 3 12:48:17 2007 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Sun Jun 3 12:53:07 2007 Subject: {Spam?} Re: Beta release 4.61.1 In-Reply-To: References: <46617185.6030000@ecs.soton.ac.uk> <4661B9C4.2010509@rogers.com> <0be901c7a547$222ca240$0301a8c0@SAHOMELT> Message-ID: <20070603114816.GA4346@doctor.nl2k.ab.ca> On Sat, Jun 02, 2007 at 06:30:49PM -0500, Ren? Berber wrote: > Rick Cooper wrote: > > [snip] > > Also note it will use the settings from your clamd.conf and not those within > > MailScanner. If you are already running the daemon then it should be fin[e]. > > How does it know where the clamd.conf is? The de facto should be /usr/local/etc . I rather put my conf's in /etc . > -- > Ren? Berber > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Sun Jun 3 14:07:28 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Sun Jun 3 14:04:22 2007 Subject: OT: BarricadeMX Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Has anybody else set this up yet ? Getting a weird error message in logfiles :- Jun 3 13:57:32 mailhub smtpf[26777]: j52DvL267770006400 client [218.190.237.89] I/O error: Cannot send after transport endpoint shutdown (108) Any ideas ? - -- - --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (GNU/Linux) iD8DBQFGYr0TH7GwL121aHsRAnGWAJ9D0b+uB5zU21fZspw0C+TFqHJjBgCeLCqi BLtCYPOxUPG+JulcwMbHJfU= =K7DN -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve.swaney at fsl.com Sun Jun 3 14:22:51 2007 From: steve.swaney at fsl.com (Stephen Swaney) Date: Sun Jun 3 14:22:12 2007 Subject: BarricadeMX In-Reply-To: References: Message-ID: <0cf901c7a5e2$49e980a0$ddbc81e0$@swaney@fsl.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of --[ UxBoD ]-- > Sent: Sunday, June 03, 2007 9:07 AM > To: MailScanner discussion > Subject: OT: BarricadeMX > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > Has anybody else set this up yet ? Getting a weird error message in > logfiles :- > > Jun 3 13:57:32 mailhub smtpf[26777]: j52DvL267770006400 client > [218.190.237.89] I/O error: Cannot send after transport endpoint > shutdown (108) > > Any ideas ? > > - -- > - --[ UxBoD ]-- Not an error. The sending server unexpectedly closed the connection. Please send support requests for BarricadeMX to support@fsl.com. Best regards, Steve Steve Swaney steve@fsl.com From rcooper at dwford.com Sun Jun 3 14:45:18 2007 From: rcooper at dwford.com (Rick Cooper) Date: Sun Jun 3 14:45:24 2007 Subject: Beta release 4.61.1 In-Reply-To: References: <46617185.6030000@ecs.soton.ac.uk><4661B9C4.2010509@rogers.com> <0be901c7a547$222ca240$0301a8c0@SAHOMELT> <116301c7a58f$7ea57ef0$0301a8c0@SAHOMELT> Message-ID: <11ee01c7a5e5$6cae6210$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Ren? Berber > Sent: Sunday, June 03, 2007 1:04 AM > To: mailscanner@lists.mailscanner.info > Subject: Re: Beta release 4.61.1 > > Rick Cooper wrote: > > > Those were there for the clamdscan (I didn't put them > there). Frankly if you > > use the default settings clamd is run as root so it's not > relevant. However > > if you do configure clamd to drop privileges and run as > another user it > > would matter. That is why I didn't remove those option but > I think the > > explanation needs altered so it's clear that it doesn't > matter if you are > > running clamd in the default manner which is as root. My > own setup has clamd > > listening to both a UNIX socket and the standard port on > 127.0.0.1. The only > > time this would/should be different would be the case where > you have clamd > > running on a different host in which case you would, of > course, have to use > > TCP and it might be running as a non root user. > > OK, thanks for your replies. > > It's working fine after the change. > -- > Ren? Berber > So I would question the list on what they think would be the least confusing explaination here: # Note: If the "Run As User" is not "root" then you cannot change the # user but may still be able to change the group, if the # "Run As User" is a member of both of the groups "Run As Group" # and "Incoming Work Group". # Note: If the "Run As User" is "root" (or not set at all) and you are # using the "clamd" virus scanner (, then this must be set: # Incoming Work Group = clamav # Incoming Work Permissions = 0640 Incoming Work User = Incoming Work Group = If you are running clamd as root, this is moot. If you are dropping privleges then this would need set to the clamd user (not necessarily clamav, but would be the recommendation from the docs IIRC). How about: # Note: If the "Run As User" is not "root" you cannot change the # user but may still be able to change the group, if the # "Run As User" is a member of both of the groups "Run As Group" # and "Incoming Work Group" # Note: If the "Run As User" is "root" (or not set at all) and you are # using the "clamd" virus scanner AND clamd is dropping privileges # (not running as root), then this must be set to the group clamd # is using (from your clamd.conf), example: # Incoming Work Group = clamav # Incoming Work Permissions = 0640 Incoming Work User = Incoming Work Group = Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mogens at fumlersoft.dk Sun Jun 3 14:48:07 2007 From: mogens at fumlersoft.dk (Mogens Melander) Date: Sun Jun 3 14:48:15 2007 Subject: OT: Spam King Arrested! In-Reply-To: <223f97700706030409i51ca1328r4b0c42334af06448@mail.gmail.com> References: <46616907.6040808@masonc.com> <19683.222.123.0.244.1180853517.squirrel@mail.parkhotel.dk> <223f97700706030409i51ca1328r4b0c42334af06448@mail.gmail.com> Message-ID: <26544.222.123.0.244.1180878487.squirrel@mail.parkhotel.dk> On Sun, June 3, 2007 13:09, Glenn Steen wrote: > On 03/06/07, Mogens Melander wrote: >> >> On Sat, June 2, 2007 14:56, Chris Mason (Lists) wrote: >> > Scott Silva wrote: >> >> One down --- thousands to go! >> >> >> > I wonder about that. If a change of policy and tolerance in the US >> > towards these lowlifes meant that they started to get locked up, if >> spam >> > was to be treated like DVD piracy and the US Gov sent delegations to >> > other countries and demanded action, would the volume drop >> > significantly? >> >> Hmm, what kind of delegation are we talking about? The delegation that >> went to Irak is still figthing, and the delegation that went to sweeden >> (piratebay) they are still laughing abaout. BTW. i'm from Denmark, the >> small dot below sweeden, and just above Germany 8^) > > Have anything in paticular wrong with your keeboard there, Mogens? > Slight problem with and it seems.... It's Sweden, as you > perfectly well know;-). Yup, yore right. It was probably caused by my hangovers. > Enjoy the game yesterday?:-):-) Don't tell me you were one of the > moronic runners.....:-D. Did i miss something? I'm on 3 week trip to Thailand, hence the hangovers ;^) >> In a free world, US Gov. policies have litle impact. > > Quite true. When they start threatening us, we'll go through the > motions though (as with Pirate Bay), no country wants to have trade > embargos and whatnot. Well, the guys in Sweden don't seem to mind, as Piratebay is still up. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. From rcooper at dwford.com Sun Jun 3 18:04:11 2007 From: rcooper at dwford.com (Rick Cooper) Date: Sun Jun 3 18:04:46 2007 Subject: Clamd Verses ClamAVModule timing Message-ID: <16d401c7a601$3541c7b0$0301a8c0@SAHOMELT> I finally did some timing comparisons between the clamd (current full batch version) scanning verses clamavmodule. The listed times are pretty average for all the tests. Each test was conducted against the same message/batch and the batches were 20 copies of the same message. I found something a bit interesting. ClamAVmodule beat clamd on a single message every time when using the PING/PONG check (test if clamd is alive and responsive before calling it to scan) but clamd was much faster scanning batches even with the PING/PONG test. Removing the PING/PONG code resulted in clamd being much faster with both single and batch scans. NOTE the times changed between tests but the differences were pretty consistent in terms of percentages. With PING/PONG Clamd Batch ELAPSED TIME : 0.261474 Single ELAPSED TIME : 0.154804 ClamAVModule Batch ELAPSED TIME : 1.058038 Single ELAPSED TIME : 0.035388 Without PING/PONG Clamd Batch ELAPSED TIME : 0.939942 Single ELAPSED TIME : 0.045016 ClamAVModule Batch ELAPSED TIME : 2.430126 Single ELAPSED TIME : 0.069513 My question is should I remove the PING/PONG code all together, leave it for debugging only, or just leave it as is. Even without the PING/PONG test you will still get a log message if MailScanner cannot connect to the clamd daemon. Clearly the process of building the connection, PING/PONG and reconnect for scanning has overhead and it's not a big deal on the batches but would make a difference in the single message scans. My opinion is to remove the PING/PONG all together as the daemon has proven pretty stable for the past year or so, and most people run some form of daemon check script anyway. Plus I can provide my clamd check script for the bin dir if requested. Thoughts? Rick Cooper -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Jun 3 19:08:20 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jun 3 19:08:58 2007 Subject: Clamd Verses ClamAVModule timing In-Reply-To: <16d401c7a601$3541c7b0$0301a8c0@SAHOMELT> References: <16d401c7a601$3541c7b0$0301a8c0@SAHOMELT> Message-ID: <46630394.4070200@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I would like you to do the ping/pong once per batch. Because... a) virus scanning is not a high proportion of the total time to test each message, and b) if doing the ping/pong once per batch makes it a bit slower, the batches will tend to get bigger, thus reducing the percentage overhead caused by the ping/pong anyway. Jules. Rick Cooper wrote: > I finally did some timing comparisons between the clamd (current full batch > version) scanning verses clamavmodule. The listed times are pretty average > for all the tests. Each test was conducted against the same message/batch > and the batches were 20 copies of the same message. I found something a bit > interesting. > > ClamAVmodule beat clamd on a single message every time when using the > PING/PONG check (test if clamd is alive and responsive before calling it to > scan) but clamd was much faster scanning batches even with the PING/PONG > test. Removing the PING/PONG code resulted in clamd being much faster with > both single and batch scans. NOTE the times changed between tests but the > differences were pretty consistent in terms of percentages. > > With PING/PONG > > Clamd > Batch ELAPSED TIME : 0.261474 > Single ELAPSED TIME : 0.154804 > > > ClamAVModule > Batch ELAPSED TIME : 1.058038 > Single ELAPSED TIME : 0.035388 > > Without PING/PONG > > Clamd > Batch ELAPSED TIME : 0.939942 > Single ELAPSED TIME : 0.045016 > > ClamAVModule > Batch ELAPSED TIME : 2.430126 > Single ELAPSED TIME : 0.069513 > > My question is should I remove the PING/PONG code all together, leave it for > debugging only, or just leave it as is. Even without the PING/PONG test you > will still get a log message if MailScanner cannot connect to the clamd > daemon. Clearly the process of building the connection, PING/PONG and > reconnect for scanning has overhead and it's not a big deal on the batches > but would make a difference in the single message scans. My opinion is to > remove the PING/PONG all together as the daemon has proven pretty stable for > the past year or so, and most people run some form of daemon check script > anyway. Plus I can provide my clamd check script for the bin dir if > requested. > > Thoughts? > > Rick Cooper > > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGYwOZEfZZRxQVtlQRAtRkAKC2bShm1P+hBLzTzRpe7EPuAtFzHwCfZLdc TDNEsJxF0eg0+KuEd3uaAOY= =7wOh -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From rcooper at dwford.com Sun Jun 3 20:23:32 2007 From: rcooper at dwford.com (Rick Cooper) Date: Sun Jun 3 20:23:43 2007 Subject: Clamd Verses ClamAVModule timing In-Reply-To: <46630394.4070200@ecs.soton.ac.uk> References: <16d401c7a601$3541c7b0$0301a8c0@SAHOMELT> <46630394.4070200@ecs.soton.ac.uk> Message-ID: <170301c7a614$ada3ac10$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: Sunday, June 03, 2007 2:08 PM > To: MailScanner discussion > Subject: Re: Clamd Verses ClamAVModule timing > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I would like you to do the ping/pong once per batch. Because... > a) virus scanning is not a high proportion of the total time to test > each message, > and > b) if doing the ping/pong once per batch makes it a bit slower, the > batches will tend to get bigger, thus reducing the percentage > overhead > caused by the ping/pong anyway. > > Jules. > Ok, the PING/PONG overhead isn't much anyway and my original thinking was it would be overall faster if the daemon had gotten messed up as it would have to time out before I knew there was a problem (hence the short PING/PONG timeout). Really haven't had problems with the daemon getting hosed for a very long time but a some time back I noticed that even though clamd was active and you could connect it wouldn't respond (hence writing the original PING/PONG check I still run from cron). And I guess if you are normally scanning one message at a time the difference in overhead won't amount to anything since you are running a low load service anyway. And of course you are the boss after all ;-) Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Jun 3 21:23:43 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jun 3 21:24:20 2007 Subject: Clamd Verses ClamAVModule timing In-Reply-To: <170301c7a614$ada3ac10$0301a8c0@SAHOMELT> References: <16d401c7a601$3541c7b0$0301a8c0@SAHOMELT> <46630394.4070200@ecs.soton.ac.uk> <170301c7a614$ada3ac10$0301a8c0@SAHOMELT> Message-ID: <4663234F.7070108@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rick Cooper wrote: > And of course you are the boss after all ;-) I knew you would understand :-) Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGYyNREfZZRxQVtlQRAorxAJkBRNUuUVUhD/8ctAkZDN7xvAClfgCfU/7x Wb0maIpjwxfk5VvZ6MPzYkU= =vLkF -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From r.berber at computer.org Sun Jun 3 21:50:48 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Sun Jun 3 21:51:36 2007 Subject: Beta release 4.61.1 In-Reply-To: <11ee01c7a5e5$6cae6210$0301a8c0@SAHOMELT> References: <46617185.6030000@ecs.soton.ac.uk><4661B9C4.2010509@rogers.com> <0be901c7a547$222ca240$0301a8c0@SAHOMELT> <116301c7a58f$7ea57ef0$0301a8c0@SAHOMELT> <11ee01c7a5e5$6cae6210$0301a8c0@SAHOMELT> Message-ID: Rick Cooper wrote: > So I would question the list on what they think would be the least confusing > explaination here: > > # Note: If the "Run As User" is not "root" then you cannot change the > # user but may still be able to change the group, if the > # "Run As User" is a member of both of the groups "Run As Group" > # and "Incoming Work Group". > # Note: If the "Run As User" is "root" (or not set at all) and you are > # using the "clamd" virus scanner (, then this must be set: > # Incoming Work Group = clamav > # Incoming Work Permissions = 0640 > Incoming Work User = > Incoming Work Group = > > If you are running clamd as root, this is moot. If you are dropping > privleges then this would need set to the clamd user (not necessarily > clamav, but would be the recommendation from the docs IIRC). > > How about: > > # Note: If the "Run As User" is not "root" you cannot change the > # user but may still be able to change the group, if the > # "Run As User" is a member of both of the groups "Run As > Group" > # and "Incoming Work Group" > # Note: If the "Run As User" is "root" (or not set at all) and you > are > # using the "clamd" virus scanner AND clamd is dropping > privileges > # (not running as root), then this must be set to the group > clamd > # is using (from your clamd.conf), example: > # Incoming Work Group = clamav > # Incoming Work Permissions = 0640 > Incoming Work User = > Incoming Work Group = The last one is clearer. I think it would be even better if the notes where done as "use cases", for instance for the last note: 'For using "clamd" as virus scanner, if "Run as User" is "root", or not set at all, but clamd is configured to drop privileges (not running as root), then you must set the work group to the one used by clamd; example ...' -- Ren? Berber From r.berber at computer.org Sun Jun 3 21:55:59 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Sun Jun 3 22:00:08 2007 Subject: {Spam?} Re: Beta release 4.61.1 In-Reply-To: <20070603114816.GA4346@doctor.nl2k.ab.ca> References: <46617185.6030000@ecs.soton.ac.uk> <4661B9C4.2010509@rogers.com> <0be901c7a547$222ca240$0301a8c0@SAHOMELT> <20070603114816.GA4346@doctor.nl2k.ab.ca> Message-ID: Dave Shariff Yadallee wrote: > On Sat, Jun 02, 2007 at 06:30:49PM -0500, Ren? Berber wrote: >> Rick Cooper wrote: >> >> [snip] >>> Also note it will use the settings from your clamd.conf and not those within >>> MailScanner. If you are already running the daemon then it should be fin[e]. >> How does it know where the clamd.conf is? > > The de facto should be /usr/local/etc . > > I rather put my conf's in /etc . The location is irrelevant, I misunderstood "settings" for overall settings when it was really scan settings. Using clamd means that MailScanner.conf settings (related to virus scanning) are not used, instead those in clamd.conf are. -- Ren? Berber From mark at farmorg.co.uk Sun Jun 3 22:36:26 2007 From: mark at farmorg.co.uk (Mark Farmer) Date: Sun Jun 3 22:37:25 2007 Subject: Too many false whitelist In-Reply-To: <46603C89.3080401@fsl.com> References: <466037E6.8010404@farmorg.co.uk> <46603C89.3080401@fsl.com> Message-ID: <4663345A.1040802@farmorg.co.uk> Steve Freegard wrote: > Look at the SpamAssassin Report and see if the USER_IN_WHITELIST or > USER_IN_DEF_WHITELIST rules are firing; if they are - you are probably > using the SARE_WHITELIST ruleset enabled via rules_du_jour or sa-update > so you'll probably have to remove it from these utilities and delete the > rulesets from /etc/mail/spamassassin, the names of the rulesets are > 70_sare_whitelist_rcvd.cf and 70_sare_whitelist_spf.cf. OK, I've tried a couple of things - first I removed the 2 files from /etc/mail/spamassassin, that didn't help & they were recreated, I think by the rules_du_jour update? Then I found /etc/rulesdujour/config & removed SARE_WHITELIST_SPF SARE_WHITELIST_RCVD & deleted the 2 files again. So now i'm monitoring to see what happens. -- Mark Farmer RHCT mark at farmorg dot co dot uk From res at ausics.net Sun Jun 3 23:13:55 2007 From: res at ausics.net (Res) Date: Sun Jun 3 23:14:05 2007 Subject: Clamd Verses ClamAVModule timing In-Reply-To: <16d401c7a601$3541c7b0$0301a8c0@SAHOMELT> References: <16d401c7a601$3541c7b0$0301a8c0@SAHOMELT> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Top posting because its easier.. Rick, I think you need to test with more messages in batch (200), and have many messages with attachments and some of them between 50-500k, even some couple around 1 or 2 megs. If you want to do time tests, you need to make it close to real world as possible. On Sun, 3 Jun 2007, Rick Cooper wrote: > I finally did some timing comparisons between the clamd (current full batch > version) scanning verses clamavmodule. The listed times are pretty average > for all the tests. Each test was conducted against the same message/batch > and the batches were 20 copies of the same message. I found something a bit > interesting. > > ClamAVmodule beat clamd on a single message every time when using the > PING/PONG check (test if clamd is alive and responsive before calling it to > scan) but clamd was much faster scanning batches even with the PING/PONG > test. Removing the PING/PONG code resulted in clamd being much faster with > both single and batch scans. NOTE the times changed between tests but the > differences were pretty consistent in terms of percentages. > > With PING/PONG > > Clamd > Batch ELAPSED TIME : 0.261474 > Single ELAPSED TIME : 0.154804 > > > ClamAVModule > Batch ELAPSED TIME : 1.058038 > Single ELAPSED TIME : 0.035388 > > Without PING/PONG > > Clamd > Batch ELAPSED TIME : 0.939942 > Single ELAPSED TIME : 0.045016 > > ClamAVModule > Batch ELAPSED TIME : 2.430126 > Single ELAPSED TIME : 0.069513 > > My question is should I remove the PING/PONG code all together, leave it for > debugging only, or just leave it as is. Even without the PING/PONG test you > will still get a log message if MailScanner cannot connect to the clamd > daemon. Clearly the process of building the connection, PING/PONG and > reconnect for scanning has overhead and it's not a big deal on the batches > but would make a difference in the single message scans. My opinion is to > remove the PING/PONG all together as the daemon has proven pretty stable for > the past year or so, and most people run some form of daemon check script > anyway. Plus I can provide my clamd check script for the bin dir if > requested. > > Thoughts? > > Rick Cooper > > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > - -- Cheers Res -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGYz0lsWhAmSIQh7MRAm2DAJ9jqCFOD3B8i+V1EiGNkh6Ri8jZKwCdGicC phccf5ah+vI2aPKTMa3Brls= =2gjr -----END PGP SIGNATURE----- From rcooper at dwford.com Mon Jun 4 00:29:38 2007 From: rcooper at dwford.com (Rick Cooper) Date: Mon Jun 4 00:29:43 2007 Subject: Clamd Verses ClamAVModule timing In-Reply-To: References: <16d401c7a601$3541c7b0$0301a8c0@SAHOMELT> Message-ID: <184e01c7a637$0dfc5040$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Res > Sent: Sunday, June 03, 2007 6:14 PM > To: MailScanner discussion > Subject: Re: Clamd Verses ClamAVModule timing > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Top posting because its easier.. > > Rick, I think you need to test with more messages in batch (200), and > have many messages with attachments and some of them between > 50-500k, even > some couple around 1 or 2 megs. If you want to do time tests, > you need to > make it close to real world as possible. > All of the tests I did were with attachments, but not large. Maybe I was just curious as to the differences and the percentages were pretty even, of course load would be a factor as I didn't do it with a isolated box. It seemed like the bigger the batch the more clamd had over clamavmodule but one would assume that to be true as clamavmodule presents the files one at a time where as the current clamd code hands the entire batch at once. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From res at ausics.net Mon Jun 4 00:58:26 2007 From: res at ausics.net (Res) Date: Mon Jun 4 00:58:38 2007 Subject: Clamd Verses ClamAVModule timing In-Reply-To: <184e01c7a637$0dfc5040$0301a8c0@SAHOMELT> References: <16d401c7a601$3541c7b0$0301a8c0@SAHOMELT> <184e01c7a637$0dfc5040$0301a8c0@SAHOMELT> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 3 Jun 2007, Rick Cooper wrote: > All of the tests I did were with attachments, but not large. Maybe I was > just curious as to the differences and the percentages were pretty even, of > course load would be a factor as I didn't do it with a isolated box. It > seemed like the bigger the batch the more clamd had over clamavmodule but > one would assume that to be true as clamavmodule presents the files one at a > time where as the current clamd code hands the entire batch at once. One clam per batch would be very fast compared to other, it was the one clam process per msg that saw us dump qmailscanner, load was making the machine unusuable, till I gambled and installed mailscanner on them. I would be interested in seeing the results from clamd against f-prot, we found with clam in the 'old way' kept the machines loaded at around 9, with module around 5 and with f-prot the load was under 1, but because of f-prots complex and crazy licensing (I'm not paying for a million user licence for a machine that might have that many destination addresses or might not, eg: secondary MX's, FSI told us if we think itll do that many then thats what we need to buy) so we still use clam on 99% of the servers and until FSI wake up and change the policy, we wont be purchasing any more, nor if I can help it will we renew, which is why I'm following your changes very very closely. - -- Cheers Res -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGY1WksWhAmSIQh7MRAmsxAJ9gIPLdZV6n2UrOCTFEudufUDx5gACfZYGV 3rqI1asUV/mRTVbJedh8xks= =5Pcc -----END PGP SIGNATURE----- From ssilva at sgvwater.com Mon Jun 4 04:20:32 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jun 4 04:20:45 2007 Subject: OT: Spam King Arrested! In-Reply-To: <46616907.6040808@masonc.com> References: <46616907.6040808@masonc.com> Message-ID: Chris Mason (Lists) spake the following on 6/2/2007 5:56 AM: > Scott Silva wrote: >> One down --- thousands to go! >> > I wonder about that. If a change of policy and tolerance in the US > towards these lowlifes meant that they started to get locked up, if spam > was to be treated like DVD piracy and the US Gov sent delegations to > other countries and demanded action, would the volume drop > significantly? In most cases it is relatively easy to "follow the money" > and fine those who benefit. The exception to those is the stock spams > which try to influence the market, but again, probably easy enough to > see the patterns and find out who is gaining from the scams. > > If the US Gov. gave a damn about spam, I think we would see a dramatic > reduction in volume and the hard core spammers looking for other work. > The government cares the same about spam and DVD piracy. No one has bought any body's attention yet . It takes multi-million dollar lobbyists to influence the corruption that our US government is becoming. If you want spam to stop, you need rich corporations spending mega dollars on political campaigns that want spam to end. If the RIAA and the MPAA didn't didn't toss so much money in front of politicians, you would have no laws on copying DVD's or music. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Jun 4 04:27:22 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jun 4 04:28:08 2007 Subject: Lovers package at discount price! (fwd) In-Reply-To: <4661DC41.70008@fractalweb.com> References: <4661DC41.70008@fractalweb.com> Message-ID: Chris Yuzik spake the following on 6/2/2007 2:08 PM: > Res wrote: >> I think its amazing our own mailing list doesn't use MailScanner to >> protect it :P >> > Gee Res, > > So someone actually went and signed up to the mailing list, verified > their email address to the list manager, then sent this "special offer" > to us? > > Looks like a pretty good deal to me. I'm sure glad they sent this great > offer to us. I'm a bit confused on some of the products though. What > exactly is "Viagra Soft"? Is that like a half-dose or something? I thought it was supposed to have the "opposite" effect! ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Jun 4 04:30:09 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jun 4 04:35:23 2007 Subject: Lovers package at discount price! (fwd) In-Reply-To: References: Message-ID: Hugo van der Kooij spake the following on 6/2/2007 12:26 AM: > > Was whitelisting the mailinglist not the right thing? > It happens so rarely. Julian will be on it quickly. Maybe a member of the list has been compromised. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From hvdkooij at vanderkooij.org Mon Jun 4 07:16:58 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Jun 4 07:17:37 2007 Subject: Feature request: correction table/rules Message-ID: Hi, I just thought it might be nnice to have a correction ruleset so instead of whitelisting one can add or substract points. That would be a more precise way to adjust the SA scores. So you would have a rules file like: To: haasje@vanderkooij.org +5 From: mailinglist@mailscanner.info -5 FromorTo: default 0 Or did I just miss something in my configuration and is it allready present? Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From a.peacock at chime.ucl.ac.uk Mon Jun 4 10:59:18 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Mon Jun 4 10:59:31 2007 Subject: Beta release 4.61.1 In-Reply-To: <46617185.6030000@ecs.soton.ac.uk> References: <46617185.6030000@ecs.soton.ac.uk> Message-ID: <4663E276.9050505@chime.ucl.ac.uk> Julian Field wrote: > This beta includes direct communication with clamd, and no longer uses > clamd-wrapper or clamdscan. This should be faster than the clamd support > in the previous version. > Thanks for Rick Cooper for this contribution. > > Download as usual from www.mailscanner.info. > > The Change Log is: > > * New Features and Improvements * > 1 Direct support for the "clamd" virus scanner -- now talks directly to the > clamd daemon without any overhead of calling clamd-wrapper or clamdscan. > As a result, this should be faster than the previous clamd support. > It also has a much smaller memory footprint than the "clamavmodule" > scanner. > This is all thanks to Rick Cooper who wrote the original code. > New configuration options are > - Clamd Port = 3310 > - Clamd Socket = /tmp/clamd > - Clamd Lock File = /var/lock/subsys/clamd > - Clamd Use Threads = no > The use of these settings is explained in the MailScanner.conf file. I have just installed this version and fired up clamd. What a difference it makes. Working like a dream and has changed a server that was starting to get sluggish into one that flies through the incoming emails now. Thanks to Rick and Julian for making this happen. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "A CAT scan should take less time than a PET scan. For a CAT scan, they're only looking for one thing, whereas a PET scan could result in a lot of things." - Carl Princi, 2002/07/19 From uxbod at splatnix.net Mon Jun 4 11:20:28 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Mon Jun 4 11:21:33 2007 Subject: OT: CentOS Message-ID: Hi, As a long time Gentoo user I have never felt the urge to switch too another distro, but due to a new career direction I plan to take I need to extend my knowledge of other systems. I believe that CentOS would be a good choice, especially due to its upstream provider. Would be interested to hear peoples views on it, especially from a mail server perspective. If this will generate too much OT traffic, then please email me privately. Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gerard at seibercom.net Mon Jun 4 12:17:51 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Mon Jun 4 12:17:47 2007 Subject: OT: CentOS In-Reply-To: References: Message-ID: <20070604071217.5266.GERARD@seibercom.net> On Monday June 04, 2007 at 06:20:28 (AM) --[ UxBoD ]-- wrote: > As a long time Gentoo user I have never felt the urge to switch too another > distro, but due to a new career direction I plan to take I need to extend > my knowledge of other systems. I believe that CentOS would be a good > choice, especially due to its upstream provider. > > Would be interested to hear peoples views on it, especially from a mail > server perspective. > > If this will generate too much OT traffic, then please email me privately. Personally, I have been using FreeBSD-6.2 as both a mail server -- Postfix / Dovecot / Mailscanner -- and a web server. I have found it to be extremely reliable. Just my 2?. -- Gerard DISCLAIMER If you find a posting or message from me offensive, inappropriate, or disruptive, please ignore it. If you don't know how to ignore a posting, complain to me and I will be only too happy to demonstrate ... ;-) From mark at farmorg.co.uk Mon Jun 4 12:20:40 2007 From: mark at farmorg.co.uk (Mark Farmer) Date: Mon Jun 4 12:20:45 2007 Subject: Too many false whitelist In-Reply-To: <4663345A.1040802@farmorg.co.uk> References: <466037E6.8010404@farmorg.co.uk> <46603C89.3080401@fsl.com> <4663345A.1040802@farmorg.co.uk> Message-ID: <52529.213.249.208.130.1180956040.squirrel@mail.farmorg.co.uk> On Sun, June 3, 2007 22:36, Mark Farmer wrote: > Steve Freegard wrote: >> Look at the SpamAssassin Report and see if the USER_IN_WHITELIST or >> USER_IN_DEF_WHITELIST rules are firing; if they are - you are probably >> using the SARE_WHITELIST ruleset enabled via rules_du_jour or sa-update >> so you'll probably have to remove it from these utilities and delete the >> rulesets from /etc/mail/spamassassin, the names of the rulesets are >> 70_sare_whitelist_rcvd.cf and 70_sare_whitelist_spf.cf. > > OK, I've tried a couple of things - first I removed the 2 files from > /etc/mail/spamassassin, that didn't help & they were recreated, I think > by the rules_du_jour update? > Then I found /etc/rulesdujour/config & removed SARE_WHITELIST_SPF > SARE_WHITELIST_RCVD & deleted the 2 files again. > > So now i'm monitoring to see what happens. Still getting loads of false whitelists. Looking at the Spamassassin section in Mailwatch, there is no detailed Spamassassin report just a red 'Y' next to 'spam whitelisted' I really don't understand where the whitelist is comming from, please can someone shed some light? Mark. From rcooper at dwford.com Mon Jun 4 12:24:01 2007 From: rcooper at dwford.com (Rick Cooper) Date: Mon Jun 4 12:24:08 2007 Subject: Beta release 4.61.1 In-Reply-To: <4663E276.9050505@chime.ucl.ac.uk> References: <46617185.6030000@ecs.soton.ac.uk> <4663E276.9050505@chime.ucl.ac.uk> Message-ID: <198d01c7a69a$da5caeb0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Anthony Peacock > Sent: Monday, June 04, 2007 5:59 AM > To: MailScanner discussion > Subject: Re: Beta release 4.61.1 > > Julian Field wrote: > > This beta includes direct communication with clamd, and no > longer uses > > clamd-wrapper or clamdscan. This should be faster than the > clamd support > > in the previous version. [...] > > I have just installed this version and fired up clamd. What a > difference it makes. Working like a dream and has changed a > server that > was starting to get sluggish into one that flies through the incoming > emails now. > Thanks, I think you will really like the latest code that calls clamd once per batch, especially if you are normally processing a good number of messages per batch. I would be very interested in any performance information regarding large volume servers as I would have to manufacture tests for large volume batches as our servers only handle a couple thousand incoming mails a day per server (at most). I know I was pleased with the reduction of memory and resources that we have experienced. Just make sure your clamd.conf is setup to match your old clamavmodule settings from mailscanner. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve.swaney at fsl.com Mon Jun 4 12:29:37 2007 From: steve.swaney at fsl.com (Stephen Swaney) Date: Mon Jun 4 12:28:57 2007 Subject: CentOS In-Reply-To: References: Message-ID: <0f7301c7a69b$a2308920$e6919b60$@swaney@fsl.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of --[ UxBoD ]-- > Sent: Monday, June 04, 2007 6:20 AM > To: mailscanner@lists.mailscanner.info > Subject: OT: CentOS > > Hi, > > As a long time Gentoo user I have never felt the urge to switch too > another > distro, but due to a new career direction I plan to take I need to > extend > my knowledge of other systems. I believe that CentOS would be a good > choice, especially due to its upstream provider. > > Would be interested to hear peoples views on it, especially from a mail > server perspective. > > If this will generate too much OT traffic, then please email me > privately. > > Regards, > -- > --[ UxBoD ]-- CentOS (free) and Red Hat (Paid support) are both solid. They are guaranteed to have a long (5 year) rack life. Easy to configure and run and very easy to get free and commercial software for. We've used CentOS since the early version of 3.x with absolutely no problems. Steve Steve@fsl.com www.fsl.com From prandal at herefordshire.gov.uk Mon Jun 4 12:28:57 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Jun 4 12:29:07 2007 Subject: CentOS In-Reply-To: References: Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAD530D9@HC-MBX02.herefordshire.gov.uk> CentOS 5.0 with sendmail works a treat. I'd add in the rpmforge yum repo to make it easy to get additional perl modules (e.g. perl-Mail-DKIM) if you don't want to do it the CPAN way. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of --[ UxBoD ]-- > Sent: 04 June 2007 11:20 > To: mailscanner@lists.mailscanner.info > Subject: OT: CentOS > > Hi, > > As a long time Gentoo user I have never felt the urge to > switch too another > distro, but due to a new career direction I plan to take I > need to extend > my knowledge of other systems. I believe that CentOS would be a good > choice, especially due to its upstream provider. > > Would be interested to hear peoples views on it, especially > from a mail > server perspective. > > If this will generate too much OT traffic, then please email > me privately. > > Regards, > -- > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg > --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > > -- > This message has been scanned for viruses and dangerous > content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From a.peacock at chime.ucl.ac.uk Mon Jun 4 12:33:09 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Mon Jun 4 12:33:18 2007 Subject: Beta release 4.61.1 In-Reply-To: <198d01c7a69a$da5caeb0$0301a8c0@SAHOMELT> References: <46617185.6030000@ecs.soton.ac.uk> <4663E276.9050505@chime.ucl.ac.uk> <198d01c7a69a$da5caeb0$0301a8c0@SAHOMELT> Message-ID: <4663F875.3000107@chime.ucl.ac.uk> Rick Cooper wrote: > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Anthony Peacock >> Sent: Monday, June 04, 2007 5:59 AM >> To: MailScanner discussion >> Subject: Re: Beta release 4.61.1 >> >> Julian Field wrote: >>> This beta includes direct communication with clamd, and no >> longer uses >>> clamd-wrapper or clamdscan. This should be faster than the >> clamd support >>> in the previous version. > [...] >> I have just installed this version and fired up clamd. What a >> difference it makes. Working like a dream and has changed a >> server that >> was starting to get sluggish into one that flies through the incoming >> emails now. >> > > Thanks, I think you will really like the latest code that calls clamd once > per batch, especially if you are normally processing a good number of > messages per batch. I would be very interested in any performance > information regarding large volume servers as I would have to manufacture > tests for large volume batches as our servers only handle a couple thousand > incoming mails a day per server (at most). I know I was pleased with the > reduction of memory and resources that we have experienced. Just make sure > your clamd.conf is setup to match your old clamavmodule settings from > mailscanner. I can't help with large volumes, as I only process 5-6k messages a day. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "A CAT scan should take less time than a PET scan. For a CAT scan, they're only looking for one thing, whereas a PET scan could result in a lot of things." - Carl Princi, 2002/07/19 From glenn.steen at gmail.com Mon Jun 4 12:46:48 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 4 12:46:53 2007 Subject: OT: Spam King Arrested! In-Reply-To: <26544.222.123.0.244.1180878487.squirrel@mail.parkhotel.dk> References: <46616907.6040808@masonc.com> <19683.222.123.0.244.1180853517.squirrel@mail.parkhotel.dk> <223f97700706030409i51ca1328r4b0c42334af06448@mail.gmail.com> <26544.222.123.0.244.1180878487.squirrel@mail.parkhotel.dk> Message-ID: <223f97700706040446m202812c9xf467d9ac27db8023@mail.gmail.com> Getting wildly OT below. you've been warned. On 03/06/07, Mogens Melander wrote: > > On Sun, June 3, 2007 13:09, Glenn Steen wrote: > > On 03/06/07, Mogens Melander wrote: > >> > >> On Sat, June 2, 2007 14:56, Chris Mason (Lists) wrote: > >> > Scott Silva wrote: > >> >> One down --- thousands to go! > >> >> > >> > I wonder about that. If a change of policy and tolerance in the US > >> > towards these lowlifes meant that they started to get locked up, if > >> spam > >> > was to be treated like DVD piracy and the US Gov sent delegations to > >> > other countries and demanded action, would the volume drop > >> > significantly? > >> > >> Hmm, what kind of delegation are we talking about? The delegation that > >> went to Irak is still figthing, and the delegation that went to sweeden > >> (piratebay) they are still laughing abaout. BTW. i'm from Denmark, the > >> small dot below sweeden, and just above Germany 8^) > > > > Have anything in paticular wrong with your keeboard there, Mogens? > > Slight problem with and it seems.... It's Sweden, as you > > perfectly well know;-). > > Yup, yore right. It was probably caused by my hangovers. Multiple hangovers?! Must be a b***h:-) > > Enjoy the game yesterday?:-):-) Don't tell me you were one of the > > moronic runners.....:-D. > > Did i miss something? I'm on 3 week trip to Thailand, hence the > hangovers ;^) Only one of the more interesting(:-)= soccer qualifiers I've seen in a long while... Starting with Sweden taking the lead 3-0 in the first 25 minutes, then Denmark turning the tables and equalizing the score to 3-3 ... So when Poulssen doled out a stomach punch while inside the penalty area, his subsequent red card and the referee giving Sweden a penalty kick... tempers got a bit heated... Especially one rather angry member of the audience, who ran onto the field and attacked the referee, seemed to be a tad mad ... So (in the 85:th minute, after two more runners from the audience... Bl**dy morons) the game was declared forfeit with Sweden as the winner 3-0 ... The home crowd on Parken was a bit quiet after that. Depends on whether you enjoy football (and the mostly good natured derby feel to the event:) if you deem that you've missed something, basking in the sun, getting hung over (what? one might ask...;-) etc:-). > >> In a free world, US Gov. policies have litle impact. > > > > Quite true. When they start threatening us, we'll go through the > > motions though (as with Pirate Bay), no country wants to have trade > > embargos and whatnot. > > Well, the guys in Sweden don't seem to mind, as Piratebay is still up. > As being one of the "guys in Sweden", I can tell you that the picture isn't as clear as that. The ramifications of the raid (where a lot of innocent bystanders got their servers seized and held for quite some time) is far from clear... several court actions will stem from that, and possibly charges will be brought on some of the PB people... eventually. So far though... The police has had a bit of trouble actually proving a fellony at all (mostly "side issues", not the main BT thing)... But they are still working on it, AFAIK. What I meant is that the raid did go through, although everyone involved knew it'd bog down like this (and likely lead nowhere) because of the .... threats ... leveled at us. The fact that the action had no discernible effect on PB operation... just shows that you cannot "fight" (note: I'm certainly not saying you even *should*) an international thing like that on a national level is idiotic at best. I don't think we disagree about that either;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Jun 4 12:49:41 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 4 12:49:44 2007 Subject: Feature request: correction table/rules In-Reply-To: References: Message-ID: <223f97700706040449h1bf9bb49hb0d15ca4669a5473@mail.gmail.com> On 04/06/07, Hugo van der Kooij wrote: > Hi, > > I just thought it might be nnice to have a correction ruleset so instead > of whitelisting one can add or substract points. That would be a more > precise way to adjust the SA scores. > > So you would have a rules file like: > > To: haasje@vanderkooij.org +5 > From: mailinglist@mailscanner.info -5 > FromorTo: default 0 > > > Or did I just miss something in my configuration and is it allready > present? > > Hugo. > Explore def_whitelist* and/or making your own rules in SA. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From gerard at seibercom.net Mon Jun 4 12:52:01 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Mon Jun 4 12:51:55 2007 Subject: OT: Spam King Arrested! In-Reply-To: References: <46616907.6040808@masonc.com> Message-ID: <20070604071922.5269.GERARD@seibercom.net> On Sunday June 03, 2007 at 11:20:32 (PM) Scott Silva wrote: > The government cares the same about spam and DVD piracy. No one has bought any > body's attention yet . It takes multi-million dollar lobbyists to influence > the corruption that our US government is becoming. If you want spam to stop, > you need rich corporations spending mega dollars on political campaigns that > want spam to end. If the RIAA and the MPAA didn't didn't toss so much money in > front of politicians, you would have no laws on copying DVD's or music. You are way over simplifying this problem. To begin with, there have been several attempts to outlaw SPAM. The problem is , at least in the USA, defining exactly what constitutes SPAM. We have a document called the US Constitution, you may have heard about it. It contains an article dealing with 'free speech' and the government intrusions unto. While there is little disagreement as to what constitutes 'fraud', etc., exactly where to draw the line on the 'free speech' issue has become blurred. I am constantly bombarded on my TV with ads for every conceivable 'ED' remedy on the market. Many people consider that offensive. However, simply because I find a particular item unpleasant does not mean that everyone else feels the same way. There has been legislation enacted by many states that require the insertion of 'unsubscribe' links in emails. I believe that Germany now requires a complete dossier on the sender (exaggeration). If you had bothered to check, you would have discovered that the Russia is now one of the leading exporters of SPAM. It is quite obvious that laws of foreign nations would have little or no effect on Soviet nationals. Heck, their own laws are seldom of any use. A properly formulated SPAM offensive would require the cooperation and active participation of dozens of sovereign nations. Are you so naive as to believe that is really going to happen anytime in the near future? They cannot even agree on if global warming really exists. The US 'Can-Spam' law, while a nobile gesture, is just unenforceable. The resources and time required to actively enforce such a law just do not exist. Of course, drug traffickers would just love to have nations waste resources chasing those annoying, although large harmless SPAMmers, while leaving them to disperse their wares unimpeded. With the proper use of AV and SPAM programs; i.e. mailscanner, I have eliminated virtually all unwanted mail. The few pieces that slip through are of no real importance. Your comparing laws regarding pirating of DVD's, CD's, etc. is completely unrelated to the problems users experience with SPAM. The pirating of CD's, DVD's, etc. is the physical act of stealing someone's creation and depriving them of their royalties, payments, or what have you. Music buffs were (are) constantly stealing copyrighted material claiming that it is their right to share(?) that item with whoever they so desire even though the license on the article expressly forbids just such action. The owners of those copyrights have every right to try and stop this action and where appropriate, properly punish those responsible for this illegal action. -- Gerard DISCLAIMER If you find a posting or message from me offensive, inappropriate, or disruptive, please ignore it. If you don't know how to ignore a posting, complain to me and I will be only too happy to demonstrate... ;-) From brose at med.wayne.edu Mon Jun 4 12:52:35 2007 From: brose at med.wayne.edu (Rose, Bobby) Date: Mon Jun 4 12:52:52 2007 Subject: Symantec Ent AV Support In-Reply-To: References: <465FED24.8070005@ecs.soton.ac.uk><8F2A53954C22554EB75D9643FCCE0C6B026413BB@MED-CORE03-MS1.med.wayne.edu> Message-ID: <8F2A53954C22554EB75D9643FCCE0C6B026413C4@MED-CORE03-MS1.med.wayne.edu> Julian if you need this then I can provide it. Just tell me how to get it to you. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva Sent: Friday, June 01, 2007 12:04 PM To: mailscanner@lists.mailscanner.info Subject: Re: Symantec Ent AV Support Rose, Bobby spake the following on 6/1/2007 5:41 AM: > > Did this ever get worked out? I searched the list and found the > question was asked before about a year ago but I don't see an option > for it. > > -=Bobby > Julian usually will add these if you send him a licensed copy to work with. The speed at which it is done depends on the demand, or the amount of the contribution. ;-) It would be up to him and how much available time he has. I think he needs a licensed copy as opposed to a demo because he would have to support it for the long term and not just a one-off shot. If the virus scanner isn't popular enough, or doesn't have a proper command-line component, it might not be able to be done. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Jun 4 13:11:23 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 4 13:14:44 2007 Subject: Beta release 4.61.1 In-Reply-To: <4663F875.3000107@chime.ucl.ac.uk> References: <46617185.6030000@ecs.soton.ac.uk> <4663E276.9050505@chime.ucl.ac.uk> <198d01c7a69a$da5caeb0$0301a8c0@SAHOMELT> <4663F875.3000107@chime.ucl.ac.uk> Message-ID: <4664016B.9030301@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anthony Peacock wrote: > Rick Cooper wrote: >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>> Anthony Peacock >>> Sent: Monday, June 04, 2007 5:59 AM >>> To: MailScanner discussion >>> Subject: Re: Beta release 4.61.1 >>> >>> Julian Field wrote: >>>> This beta includes direct communication with clamd, and no >>> longer uses >>>> clamd-wrapper or clamdscan. This should be faster than the >>> clamd support >>>> in the previous version. >> [...] >>> I have just installed this version and fired up clamd. What a >>> difference it makes. Working like a dream and has changed a server >>> that was starting to get sluggish into one that flies through the >>> incoming emails now. >>> >> >> Thanks, I think you will really like the latest code that calls clamd >> once >> per batch, especially if you are normally processing a good number of >> messages per batch. I would be very interested in any performance >> information regarding large volume servers as I would have to >> manufacture >> tests for large volume batches as our servers only handle a couple >> thousand >> incoming mails a day per server (at most). I know I was pleased with the >> reduction of memory and resources that we have experienced. Just make >> sure >> your clamd.conf is setup to match your old clamavmodule settings from >> mailscanner. > > I can't help with large volumes, as I only process 5-6k messages a day. I use a milter (a clone of milter-bcc) to multiply up the traffic and have it delivered to a 'speed-testing' server using mailertable and a fictitious domain name. The speed-testing server processes the mail through MailScanner and then uses a very dumb sendmail setup to deliver all mail to another host, whose sendmail setup bins all incoming mail. That way I can load up the speed-testing server and keep the incoming and outgoing SMTP traffic as real as possible. With an out-of-the-box MailScanner setup (including SpamAssassin and a couple of virus scanners) it can handle well over 2 million messages per day. If I get a chance I will try to do some timings for you, but no promises. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGZAHdEfZZRxQVtlQRAt09AJ40mu1Qurw05QXSF+9Wtnfah0i/nQCfUngF BSc4ZLXx97Vvzzm026WoGWo= =uGyI -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From rcooper at dwford.com Mon Jun 4 13:32:19 2007 From: rcooper at dwford.com (Rick Cooper) Date: Mon Jun 4 13:32:26 2007 Subject: Beta release 4.61.1 In-Reply-To: <4664016B.9030301@ecs.soton.ac.uk> References: <46617185.6030000@ecs.soton.ac.uk> <4663E276.9050505@chime.ucl.ac.uk> <198d01c7a69a$da5caeb0$0301a8c0@SAHOMELT><4663F875.3000107@chime.ucl.ac.uk> <4664016B.9030301@ecs.soton.ac.uk> Message-ID: <19dd01c7a6a4$65040c80$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: Monday, June 04, 2007 8:11 AM > To: MailScanner discussion > Subject: Re: Beta release 4.61.1 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > [...] > I use a milter (a clone of milter-bcc) to multiply up the traffic and > have it delivered to a 'speed-testing' server using mailertable and a > fictitious domain name. The speed-testing server processes the mail > through MailScanner and then uses a very dumb sendmail setup > to deliver > all mail to another host, whose sendmail setup bins all > incoming mail. > That way I can load up the speed-testing server and keep the incoming > and outgoing SMTP traffic as real as possible. With an out-of-the-box > MailScanner setup (including SpamAssassin and a couple of virus > scanners) it can handle well over 2 million messages per day. > > If I get a chance I will try to do some timings for you, but > no promises. > Wait until tomorrow if you can, I am just getting ready to head out the door for Indianapolis (2hr drive one way) and will be gone until sometime tonight. If I get home early enough I will send new patch for the per batch scan, otherwise I will build/send early tomorrow morning. Thanks, Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dave.list at pixelhammer.com Mon Jun 4 13:41:15 2007 From: dave.list at pixelhammer.com (DAve) Date: Mon Jun 4 13:42:35 2007 Subject: OT: Spam King Arrested! In-Reply-To: <46616907.6040808@masonc.com> References: <46616907.6040808@masonc.com> Message-ID: <4664086B.9050204@pixelhammer.com> Chris Mason (Lists) wrote: > Scott Silva wrote: >> One down --- thousands to go! >> > I wonder about that. If a change of policy and tolerance in the US > towards these lowlifes meant that they started to get locked up, if spam > was to be treated like DVD piracy and the US Gov sent delegations to > other countries and demanded action, would the volume drop > significantly? In most cases it is relatively easy to "follow the money" > and fine those who benefit. The exception to those is the stock spams > which try to influence the market, but again, probably easy enough to > see the patterns and find out who is gaining from the scams. > > If the US Gov. gave a damn about spam, I think we would see a dramatic > reduction in volume and the hard core spammers looking for other work. > There are only two solutions to the problem. 1) Government involvement, literally a license to use port 25. 2) All the tools we use to fight spam when it arrives at our networks should be used to fight spam before it leaves our networks. I don't see the PHBs spending the money on that one because the attitude of "If it is my mail it is not spam" is sooooo prevalent. I despise solution #1, I prefer no government decide what email I want to read, but I see it happening before solution #2. I don't really use email anymore, I pretty much gave up on it about a year ago. I prefer a good old paper letter or a phone call now. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From support-lists at petdoctors.co.uk Mon Jun 4 14:01:13 2007 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Mon Jun 4 14:01:32 2007 Subject: FW: Other Bad Content Detected Message-ID: <001201c7a6a8$6e301570$0202fea9@support01> Hi Folks, I have posted about this before but not got much farther yet and when I had a brief look at the raw message file I wasn't really sure what I might be looking for: -----Original Message----- From: MailScanner [Greendale] [mailto:postmaster@WhereIam] Sent: Monday, June 04, 2007 1:35 PM To: postmaster@[WhereIam] Subject: Other Bad Content Detected Importance: High The following e-mails were found to have: Other Bad Content Detected Sender: [munged] IP Address: [munged] Recipient: [munged] Subject: Proof of Delivery MessageID: 9AE922F0033.E01FF Quarantine: /var/spool/MailScanner/archive/, /var/spool/MailScanner/quarantine/20070604/9AE922F0033.E01FF Report: MailScanner: Could not analyze message Full headers are: Received: from relay1.mail.uk.clara.net (relay1.mail.uk.clara.net [80.168.70.181]) by greendale.home.local (Postfix) with ESMTP id 9AE922F0033 for <[munged]>; Mon, 4 Jun 2007 13:34:41 +0100 (BST) Received: from [munged] ([[munged]] helo=CBSQL02) by relay1.mail.uk.clara.net with esmtp (Exim 4.62) (envelope-from <[munged]>) id 1HvBlg-0002Ej-PH; Mon, 04 Jun 2007 13:34:41 +0100 From: "Diamond Logistics pod (point of delivery)" <[munged]> Subject: Proof of Delivery To: [munged] Cc: [munged] Content-Type: multipart/mixed MIME-Version: 1.0 Date: Mon, 4 Jun 2007 13:35:25 +0100 Message-Id: <20070604123441.9AE922F0033@greendale.home.local> Consensus is that the emails I am receiving are malformed in some way but with my limited knowledge of mail formats I have not been able to spot anything obvious. The emails are autogenerated by a courier delivery tracking system and tend to be very simple - if I postcat the archived message I get this: Received: from relay1.mail.uk.clara.net (relay1.mail.uk.clara.net [80.168.70.181]) by greendale.home.local (Postfix) with ESMTP id 9AE922F0033 for <[munged]>; Mon, 4 Jun 2007 13:34:41 +0100 (BST) Received: from [munged] ([[munged]] helo=CBSQL02) by relay1.mail.uk.clara.net with esmtp (Exim 4.62) (envelope-from <[munged]>) id 1HvBlg-0002Ej-PH; Mon, 04 Jun 2007 13:34:41 +0100 From: "Diamond Logistics pod (point of delivery)" <[munged]> Subject: Proof of Delivery To: [munged] Cc: [munged] Content-Type: multipart/mixed MIME-Version: 1.0 Date: Mon, 4 Jun 2007 13:35:25 +0100 Message-Id: <20070604123441.9AE922F0033@greendale.home.local> Please find POD details for your completed booking, reference 5541490 Booked by: Pet Doctors House Contact: Ian Vincent Reference 1: London 2 Pick: [munged] [munged] 19 [munged] Road [munged] Completed: 13:35:24 04/06/2007 Pick: [munged] (SHEEN) [munged] 15 [munged] SW14 [munged] Completed: 13:35:24 04/06/2007 Drop: [munged] [munged] ESTATE [munged] WOKING [munged] Completed: 13:35:00 04/06/2007 Signed by: P WESCHE Thank you for your custom! In previous discussions, there was talk of putting the archived message somewhere - or emailing it - where a kind soul could have a quick look at the raw mail file to see what might be amiss? Any takers? Thanks From glenn.steen at gmail.com Mon Jun 4 14:17:06 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 4 14:17:10 2007 Subject: FW: Other Bad Content Detected In-Reply-To: <001201c7a6a8$6e301570$0202fea9@support01> References: <001201c7a6a8$6e301570$0202fea9@support01> Message-ID: <223f97700706040617j27c4b953xcf51a2e8dcdecee1@mail.gmail.com> On 04/06/07, Nigel Kendrick wrote: > Hi Folks, > > I have posted about this before but not got much farther yet and when I had > a brief look at the raw message file I wasn't really sure what I might be > looking for: > > -----Original Message----- > From: MailScanner [Greendale] [mailto:postmaster@WhereIam] > Sent: Monday, June 04, 2007 1:35 PM > To: postmaster@[WhereIam] > Subject: Other Bad Content Detected > Importance: High > > The following e-mails were found to have: Other Bad Content Detected > > Sender: [munged] > IP Address: [munged] > Recipient: [munged] > Subject: Proof of Delivery > MessageID: 9AE922F0033.E01FF > Quarantine: /var/spool/MailScanner/archive/, > /var/spool/MailScanner/quarantine/20070604/9AE922F0033.E01FF > Report: MailScanner: Could not analyze message > > Full headers are: > > Received: from relay1.mail.uk.clara.net (relay1.mail.uk.clara.net > [80.168.70.181]) > by greendale.home.local (Postfix) with ESMTP id 9AE922F0033 > for <[munged]>; Mon, 4 Jun 2007 13:34:41 +0100 (BST) > Received: from [munged] ([[munged]] helo=CBSQL02) > by relay1.mail.uk.clara.net with esmtp (Exim 4.62) > (envelope-from <[munged]>) > id 1HvBlg-0002Ej-PH; Mon, 04 Jun 2007 13:34:41 +0100 > From: "Diamond Logistics pod (point of delivery)" <[munged]> > Subject: Proof of Delivery > To: [munged] > Cc: [munged] > Content-Type: multipart/mixed > MIME-Version: 1.0 > Date: Mon, 4 Jun 2007 13:35:25 +0100 > Message-Id: <20070604123441.9AE922F0033@greendale.home.local> > > > Consensus is that the emails I am receiving are malformed in some way but > with my limited knowledge of mail formats I have not been able to spot > anything obvious. The emails are autogenerated by a courier delivery > tracking system and tend to be very simple - if I postcat the archived > message I get this: > > Received: from relay1.mail.uk.clara.net (relay1.mail.uk.clara.net > [80.168.70.181]) > by greendale.home.local (Postfix) with ESMTP id 9AE922F0033 > for <[munged]>; Mon, 4 Jun 2007 13:34:41 +0100 (BST) > Received: from [munged] ([[munged]] helo=CBSQL02) > by relay1.mail.uk.clara.net with esmtp (Exim 4.62) > (envelope-from <[munged]>) > id 1HvBlg-0002Ej-PH; Mon, 04 Jun 2007 13:34:41 +0100 > From: "Diamond Logistics pod (point of delivery)" <[munged]> > Subject: Proof of Delivery > To: [munged] > Cc: [munged] > Content-Type: multipart/mixed > MIME-Version: 1.0 > Date: Mon, 4 Jun 2007 13:35:25 +0100 > Message-Id: <20070604123441.9AE922F0033@greendale.home.local> > > Please find POD details for your completed booking, reference 5541490 > Booked by: Pet Doctors House Contact: Ian Vincent Reference 1: London 2 > Pick: [munged] > [munged] 19 > [munged] Road > [munged] > Completed: 13:35:24 04/06/2007 > > Pick: [munged] (SHEEN) > [munged] 15 > [munged] > SW14 [munged] > Completed: 13:35:24 04/06/2007 > > Drop: [munged] > [munged] ESTATE > [munged] > WOKING > [munged] > Completed: 13:35:00 04/06/2007 > Signed by: P WESCHE > > Thank you for your custom! > > > In previous discussions, there was talk of putting the archived message > somewhere - or emailing it - where a kind soul could have a quick look at > the raw mail file to see what might be amiss? > > Any takers? Maybe tomorrow, today isn't a great day (my main MS box committed suicide.... I'm trying to resurrect it now... Bl**dy fsck hanging in the middle of everything isn't exactly helping:-). One thing is that your mail snippet above say it is "multipart/mixed" for content type... Where is the attachment, one wonders? Do you delete them? Very likely somewhere there is the problem... If there is actually some really bad attachment... Try catch a few queue files _before_ MailScanner... You can easily do that by stopping MailScanner, ensuring that postfix is running (and queueing into your hold queue directory), then just copy the relevant one from there .... This is the one that you should do "forensics" on. Another option is to use the Archive Mail setting in MailScanner ... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Mon Jun 4 14:17:45 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 4 14:18:34 2007 Subject: FW: Other Bad Content Detected In-Reply-To: <001201c7a6a8$6e301570$0202fea9@support01> References: <001201c7a6a8$6e301570$0202fea9@support01> Message-ID: <466410F9.9030803@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Are you using a very new version of Exim, and a not-very-new version of MailScanner? Try the latest MailScanner as there was 1 change to the Exim support in 4.60. Nigel Kendrick wrote: > Hi Folks, > > I have posted about this before but not got much farther yet and when I had > a brief look at the raw message file I wasn't really sure what I might be > looking for: > > -----Original Message----- > From: MailScanner [Greendale] [mailto:postmaster@WhereIam] > Sent: Monday, June 04, 2007 1:35 PM > To: postmaster@[WhereIam] > Subject: Other Bad Content Detected > Importance: High > > The following e-mails were found to have: Other Bad Content Detected > > Sender: [munged] > IP Address: [munged] > Recipient: [munged] > Subject: Proof of Delivery > MessageID: 9AE922F0033.E01FF > Quarantine: /var/spool/MailScanner/archive/, > /var/spool/MailScanner/quarantine/20070604/9AE922F0033.E01FF > Report: MailScanner: Could not analyze message > > Full headers are: > > Received: from relay1.mail.uk.clara.net (relay1.mail.uk.clara.net > [80.168.70.181]) > by greendale.home.local (Postfix) with ESMTP id 9AE922F0033 > for <[munged]>; Mon, 4 Jun 2007 13:34:41 +0100 (BST) > Received: from [munged] ([[munged]] helo=CBSQL02) > by relay1.mail.uk.clara.net with esmtp (Exim 4.62) > (envelope-from <[munged]>) > id 1HvBlg-0002Ej-PH; Mon, 04 Jun 2007 13:34:41 +0100 > From: "Diamond Logistics pod (point of delivery)" <[munged]> > Subject: Proof of Delivery > To: [munged] > Cc: [munged] > Content-Type: multipart/mixed > MIME-Version: 1.0 > Date: Mon, 4 Jun 2007 13:35:25 +0100 > Message-Id: <20070604123441.9AE922F0033@greendale.home.local> > > > Consensus is that the emails I am receiving are malformed in some way but > with my limited knowledge of mail formats I have not been able to spot > anything obvious. The emails are autogenerated by a courier delivery > tracking system and tend to be very simple - if I postcat the archived > message I get this: > > Received: from relay1.mail.uk.clara.net (relay1.mail.uk.clara.net > [80.168.70.181]) > by greendale.home.local (Postfix) with ESMTP id 9AE922F0033 > for <[munged]>; Mon, 4 Jun 2007 13:34:41 +0100 (BST) > Received: from [munged] ([[munged]] helo=CBSQL02) > by relay1.mail.uk.clara.net with esmtp (Exim 4.62) > (envelope-from <[munged]>) > id 1HvBlg-0002Ej-PH; Mon, 04 Jun 2007 13:34:41 +0100 > From: "Diamond Logistics pod (point of delivery)" <[munged]> > Subject: Proof of Delivery > To: [munged] > Cc: [munged] > Content-Type: multipart/mixed > MIME-Version: 1.0 > Date: Mon, 4 Jun 2007 13:35:25 +0100 > Message-Id: <20070604123441.9AE922F0033@greendale.home.local> > > Please find POD details for your completed booking, reference 5541490 > Booked by: Pet Doctors House Contact: Ian Vincent Reference 1: London 2 > Pick: [munged] > [munged] 19 > [munged] Road > [munged] > Completed: 13:35:24 04/06/2007 > > Pick: [munged] (SHEEN) > [munged] 15 > [munged] > SW14 [munged] > Completed: 13:35:24 04/06/2007 > > Drop: [munged] > [munged] ESTATE > [munged] > WOKING > [munged] > Completed: 13:35:00 04/06/2007 > Signed by: P WESCHE > > Thank you for your custom! > > > In previous discussions, there was talk of putting the archived message > somewhere - or emailing it - where a kind soul could have a quick look at > the raw mail file to see what might be amiss? > > Any takers? > > Thanks > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGZBD+EfZZRxQVtlQRAsoiAJ47reMt8ah5VudM0pbXTQHEcubZ2QCfdZ/J 2yFQ2oLsvJh4W3oJEIWF5ks= =KKII -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From sandrews at andrewscompanies.com Mon Jun 4 14:35:01 2007 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Mon Jun 4 14:35:06 2007 Subject: CentOS In-Reply-To: References: Message-ID: <1964AAFBC212F742958F9275BF63DBB04B0B41@winchester.andrewscompanies.com> Jeez, I had to think about it a little bit and I realized that I have nothing to say about any of my centos boxes. Hmmmm...I guess they're stable now that I think about it. ;) -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of --[ UxBoD ]-- Sent: Monday, June 04, 2007 6:20 AM To: mailscanner@lists.mailscanner.info Subject: OT: CentOS Hi, As a long time Gentoo user I have never felt the urge to switch too another distro, but due to a new career direction I plan to take I need to extend my knowledge of other systems. I believe that CentOS would be a good choice, especially due to its upstream provider. Would be interested to hear peoples views on it, especially from a mail server perspective. If this will generate too much OT traffic, then please email me privately. Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Mon Jun 4 14:47:19 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 4 14:47:23 2007 Subject: FW: Other Bad Content Detected In-Reply-To: <466410F9.9030803@ecs.soton.ac.uk> References: <001201c7a6a8$6e301570$0202fea9@support01> <466410F9.9030803@ecs.soton.ac.uk> Message-ID: <223f97700706040647n5b80be2bj113aca75404cc45c@mail.gmail.com> On 04/06/07, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Are you using a very new version of Exim, and a not-very-new version of > MailScanner? Try the latest MailScanner as there was 1 change to the > Exim support in 4.60. > Seems to be a Postfix install.... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From q at snj.ca Mon Jun 4 14:53:00 2007 From: q at snj.ca (Quintin Giesbrecht) Date: Mon Jun 4 14:53:09 2007 Subject: LDAP Problem Message-ID: <2BE78592B3B1824F97A2685E96221F627B004D@mail.snj.mb.ca> I am getting the following in my logs, every time my cron job runs that pulls the valid users from my AD server. I do not remember where I got the ldap.pm script from (there is no copyright info in the copy I have)...but I have been running it successfully for quite a few months now. _________________________________ ERROR ______________________________________ Can't locate object method "get_value" via package "Net::LDAP::Reference" at /usr/lib/MailScanner/MailScanner/CustomFunctions/ldap.pm line 214. _________________________________ ERROR ______________________________________ It seems to still be working, but what do these errors mean, and how do I fix it? Thanks. _____________________ Quintin Giesbrecht IT Manager Smith Neufeld Jodoin LLP Direct: (204)346-5106 http://snj.ca q@snj.ca From campbell at cnpapers.com Mon Jun 4 15:08:54 2007 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Jun 4 15:09:25 2007 Subject: Lovers package at discount price! (fwd) References: <4661DC41.70008@fractalweb.com> Message-ID: <0b3c01c7a6b1$e2cc4ad0$0705000a@ddf5dw71> ----- Original Message ----- From: "Chris Yuzik" To: "MailScanner discussion" Sent: Saturday, June 02, 2007 5:08 PM Subject: Re: Lovers package at discount price! (fwd) > Res wrote: >> I think its amazing our own mailing list doesn't use MailScanner to >> protect it :P >> > Gee Res, > > So someone actually went and signed up to the mailing list, verified their > email address to the list manager, then sent this "special offer" to us? > > Looks like a pretty good deal to me. I'm sure glad they sent this great > offer to us. I'm a bit confused on some of the products though. What > exactly is "Viagra Soft"? Is that like a half-dose or something? It's the antidote for when things get out of hand (?) and last longer than four hours. Steve > > ;-) > > Chris From wilson.galafassi at gmail.com Mon Jun 4 15:38:58 2007 From: wilson.galafassi at gmail.com (Wilson A. Galafassi Jr.) Date: Mon Jun 4 15:39:10 2007 Subject: mailscanner configuration Message-ID: Hello. How i can set in my MailScanner.conf the setting: Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules to use &SQLWhitelist too? It?s possible to use this 2 setting in the same time? Thanks Wilson -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070604/13b55dd2/attachment.html From mogens at fumlersoft.dk Mon Jun 4 15:49:45 2007 From: mogens at fumlersoft.dk (Mogens Melander) Date: Mon Jun 4 15:49:21 2007 Subject: OT: Spam King Arrested! In-Reply-To: <223f97700706040446m202812c9xf467d9ac27db8023@mail.gmail.com> References: <46616907.6040808@masonc.com> <19683.222.123.0.244.1180853517.squirrel@mail.parkhotel.dk> <223f97700706030409i51ca1328r4b0c42334af06448@mail.gmail.com> <26544.222.123.0.244.1180878487.squirrel@mail.parkhotel.dk> <223f97700706040446m202812c9xf467d9ac27db8023@mail.gmail.com> Message-ID: <60106.222.123.0.244.1180968585.squirrel@mail.fumlersoft.dk> On Mon, June 4, 2007 13:46, Glenn Steen wrote: > Getting wildly OT below. you've been warned. > > On 03/06/07, Mogens Melander wrote: >> >> Did i miss something? I'm on 3 week trip to Thailand, hence the >> hangovers ;^) > > Only one of the more interesting(:-)= soccer qualifiers I've seen in a > long while... <> > Depends on whether you enjoy football (and the mostly good natured > derby feel to the event:) if you deem that you've missed something, > basking in the sun, getting hung over (what? one might ask...;-) > etc:-). Sounds like fun, but i think i'd prefere working on another hangover for tomorrow 8^) > The fact that the action had no discernible effect on PB operation... > just shows that you cannot "fight" (note: I'm certainly not saying you > even *should*) an international thing like that on a national level is > idiotic at best. I don't think we disagree about that either;-). The action at piratebay was not the smartest move ever, specially the part where the police take down unrelated companies servers. I think those companies should be doing the sueing. I believe the PB guys not doing anything ilegal. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. From support-lists at petdoctors.co.uk Mon Jun 4 16:18:06 2007 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Mon Jun 4 16:18:40 2007 Subject: FW: Other Bad Content Detected In-Reply-To: <223f97700706040647n5b80be2bj113aca75404cc45c@mail.gmail.com> Message-ID: <002b01c7a6bb$8d311dd0$0202fea9@support01> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Monday, June 04, 2007 2:47 PM To: MailScanner discussion Subject: Re: FW: Other Bad Content Detected On 04/06/07, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Are you using a very new version of Exim, and a not-very-new version of > MailScanner? Try the latest MailScanner as there was 1 change to the > Exim support in 4.60. > Seems to be a Postfix install.... Cheers -- -- Glenn Hi Glenn, Yep, Postfix. All up to date - MailScanner on latest stable as of yesterday. Thing is that, once upon a time, the emails arrived OK, but then MailScanner just stopped liking them. This didn't happen after any updates etc. so I reckon the people who wrote the code to send out the emails have 'tweaked' something but, guess what, they are admitting to nothing - even when I point out that it's only their emails to us that throw this error. With regards to 'multipart/mixed', there isn't any attachment that I can see - although as mentioned I am not exactly 'into' mail formats. All mail is archived so I can pass on 'originals'. Thanks Nigel From dhawal at netmagicsolutions.com Mon Jun 4 16:23:26 2007 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Mon Jun 4 16:23:45 2007 Subject: mailscanner configuration In-Reply-To: References: Message-ID: <46642E6E.1010005@netmagicsolutions.com> Wilson A. Galafassi Jr. wrote: > Hello. > > How i can set in my MailScanner.conf the setting: Is Definitely Not > Spam = %rules-dir%/spam.whitelist.rules to use &SQLWhitelist too? > > It?s possible to use this 2 setting in the same time? Sure.. see this file "Ruleset-from-Function.pm" in your CustomFunctions directory for more details. It's on my testing todo for quite some time. From binaryflow at gmail.com Mon Jun 4 17:20:29 2007 From: binaryflow at gmail.com (Douglas Ward) Date: Mon Jun 4 17:20:32 2007 Subject: Long bayesian expiry Message-ID: Last night our MailScanner gateway started the default bayseian expiry. It's still running! We now have over 3,000 messages in the queue waiting on the expiry to finish (I assume). I see this in the results from "ps ax." 16810 ? R 906:31 MailScanner: rebuilding Bayes database Looking in /etc/MailScanner/bayes I see literally hundreds of files named bayes_toks.expireXXXXX where the "X" characters are numbers. Can I safely delete these? Should I stop this rebuild process and run something else? How can I resume the normal flow of mail? Thanks! Mandriva 2007 server MailScanner-4.58.9-1 Spamassassin 3.18 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070604/445c4b01/attachment.html From hvdkooij at vanderkooij.org Mon Jun 4 18:19:16 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Jun 4 18:19:59 2007 Subject: Feature request: correction table/rules In-Reply-To: <223f97700706040449h1bf9bb49hb0d15ca4669a5473@mail.gmail.com> References: <223f97700706040449h1bf9bb49hb0d15ca4669a5473@mail.gmail.com> Message-ID: On Mon, 4 Jun 2007, Glenn Steen wrote: > On 04/06/07, Hugo van der Kooij wrote: >> >> I just thought it might be nnice to have a correction ruleset so instead >> of whitelisting one can add or substract points. That would be a more >> precise way to adjust the SA scores. >> >> So you would have a rules file like: >> >> To: haasje@vanderkooij.org +5 >> From: mailinglist@mailscanner.info -5 >> FromorTo: default 0 >> >> >> Or did I just miss something in my configuration and is it allready >> present? >> > Explore def_whitelist* and/or making your own rules in SA. Rules in SA is .... well not really that userfriendly compared to the offsett mechanisme I proposed. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From hvdkooij at vanderkooij.org Mon Jun 4 18:24:43 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Jun 4 18:25:27 2007 Subject: Long bayesian expiry In-Reply-To: References: Message-ID: On Mon, 4 Jun 2007, Douglas Ward wrote: > Last night our MailScanner gateway started the default bayseian expiry. > It's still running! We now have over 3,000 messages in the queue waiting on > the expiry to finish (I assume). I see this in the results from "ps ax." > > 16810 ? R 906:31 MailScanner: rebuilding Bayes database > > Looking in /etc/MailScanner/bayes I see literally hundreds of files named > bayes_toks.expireXXXXX where the "X" characters are numbers. Can I safely > delete these? Should I stop this rebuild process and run something else? > How can I resume the normal flow of mail? Thanks! If I recall correctly this means your rebuild takes too long. So while MailScanner gives up on SA it shuts it down befoe the job gets done and gives it another yank. Unless you extend the time for SA to run and keep your fingers crossed this may be an indefinite holdup for your email. You will find more notes on recomendations to expire manually only in the archives of this list if memory serves me well. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From MailScanner at ecs.soton.ac.uk Mon Jun 4 19:29:04 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 4 19:30:23 2007 Subject: Bugfix for auto-zip feature Message-ID: <466459F0.4090905@ecs.soton.ac.uk> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070604/2da57dd0/PGP.bin From ugob at lubik.ca Mon Jun 4 20:07:57 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Mon Jun 4 20:08:32 2007 Subject: Beta release 4.61.1 In-Reply-To: <46617185.6030000@ecs.soton.ac.uk> References: <46617185.6030000@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > This beta includes direct communication with clamd, and no longer uses > clamd-wrapper or clamdscan. This should be faster than the clamd support > in the previous version. What would happen if clamd is dead? Does it fallback to clamavmodule or clamav? Ugo From sandrews at andrewscompanies.com Mon Jun 4 21:00:42 2007 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Mon Jun 4 21:00:48 2007 Subject: mailscanner configuration In-Reply-To: <46642E6E.1010005@netmagicsolutions.com> References: <46642E6E.1010005@netmagicsolutions.com> Message-ID: <1964AAFBC212F742958F9275BF63DBB04B0B58@winchester.andrewscompanies.com> If you get this worked out, mind if I have a peek? My skills with this would have to have quit a bit more meat to them before I could actually call them rusty. ;) Steve -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dhawal Doshy Sent: Monday, June 04, 2007 11:23 AM To: MailScanner discussion Subject: Re: mailscanner configuration Wilson A. Galafassi Jr. wrote: > Hello. > > How i can set in my MailScanner.conf the setting: Is Definitely Not > Spam = %rules-dir%/spam.whitelist.rules to use &SQLWhitelist too? > > It?s possible to use this 2 setting in the same time? Sure.. see this file "Ruleset-from-Function.pm" in your CustomFunctions directory for more details. It's on my testing todo for quite some time. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From sandrews at andrewscompanies.com Mon Jun 4 21:14:28 2007 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Mon Jun 4 21:14:32 2007 Subject: Subject Filtering In-Reply-To: <1964AAFBC212F742958F9275BF63DBB04B0B58@winchester.andrewscompanies.com> References: <46642E6E.1010005@netmagicsolutions.com> <1964AAFBC212F742958F9275BF63DBB04B0B58@winchester.andrewscompanies.com> Message-ID: <1964AAFBC212F742958F9275BF63DBB04B0B5A@winchester.andrewscompanies.com> I'm moving from a barracuda to mailscanner shortly and I'm looking for the best way to implement subject line filtering. Is there a simple ruleset I should make or should this really be handled through MCP? The easier the better... Thanks, Steve From MailScanner at ecs.soton.ac.uk Mon Jun 4 22:00:11 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 4 22:00:57 2007 Subject: Subject Filtering In-Reply-To: <1964AAFBC212F742958F9275BF63DBB04B0B5A@winchester.andrewscompanies.com> References: <46642E6E.1010005@netmagicsolutions.com> <1964AAFBC212F742958F9275BF63DBB04B0B58@winchester.andrewscompanies.com> <1964AAFBC212F742958F9275BF63DBB04B0B5A@winchester.andrewscompanies.com> Message-ID: <46647D5B.90001@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It's what MCP was designed for. And you won't need any patches or anything to do this. Steven Andrews wrote: > I'm moving from a barracuda to mailscanner shortly and I'm looking for > the best way to implement subject line filtering. > > Is there a simple ruleset I should make or should this really be handled > through MCP? The easier the better... > > Thanks, > > Steve > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGZH1hEfZZRxQVtlQRAqWlAKCkoWLjb4BhT+QBHKCLasY/BjLt0ACg4gGa eF531rNQt0G8xXHrC3dpM+g= =RPpZ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Mon Jun 4 22:02:43 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 4 22:06:02 2007 Subject: Issue with Blackberry In-Reply-To: <3123E1B72B666243917E340F3C8FD4A106977D@privaldc2003.prival.local> References: <3123E1B72B666243917E340F3C8FD4A106977D@privaldc2003.prival.local> Message-ID: <46647DF3.9020600@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gerhard Mourani wrote: > > Cheers (well, that was yesterday... Testing Single Malts (all Ila)...:-) > The island is called Islay, but it is pronounced Ila. You got it half right :-) Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGZH6DEfZZRxQVtlQRAuIRAKC3HqrT+ka8BhesQbpDMhje+hlQ1wCeN+Q6 se2I39r0DFaJUR4FKCvDPfM= =dw9l -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ms-list at alexb.ch Mon Jun 4 22:28:32 2007 From: ms-list at alexb.ch (Alex Broens) Date: Mon Jun 4 22:28:40 2007 Subject: Subject Filtering In-Reply-To: <1964AAFBC212F742958F9275BF63DBB04B0B5A@winchester.andrewscompanies.com> References: <46642E6E.1010005@netmagicsolutions.com> <1964AAFBC212F742958F9275BF63DBB04B0B58@winchester.andrewscompanies.com> <1964AAFBC212F742958F9275BF63DBB04B0B5A@winchester.andrewscompanies.com> Message-ID: <46648400.3000909@alexb.ch> On 6/4/2007 10:14 PM, Steven Andrews wrote: > I'm moving from a barracuda to mailscanner shortly and I'm looking for > the best way to implement subject line filtering. > > Is there a simple ruleset I should make or should this really be handled > through MCP? The easier the better... > an SA header rule is cheap and easy. Alex From mrm at medicine.wisc.edu Mon Jun 4 22:31:26 2007 From: mrm at medicine.wisc.edu (Michael Masse) Date: Mon Jun 4 22:32:41 2007 Subject: Best way to run ClamAV??? Message-ID: <46643E45.7FBE.00FC.3@medicine.wisc.edu> I just updated to MS 4.60-1 as well as SA 3.2 / Clam 0.90.3 via Jules' automatic installer. There has been so much list traffic about clamscan vs clamd vs clamavmodule that I can't make out which one is what I'm supposed to be running. I'm just running the default clamscam and that can't be right because it's maxing out the cpu to 100%. Can someone please set me straight on how I should be running ClamAV? Mike From mkettler at evi-inc.com Mon Jun 4 22:45:02 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Jun 4 22:45:17 2007 Subject: Best way to run ClamAV??? In-Reply-To: <46643E45.7FBE.00FC.3@medicine.wisc.edu> References: <46643E45.7FBE.00FC.3@medicine.wisc.edu> Message-ID: <466487DE.3000001@evi-inc.com> Michael Masse wrote: > I just updated to MS 4.60-1 as well as SA 3.2 / Clam 0.90.3 via Jules' automatic installer. There has been so much list traffic about clamscan vs clamd vs clamavmodule that I can't make out which one is what I'm supposed to be running. I'm just running the default clamscam and that can't be right because it's maxing out the cpu to 100%. Can someone please set me straight on how I should be running ClamAV? clamscan: most expensive CPU-wise, but involves no extra setup. This just executes the clamscan command-line tool. This causes the signature database to be re-read for each object scanned and can be pretty CPU intensive compared to the others. clamav module: less expensive than clamscan CPU-wise, but needs the Mail::ClamAV perl module. This method loads a copy of the libclamav scanner library into MailScanner and keeps it resident, using it to perform scans without needing to re-read the signature libraries, etc. It can be somewhat touchy about what versions of Mail::ClamAV work with various versions of clamav. clamd: less expensive than clamscan CPU-wise, but needs clamd running and is relatively new code. This causes MailScanner to connect to clamd's socket and use that for scanning. Since clamd is already resident, there's no need to re-read signatures. Since it's using clamd, which comes with clamav, there's no real version-compatibility problems like with the module, at least in theory. From ssilva at sgvwater.com Mon Jun 4 22:51:43 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jun 4 22:52:14 2007 Subject: Subject Filtering In-Reply-To: <1964AAFBC212F742958F9275BF63DBB04B0B5A@winchester.andrewscompanies.com> References: <46642E6E.1010005@netmagicsolutions.com> <1964AAFBC212F742958F9275BF63DBB04B0B58@winchester.andrewscompanies.com> <1964AAFBC212F742958F9275BF63DBB04B0B5A@winchester.andrewscompanies.com> Message-ID: Steven Andrews spake the following on 6/4/2007 1:14 PM: > I'm moving from a barracuda to mailscanner shortly and I'm looking for > the best way to implement subject line filtering. > > Is there a simple ruleset I should make or should this really be handled > through MCP? The easier the better... > > Thanks, > > Steve Congrats on your choice! If you want something with the ease of use of the Barracuda, but the power and flexibility of MailScanner ( and the added detection abilities), you should have a look at Fortress Systems products (www.fsl.com) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From r.berber at computer.org Mon Jun 4 22:56:01 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Mon Jun 4 22:56:34 2007 Subject: Best way to run ClamAV??? In-Reply-To: <46643E45.7FBE.00FC.3@medicine.wisc.edu> References: <46643E45.7FBE.00FC.3@medicine.wisc.edu> Message-ID: Michael Masse wrote: > I just updated to MS 4.60-1 as well as SA 3.2 / Clam 0.90.3 via Jules' > automatic installer. There has been so much list traffic about clamscan vs > clamd vs clamavmodule that I can't make out which one is what I'm supposed to > be running. I'm just running the default clamscam and that can't be right > because it's maxing out the cpu to 100%. Can someone please set me > straight on how I should be running ClamAV? Best performance: use clamd or calmavmodule. The first depends on you setting up and running clamd, also to be careful with permissions/ownership of the incoming directory; the last one doesn't need anything else (other than updating the databases with freshclam or the script provided by MS). Clamscan is the worst choice, clamdscan is used by the "clamd" option in the version you are using, direct communication with clamd is being used in the next version (4.61.1). -- Ren? Berber From ree at thunderstar.net Tue Jun 5 00:02:49 2007 From: ree at thunderstar.net (Ron E.) Date: Tue Jun 5 00:02:56 2007 Subject: prevent notify spam action from notifying non-local users Message-ID: <46649A19.6090005@thunderstar.net> Hopefully someone can shed some light on this. I have been using the notify spam action to notify users about certain types of spam. It seems I incorrectly assumed that this action only notifies the envelope to recipients (RCPT TO) rather than the listed recipients in the message. Any comments? I would think the desired functionality would be to only notify those users that would have actually received the message if it had not been quarantined -- on that one system. Dug around docs and list archives and didn't find much on this. Any input would be appreciated. From ssilva at sgvwater.com Tue Jun 5 00:28:36 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jun 5 00:29:01 2007 Subject: prevent notify spam action from notifying non-local users In-Reply-To: <46649A19.6090005@thunderstar.net> References: <46649A19.6090005@thunderstar.net> Message-ID: Ron E. spake the following on 6/4/2007 4:02 PM: > Hopefully someone can shed some light on this. > > I have been using the notify spam action to notify users about certain > types of spam. It seems I incorrectly assumed that this action only > notifies the envelope to recipients (RCPT TO) rather than the listed > recipients in the message. > > Any comments? > > I would think the desired functionality would be to only notify those > users that would have actually received the message if it had not been > quarantined -- on that one system. > > Dug around docs and list archives and didn't find much on this. > > Any input would be appreciated. Splitting messages before MailScanner should have the effect you want. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From sandrews at andrewscompanies.com Tue Jun 5 01:00:38 2007 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Tue Jun 5 01:00:44 2007 Subject: Subject Filtering In-Reply-To: <46648400.3000909@alexb.ch> References: <46642E6E.1010005@netmagicsolutions.com> <1964AAFBC212F742958F9275BF63DBB04B0B58@winchester.andrewscompanies.com><1964AAFBC212F742958F9275BF63DBB04B0B5A@winchester.andrewscompanies.com> <46648400.3000909@alexb.ch> Message-ID: <1964AAFBC212F742958F9275BF63DBB04B0B64@winchester.andrewscompanies.com> I looked at the example 10_something.cf in the MCP directory; looks to be the same format as sa rules, no? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Broens Sent: Monday, June 04, 2007 5:29 PM To: MailScanner discussion Subject: Re: Subject Filtering On 6/4/2007 10:14 PM, Steven Andrews wrote: > I'm moving from a barracuda to mailscanner shortly and I'm looking for > the best way to implement subject line filtering. > > Is there a simple ruleset I should make or should this really be > handled through MCP? The easier the better... > an SA header rule is cheap and easy. Alex -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From sandrews at andrewscompanies.com Tue Jun 5 01:03:19 2007 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Tue Jun 5 01:03:21 2007 Subject: Subject Filtering In-Reply-To: References: <46642E6E.1010005@netmagicsolutions.com> <1964AAFBC212F742958F9275BF63DBB04B0B58@winchester.andrewscompanies.com><1964AAFBC212F742958F9275BF63DBB04B0B5A@winchester.andrewscompanies.com> Message-ID: <1964AAFBC212F742958F9275BF63DBB04B0B65@winchester.andrewscompanies.com> Believe it or not, even though I love MS, the reason we're switching is because the customer thinks the Barracuda 300 is too damn loud (which it is) and the thing is up for renewal. I tossed in a half baked dell 2400 and it easily outperforms the barracuda, not to mention I don't have to deal with their screwing licensing. Long story short, they removed a year from a multi-year license from us and they won't admit their mistake and stupid me, I don't have the paperwork on the order anymore. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva Sent: Monday, June 04, 2007 5:52 PM To: mailscanner@lists.mailscanner.info Subject: Re: Subject Filtering Steven Andrews spake the following on 6/4/2007 1:14 PM: > I'm moving from a barracuda to mailscanner shortly and I'm looking for > the best way to implement subject line filtering. > > Is there a simple ruleset I should make or should this really be > handled through MCP? The easier the better... > > Thanks, > > Steve Congrats on your choice! If you want something with the ease of use of the Barracuda, but the power and flexibility of MailScanner ( and the added detection abilities), you should have a look at Fortress Systems products (www.fsl.com) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Tue Jun 5 09:28:37 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 5 09:28:44 2007 Subject: FW: Other Bad Content Detected In-Reply-To: <002b01c7a6bb$8d311dd0$0202fea9@support01> References: <223f97700706040647n5b80be2bj113aca75404cc45c@mail.gmail.com> <002b01c7a6bb$8d311dd0$0202fea9@support01> Message-ID: <223f97700706050128h58f9af64wa1ff8e9a60d48695@mail.gmail.com> On 04/06/07, Nigel Kendrick wrote: > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen > Sent: Monday, June 04, 2007 2:47 PM > To: MailScanner discussion > Subject: Re: FW: Other Bad Content Detected > > On 04/06/07, Julian Field wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Are you using a very new version of Exim, and a not-very-new version of > > MailScanner? Try the latest MailScanner as there was 1 change to the > > Exim support in 4.60. > > > Seems to be a Postfix install.... > Cheers > -- > -- Glenn > > > Hi Glenn, > > Yep, Postfix. > > All up to date - MailScanner on latest stable as of yesterday. > > Thing is that, once upon a time, the emails arrived OK, but then MailScanner > just stopped liking them. This didn't happen after any updates etc. so I > reckon the people who wrote the code to send out the emails have 'tweaked' > something but, guess what, they are admitting to nothing - even when I point > out that it's only their emails to us that throw this error. This clearly points a finger at them, yes. One might suggest to them that their system actually is broken... It used to pass an attachment but doesn't anymore. See if that get their attention:-) > With regards to 'multipart/mixed', there isn't any attachment that I can see > - although as mentioned I am not exactly 'into' mail formats. All mail is > archived so I can pass on 'originals'. > > Thanks > > Nigel > That's what we need look at then... Could you send me a couple? Full discretion, of course, I won't post them anywhere or disclose anything from them...;-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Jun 5 09:38:11 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 5 09:38:14 2007 Subject: Issue with Blackberry In-Reply-To: <46647DF3.9020600@ecs.soton.ac.uk> References: <3123E1B72B666243917E340F3C8FD4A106977D@privaldc2003.prival.local> <46647DF3.9020600@ecs.soton.ac.uk> Message-ID: <223f97700706050138p2e3b9b89mbedeaa0544a8517d@mail.gmail.com> On 04/06/07, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Gerhard Mourani wrote: > > > > Cheers (well, that was yesterday... Testing Single Malts (all Ila)...:-) > > > The island is called Islay, but it is pronounced Ila. You got it half > right :-) > > Jules > i think you missed the obvious there Jules... This was typed the day after....:-). But yes, you are quite correct, Islay it is... The last one we tasted (I think) was an Caol Ila that had seen final maturing on Marsala wood (http://www.royalmilewhiskies.com/product.asp?cat_id=D_CAOL&pf_id=0010000029727)... Might be that that confused me (BTW, after havuig a good sized dram of a 17 year old Ardbeg (pure bliss! (http://www.whiskymag.com/whisky/brand/ardbeg/whisky613.html)), that Caol Ila tasted like turpentine ... Not the best way to close an otherwise magnificent tasting session;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Jun 5 09:39:27 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 5 09:39:30 2007 Subject: Issue with Blackberry In-Reply-To: <223f97700706050138p2e3b9b89mbedeaa0544a8517d@mail.gmail.com> References: <3123E1B72B666243917E340F3C8FD4A106977D@privaldc2003.prival.local> <46647DF3.9020600@ecs.soton.ac.uk> <223f97700706050138p2e3b9b89mbedeaa0544a8517d@mail.gmail.com> Message-ID: <223f97700706050139o4983134djc2e88d83d66b62f5@mail.gmail.com> On 05/06/07, Glenn Steen wrote: > On 04/06/07, Julian Field wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > > > > Gerhard Mourani wrote: > > > > > > Cheers (well, that was yesterday... Testing Single Malts (all Ila)...:-) > > > > > The island is called Islay, but it is pronounced Ila. You got it half > > right :-) > > > > Jules > > > i think you missed the obvious there Jules... This was typed the day > after....:-). But yes, you are quite correct, Islay it is... The last > one we tasted (I think) was an Caol Ila that had seen final maturing > on Marsala wood Bum link there, sorry. Should be http://www.royalmilewhiskies.com/product.asp?cat_id=D_CAOL&pf_id=0010000029727 > Might be that that confused me (BTW, after havuig a good sized dram of > a 17 year old Ardbeg (pure bliss! > (http://www.whiskymag.com/whisky/brand/ardbeg/whisky613.html)), that > Caol Ila tasted like turpentine ... Not the best way to close an > otherwise magnificent tasting session;-). > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From list-mailscanner at linguaphone.com Tue Jun 5 09:41:57 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue Jun 5 09:42:05 2007 Subject: $filename in reports picking up wrong filename Message-ID: <1181032917.6095.7.camel@gblades-suse.linguaphone-intranet.co.uk> Someone sent us a .ocx file which our system blocked. The inline warning was :- Warning: This message has had one or more attachments removed (Sources2929.zip, loadingprogramProj1.ocx). Please read the "lgdeltd-Attachment-Warning.txt" attachment(s) for more information. However the attachment warning contains :- This is a message from the MailScanner E-Mail Virus Protection Service ---------------------------------------------------------------------- The original e-mail attachment "Sources2929.zip" is on the list of unacceptable attachments for this site and has been replaced by this warning message. If you wish to receive a copy of the original attachment, please e-mail helpdesk and include the whole of this message in your request. Alternatively, you can call them, with the contents of this message to hand when you call. At Mon Jun 4 06:22:24 2007 the virus scanner said: MailScanner: No programs allowed (loadingprogramProj1.ocx) Note to Help Desk: Look on the lgdeltd (mailscanner) MailScanner in /var/spool/MailScanner/quarantine/20070604 (message 4CE42AA011D.B874C). You can see from the mailscanner report that the ocx file was the problem but the wrong filename is shown earlier. Can this be fixed? It would be ok if $filename showed both files as it does with the inline warning as that way I can at least reword the warning message. I am running mailscanner 4.57.6-1 Thanks Gareth From martinh at solidstatelogic.com Tue Jun 5 10:35:52 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jun 5 10:36:01 2007 Subject: $filename in reports picking up wrong filename In-Reply-To: <1181032917.6095.7.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <8ef41b33a14e2e43939b15f6cea65f6f@solidstatelogic.com> Gareth I'd say the message isn't wrong, just not right ;-) Ie the zip file contains a bad filename of .ocx, but the "original" attachment is a .zip file so that's correct. Somehow it's needs to say the zip file contains the unallowed filename .ocx. Perhaps -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Gareth > Sent: 05 June 2007 09:42 > To: mailscanner@lists.mailscanner.info > Subject: $filename in reports picking up wrong filename > > Someone sent us a .ocx file which our system blocked. The inline warning > was :- > > Warning: This message has had one or more attachments removed > (Sources2929.zip, loadingprogramProj1.ocx). Please read the > "lgdeltd-Attachment-Warning.txt" attachment(s) for more information. > > > However the attachment warning contains :- > > This is a message from the MailScanner E-Mail Virus Protection Service > ---------------------------------------------------------------------- > The original e-mail attachment "Sources2929.zip" > is on the list of unacceptable attachments for this site and has been > replaced by this warning message. > > If you wish to receive a copy of the original attachment, please > e-mail helpdesk and include the whole of this message > in your request. Alternatively, you can call them, with > the contents of this message to hand when you call. > > At Mon Jun 4 06:22:24 2007 the virus scanner said: > MailScanner: No programs allowed (loadingprogramProj1.ocx) > > Note to Help Desk: Look on the lgdeltd (mailscanner) MailScanner in > /var/spool/MailScanner/quarantine/20070604 (message 4CE42AA011D.B874C). > > You can see from the mailscanner report that the ocx file was the > problem but the wrong filename is shown earlier. > Can this be fixed? > It would be ok if $filename showed both files as it does with the inline > warning as that way I can at least reword the warning message. > I am running mailscanner 4.57.6-1 > > Thanks > Gareth > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From list-mailscanner at linguaphone.com Tue Jun 5 10:41:41 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue Jun 5 10:41:51 2007 Subject: $filename in reports picking up wrong filename In-Reply-To: <8ef41b33a14e2e43939b15f6cea65f6f@solidstatelogic.com> References: <8ef41b33a14e2e43939b15f6cea65f6f@solidstatelogic.com> Message-ID: <1181036500.6093.15.camel@gblades-suse.linguaphone-intranet.co.uk> No the email contained two attachments. One a .zip which is fine and the other a .ocx which is recognised as an executable file and therefore blocked. On Tue, 2007-06-05 at 10:35, Martin.Hepworth wrote: > Gareth > > I'd say the message isn't wrong, just not right ;-) > > Ie the zip file contains a bad filename of .ocx, but the "original" > attachment is a .zip file so that's correct. Somehow it's needs to say > the zip file contains the unallowed filename .ocx. > > Perhaps > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Gareth > > Sent: 05 June 2007 09:42 > > To: mailscanner@lists.mailscanner.info > > Subject: $filename in reports picking up wrong filename > > > > Someone sent us a .ocx file which our system blocked. The inline > warning > > was :- > > > > Warning: This message has had one or more attachments removed > > (Sources2929.zip, loadingprogramProj1.ocx). Please read the > > "lgdeltd-Attachment-Warning.txt" attachment(s) for more information. > > > > > > However the attachment warning contains :- > > > > This is a message from the MailScanner E-Mail Virus Protection Service > > ---------------------------------------------------------------------- > > The original e-mail attachment "Sources2929.zip" > > is on the list of unacceptable attachments for this site and has been > > replaced by this warning message. > > > > If you wish to receive a copy of the original attachment, please > > e-mail helpdesk and include the whole of this message > > in your request. Alternatively, you can call them, with > > the contents of this message to hand when you call. > > > > At Mon Jun 4 06:22:24 2007 the virus scanner said: > > MailScanner: No programs allowed (loadingprogramProj1.ocx) > > > > Note to Help Desk: Look on the lgdeltd (mailscanner) MailScanner in > > /var/spool/MailScanner/quarantine/20070604 (message > 4CE42AA011D.B874C). > > > > You can see from the mailscanner report that the ocx file was the > > problem but the wrong filename is shown earlier. > > Can this be fixed? > > It would be ok if $filename showed both files as it does with the > inline > > warning as that way I can at least reword the warning message. > > I am running mailscanner 4.57.6-1 > > > > Thanks > > Gareth > > > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** From martinh at solidstatelogic.com Tue Jun 5 10:43:33 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jun 5 10:43:38 2007 Subject: $filename in reports picking up wrong filename In-Reply-To: <1181036500.6093.15.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <78e84c6de812594aa1c030b67061e473@solidstatelogic.com> Ah right - I'll get another cuppa.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Gareth > Sent: 05 June 2007 10:42 > To: MailScanner discussion > Subject: RE: $filename in reports picking up wrong filename > > No the email contained two attachments. One a .zip which is fine and the > other a .ocx which is recognised as an executable file and therefore > blocked. > > On Tue, 2007-06-05 at 10:35, Martin.Hepworth wrote: > > Gareth > > > > I'd say the message isn't wrong, just not right ;-) > > > > Ie the zip file contains a bad filename of .ocx, but the "original" > > attachment is a .zip file so that's correct. Somehow it's needs to say > > the zip file contains the unallowed filename .ocx. > > > > Perhaps > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Gareth > > > Sent: 05 June 2007 09:42 > > > To: mailscanner@lists.mailscanner.info > > > Subject: $filename in reports picking up wrong filename > > > > > > Someone sent us a .ocx file which our system blocked. The inline > > warning > > > was :- > > > > > > Warning: This message has had one or more attachments removed > > > (Sources2929.zip, loadingprogramProj1.ocx). Please read the > > > "lgdeltd-Attachment-Warning.txt" attachment(s) for more information. > > > > > > > > > However the attachment warning contains :- > > > > > > This is a message from the MailScanner E-Mail Virus Protection Service > > > ---------------------------------------------------------------------- > > > The original e-mail attachment "Sources2929.zip" > > > is on the list of unacceptable attachments for this site and has been > > > replaced by this warning message. > > > > > > If you wish to receive a copy of the original attachment, please > > > e-mail helpdesk and include the whole of this message > > > in your request. Alternatively, you can call them, with > > > the contents of this message to hand when you call. > > > > > > At Mon Jun 4 06:22:24 2007 the virus scanner said: > > > MailScanner: No programs allowed (loadingprogramProj1.ocx) > > > > > > Note to Help Desk: Look on the lgdeltd (mailscanner) MailScanner in > > > /var/spool/MailScanner/quarantine/20070604 (message > > 4CE42AA011D.B874C). > > > > > > You can see from the mailscanner report that the ocx file was the > > > problem but the wrong filename is shown earlier. > > > Can this be fixed? > > > It would be ok if $filename showed both files as it does with the > > inline > > > warning as that way I can at least reword the warning message. > > > I am running mailscanner 4.57.6-1 > > > > > > Thanks > > > Gareth > > > > > > > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are intended for the > > addressee only and may be confidential. If they come to you in error > > you must take no action based on them, nor must you copy or show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data corruption. We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales > > (Company No:5362730) > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > United Kingdom > > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From sandrews at andrewscompanies.com Tue Jun 5 13:38:17 2007 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Tue Jun 5 13:38:22 2007 Subject: Tempfs question In-Reply-To: <78e84c6de812594aa1c030b67061e473@solidstatelogic.com> References: <1181036500.6093.15.camel@gblades-suse.linguaphone-intranet.co.uk> <78e84c6de812594aa1c030b67061e473@solidstatelogic.com> Message-ID: <1964AAFBC212F742958F9275BF63DBB04B0B6B@winchester.andrewscompanies.com> Any thoughts on putting /var/spool/MailScanner/incoming into tempfs or am I asking for a problem by doing so? Steve From glenn.steen at gmail.com Tue Jun 5 13:50:32 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 5 13:50:37 2007 Subject: Tempfs question In-Reply-To: <1964AAFBC212F742958F9275BF63DBB04B0B6B@winchester.andrewscompanies.com> References: <1181036500.6093.15.camel@gblades-suse.linguaphone-intranet.co.uk> <78e84c6de812594aa1c030b67061e473@solidstatelogic.com> <1964AAFBC212F742958F9275BF63DBB04B0B6B@winchester.andrewscompanies.com> Message-ID: <223f97700706050550y4ef2407bl3c42e5b4bf5b0dc2@mail.gmail.com> On 05/06/07, Steven Andrews wrote: > Any thoughts on putting /var/spool/MailScanner/incoming into tempfs or > am I asking for a problem by doing so? > > Steve No, it should be perfectly fine since MS will not remove anything from the in queue before it has successfully been put in the out queue... So if there is a system halt/reboot for some unforseeable reason, it'll just reprocess the files still in the in queue. You might want to place your SA cachce db somewhere else though... ISTR it being put there by default:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rabellino at di.unito.it Tue Jun 5 13:51:48 2007 From: rabellino at di.unito.it (Rabellino Sergio) Date: Tue Jun 5 13:51:57 2007 Subject: Tempfs question In-Reply-To: <1964AAFBC212F742958F9275BF63DBB04B0B6B@winchester.andrewscompanies.com> References: <1181036500.6093.15.camel@gblades-suse.linguaphone-intranet.co.uk> <78e84c6de812594aa1c030b67061e473@solidstatelogic.com> <1964AAFBC212F742958F9275BF63DBB04B0B6B@winchester.andrewscompanies.com> Message-ID: <46655C64.3010104@di.unito.it> Steven Andrews wrote: > Any thoughts on putting /var/spool/MailScanner/incoming into tempfs or > am I asking for a problem by doing so? > > Steve As per my knowledge, you must not use a tmpfs on a queue, if your host goes down, you'll loose the messages awaiting to be processed by MS. i'm using the tmpfs only for bayesian DB (with a periodic dump on a real fs to save it) and for the scanning purposes. bye. -- Ing. Sergio Rabellino Head of ICT Services Department of Computer Science University of Torino (Italy) http://www.di.unito.it/~rabser Tel. +39-0116706701 Fax. +39-011751603 From martinh at solidstatelogic.com Tue Jun 5 13:52:28 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jun 5 13:52:32 2007 Subject: Tempfs question In-Reply-To: <1964AAFBC212F742958F9275BF63DBB04B0B6B@winchester.andrewscompanies.com> Message-ID: <61df829fbd83074db45e5487c775c51e@solidstatelogic.com> Will be fine - it's only a temporary working area for MS so no data will be lost should you reboot etc.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Steven Andrews > Sent: 05 June 2007 13:38 > To: MailScanner discussion > Subject: Tempfs question > > Any thoughts on putting /var/spool/MailScanner/incoming into tempfs or > am I asking for a problem by doing so? > > Steve > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From andy.mac at global-domination.org Tue Jun 5 13:56:33 2007 From: andy.mac at global-domination.org (Andrew MacLachlan) Date: Tue Jun 5 13:56:41 2007 Subject: Tempfs question Message-ID: This isn't a queue (just a temporary working directory), so it's fine to use tmpfs there (more than fine - I prefer it!) -Andy -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rabellino Sergio Sent: 05 June 2007 13:52 To: MailScanner discussion Subject: Re: Tempfs question Steven Andrews wrote: > Any thoughts on putting /var/spool/MailScanner/incoming into tempfs or > am I asking for a problem by doing so? > > Steve As per my knowledge, you must not use a tmpfs on a queue, if your host goes down, you'll loose the messages awaiting to be processed by MS. i'm using the tmpfs only for bayesian DB (with a periodic dump on a real fs to save it) and for the scanning purposes. bye. -- Ing. Sergio Rabellino Head of ICT Services Department of Computer Science University of Torino (Italy) http://www.di.unito.it/~rabser Tel. +39-0116706701 Fax. +39-011751603 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message was scanned by ESVA and is believed to be clean. Click here to report this message as spam. http://mail-gw.global-domination.org/cgi-bin/learn-msg.cgi?id=6D7C92822A .49988 -- This message was scanned by ESVA and is believed to be clean. From rcooper at dwford.com Tue Jun 5 13:57:25 2007 From: rcooper at dwford.com (Rick Cooper) Date: Tue Jun 5 13:57:31 2007 Subject: New Clamd patches Message-ID: <038e01c7a771$110016b0$0301a8c0@SAHOMELT> Sorry so late but had some things to do early. These are on the lastest beta Rick Cooper -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: SweepViruses.pm.diff Type: application/octet-stream Size: 13841 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070605/3a00da17/SweepViruses.pm.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: MailScanner.conf.diff Type: application/octet-stream Size: 1082 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070605/3a00da17/MailScanner.conf.obj From andy.mac at global-domination.org Tue Jun 5 14:01:48 2007 From: andy.mac at global-domination.org (Andrew MacLachlan) Date: Tue Jun 5 14:01:53 2007 Subject: Subject Filtering Message-ID: I'll leave it to someone else to mention the ESVA virtual appliance... :-) -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steven Andrews Sent: 05 June 2007 01:03 To: MailScanner discussion Subject: RE: Subject Filtering Believe it or not, even though I love MS, the reason we're switching is because the customer thinks the Barracuda 300 is too damn loud (which it is) and the thing is up for renewal. I tossed in a half baked dell 2400 and it easily outperforms the barracuda, not to mention I don't have to deal with their screwing licensing. Long story short, they removed a year from a multi-year license from us and they won't admit their mistake and stupid me, I don't have the paperwork on the order anymore. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva Sent: Monday, June 04, 2007 5:52 PM To: mailscanner@lists.mailscanner.info Subject: Re: Subject Filtering Steven Andrews spake the following on 6/4/2007 1:14 PM: > I'm moving from a barracuda to mailscanner shortly and I'm looking for > the best way to implement subject line filtering. > > Is there a simple ruleset I should make or should this really be > handled through MCP? The easier the better... > > Thanks, > > Steve Congrats on your choice! If you want something with the ease of use of the Barracuda, but the power and flexibility of MailScanner ( and the added detection abilities), you should have a look at Fortress Systems products (www.fsl.com) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message was scanned by ESVA and is believed to be clean. Click here to report this message as spam. http://mail-gw.global-domination.org/cgi-bin/learn-msg.cgi?id=A6A7027FE5 .33CD7 -- This message was scanned by ESVA and is believed to be clean. From dominian at slackadelic.com Tue Jun 5 14:04:40 2007 From: dominian at slackadelic.com (Matt Hayes) Date: Tue Jun 5 14:04:48 2007 Subject: New Clamd patches In-Reply-To: <038e01c7a771$110016b0$0301a8c0@SAHOMELT> References: <038e01c7a771$110016b0$0301a8c0@SAHOMELT> Message-ID: <46655F68.2040505@slackadelic.com> I'll wait till Jules officially releases these into the next updates :) Thanks though! -Matt Rick Cooper wrote: > Sorry so late but had some things to do early. These are on the lastest beta > > > > > Rick Cooper > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > > From rabellino at di.unito.it Tue Jun 5 14:04:55 2007 From: rabellino at di.unito.it (Rabellino Sergio) Date: Tue Jun 5 14:05:08 2007 Subject: Tempfs question In-Reply-To: References: Message-ID: <46655F77.3050808@di.unito.it> Andrew MacLachlan wrote: > This isn't a queue (just a temporary working directory), so it's fine to > use tmpfs there (more than fine - I prefer it!) > > -Andy > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Rabellino Sergio > Sent: 05 June 2007 13:52 > To: MailScanner discussion > Subject: Re: Tempfs question > > Steven Andrews wrote: > >>Any thoughts on putting /var/spool/MailScanner/incoming into tempfs or >>am I asking for a problem by doing so? >> >>Steve > > As per my knowledge, you must not use a tmpfs on a queue, if your host > goes down, you'll loose the messages awaiting to > be processed by MS. > i'm using the tmpfs only for bayesian DB (with a periodic dump on a real > fs to save it) and for the scanning purposes. > > bye. I'm sorry, i lost some (many) of my neurons in the last months, yes the incoming it's the working area for MS (what I list as "scanning area"), I'm using tmpfs since 2 years without any trouble. -- Ing. Sergio Rabellino Head of ICT Services Department of Computer Science University of Torino (Italy) http://www.di.unito.it/~rabser Tel. +39-0116706701 Fax. +39-011751603 From rcooper at dwford.com Tue Jun 5 14:07:48 2007 From: rcooper at dwford.com (Rick Cooper) Date: Tue Jun 5 14:07:54 2007 Subject: Beta release 4.61.1 In-Reply-To: References: <46617185.6030000@ecs.soton.ac.uk> Message-ID: <039201c7a772$83fe2610$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Ugo Bellavance > Sent: Monday, June 04, 2007 3:08 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: Beta release 4.61.1 > > Julian Field wrote: > > This beta includes direct communication with clamd, and no > longer uses > > clamd-wrapper or clamdscan. This should be faster than the > clamd support > > in the previous version. > > What would happen if clamd is dead? Does it fallback to > clamavmodule or > clamav? > No, I don't think fallback to anything is feasible, the clamd module would have to init the clamavmodule, and I think the child would have to restart. I don't think there is a way to fallback to something else in MailScanner. However you can, and probably should, have more than one virus scanner hence they back each other up. It would be possible to add an option to restart the daemon if a problem was encountered however I leave that up to Julian as it would require running the hosts init script and I don't know if that is something he would want to do. However if clamd has a problem your logs will note this and you could certainly set up a script to run in cron to look for MailScanner clamd errors and notify you. I personally monitor all my important daemons for trouble and I have a script that PINGS clamd that runs from cron. I really haven't had problems with clamd for at least a year and I never restart it. I only have redhat/centos/fedora based distros though. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From cconn at abacom.com Tue Jun 5 14:15:15 2007 From: cconn at abacom.com (Chris Conn) Date: Tue Jun 5 14:15:20 2007 Subject: Beta release 4.61.1 In-Reply-To: <039201c7a772$83fe2610$0301a8c0@SAHOMELT> References: <46617185.6030000@ecs.soton.ac.uk> <039201c7a772$83fe2610$0301a8c0@SAHOMELT> Message-ID: <466561E3.7020909@abacom.com> > It would be possible to add an option to restart the daemon if a problem was > encountered however I leave that up to Julian as it would require running > the hosts init script and I don't know if that is something he would want to > do. However if clamd has a problem your logs will note this and you could > certainly set up a script to run in cron to look for MailScanner clamd > errors and notify you. I personally monitor all my important daemons for > trouble and I have a script that PINGS clamd that runs from cron. I really > haven't had problems with clamd for at least a year and I never restart it. > I only have redhat/centos/fedora based distros though. > I have a cronjob that runs clamdscan every minute scanning the eicar.com virus. If it does not report a FOUND, my monitoring system gets a page. The script also immediately tries a restart of clamd. #!/bin/bash if ! (/usr/bin/test -e /tmp/clamstatus) then echo 1 >/tmp/clamstatus fi if ! (/usr/bin/test -e /tmp/clamstatus2) then echo 1 >/tmp/clamstatus2 fi export PATH=$PATH:/usr/sbin/ export THEDATE=`/bin/date` /usr/bin/clamdscan --no-summary /root/scripts/eicar.com >&/tmp/test if cat /tmp/test|grep -v FOUND then if cat /tmp/clamstatus2|grep 1 then echo 0 >/tmp/clamstatus2 --DO SOMETHING HERE-- (ours calls sendpage) /etc/rc.d/init.d/clamd restart fi else if cat /tmp/clamstatus2|grep 0 then echo 1 >/tmp/clamstatus2 --PAGE RECOVERY-- fi fi I snipped out the paging stuff, modify it at will. Chris From MailScanner at ecs.soton.ac.uk Tue Jun 5 14:20:09 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 5 14:27:49 2007 Subject: Beta release 4.61.1 In-Reply-To: <039201c7a772$83fe2610$0301a8c0@SAHOMELT> References: <46617185.6030000@ecs.soton.ac.uk> <039201c7a772$83fe2610$0301a8c0@SAHOMELT> Message-ID: <46656309.5020709@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070605/49c96686/PGP.bin From rcooper at dwford.com Tue Jun 5 14:28:46 2007 From: rcooper at dwford.com (Rick Cooper) Date: Tue Jun 5 14:28:53 2007 Subject: Best way to run ClamAV??? In-Reply-To: <466487DE.3000001@evi-inc.com> References: <46643E45.7FBE.00FC.3@medicine.wisc.edu> <466487DE.3000001@evi-inc.com> Message-ID: <03a501c7a775$72573ac0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Matt Kettler > Sent: Monday, June 04, 2007 5:45 PM > To: MailScanner discussion > Subject: Re: Best way to run ClamAV??? > [..] > clamd: less expensive than clamscan CPU-wise, but needs clamd > running and is > relatively new code. This causes MailScanner to connect to > clamd's socket and > use that for scanning. Since clamd is already resident, > there's no need to > re-read signatures. Since it's using clamd, which comes with > clamav, there's no > real version-compatibility problems like with the module, at > least in theory. The only way that a clamd update would hose up the MailScanner clamd function would be if the developers changed the clamd protocol which hasn't happened in a long, long (can't remember when) time. They did add the thread support recently but didn't change anything so had MailScanner supported clamd daemon then you would have never noticed. The actual libclamav internals have changed a few times and that requires clamavmodule to be updated or it breaks. Also note that using the clamd daemon reduces MailScanner's memory footprint a fair amount. This is one of the main reasons I decided to look into supporting clamd daemon. Check below for my test system... Really want to see something interesting note the section that includs removing the perl SpamAssassin code and using the spamd daemon instead With ClamAVModule 31799 exim 15 0 17612 17M 13860 S 0.0 1.7 0:00 MailScanner 31800 exim 15 0 83612 81M 15324 S 0.0 8.1 0:37 MailScanner 31803 exim 25 0 19636 19M 15636 S 0.0 1.9 0:00 MailScanner 31807 exim 15 0 83612 81M 13796 S 0.0 8.1 0:37 MailScanner 31820 exim 15 0 83608 81M 13796 S 0.0 8.1 0:38 MailScanner total used free shared buffers cached Mem: 999 923 76 0 34 152 -/+ buffers/cache: 736 263 Without ClamAVModule 32310 exim 15 0 17612 17M 13848 S 0.0 1.7 0:00 MailScanner 32311 exim 15 0 54792 53M 15008 S 0.0 5.3 0:05 MailScanner 32315 exim 24 0 19636 19M 15656 S 0.0 1.9 0:00 MailScanner 32321 exim 15 0 54792 53M 13448 S 0.0 5.3 0:05 MailScanner 32328 exim 15 0 54792 53M 13448 S 0.0 5.3 0:05 MailScanner total used free shared buffers cached Mem: 999 841 158 0 35 152 -/+ buffers/cache: 653 346 Without ClamAVModule and Without Perl SpamAssassin 32547 exim 15 0 18908 18M 16284 S 0.0 1.8 0:00 MailScanner 32552 exim 25 0 19636 19M 16204 S 0.0 1.9 0:00 MailScanner 32612 exim 15 0 18908 18M 14184 S 0.0 1.8 0:00 MailScanner 32626 exim 15 0 18908 18M 14184 S 0.0 1.8 0:00 MailScanner total used free shared buffers cached Mem: 999 733 266 0 36 152 -/+ buffers/cache: 545 454 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From seanos at seanos.net Tue Jun 5 14:32:42 2007 From: seanos at seanos.net (=?utf-8?B?U2XDoW4gTyBTdWxsaXZhbg==?=) Date: Tue Jun 5 14:33:03 2007 Subject: Zip Attachments, not removing banned Message-ID: <55644.160.6.1.47.1181050362.squirrel@webmail.seanos.net> Just did some playing with the MessageAttachments feature in the new (stable/released) MS. I attached an xpi (enigmail, thunderbird plugin), which MS reported contained "unacceptable attachments". It informed the recipient that the attachment had been removed and replaced with said warning message, however the attachment was intact, in MessageAttachments.zip. Compared md5sum of orignal + received xpi to ensure no changes made within the archive - they matched. Se?n From rcooper at dwford.com Tue Jun 5 14:45:08 2007 From: rcooper at dwford.com (Rick Cooper) Date: Tue Jun 5 14:45:16 2007 Subject: Beta release 4.61.1 In-Reply-To: <46656309.5020709@ecs.soton.ac.uk> References: <46617185.6030000@ecs.soton.ac.uk> <039201c7a772$83fe2610$0301a8c0@SAHOMELT> <46656309.5020709@ecs.soton.ac.uk> Message-ID: <03b801c7a777$bbafb5b0$0301a8c0@SAHOMELT> [Rick Cooper] It would be possible to add an option to restart the daemon if a problem was encountered however I leave that up to Julian as it would require runningthe hosts init script and I don't know if that is something he would want todo. However if clamd has a problem your logs will note this and you could certainly set up a script to run in cron to look for MailScanner clamderrors and notify you. I personally monitor all my important daemons fortrouble and I have a script that PINGS clamd that runs from cron. I reallyhaven't had problems with clamd for at least a year and I never restart it.I only have redhat/centos/fedora based distros though. I'm not getting into the market for writing clamd monitoring scripts, I believe there are already some out there. If you want to rely on clamd, it's up to you to ensure it's running reliably. [Rick Cooper] I agree completely. I think MailScanner calling external init scripts would be bad given it's not generally running as root so one would have to give the MailScanner user access to the script and I just don't know about how I would like that from a security standpoint. I think any responsible SysOp should be monitoring all the important daemons with the ability to restart and notify in case of issues, including MailScanner. Besides even if you use clamscan, clamdscan or ClamAVModule if sig database get's hosed you are going to have a problem and you need to be watching the logs for issues anyway. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070605/fd6b315c/attachment.html From t.d.lee at durham.ac.uk Tue Jun 5 15:01:10 2007 From: t.d.lee at durham.ac.uk (David Lee) Date: Tue Jun 5 15:01:25 2007 Subject: "reports" tidy-up? Message-ID: Julian: An observation and suggestion for background 'idle process' tidying as you continue to recover. The various "reports" files have a variety of different types of signature. I suspect that these differences are the result of 'creep' rather than design. Amongst the variety: # -- # Postmaster # %org-long-name% # %web-site% # # For all your IT requirements visit: http://www.transtec.co.uk # -- # MailScanner # Email Virus Scanner # %org-long-name% # %web-site% # # For all your IT requirements visit: http://www.transtec.co.uk # -- # MailScanner # Email Virus Scanner # %org-long-name% # %web-site% (And that's just a quick scan through just the English-language ones.) Could you consider not only rationalising all these, but also making eveything fully substitutable? For instance: 1. "Postmaster", "MailScanner" might use the "Local Postmaster" setting from 'MailScanner.conf' (many sites might want a properly specified email address there); 2. "Email Virus Scanner" probably either shouldn't be there, or should have a consistent "%MS-product%" substitutable setting. 3. "For all your IT ..." should be consistently present, but in substitutable form, such as "%MS-advert%". (And then, of course, someone might further suggest variation by rulesets...) Just a thought for background pondering and (I hope) improvement. Best wishes. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From MailScanner at ecs.soton.ac.uk Tue Jun 5 15:02:50 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 5 15:05:25 2007 Subject: Zip Attachments, not removing banned In-Reply-To: <55644.160.6.1.47.1181050362.squirrel@webmail.seanos.net> References: <55644.160.6.1.47.1181050362.squirrel@webmail.seanos.net> Message-ID: <46656D0A.8090503@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks for reporting that. Fixed now hopefully. Expect a new beta soon. Se?n O Sullivan wrote: > Just did some playing with the MessageAttachments feature in the new > (stable/released) MS. > > I attached an xpi (enigmail, thunderbird plugin), which MS reported > contained "unacceptable attachments". > It informed the recipient that the attachment had been removed and > replaced with said warning message, however the attachment was intact, in > MessageAttachments.zip. > > Compared md5sum of orignal + received xpi to ensure no changes made within > the archive - they matched. > > > Se?n > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: UTF-8 wj8DBQFGZW1xEfZZRxQVtlQRAjxsAJ9IMs981F6MEEkhCJGwZbTaY7Hy1gCggA3u 1et8akNaKxadxhrGrerdvAk= =Q//r -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From andy.mac at global-domination.org Tue Jun 5 15:18:42 2007 From: andy.mac at global-domination.org (Andrew MacLachlan) Date: Tue Jun 5 15:18:49 2007 Subject: Beta release 4.61.1 Message-ID: I've got no strong feelings on this, but I do feel strongly about html emails in mailing lists... (converted back to plan text....) :-) -Andy ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rick Cooper Sent: 05 June 2007 14:45 To: 'MailScanner discussion' Subject: RE: Beta release 4.61.1 ? [Rick Cooper]? ?It would be possible to add an option to restart the daemon if a problem was encountered however I leave that up to Julian as it would require runningthe hosts init script and I don't know if that is something he would want todo. However if clamd has a problem your logs will note this and you could certainly set up a script to run in cron to look for MailScanner clamderrors and notify you. I personally monitor all my important daemons fortrouble and I have a script that PINGS clamd that runs from cron. I reallyhaven't had problems with clamd for at least a year and I never restart it.I only have redhat/centos/fedora based distros though. I'm not getting into the market for writing clamd monitoring scripts, I believe there are already some out there. If you want to rely on clamd, it's up to you to ensure it's running reliably. [Rick Cooper]? I agree completely. I think MailScanner calling external init scripts would be bad given it's not generally running as root so one would have to give the MailScanner user access to the script and I just don't know about how I would like that from a security standpoint. I think any responsible SysOp should be monitoring all the important daemons with the ability to restart and notify in case of issues, including MailScanner. Besides even if you use clamscan, clamdscan or ClamAVModule if sig database get's hosed you are going to have a problem and you need to be watching the logs for issues anyway. ? Rick? -- This message was scanned by ESVA and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jun 5 15:32:26 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 5 15:36:59 2007 Subject: Beta release 4.62.1 Message-ID: <466573FA.3050101@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have fixed 2 major bugs in the auto-zip feature, and I have changed the session handling in the clamd support to Rick's latest code. Download as usual www.mailscanner.info. The Change Log is: * New Features and Improvements * 1 Direct support for the "clamd" virus scanner -- now talks directly to the clamd daemon without any overhead of calling clamd-wrapper or clamdscan. As a result, this should be faster than the previous clamd support. It also has a much smaller memory footprint than the "clamavmodule" scanner. This is all thanks to Rick Cooper who wrote the original code. New configuration options are - Clamd Port = 3310 - Clamd Socket = /tmp/clamd - Clamd Lock File = /var/lock/subsys/clamd - Clamd Use Threads = no The use of these settings is explained in the MailScanner.conf file. 2 Changed session handling in direct clamd virus scanner support. * Fixes * 2 Fixed bug in auto-zip feature with a message containing 2 attachments with the same filename. 2 Fixed bug in auto-zip feature that would allow zipping of an attachment which had been cleaned out of the message. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGZXR5EfZZRxQVtlQRAj3WAJ9jiluNj84PQcEK98tmdYUgheK9rACeLS2F fX8Ds0gK7pCIWEMuaoMgV90= =R4Ln -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Tue Jun 5 15:36:04 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 5 15:37:45 2007 Subject: "reports" tidy-up? In-Reply-To: References: Message-ID: <466574D4.6090101@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All good ideas, but *damn* tedious to fix in all languages :-( David Lee wrote: > Julian: An observation and suggestion for background 'idle process' > tidying as you continue to recover. > > The various "reports" files have a variety of different types of > signature. I suspect that these differences are the result of 'creep' > rather than design. > > Amongst the variety: > > # -- > # Postmaster > # %org-long-name% > # %web-site% > # > # For all your IT requirements visit: http://www.transtec.co.uk > > > # -- > # MailScanner > # Email Virus Scanner > # %org-long-name% > # %web-site% > # > # For all your IT requirements visit: http://www.transtec.co.uk > > > # -- > # MailScanner > # Email Virus Scanner > # %org-long-name% > # %web-site% > > > (And that's just a quick scan through just the English-language ones.) > > Could you consider not only rationalising all these, but also making > eveything fully substitutable? > > For instance: > 1. "Postmaster", "MailScanner" might use the "Local Postmaster" setting > from 'MailScanner.conf' (many sites might want a properly specified > email address there); > 2. "Email Virus Scanner" probably either shouldn't be there, or should > have a consistent "%MS-product%" substitutable setting. > 3. "For all your IT ..." should be consistently present, but in > substitutable form, such as "%MS-advert%". > > (And then, of course, someone might further suggest variation by > rulesets...) > > Just a thought for background pondering and (I hope) improvement. > > Best wishes. > > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGZXTtEfZZRxQVtlQRAjhnAKD9aGqXRrpDqgXp0EMc75Qmd2GeYQCgwMJp eJ5Jyvk158mWBJRQeJmQXj4= =NRy6 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From rcooper at dwford.com Tue Jun 5 15:37:43 2007 From: rcooper at dwford.com (Rick Cooper) Date: Tue Jun 5 15:37:49 2007 Subject: Beta release 4.61.1 In-Reply-To: References: Message-ID: <03cd01c7a77f$1419f880$0301a8c0@SAHOMELT> Go through the list and you will see I converted this (I'm not the original sender) either two or three times but Julian seems to use the original everytime he replies ;-) What really sucks is most of those mails look like standard Outlook Express stationary so they could just check off the always send as plain text on their list address and it would never happen |-( Rick > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Andrew MacLachlan > Sent: Tuesday, June 05, 2007 10:19 AM > To: MailScanner discussion > Subject: RE: Beta release 4.61.1 > > I've got no strong feelings on this, but I do feel strongly > about html emails in mailing lists... (converted back to plan > text....) > :-) > > -Andy > > ________________________________________ > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Rick Cooper > Sent: 05 June 2007 14:45 > To: 'MailScanner discussion' > Subject: RE: Beta release 4.61.1 > > ? > > [Rick Cooper]? > ?It would be possible to add an option to restart the daemon > if a problem was > encountered however I leave that up to Julian as it would > require runningthe hosts init script and I don't know if that > is something he would want todo. However if clamd has a > problem your logs will note this and you could certainly set > up a script to run in cron to look for MailScanner > clamderrors and notify you. I personally monitor all my > important daemons fortrouble and I have a script that PINGS > clamd that runs from cron. I reallyhaven't had problems with > clamd for at least a year and I never restart it.I only have > redhat/centos/fedora based distros though. > I'm not getting into the market for writing clamd monitoring > scripts, I believe there are already some out there. > If you want to rely on clamd, it's up to you to ensure it's > running reliably. > > > > [Rick Cooper]? > I agree completely. I think MailScanner calling external init > scripts would be bad given it's not generally running as root > so one would have to give the MailScanner > user access to the script and I just don't know about how I > would like that from a security standpoint. I think any > responsible SysOp should be monitoring all the > important daemons with the ability to restart and notify in > case of issues, including MailScanner. Besides even if you > use clamscan, clamdscan or ClamAVModule if > sig database get's hosed you are going to have a problem and > you need to be watching the logs for issues anyway. > ? > Rick? > > > -- > This message was scanned by ESVA and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From andy.mac at global-domination.org Tue Jun 5 15:43:57 2007 From: andy.mac at global-domination.org (Andrew MacLachlan) Date: Tue Jun 5 15:44:06 2007 Subject: "reports" tidy-up? Message-ID: Jules - If you make the substitution changes, I'll have a look at rationalising the text... -Andy -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 05 June 2007 15:36 To: MailScanner discussion Subject: Re: "reports" tidy-up? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All good ideas, but *damn* tedious to fix in all languages :-( David Lee wrote: > Julian: An observation and suggestion for background 'idle process' > tidying as you continue to recover. > > The various "reports" files have a variety of different types of > signature. I suspect that these differences are the result of 'creep' > rather than design. > > Amongst the variety: > > # -- > # Postmaster > # %org-long-name% > # %web-site% > # > # For all your IT requirements visit: http://www.transtec.co.uk > > > # -- > # MailScanner > # Email Virus Scanner > # %org-long-name% > # %web-site% > # > # For all your IT requirements visit: http://www.transtec.co.uk > > > # -- > # MailScanner > # Email Virus Scanner > # %org-long-name% > # %web-site% > > > (And that's just a quick scan through just the English-language ones.) > > Could you consider not only rationalising all these, but also making > eveything fully substitutable? > > For instance: > 1. "Postmaster", "MailScanner" might use the "Local Postmaster" setting > from 'MailScanner.conf' (many sites might want a properly specified > email address there); > 2. "Email Virus Scanner" probably either shouldn't be there, or should > have a consistent "%MS-product%" substitutable setting. > 3. "For all your IT ..." should be consistently present, but in > substitutable form, such as "%MS-advert%". > > (And then, of course, someone might further suggest variation by > rulesets...) > > Just a thought for background pondering and (I hope) improvement. > > Best wishes. > > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGZXTtEfZZRxQVtlQRAjhnAKD9aGqXRrpDqgXp0EMc75Qmd2GeYQCgwMJp eJ5Jyvk158mWBJRQeJmQXj4= =NRy6 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message was scanned by ESVA and is believed to be clean. Click here to report this message as spam. http://mail-gw.global-domination.org/cgi-bin/learn-msg.cgi?id=3D0B02822A .25AA8 -- This message was scanned by ESVA and is believed to be clean. From t.d.lee at durham.ac.uk Tue Jun 5 16:03:39 2007 From: t.d.lee at durham.ac.uk (David Lee) Date: Tue Jun 5 16:03:49 2007 Subject: "reports" tidy-up? In-Reply-To: <466574D4.6090101@ecs.soton.ac.uk> References: <466574D4.6090101@ecs.soton.ac.uk> Message-ID: On Tue, 5 Jun 2007, Julian Field wrote: > David Lee wrote: > > Julian: An observation and suggestion for background 'idle process' > > tidying as you continue to recover. > > > > The various "reports" files have a variety of different types of > > signature. I suspect that these differences are the result of 'creep' > > rather than design. > > > > Amongst the variety: > > > > [...] > > (And that's just a quick scan through just the English-language ones.) > > > > Could you consider not only rationalising all these, but also making > > eveything fully substitutable? > > > > For instance: > > 1. "Postmaster", "MailScanner" might use the "Local Postmaster" setting > > from 'MailScanner.conf' (many sites might want a properly specified > > email address there); > > 2. "Email Virus Scanner" probably either shouldn't be there, or should > > have a consistent "%MS-product%" substitutable setting. > > 3. "For all your IT ..." should be consistently present, but in > > substitutable form, such as "%MS-advert%". > > > > (And then, of course, someone might further suggest variation by > > rulesets...) > > > > Just a thought for background pondering and (I hope) improvement. > > All good ideas, but *damn* tedious to fix in all languages :-( If you could come up with a design, or structure, or framework, for abstracting the strings into new "%postmaster% (etc.) variables (and perhaps ruleset hooks), then you could pass the buck back to us, the MS site-admins, to help with the actual files and their strings in the various languages. Bear in mind that those particular post-signature items seem to be mostly still in English anyway, so the first release could simply leave them in place as-is, with no reduction in current functionality. So the initial step would, I think, be solely structural with no actual language work needed. I would be happy to beta-test (including a trial French translation (Geordie, too, should you one day decide to support dialects) to demonstrate that the structure is working). -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From martinh at solidstatelogic.com Tue Jun 5 16:09:42 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jun 5 16:09:47 2007 Subject: Beta release 4.62.1 In-Reply-To: <466573FA.3050101@ecs.soton.ac.uk> Message-ID: <0867f2ef4c3ef446a8ab66b628112ee5@solidstatelogic.com> Jules I think you mean 4.61.2, take it easy.. :-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-beta-bounces@lists.mailscanner.info [mailto:mailscanner- > beta-bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 05 June 2007 15:32 > To: MailScanner discussion; MailScanner beta testers > Subject: Beta release 4.62.1 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have fixed 2 major bugs in the auto-zip feature, and I have changed > the session handling in the clamd support to Rick's latest code. > > Download as usual www.mailscanner.info. > > The Change Log is: > > * New Features and Improvements * > 1 Direct support for the "clamd" virus scanner -- now talks directly to > the > clamd daemon without any overhead of calling clamd-wrapper or clamdscan. > As a result, this should be faster than the previous clamd support. > It also has a much smaller memory footprint than the "clamavmodule" > scanner. > This is all thanks to Rick Cooper who wrote the original code. > New configuration options are > - Clamd Port = 3310 > - Clamd Socket = /tmp/clamd > - Clamd Lock File = /var/lock/subsys/clamd > - Clamd Use Threads = no > The use of these settings is explained in the MailScanner.conf file. > 2 Changed session handling in direct clamd virus scanner support. > > * Fixes * > 2 Fixed bug in auto-zip feature with a message containing 2 attachments > with > the same filename. > 2 Fixed bug in auto-zip feature that would allow zipping of an attachment > which had been cleaned out of the message. > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.1 (Build 1012) > Charset: ISO-8859-1 > > wj8DBQFGZXR5EfZZRxQVtlQRAj3WAJ9jiluNj84PQcEK98tmdYUgheK9rACeLS2F > fX8Ds0gK7pCIWEMuaoMgV90= > =R4Ln > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner-Beta mailing list > mailscanner-beta@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner-beta > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From ssilva at sgvwater.com Tue Jun 5 16:39:08 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jun 5 16:39:42 2007 Subject: Subject Filtering In-Reply-To: <1964AAFBC212F742958F9275BF63DBB04B0B65@winchester.andrewscompanies.com> References: <46642E6E.1010005@netmagicsolutions.com> <1964AAFBC212F742958F9275BF63DBB04B0B58@winchester.andrewscompanies.com><1964AAFBC212F742958F9275BF63DBB04B0B5A@winchester.andrewscompanies.com> <1964AAFBC212F742958F9275BF63DBB04B0B65@winchester.andrewscompanies.com> Message-ID: Steven Andrews spake the following on 6/4/2007 5:03 PM: > Believe it or not, even though I love MS, the reason we're switching is > because the customer thinks the Barracuda 300 is too damn loud (which it > is) and the thing is up for renewal. I tossed in a half baked dell 2400 > and it easily outperforms the barracuda, not to mention I don't have to > deal with their screwing licensing. > > Long story short, they removed a year from a multi-year license from us > and they won't admit their mistake and stupid me, I don't have the > paperwork on the order anymore. > The reason I mentioned Fortress is that their "appliance" is perfect for clients that don't want a staff person to have to maintain it. They can contract with Fortress personnel for the maintenance, and not have to touch it. But then again, if you maintain it, it gives you some billable hours. I have thought about putting a couple in at our place, because the PHB's will always find more work for me to do. I have started training a part-time admin to cover for me on vacations, so I can enjoy a week off here and there without the electronic leash still going off. She had no problem getting right into Mailwatch and getting things done. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From alex at nkpanama.com Tue Jun 5 17:34:39 2007 From: alex at nkpanama.com (Alex Neuman) Date: Tue Jun 5 17:35:22 2007 Subject: "reports" tidy-up? In-Reply-To: References: <466574D4.6090101@ecs.soton.ac.uk> Message-ID: <4665909F.4030909@nkpanama.com> I'd help with spanish... David Lee wrote: > On Tue, 5 Jun 2007, Julian Field wrote: > > >> David Lee wrote: >> >>> Julian: An observation and suggestion for background 'idle process' >>> tidying as you continue to recover. >>> >>> The various "reports" files have a variety of different types of >>> signature. I suspect that these differences are the result of 'creep' >>> rather than design. >>> >>> Amongst the variety: >>> >>> [...] >>> (And that's just a quick scan through just the English-language ones.) >>> >>> Could you consider not only rationalising all these, but also making >>> eveything fully substitutable? >>> >>> For instance: >>> 1. "Postmaster", "MailScanner" might use the "Local Postmaster" setting >>> from 'MailScanner.conf' (many sites might want a properly specified >>> email address there); >>> 2. "Email Virus Scanner" probably either shouldn't be there, or should >>> have a consistent "%MS-product%" substitutable setting. >>> 3. "For all your IT ..." should be consistently present, but in >>> substitutable form, such as "%MS-advert%". >>> >>> (And then, of course, someone might further suggest variation by >>> rulesets...) >>> >>> Just a thought for background pondering and (I hope) improvement. >>> >> All good ideas, but *damn* tedious to fix in all languages :-( >> > > If you could come up with a design, or structure, or framework, for > abstracting the strings into new "%postmaster% (etc.) variables (and > perhaps ruleset hooks), then you could pass the buck back to us, the MS > site-admins, to help with the actual files and their strings in the > various languages. > > Bear in mind that those particular post-signature items seem to be mostly > still in English anyway, so the first release could simply leave them in > place as-is, with no reduction in current functionality. > > So the initial step would, I think, be solely structural with no actual > language work needed. I would be happy to beta-test (including a trial > French translation (Geordie, too, should you one day decide to support > dialects) to demonstrate that the structure is working). > > > From yashodhan.barve at gmail.com Tue Jun 5 17:43:33 2007 From: yashodhan.barve at gmail.com (Yashodhan Barve) Date: Tue Jun 5 17:43:37 2007 Subject: Beta release 4.61.1 In-Reply-To: <03b801c7a777$bbafb5b0$0301a8c0@SAHOMELT> References: <46617185.6030000@ecs.soton.ac.uk> <039201c7a772$83fe2610$0301a8c0@SAHOMELT> <46656309.5020709@ecs.soton.ac.uk> <03b801c7a777$bbafb5b0$0301a8c0@SAHOMELT> Message-ID: <466592B5.4060606@gmail.com> Rick Cooper wrote: > > >> >> [Rick Cooper] >> It would be possible to add an option to restart the daemon if a problem was >> encountered however I leave that up to Julian as it would require >> runningthe hosts init script and I don't know if that is something >> he would want todo. However if clamd has a problem your logs will >> note this and you could certainly set up a script to run in cron >> to look for MailScanner clamderrors and notify you. I personally >> monitor all my important daemons fortrouble and I have a script >> that PINGS clamd that runs from cron. I reallyhaven't had problems >> with clamd for at least a year and I never restart it.I only have >> redhat/centos/fedora based distros though. > I'm not getting into the market for writing clamd monitoring > scripts, I believe there are already some out there. > If you want to rely on clamd, it's up to you to ensure it's running > reliably. > > > [Rick Cooper] > > I agree completely. I think MailScanner calling external init scripts would be bad given it's not generally running as root so one would have to give the MailScanner > > user access to the script and I just don't know about how I would like that from a security standpoint. I think any responsible SysOp should be monitoring all the > > important daemons with the ability to restart and notify in case of issues, including MailScanner. Besides even if you use clamscan, clamdscan or ClamAVModule if > > sig database get's hosed you are going to have a problem and you need to be watching the logs for issues anyway. > > > > Rick Monit Ihttp://www.tildeslash.com/monit/index.php) does a very good job of monitoring services. It also has a example config for Clamd http://www.tildeslash.com/monit/doc/examples.php regards, Yashodhan Barve From gerard at seibercom.net Tue Jun 5 18:22:54 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Tue Jun 5 18:22:46 2007 Subject: Beta release 4.61.1 In-Reply-To: <03cd01c7a77f$1419f880$0301a8c0@SAHOMELT> References: <03cd01c7a77f$1419f880$0301a8c0@SAHOMELT> Message-ID: <20070605132004.ABA5.GERARD@seibercom.net> On Tuesday June 05, 2007 at 10:37:43 (AM) Rick Cooper wrote: > Go through the list and you will see I converted this (I'm not the original > sender) either two or three times but Julian seems to use the original > everytime he replies ;-) > > What really sucks is most of those mails look like standard Outlook Express > stationary so they could just check off the always send as plain text on > their list address and it would never happen |-( I appreciate your taking the time to convert messages to plain text, although my MUA, claws-mail, does that for me. I was wondering though if you might consider losing the 'top-posting' concept however. It would make following a thread so mush easier, especially when I need to {snip} extraneous data from the post. -- Gerard DISCLAIMER If you find a posting or message from me offensive, inappropriate, or disruptive, please ignore it. If you don't know how to ignore a posting, complain to me and I will be only too happy to demonstrate... ;-) From rcooper at dwford.com Tue Jun 5 18:40:37 2007 From: rcooper at dwford.com (Rick Cooper) Date: Tue Jun 5 18:40:44 2007 Subject: Beta release 4.61.1 In-Reply-To: <20070605132004.ABA5.GERARD@seibercom.net> References: <03cd01c7a77f$1419f880$0301a8c0@SAHOMELT> <20070605132004.ABA5.GERARD@seibercom.net> Message-ID: <04f801c7a798$a0d5eb30$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Gerard Seibert > Sent: Tuesday, June 05, 2007 1:23 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: Beta release 4.61.1 > > On Tuesday June 05, 2007 at 10:37:43 (AM) Rick Cooper wrote: > > > Go through the list and you will see I converted this (I'm > not the original > > sender) either two or three times but Julian seems to use > the original > > everytime he replies ;-) > > > > What really sucks is most of those mails look like standard > Outlook Express > > stationary so they could just check off the always send as > plain text on > > their list address and it would never happen |-( > > I appreciate your taking the time to convert messages to plain text, > although my MUA, claws-mail, does that for me. I was wondering though > if you might consider losing the 'top-posting' concept however. It > would make following a thread so mush easier, especially when I need > to {snip} extraneous data from the post. > I don't have a top posting concept, I *almost* never do and I snip [...] instead. Only time I do is if there is a big chuck of stuff I would remove nearly all of and I am in a big hurry. Sorry about that one today. What bugs me is when someone makes a one line remark on 100K of conversation and I have to dig through the >>>>>> a couple times to find the answer. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Tue Jun 5 18:52:59 2007 From: rcooper at dwford.com (Rick Cooper) Date: Tue Jun 5 18:53:05 2007 Subject: BitDefender and f-prot Message-ID: <04f901c7a79a$5b666d70$0301a8c0@SAHOMELT> I noticed something odd while testing the clamd stuff that has me pulling my hair out. Bitdefender is not finding any eicar infections and f-prot only finds infected .zips not .rar. I will find the infected file in a rar since MailScanner unrars them. Both scanners work perfectly when called from the command line and when the wrapper is called from the command line. If I log the incoming lines the parser sees f-prot doesn't seem to even see the rar file and bitdefender scans everything but shows OK. To make it worse even though f-prot sees the infected file that was in the rar file MailScanner passes the rar back uninfected because it never ends up in {parts}. Thinking it was a permissions problem I tried executing the wrapper as the mail user and it works perfectly, tried running MailScanner as root and had the same problem. I have no idea how long this could have been a problem because exim catches the viruses at the door, and all three scanners find the viruses when exim is in control. Anyone have a clue where to look next? Rick Cooper -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jun 5 18:55:34 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 5 18:56:15 2007 Subject: Beta release 4.61.1 In-Reply-To: <04f801c7a798$a0d5eb30$0301a8c0@SAHOMELT> References: <03cd01c7a77f$1419f880$0301a8c0@SAHOMELT> <20070605132004.ABA5.GERARD@seibercom.net> <04f801c7a798$a0d5eb30$0301a8c0@SAHOMELT> Message-ID: <4665A396.4050208@ecs.soton.ac.uk> Rick Cooper wrote: > > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Gerard Seibert >> Sent: Tuesday, June 05, 2007 1:23 PM >> To: mailscanner@lists.mailscanner.info >> Subject: Re: Beta release 4.61.1 >> >> On Tuesday June 05, 2007 at 10:37:43 (AM) Rick Cooper wrote: >> >> >>> Go through the list and you will see I converted this (I'm >>> >> not the original >> >>> sender) either two or three times but Julian seems to use >>> >> the original >> >>> everytime he replies ;-) >>> >>> What really sucks is most of those mails look like standard >>> >> Outlook Express >> >>> stationary so they could just check off the always send as >>> >> plain text on >> >>> their list address and it would never happen |-( >>> >> I appreciate your taking the time to convert messages to plain text, >> although my MUA, claws-mail, does that for me. I was wondering though >> if you might consider losing the 'top-posting' concept however. It >> would make following a thread so mush easier, especially when I need >> to {snip} extraneous data from the post. >> >> > > I don't have a top posting concept, I *almost* never do and I snip [...] > instead. Only time I do is if there is a big chuck of stuff I would remove > nearly all of and I am in a big hurry. Sorry about that one today. What bugs > me is when someone makes a one line remark on 100K of conversation and I > have to dig through the >>>>>> a couple times to find the answer. > I found an extension for Thunderbird that "folds" quoted material. So I no longer have to scroll right to the bottom of every message (more mouse miles) to see the comment that's been added. I also use another one that draws a left and top boundary around each different quoting level, and changes the colours of the quoted material. So deeper quoting levels have gradually darker background shades of grey. These 2 combined make it much easier to read this list. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070605/0fcb4e2d/attachment.html From dominian at slackadelic.com Tue Jun 5 19:08:46 2007 From: dominian at slackadelic.com (Matt Hayes) Date: Tue Jun 5 19:08:55 2007 Subject: Beta release 4.61.1 In-Reply-To: <4665A396.4050208@ecs.soton.ac.uk> References: <03cd01c7a77f$1419f880$0301a8c0@SAHOMELT> <20070605132004.ABA5.GERARD@seibercom.net> <04f801c7a798$a0d5eb30$0301a8c0@SAHOMELT> <4665A396.4050208@ecs.soton.ac.uk> Message-ID: <4665A6AE.7010301@slackadelic.com> Jules, You think you can give links to those plugins? -Matt Julian Field wrote: > > > Rick Cooper wrote: >> >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>> Of Gerard Seibert >>> Sent: Tuesday, June 05, 2007 1:23 PM >>> To: mailscanner@lists.mailscanner.info >>> Subject: Re: Beta release 4.61.1 >>> >>> On Tuesday June 05, 2007 at 10:37:43 (AM) Rick Cooper wrote: >>> >>> >>>> Go through the list and you will see I converted this (I'm >>>> >>> not the original >>> >>>> sender) either two or three times but Julian seems to use >>>> >>> the original >>> >>>> everytime he replies ;-) >>>> >>>> What really sucks is most of those mails look like standard >>>> >>> Outlook Express >>> >>>> stationary so they could just check off the always send as >>>> >>> plain text on >>> >>>> their list address and it would never happen |-( >>>> >>> I appreciate your taking the time to convert messages to plain text, >>> although my MUA, claws-mail, does that for me. I was wondering though >>> if you might consider losing the 'top-posting' concept however. It >>> would make following a thread so mush easier, especially when I need >>> to {snip} extraneous data from the post. >>> >>> >> >> I don't have a top posting concept, I *almost* never do and I snip [...] >> instead. Only time I do is if there is a big chuck of stuff I would remove >> nearly all of and I am in a big hurry. Sorry about that one today. What bugs >> me is when someone makes a one line remark on 100K of conversation and I >> have to dig through the >>>>>> a couple times to find the answer. >> > I found an extension for Thunderbird that "folds" quoted material. So I > no longer have to scroll right to the bottom of every message (more > mouse miles) to see the comment that's been added. I also use another > one that draws a left and top boundary around each different quoting > level, and changes the colours of the quoted material. So deeper quoting > levels have gradually darker background shades of grey. These 2 combined > make it much easier to read this list. > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > For all you IT requirements visit transtec Computers > . > From MailScanner at ecs.soton.ac.uk Tue Jun 5 19:18:44 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 5 19:20:23 2007 Subject: Beta release 4.61.1 In-Reply-To: <4665A6AE.7010301@slackadelic.com> References: <03cd01c7a77f$1419f880$0301a8c0@SAHOMELT> <20070605132004.ABA5.GERARD@seibercom.net> <04f801c7a798$a0d5eb30$0301a8c0@SAHOMELT> <4665A396.4050208@ecs.soton.ac.uk> <4665A6AE.7010301@slackadelic.com> Message-ID: <4665A904.1010702@ecs.soton.ac.uk> They are called "Quote Colors" and "QuoteCollapse". I also use "Mail Redirect", "MagicSLR", "keyconfig", "BlunderDelay" and "Display Mail User Agent Extension". Some of them are definitely worth a look. The Display MUA extension is very nice, doesn't do anything useful but it's also amusing to see who uses what :-) Matt Hayes wrote: > Jules, > > You think you can give links to those plugins? > > -Matt > > Julian Field wrote: >> >> >> Rick Cooper wrote: >>> >>> >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>>> Gerard Seibert >>>> Sent: Tuesday, June 05, 2007 1:23 PM >>>> To: mailscanner@lists.mailscanner.info >>>> Subject: Re: Beta release 4.61.1 >>>> >>>> On Tuesday June 05, 2007 at 10:37:43 (AM) Rick Cooper wrote: >>>> >>>> >>>>> Go through the list and you will see I converted this (I'm >>>> not the original >>>> >>>>> sender) either two or three times but Julian seems to use >>>> the original >>>> >>>>> everytime he replies ;-) >>>>> >>>>> What really sucks is most of those mails look like standard >>>> Outlook Express >>>> >>>>> stationary so they could just check off the always send as >>>> plain text on >>>> >>>>> their list address and it would never happen |-( >>>>> >>>> I appreciate your taking the time to convert messages to plain text, >>>> although my MUA, claws-mail, does that for me. I was wondering though >>>> if you might consider losing the 'top-posting' concept however. It >>>> would make following a thread so mush easier, especially when I need >>>> to {snip} extraneous data from the post. >>>> >>>> >>> >>> I don't have a top posting concept, I *almost* never do and I snip >>> [...] >>> instead. Only time I do is if there is a big chuck of stuff I would >>> remove >>> nearly all of and I am in a big hurry. Sorry about that one today. >>> What bugs >>> me is when someone makes a one line remark on 100K of conversation >>> and I >>> have to dig through the >>>>>> a couple times to find the answer. >>> >> I found an extension for Thunderbird that "folds" quoted material. So >> I no longer have to scroll right to the bottom of every message (more >> mouse miles) to see the comment that's been added. I also use another >> one that draws a left and top boundary around each different quoting >> level, and changes the colours of the quoted material. So deeper >> quoting levels have gradually darker background shades of grey. These >> 2 combined make it much easier to read this list. >> >> Jules >> >> -- >> Julian Field MEng CITP >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> For all your IT requirements visit www.transtec.co.uk >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by *MailScanner* , >> and is >> believed to be clean. >> For all you IT requirements visit transtec Computers >> . >> > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From gerard at seibercom.net Tue Jun 5 19:32:50 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Tue Jun 5 19:32:44 2007 Subject: Beta release 4.61.1 In-Reply-To: <04f801c7a798$a0d5eb30$0301a8c0@SAHOMELT> References: <20070605132004.ABA5.GERARD@seibercom.net> <04f801c7a798$a0d5eb30$0301a8c0@SAHOMELT> Message-ID: <20070605142431.4757.GERARD@seibercom.net> On Tuesday June 05, 2007 at 01:40:37 (PM) Rick Cooper wrote: [snip] > I don't have a top posting concept, I *almost* never do and I snip [...] > instead. Only time I do is if there is a big chuck of stuff I would remove > nearly all of and I am in a big hurry. Sorry about that one today. What bugs > me is when someone makes a one line remark on 100K of conversation and I > have to dig through the >>>>>> a couple times to find the answer. Yes, I agree. Maybe I should create a web page dedicated to the art of '[snip]'. That is my main problem with top posters in general. They never '[snip]' anything. On a mailing list like this that adds text at the bottom of every post, that accumulated crud can really build up after a message has been replied to a dozen times or so. Top posters are incapable of realizing that fact unfortunately. If they at least used an MUA that dropped text after the 'sig delimiter' upon reply, it would be a achievement. -- Gerard From gerard at seibercom.net Tue Jun 5 19:37:15 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Tue Jun 5 19:37:05 2007 Subject: Beta release 4.61.1 In-Reply-To: <4665A396.4050208@ecs.soton.ac.uk> References: <04f801c7a798$a0d5eb30$0301a8c0@SAHOMELT> <4665A396.4050208@ecs.soton.ac.uk> Message-ID: <20070605143348.475C.GERARD@seibercom.net> On Tuesday June 05, 2007 at 01:55:34 (PM) Julian Field wrote: > I found an extension for Thunderbird that "folds" quoted material. So I > no longer have to scroll right to the bottom of every message (more > mouse miles) to see the comment that's been added. I also use another > one that draws a left and top boundary around each different quoting > level, and changes the colours of the quoted material. So deeper quoting > levels have gradually darker background shades of grey. These 2 combined > make it much easier to read this list. I use 'claws-mail' personally. It is configurable to change the colors of text dependent upon its quoting level. It can also be pre-set to hide quoted text in replies. That is a feature I really like. It also will strip from the 'sig delimiter' upon reply making the new posting more compact and free of useless garbage. -- Gerard DISCLAIMER If you find a posting or message from me offensive, inappropriate, or disruptive, please ignore it. If you don't know how to ignore a posting, complain to me and I will be only too happy to demonstrate... ;-) From jon at radel.com Tue Jun 5 19:42:32 2007 From: jon at radel.com (Jon Radel) Date: Tue Jun 5 19:42:43 2007 Subject: Beta release 4.61.1 In-Reply-To: <20070605142431.4757.GERARD@seibercom.net> References: <20070605132004.ABA5.GERARD@seibercom.net> <04f801c7a798$a0d5eb30$0301a8c0@SAHOMELT> <20070605142431.4757.GERARD@seibercom.net> Message-ID: <4665AE98.4030909@radel.com> Gerard Seibert wrote: > Yes, I agree. Maybe I should create a web page dedicated to the art of > '[snip]'. That is my main problem with top posters in general. They > never '[snip]' anything. On a mailing list like this that adds text > at the bottom of every post, that accumulated crud can really build up > after a message has been replied to a dozen times or so. Top posters > are incapable of realizing that fact unfortunately. If they at least > used an MUA that dropped text after the 'sig delimiter' upon reply, it > would be a achievement. > > But reading to the bottom of e-mail sent to you by a bunch of top-posters using Outlook can be sooooo amusing. I still remember the polite request we got for a change in service. When we read all the way to the bottom we got the entire internal discussion within our customer on how this was going to be step one for ditching us and our service. It was quite useful.... :-) --Jon Radel -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2890 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070605/c831f52b/smime.bin From MailScanner at ecs.soton.ac.uk Tue Jun 5 19:46:04 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 5 19:47:12 2007 Subject: Beta release 4.61.1 In-Reply-To: <20070605143348.475C.GERARD@seibercom.net> References: <04f801c7a798$a0d5eb30$0301a8c0@SAHOMELT> <4665A396.4050208@ecs.soton.ac.uk> <20070605143348.475C.GERARD@seibercom.net> Message-ID: <4665AF6C.70803@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070605/4898d061/PGP.bin From gerard at seibercom.net Tue Jun 5 20:07:10 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Tue Jun 5 20:07:04 2007 Subject: Beta release 4.61.1 In-Reply-To: <4665AE98.4030909@radel.com> References: <20070605142431.4757.GERARD@seibercom.net> <4665AE98.4030909@radel.com> Message-ID: <20070605150500.C210.GERARD@seibercom.net> On Tuesday June 05, 2007 at 02:42:32 (PM) Jon Radel wrote: [snip] > But reading to the bottom of e-mail sent to you by a bunch of > top-posters using Outlook can be sooooo amusing. I still remember the > polite request we got for a change in service. When we read all the way > to the bottom we got the entire internal discussion within our customer > on how this was going to be step one for ditching us and our service. > It was quite useful.... Top posters are by no means restricted to Outlook. In fact, the new version of Outlook has a setting that puts replies at the 'BOTTOM' of messages being replied to. There are only a hand full of other MUA's that employ that intelligent logic. -- Gerard DISCLAIMER If you find a posting or message from me offensive, inappropriate, or disruptive, please ignore it. If you don't know how to ignore a posting, complain to me and I will be only too happy to demonstrate... ;-) From gerard at seibercom.net Tue Jun 5 20:09:55 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Tue Jun 5 20:09:45 2007 Subject: Beta release 4.61.1 In-Reply-To: <4665AF6C.70803@ecs.soton.ac.uk> References: <20070605143348.475C.GERARD@seibercom.net> <4665AF6C.70803@ecs.soton.ac.uk> Message-ID: <20070605150949.C215.GERARD@seibercom.net> On Tuesday June 05, 2007 at 02:46:04 (PM) Julian Field wrote: [snip] > But is there a Mac version of it? I don't use PC's any more. Parallels > runs the Windows tools I have to use when I need them. I do not believe so. There is an Window's version, but it is rather old and not up to the quality of the non-win32 version of claws-mail. I will check to see if there is a MAC version planned. -- Gerard From ssilva at sgvwater.com Tue Jun 5 20:08:45 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jun 5 20:31:32 2007 Subject: Beta release 4.61.1 In-Reply-To: <4665AF6C.70803@ecs.soton.ac.uk> References: <04f801c7a798$a0d5eb30$0301a8c0@SAHOMELT> <4665A396.4050208@ecs.soton.ac.uk> <20070605143348.475C.GERARD@seibercom.net> <4665AF6C.70803@ecs.soton.ac.uk> Message-ID: Julian Field spake the following on 6/5/2007 11:46 AM: > > > Gerard Seibert wrote: >> On Tuesday June 05, 2007 at 01:55:34 (PM) Julian Field wrote: >> >> >>> I found an extension for Thunderbird that "folds" quoted material. So I >>> no longer have to scroll right to the bottom of every message (more >>> mouse miles) to see the comment that's been added. I also use another >>> one that draws a left and top boundary around each different quoting >>> level, and changes the colours of the quoted material. So deeper quoting >>> levels have gradually darker background shades of grey. These 2 combined >>> make it much easier to read this list. >>> >> >> >> I use 'claws-mail' personally. It is configurable to change the colors >> of text dependent upon its quoting level. It can also be pre-set to >> hide quoted text in replies. That is a feature I really like. It also >> will strip from the 'sig delimiter' upon reply making the new posting >> more compact and free of useless garbage. >> > But is there a Mac version of it? I don't use PC's any more. Parallels > runs the Windows tools I have to use when I need them. > > (being careful for once to not top-post and invite a flame war :-) > > Jules > Julian, It is your list. You can top-post, bottom-post, you can post in kanjii if you want. You can post in haiku, or dirty limmericks ... whatever tickles your fancy! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ryan-list at marinocrane.com Tue Jun 5 21:21:52 2007 From: ryan-list at marinocrane.com (Ryan Pitt) Date: Tue Jun 5 21:24:01 2007 Subject: Upgrade to Fedora 7 and resulting error... Message-ID: <4665C5E0.4040201@marinocrane.com> Hi all, We just upgraded one of our servers to Fedora 7 and we are now receiving the following error message when starting MailScanner. Any help or ideas would be greatly appreciated. Thanks Ryan [root@ns1 MailScanner]# service MailScanner restart Shutting down MailScanner daemons: MailScanner: [FAILED] incoming sendmail: [ OK ] outgoing sendmail: [ OK ] Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: [ OK ] MailScanner: is only avaliable with the XS version at /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9. Compilation failed in require at /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 24. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 24. Compilation failed in require at /usr/lib/MailScanner/MailScanner/Message.pm line 48. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Message.pm line 48. Compilation failed in require at /usr/sbin/MailScanner line 79. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. [ OK ] From root at doctor.nl2k.ab.ca Tue Jun 5 21:30:33 2007 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Tue Jun 5 21:31:10 2007 Subject: Beta release 4.62.1 In-Reply-To: <466573FA.3050101@ecs.soton.ac.uk> References: <466573FA.3050101@ecs.soton.ac.uk> Message-ID: <20070605203033.GA13547@doctor.nl2k.ab.ca> On Tue, Jun 05, 2007 at 03:32:26PM +0100, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have fixed 2 major bugs in the auto-zip feature, and I have changed > the session handling in the clamd support to Rick's latest code. > > Download as usual www.mailscanner.info. > > The Change Log is: > > * New Features and Improvements * > 1 Direct support for the "clamd" virus scanner -- now talks directly to the > clamd daemon without any overhead of calling clamd-wrapper or clamdscan. > As a result, this should be faster than the previous clamd support. > It also has a much smaller memory footprint than the "clamavmodule" > scanner. > This is all thanks to Rick Cooper who wrote the original code. > New configuration options are > - Clamd Port = 3310 > - Clamd Socket = /tmp/clamd > - Clamd Lock File = /var/lock/subsys/clamd > - Clamd Use Threads = no > The use of these settings is explained in the MailScanner.conf file. > 2 Changed session handling in direct clamd virus scanner support. > > * Fixes * > 2 Fixed bug in auto-zip feature with a message containing 2 attachments with > the same filename. > 2 Fixed bug in auto-zip feature that would allow zipping of an attachment > which had been cleaned out of the message. > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Julian, will the above work with clmd 0.88.7 ? Also will there be a revised edition of the book coming out? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gerard at seibercom.net Tue Jun 5 21:43:07 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Tue Jun 5 21:42:59 2007 Subject: Beta release 4.61.1 In-Reply-To: References: <4665AF6C.70803@ecs.soton.ac.uk> Message-ID: <20070605163819.0196.GERARD@seibercom.net> On Tuesday June 05, 2007 at 03:08:45 (PM) Scott Silva wrote: [snip] > Julian, > It is your list. You can top-post, bottom-post, you can post in kanjii if you > want. You can post in haiku, or dirty limmericks ... whatever tickles your fancy Scott, on behalf of Julian, I just want to convey to you his deep felt appreciation of the fact that you are allowing him to exert his free will on this list.. Julian would have personally thanked you, but he is obviously overcome with heart felt application for you thoughtfulness. -- Gerard DISCLAIMER If you find a posting or message from me offensive, inappropriate, or disruptive, please ignore it. If you don't know how to ignore a posting, complain to me and I will be only too happy to demonstrate... ;-) From ssilva at sgvwater.com Tue Jun 5 22:10:16 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jun 5 22:13:10 2007 Subject: Beta release 4.61.1 In-Reply-To: <20070605163819.0196.GERARD@seibercom.net> References: <4665AF6C.70803@ecs.soton.ac.uk> <20070605163819.0196.GERARD@seibercom.net> Message-ID: Gerard Seibert spake the following on 6/5/2007 1:43 PM: > On Tuesday June 05, 2007 at 03:08:45 (PM) Scott Silva wrote: > > [snip] > >> Julian, >> It is your list. You can top-post, bottom-post, you can post in kanjii if you >> want. You can post in haiku, or dirty limmericks ... whatever tickles your fancy > > Scott, on behalf of Julian, I just want to convey to you his deep felt > appreciation of the fact that you are allowing him to exert his free > will on this list.. Julian would have personally thanked you, but he > is obviously overcome with heart felt application for you > thoughtfulness. > May the messages of a thousand spammers fill your inbox!! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From hvdkooij at vanderkooij.org Tue Jun 5 22:16:17 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Jun 5 22:17:00 2007 Subject: Upgrade to Fedora 7 and resulting error... In-Reply-To: <4665C5E0.4040201@marinocrane.com> References: <4665C5E0.4040201@marinocrane.com> Message-ID: On Tue, 5 Jun 2007, Ryan Pitt wrote: > We just upgraded one of our servers to Fedora 7 and we are now receiving the > following error message when starting MailScanner. > Any help or ideas would be greatly appreciated. Upgrade to anything but Fedora. I would never use Fedora for any production system. > MailScanner: is only avaliable with the XS version at > /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 > BEGIN failed--compilation aborted at > /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9. > Compilation failed in require at > /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 24. I suggest to see if you need new perl modules to match your new environment. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From hvdkooij at vanderkooij.org Tue Jun 5 22:18:53 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Jun 5 22:19:34 2007 Subject: Beta release 4.61.1 In-Reply-To: References: <4665AF6C.70803@ecs.soton.ac.uk> <20070605163819.0196.GERARD@seibercom.net> Message-ID: On Tue, 5 Jun 2007, Scott Silva wrote: > Gerard Seibert spake the following on 6/5/2007 1:43 PM: >> On Tuesday June 05, 2007 at 03:08:45 (PM) Scott Silva wrote: >> >> [snip] >> >>> Julian, >>> It is your list. You can top-post, bottom-post, you can post in kanjii if you >>> want. You can post in haiku, or dirty limmericks ... whatever tickles your fancy >> >> Scott, on behalf of Julian, I just want to convey to you his deep felt >> appreciation of the fact that you are allowing him to exert his free >> will on this list.. Julian would have personally thanked you, but he >> is obviously overcome with heart felt application for you >> thoughtfulness. >> > May the messages of a thousand spammers fill your inbox!! I suggest Julian suspends your MailScanner protection for a short period. That should keep you busy for a while ;-) Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From rcooper at dwford.com Tue Jun 5 22:45:50 2007 From: rcooper at dwford.com (Rick Cooper) Date: Tue Jun 5 22:45:57 2007 Subject: Beta release 4.62.1 In-Reply-To: <20070605203033.GA13547@doctor.nl2k.ab.ca> References: <466573FA.3050101@ecs.soton.ac.uk> <20070605203033.GA13547@doctor.nl2k.ab.ca> Message-ID: <078b01c7a7ba$e2e061a0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Dave Shariff Yadallee - System Administrator a.k.a. The > Root of theProblem > Sent: Tuesday, June 05, 2007 4:31 PM > To: MailScanner discussion > Cc: MailScanner beta testers > Subject: Re: Beta release 4.62.1 > [...] > > New configuration options are > > - Clamd Port = 3310 > > - Clamd Socket = /tmp/clamd > > - Clamd Lock File = /var/lock/subsys/clamd > > - Clamd Use Threads = no > > The use of these settings is explained in the > MailScanner.conf file. > Julian, will the above work with clmd 0.88.7 ? > Not sure if the threading is supported in 0.88, I think it came along in one of the 0.90 releases. Yes it appears it was 0.90. I suppose best put a caveat in the configuration file for that. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From res at ausics.net Tue Jun 5 22:52:11 2007 From: res at ausics.net (Res) Date: Tue Jun 5 22:52:20 2007 Subject: BitDefender and f-prot In-Reply-To: <04f901c7a79a$5b666d70$0301a8c0@SAHOMELT> References: <04f901c7a79a$5b666d70$0301a8c0@SAHOMELT> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 5 Jun 2007, Rick Cooper wrote: > I noticed something odd while testing the clamd stuff that has me pulling my > hair out. > > Bitdefender is not finding any eicar infections and f-prot only finds > infected .zips not .rar. I will find the infected file in a rar since > MailScanner unrars them. Both scanners work perfectly when called from the > command line and when the wrapper is called from the command line. If I log > the incoming lines the parser sees f-prot doesn't seem to even see the rar > file and bitdefender scans everything but shows OK. To make it worse even > though f-prot sees the infected file that was in the rar file MailScanner > passes the rar back uninfected because it never ends up in {parts}. f-prot identifies and deletes, user doesnt get anything /var/spool/MailScanner/incoming/29027/l55Lk6vS012506/rootkit.rar->shv5-rootk Virus Scanning: F-Prot found virus Unix/Agent.SH Virus Scanning: F-Prot found 8 infections - -- Cheers Res -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGZdsOsWhAmSIQh7MRAqzhAKCJF6i1vgzqlzMGKo9ZxkHCkmBOVwCfYhT6 2kWJLlthWivbltl7UP6++W8= =umK0 -----END PGP SIGNATURE----- From prandal at herefordshire.gov.uk Tue Jun 5 22:52:23 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jun 5 22:52:32 2007 Subject: Upgrade to Fedora 7 and resulting error... In-Reply-To: References: <4665C5E0.4040201@marinocrane.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03CEE0@HC-MBX02.herefordshire.gov.uk> Sorry for top-posting... Have you tried reinstalling MailScanner? Cheers, Phil -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Hugo van der Kooij Sent: 05 June 2007 22:16 To: MailScanner discussion Subject: Re: Upgrade to Fedora 7 and resulting error... On Tue, 5 Jun 2007, Ryan Pitt wrote: > We just upgraded one of our servers to Fedora 7 and we are now receiving the > following error message when starting MailScanner. > Any help or ideas would be greatly appreciated. Upgrade to anything but Fedora. I would never use Fedora for any production system. > MailScanner: is only avaliable with the XS version at > /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 > BEGIN failed--compilation aborted at > /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9. > Compilation failed in require at > /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 24. I suggest to see if you need new perl modules to match your new environment. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From res at ausics.net Tue Jun 5 22:53:48 2007 From: res at ausics.net (Res) Date: Tue Jun 5 22:53:59 2007 Subject: Upgrade to Fedora 7 and resulting error... In-Reply-To: <4665C5E0.4040201@marinocrane.com> References: <4665C5E0.4040201@marinocrane.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 5 Jun 2007, Ryan Pitt wrote: > Hi all, > > We just upgraded one of our servers to Fedora 7 and we are now receiving the > following error message when starting MailScanner. > Any help or ideas would be greatly appreciated. Just reinstall MailScanner, it will be out of wack because of the diferent version of perl - -- Cheers Res -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGZdtusWhAmSIQh7MRAn7HAJ9xttQW7amyTzs4Z3rCJsTtjce9UgCePHB5 wPLG0WpfuQ5EWm3EMazJ1Zc= =thQa -----END PGP SIGNATURE----- From res at ausics.net Tue Jun 5 23:01:37 2007 From: res at ausics.net (Res) Date: Tue Jun 5 23:01:46 2007 Subject: Upgrade to Fedora 7 and resulting error... In-Reply-To: References: <4665C5E0.4040201@marinocrane.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 6 Jun 2007, Res wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 5 Jun 2007, Ryan Pitt wrote: > >> Hi all, >> >> We just upgraded one of our servers to Fedora 7 and we are now receiving >> the following error message when starting MailScanner. >> Any help or ideas would be greatly appreciated. > > Just reinstall MailScanner, it will be out of wack because of the diferent > version of perl Forgot to add, you will have that problem no mater what OS you use. also if you have freshly installed, then I suggest and recommend you rpm -e MailScanner ,then get the source and compile and install, when I used RPM based distros, I always did it this way, makes a sinch to upgrade and backup/restore. - -- Cheers Res -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGZd1DsWhAmSIQh7MRAk9CAKCeQankmF7K5ll7qo9hfqHhV8DzegCeJMOb 1cUXlsIRMvXd7AJSyjO+SF0= =qkN0 -----END PGP SIGNATURE----- From r.berber at computer.org Wed Jun 6 00:19:50 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Wed Jun 6 00:20:01 2007 Subject: Beta release 4.62.1 In-Reply-To: <466573FA.3050101@ecs.soton.ac.uk> References: <466573FA.3050101@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > I have fixed 2 major bugs in the auto-zip feature, and I have changed > the session handling in the clamd support to Rick's latest code. > > Download as usual www.mailscanner.info. [snip] Question: is the etc/mcp/v320.pre included file necessary? If it is, do we have to maintain/configure it just as the original SA file? I'm deleting it since it looks like something somebody forgot to clean, just like the many .bak files under etc/reports, but now I see it has changed btw. versions. -- Ren? Berber From ssilva at sgvwater.com Wed Jun 6 00:32:11 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 6 00:32:39 2007 Subject: Beta release 4.62.1 In-Reply-To: References: <466573FA.3050101@ecs.soton.ac.uk> Message-ID: Ren? Berber spake the following on 6/5/2007 4:19 PM: > Julian Field wrote: > >> I have fixed 2 major bugs in the auto-zip feature, and I have changed >> the session handling in the clamd support to Rick's latest code. >> >> Download as usual www.mailscanner.info. > [snip] > > Question: is the etc/mcp/v320.pre included file necessary? > > If it is, do we have to maintain/configure it just as the original SA file? > > I'm deleting it since it looks like something somebody forgot to clean, just > like the many .bak files under etc/reports, but now I see it has changed btw. > versions. It is necessary for MCP to function with spamassassin 3.2.0. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From gdoris at rogers.com Wed Jun 6 01:39:54 2007 From: gdoris at rogers.com (Gerry Doris) Date: Wed Jun 6 01:40:42 2007 Subject: Can't get clamd working??? Message-ID: <4666025A.2020100@rogers.com> I've been playing with the newest beta release and am having problems getting clamd working. When I do a MailScanner --lint I get the following: MailScanner --lint Read 764 hostnames from the phishing whitelist Config: calling custom init function SQLBlacklist Config: calling custom init function MailWatchLogging Config: calling custom init function SQLWhitelist Checking version numbers... Version number in MailScanner.conf (4.61.2) is correct. Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. Using locktype = posix Creating hardcoded struct_flock subroutine for linux (Linux-type) MailScanner.conf says "Virus Scanners = clamd trend f-prot bitdefender" Found these virus scanners installed: bitdefender, f-prot, clamavmodule, trend Here's the result of ps ax | grep clamd ps ax | grep clamd 16849 ? Ss 0:47 /usr/local/sbin/clamd virus.scanners.conf has the following entry for clamd clamd /bin/false /usr/local/sbin clamd.conf contains the following lines # Path to a local socket file the daemon will listen on. # Default: disabled LocalSocket /tmp/clamd # TCP port address. # Default: disabled TCPSocket 3310 and MailScanner.conf has these lines Clamd Port = 3310 Clamd Socket = /tmp/clamd Clamd Lock File = Clamd Use Threads = no What am I missing!!! From r.berber at computer.org Wed Jun 6 02:16:11 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Wed Jun 6 02:25:49 2007 Subject: Can't get clamd working??? In-Reply-To: <4666025A.2020100@rogers.com> References: <4666025A.2020100@rogers.com> Message-ID: Gerry Doris wrote: [snip] > virus.scanners.conf has the following entry for clamd > > clamd /bin/false /usr/local/sbin Wrong, the original file had: clamd /bin/false /usr/local [snip] > and MailScanner.conf has these lines > > Clamd Port = 3310 > Clamd Socket = /tmp/clamd > Clamd Lock File = > Clamd Use Threads = no > > > What am I missing!!! Virus Scanners = clamd if auto doesn't work for you, and it probably won't: how do you expect it to choose between the 3 options for clamav if any one can be used? -- Ren? Berber From gdoris at rogers.com Wed Jun 6 04:19:09 2007 From: gdoris at rogers.com (Gerry Doris) Date: Wed Jun 6 04:21:41 2007 Subject: Can't get clamd working??? In-Reply-To: References: <4666025A.2020100@rogers.com> Message-ID: <466627AD.7080809@rogers.com> Ren? Berber wrote: > Gerry Doris wrote: > > [snip] >> virus.scanners.conf has the following entry for clamd >> >> clamd /bin/false /usr/local/sbin > > Wrong, the original file had: > > clamd /bin/false /usr/local > My clamd is located in /usr/local/sbin. It is NOT in /usr/local >> and MailScanner.conf has these lines >> >> Clamd Port = 3310 >> Clamd Socket = /tmp/clamd >> Clamd Lock File = >> Clamd Use Threads = no >> >> >> What am I missing!!! > > Virus Scanners = clamd > > if auto doesn't work for you, and it probably won't: how do you expect it to > choose between the 3 options for clamav if any one can be used? I stated in my original email that I had the following line... Virus Scanners = clamd trend f-prot bitdefender I'm running four virus scanners (this is a test system). For some reason MailScanner finds clamavmodule but not clamd. It also finds the other 3 scanners without problems. From rcooper at dwford.com Wed Jun 6 04:51:14 2007 From: rcooper at dwford.com (Rick Cooper) Date: Wed Jun 6 04:51:20 2007 Subject: Can't get clamd working??? In-Reply-To: <4666025A.2020100@rogers.com> References: <4666025A.2020100@rogers.com> Message-ID: <081301c7a7ed$ee8638d0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Gerry Doris > Sent: Tuesday, June 05, 2007 8:40 PM > To: mailscanner@lists.mailscanner.info > Subject: Can't get clamd working??? > > I've been playing with the newest beta release and am having problems > getting clamd working. When I do a MailScanner --lint I get > the following: > > MailScanner --lint > Read 764 hostnames from the phishing whitelist > Config: calling custom init function SQLBlacklist > Config: calling custom init function MailWatchLogging > Config: calling custom init function SQLWhitelist > Checking version numbers... > Version number in MailScanner.conf (4.61.2) is correct. > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > Using locktype = posix > Creating hardcoded struct_flock subroutine for linux (Linux-type) > MailScanner.conf says "Virus Scanners = clamd trend f-prot > bitdefender" > Found these virus scanners installed: bitdefender, f-prot, > clamavmodule, > trend > > What exactly isn't working? I have no idea how MailScanner performs it's lint test, but mine outputs the following: Creating hardcoded struct_flock subroutine for linux (Linux-type) MailScanner.conf says "Virus Scanners = panda f-prot clamd" Found these virus scanners installed: bitdefender, clamavmodule, f-prot, panda, sophossavi Note clamd is not one of the installed scanners and it works fine. It also says: Could not use Custom Function code MailScanner::CustomConfig::InitWrapper, it could not be "eval"ed. And that all works properly as well. You will have to ask Julian how he lints a virus scanner that doesn't require a wrapper script, I thought setting clamd the same as clamavmodule ( /bin/false /tmp) would do it but he set it as /bin/false /usr/local... Setting it to /tmp doesn't seem to work either. When you test does it not work? If not what does the log say? If running MailScanner in debug mode what do the current parameters say? Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Wed Jun 6 04:58:09 2007 From: rcooper at dwford.com (Rick Cooper) Date: Wed Jun 6 04:58:13 2007 Subject: Can't get clamd working??? In-Reply-To: <4666025A.2020100@rogers.com> References: <4666025A.2020100@rogers.com> Message-ID: <081401c7a7ee$e5db2d70$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Gerry Doris > Sent: Tuesday, June 05, 2007 8:40 PM > To: mailscanner@lists.mailscanner.info > Subject: Can't get clamd working??? > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > Using locktype = posix > Creating hardcoded struct_flock subroutine for linux (Linux-type) > MailScanner.conf says "Virus Scanners = clamd trend f-prot > bitdefender" > Found these virus scanners installed: bitdefender, f-prot, > clamavmodule, > trend > > Ok I hunted down the lint process for installed scanners and scanners without wrappers such as clamavmodule and sophossavi are handled by doing an eval on their modules. How do you lint a scanner that is build directly into MailScanner? I would suppose it needs to be hardcoded directly into installed scanners. Or add a PingClamd function? Julian? In any event MailScanner --lint will not return "found" even for a 100% functional clamd install at this time. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Wed Jun 6 05:10:13 2007 From: rcooper at dwford.com (Rick Cooper) Date: Wed Jun 6 05:10:18 2007 Subject: Can't get clamd working??? In-Reply-To: <466627AD.7080809@rogers.com> References: <4666025A.2020100@rogers.com> <466627AD.7080809@rogers.com> Message-ID: <081b01c7a7f0$9564cf70$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Gerry Doris > Sent: Tuesday, June 05, 2007 11:19 PM > To: MailScanner discussion > Subject: Re: Can't get clamd working??? [...] > I stated in my original email that I had the following line... > > Virus Scanners = clamd trend f-prot bitdefender > > I'm running four virus scanners (this is a test system). For some > reason MailScanner finds clamavmodule but not clamd. It also > finds the > other 3 scanners without problems. It's because the Mail::ClamAV is a separate module not built in to SweepViruses: if (eval 'require Mail::ClamAV') { foreach (@installed) { s/^clamav$/clamavmodule/i; } } Doesn't ensure your clamav installation is operational but it does insure the module is available. The Clamd code could be moved into it's own module and the eval could be performed. Even if it looked for the clamd binary it doesn't mean the daemon is running. Julian, How about adding push @installed, $scannername if $scannername eq 'clamd'; next if $scannername eq 'clamd'; Right after next if $scannername =~ /generic|none/i; in InstalledScanners? Or would you prefer an actual daemon check? The above fixes the --lint issue at least. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Wed Jun 6 05:31:47 2007 From: rcooper at dwford.com (Rick Cooper) Date: Wed Jun 6 05:31:53 2007 Subject: Can't get clamd working??? In-Reply-To: <081b01c7a7f0$9564cf70$0301a8c0@SAHOMELT> References: <4666025A.2020100@rogers.com> <466627AD.7080809@rogers.com> <081b01c7a7f0$9564cf70$0301a8c0@SAHOMELT> Message-ID: <082601c7a7f3$98cece10$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Rick Cooper > Sent: Wednesday, June 06, 2007 12:10 AM > To: 'MailScanner discussion' > Subject: RE: Can't get clamd working??? > > > [...] > > Julian, How about adding > > push @installed, $scannername if $scannername eq 'clamd'; > next if $scannername eq 'clamd'; > > Right after next if $scannername =~ /generic|none/i; in > InstalledScanners? > Or would you prefer an actual daemon check? > The above fixes the --lint issue at least. > I can add one line of code to ClamdScan, just below the PING/PONG section: return "OK" if $dirname eq '--lint'; Then instead of the above in InstalledScanners add: if ($scannername eq 'clamd') { push @installed, $scannername if ClamdScan ('--lint') eq "OK"; } Then it will list it installed only if it running and operational (I just tested this) Up to you Julian? Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From linux at kmun.gov.kw Wed Jun 6 06:08:59 2007 From: linux at kmun.gov.kw (linux@kmun.gov.kw) Date: Wed Jun 6 06:59:26 2007 Subject: IS my Mailscanner using clamav In-Reply-To: <081301c7a7ed$ee8638d0$0301a8c0@SAHOMELT> References: <4666025A.2020100@rogers.com> <081301c7a7ed$ee8638d0$0301a8c0@SAHOMELT> Message-ID: <2516.62.150.152.42.1181106539.squirrel@webmail.baladia.gov.kw> Dear All, i have recently installed mail scanner ver 4.28.6-1 and its been workin fine as i see from my maillogs but i would like to know the following 1) how do i know if my clamav antivurus is running and MailScanner is using it.. my Mailscanner.conf file has Virus Scanners = clamav. thnks and regards simon From Jeff.Mills at versacold.com.au Wed Jun 6 07:18:33 2007 From: Jeff.Mills at versacold.com.au (Jeff Mills) Date: Wed Jun 6 07:18:39 2007 Subject: IS my Mailscanner using clamav Message-ID: > > 1) how do i know if my clamav antivurus is running and > MailScanner is using it.. > > my Mailscanner.conf file has Virus Scanners = clamav. > > thnks and regards > > Send yourself the eicar test virus. There are a number of websites that will email you a test. Just do a search for it. > > simon > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From linux at kmun.gov.kw Wed Jun 6 07:40:04 2007 From: linux at kmun.gov.kw (linux@kmun.gov.kw) Date: Wed Jun 6 08:31:44 2007 Subject: IS my Mailscanner using clamav In-Reply-To: References: Message-ID: <3029.62.150.152.42.1181112004.squirrel@webmail.baladia.gov.kw> Thanks for the quick reply when i send a mail from eicar to my mailbox here is wht i see ----------------- Special (absolutly harmless) files were send to your e-mail account (linux@kmun.gov.kw). Please, be sure you have sufficient space in your mailbox (about 50kb). Your anti-virus software should detect it already. --------------------------- how do i know my Mailscanner and clamav is workin fine thnks n regards simon > >> >> 1) how do i know if my clamav antivurus is running and >> MailScanner is using it.. >> >> my Mailscanner.conf file has Virus Scanners = clamav. >> >> thnks and regards >> >> > > Send yourself the eicar test virus. > There are a number of websites that will email you a test. > Just do a search for it. > > > >> >> simon >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From andy.mac at global-domination.org Wed Jun 6 08:57:15 2007 From: andy.mac at global-domination.org (Andrew MacLachlan) Date: Wed Jun 6 08:57:21 2007 Subject: IS my Mailscanner using clamav Message-ID: 2 things: -The eicar file(s) won't be delivered -The logs will mention something Andy -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of linux@kmun.gov.kw Sent: 06 June 2007 07:40 To: MailScanner discussion Subject: RE: IS my Mailscanner using clamav Thanks for the quick reply when i send a mail from eicar to my mailbox here is wht i see ----------------- Special (absolutly harmless) files were send to your e-mail account (linux@kmun.gov.kw). Please, be sure you have sufficient space in your mailbox (about 50kb). Your anti-virus software should detect it already. --------------------------- how do i know my Mailscanner and clamav is workin fine thnks n regards simon > >> >> 1) how do i know if my clamav antivurus is running and >> MailScanner is using it.. >> >> my Mailscanner.conf file has Virus Scanners = clamav. >> >> thnks and regards >> >> > > Send yourself the eicar test virus. > There are a number of websites that will email you a test. > Just do a search for it. > > > >> >> simon >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message was scanned by ESVA and is believed to be clean. Click here to report this message as spam. http://mail-gw.global-domination.org/cgi-bin/learn-msg.cgi?id=9227D27F04 .BB6F5 -- This message was scanned by ESVA and is believed to be clean. From glenn.steen at gmail.com Wed Jun 6 09:15:52 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Jun 6 09:15:55 2007 Subject: IS my Mailscanner using clamav In-Reply-To: <2516.62.150.152.42.1181106539.squirrel@webmail.baladia.gov.kw> References: <4666025A.2020100@rogers.com> <081301c7a7ed$ee8638d0$0301a8c0@SAHOMELT> <2516.62.150.152.42.1181106539.squirrel@webmail.baladia.gov.kw> Message-ID: <223f97700706060115j607e6fbas2ed1349329b1fb9d@mail.gmail.com> On 06/06/07, linux@kmun.gov.kw wrote: > > Dear All, > > i have recently installed mail scanner ver 4.28.6-1 and its been workin > fine as i see from my maillogs Why use this (very) old version? Get the latest stable version from http://www.mailscanner.info then go read (most of) the wiki (http://wiki.mailscanner.info), with special attention to the MAQ. > but i would like to know the following > > > 1) how do i know if my clamav antivurus is running and MailScanner is > using it.. A much better question is: If you are using such an outdated version of MailScanner, is your ClamAV equally out of date? Latest stable there is 0.90.3, and you can get it in a very convenient and easy install package (along with SpamAssassin 3.2.0) from www.mailscanner.info. Details on how to manually test your system for all sorts of problems are in the wiki ... Do look through it. The really bad thing with an outdated ClamAV is that you will not get signature updates if it is too much out of date... > my Mailscanner.conf file has Virus Scanners = clamav. > > thnks and regards > > > > simon Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martinh at solidstatelogic.com Wed Jun 6 10:10:35 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jun 6 10:10:41 2007 Subject: Beta release 4.62.1 In-Reply-To: <078b01c7a7ba$e2e061a0$0301a8c0@SAHOMELT> Message-ID: Outlook top posts by default and my boss says this is the defacto standard so I can't change it (don't get me started....;-( Anyway 0.90.2 was the first release to use threads (I had to stop it using pthreads on my old FreeBSD version which was a bit of fun). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rick Cooper > Sent: 05 June 2007 22:46 > To: MailScanner discussion > Subject: RE: Beta release 4.62.1 > > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Dave Shariff Yadallee - System Administrator a.k.a. The > > Root of theProblem > > Sent: Tuesday, June 05, 2007 4:31 PM > > To: MailScanner discussion > > Cc: MailScanner beta testers > > Subject: Re: Beta release 4.62.1 > > > [...] > > > New configuration options are > > > - Clamd Port = 3310 > > > - Clamd Socket = /tmp/clamd > > > - Clamd Lock File = /var/lock/subsys/clamd > > > - Clamd Use Threads = no > > > The use of these settings is explained in the > > MailScanner.conf file. > > > Julian, will the above work with clmd 0.88.7 ? > > > > Not sure if the threading is supported in 0.88, I think it came along in > one > of the 0.90 releases. > > Yes it appears it was 0.90. I suppose best put a caveat in the > configuration > file for that. > > Rick > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Wed Jun 6 10:42:22 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 6 10:46:32 2007 Subject: Can't get clamd working??? In-Reply-To: <4666025A.2020100@rogers.com> References: <4666025A.2020100@rogers.com> Message-ID: <4666817E.3040500@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gerry Doris wrote: > I've been playing with the newest beta release and am having problems > getting clamd working. When I do a MailScanner --lint I get the > following: > > MailScanner --lint > Read 764 hostnames from the phishing whitelist > Config: calling custom init function SQLBlacklist > Config: calling custom init function MailWatchLogging > Config: calling custom init function SQLWhitelist > Checking version numbers... > Version number in MailScanner.conf (4.61.2) is correct. > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > Using locktype = posix > Creating hardcoded struct_flock subroutine for linux (Linux-type) > MailScanner.conf says "Virus Scanners = clamd trend f-prot bitdefender" > Found these virus scanners installed: bitdefender, f-prot, > clamavmodule, trend > > > Here's the result of ps ax | grep clamd > > ps ax | grep clamd > 16849 ? Ss 0:47 /usr/local/sbin/clamd > > > virus.scanners.conf has the following entry for clamd > > clamd /bin/false /usr/local/sbin That should be /usr/local. > > > > clamd.conf contains the following lines > > # Path to a local socket file the daemon will listen on. > # Default: disabled > LocalSocket /tmp/clamd > > # TCP port address. > # Default: disabled > TCPSocket 3310 > > and MailScanner.conf has these lines > > Clamd Port = 3310 > Clamd Socket = /tmp/clamd > Clamd Lock File = > Clamd Use Threads = no > > > What am I missing!!! Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGZoIdEfZZRxQVtlQRAoRGAKDW6srWLA/HR43ex/iudsXg9KsNZgCg5HNb 8pJGyKrEoDB5hDknVKAy5ho= =QiYu -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Wed Jun 6 10:43:51 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 6 10:46:37 2007 Subject: Can't get clamd working??? In-Reply-To: <466627AD.7080809@rogers.com> References: <4666025A.2020100@rogers.com> <466627AD.7080809@rogers.com> Message-ID: <466681D7.1020004@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gerry Doris wrote: > Ren? Berber wrote: >> Gerry Doris wrote: >> >> [snip] >>> virus.scanners.conf has the following entry for clamd >>> >>> clamd /bin/false /usr/local/sbin >> >> Wrong, the original file had: >> >> clamd /bin/false /usr/local >> > > My clamd is located in /usr/local/sbin. It is NOT in /usr/local > >>> and MailScanner.conf has these lines >>> >>> Clamd Port = 3310 >>> Clamd Socket = /tmp/clamd >>> Clamd Lock File = >>> Clamd Use Threads = no >>> >>> >>> What am I missing!!! >> >> Virus Scanners = clamd >> >> if auto doesn't work for you, and it probably won't: how do you >> expect it to >> choose between the 3 options for clamav if any one can be used? > > I stated in my original email that I had the following line... > > Virus Scanners = clamd trend f-prot bitdefender > > I'm running four virus scanners (this is a test system). For some > reason MailScanner finds clamavmodule but not clamd. It also finds > the other 3 scanners without problems. The "auto" functionality can't (as easily) find clamd so it doesn't find it at present. Doesn't stop you using it though. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGZoIfEfZZRxQVtlQRAhHIAJoCgSE7dcFyVExn7iJ0Q6YG4Pl3ywCgmGwd 3Cb1qQBu+7jBfyqdJNnwksI= =/x8z -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Wed Jun 6 10:45:27 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 6 10:50:51 2007 Subject: Can't get clamd working??? In-Reply-To: <081401c7a7ee$e5db2d70$0301a8c0@SAHOMELT> References: <4666025A.2020100@rogers.com> <081401c7a7ee$e5db2d70$0301a8c0@SAHOMELT> Message-ID: <46668237.6030006@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070606/32e60efd/PGP-0001.bin From MailScanner at ecs.soton.ac.uk Wed Jun 6 10:46:30 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 6 10:50:55 2007 Subject: Can't get clamd working??? In-Reply-To: <081b01c7a7f0$9564cf70$0301a8c0@SAHOMELT> References: <4666025A.2020100@rogers.com> <466627AD.7080809@rogers.com> <081b01c7a7f0$9564cf70$0301a8c0@SAHOMELT> Message-ID: <46668276.7080901@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070606/8456282f/PGP.bin From mogens at fumlersoft.dk Wed Jun 6 11:29:56 2007 From: mogens at fumlersoft.dk (Mogens Melander) Date: Wed Jun 6 11:30:36 2007 Subject: SA not working after upgrade Message-ID: <22774.222.123.0.244.1181125796.squirrel@mail.fumlersoft.dk> Hi, Yesterday i did an cpan upgrade of SpamAssassin, after which, it seems that MailScanner no longer uses SA. A spamassassin --lint gave no clue as all looked good. I tried to make a symling from /etc/MailScanner/spam.assassin.prefs.conf to /etc/mail/mailscanner.cf which resulted in following error: # spamassassin --lint [21230] warn: config: failed to parse line, skipping, in "/etc/mail/spamassassin/mailscanner.cf": use_dcc 1 [21230] warn: config: failed to parse line, skipping, in "/etc/mail/spamassassin/mailscanner.cf": dcc_path /usr/local/bin/dccproc [21230] warn: config: failed to parse line, skipping, in "/etc/mail/spamassassin/mailscanner.cf": dcc_home /var/dcc [21230] warn: config: failed to parse line, skipping, in "/etc/mail/spamassassin/mailscanner.cf": dcc_body_max 500 [21230] warn: config: failed to parse line, skipping, in "/etc/mail/spamassassin/mailscanner.cf": dcc_fuz1_max 500 [21230] warn: config: failed to parse line, skipping, in "/etc/mail/spamassassin/mailscanner.cf": dcc_fuz2_max 500 [21230] warn: config: warning: score set for non-existent rule RCVD_IN_RSL [21230] warn: config: warning: score set for non-existent rule DCC_CHECK [21230] warn: lint: 8 issues detected, please rerun with debug enabled for more information So i guess that's not the solution either. I'm being flodded in spam, so hints are more than welcome. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. From martinh at solidstatelogic.com Wed Jun 6 11:35:42 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jun 6 11:35:49 2007 Subject: SA not working after upgrade In-Reply-To: <22774.222.123.0.244.1181125796.squirrel@mail.fumlersoft.dk> Message-ID: <1e1475147278d249aeba55f524cc9fca@solidstatelogic.com> Mogens Check you've got DCC enabled in the *.pre files.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Mogens Melander > Sent: 06 June 2007 11:30 > To: mailscanner@lists.mailscanner.info > Subject: SA not working after upgrade > > Hi, > > Yesterday i did an cpan upgrade of SpamAssassin, after > which, it seems that MailScanner no longer uses SA. > > A spamassassin --lint gave no clue as all looked good. > > I tried to make a symling from /etc/MailScanner/spam.assassin.prefs.conf > to /etc/mail/mailscanner.cf which resulted in following error: > > # spamassassin --lint > [21230] warn: config: failed to parse line, skipping, in > "/etc/mail/spamassassin/mailscanner.cf": use_dcc 1 > [21230] warn: config: failed to parse line, skipping, in > "/etc/mail/spamassassin/mailscanner.cf": dcc_path /usr/local/bin/dccproc > [21230] warn: config: failed to parse line, skipping, in > "/etc/mail/spamassassin/mailscanner.cf": dcc_home /var/dcc > [21230] warn: config: failed to parse line, skipping, in > "/etc/mail/spamassassin/mailscanner.cf": dcc_body_max 500 > [21230] warn: config: failed to parse line, skipping, in > "/etc/mail/spamassassin/mailscanner.cf": dcc_fuz1_max 500 > [21230] warn: config: failed to parse line, skipping, in > "/etc/mail/spamassassin/mailscanner.cf": dcc_fuz2_max 500 > [21230] warn: config: warning: score set for non-existent rule RCVD_IN_RSL > [21230] warn: config: warning: score set for non-existent rule DCC_CHECK > [21230] warn: lint: 8 issues detected, please rerun with debug enabled for > more information > > So i guess that's not the solution either. > > I'm being flodded in spam, so hints are more than welcome. > > -- > Later > > Mogens Melander > +45 40 85 71 38 > +66 870 133 224 > > > > -- > This message has been scanned for viruses and > dangerous content by OpenProtect(http://www.openprotect.com), and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From gerard at seibercom.net Wed Jun 6 12:06:09 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Wed Jun 6 12:05:58 2007 Subject: Beta release 4.62.1 In-Reply-To: References: <078b01c7a7ba$e2e061a0$0301a8c0@SAHOMELT> Message-ID: <20070606064811.9DF8.GERARD@seibercom.net> On Wednesday June 06, 2007 at 05:10:35 (AM) Martin.Hepworth wrote: [snip] > Outlook top posts by default and my boss says this is the defacto > standard so I can't change it (don't get me started....;-( > Virtually all MUA's place text at the top of a message when replying. Only a hand few are capable of being configured to correct that problem. However, virtually all MUA's will use the + key combination to move the cursor to the end of a message. Some MUA's will even allow the user to define their own combination to achieve this goal. Now, if the user is too stupid, lazy or just inconsiderate to use that exceedingly easy technique to foil their MUA's poor message replying technique, then perhaps it is time they considered a different line of work. A quick question regarding your posting and business practices. Are you by any chance posting to this forum on your boss's time? If so is he aware of it? If the answer to both is no, then what possible connection is their there between your company's policies and your message replies to this forum? You would obviously not be using your company's services and therefore not bound by their policies. You are free to configure your MUA as you see fit. On the other hand, if you are allocating resources for your personal use without your company's consent, then we have a much bigger problem to contend with -- the possible illegal use of company resources. -- Gerard A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? TOPIC: Posting Etiquette From mogens at fumlersoft.dk Wed Jun 6 12:12:39 2007 From: mogens at fumlersoft.dk (Mogens Melander) Date: Wed Jun 6 12:11:48 2007 Subject: SA not working after upgrade In-Reply-To: <1e1475147278d249aeba55f524cc9fca@solidstatelogic.com> References: <1e1475147278d249aeba55f524cc9fca@solidstatelogic.com> Message-ID: <38524.222.123.0.244.1181128359.squirrel@mail.fumlersoft.dk> Thank's. That helped on the --lint errors, but SA's still not being used. The maillog claim scanning is being done: MailScanner[21992]: New Batch: Found 4 messages waiting MailScanner[21992]: New Batch: Scanning 2 messages, 4866 bytes MailScanner[21992]: MCP Checks: Starting MailScanner[21992]: Spam Checks: Starting MailScanner[21980]: Uninfected: Delivered 1 messages But there's no score report. The mailheaders are in place but no score here either: X-TIT-GPH-Information: Please contact the ISP for more information X-TIT-GPH: Found to be clean X-TIT-GPH-MCPCheck: MCP-Clean, MCP-Checker (score=0, required 4) X-TIT-GPH-SpamCheck: not spam (whitelisted), SpamAssassin (score=0, required 3, autolearn=) X-TIT-GPH-From: mailscanner-bounces@lists.mailscanner.info On Wed, June 6, 2007 12:35, Martin.Hepworth wrote: > Mogens > > Check you've got DCC enabled in the *.pre files.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Mogens Melander >> Sent: 06 June 2007 11:30 >> To: mailscanner@lists.mailscanner.info >> Subject: SA not working after upgrade >> >> Hi, >> >> Yesterday i did an cpan upgrade of SpamAssassin, after >> which, it seems that MailScanner no longer uses SA. >> >> A spamassassin --lint gave no clue as all looked good. >> >> I tried to make a symling from > /etc/MailScanner/spam.assassin.prefs.conf >> to /etc/mail/mailscanner.cf which resulted in following error: >> >> # spamassassin --lint >> [21230] warn: config: failed to parse line, skipping, in >> "/etc/mail/spamassassin/mailscanner.cf": use_dcc 1 -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. From martinh at solidstatelogic.com Wed Jun 6 12:13:19 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jun 6 12:13:23 2007 Subject: Beta release 4.62.1 In-Reply-To: <20070606064811.9DF8.GERARD@seibercom.net> Message-ID: Gerard See inline.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Gerard Seibert > Sent: 06 June 2007 12:06 > To: mailscanner@lists.mailscanner.info > Subject: Re: Beta release 4.62.1 > > On Wednesday June 06, 2007 at 05:10:35 (AM) Martin.Hepworth wrote: > > [snip] > > > Outlook top posts by default and my boss says this is the defacto > > standard so I can't change it (don't get me started....;-( > > > Virtually all MUA's place text at the top of a message when replying. > Only a hand few are capable of being configured to correct that > problem. However, virtually all MUA's will use the + key > combination to move the cursor to the end of a message. Some MUA's > will even allow the user to define their own combination to achieve > this goal. Now, if the user is too stupid, lazy or just inconsiderate > to use that exceedingly easy technique to foil their MUA's poor > message replying technique, then perhaps it is time they considered a > different line of work. > Like I said don't get me started - most MUA's used to bottom post the MS-mail came along and broke the 'standard'. I can rant all day about M$ and email:-) > A quick question regarding your posting and business practices. Are > you by any chance posting to this forum on your boss's time? If so is > he aware of it? If the answer to both is no, then what possible > connection is their there between your company's policies and your > message replies to this forum? You would obviously not be using your > company's services and therefore not bound by their policies. You are > free to configure your MUA as you see fit. On the other hand, if you > are allocating resources for your personal use without your company's > consent, then we have a much bigger problem to contend with -- the > possible illegal use of company resources. > Actually yes he is and therefore I can :-) > > -- > Gerard > > > A: Because it fouls the order in which people normally read text. > Q: Why is top-posting such a bad thing? > A: Top-posting. > Q: What is the most annoying thing on usenet and in e-mail? > > TOPIC: Posting Etiquette > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Wed Jun 6 12:12:31 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 6 12:16:33 2007 Subject: Can't get clamd working??? In-Reply-To: <466681D7.1020004@ecs.soton.ac.uk> References: <4666025A.2020100@rogers.com> <466627AD.7080809@rogers.com> <466681D7.1020004@ecs.soton.ac.uk> Message-ID: <4666969F.1060100@ecs.soton.ac.uk> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070606/b6c945c4/PGP.bin From glenn.steen at gmail.com Wed Jun 6 12:32:01 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Jun 6 12:32:05 2007 Subject: Can't get clamd working??? In-Reply-To: <4666969F.1060100@ecs.soton.ac.uk> References: <4666025A.2020100@rogers.com> <466627AD.7080809@rogers.com> <466681D7.1020004@ecs.soton.ac.uk> <4666969F.1060100@ecs.soton.ac.uk> Message-ID: <223f97700706060432x5b512004r8d35d947c31b818@mail.gmail.com> On 06/06/07, Julian Field wrote: > Attached is a new SweepViruses.pm (gzip-ed) which will make > MailScanner --lint > detect the clamd scanner. > > I am not at all sure we should be checking for the > /var/lock/subsys/clamd file at all. This is a very "Linuxy" feature, I'm > inclined to take it out or default it to be blank (has the same effect). > > What do you think? > I assume you use pretty much one source to do the packaging from, so .... if you want one that always works for all platforms.... I'd vote for keeping it (with an informatinve example in the comments) but setting it to blank. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From gdoris at rogers.com Wed Jun 6 12:47:39 2007 From: gdoris at rogers.com (Gerry Doris) Date: Wed Jun 6 12:47:55 2007 Subject: Can't get clamd working??? In-Reply-To: <466681D7.1020004@ecs.soton.ac.uk> References: <4666025A.2020100@rogers.com> <466627AD.7080809@rogers.com> <466681D7.1020004@ecs.soton.ac.uk> Message-ID: <46669EDB.2020609@rogers.com> Julian Field wrote: >> >> I'm running four virus scanners (this is a test system). For some >> reason MailScanner finds clamavmodule but not clamd. It also finds >> the other 3 scanners without problems. > The "auto" functionality can't (as easily) find clamd so it doesn't find > it at present. Doesn't stop you using it though. > > Jules OK, I have all versions of clamav selectable and working now...in fact, other than a small problem with ownership of /tmp/clamd it always was working. I was confused when MailScanner --lint continued to say that I had clamavmodule even though I was using one of the other ones. Thanks for your help! From ljosnet at gmail.com Wed Jun 6 12:54:18 2007 From: ljosnet at gmail.com (emm1) Date: Wed Jun 6 12:54:22 2007 Subject: Clamav load Message-ID: <910ee2ac0706060454g7cb47f48l178df44854c59811@mail.gmail.com> Hello, Im running the newest MailScanner from FreeBSD 6.2 ports, 4.60.8 and clamav 0.90.3 and I am experiencing very slow scan times and high loads. 2240 root 1 107 0 39056K 36684K RUN 0:18 44.21% clamscan 2248 root 1 108 0 38272K 35900K RUN 0:07 31.08% clamscan 2256 root 1 108 0 11852K 9452K RUN 0:03 23.99% clamscan 2262 root 1 108 0 11752K 9352K RUN 0:03 20.87% clamscan 656 clamav 1 4 0 39480K 36996K accept 0:27 0.00% clamd As soon as I turn the virusscan off in MailScanner.conf everything is fine. Any suggestions? Thanks! From gerard at seibercom.net Wed Jun 6 12:59:14 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Wed Jun 6 12:59:05 2007 Subject: Beta release 4.62.1 In-Reply-To: References: <20070606064811.9DF8.GERARD@seibercom.net> Message-ID: <20070606071821.538C.GERARD@seibercom.net> On Wednesday June 06, 2007 at 07:13:19 (AM) Martin.Hepworth wrote: > Gerard > > See inline.. > Inline is great for messages that only receive a few at most replies. It becomes rather cumbersome and unwieldy on posts that receive numerous replies; especially when the various posters are replying to different sections of the OP's original post. A top poster will also place their signature at the top of the post. Inevitably, the will precede it with a 'sig delimiter'. Many MUA's are configured to strip all of the garbage that follows the 'sig delimiter' upon replying to a message. This is especially useful on message lists like this that add so much superfluous nonsense at the end of every post. If there are several replies to a post, and this extraneous text is not stripped prior to the message being posted, the final document becomes even more difficult to fathom, as well as totally wasting bandwidth and storage capacity. Neither of which is a problem with modern PC's, etc.; however it does display the lack of attention to detail by the perpetrators of such posts. Now, when the top poster places their signature with the 'sig delimiter' at the top of a message, and a user with an MUA configured to strip text following said delimiter upon replying attempts to simply reply to said message, all but the top posters reply will be deleted. That is great if the replier intended to only respond to the top posters text. Not so great if the replier wanted to address other portions of the post. Obviously, there are ways around this predicament. > Like I said don't get me started - most MUA's used to bottom post the > MS-mail came along and broke the 'standard'. I can rant all day about M$ > and email:-) I believe your statement here is a total fabrication. In nearly thirty years I have used virtually every major MUA whether it was based on the Microsoft Window's model or some other OS. I have no personal knowledge that your statement is true. In fact, I find it to be counter to the actual facts. Can you provide some factual data to backup that statement? In any case, the easiest way to circumvent this problem is to shun users of poorly configured MUA's though. By the way, can you please explain to me why this nonsense has to be included with your replies: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Gerard Seibert > Sent: 06 June 2007 12:06 > To: mailscanner@lists.mailscanner.info > Subject: Re: Beta release 4.62.1 That is just so redundant. The address of the message is obvious, as is the subject. Even the reply header I use should probably lose the time display. I will have to get that done later this week. Isn't there some way you can fix yours? I haven't used Outlook since version 2002 (XP); however, I was not aware that it enforced a convoluted reply header like that by default. By the way, there are scant official standard regarding posting etiquette. These are somewhat interest however. http://en.wikipedia.org/wiki/Godwin's_law http://en.wikipedia.org/wiki/Top-post http://groups.google.com/support/bin/answer.py?answer=12348&topic=250 http://www.catb.org/~esr/faqs/smart-questions.html http://www.html-faq.com/etiquette/?toppost http://www.neverending.org/~ftobin/resources/formatting_email_replies/ http://www.reedmedia.net/misc/mail/using-mailing-list.html http://www.river.com/users/share/etiquette/ http://www.river.com/users/share/etiquette/trumpetpower-netiquette.html -- Ciao Gerard DISCLAIMER If you find a posting or message from me offensive, inappropriate, or disruptive, please ignore it. If you don't know how to ignore a posting, complain to me and I will be only too happy to demonstrate... ;-) From rcooper at dwford.com Wed Jun 6 13:16:01 2007 From: rcooper at dwford.com (Rick Cooper) Date: Wed Jun 6 13:16:07 2007 Subject: Can't get clamd working??? In-Reply-To: <4666969F.1060100@ecs.soton.ac.uk> References: <4666025A.2020100@rogers.com> <466627AD.7080809@rogers.com><466681D7.1020004@ecs.soton.ac.uk> <4666969F.1060100@ecs.soton.ac.uk> Message-ID: <010a01c7a834$728baa70$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: Wednesday, June 06, 2007 7:13 AM > To: MailScanner discussion > Subject: Re: Can't get clamd working??? > > Attached is a new SweepViruses.pm (gzip-ed) which will make > MailScanner --lint > detect the clamd scanner. > > I am not at all sure we should be checking for the > /var/lock/subsys/clamd file at all. This is a very "Linuxy" > feature, I'm > inclined to take it out or default it to be blank (has the > same effect). > > What do you think? > It the larger scheme of things it's doubtful that checking for the existance, even on a system that is using the lock file, will save much. The thought was to check for the lock file and short circuit the sockets part if the lock file was missing and supported. I have the ping timeout at 90 seconds so the most it would save would be 90 seconds per message (of course that's a lot in a moderate batch) if clamd was shutdown properly and on purpose. If it died or was killed (-9) the lock file would likely be there anyway. My feeling is default it to blank and the systems that already use it can use it. Another thing from yesterday is the threading before 0.90. I assume you want to mention the minimum release to use threading in the config file, do you want to add a version check, warning, and switch to CONTSCAN if someone shoots themselves in the foot? Pretty easy, switch the PING section to SESSION (so only one connection) and after a PONG send VERSION, which returns the current clamd version, database version and last update. If ScanType is MULTISCAN and version is < 0.90 warn the operator and change the ScanType to CONTSCAN. Would add probably 25 30 lines of code. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From andy.mac at global-domination.org Wed Jun 6 13:31:22 2007 From: andy.mac at global-domination.org (Andrew MacLachlan) Date: Wed Jun 6 13:31:36 2007 Subject: Beta release 4.62.1 Message-ID: And there I was - thinking that this was a pretty much flame-free list... -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gerard Seibert Sent: 06 June 2007 12:59 To: mailscanner@lists.mailscanner.info Subject: Re: Beta release 4.62.1 On Wednesday June 06, 2007 at 07:13:19 (AM) Martin.Hepworth wrote: > Gerard > > See inline.. > Inline is great for messages that only receive a few at most replies. It becomes rather cumbersome and unwieldy on posts that receive numerous replies; especially when the various posters are replying to different sections of the OP's original post. A top poster will also place their signature at the top of the post. Inevitably, the will precede it with a 'sig delimiter'. Many MUA's are configured to strip all of the garbage that follows the 'sig delimiter' upon replying to a message. This is especially useful on message lists like this that add so much superfluous nonsense at the end of every post. If there are several replies to a post, and this extraneous text is not stripped prior to the message being posted, the final document becomes even more difficult to fathom, as well as totally wasting bandwidth and storage capacity. Neither of which is a problem with modern PC's, etc.; however it does display the lack of attention to detail by the perpetrators of such posts. Now, when the top poster places their signature with the 'sig delimiter' at the top of a message, and a user with an MUA configured to strip text following said delimiter upon replying attempts to simply reply to said message, all but the top posters reply will be deleted. That is great if the replier intended to only respond to the top posters text. Not so great if the replier wanted to address other portions of the post. Obviously, there are ways around this predicament. > Like I said don't get me started - most MUA's used to bottom post the > MS-mail came along and broke the 'standard'. I can rant all day about M$ > and email:-) I believe your statement here is a total fabrication. In nearly thirty years I have used virtually every major MUA whether it was based on the Microsoft Window's model or some other OS. I have no personal knowledge that your statement is true. In fact, I find it to be counter to the actual facts. Can you provide some factual data to backup that statement? In any case, the easiest way to circumvent this problem is to shun users of poorly configured MUA's though. By the way, can you please explain to me why this nonsense has to be included with your replies: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Gerard Seibert > Sent: 06 June 2007 12:06 > To: mailscanner@lists.mailscanner.info > Subject: Re: Beta release 4.62.1 That is just so redundant. The address of the message is obvious, as is the subject. Even the reply header I use should probably lose the time display. I will have to get that done later this week. Isn't there some way you can fix yours? I haven't used Outlook since version 2002 (XP); however, I was not aware that it enforced a convoluted reply header like that by default. By the way, there are scant official standard regarding posting etiquette. These are somewhat interest however. http://en.wikipedia.org/wiki/Godwin's_law http://en.wikipedia.org/wiki/Top-post http://groups.google.com/support/bin/answer.py?answer=12348&topic=250 http://www.catb.org/~esr/faqs/smart-questions.html http://www.html-faq.com/etiquette/?toppost http://www.neverending.org/~ftobin/resources/formatting_email_replies/ http://www.reedmedia.net/misc/mail/using-mailing-list.html http://www.river.com/users/share/etiquette/ http://www.river.com/users/share/etiquette/trumpetpower-netiquette.html -- Ciao Gerard DISCLAIMER If you find a posting or message from me offensive, inappropriate, or disruptive, please ignore it. If you don't know how to ignore a posting, complain to me and I will be only too happy to demonstrate... ;-) -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message was scanned by ESVA and is believed to be clean. From list-mailscanner at linguaphone.com Wed Jun 6 13:32:53 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Jun 6 13:32:59 2007 Subject: Clamav load In-Reply-To: <910ee2ac0706060454g7cb47f48l178df44854c59811@mail.gmail.com> References: <910ee2ac0706060454g7cb47f48l178df44854c59811@mail.gmail.com> Message-ID: <1181133173.8799.23.camel@gblades-suse.linguaphone-intranet.co.uk> On Wed, 2007-06-06 at 12:54, emm1 wrote: > Hello, Im running the newest MailScanner from FreeBSD 6.2 ports, > 4.60.8 and clamav 0.90.3 and I am experiencing very slow scan times > and high loads. > > 2240 root 1 107 0 39056K 36684K RUN 0:18 44.21% clamscan > 2248 root 1 108 0 38272K 35900K RUN 0:07 31.08% clamscan > 2256 root 1 108 0 11852K 9452K RUN 0:03 23.99% clamscan > 2262 root 1 108 0 11752K 9352K RUN 0:03 20.87% clamscan > 656 clamav 1 4 0 39480K 36996K accept 0:27 0.00% clamd > > > As soon as I turn the virusscan off in MailScanner.conf everything is fine. > > Any suggestions? > > Thanks! Turn off clamscan support and use either clamd or clamavmodule instead. Clamscan loads the virus database every time it scans which is a lot slower. From rcooper at dwford.com Wed Jun 6 13:37:05 2007 From: rcooper at dwford.com (Rick Cooper) Date: Wed Jun 6 13:37:11 2007 Subject: Clamav load In-Reply-To: <910ee2ac0706060454g7cb47f48l178df44854c59811@mail.gmail.com> References: <910ee2ac0706060454g7cb47f48l178df44854c59811@mail.gmail.com> Message-ID: <011401c7a837$63e6db90$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of emm1 > Sent: Wednesday, June 06, 2007 7:54 AM > To: MailScanner discussion > Subject: Clamav load > > Hello, Im running the newest MailScanner from FreeBSD 6.2 ports, > 4.60.8 and clamav 0.90.3 and I am experiencing very slow scan times > and high loads. > > 2240 root 1 107 0 39056K 36684K RUN 0:18 > 44.21% clamscan > 2248 root 1 108 0 38272K 35900K RUN 0:07 > 31.08% clamscan > 2256 root 1 108 0 11852K 9452K RUN 0:03 > 23.99% clamscan > 2262 root 1 108 0 11752K 9352K RUN 0:03 > 20.87% clamscan > 656 clamav 1 4 0 39480K 36996K accept 0:27 0.00% clamd > > > As soon as I turn the virusscan off in MailScanner.conf > everything is fine. > > Any suggestions? > Don't use clamscan. I believe you will find that MailScanner version supports the clamdscan version of clamd (which will actually user your running clamd) and you should see a marked improvement is performance. Or use ClamAVModule. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ljosnet at gmail.com Wed Jun 6 13:45:47 2007 From: ljosnet at gmail.com (emm1) Date: Wed Jun 6 13:45:50 2007 Subject: Clamav load In-Reply-To: <011401c7a837$63e6db90$0301a8c0@SAHOMELT> References: <910ee2ac0706060454g7cb47f48l178df44854c59811@mail.gmail.com> <011401c7a837$63e6db90$0301a8c0@SAHOMELT> Message-ID: <910ee2ac0706060545o20c0bef6k4ae05c60cd3807ba@mail.gmail.com> Howto turn off clamscan and use clamd instead? On 6/6/07, Rick Cooper wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of emm1 > > Sent: Wednesday, June 06, 2007 7:54 AM > > To: MailScanner discussion > > Subject: Clamav load > > > > Hello, Im running the newest MailScanner from FreeBSD 6.2 ports, > > 4.60.8 and clamav 0.90.3 and I am experiencing very slow scan times > > and high loads. > > > > 2240 root 1 107 0 39056K 36684K RUN 0:18 > > 44.21% clamscan > > 2248 root 1 108 0 38272K 35900K RUN 0:07 > > 31.08% clamscan > > 2256 root 1 108 0 11852K 9452K RUN 0:03 > > 23.99% clamscan > > 2262 root 1 108 0 11752K 9352K RUN 0:03 > > 20.87% clamscan > > 656 clamav 1 4 0 39480K 36996K accept 0:27 0.00% clamd > > > > > > As soon as I turn the virusscan off in MailScanner.conf > > everything is fine. > > > > Any suggestions? > > > > Don't use clamscan. I believe you will find that MailScanner version > supports the clamdscan version of clamd (which will actually user your > running clamd) and you should see a marked improvement is performance. Or > use ClamAVModule. > > Rick > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From martinh at solidstatelogic.com Wed Jun 6 13:56:31 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jun 6 13:56:42 2007 Subject: Clamav load In-Reply-To: <910ee2ac0706060545o20c0bef6k4ae05c60cd3807ba@mail.gmail.com> Message-ID: Hi In MailScanner.conf edit the virus Scanners line and make sure it's clamd rather than auto or anything.. BTW this means of course you're running clamd in the first place! -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of emm1 > Sent: 06 June 2007 13:46 > To: MailScanner discussion > Subject: Re: Clamav load > > Howto turn off clamscan and use clamd instead? > > On 6/6/07, Rick Cooper wrote: > > > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of emm1 > > > Sent: Wednesday, June 06, 2007 7:54 AM > > > To: MailScanner discussion > > > Subject: Clamav load > > > > > > Hello, Im running the newest MailScanner from FreeBSD 6.2 ports, > > > 4.60.8 and clamav 0.90.3 and I am experiencing very slow scan times > > > and high loads. > > > > > > 2240 root 1 107 0 39056K 36684K RUN 0:18 > > > 44.21% clamscan > > > 2248 root 1 108 0 38272K 35900K RUN 0:07 > > > 31.08% clamscan > > > 2256 root 1 108 0 11852K 9452K RUN 0:03 > > > 23.99% clamscan > > > 2262 root 1 108 0 11752K 9352K RUN 0:03 > > > 20.87% clamscan > > > 656 clamav 1 4 0 39480K 36996K accept 0:27 0.00% clamd > > > > > > > > > As soon as I turn the virusscan off in MailScanner.conf > > > everything is fine. > > > > > > Any suggestions? > > > > > > > Don't use clamscan. I believe you will find that MailScanner version > > supports the clamdscan version of clamd (which will actually user your > > running clamd) and you should see a marked improvement is performance. > Or > > use ClamAVModule. > > > > Rick > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From ljosnet at gmail.com Wed Jun 6 15:02:25 2007 From: ljosnet at gmail.com (emm1) Date: Wed Jun 6 15:02:28 2007 Subject: Clamav load In-Reply-To: References: <910ee2ac0706060545o20c0bef6k4ae05c60cd3807ba@mail.gmail.com> Message-ID: <910ee2ac0706060702l1c904effo9e03963ce60ef6ee@mail.gmail.com> Thanks, had to make some adjustments for it to work on FreeBSD. But wow, what a difference in performance. Why isnt this used by default? :) On 6/6/07, Martin.Hepworth wrote: > Hi > > In MailScanner.conf edit the virus Scanners line and make sure it's > clamd rather than auto or anything.. > > BTW this means of course you're running clamd in the first place! > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of emm1 > > Sent: 06 June 2007 13:46 > > To: MailScanner discussion > > Subject: Re: Clamav load > > > > Howto turn off clamscan and use clamd instead? > > > > On 6/6/07, Rick Cooper wrote: > > > > > > > > > > -----Original Message----- > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > emm1 > > > > Sent: Wednesday, June 06, 2007 7:54 AM > > > > To: MailScanner discussion > > > > Subject: Clamav load > > > > > > > > Hello, Im running the newest MailScanner from FreeBSD 6.2 ports, > > > > 4.60.8 and clamav 0.90.3 and I am experiencing very slow scan > times > > > > and high loads. > > > > > > > > 2240 root 1 107 0 39056K 36684K RUN 0:18 > > > > 44.21% clamscan > > > > 2248 root 1 108 0 38272K 35900K RUN 0:07 > > > > 31.08% clamscan > > > > 2256 root 1 108 0 11852K 9452K RUN 0:03 > > > > 23.99% clamscan > > > > 2262 root 1 108 0 11752K 9352K RUN 0:03 > > > > 20.87% clamscan > > > > 656 clamav 1 4 0 39480K 36996K accept 0:27 0.00% > clamd > > > > > > > > > > > > As soon as I turn the virusscan off in MailScanner.conf > > > > everything is fine. > > > > > > > > Any suggestions? > > > > > > > > > > Don't use clamscan. I believe you will find that MailScanner version > > > supports the clamdscan version of clamd (which will actually user > your > > > running clamd) and you should see a marked improvement is > performance. > > Or > > > use ClamAVModule. > > > > > > Rick > > > > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content by MailScanner, and is > > > believed to be clean. > > > > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Wed Jun 6 15:01:53 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 6 15:03:33 2007 Subject: OT: Re: Beta release 4.62.1 In-Reply-To: References: Message-ID: <4666BE51.6030401@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070606/ffe5ce6c/PGP.bin From martinh at solidstatelogic.com Wed Jun 6 15:10:43 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jun 6 15:10:46 2007 Subject: Clamav load In-Reply-To: <910ee2ac0706060702l1c904effo9e03963ce60ef6ee@mail.gmail.com> Message-ID: <23f42e890189274da1ab4c5ead7074ec@solidstatelogic.com> We're working on this on the new beta... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of emm1 > Sent: 06 June 2007 15:02 > To: MailScanner discussion > Subject: Re: Clamav load > > Thanks, had to make some adjustments for it to work on FreeBSD. But > wow, what a difference in performance. Why isnt this used by default? > :) > > > > On 6/6/07, Martin.Hepworth wrote: > > Hi > > > > In MailScanner.conf edit the virus Scanners line and make sure it's > > clamd rather than auto or anything.. > > > > BTW this means of course you're running clamd in the first place! > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of emm1 > > > Sent: 06 June 2007 13:46 > > > To: MailScanner discussion > > > Subject: Re: Clamav load > > > > > > Howto turn off clamscan and use clamd instead? > > > > > > On 6/6/07, Rick Cooper wrote: > > > > > > > > > > > > > -----Original Message----- > > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > emm1 > > > > > Sent: Wednesday, June 06, 2007 7:54 AM > > > > > To: MailScanner discussion > > > > > Subject: Clamav load > > > > > > > > > > Hello, Im running the newest MailScanner from FreeBSD 6.2 ports, > > > > > 4.60.8 and clamav 0.90.3 and I am experiencing very slow scan > > times > > > > > and high loads. > > > > > > > > > > 2240 root 1 107 0 39056K 36684K RUN 0:18 > > > > > 44.21% clamscan > > > > > 2248 root 1 108 0 38272K 35900K RUN 0:07 > > > > > 31.08% clamscan > > > > > 2256 root 1 108 0 11852K 9452K RUN 0:03 > > > > > 23.99% clamscan > > > > > 2262 root 1 108 0 11752K 9352K RUN 0:03 > > > > > 20.87% clamscan > > > > > 656 clamav 1 4 0 39480K 36996K accept 0:27 0.00% > > clamd > > > > > > > > > > > > > > > As soon as I turn the virusscan off in MailScanner.conf > > > > > everything is fine. > > > > > > > > > > Any suggestions? > > > > > > > > > > > > > Don't use clamscan. I believe you will find that MailScanner version > > > > supports the clamdscan version of clamd (which will actually user > > your > > > > running clamd) and you should see a marked improvement is > > performance. > > > Or > > > > use ClamAVModule. > > > > > > > > Rick > > > > > > > > > > > > -- > > > > This message has been scanned for viruses and > > > > dangerous content by MailScanner, and is > > > > believed to be clean. > > > > > > > > > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are intended for the > > addressee only and may be confidential. If they come to you in error > > you must take no action based on them, nor must you copy or show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data corruption. We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales > > (Company No:5362730) > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > United Kingdom > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From clacroix at cegep-ste-foy.qc.ca Wed Jun 6 15:21:50 2007 From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix) Date: Wed Jun 6 15:21:57 2007 Subject: Clamav load In-Reply-To: <910ee2ac0706060702l1c904effo9e03963ce60ef6ee@mail.gmail.com> References: <910ee2ac0706060545o20c0bef6k4ae05c60cd3807ba@mail.gmail.com> <910ee2ac0706060702l1c904effo9e03963ce60ef6ee@mail.gmail.com> Message-ID: <200706061021.50347.clacroix@cegep-ste-foy.qc.ca> This means that next month i shall put away clamsmtp module for postfix !! Thanks On Wednesday 06 June 2007 10:02, emm1 wrote: > Thanks, had to make some adjustments for it to work on FreeBSD. But > wow, what a difference in performance. Why isnt this used by default? > > :) > > On 6/6/07, Martin.Hepworth wrote: > > Hi > > > > In MailScanner.conf edit the virus Scanners line and make sure it's > > clamd rather than auto or anything.. > > > > BTW this means of course you're running clamd in the first place! > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of emm1 > > > Sent: 06 June 2007 13:46 > > > To: MailScanner discussion > > > Subject: Re: Clamav load > > > > > > Howto turn off clamscan and use clamd instead? > > > > > > On 6/6/07, Rick Cooper wrote: > > > > > -----Original Message----- > > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > > > emm1 > > > > > > > Sent: Wednesday, June 06, 2007 7:54 AM > > > > > To: MailScanner discussion > > > > > Subject: Clamav load > > > > > > > > > > Hello, Im running the newest MailScanner from FreeBSD 6.2 ports, > > > > > 4.60.8 and clamav 0.90.3 and I am experiencing very slow scan > > > > times > > > > > > > and high loads. > > > > > > > > > > 2240 root 1 107 0 39056K 36684K RUN 0:18 > > > > > 44.21% clamscan > > > > > 2248 root 1 108 0 38272K 35900K RUN 0:07 > > > > > 31.08% clamscan > > > > > 2256 root 1 108 0 11852K 9452K RUN 0:03 > > > > > 23.99% clamscan > > > > > 2262 root 1 108 0 11752K 9352K RUN 0:03 > > > > > 20.87% clamscan > > > > > 656 clamav 1 4 0 39480K 36996K accept 0:27 0.00% > > > > clamd > > > > > > > As soon as I turn the virusscan off in MailScanner.conf > > > > > everything is fine. > > > > > > > > > > Any suggestions? > > > > > > > > Don't use clamscan. I believe you will find that MailScanner version > > > > supports the clamdscan version of clamd (which will actually user > > > > your > > > > > > running clamd) and you should see a marked improvement is > > > > performance. > > > > > Or > > > > > > > use ClamAVModule. > > > > > > > > Rick > > > > > > > > > > > > -- > > > > This message has been scanned for viruses and > > > > dangerous content by MailScanner, and is > > > > believed to be clean. > > > > > > > > > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are intended for the > > addressee only and may be confidential. If they come to you in error > > you must take no action based on them, nor must you copy or show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data corruption. We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales > > (Company No:5362730) > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > United Kingdom > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! -- Charles Lacroix, Administrateur UNIX. Service des t?l?communications et des technologies C?gep de Sainte-Foy (418) 659-6600 # 4266 From MailScanner at ecs.soton.ac.uk Wed Jun 6 15:37:09 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 6 15:39:16 2007 Subject: Clamav load In-Reply-To: <910ee2ac0706060702l1c904effo9e03963ce60ef6ee@mail.gmail.com> References: <910ee2ac0706060545o20c0bef6k4ae05c60cd3807ba@mail.gmail.com> <910ee2ac0706060702l1c904effo9e03963ce60ef6ee@mail.gmail.com> Message-ID: <4666C695.9070307@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In the next beta, it will be the default. I just haven't released the new code yet. Your other option is the "clamavmodule" scanner, for which you need the Mail::ClamAV Perl module together with its dependencies. The easiest way of installing that is to download and install my ClamAV+SpamAssassin package from www.mailscanner.info. Or else you can install Mail::ClamAV version 0.20 using CPAN if you know how to use that. The "clamavmodule" scanner doesn't rely on any daemon to be running, but is just about the same speed as clamd. emm1 wrote: > Thanks, had to make some adjustments for it to work on FreeBSD. But > wow, what a difference in performance. Why isnt this used by default? > :) > > > > On 6/6/07, Martin.Hepworth wrote: >> Hi >> >> In MailScanner.conf edit the virus Scanners line and make sure it's >> clamd rather than auto or anything.. >> >> BTW this means of course you're running clamd in the first place! >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> > -----Original Message----- >> > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> > bounces@lists.mailscanner.info] On Behalf Of emm1 >> > Sent: 06 June 2007 13:46 >> > To: MailScanner discussion >> > Subject: Re: Clamav load >> > >> > Howto turn off clamscan and use clamd instead? >> > >> > On 6/6/07, Rick Cooper wrote: >> > > >> > > >> > > > -----Original Message----- >> > > > From: mailscanner-bounces@lists.mailscanner.info >> > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> emm1 >> > > > Sent: Wednesday, June 06, 2007 7:54 AM >> > > > To: MailScanner discussion >> > > > Subject: Clamav load >> > > > >> > > > Hello, Im running the newest MailScanner from FreeBSD 6.2 ports, >> > > > 4.60.8 and clamav 0.90.3 and I am experiencing very slow scan >> times >> > > > and high loads. >> > > > >> > > > 2240 root 1 107 0 39056K 36684K RUN 0:18 >> > > > 44.21% clamscan >> > > > 2248 root 1 108 0 38272K 35900K RUN 0:07 >> > > > 31.08% clamscan >> > > > 2256 root 1 108 0 11852K 9452K RUN 0:03 >> > > > 23.99% clamscan >> > > > 2262 root 1 108 0 11752K 9352K RUN 0:03 >> > > > 20.87% clamscan >> > > > 656 clamav 1 4 0 39480K 36996K accept 0:27 0.00% >> clamd >> > > > >> > > > >> > > > As soon as I turn the virusscan off in MailScanner.conf >> > > > everything is fine. >> > > > >> > > > Any suggestions? >> > > > >> > > >> > > Don't use clamscan. I believe you will find that MailScanner version >> > > supports the clamdscan version of clamd (which will actually user >> your >> > > running clamd) and you should see a marked improvement is >> performance. >> > Or >> > > use ClamAVModule. >> > > >> > > Rick >> > > >> > > >> > > -- >> > > This message has been scanned for viruses and >> > > dangerous content by MailScanner, and is >> > > believed to be clean. >> > > >> > > >> > > -- >> > > MailScanner mailing list >> > > mailscanner@lists.mailscanner.info >> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > > >> > > Before posting, read http://wiki.mailscanner.info/posting >> > > >> > > Support MailScanner development - buy the book off the website! >> > > >> > -- >> > MailScanner mailing list >> > mailscanner@lists.mailscanner.info >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the website! >> >> >> >> >> ********************************************************************** >> Confidentiality : This e-mail and any attachments are intended for the >> addressee only and may be confidential. If they come to you in error >> you must take no action based on them, nor must you copy or show them >> to anyone. Please advise the sender by replying to this e-mail >> immediately and then delete the original from your computer. >> Opinion : Any opinions expressed in this e-mail are entirely those of >> the author and unless specifically stated to the contrary, are not >> necessarily those of the author's employer. >> Security Warning : Internet e-mail is not necessarily a secure >> communications medium and can be subject to data corruption. We advise >> that you consider this fact when e-mailing us. >> Viruses : We have taken steps to ensure that this e-mail and any >> attachments are free from known viruses but in keeping with good >> computing practice, you should ensure that they are virus free. >> >> Red Lion 49 Ltd T/A Solid State Logic >> Registered as a limited company in England and Wales >> (Company No:5362730) >> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >> United Kingdom >> ********************************************************************** >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGZsaZEfZZRxQVtlQRAndrAJ4h6xsxn7zIdjwfVZlRpGJhizU7ygCfSggv LvZFuUGxjJ/qN5XD1xXenrk= =BiNR -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From gerard at seibercom.net Wed Jun 6 15:50:05 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Wed Jun 6 15:49:53 2007 Subject: Beta release 4.62.1 In-Reply-To: References: Message-ID: <20070606103910.D00B.GERARD@seibercom.net> On Wednesday June 06, 2007 at 08:31:22 (AM) Andrew MacLachlan wrote: > And there I was - thinking that this was a pretty much flame-free > list... I can assure you that this is NOT a flame war. I simply find it absurd to make a general statement that Microsoft's Outlook is responsible for creating 'top posters'. Even more assinine is the often stated statement that the user is forced to 'top post' because that is where the MUA placed the cursor. The same user will then proceed to type any where from a few to a few hundred or thousand key strokes, yet they could not spend the time or effort to enter the + key combination. I just find that rationality totally incomprehensible. -- Gerard From martinh at solidstatelogic.com Wed Jun 6 16:07:11 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jun 6 16:07:43 2007 Subject: Beta release 4.62.1 In-Reply-To: <20070606103910.D00B.GERARD@seibercom.net> Message-ID: <721c5262a04b6f4888ff6d532e87c257@solidstatelogic.com> Gerard Yes it's stupid, can we move on please.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Gerard Seibert > Sent: 06 June 2007 15:50 > To: mailscanner@lists.mailscanner.info > Subject: Re[2]: Beta release 4.62.1 > > On Wednesday June 06, 2007 at 08:31:22 (AM) Andrew MacLachlan wrote: > > > And there I was - thinking that this was a pretty much flame-free > > list... > > I can assure you that this is NOT a flame war. I simply find it > absurd to make a general statement that Microsoft's Outlook is > responsible for creating 'top posters'. Even more assinine is the > often stated statement that the user is forced to 'top post' because > that is where the MUA placed the cursor. The same user will then > proceed to type any where from a few to a few hundred or thousand key > strokes, yet they could not spend the time or effort to enter the > + key combination. I just find that rationality totally > incomprehensible. > > -- > Gerard > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Wed Jun 6 16:26:10 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 6 16:27:18 2007 Subject: MailScanner monitoring Message-ID: <4666D212.2000403@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is MailScanner-mrtg still being maintained at all? The files on Sourceforge seem very old. What's reckoned as the best these days? Has anyone written any plugins for Munin for it, for example? Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGZtIWEfZZRxQVtlQRAo2eAJ9JQihTbo/9BSg5iAgQCa/o3lSbUgCfVNPB FWT/wf/VU1O80t9BpGCAQzI= =J0jc -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Wed Jun 6 16:29:47 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 6 16:30:13 2007 Subject: SA not working after upgrade In-Reply-To: <22774.222.123.0.244.1181125796.squirrel@mail.fumlersoft.dk> References: <22774.222.123.0.244.1181125796.squirrel@mail.fumlersoft.dk> Message-ID: Mogens Melander spake the following on 6/6/2007 3:29 AM: > Hi, > > Yesterday i did an cpan upgrade of SpamAssassin, after > which, it seems that MailScanner no longer uses SA. > > A spamassassin --lint gave no clue as all looked good. > > I tried to make a symling from /etc/MailScanner/spam.assassin.prefs.conf > to /etc/mail/mailscanner.cf which resulted in following error: > > # spamassassin --lint > [21230] warn: config: failed to parse line, skipping, in > "/etc/mail/spamassassin/mailscanner.cf": use_dcc 1 > [21230] warn: config: failed to parse line, skipping, in > "/etc/mail/spamassassin/mailscanner.cf": dcc_path /usr/local/bin/dccproc > [21230] warn: config: failed to parse line, skipping, in > "/etc/mail/spamassassin/mailscanner.cf": dcc_home /var/dcc > [21230] warn: config: failed to parse line, skipping, in > "/etc/mail/spamassassin/mailscanner.cf": dcc_body_max 500 > [21230] warn: config: failed to parse line, skipping, in > "/etc/mail/spamassassin/mailscanner.cf": dcc_fuz1_max 500 > [21230] warn: config: failed to parse line, skipping, in > "/etc/mail/spamassassin/mailscanner.cf": dcc_fuz2_max 500 > [21230] warn: config: warning: score set for non-existent rule RCVD_IN_RSL > [21230] warn: config: warning: score set for non-existent rule DCC_CHECK > [21230] warn: lint: 8 issues detected, please rerun with debug enabled for > more information > > So i guess that's not the solution either. > > I'm being flodded in spam, so hints are more than welcome. > Did you originally install spamassassin from CPAN? If you installed it any other way, you need to update it the same way every time. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From list-mailscanner at linguaphone.com Wed Jun 6 16:31:50 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Jun 6 16:31:57 2007 Subject: MailScanner monitoring In-Reply-To: <4666D212.2000403@ecs.soton.ac.uk> References: <4666D212.2000403@ecs.soton.ac.uk> Message-ID: <1181143910.8793.33.camel@gblades-suse.linguaphone-intranet.co.uk> I use Nagios for all our Linux servers and it works very well. You dont really need any mailscanner specific plugin for it since it can look for a running process with a specific name. On Wed, 2007-06-06 at 16:26, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Is MailScanner-mrtg still being maintained at all? The files on > Sourceforge seem very old. > What's reckoned as the best these days? Has anyone written any plugins > for Munin for it, for example? > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.1 (Build 1012) > Charset: ISO-8859-1 > > wj8DBQFGZtIWEfZZRxQVtlQRAo2eAJ9JQihTbo/9BSg5iAgQCa/o3lSbUgCfVNPB > FWT/wf/VU1O80t9BpGCAQzI= > =J0jc > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk From Richard.Frovarp at sendit.nodak.edu Wed Jun 6 16:38:37 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Wed Jun 6 16:38:40 2007 Subject: MailScanner monitoring In-Reply-To: <1181143910.8793.33.camel@gblades-suse.linguaphone-intranet.co.uk> References: <4666D212.2000403@ecs.soton.ac.uk> <1181143910.8793.33.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <4666D4FD.7010705@sendit.nodak.edu> Gareth wrote: > I use Nagios for all our Linux servers and it works very well. > You dont really need any mailscanner specific plugin for it since it can > look for a running process with a specific name. > > On Wed, 2007-06-06 at 16:26, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Is MailScanner-mrtg still being maintained at all? The files on >> Sourceforge seem very old. >> What's reckoned as the best these days? Has anyone written any plugins >> for Munin for it, for example? >> >> Jules >> MailScanner-mrtg is nice in that it shows numbers of files processed, waiting in the mqueue.in, waiting to be sent, virus found, all in nice graphs. We still use it, however I haven't looked for anything else. We do have another system in place to monitor machines and page during an error. MailScanner-mrtg helps give a quick view of the health of the system and the load it has and is under. From MailScanner at ecs.soton.ac.uk Wed Jun 6 16:40:16 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 6 16:40:52 2007 Subject: MailScanner monitoring In-Reply-To: <1181143910.8793.33.camel@gblades-suse.linguaphone-intranet.co.uk> References: <4666D212.2000403@ecs.soton.ac.uk> <1181143910.8793.33.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <4666D560.5030209@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070606/39ece5c2/PGP.bin From mkettler at evi-inc.com Wed Jun 6 16:41:48 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Jun 6 16:42:04 2007 Subject: MailScanner monitoring In-Reply-To: <1181143910.8793.33.camel@gblades-suse.linguaphone-intranet.co.uk> References: <4666D212.2000403@ecs.soton.ac.uk> <1181143910.8793.33.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <4666D5BC.6020705@evi-inc.com> Personally, I use both. Nagios is great for detecting downtime, etc. However, it doesn't do all the detailed graphing that mailscanner-mrtg does. mailscanner-mrtg does a lot of nice graphs like average score, queue depth, etc. I tend to use it for diagnosing long-term performance problems. don't know of anything for nagios that's so pervasive. You could hack up a nagios plugin to use the mailscanner-mrtg scripts pretty easily, and then add graphing to nagios, but at that point you're still using mailscanner-mrtg's scripts to parse your logs. Gareth wrote: > I use Nagios for all our Linux servers and it works very well. > You dont really need any mailscanner specific plugin for it since it can > look for a running process with a specific name. > > On Wed, 2007-06-06 at 16:26, Julian Field wrote: > Is MailScanner-mrtg still being maintained at all? The files on > Sourceforge seem very old. > What's reckoned as the best these days? Has anyone written any plugins > for Munin for it, for example? > > Jules > >> -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Wed Jun 6 16:41:53 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 6 16:42:10 2007 Subject: Beta release 4.62.1 In-Reply-To: References: <078b01c7a7ba$e2e061a0$0301a8c0@SAHOMELT> Message-ID: Martin.Hepworth spake the following on 6/6/2007 2:10 AM: > Outlook top posts by default and my boss says this is the defacto > standard so I can't change it (don't get me started....;-( > > Anyway 0.90.2 was the first release to use threads (I had to stop it > using pthreads on my old FreeBSD version which was a bit of fun). > It looks as though your boss insists on a confidentiality disclaimer. Although the last part may be legally required in your part of the world, the first paragraph is totally just a waste of electrons. > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 <> > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. If it is confidential, then why is it posted to a mailing list seen by hundreds? > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. Because employers don't pay people to have opinions > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. Noted. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. Don't worry. If it had a virus, you would sure hear about it on this list! > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom I understand that this part is legally required. > ********************************************************************** > -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From john at tradoc.fr Wed Jun 6 16:44:14 2007 From: john at tradoc.fr (John Wilcock) Date: Wed Jun 6 16:44:27 2007 Subject: MailScanner monitoring In-Reply-To: <4666D212.2000403@ecs.soton.ac.uk> References: <4666D212.2000403@ecs.soton.ac.uk> Message-ID: <4666D64E.7080404@tradoc.fr> Julian Field wrote: > Is MailScanner-mrtg still being maintained at all? The files on > Sourceforge seem very old. > What's reckoned as the best these days? Has anyone written any plugins > for Munin for it, for example? Not sure if it's what you're looking for, but I was pleasantly surprised to discover recently that Mailgraph supports MailScanner directly. http://mailgraph.schweikert.ch/ John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From Denis.Beauchemin at USherbrooke.ca Wed Jun 6 16:44:58 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Jun 6 16:45:12 2007 Subject: MailScanner monitoring In-Reply-To: <4666D212.2000403@ecs.soton.ac.uk> References: <4666D212.2000403@ecs.soton.ac.uk> Message-ID: <4666D67A.6020702@USherbrooke.ca> Julian Field a ?crit : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Is MailScanner-mrtg still being maintained at all? The files on > Sourceforge seem very old. > I'm still using it. It is quite useful, even though it has not been updated in a long time. I developed some extensions to monitor more processes and disks and use them on some servers (I even use MS-mrtg on non-MS servers). Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From dhawal at netmagicsolutions.com Wed Jun 6 16:48:41 2007 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Jun 6 16:49:01 2007 Subject: MailScanner monitoring In-Reply-To: <4666D212.2000403@ecs.soton.ac.uk> References: <4666D212.2000403@ecs.soton.ac.uk> Message-ID: <4666D759.9000305@netmagicsolutions.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Is MailScanner-mrtg still being maintained at all? The files on > Sourceforge seem very old. > What's reckoned as the best these days? Has anyone written any plugins > for Munin for it, for example? mailscanner-mrtg still does a decent job for trending.. nagios can monitor by process name and plugins for monitoring MTA process / queues also exist.. If you remember, i had sent you a amavisd-new technical pdf which among other things talked about amavisd-agent providing a snmp insight to health and statistics.. you could consider adding something similar to MailScanner provided the need exists? From Denis.Beauchemin at USherbrooke.ca Wed Jun 6 16:52:03 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Jun 6 16:52:26 2007 Subject: MailScanner monitoring In-Reply-To: <1181143910.8793.33.camel@gblades-suse.linguaphone-intranet.co.uk> References: <4666D212.2000403@ecs.soton.ac.uk> <1181143910.8793.33.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <4666D823.1050307@USherbrooke.ca> Gareth a ?crit : > I use Nagios for all our Linux servers and it works very well. > You dont really need any mailscanner specific plugin for it since it can > look for a running process with a specific name. > > On Wed, 2007-06-06 at 16:26, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Is MailScanner-mrtg still being maintained at all? The files on >> Sourceforge seem very old. >> What's reckoned as the best these days? Has anyone written any plugins >> for Munin for it, for example? >> >> But MS-MRTG also looks at your maillog to tell you how many emails/spam/ham/virus were seen. It also looks at your quarantine directory. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From prandal at herefordshire.gov.uk Wed Jun 6 16:52:09 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Jun 6 16:53:21 2007 Subject: MailScanner monitoring In-Reply-To: <4666D212.2000403@ecs.soton.ac.uk> References: <4666D212.2000403@ecs.soton.ac.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAD53427@HC-MBX02.herefordshire.gov.uk> It could certainly be improved, by counting stuff rejected by sendmail's GreetPause, for example. Other than that sort of thing, it's OK as it is. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: 06 June 2007 16:26 > To: MailScanner discussion > Subject: MailScanner monitoring > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Is MailScanner-mrtg still being maintained at all? The files on > Sourceforge seem very old. > What's reckoned as the best these days? Has anyone written > any plugins > for Munin for it, for example? > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.1 (Build 1012) > Charset: ISO-8859-1 > > wj8DBQFGZtIWEfZZRxQVtlQRAo2eAJ9JQihTbo/9BSg5iAgQCa/o3lSbUgCfVNPB > FWT/wf/VU1O80t9BpGCAQzI= > =J0jc > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From lists at tessalate.net Wed Jun 6 17:00:57 2007 From: lists at tessalate.net (YAN) Date: Wed Jun 6 17:01:38 2007 Subject: MailScanner monitoring In-Reply-To: <4666D212.2000403@ecs.soton.ac.uk> Message-ID: <200706061601.l56G12up012394@mx1.tessalate.net> > Is MailScanner-mrtg still being maintained at all? The files on > Sourceforge seem very old. > What's reckoned as the best these days? Has anyone written > any plugins > for Munin for it, for example? > > Jules There are several MailScanner scripts for cacti (www.cacti.net). Cacti scripts and graphs are also very easy to create and customise. Heres a couple of the outputs from the already available MailScanner: http://forums.cacti.net/about7618.html&highlight=mailscanner http://forums.cacti.net/about7830.html&highlight=mailscanner http://forums.cacti.net/about15651.html&highlight=mailscanner YAN From ka at pacific.net Wed Jun 6 17:03:58 2007 From: ka at pacific.net (Ken A) Date: Wed Jun 6 17:03:57 2007 Subject: MailScanner monitoring In-Reply-To: <1181143910.8793.33.camel@gblades-suse.linguaphone-intranet.co.uk> References: <4666D212.2000403@ecs.soton.ac.uk> <1181143910.8793.33.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <4666DAEE.9090307@pacific.net> Gareth wrote: > I use Nagios for all our Linux servers and it works very well. > You dont really need any mailscanner specific plugin for it since it can > look for a running process with a specific name. > > On Wed, 2007-06-06 at 16:26, Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Is MailScanner-mrtg still being maintained at all? The files on >> Sourceforge seem very old. >> What's reckoned as the best these days? Has anyone written any plugins >> for Munin for it, for example? >> >> Jules >> We use nagios too, to monitor in/out queues, load avg, disk space, etc, and most importantly, to notify if something is out of acceptable range. Nagios plugins are pretty simple. It looks like Munin makes nice graphs. Graphs are great to look at historical performance if something does go wrong - to see how long it had really been a problem before anyone noticed. I don't tend to look at them very often otherwise though. Ken -- Ken Anderson Pacific.Net From dave.list at pixelhammer.com Wed Jun 6 17:08:03 2007 From: dave.list at pixelhammer.com (DAve) Date: Wed Jun 6 17:09:07 2007 Subject: MailScanner monitoring In-Reply-To: <4666D560.5030209@ecs.soton.ac.uk> References: <4666D212.2000403@ecs.soton.ac.uk> <1181143910.8793.33.camel@gblades-suse.linguaphone-intranet.co.uk> <4666D560.5030209@ecs.soton.ac.uk> Message-ID: <4666DBE3.2000509@pixelhammer.com> Julian Field wrote: > I was looking for something that would show me some pretty graphs. We > already have Nagios doing the important stuff for them. We still use it, though we don't use the graphs per say. We call mailscanner-mrtg via snmp extend from Cacti and let Cacti do the graphing for us. Cacti makes *real* purty graphs, dazzles the PHBs. DAve > > Gareth wrote: >> I use Nagios for all our Linux servers and it works very well. >> You dont really need any mailscanner specific plugin for it since it can >> look for a running process with a specific name. >> >> On Wed, 2007-06-06 at 16:26, Julian Field wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Is MailScanner-mrtg still being maintained at all? The files on >>> Sourceforge seem very old. >>> What's reckoned as the best these days? Has anyone written any plugins >>> for Munin for it, for example? >>> >>> Jules >>> >>> - -- >>> Julian Field MEng CITP >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> MailScanner customisation, or any advanced system administration help? >>> Contact me at Jules@Jules.FM >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> For all your IT requirements visit www.transtec.co.uk >>> >>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: PGP Desktop 9.6.1 (Build 1012) >>> Charset: ISO-8859-1 >>> >>> wj8DBQFGZtIWEfZZRxQVtlQRAo2eAJ9JQihTbo/9BSg5iAgQCa/o3lSbUgCfVNPB >>> FWT/wf/VU1O80t9BpGCAQzI= >>> =J0jc >>> -----END PGP SIGNATURE----- >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> For all your IT requirements visit www.transtec.co.uk >>> >> >> > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From jase at sensis.com Wed Jun 6 17:17:38 2007 From: jase at sensis.com (Desai, Jason) Date: Wed Jun 6 17:18:04 2007 Subject: MailScanner monitoring In-Reply-To: <4666DAEE.9090307@pacific.net> Message-ID: <1951DC816E1A9F469307B05FA183F4389DC431@corpatsmail1.corp.sensis.com> > We use nagios too, to monitor in/out queues, load avg, disk > space, etc, > and most importantly, to notify if something is out of > acceptable range. > Nagios plugins are pretty simple. It looks like Munin makes > nice graphs. > Graphs are great to look at historical performance if > something does go > wrong - to see how long it had really been a problem before anyone > noticed. I don't tend to look at them very often otherwise though. > Ken If you're already using Nagios to monitor things, you could use set up NagiosGraph to provide graphs too. http://nagiosgraph.sourceforge.net/index.php/Main_Page Jase From ka at pacific.net Wed Jun 6 17:40:05 2007 From: ka at pacific.net (Ken A) Date: Wed Jun 6 17:40:09 2007 Subject: MailScanner monitoring In-Reply-To: <1951DC816E1A9F469307B05FA183F4389DC431@corpatsmail1.corp.sensis.com> References: <1951DC816E1A9F469307B05FA183F4389DC431@corpatsmail1.corp.sensis.com> Message-ID: <4666E365.5040602@pacific.net> Desai, Jason wrote: >> We use nagios too, to monitor in/out queues, load avg, disk >> space, etc, >> and most importantly, to notify if something is out of >> acceptable range. >> Nagios plugins are pretty simple. It looks like Munin makes >> nice graphs. >> Graphs are great to look at historical performance if >> something does go >> wrong - to see how long it had really been a problem before anyone >> noticed. I don't tend to look at them very often otherwise though. >> Ken > > If you're already using Nagios to monitor things, you could use set up > NagiosGraph to provide graphs too. > > http://nagiosgraph.sourceforge.net/index.php/Main_Page > > Jase We use cricket/rrd-tool for graphing, but it's even older than MailScanner-mrtg. So, my graphs are somewhat less pretty.. but not bad. -- Ken Anderson Pacific.Net -------------- next part -------------- A non-text attachment was scrubbed... Name: queue.png Type: image/png Size: 7069 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070606/b56bb21b/queue.png From amoore at dekalbmemorial.com Wed Jun 6 18:57:54 2007 From: amoore at dekalbmemorial.com (Aaron K. Moore) Date: Wed Jun 6 18:57:59 2007 Subject: MailScanner monitoring In-Reply-To: References: <4666D212.2000403@ecs.soton.ac.uk><1181143910.8793.33.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <60D398EB2DB948409CA1F50D8AF122570255B597@exch1.dekalbmemorial.local> >I was looking for something that would show me some pretty graphs. We already have Nagios >doing the important stuff for them. I use Vispan with it's blacklisting feature turned off. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, Indiana Phone: 260.920.2808 E-Mail: amoore@dekalbmemorial.com From hvdkooij at vanderkooij.org Wed Jun 6 18:57:32 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Jun 6 18:58:25 2007 Subject: MailScanner monitoring In-Reply-To: <4666D212.2000403@ecs.soton.ac.uk> References: <4666D212.2000403@ecs.soton.ac.uk> Message-ID: On Wed, 6 Jun 2007, Julian Field wrote: > Is MailScanner-mrtg still being maintained at all? The files on > Sourceforge seem very old. > What's reckoned as the best these days? Has anyone written any plugins > for Munin for it, for example? If you are looking for MTA + MailScanner graphs: http://people.ee.ethz.ch/~dws/software/mailgraph The graphs on one of my servers are at: http://arwen.waakhond.net/#MailGraph Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From ssilva at sgvwater.com Wed Jun 6 19:22:40 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 6 19:22:56 2007 Subject: MailScanner monitoring In-Reply-To: <60D398EB2DB948409CA1F50D8AF122570255B597@exch1.dekalbmemorial.local> References: <4666D212.2000403@ecs.soton.ac.uk><1181143910.8793.33.camel@gblades-suse.linguaphone-intranet.co.uk> <60D398EB2DB948409CA1F50D8AF122570255B597@exch1.dekalbmemorial.local> Message-ID: Aaron K. Moore spake the following on 6/6/2007 10:57 AM: >> I was looking for something that would show me some pretty graphs. We > already have Nagios >> doing the important stuff for them. > > I use Vispan with it's blacklisting feature turned off. > That is one of Vispan's best features! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From tjones at isthmus.com Wed Jun 6 19:22:25 2007 From: tjones at isthmus.com (Thom Jones) Date: Wed Jun 6 19:23:03 2007 Subject: MailScanner monitoring In-Reply-To: <60D398EB2DB948409CA1F50D8AF122570255B597@exch1.dekalbmemorial.local> References: <4666D212.2000403@ecs.soton.ac.uk> <60D398EB2DB948409CA1F50D8AF122570255B597@exch1.dekalbmemorial.local> Message-ID: <200706061322.25545.tjones@isthmus.com> On Wednesday 06 June 2007, Aaron K. Moore wrote: > > I use Vispan with it's blacklisting feature turned off. Just curious as to why? I use Vispan and love the blocking features. -- Thom Jones Isthmus Publishing Co., Inc. http://www.thedailypage.com Write your questions down on the back of a $20 dollar bill and send them to me. From axisml at gmail.com Wed Jun 6 19:50:40 2007 From: axisml at gmail.com (Chris Stone) Date: Wed Jun 6 19:50:45 2007 Subject: Clamav load In-Reply-To: <910ee2ac0706060454g7cb47f48l178df44854c59811@mail.gmail.com> References: <910ee2ac0706060454g7cb47f48l178df44854c59811@mail.gmail.com> Message-ID: <1181155840.13596.14.camel@csmdv.axint.net> On Wed, 2007-06-06 at 11:54 +0000, emm1 wrote: > Hello, Im running the newest MailScanner from FreeBSD 6.2 ports, > 4.60.8 and clamav 0.90.3 and I am experiencing very slow scan times > and high loads. Had similar problems here with ClamAV 0.90.*. Upgraded them to 0.91.rc1 and everythings fine again. Might want to try that.... Chris From mkercher at nfsmith.com Wed Jun 6 19:55:07 2007 From: mkercher at nfsmith.com (Mike Kercher) Date: Wed Jun 6 19:59:37 2007 Subject: MailScanner monitoring References: <4666D212.2000403@ecs.soton.ac.uk> Message-ID: <6DEF8ABC1767C045B91F42066D36358E0B6151@HOUPEX01.nfsmith.info> Hugo van der Kooij <> wrote on Wednesday, June 06, 2007 12:58 PM: : On Wed, 6 Jun 2007, Julian Field wrote: : :: Is MailScanner-mrtg still being maintained at all? The files on :: Sourceforge seem very old. What's reckoned as the best these days? :: Has anyone written any plugins for Munin for it, for example? : : If you are looking for MTA + MailScanner graphs: : http://people.ee.ethz.ch/~dws/software/mailgraph : : The graphs on one of my servers are at: : http://arwen.waakhond.net/#MailGraph : : Hugo. : Could you share your config for all of the sensors? -Mike ______________________ ROFL:ROFL:ROFL:ROFL __^__ L __/ []\ LOL===_ \ L \________] I I -------/ From hvdkooij at vanderkooij.org Wed Jun 6 20:21:53 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Jun 6 20:22:40 2007 Subject: MailScanner monitoring In-Reply-To: <6DEF8ABC1767C045B91F42066D36358E0B6151@HOUPEX01.nfsmith.info> References: <4666D212.2000403@ecs.soton.ac.uk> <6DEF8ABC1767C045B91F42066D36358E0B6151@HOUPEX01.nfsmith.info> Message-ID: On Wed, 6 Jun 2007, Mike Kercher wrote: > Hugo van der Kooij <> wrote on Wednesday, June 06, 2007 12:58 PM: > > : On Wed, 6 Jun 2007, Julian Field wrote: > : > :: Is MailScanner-mrtg still being maintained at all? The files on > :: Sourceforge seem very old. What's reckoned as the best these days? > :: Has anyone written any plugins for Munin for it, for example? > : > : If you are looking for MTA + MailScanner graphs: > : http://people.ee.ethz.ch/~dws/software/mailgraph > : > : The graphs on one of my servers are at: > : http://arwen.waakhond.net/#MailGraph > > Could you share your config for all of the sensors? It will be documented somewhere in the future. Just not right now or this week as there are more important tasks on the task list. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From MailScanner at ecs.soton.ac.uk Wed Jun 6 20:47:39 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 6 20:48:25 2007 Subject: MailScanner monitoring In-Reply-To: References: <4666D212.2000403@ecs.soton.ac.uk> Message-ID: <46670F5B.1080303@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hugo van der Kooij wrote: > On Wed, 6 Jun 2007, Julian Field wrote: > >> Is MailScanner-mrtg still being maintained at all? The files on >> Sourceforge seem very old. >> What's reckoned as the best these days? Has anyone written any plugins >> for Munin for it, for example? > > If you are looking for MTA + MailScanner graphs: > http://people.ee.ethz.ch/~dws/software/mailgraph > > The graphs on one of my servers are at: > http://arwen.waakhond.net/#MailGraph What are you using for all the other graphs on that page? Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGZw9oEfZZRxQVtlQRAmeyAJ9EwqKrJx2hXW1LbXebmWEv0GUPIgCdFPwj CEGcw6Ks1JI05BfCAqp1r8A= =C1WR -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From res at ausics.net Wed Jun 6 22:26:04 2007 From: res at ausics.net (Res) Date: Wed Jun 6 22:26:36 2007 Subject: MailScanner monitoring In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBAD53427@HC-MBX02.herefordshire.gov.uk> References: <4666D212.2000403@ecs.soton.ac.uk> <7EF0EE5CB3B263488C8C18823239BEBAD53427@HC-MBX02.herefordshire.gov.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 6 Jun 2007, Randal, Phil wrote: > It could certainly be improved, by counting stuff rejected by sendmail's > GreetPause, for example. > > Other than that sort of thing, it's OK as it is. > Have you sent the suggestion? Last time I corrosponded with the author (who from memory is or was a member of this list) he replied within 12 hours, not bad given our time zone differences, I found him helpfull. > Cheers, > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Julian Field >> Sent: 06 June 2007 16:26 >> To: MailScanner discussion >> Subject: MailScanner monitoring >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Is MailScanner-mrtg still being maintained at all? The files on >> Sourceforge seem very old. >> What's reckoned as the best these days? Has anyone written >> any plugins >> for Munin for it, for example? >> >> Jules >> >> - -- >> Julian Field MEng CITP >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> For all your IT requirements visit www.transtec.co.uk >> >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.6.1 (Build 1012) >> Charset: ISO-8859-1 >> >> wj8DBQFGZtIWEfZZRxQVtlQRAo2eAJ9JQihTbo/9BSg5iAgQCa/o3lSbUgCfVNPB >> FWT/wf/VU1O80t9BpGCAQzI= >> =J0jc >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> For all your IT requirements visit www.transtec.co.uk >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > - -- Cheers Res -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGZyZusWhAmSIQh7MRAol9AJ95nGUZqS/zfq9e+9yB2bK40WbLuQCggUuA 1PFB4IFCIExIhCKcPsSDu1o= =ugTi -----END PGP SIGNATURE----- From mogens at fumlersoft.dk Thu Jun 7 07:02:20 2007 From: mogens at fumlersoft.dk (Mogens Melander) Date: Thu Jun 7 07:01:52 2007 Subject: SA not working after upgrade In-Reply-To: References: <22774.222.123.0.244.1181125796.squirrel@mail.fumlersoft.dk> Message-ID: <63028.222.123.0.244.1181196140.squirrel@mail.fumlersoft.dk> On Wed, June 6, 2007 17:29, Scott Silva wrote: > Mogens Melander spake the following on 6/6/2007 3:29 AM: >> Hi, >> >> Yesterday i did an cpan upgrade of SpamAssassin, after >> which, it seems that MailScanner no longer uses SA. >> >> A spamassassin --lint gave no clue as all looked good. >> >> >> I'm being flodded in spam, so hints are more than welcome. >> > Did you originally install spamassassin from CPAN? > If you installed it any other way, you need to update it the same way > every time. Well, your sugestion makes some sense, but, i have only one instance of spamassassin on my system, so that should not be the issue. BTW, i got MailScanner/SpamAssassin from OpenProtect originally, and it looks like they are not updating at all. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. From rdr at xs4all.nl Thu Jun 7 09:19:16 2007 From: rdr at xs4all.nl (Remy de Ruysscher) Date: Thu Jun 7 09:19:17 2007 Subject: MailScanner debug mode fails! (FreeBSD 6) Message-ID: <17213.83.98.233.137.1181204356.squirrel@webmail.xs4all.nl> Hi all, I've been experiencing some nasty errors with MailScanner in the last week, currently my mailserver is down (1800+ mails in the queue) and I can't get it to work! What I've done so far: Rebuilding world/kernel and upwards recursively portupgrade all perl ports. [root@unix-asp ~]# MailScanner In Debugging mode, not forking... Fatal error 'Cannot allocate red zone for initial thread' at line 364 in file /usr/src/lib/libthr/thre ad/thr_init.c (errno = 12) Abort trap: 6 Running on FreeBSD unix-asp.com 6.2-RELEASE-p5 FreeBSD 6.2-RELEASE-p5 #7: Tue Jun 5 22:39:18 CEST 2007 root@unix-asp.com:/usr/obj/usr/src/sys/DEFIANT i386 This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.60.8 Module versions are: 1.00 AnyDBM_File 1.18 Archive::Zip 1.04 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.18 File::Temp 0.92 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.22 IO 1.13 IO::File 1.13 IO::Pipe 1.74 Mail::Header 1.86 Math::BigInt 3.07 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.07 MIME::QuotedPrint 5.420 MIME::Tools 0.11 Net::CIDR 1.09 POSIX 1.19 Scalar::Util 1.78 Socket 1.4 Sys::Hostname::Long 0.13 Sys::Syslog 1.9707 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.32 Archive::Tar 0.17 bignum 1.84 Business::ISBN 1.13 Business::ISBN::Data 0.17 Convert::TNEF 1.08 Data::Dump 1.814 DB_File 1.13 DBD::SQLite 1.56 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 1.00 Encode::Detect 0.17008 Error 0.19 ExtUtils::CBuilder 2.18 ExtUtils::ParseXS 0.44 Inline 1.08 IO::String 1.05 IO::Zlib 2.23 IP::Country 0.20 Mail::ClamAV 3.002000 Mail::SpamAssassin v2.004 Mail::SPF 1.999001 Mail::SPF::Query 0.15 Math::BigRat 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.59 Net::DNS missing Net::DNS::Resolver::Programmable missing Net::LDAP 4.004 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.64 Test::Harness 1.17 Test::Manifest 2.0.0 Text::Balanced 1.35 URI 0.7203 version 0.62 YAML From gmatt at nerc.ac.uk Thu Jun 7 13:08:44 2007 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Jun 7 13:08:57 2007 Subject: MailScanner monitoring In-Reply-To: <4666D212.2000403@ecs.soton.ac.uk> References: <4666D212.2000403@ecs.soton.ac.uk> Message-ID: <4667F54C.2000909@nerc.ac.uk> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Is MailScanner-mrtg still being maintained at all? The files on > Sourceforge seem very old. as others have said, MS-mrtg is really useful for looking at trends and for flagging issues (like a growing outbound queue spool). It really shows up the continuing issue of "orphaned" df files in mqueue.in. As Res (I think) said, the author is pretty helpful, I submitted a few cosmetic fixes to him last year and he was quick to incorporate them. probably not the prettiest graphs out there but I have a years worth of stats from each relay to show the PHBs (pictures very important). was interested to hear of some other software in this area altho not likely to switch due to amount of info already invested in ms-mrtg. G > What's reckoned as the best these days? Has anyone written any plugins > for Munin for it, for example? > > Jules > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From amoore at dekalbmemorial.com Thu Jun 7 13:39:54 2007 From: amoore at dekalbmemorial.com (Aaron K. Moore) Date: Thu Jun 7 13:39:59 2007 Subject: MailScanner monitoring In-Reply-To: References: <4666D212.2000403@ecs.soton.ac.uk><60D398EB2DB948409CA1F50D8AF122570255B597@exch1.dekalbmemorial.local> Message-ID: <60D398EB2DB948409CA1F50D8AF122570255B697@exch1.dekalbmemorial.local> mailscanner-bounces@lists.mailscanner.info wrote: > On Wednesday 06 June 2007, Aaron K. Moore wrote: >> >> I use Vispan with it's blacklisting feature turned off. > > Just curious as to why? I use Vispan and love the blocking features. > On my old mail server I had problems with it's data store getting corrupted. Not to mention it was taking a long time to insert or remove entries from the access file and to process the maillog. I ended up writing my own blacklisting program using a custom function I added to mailscanner. On my current mail server I just look at the information logged by MailWatch to generate the blacklist, which is then written out to a file in rbldnsd format. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, Indiana Phone: 260.920.2808 E-Mail: amoore@dekalbmemorial.com From q at snj.ca Thu Jun 7 14:42:18 2007 From: q at snj.ca (Quintin Giesbrecht) Date: Thu Jun 7 15:23:48 2007 Subject: MailScanner won't start after upgrade to 4.60.8-1 Message-ID: <2BE78592B3B1824F97A2685E96221F627B00AC@mail.snj.mb.ca> In my list of processes, I only ever see: "MailScanner: starting child" It was working until I upgraded to 4.60.8-1 yesterday. As a result, mail is piling up in my queue, but isn't getting processed. The logs don't seem to show anything weird, but I have attached my maillog to this email. Can someone please help with this? TIA _____________________ Quintin Giesbrecht IT Manager Smith Neufeld Jodoin LLP Direct: (204)346-5106 http://snj.ca q@snj.ca -------------- next part -------------- Jun 7 8:30:52 mail MailScanner[14730]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:30:57 mail MailScanner[14744]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:31:02 mail MailScanner[14775]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:31:07 mail MailScanner[14793]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:31:12 mail MailScanner[14802]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:31:17 mail MailScanner[14811]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:31:22 mail sendmail[14820]: l57DVKKi014820: "from=," "size=8504," "class=0," "nrcpts=1," "msgid=<001801c7a929$ab16cd20$006478f4@kazya>," "proto=SMTP," "daemon=MTA," relay=host-107.217-12-240.rr.net21.ru [217.12.240.107] (may be forged) Jun 7 8:31:22 mail sendmail[14820]: l57DVKKi014820: "to=," "delay=00:00:01," "mailer=smtp," "pri=38504," stat=queued Jun 7 8:31:23 mail MailScanner[14821]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:31:28 mail MailScanner[14830]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:31:33 mail MailScanner[14855]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:31:38 mail MailScanner[14866]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:31:43 mail MailScanner[14882]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:31:48 mail MailScanner[14893]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:31:53 mail MailScanner[14906]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:31:58 mail MailScanner[14924]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:32:00 mail sendmail[13986]: l57DRP8r013986: "from=," "size=22049," "class=0," "nrcpts=1," "msgid=<000001c7a907$3442b280$0100007f@localhost>," "proto=SMTP," "daemon=MTA," relay=[201.226.5.193] Jun 7 8:32:00 mail sendmail[13986]: l57DRP8r013986: "to=," "delay=00:04:16," "mailer=smtp," "pri=52049," stat=queued Jun 7 8:32:03 mail MailScanner[14988]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:33:23 mail sendmail[2468]: alias database /etc/aliases rebuilt by root Jun 7 8:33:23 mail sendmail[2468]: /etc/aliases: 77 "aliases," longest 10 "bytes," 777 bytes total Jun 7 8:33:24 mail sendmail[2482]: starting daemon (8.13.8): SMTP Jun 7 8:33:24 mail sm-msp-queue[2486]: starting daemon (8.13.8): queueing@00:15:00 Jun 7 8:33:24 mail sendmail[2490]: starting daemon (8.13.8): queueing@00:15:00 Jun 7 8:33:27 mail MailScanner[2511]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:33:32 mail MailScanner[2616]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:33:34 mail sendmail[2508]: l57DXRpx002508: "from=," "size=9809," "class=0," "nrcpts=1," "msgid=<001001c7a921$93364210$01109e7c@homef585c220f8>," "proto=SMTP," "daemon=MTA," relay=igld-83-130-226-78.inter.net.il [83.130.226.78] Jun 7 8:33:34 mail sendmail[2508]: l57DXRpx002508: "to=," "delay=00:00:04," "mailer=smtp," "pri=39809," stat=queued Jun 7 8:33:37 mail MailScanner[2691]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:33:42 mail MailScanner[2769]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:33:47 mail MailScanner[2857]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:33:52 mail MailScanner[2872]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:33:57 mail MailScanner[2881]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:34:02 mail MailScanner[2900]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:34:07 mail MailScanner[2912]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:34:12 mail MailScanner[2927]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:34:17 mail MailScanner[2945]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:34:18 mail sendmail[2946]: l57DYIQY002946: "from=," "size=3037," "class=0," "nrcpts=1," "msgid=," "proto=ESMTP," "daemon=MTA," relay=wnpgmb02-group-smtpout.mts.net [142.161.130.102] Jun 7 8:34:18 mail sendmail[2946]: l57DYIQY002946: "to=," "delay=00:00:00," "mailer=smtp," "pri=33037," stat=queued Jun 7 8:34:22 mail MailScanner[2975]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:34:27 mail MailScanner[2987]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:34:32 mail MailScanner[3006]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:34:37 mail MailScanner[3018]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:34:42 mail MailScanner[3028]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:34:47 mail MailScanner[3037]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:34:52 mail MailScanner[3065]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:34:57 mail MailScanner[3075]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:35:02 mail MailScanner[3097]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:35:04 mail sendmail[3074]: l57DYwen003074: "from=," "size=1642," "class=0," "nrcpts=1," "msgid=<001a01c7a8e7$26f32850$000a8ebc@Control>," "proto=SMTP," "daemon=MTA," relay=190-82-128-210.adsl.cust.tie.cl [190.82.128.210] Jun 7 8:35:04 mail sendmail[3074]: l57DYwen003074: "to=," "delay=00:00:03," "mailer=smtp," "pri=31642," stat=queued Jun 7 8:35:07 mail MailScanner[3109]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:35:13 mail MailScanner[3121]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:35:18 mail MailScanner[3142]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:35:23 mail MailScanner[3168]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:35:28 mail MailScanner[3180]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:35:33 mail MailScanner[3191]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:35:38 mail MailScanner[3203]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:35:43 mail MailScanner[3212]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:35:46 mail sendmail[3221]: l57DZkI8003221: "from=," "size=5705," "class=0," "nrcpts=1," "msgid=<2BE78592B3B1824F97A2685E96221F62567580@mail.snj.mb.ca>," "proto=ESMTP," "daemon=MTA," relay=server.snjlaw.local [192.168.0.251] Jun 7 8:35:46 mail sendmail[3221]: l57DZkI8003221: "to=," "delay=00:00:00," "mailer=esmtp," "pri=35705," stat=queued Jun 7 8:35:48 mail MailScanner[3222]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:35:53 mail MailScanner[3248]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:35:58 mail MailScanner[3257]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:36:03 mail MailScanner[3278]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:36:08 mail MailScanner[3290]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:36:13 mail MailScanner[3304]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:36:18 mail MailScanner[3322]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:36:23 mail MailScanner[3347]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:36:28 mail MailScanner[3362]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:36:33 mail MailScanner[3371]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:36:38 mail MailScanner[3383]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:36:43 mail MailScanner[3393]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:36:48 mail MailScanner[3403]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:36:52 mail sendmail[3426]: l57DaqJW003426: "from=," "size=5322," "class=0," "nrcpts=1," "msgid=<2BE78592B3B1824F97A2685E96221F62567581@mail.snj.mb.ca>," "proto=ESMTP," "daemon=MTA," relay=server.snjlaw.local [192.168.0.251] Jun 7 8:36:52 mail sendmail[3426]: l57DaqJW003426: "to=," "delay=00:00:00," "mailer=esmtp," "pri=35322," stat=queued Jun 7 8:36:53 mail MailScanner[3430]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:36:58 mail MailScanner[3439]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:37:03 mail MailScanner[3459]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:37:07 mail sendmail[3472]: l57Db7HY003472: [222.68.161.38] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Jun 7 8:37:08 mail MailScanner[3473]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:37:13 mail MailScanner[3485]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:37:18 mail MailScanner[3503]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:37:23 mail MailScanner[3529]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:37:28 mail MailScanner[3544]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:37:33 mail MailScanner[3553]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:37:38 mail MailScanner[3565]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:37:43 mail MailScanner[3576]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:37:44 mail sendmail[3575]: l57DbgPt003575: "ruleset=check_rcpt," "arg1=," relay=sp2-c814-181.spacelan.ne.jp "[221.133.112.181]," reject=550 5.1.1 ... User unknown Jun 7 8:37:44 mail sendmail[3575]: l57DbgPt003575: lost input channel from sp2-c814-181.spacelan.ne.jp [221.133.112.181] to MTA after rcpt Jun 7 8:37:44 mail sendmail[3575]: l57DbgPt003575: "from=," "size=0," "class=0," "nrcpts=0," "proto=SMTP," "daemon=MTA," relay=sp2-c814-181.spacelan.ne.jp [221.133.112.181] Jun 7 8:37:48 mail MailScanner[3586]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 7 8:37:53 mail MailScanner[3612]: MailScanner E-Mail Virus Scanner version 4.60.8 starting... From mkercher at nfsmith.com Thu Jun 7 15:26:13 2007 From: mkercher at nfsmith.com (Mike Kercher) Date: Thu Jun 7 15:30:44 2007 Subject: MailScanner won't start after upgrade to 4.60.8-1 References: <2BE78592B3B1824F97A2685E96221F627B00AC@mail.snj.mb.ca> Message-ID: <6DEF8ABC1767C045B91F42066D36358E0B6215@HOUPEX01.nfsmith.info> Quintin Giesbrecht <> wrote on Thursday, June 07, 2007 8:42 AM: : In my list of processes, I only ever see: : : "MailScanner: starting child" : : It was working until I upgraded to 4.60.8-1 yesterday. As a result, : mail is piling up in my queue, but isn't getting processed. : : The logs don't seem to show anything weird, but I have attached my : maillog to this email. : : Can someone please help with this? Start MS in debug mode and see if anything jumps out at you. -Mike ______________________ ROFL:ROFL:ROFL:ROFL __^__ L __/ []\ LOL===_ \ L \________] I I -------/ From ugob at lubik.ca Thu Jun 7 16:04:22 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Thu Jun 7 16:05:43 2007 Subject: phish.ndb malformed today, causing MailScanner crashes Message-ID: LibClamAV Error: Can't load /usr/local/share/clamav/phish.ndb: Malformed database for those using sanesecurity unofficial signatures. Just remove the file and restart mailscanner... The current version seems to be ok. Ugo From mkercher at nfsmith.com Thu Jun 7 16:13:15 2007 From: mkercher at nfsmith.com (Mike Kercher) Date: Thu Jun 7 16:17:46 2007 Subject: phish.ndb malformed today, causing MailScanner crashes References: Message-ID: <6DEF8ABC1767C045B91F42066D36358E0B6233@HOUPEX01.nfsmith.info> Ugo Bellavance <> wrote on Thursday, June 07, 2007 10:04 AM: : LibClamAV Error: Can't load /usr/local/share/clamav/phish.ndb: : Malformed database : : : for those using sanesecurity unofficial signatures. : : Just remove the file and restart mailscanner... : : The current version seems to be ok. : : Ugo I don't have that file on my systems -Mike ______________________ ROFL:ROFL:ROFL:ROFL __^__ L __/ []\ LOL===_ \ L \________] I I -------/ From Kevin.Hansard at ipl.com Thu Jun 7 16:26:21 2007 From: Kevin.Hansard at ipl.com (Kevin Hansard) Date: Thu Jun 7 16:26:27 2007 Subject: DomainKeys and DKIM signing support Message-ID: I would like to sign my outgoing emails with a DomainKeys or DKIM signature. I have looked at using dkim-filter with sendmail to perform this however the solution doesn't really work with MailScanner because milters can only operate on incoming SMTP messages, so if MailScanner makes any changes to the message the signature will be invalidated. In our system we add a disclaimer using MailScanner to messages so the body signature would always be invalid. It seems sensible for MailScanner to perform this function immediately before submitting the message for delivery. I don't think it would be that hard to implement given the Mail::DKIM module would do most of the work. However I am reluctant to start hacking the MailScanner code. Is DKIM support on the MailScanner roadmap? Has anyone else ran into this issue? Alternative solutions would including placing the messages to be signed in a different queue and have my own app sign them and put them back into the main outgoing queue or using another sendmail gateway running dkim-filter to process the messages coming out of MailScanner. Thoughts appreciated. Thanks -- Kevin Hansard www.ipl.com From ugob at lubik.ca Thu Jun 7 16:41:47 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Thu Jun 7 16:43:32 2007 Subject: phish.ndb malformed today, causing MailScanner crashes In-Reply-To: <6DEF8ABC1767C045B91F42066D36358E0B6233@HOUPEX01.nfsmith.info> References: <6DEF8ABC1767C045B91F42066D36358E0B6233@HOUPEX01.nfsmith.info> Message-ID: Mike Kercher wrote: > Ugo Bellavance <> wrote on Thursday, June 07, 2007 10:04 AM: > > : LibClamAV Error: Can't load /usr/local/share/clamav/phish.ndb: > : Malformed database > : > : > : > : Just remove the file and restart mailscanner... > : > : The current version seems to be ok. > : > : Ugo > > I don't have that file on my systems > : for those using sanesecurity unofficial signatures. From rcooper at dwford.com Thu Jun 7 16:59:11 2007 From: rcooper at dwford.com (Rick Cooper) Date: Thu Jun 7 16:59:16 2007 Subject: phish.ndb malformed today, causing MailScanner crashes In-Reply-To: References: Message-ID: <067d01c7a91c$ca350800$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Ugo Bellavance > Sent: Thursday, June 07, 2007 11:04 AM > To: mailscanner@lists.mailscanner.info > Subject: phish.ndb malformed today, causing MailScanner crashes > > LibClamAV Error: Can't load > /usr/local/share/clamav/phish.ndb: Malformed > database > > > for those using sanesecurity unofficial signatures. > > Just remove the file and restart mailscanner... > > The current version seems to be ok. > Must have been a specific mirror or time, I never got an error with that file. What update script are you using? It ought to pass the downloaded files through clam before installing them as this has happened before. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Thu Jun 7 17:19:26 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 7 17:19:52 2007 Subject: SA not working after upgrade In-Reply-To: <63028.222.123.0.244.1181196140.squirrel@mail.fumlersoft.dk> References: <22774.222.123.0.244.1181125796.squirrel@mail.fumlersoft.dk> <63028.222.123.0.244.1181196140.squirrel@mail.fumlersoft.dk> Message-ID: Mogens Melander spake the following on 6/6/2007 11:02 PM: > On Wed, June 6, 2007 17:29, Scott Silva wrote: >> Mogens Melander spake the following on 6/6/2007 3:29 AM: >>> Hi, >>> >>> Yesterday i did an cpan upgrade of SpamAssassin, after >>> which, it seems that MailScanner no longer uses SA. >>> >>> A spamassassin --lint gave no clue as all looked good. >>> >>> >>> I'm being flodded in spam, so hints are more than welcome. >>> >> Did you originally install spamassassin from CPAN? >> If you installed it any other way, you need to update it the same way >> every time. > > Well, your sugestion makes some sense, but, i have only one instance > of spamassassin on my system, so that should not be the issue. > > BTW, i got MailScanner/SpamAssassin from OpenProtect originally, and > it looks like they are not updating at all. > Openprotect has modified mailscanner pretty heavily to work with Qmail. You might have to do some deep digging to find what has happened. It might benefit to start over with one of the MTA's that Julian originally started with (sendmail, postfix, or exim), or see if you can find any help from the openprotect people. I think their list moved to google groups. Does the version of Mailscanner that they have respond to a MailScanner --lint? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Thu Jun 7 17:23:44 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 7 17:25:38 2007 Subject: MailScanner won't start after upgrade to 4.60.8-1 In-Reply-To: <2BE78592B3B1824F97A2685E96221F627B00AC@mail.snj.mb.ca> References: <2BE78592B3B1824F97A2685E96221F627B00AC@mail.snj.mb.ca> Message-ID: Quintin Giesbrecht spake the following on 6/7/2007 6:42 AM: > In my list of processes, I only ever see: > > "MailScanner: starting child" > > It was working until I upgraded to 4.60.8-1 yesterday. As a result, > mail is piling up in my queue, but isn't getting processed. > > The logs don't seem to show anything weird, but I have attached my > maillog to this email. > > Can someone please help with this? > > TIA Did you backup before you upgraded? I have a script that I use to backup before every upgrade, and have an easy way to restore with one command should the need arrise. It is modified from the code snippet in the wiki. I know that this won't help you now, but maybe in the future. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Thu Jun 7 17:28:06 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 7 17:30:22 2007 Subject: Rules emporium timeouts Message-ID: It looks like rulesemporium.com might be down again -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Thu Jun 7 17:25:28 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 7 17:35:27 2007 Subject: MailScanner won't start after upgrade to 4.60.8-1 In-Reply-To: <6DEF8ABC1767C045B91F42066D36358E0B6215@HOUPEX01.nfsmith.info> References: <2BE78592B3B1824F97A2685E96221F627B00AC@mail.snj.mb.ca> <6DEF8ABC1767C045B91F42066D36358E0B6215@HOUPEX01.nfsmith.info> Message-ID: Mike Kercher spake the following on 6/7/2007 7:26 AM: > Quintin Giesbrecht <> wrote on Thursday, June 07, 2007 8:42 AM: > > : In my list of processes, I only ever see: > : > : "MailScanner: starting child" > : > : It was working until I upgraded to 4.60.8-1 yesterday. As a result, > : mail is piling up in my queue, but isn't getting processed. > : > : The logs don't seem to show anything weird, but I have attached my > : maillog to this email. > : > : Can someone please help with this? > > Start MS in debug mode and see if anything jumps out at you. > > -Mike > ______________________ > > ROFL:ROFL:ROFL:ROFL > __^__ > L __/ []\ > LOL===_ \ > L \________] > I I > -------/ Or MailScanner --lint I love the ROFL Copter! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From lists at jfworks.net Thu Jun 7 17:47:18 2007 From: lists at jfworks.net (James) Date: Thu Jun 7 17:46:36 2007 Subject: Rules emporium timeouts In-Reply-To: References: Message-ID: <46683696.6010603@jfworks.net> Scott Silva wrote: > It looks like rulesemporium.com might be down again > I see the same thing. From itdept at fractalweb.com Thu Jun 7 17:47:35 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Thu Jun 7 17:48:02 2007 Subject: filenames getting mangled Message-ID: <466836A7.8030706@fractalweb.com> A strange problem was reported to me today. Email attachments from one of our people is fine as long as it stays within our server, but if he emails it externally, the attachment goes but the filename gets mangled. I've had him send me a copy of the PDF file via email and cc my gmail account, and I get the file fine with my regular email, but when it arrives to gmail, the filename and extension are buggered; if I save the file and rename it to "test.pdf" it's fine. The odd thing is that the attachment I receive internally apparently has a different name than it did on his computer. I've tried emailing the same attachment to my gmail account from Outlook 2007 and from Thunderbird, and it always arrives as expected. Anyone seen this before or have any ideas? From MailScanner at ecs.soton.ac.uk Thu Jun 7 17:46:54 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 7 17:53:06 2007 Subject: DomainKeys and DKIM signing support In-Reply-To: References: Message-ID: <4668367E.3020809@ecs.soton.ac.uk> Kevin Hansard wrote: > I would like to sign my outgoing emails with a DomainKeys or DKIM > signature. I have looked at using dkim-filter with sendmail to perform > this however the solution doesn't really work with MailScanner because > milters can only operate on incoming SMTP messages, so if MailScanner > makes any changes to the message the signature will be invalidated. In > our system we add a disclaimer using MailScanner to messages so the body > signature would always be invalid. > > It seems sensible for MailScanner to perform this function immediately > before submitting the message for delivery. I don't think it would be > that hard to implement given the Mail::DKIM module would do most of the > work. However I am reluctant to start hacking the MailScanner code. > > Is DKIM support on the MailScanner roadmap? > Not yet, no; but it could be. Have you got a nice simple short and sweet document describing DKIM, how it works, what it protects against and why it will stop all spam :-) > Has anyone else ran into this issue? > Assuming it's based on some checksum/hash function, what text of the message does it use as its input? Can you make it just operate on the body and not the headers at all? Am I just trying to add DKIM to a message, or do you need me to check it as well? > Alternative solutions would including placing the messages to be signed > in a different queue and have my own app sign them and put them back > into the main outgoing queue or using another sendmail gateway running > dkim-filter to process the messages coming out of MailScanner. > > Thoughts appreciated. > > Thanks > > -- > Kevin Hansard > www.ipl.com > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From dhawal at netmagicsolutions.com Thu Jun 7 18:12:20 2007 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Thu Jun 7 18:12:36 2007 Subject: Rules emporium timeouts In-Reply-To: <46683696.6010603@jfworks.net> References: <46683696.6010603@jfworks.net> Message-ID: <46683C74.5090301@netmagicsolutions.com> James wrote: > Scott Silva wrote: >> It looks like rulesemporium.com might be down again >> > I see the same thing. it a bot attack.. same for uribl.com and surbl.org From MailScanner at ecs.soton.ac.uk Thu Jun 7 18:11:43 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 7 18:12:56 2007 Subject: filenames getting mangled In-Reply-To: <466836A7.8030706@fractalweb.com> References: <466836A7.8030706@fractalweb.com> Message-ID: <46683C4F.3070709@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Have you got the auto-zip-attachments feature switched on? Chris Yuzik wrote: > A strange problem was reported to me today. > > Email attachments from one of our people is fine as long as it stays > within our server, but if he emails it externally, the attachment goes > but the filename gets mangled. I've had him send me a copy of the PDF > file via email and cc my gmail account, and I get the file fine with > my regular email, but when it arrives to gmail, the filename and > extension are buggered; if I save the file and rename it to "test.pdf" > it's fine. The odd thing is that the attachment I receive internally > apparently has a different name than it did on his computer. > > I've tried emailing the same attachment to my gmail account from > Outlook 2007 and from Thunderbird, and it always arrives as expected. > > Anyone seen this before or have any ideas? > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGaDxTEfZZRxQVtlQRAjDsAJ9VgZi1TnGI6Cl4wpaK9AX/jB26HQCfX2jA XHDnzPye2a7qk3tVqPWeM6c= =BS3e -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ryanw at falsehope.com Thu Jun 7 18:17:08 2007 From: ryanw at falsehope.com (Ryan Weaver) Date: Thu Jun 7 18:22:02 2007 Subject: MailScanner, ClamAV, and Sanesecurity In-Reply-To: References: Message-ID: <004f01c7a927$af2a6b80$0d7f4280$@com> I've started using the Sanesecurity signatures that have been mentioned on the list. I also use Vispan for its reporting and blocking features. The problem I have run into is that in the maillog, when the Sanesecurity signatures are matched the following is the output: Jun 7 12:07:30 c01 MailScanner[7634]: Infected message l57H05nK007460.header came from Jun 7 12:07:30 c01 MailScanner[7634]: Infected message l57H19sG007620.header came from I'm glad that it's be caught and rejected, but Vispan reports no IP found and block these sources. Has anyone else run into this issue? Running: centos-release-4-4.3 mailscanner-4.60.8-1 spamassassin-3.2.0-1.el4.rf clamav-0.90.3-1.el4.rf Thanks, Ryan From ssilva at sgvwater.com Thu Jun 7 18:24:04 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 7 18:24:31 2007 Subject: Rules emporium timeouts In-Reply-To: <46683C74.5090301@netmagicsolutions.com> References: <46683696.6010603@jfworks.net> <46683C74.5090301@netmagicsolutions.com> Message-ID: Dhawal Doshy spake the following on 6/7/2007 10:12 AM: > James wrote: >> Scott Silva wrote: >>> It looks like rulesemporium.com might be down again >>> >> I see the same thing. > > it a bot attack.. same for uribl.com and surbl.org That's why my high spam scores seem a little lower than average. Those ba$7&rd$!! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mikea at mikea.ath.cx Thu Jun 7 18:27:30 2007 From: mikea at mikea.ath.cx (mikea) Date: Thu Jun 7 18:27:40 2007 Subject: Rules emporium timeouts In-Reply-To: <46683C74.5090301@netmagicsolutions.com> References: <46683696.6010603@jfworks.net> <46683C74.5090301@netmagicsolutions.com> Message-ID: <20070607172730.GA69275@mikea.ath.cx> On Thu, Jun 07, 2007 at 10:42:20PM +0530, Dhawal Doshy wrote: > James wrote: > >Scott Silva wrote: > >>It looks like rulesemporium.com might be down again > >> > >I see the same thing. > > it a bot attack.. same for uribl.com and surbl.org My understanding, from some private communications, is that spamhaus.org, rulesemporium.com, uribl.com, and surbl.org all came under very heavy DDOS attack about 1700Z yesterday. Spamhaus appears to be up-and-running again; I don't know what they're doing to get around the attack. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From itdept at fractalweb.com Thu Jun 7 18:28:53 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Thu Jun 7 18:29:15 2007 Subject: filenames getting mangled In-Reply-To: <46683C4F.3070709@ecs.soton.ac.uk> References: <466836A7.8030706@fractalweb.com> <46683C4F.3070709@ecs.soton.ac.uk> Message-ID: <46684055.7050000@fractalweb.com> Julian Field wrote: > Have you got the auto-zip-attachments feature switched on? > Julian, Nope. Zip Attachments = no Chris From nerijusb at dtiltas.lt Thu Jun 7 18:24:45 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Thu Jun 7 18:30:07 2007 Subject: /etc/cron.daily/sa-update rpm conflict Message-ID: <20070607193111.13C531224A5@mx-b.vdnet.lt> Hello, I tried to update to spamassassin-3.2.0-39.el4.x86_64.rpm from ATrpms, but got: file /etc/cron.daily/sa-update from install of spamassassin-3.2.0-39.el4 conflicts with file from package mailscanner-4.58.9-1 Could you please rename /etc/cron.daily/sa-update in MailScanner rpm to something else, for example, saupdate or sa_update? Of course, I could also ask ATrpms guys... Regards, Nerijus From ssilva at sgvwater.com Thu Jun 7 18:27:45 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 7 18:30:10 2007 Subject: filenames getting mangled In-Reply-To: <466836A7.8030706@fractalweb.com> References: <466836A7.8030706@fractalweb.com> Message-ID: Chris Yuzik spake the following on 6/7/2007 9:47 AM: > A strange problem was reported to me today. > > Email attachments from one of our people is fine as long as it stays > within our server, but if he emails it externally, the attachment goes > but the filename gets mangled. I've had him send me a copy of the PDF > file via email and cc my gmail account, and I get the file fine with my > regular email, but when it arrives to gmail, the filename and extension > are buggered; if I save the file and rename it to "test.pdf" it's fine. > The odd thing is that the attachment I receive internally apparently has > a different name than it did on his computer. > > I've tried emailing the same attachment to my gmail account from Outlook > 2007 and from Thunderbird, and it always arrives as expected. > > Anyone seen this before or have any ideas? > > What MUA is he using? Is it repeatable to other people using the same client? Is his client set to do something different like send in quoted printable with 8 bit characters, or send in a different character set? Is his system localized to a different language than the norm for your company? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From raymond at prolocation.net Thu Jun 7 18:45:01 2007 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Thu Jun 7 18:45:00 2007 Subject: Rules emporium timeouts In-Reply-To: <20070607172730.GA69275@mikea.ath.cx> References: <46683696.6010603@jfworks.net> <46683C74.5090301@netmagicsolutions.com> <20070607172730.GA69275@mikea.ath.cx> Message-ID: Hi! >>> I see the same thing. >> >> it a bot attack.. same for uribl.com and surbl.org > My understanding, from some private communications, is that > spamhaus.org, rulesemporium.com, uribl.com, and surbl.org all came under > very heavy DDOS attack about 1700Z yesterday. Spamhaus appears to be > up-and-running again; I don't know what they're doing to get around the > attack. We took the SURBL website down, but boosts up to 150-180 mbit ICMP traffic is still seen on the hosting machines. With 6 or 7 in total thats over a gigabit of ICMP crap... Spamhaus posted also a notification: http://groups.google.ch/group/news.admin.net-abuse.email/msg/28d49877cc8dbc2d We could also get the site back up but ... its not worth the efford currently. Ever looked at the SURBL site? I mean, its not really crowded ;) The rsync servers and DNS is still running, but a lot of people have issues with rules emporium down, i would advise to not use that some time. Bye, Raymond. From ssilva at sgvwater.com Thu Jun 7 18:41:54 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 7 18:50:06 2007 Subject: Rules emporium timeouts In-Reply-To: <20070607172730.GA69275@mikea.ath.cx> References: <46683696.6010603@jfworks.net> <46683C74.5090301@netmagicsolutions.com> <20070607172730.GA69275@mikea.ath.cx> Message-ID: mikea spake the following on 6/7/2007 10:27 AM: > On Thu, Jun 07, 2007 at 10:42:20PM +0530, Dhawal Doshy wrote: >> James wrote: >>> Scott Silva wrote: >>>> It looks like rulesemporium.com might be down again >>>> >>> I see the same thing. >> it a bot attack.. same for uribl.com and surbl.org > > My understanding, from some private communications, is that > spamhaus.org, rulesemporium.com, uribl.com, and surbl.org all came > under very heavy DDOS attack about 1700Z yesterday. Spamhaus appears > to be up-and-running again; I don't know what they're doing to get > around the attack. > Probably some sort of reactive firewall. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From itdept at fractalweb.com Thu Jun 7 18:50:33 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Thu Jun 7 18:50:51 2007 Subject: filenames getting mangled In-Reply-To: References: <466836A7.8030706@fractalweb.com> Message-ID: <46684569.9070802@fractalweb.com> Scott Silva wrote: > What MUA is he using? > Thunderbird 1.5. We've upgraded him to Thunderbird 2.0 and are going to do further tests to see if the problem is solved. > Is it repeatable to other people using the same client? > Yes to other recipients. Nobody else that's using Thunderbird 1.5 is having this problem. > Is his client set to do something different like send in quoted printable with > 8 bit characters, or send in a different character set? > I don't think so. We'll have someone go have a look at this. > Is his system localized to a different language than the norm for your company? > Nope. Normal english, on XP. When (if??) we get this figured out, I'll post a response to the list. Cheers, Chris From ssilva at sgvwater.com Thu Jun 7 18:38:12 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 7 18:53:41 2007 Subject: DomainKeys and DKIM signing support In-Reply-To: <4668367E.3020809@ecs.soton.ac.uk> References: <4668367E.3020809@ecs.soton.ac.uk> Message-ID: Julian Field spake the following on 6/7/2007 9:46 AM: > > > Kevin Hansard wrote: >> I would like to sign my outgoing emails with a DomainKeys or DKIM >> signature. I have looked at using dkim-filter with sendmail to perform >> this however the solution doesn't really work with MailScanner because >> milters can only operate on incoming SMTP messages, so if MailScanner >> makes any changes to the message the signature will be invalidated. In >> our system we add a disclaimer using MailScanner to messages so the body >> signature would always be invalid. >> >> It seems sensible for MailScanner to perform this function immediately >> before submitting the message for delivery. I don't think it would be >> that hard to implement given the Mail::DKIM module would do most of the >> work. However I am reluctant to start hacking the MailScanner code. >> >> Is DKIM support on the MailScanner roadmap? >> > Not yet, no; but it could be. > Have you got a nice simple short and sweet document describing DKIM, how > it works, what it protects against and why it will stop all spam :-) > The only thing that will stop all spam is to unplug the network cable from the machine! ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From hvdkooij at vanderkooij.org Thu Jun 7 20:22:30 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Jun 7 20:23:11 2007 Subject: /etc/cron.daily/sa-update rpm conflict In-Reply-To: <20070607193111.13C531224A5@mx-b.vdnet.lt> References: <20070607193111.13C531224A5@mx-b.vdnet.lt> Message-ID: On Thu, 7 Jun 2007, Nerijus Baliunas wrote: > I tried to update to spamassassin-3.2.0-39.el4.x86_64.rpm from ATrpms, > but got: > file /etc/cron.daily/sa-update from install of spamassassin-3.2.0-39.el4 conflicts with file from package mailscanner-4.58.9-1 > Could you please rename /etc/cron.daily/sa-update in MailScanner rpm to > something else, for example, saupdate or sa_update? Of course, I could > also ask ATrpms guys... Please ask Axel to fix this. SpamAssasin from rpmforge is not having this issue. You may want to move from ATRPMS to rpmforge (for this package). Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From hvdkooij at vanderkooij.org Thu Jun 7 20:26:14 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Jun 7 20:26:55 2007 Subject: DomainKeys and DKIM signing support In-Reply-To: <4668367E.3020809@ecs.soton.ac.uk> References: <4668367E.3020809@ecs.soton.ac.uk> Message-ID: On Thu, 7 Jun 2007, Julian Field wrote: >> Is DKIM support on the MailScanner roadmap? >> > Not yet, no; but it could be. > Have you got a nice simple short and sweet document describing DKIM, how it > works, what it protects against and why it will stop all spam :-) Well. I get spem from yahoo accounts which include this DKIM stuff. So I think it is safe to say DKIM is not going to solve things. At best it will reduce the amount of spoofed messages. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From rcooper at dwford.com Thu Jun 7 22:41:50 2007 From: rcooper at dwford.com (Rick Cooper) Date: Thu Jun 7 22:41:56 2007 Subject: New zip attachments Message-ID: <06c201c7a94c$a8916ce0$0301a8c0@SAHOMELT> Julian I have a server using 4.60.8 that is in an endless loop, I ran in debug and got: Zipping attachments, message 1HwNzp-00020F-1h Processing files in /dev/shm/30703/1HwNzp-00020F-1h Regexp is "\.zip$|\.rar$|\.gz$|\.tgz$|\.mpg$|\.mpeg$|\.mp3$|\.rpm$|\.pdf$|\.xls$" Possibly adding file msg-30703-22.html Entity is MIME::Entity=HASH(0x9be6258) Possibly adding file Outlook-3.bmp Entity is MIME::Entity=HASH(0x9bc64b4) Added Outlook-3.bmp to attachment list Possibly adding file Outlook-2.bmp Entity is MIME::Entity=HASH(0x9bc64b4) Added Outlook-2.bmp to attachment list Possibly adding file Outlook-1.bmp Entity is MIME::Entity=HASH(0x9bc64b4) Added Outlook-1.bmp to attachment list Possibly adding file Outlook.bmp Entity is MIME::Entity=HASH(0x9bc64b4) Added Outlook.bmp to attachment list Possibly adding file msg-30703-2.html Entity is MIME::Entity=HASH(0x9c5b648) Possibly adding file msg-30703-1.txt Entity is MIME::Entity=HASH(0x9bfed20) Writing to zip MessageAttachments.zip read-open /dev/shm/30703/1HwNzp-00020F-1h/Outlook-1.bmp: No such file or directory at /usr/lib/perl5/site_perl/5.8.0/MIME/Body.pm line 435. Looks like MailScanner is trying to zip up a file that is a result of SafeName Rick Cooper -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Thu Jun 7 23:00:25 2007 From: rcooper at dwford.com (Rick Cooper) Date: Thu Jun 7 23:00:31 2007 Subject: DomainKeys and DKIM signing support In-Reply-To: References: Message-ID: <06c301c7a94f$411a9480$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Kevin Hansard > Sent: Thursday, June 07, 2007 11:26 AM > To: mailscanner@lists.mailscanner.info > Subject: DomainKeys and DKIM signing support > > I would like to sign my outgoing emails with a DomainKeys or DKIM > signature. I have looked at using dkim-filter with sendmail to perform > this however the solution doesn't really work with MailScanner because > milters can only operate on incoming SMTP messages, so if MailScanner > makes any changes to the message the signature will be invalidated. In > our system we add a disclaimer using MailScanner to messages > so the body > signature would always be invalid. > > It seems sensible for MailScanner to perform this function immediately > before submitting the message for delivery. I don't think it would be > that hard to implement given the Mail::DKIM module would do > most of the > work. However I am reluctant to start hacking the MailScanner code. > > Is DKIM support on the MailScanner roadmap? > Has anyone else ran into this issue? > Is MailScanner not still the man in the middle between outbound and inbound? I don't know about sendmail but with exim it goes MUA/SMTP->exim-inbound->MailScanner->exim-outbound->SMTP/Mail-Dir So I would check DKIM on the remote inbound and sign DKIM on the outbound SMTP. I assume sendmail must work similarly because MailScanner doesn't deliver to anything, local or remote, at anytime. Since you would only sign on outbound remote your MTA couldn't do anything to alter the message. I am sure the last thing to touch your outbound mail would/should be the entity that signs, or am I missing something about DK/DKIM? > Alternative solutions would including placing the messages to > be signed > in a different queue and have my own app sign them and put them back > into the main outgoing queue or using another sendmail gateway running > dkim-filter to process the messages coming out of MailScanner. > > Thoughts appreciated. > > Thanks > > -- > Kevin Hansard > www.ipl.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From axisml at gmail.com Thu Jun 7 23:35:40 2007 From: axisml at gmail.com (Chris Stone) Date: Thu Jun 7 23:35:45 2007 Subject: MailScanner, ClamAV, and Sanesecurity In-Reply-To: <004f01c7a927$af2a6b80$0d7f4280$@com> References: <004f01c7a927$af2a6b80$0d7f4280$@com> Message-ID: <1181255740.23153.24.camel@csmdv.axint.net> On Thu, 2007-06-07 at 12:17 -0500, Ryan Weaver wrote: > I've started using the Sanesecurity signatures that have been mentioned on > the list. I also use Vispan for its reporting and blocking features. > > The problem I have run into is that in the maillog, when the Sanesecurity > signatures are matched the following is the output: > > Jun 7 12:07:30 c01 MailScanner[7634]: Infected message > l57H05nK007460.header came from > Jun 7 12:07:30 c01 MailScanner[7634]: Infected message > l57H19sG007620.header came from Not picked up by MailWatch.pm and shown as viruses in MailWatch either. I only note it though for the Email.Hdr.Sanesecurity* signatures - all the rest report just fine, just not these - e.g.: Jun 7 16:32:49 smtp1 MailScanner[5919]: /var/spool/MailScanner/incoming/5919/./l57MWISF012136.header: Email.Hdr.Sanesecurity.07012400 FOUND Jun 7 16:32:50 smtp1 MailScanner[5919]: Virus Scanning: ClamAV found 1 infections Jun 7 16:32:51 smtp1 MailScanner[5919]: Infected message l57MWISF012136.header came from Jun 7 16:32:51 smtp1 MailScanner[5919]: Virus Scanning: Found 1 viruses Jun 7 16:32:51 smtp1 MailScanner[5919]: Logging message l57MWISF012136 to SQL Jun 7 16:32:51 smtp1 MailScanner[6700]: l57MWISF012136: Logged to MailWatch SQL And even though MailWatch is logged as adding to SQL, when I look in the database table, the message is not logged....... Chris From micoots at yahoo.com Fri Jun 8 07:17:11 2007 From: micoots at yahoo.com (Michael Mansour) Date: Fri Jun 8 07:17:15 2007 Subject: Max Message and Attachment Sizes Message-ID: <431717.45989.qm@web33310.mail.mud.yahoo.com> Hi, The following two options seem to be the only ones to control this: # The maximum size, in bytes, of any message including the headers. # If this is set to zero, then no size checking is done. # This can also be the filename of a ruleset, so you can have different # settings for different users. You might want to set this quite small for # dialup users so their email applications don't time out downloading huge # messages. Maximum Message Size = %rules-dir%/maximum.message.size.rules # The maximum size, in bytes, of any attachment in a message. # If this is set to zero, effectively no attachments are allowed. # If this is set less than zero, then no size checking is done. # This can also be the filename of a ruleset, so you can have different # settings for different users. You might want to set this quite small for # large mailing lists so they don't get deluged by large attachments. Maximum Attachment Size = %rules-dir%/maximum.attachment.size.rules My problem is that I have set one domain to limit by 10M for each of the options above, but the problem is reading each option more carefully, it doesn't seem to talk about the _total_ size of the message plus attachement, only the size limit for each attachment onto a message. What I need is for any message for a particular domain (which I setup in each rules file above) that is over a _total_ of 10M, regardless if that 10Mb is made up of multiple xmb files or not, to be rejected with an email back to the sender explaining the email is too big. For a history of why I need this, I route mail for a domain (virus/spam scanning) who run Exchange, so once Mailscanner does its job, it sends to their Exchange SMTP server. Their Exchange limits to 10Mb and then drops the connection. My end keeps retrying to send every 15mins forever, so their bandwidth costs skyrocket. I looked at blocking this at the MTA level (sendmail), but then feared that the sending smtp server would keep trying every 15mins and send our bandwidth costs through the roof. So I instead decided to let the MTA accept the message and pass it to MailScanner, which was then set to the 10Mb limit, and would also bounce the message back to the sender with the reason why (configured in MailScanner). But instead, I'm seeing the same occurance with any emails above 10mb trying to be sent from my SMTP server to the Exchange SMTP server. If MailScanner could say "any message totalling 10Mb is rejected" then I think this would solve the problem. Either that or find a way to tell MailScanner/sendmail to stop trying to send a message if it fails x number of times? Any help or advice is much appreciated. Thankyou. Michael. --------------------------------- How would you spend $50,000 to create a more sustainable environment in Australia? Go to Yahoo!7 Answers and share your idea. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070608/39557caf/attachment.html From Paul.Bijnens at xplanation.com Fri Jun 8 08:51:48 2007 From: Paul.Bijnens at xplanation.com (Paul Bijnens) Date: Fri Jun 8 08:51:55 2007 Subject: filenames getting mangled In-Reply-To: <46684569.9070802@fractalweb.com> References: <466836A7.8030706@fractalweb.com> <46684569.9070802@fractalweb.com> Message-ID: <46690A94.7090204@xplanation.com> On 2007-06-07 19:50, Chris Yuzik wrote: > Scott Silva wrote: >> What MUA is he using? >> > Thunderbird 1.5. We've upgraded him to Thunderbird 2.0 and are going to > do further tests to see if the problem is solved. >> Is it repeatable to other people using the same client? >> > Yes to other recipients. Nobody else that's using Thunderbird 1.5 is > having this problem. Then see: http://kb.mozillazine.org/Attachments_renamed For Thunderbird 1.5, do: Preferences -> Advanced -> Config Editor... look for the key "mail.strictly_mime.parm_folding" and change the value from 2 to 0. In thunderbird 2.0 the value for that setting is "3" (which is not allowed for tb1.5), and that manages to set the mimeheaders for the filename so that even LookOut or GMail can use them. So, better upgrade to tb2 and the problem is gone. -- Paul Bijnens, xplanation Technology Services Tel +32 16 397.511 Technologielaan 21 bus 2, B-3001 Leuven, BELGIUM Fax +32 16 397.512 http://www.xplanation.com/ email: Paul.Bijnens@xplanation.com *********************************************************************** * I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, ^^, * * F6, quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, * * stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt, abort, hangup, * * PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e, kill -1 $$, shutdown, * * init 0, kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock, Stop-A, ... * * ... "Are you sure?" ... YES ... Phew ... I'm out * *********************************************************************** From martinh at solidstatelogic.com Fri Jun 8 09:20:03 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Jun 8 09:20:10 2007 Subject: New zip attachments In-Reply-To: <06c201c7a94c$a8916ce0$0301a8c0@SAHOMELT> Message-ID: <3f8658a04833a0498aaaf4c179144693@solidstatelogic.com> Rick Known issue if MS sees two attached files of the same name it falls over (not good). There's a new Messages.PM that Jules put on the list a couple of days ago. Jules, any chance of putting out a 4.60.8-2 with the new Message.pm to cope with multiple files of the same name? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rick Cooper > Sent: 07 June 2007 22:42 > To: MailScanner List > Subject: New zip attachments > > Julian > > I have a server using 4.60.8 that is in an endless loop, I ran in debug > and > got: > > Zipping attachments, message 1HwNzp-00020F-1h > Processing files in /dev/shm/30703/1HwNzp-00020F-1h > Regexp is > "\.zip$|\.rar$|\.gz$|\.tgz$|\.mpg$|\.mpeg$|\.mp3$|\.rpm$|\.pdf$|\.xls$" > Possibly adding file msg-30703-22.html > Entity is MIME::Entity=HASH(0x9be6258) > Possibly adding file Outlook-3.bmp > Entity is MIME::Entity=HASH(0x9bc64b4) > Added Outlook-3.bmp to attachment list > Possibly adding file Outlook-2.bmp > Entity is MIME::Entity=HASH(0x9bc64b4) > Added Outlook-2.bmp to attachment list > Possibly adding file Outlook-1.bmp > Entity is MIME::Entity=HASH(0x9bc64b4) > Added Outlook-1.bmp to attachment list > Possibly adding file Outlook.bmp > Entity is MIME::Entity=HASH(0x9bc64b4) > Added Outlook.bmp to attachment list > Possibly adding file msg-30703-2.html > Entity is MIME::Entity=HASH(0x9c5b648) > Possibly adding file msg-30703-1.txt > Entity is MIME::Entity=HASH(0x9bfed20) > Writing to zip MessageAttachments.zip > read-open /dev/shm/30703/1HwNzp-00020F-1h/Outlook-1.bmp: No such file or > directory at /usr/lib/perl5/site_perl/5.8.0/MIME/Body.pm line 435. > > > Looks like MailScanner is trying to zip up a file that is a result of > SafeName > > > Rick Cooper > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From martinh at solidstatelogic.com Fri Jun 8 09:21:22 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Jun 8 09:21:26 2007 Subject: MailScanner won't start after upgrade to 4.60.8-1 In-Reply-To: <2BE78592B3B1824F97A2685E96221F627B00AC@mail.snj.mb.ca> Message-ID: <32410b9fec4cf74ebd12c10585ce1efe@solidstatelogic.com> Quintin Start MailScanner in debug mode and send up the output (or pastebin it). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Quintin Giesbrecht > Sent: 07 June 2007 14:42 > To: mailscanner@lists.mailscanner.info > Subject: MailScanner won't start after upgrade to 4.60.8-1 > > In my list of processes, I only ever see: > > "MailScanner: starting child" > > It was working until I upgraded to 4.60.8-1 yesterday. As a result, > mail is piling up in my queue, but isn't getting processed. > > The logs don't seem to show anything weird, but I have attached my > maillog to this email. > > Can someone please help with this? > > TIA > > _____________________ > Quintin Giesbrecht > IT Manager > Smith Neufeld Jodoin LLP > Direct: (204)346-5106 > http://snj.ca > q@snj.ca ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From martinh at solidstatelogic.com Fri Jun 8 09:23:11 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Jun 8 09:23:13 2007 Subject: MailScanner debug mode fails! (FreeBSD 6) In-Reply-To: <17213.83.98.233.137.1181204356.squirrel@webmail.xs4all.nl> Message-ID: <899d6b9da32ced46bfcc248d45c7100d@solidstatelogic.com> Remy Could be an issue with clamavmodule and threads. I had to for my compile of clamav to not use pthreads on my FreeBSD system. Also try using then clamd virus scanner rather than clamavmodule in MailScanner.conf's Virus Scanner option. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Remy de Ruysscher > Sent: 07 June 2007 09:19 > To: mailscanner@lists.mailscanner.info > Subject: MailScanner debug mode fails! (FreeBSD 6) > > Hi all, > > I've been experiencing some nasty errors with MailScanner in the last > week, currently my mailserver is down (1800+ mails in the queue) and I > can't get it to work! > > What I've done so far: > Rebuilding world/kernel and upwards recursively portupgrade all perl > ports. > > [root@unix-asp ~]# MailScanner > In Debugging mode, not forking... > Fatal error 'Cannot allocate red zone for initial thread' at line 364 in > file /usr/src/lib/libthr/thre > ad/thr_init.c (errno = 12) > Abort trap: 6 > > Running on > FreeBSD unix-asp.com 6.2-RELEASE-p5 FreeBSD 6.2-RELEASE-p5 #7: Tue Jun 5 > 22:39:18 CEST 2007 root@unix-asp.com:/usr/obj/usr/src/sys/DEFIANT > i386 > This is Perl version 5.008008 (5.8.8) > > This is MailScanner version 4.60.8 > Module versions are: > 1.00 AnyDBM_File > 1.18 Archive::Zip > 1.04 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.74 File::Basename > 2.09 File::Copy > 2.01 FileHandle > 1.08 File::Path > 0.18 File::Temp > 0.92 Filesys::Df > 1.35 HTML::Entities > 3.56 HTML::Parser > 2.37 HTML::TokeParser > 1.22 IO > 1.13 IO::File > 1.13 IO::Pipe > 1.74 Mail::Header > 1.86 Math::BigInt > 3.07 MIME::Base64 > 5.420 MIME::Decoder > 5.420 MIME::Decoder::UU > 5.420 MIME::Head > 5.420 MIME::Parser > 3.07 MIME::QuotedPrint > 5.420 MIME::Tools > 0.11 Net::CIDR > 1.09 POSIX > 1.19 Scalar::Util > 1.78 Socket > 1.4 Sys::Hostname::Long > 0.13 Sys::Syslog > 1.9707 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.32 Archive::Tar > 0.17 bignum > 1.84 Business::ISBN > 1.13 Business::ISBN::Data > 0.17 Convert::TNEF > 1.08 Data::Dump > 1.814 DB_File > 1.13 DBD::SQLite > 1.56 DBI > 1.15 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.11 Digest::SHA1 > 1.00 Encode::Detect > 0.17008 Error > 0.19 ExtUtils::CBuilder > 2.18 ExtUtils::ParseXS > 0.44 Inline > 1.08 IO::String > 1.05 IO::Zlib > 2.23 IP::Country > 0.20 Mail::ClamAV > 3.002000 Mail::SpamAssassin > v2.004 Mail::SPF > 1.999001 Mail::SPF::Query > 0.15 Math::BigRat > 0.2808 Module::Build > 0.20 Net::CIDR::Lite > 0.59 Net::DNS > missing Net::DNS::Resolver::Programmable > missing Net::LDAP > 4.004 NetAddr::IP > 1.94 Parse::RecDescent > missing SAVI > 2.64 Test::Harness > 1.17 Test::Manifest > 2.0.0 Text::Balanced > 1.35 URI > 0.7203 version > 0.62 YAML > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Fri Jun 8 09:40:21 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 8 09:43:26 2007 Subject: New zip attachments In-Reply-To: <06c201c7a94c$a8916ce0$0301a8c0@SAHOMELT> References: <06c201c7a94c$a8916ce0$0301a8c0@SAHOMELT> Message-ID: <466915F5.5010100@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is fixed in 4.61. Rick Cooper wrote: > Julian > > I have a server using 4.60.8 that is in an endless loop, I ran in debug and > got: > > Zipping attachments, message 1HwNzp-00020F-1h > Processing files in /dev/shm/30703/1HwNzp-00020F-1h > Regexp is > "\.zip$|\.rar$|\.gz$|\.tgz$|\.mpg$|\.mpeg$|\.mp3$|\.rpm$|\.pdf$|\.xls$" > Possibly adding file msg-30703-22.html > Entity is MIME::Entity=HASH(0x9be6258) > Possibly adding file Outlook-3.bmp > Entity is MIME::Entity=HASH(0x9bc64b4) > Added Outlook-3.bmp to attachment list > Possibly adding file Outlook-2.bmp > Entity is MIME::Entity=HASH(0x9bc64b4) > Added Outlook-2.bmp to attachment list > Possibly adding file Outlook-1.bmp > Entity is MIME::Entity=HASH(0x9bc64b4) > Added Outlook-1.bmp to attachment list > Possibly adding file Outlook.bmp > Entity is MIME::Entity=HASH(0x9bc64b4) > Added Outlook.bmp to attachment list > Possibly adding file msg-30703-2.html > Entity is MIME::Entity=HASH(0x9c5b648) > Possibly adding file msg-30703-1.txt > Entity is MIME::Entity=HASH(0x9bfed20) > Writing to zip MessageAttachments.zip > read-open /dev/shm/30703/1HwNzp-00020F-1h/Outlook-1.bmp: No such file or > directory at /usr/lib/perl5/site_perl/5.8.0/MIME/Body.pm line 435. > > > Looks like MailScanner is trying to zip up a file that is a result of > SafeName > > > Rick Cooper > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGaRZ6EfZZRxQVtlQRAoyvAJ4jYIgu/yUTnb2N9YRKUKbWo5cxywCgjSGG Hlb3BDpMqVnGaKSlf/o+ol4= =o8Mr -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Fri Jun 8 09:43:58 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 8 09:48:51 2007 Subject: Max Message and Attachment Sizes In-Reply-To: <431717.45989.qm@web33310.mail.mud.yahoo.com> References: <431717.45989.qm@web33310.mail.mud.yahoo.com> Message-ID: <466916CE.3090106@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070608/44c39a4d/PGP.bin From Kevin.Hansard at ipl.com Fri Jun 8 09:49:40 2007 From: Kevin.Hansard at ipl.com (Kevin Hansard) Date: Fri Jun 8 09:49:47 2007 Subject: DomainKeys and DKIM signing support In-Reply-To: <06c301c7a94f$411a9480$0301a8c0@SAHOMELT> References: <06c301c7a94f$411a9480$0301a8c0@SAHOMELT> Message-ID: > So I would check DKIM on the remote inbound and sign DKIM on the outbound > SMTP. I assume sendmail must work similarly because MailScanner doesn't > deliver to anything, local or remote, at anytime. Since you would only sign > on outbound remote your MTA couldn't do anything to alter the message. I am > sure the last thing to touch your outbound mail would/should be the entity > that signs, or am I missing something about DK/DKIM? You are correct. However there is a significant limitation with sendmail in that the standard way to extend its functionality is to write a milter. However the milters are only processed during an incoming SMTP session. Verifying a DKIM signature is ok this way because that can be done with the incoming copy of sendmail. Signing the message needs to be done after MailScanner has performed it's operation on the message. Unfortunately MailScanner delivers the message to the outgoing sendmail via sendmail queue files rather than with an SMTP session hence the milter doesn't get processed. -- Kevin Hansard www.ipl.com From Kevin.Hansard at ipl.com Fri Jun 8 10:17:27 2007 From: Kevin.Hansard at ipl.com (Kevin Hansard) Date: Fri Jun 8 10:17:32 2007 Subject: DomainKeys and DKIM signing support In-Reply-To: <4668367E.3020809@ecs.soton.ac.uk> References: <4668367E.3020809@ecs.soton.ac.uk> Message-ID: > Not yet, no; but it could be. > Have you got a nice simple short and sweet document describing DKIM, how > it works, what it protects against and why it will stop all spam :-) Well I am fairly certain it isn't going to stop all spam! Really it is just another step along the way. It will make it harder to spoof email addresses in both spam and virus messages. However it won't help that much when the spammers use botnets. The FAQ is here http://www.dkim.org/info/dkim-faq.html. For the full DKIM spec see http://www.ietf.org/rfc/rfc4871.txt?number=4871. > Assuming it's based on some checksum/hash function, what text of the > message does it use as its input? > Can you make it just operate on the body and not the headers at all? The whole message is required including the headers. I would expect that following all the header and body processing that you already do, but before you finally unlock the message for delivery you would pass the whole message into Mail::DKIM and this would return a new DKIM-Signature header that would need to be added into the message. > Am I just trying to add DKIM to a message, or do you need me to check it > as well? I think MailScanner probably only needs to be responsible for signing messages. Verifying the signatures can already be done by the receiving daemon or by spamassassin. -- Kevin Hansard www.ipl.com From denis at croombs.org Fri Jun 8 10:35:30 2007 From: denis at croombs.org (Denis Croombs) Date: Fri Jun 8 10:35:33 2007 Subject: MailScanner won't start after upgrade to 4.60.8-1 In-Reply-To: <32410b9fec4cf74ebd12c10585ce1efe@solidstatelogic.com> References: <2BE78592B3B1824F97A2685E96221F627B00AC@mail.snj.mb.ca> <32410b9fec4cf74ebd12c10585ce1efe@solidstatelogic.com> Message-ID: <55207.87.238.80.64.1181295330.squirrel@www.croombs.org> > Quintin > > Start MailScanner in debug mode and send up the output (or pastebin it). > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 Hi I have the same issue, I upgraded a machine that has bene working for over 2 years and even in debug mode all I get is:- [root@bob ~]# service MailScanner restart && tail -f /var/log/maillog Shutting down MailScanner daemons: MailScanner: [ OK ] incoming sendmail: [ OK ] outgoing sendmail: [ OK ] Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: [ OK ] MailScanner: [ OK ] Jun 8 10:29:03 bob MailScanner[20243]: Using SpamAssassin results cache Jun 8 10:29:03 bob MailScanner[20243]: Connected to SpamAssassin cache database Jun 8 10:29:06 bob MailScanner[20243]: MailScanner child caught a SIGHUP Jun 8 10:29:06 bob MailScanner[20238]: MailScanner child caught a SIGHUP Jun 8 10:29:16 bob sendmail[20300]: alias database /etc/aliases rebuilt by root Jun 8 10:29:16 bob sendmail[20300]: /etc/aliases: 79 aliases, longest 17 bytes, 828 bytes total Jun 8 10:29:16 bob sendmail[20308]: starting daemon (8.13.1): SMTP Jun 8 10:29:16 bob sm-msp-queue[20312]: starting daemon (8.13.1): queueing@00:15:00 Jun 8 10:29:16 bob sendmail[20317]: starting daemon (8.13.1): queueing@00:15:00 Jun 8 10:29:18 bob MailScanner[20336]: MailScanner E-Mail Virus Scanner version 4.61.2 starting... Jun 8 10:29:18 bob MailScanner[20336]: Read 777 hostnames from the phishing whitelist Jun 8 10:29:19 bob MailScanner[20336]: Using SpamAssassin results cache Jun 8 10:29:19 bob MailScanner[20336]: Connected to SpamAssassin cache database Jun 8 10:29:23 bob MailScanner[20341]: MailScanner E-Mail Virus Scanner version 4.61.2 starting... Jun 8 10:29:23 bob MailScanner[20341]: Read 777 hostnames from the phishing whitelist Jun 8 10:29:24 bob MailScanner[20341]: Using SpamAssassin results cache Jun 8 10:29:24 bob MailScanner[20341]: Connected to SpamAssassin cache database Jun 8 10:29:28 bob MailScanner[20342]: MailScanner E-Mail Virus Scanner version 4.61.2 starting... Jun 8 10:29:28 bob MailScanner[20342]: Read 777 hostnames from the phishing whitelist Jun 8 10:29:30 bob MailScanner[20342]: Using SpamAssassin results cache Jun 8 10:29:30 bob MailScanner[20342]: Connected to SpamAssassin cache database Jun 8 10:29:40 bob MailScanner[20344]: MailScanner E-Mail Virus Scanner version 4.61.2 starting... Jun 8 10:29:41 bob MailScanner[20344]: Read 777 hostnames from the phishing whitelist Jun 8 10:29:42 bob MailScanner[20344]: Using SpamAssassin results cache Jun 8 10:29:42 bob MailScanner[20344]: Connected to SpamAssassin cache database Jun 8 10:29:43 bob sendmail[20343]: l589TZQF020343: ruleset=check_rcpt, arg1=, relay=redressly.bishop.volia.net [77.123.207.84], reject=550 5.7.1 ... Relaying denied Jun 8 10:29:43 bob sendmail[20343]: l589TZQF020343: lost input channel from redressly.bishop.volia.net [77.123.207.84] to MTA after rcpt Jun 8 10:29:43 bob sendmail[20343]: l589TZQF020343: from=, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=redressly.bishop.volia.net [77.123.207.84] Jun 8 10:29:54 bob MailScanner[20345]: MailScanner E-Mail Virus Scanner version 4.61.2 starting... Jun 8 10:29:55 bob MailScanner[20345]: Read 777 hostnames from the phishing whitelist Jun 8 10:29:56 bob MailScanner[20345]: Using SpamAssassin results cache Jun 8 10:29:56 bob MailScanner[20345]: Connected to SpamAssassin cache database Jun 8 10:30:03 bob MailScanner[20355]: MailScanner E-Mail Virus Scanner version 4.61.2 starting... Jun 8 10:30:04 bob MailScanner[20355]: Read 777 hostnames from the phishing whitelist Jun 8 10:30:07 bob MailScanner[20355]: Using SpamAssassin results cache Jun 8 10:30:07 bob MailScanner[20355]: Connected to SpamAssassin cache database Jun 8 10:30:21 bob MailScanner[20395]: MailScanner E-Mail Virus Scanner version 4.61.2 starting... Jun 8 10:30:22 bob MailScanner[20395]: Read 777 hostnames from the phishing whitelist Jun 8 10:30:24 bob MailScanner[20395]: Using SpamAssassin results cache Jun 8 10:30:24 bob MailScanner[20395]: Connected to SpamAssassin cache database Jun 8 10:30:39 bob MailScanner[20433]: MailScanner E-Mail Virus Scanner version 4.61.2 starting... Jun 8 10:30:39 bob MailScanner[20433]: Read 777 hostnames from the phishing whitelist Jun 8 10:30:41 bob MailScanner[20433]: Using SpamAssassin results cache Jun 8 10:30:41 bob MailScanner[20433]: Connected to SpamAssassin cache database Jun 8 10:30:46 bob MailScanner[20434]: MailScanner E-Mail Virus Scanner version 4.61.2 starting... Jun 8 10:30:46 bob MailScanner[20434]: Read 777 hostnames from the phishing whitelist Jun 8 10:30:47 bob MailScanner[20434]: Using SpamAssassin results cache Jun 8 10:30:47 bob MailScanner[20434]: Connected to SpamAssassin cache database Sendmail starts Ok and accepts incoming emails but thye just queue up and the load just goes to max. Any clues ? Denis From martinh at solidstatelogic.com Fri Jun 8 10:45:26 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Jun 8 10:45:54 2007 Subject: MailScanner won't start after upgrade to 4.60.8-1 In-Reply-To: <55207.87.238.80.64.1181295330.squirrel@www.croombs.org> Message-ID: <75b19690790cea4e8e1e5be3969f08a5@solidstatelogic.com> Run this in debug mode and pastebin the output if you can't spot an error... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Denis Croombs > Sent: 08 June 2007 10:36 > To: MailScanner discussion > Subject: RE: MailScanner won't start after upgrade to 4.60.8-1 > > > Quintin > > > > Start MailScanner in debug mode and send up the output (or pastebin it). > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > Hi > > I have the same issue, I upgraded a machine that has bene working for over > 2 years and even in debug mode all I get is:- > > [root@bob ~]# service MailScanner restart && tail -f /var/log/maillog > Shutting down MailScanner daemons: > MailScanner: [ OK ] > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > Starting MailScanner daemons: > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > MailScanner: [ OK ] > Jun 8 10:29:03 bob MailScanner[20243]: Using SpamAssassin results cache > Jun 8 10:29:03 bob MailScanner[20243]: Connected to SpamAssassin cache > database > Jun 8 10:29:06 bob MailScanner[20243]: MailScanner child caught a SIGHUP > Jun 8 10:29:06 bob MailScanner[20238]: MailScanner child caught a SIGHUP > Jun 8 10:29:16 bob sendmail[20300]: alias database /etc/aliases rebuilt > by root > Jun 8 10:29:16 bob sendmail[20300]: /etc/aliases: 79 aliases, longest 17 > bytes, 828 bytes total > Jun 8 10:29:16 bob sendmail[20308]: starting daemon (8.13.1): SMTP > Jun 8 10:29:16 bob sm-msp-queue[20312]: starting daemon (8.13.1): > queueing@00:15:00 > Jun 8 10:29:16 bob sendmail[20317]: starting daemon (8.13.1): > queueing@00:15:00 > Jun 8 10:29:18 bob MailScanner[20336]: MailScanner E-Mail Virus Scanner > version 4.61.2 starting... > Jun 8 10:29:18 bob MailScanner[20336]: Read 777 hostnames from the > phishing whitelist > Jun 8 10:29:19 bob MailScanner[20336]: Using SpamAssassin results cache > Jun 8 10:29:19 bob MailScanner[20336]: Connected to SpamAssassin cache > database > Jun 8 10:29:23 bob MailScanner[20341]: MailScanner E-Mail Virus Scanner > version 4.61.2 starting... > Jun 8 10:29:23 bob MailScanner[20341]: Read 777 hostnames from the > phishing whitelist > Jun 8 10:29:24 bob MailScanner[20341]: Using SpamAssassin results cache > Jun 8 10:29:24 bob MailScanner[20341]: Connected to SpamAssassin cache > database > Jun 8 10:29:28 bob MailScanner[20342]: MailScanner E-Mail Virus Scanner > version 4.61.2 starting... > Jun 8 10:29:28 bob MailScanner[20342]: Read 777 hostnames from the > phishing whitelist > Jun 8 10:29:30 bob MailScanner[20342]: Using SpamAssassin results cache > Jun 8 10:29:30 bob MailScanner[20342]: Connected to SpamAssassin cache > database > Jun 8 10:29:40 bob MailScanner[20344]: MailScanner E-Mail Virus Scanner > version 4.61.2 starting... > Jun 8 10:29:41 bob MailScanner[20344]: Read 777 hostnames from the > phishing whitelist > Jun 8 10:29:42 bob MailScanner[20344]: Using SpamAssassin results cache > Jun 8 10:29:42 bob MailScanner[20344]: Connected to SpamAssassin cache > database > Jun 8 10:29:43 bob sendmail[20343]: l589TZQF020343: ruleset=check_rcpt, > arg1=, relay=redressly.bishop.volia.net > [77.123.207.84], reject=550 5.7.1 ... > Relaying denied > Jun 8 10:29:43 bob sendmail[20343]: l589TZQF020343: lost input channel > from redressly.bishop.volia.net [77.123.207.84] to MTA after rcpt > Jun 8 10:29:43 bob sendmail[20343]: l589TZQF020343: > from=, size=0, class=0, nrcpts=0, > proto=SMTP, daemon=MTA, relay=redressly.bishop.volia.net [77.123.207.84] > Jun 8 10:29:54 bob MailScanner[20345]: MailScanner E-Mail Virus Scanner > version 4.61.2 starting... > Jun 8 10:29:55 bob MailScanner[20345]: Read 777 hostnames from the > phishing whitelist > Jun 8 10:29:56 bob MailScanner[20345]: Using SpamAssassin results cache > Jun 8 10:29:56 bob MailScanner[20345]: Connected to SpamAssassin cache > database > Jun 8 10:30:03 bob MailScanner[20355]: MailScanner E-Mail Virus Scanner > version 4.61.2 starting... > Jun 8 10:30:04 bob MailScanner[20355]: Read 777 hostnames from the > phishing whitelist > Jun 8 10:30:07 bob MailScanner[20355]: Using SpamAssassin results cache > Jun 8 10:30:07 bob MailScanner[20355]: Connected to SpamAssassin cache > database > Jun 8 10:30:21 bob MailScanner[20395]: MailScanner E-Mail Virus Scanner > version 4.61.2 starting... > Jun 8 10:30:22 bob MailScanner[20395]: Read 777 hostnames from the > phishing whitelist > Jun 8 10:30:24 bob MailScanner[20395]: Using SpamAssassin results cache > Jun 8 10:30:24 bob MailScanner[20395]: Connected to SpamAssassin cache > database > Jun 8 10:30:39 bob MailScanner[20433]: MailScanner E-Mail Virus Scanner > version 4.61.2 starting... > Jun 8 10:30:39 bob MailScanner[20433]: Read 777 hostnames from the > phishing whitelist > Jun 8 10:30:41 bob MailScanner[20433]: Using SpamAssassin results cache > Jun 8 10:30:41 bob MailScanner[20433]: Connected to SpamAssassin cache > database > Jun 8 10:30:46 bob MailScanner[20434]: MailScanner E-Mail Virus Scanner > version 4.61.2 starting... > Jun 8 10:30:46 bob MailScanner[20434]: Read 777 hostnames from the > phishing whitelist > Jun 8 10:30:47 bob MailScanner[20434]: Using SpamAssassin results cache > Jun 8 10:30:47 bob MailScanner[20434]: Connected to SpamAssassin cache > database > > Sendmail starts Ok and accepts incoming emails but thye just queue up and > the load just goes to max. > > Any clues ? > > Denis > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From rcooper at dwford.com Fri Jun 8 11:00:48 2007 From: rcooper at dwford.com (Rick Cooper) Date: Fri Jun 8 11:00:57 2007 Subject: New zip attachments In-Reply-To: <466915F5.5010100@ecs.soton.ac.uk> References: <06c201c7a94c$a8916ce0$0301a8c0@SAHOMELT> <466915F5.5010100@ecs.soton.ac.uk> Message-ID: <07d101c7a9b3$e428aea0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: Friday, June 08, 2007 4:40 AM > To: MailScanner discussion > Subject: Re: New zip attachments > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > This is fixed in 4.61. Yeah, my bad. After Martin said something I remembered there was something posted about bugs for Message.pm, sorry Rick > > Rick Cooper wrote: > > Julian > > > > I have a server using 4.60.8 that is in an endless loop, I > ran in debug and > > got: > > > > Zipping attachments, message 1HwNzp-00020F-1h > > Processing files in /dev/shm/30703/1HwNzp-00020F-1h > > Regexp is > > > "\.zip$|\.rar$|\.gz$|\.tgz$|\.mpg$|\.mpeg$|\.mp3$|\.rpm$|\.pdf > $|\.xls$" > > Possibly adding file msg-30703-22.html > > Entity is MIME::Entity=HASH(0x9be6258) > > Possibly adding file Outlook-3.bmp > > Entity is MIME::Entity=HASH(0x9bc64b4) > > Added Outlook-3.bmp to attachment list > > Possibly adding file Outlook-2.bmp > > Entity is MIME::Entity=HASH(0x9bc64b4) > > Added Outlook-2.bmp to attachment list > > Possibly adding file Outlook-1.bmp > > Entity is MIME::Entity=HASH(0x9bc64b4) > > Added Outlook-1.bmp to attachment list > > Possibly adding file Outlook.bmp > > Entity is MIME::Entity=HASH(0x9bc64b4) > > Added Outlook.bmp to attachment list > > Possibly adding file msg-30703-2.html > > Entity is MIME::Entity=HASH(0x9c5b648) > > Possibly adding file msg-30703-1.txt > > Entity is MIME::Entity=HASH(0x9bfed20) > > Writing to zip MessageAttachments.zip > > read-open /dev/shm/30703/1HwNzp-00020F-1h/Outlook-1.bmp: No > such file or > > directory at /usr/lib/perl5/site_perl/5.8.0/MIME/Body.pm line 435. > > > > > > Looks like MailScanner is trying to zip up a file that is a > result of > > SafeName > > > > > > Rick Cooper > > > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > > > > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.1 (Build 1012) > Charset: ISO-8859-1 > > wj8DBQFGaRZ6EfZZRxQVtlQRAoyvAJ4jYIgu/yUTnb2N9YRKUKbWo5cxywCgjSGG > Hlb3BDpMqVnGaKSlf/o+ol4= > =o8Mr > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From denis at croombs.org Fri Jun 8 11:02:10 2007 From: denis at croombs.org (Denis Croombs) Date: Fri Jun 8 11:02:13 2007 Subject: MailScanner won't start after upgrade to 4.60.8-1 In-Reply-To: <75b19690790cea4e8e1e5be3969f08a5@solidstatelogic.com> References: <55207.87.238.80.64.1181295330.squirrel@www.croombs.org> <75b19690790cea4e8e1e5be3969f08a5@solidstatelogic.com> Message-ID: <36803.87.238.80.64.1181296930.squirrel@www.croombs.org> > > Run this in debug mode and pastebin the output if you can't spot an > error... > > -- Output is:- [root@bob ~]# service MailScanner restart && tail -f /var/log/maillog Shutting down MailScanner daemons: MailScanner: [FAILED] incoming sendmail: [ OK ] outgoing sendmail: [ OK ] Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: [ OK ] MailScanner: In Debugging mode, not forking... check: no loaded plugin implements 'check_main': cannot scan! at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 164. [ OK ] Jun 8 10:55:03 bob MailScanner-MRTG[20803]: Unable to find a mountpoint for /var/spool. Please set Spool Directory in mailscanner-mrtg.conf to a valid mountpoint. You can see a list of mointpoints on your system by using the df command. Jun 8 10:58:21 bob sendmail[20965]: alias database /etc/aliases rebuilt by root Jun 8 10:58:21 bob sendmail[20965]: /etc/aliases: 79 aliases, longest 17 bytes, 828 bytes total Jun 8 10:58:21 bob sendmail[20973]: starting daemon (8.13.1): SMTP Jun 8 10:58:21 bob sm-msp-queue[20977]: starting daemon (8.13.1): queueing@00:15:00 Jun 8 10:58:21 bob sendmail[20982]: starting daemon (8.13.1): queueing@00:15:00 Jun 8 10:58:23 bob MailScanner[20998]: MailScanner E-Mail Virus Scanner version 4.61.2 starting... Jun 8 10:58:23 bob MailScanner[20998]: Read 777 hostnames from the phishing whitelist Jun 8 10:58:24 bob MailScanner[20998]: Using SpamAssassin results cache Jun 8 10:58:24 bob MailScanner[20998]: Connected to SpamAssassin cache database I assume this is the issue (new 1 to me) check: no loaded plugin implements 'check_main': cannot scan! at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 164. [ OK ] Any clues ? Regards Denis From martinh at solidstatelogic.com Fri Jun 8 11:10:52 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Jun 8 11:10:52 2007 Subject: MailScanner won't start after upgrade to 4.60.8-1 In-Reply-To: <36803.87.238.80.64.1181296930.squirrel@www.croombs.org> Message-ID: <6e297c1982b2df40bb628bf7eb388ab9@solidstatelogic.com> Dennis Good error there.. check: no loaded plugin implements 'check_main': cannot scan! at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 164 I'd check "spamassassin -D --lint file.txt" works OK. Looks like something's awry with SA. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Denis Croombs > Sent: 08 June 2007 11:02 > To: MailScanner discussion > Subject: RE: MailScanner won't start after upgrade to 4.60.8-1 > > > > > Run this in debug mode and pastebin the output if you can't spot an > > error... > > > > -- > Output is:- > > [root@bob ~]# service MailScanner restart && tail -f /var/log/maillog > Shutting down MailScanner daemons: > MailScanner: [FAILED] > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > Starting MailScanner daemons: > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > MailScanner: In Debugging mode, not forking... > check: no loaded plugin implements 'check_main': cannot scan! at > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 164. > [ OK ] > Jun 8 10:55:03 bob MailScanner-MRTG[20803]: Unable to find a mountpoint > for /var/spool. Please set Spool Directory in mailscanner-mrtg.conf to a > valid mountpoint. You can see a list of mointpoints on your system by > using the df command. > Jun 8 10:58:21 bob sendmail[20965]: alias database /etc/aliases rebuilt > by root > Jun 8 10:58:21 bob sendmail[20965]: /etc/aliases: 79 aliases, longest 17 > bytes, 828 bytes total > Jun 8 10:58:21 bob sendmail[20973]: starting daemon (8.13.1): SMTP > Jun 8 10:58:21 bob sm-msp-queue[20977]: starting daemon (8.13.1): > queueing@00:15:00 > Jun 8 10:58:21 bob sendmail[20982]: starting daemon (8.13.1): > queueing@00:15:00 > Jun 8 10:58:23 bob MailScanner[20998]: MailScanner E-Mail Virus Scanner > version 4.61.2 starting... > Jun 8 10:58:23 bob MailScanner[20998]: Read 777 hostnames from the > phishing whitelist > Jun 8 10:58:24 bob MailScanner[20998]: Using SpamAssassin results cache > Jun 8 10:58:24 bob MailScanner[20998]: Connected to SpamAssassin cache > database > > I assume this is the issue (new 1 to me) > check: no loaded plugin implements 'check_main': cannot scan! at > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 164. > [ OK ] > > Any clues ? > > Regards > > Denis > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From xmasterx at gmail.com Fri Jun 8 11:13:18 2007 From: xmasterx at gmail.com (Pedro Cardoso) Date: Fri Jun 8 11:13:23 2007 Subject: Strange thing... Message-ID: Hi there, in my postfix config I have blocked all relays, exept to mydomain.com, but in today I see this in my maillog: Jun 8 06:26:03 mydomain postfix/smtpd[5917]: connect from unknown[ 201.250.31.160] Jun 8 06:26:04 mydomain postfix/smtpd[5917]: 67EE2D5412F: client=unknown[ 201.250.31.160] Jun 8 06:26:05 mydomain postfix/cleanup[5920]: 67EE2D5412F: hold: header Received: from none (unknown [201.250.31.160])??by mydomain.com (Postfix) with SMTP id 67EE2D5412F??for ; Fri, 8 Jun 2007 06:26:04 +0100 (WEST) from unknown[201.250.31.160]; from= to=< asdf@asdf-com.mydomain.com> proto=SMTP helo= Jun 8 06:26:05 mydomain postfix/cleanup[5920]: 67EE2D5412F: message-id=< 20070608052604.67EE2D5412F@mydomain.com> Jun 8 06:26:05 mydomain postfix/smtpd[5917]: disconnect from unknown[ 201.250.31.160] Jun 8 06:26:12 mydomain MailScanner[27473]: New Batch: Scanning 1 messages, 769 bytes Jun 8 06:26:12 mydomain MailScanner[27473]: Spam Checks: Starting then MailScanner catchs it as spam, but if it would the mail would be delivered to asdf@asdf.com? Regards, -- Pedro Cardoso [ xmasterx@gmail.com ] -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070608/d5b7b8d5/attachment.html From rcooper at dwford.com Fri Jun 8 11:16:04 2007 From: rcooper at dwford.com (Rick Cooper) Date: Fri Jun 8 11:16:09 2007 Subject: MailScanner won't start after upgrade to 4.60.8-1 In-Reply-To: <36803.87.238.80.64.1181296930.squirrel@www.croombs.org> References: <55207.87.238.80.64.1181295330.squirrel@www.croombs.org><75b19690790cea4e8e1e5be3969f08a5@solidstatelogic.com> <36803.87.238.80.64.1181296930.squirrel@www.croombs.org> Message-ID: <07d801c7a9b6$05d49b70$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Denis Croombs > Sent: Friday, June 08, 2007 6:02 AM > To: MailScanner discussion > Subject: RE: MailScanner won't start after upgrade to 4.60.8-1 > > > > > Run this in debug mode and pastebin the output if you can't spot an > > error... > > > > -- > Output is:- > > [root@bob ~]# service MailScanner restart && tail -f /var/log/maillog > Shutting down MailScanner daemons: > MailScanner: [FAILED] > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > Starting MailScanner daemons: > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > MailScanner: In Debugging mode, not forking... > check: no loaded plugin implements 'check_main': cannot scan! at > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus. > pm line 164. > [ OK ] [...] > I assume this is the issue (new 1 to me) > check: no loaded plugin implements 'check_main': cannot scan! at > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus. > pm line 164. > [ OK ] > >From what I found via google it would appear that SA is not finding, or cannot access the v320.pre file. Try running spamassassin --lint -D and see if it loads, if so debug SA from MailScanner. Check it's in the proper place with the proper permissions Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Fri Jun 8 11:18:37 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Fri Jun 8 11:19:54 2007 Subject: MailScanner won't start after upgrade to 4.60.8-1 In-Reply-To: References: Message-ID: Agreed Martin. Same problem as somebody reported about MCP when SA could not find the .pre files. On Fri, 08 Jun 2007 11:10:52 +0100, "Martin.Hepworth" wrote: > Dennis > > Good error there.. > > check: no loaded plugin implements 'check_main': cannot scan! at > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line > 164 > > I'd check "spamassassin -D --lint file.txt" works OK. > > Looks like something's awry with SA. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Denis Croombs >> Sent: 08 June 2007 11:02 >> To: MailScanner discussion >> Subject: RE: MailScanner won't start after upgrade to 4.60.8-1 >> >> > >> > Run this in debug mode and pastebin the output if you can't spot an >> > error... >> > >> > -- >> Output is:- >> >> [root@bob ~]# service MailScanner restart && tail -f /var/log/maillog >> Shutting down MailScanner daemons: >> MailScanner: [FAILED] >> incoming sendmail: [ OK ] >> outgoing sendmail: [ OK ] >> Starting MailScanner daemons: >> incoming sendmail: [ OK ] >> outgoing sendmail: [ OK ] >> MailScanner: In Debugging mode, not forking... >> check: no loaded plugin implements 'check_main': cannot scan! at >> /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line > 164. >> [ OK ] >> Jun 8 10:55:03 bob MailScanner-MRTG[20803]: Unable to find a > mountpoint >> for /var/spool. Please set Spool Directory in mailscanner-mrtg.conf > to a >> valid mountpoint. You can see a list of mointpoints on your system by >> using the df command. >> Jun 8 10:58:21 bob sendmail[20965]: alias database /etc/aliases > rebuilt >> by root >> Jun 8 10:58:21 bob sendmail[20965]: /etc/aliases: 79 aliases, longest > 17 >> bytes, 828 bytes total >> Jun 8 10:58:21 bob sendmail[20973]: starting daemon (8.13.1): SMTP >> Jun 8 10:58:21 bob sm-msp-queue[20977]: starting daemon (8.13.1): >> queueing@00:15:00 >> Jun 8 10:58:21 bob sendmail[20982]: starting daemon (8.13.1): >> queueing@00:15:00 >> Jun 8 10:58:23 bob MailScanner[20998]: MailScanner E-Mail Virus > Scanner >> version 4.61.2 starting... >> Jun 8 10:58:23 bob MailScanner[20998]: Read 777 hostnames from the >> phishing whitelist >> Jun 8 10:58:24 bob MailScanner[20998]: Using SpamAssassin results > cache >> Jun 8 10:58:24 bob MailScanner[20998]: Connected to SpamAssassin > cache >> database >> >> I assume this is the issue (new 1 to me) >> check: no loaded plugin implements 'check_main': cannot scan! at >> /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line > 164. >> [ OK ] >> >> Any clues ? >> >> Regards >> >> Denis >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alfrag at econ.soc.uoc.gr Fri Jun 8 11:12:43 2007 From: alfrag at econ.soc.uoc.gr (Alexandros Fragkiadakis) Date: Fri Jun 8 11:21:23 2007 Subject: /var/log/mail problems Message-ID: <2401.147.52.239.225.1181297563.squirrel@econ.soc.uoc.gr> hi all, i'm using mailscanner+postfix. A few days ago i restarted Mailscanner through /etc/init.d/Mailscanner. After this, /var/log/mail loging lasts for 24 hours and after this period a new logging starts with the past logs being lost. Do you have any idea why is this happening? Many thanks in advance, Alexandros -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solidstatelogic.com Fri Jun 8 11:27:58 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Jun 8 11:27:57 2007 Subject: /var/log/mail problems In-Reply-To: <2401.147.52.239.225.1181297563.squirrel@econ.soc.uoc.gr> Message-ID: <31508e3ae48b034bb8ee2f122be4c114@solidstatelogic.com> Normal rotatelogs process getting it wrong?? How do you normally rotate the log files on your system? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Alexandros Fragkiadakis > Sent: 08 June 2007 11:13 > To: mailscanner@lists.mailscanner.info > Subject: /var/log/mail problems > > hi all, > > i'm using mailscanner+postfix. A few days ago i restarted Mailscanner > through /etc/init.d/Mailscanner. After this, /var/log/mail loging lasts > for 24 hours and after this period a new logging starts with the past logs > being lost. > > Do you have any idea why is this happening? > > > Many thanks in advance, > > Alexandros > > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From rcooper at dwford.com Fri Jun 8 11:29:33 2007 From: rcooper at dwford.com (Rick Cooper) Date: Fri Jun 8 11:29:40 2007 Subject: Avg Panda AV Message-ID: <07df01c7a9b7$e81d92b0$0301a8c0@SAHOMELT> Is any one using Avg 7.1.24 or Panda 9.0.0-1 Since I haven't been able to find the reason bitdefender won't work under MailScanner and I haven't anymore time to spend on it right now, I was trying the above and found both are not working correctly under MS. The avg parser has been patched and no longer reconginzes Identified|found, just found (and a couple other minor things) and Panda has added some garbage to the output stating cannot modify file even when there is no disinfect option in place (even though it does have permissions as well). I fixed both for my install but both have been patched by others. I was unware they needed updates (I must have missed something somewhere in the past) If you are using the above and having trouble I will put a patch together this weekend, otherwise I will wait until next week, both should accomidate older versions. Rick Cooper I.T. Manager - Bob Thomas Dealerships Phone : (260) 414-8566 Fax : (260) 434-4400 Email : rcooper@dwford.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alfrag at econ.soc.uoc.gr Fri Jun 8 11:31:46 2007 From: alfrag at econ.soc.uoc.gr (Alexandros Fragkiadakis) Date: Fri Jun 8 11:40:26 2007 Subject: /var/log/mail problems In-Reply-To: <31508e3ae48b034bb8ee2f122be4c114@solidstatelogic.com> References: <2401.147.52.239.225.1181297563.squirrel@econ.soc.uoc.gr> <31508e3ae48b034bb8ee2f122be4c114@solidstatelogic.com> Message-ID: <2444.147.52.239.225.1181298706.squirrel@econ.soc.uoc.gr> On Fri, June 8, 2007 1:27 pm, Martin.Hepworth wrote: > > Normal rotatelogs process getting it wrong?? > > > How do you normally rotate the log files on your system? > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Alexandros Fragkiadakis >> Sent: 08 June 2007 11:13 >> To: mailscanner@lists.mailscanner.info >> Subject: /var/log/mail problems >> >> >> hi all, >> >> i'm using mailscanner+postfix. A few days ago i restarted Mailscanner >> through /etc/init.d/Mailscanner. After this, /var/log/mail loging > lasts >> for 24 hours and after this period a new logging starts with the past > logs >> being lost. >> >> Do you have any idea why is this happening? >> >> >> >> Many thanks in advance, >> >> >> Alexandros >> >> >> >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> >> Support MailScanner development - buy the book off the website! >> > > > > There is a rotatelogs2 process in /usr/sbin but not sure how to configure it or test it. Thanks -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Fri Jun 8 11:46:57 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 8 11:47:00 2007 Subject: Strange thing... In-Reply-To: References: Message-ID: <223f97700706080346h238a740ei16f1bddf3cf062ee@mail.gmail.com> On 08/06/07, Pedro Cardoso wrote: > Hi there, > > in my postfix config I have blocked all relays, exept to mydomain.com, but > in today I see this in my maillog: > > Jun 8 06:26:03 mydomain postfix/smtpd[5917]: connect from unknown[ > 201.250.31.160] > Jun 8 06:26:04 mydomain postfix/smtpd[5917]: 67EE2D5412F: > client=unknown[201.250.31.160] > Jun 8 06:26:05 mydomain postfix/cleanup[5920]: 67EE2D5412F: hold: header > Received: from none (unknown [ 201.250.31.160])??by mydomain.com (Postfix) > with SMTP id 67EE2D5412F??for ; Fri, 8 Jun 2007 06:26:04 > +0100 (WEST) from unknown[ 201.250.31.160]; from= > to= proto=SMTP helo= > Jun 8 06:26:05 mydomain postfix/cleanup[5920]: 67EE2D5412F: message-id=< > 20070608052604.67EE2D5412F@mydomain.com> > Jun 8 06:26:05 mydomain postfix/smtpd[5917]: disconnect from > unknown[201.250.31.160 ] > Jun 8 06:26:12 mydomain MailScanner[27473]: New Batch: Scanning 1 messages, > 769 bytes > Jun 8 06:26:12 mydomain MailScanner[27473]: Spam Checks: Starting > > then MailScanner catchs it as spam, but if it would the mail would be > delivered to asdf@asdf.com? > > Regards, No, what made you think that? It'd try to deliver/relay to asdf@asdf@asdf-com.mydomain.com ... Which probably doesn't exist. You could have blocked this in Postfix by: a) demanding a HELO. b) demanding that the helo be a FQDN ... and nothing else. c) check for valid recipients. man postconf ... and looking at the MailScanner wiki (http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:reject_non_existent_users)... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Jun 8 11:48:32 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 8 11:48:34 2007 Subject: Strange thing... In-Reply-To: <223f97700706080346h238a740ei16f1bddf3cf062ee@mail.gmail.com> References: <223f97700706080346h238a740ei16f1bddf3cf062ee@mail.gmail.com> Message-ID: <223f97700706080348r4421eb23w12da224b930ed31b@mail.gmail.com> On 08/06/07, Glenn Steen wrote: (snip) > No, what made you think that? It'd try to deliver/relay to > asdf@asdf@asdf-com.mydomain.com ... Which probably doesn't exist. That should be "... relay to asdf@asdf-com.mydomain.com ...." and nothing else:-) Cheers -- -- Glenn (a.k.a. Le Grand Typo) email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Jun 8 11:54:56 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 8 11:54:59 2007 Subject: /var/log/mail problems In-Reply-To: <2444.147.52.239.225.1181298706.squirrel@econ.soc.uoc.gr> References: <2401.147.52.239.225.1181297563.squirrel@econ.soc.uoc.gr> <31508e3ae48b034bb8ee2f122be4c114@solidstatelogic.com> <2444.147.52.239.225.1181298706.squirrel@econ.soc.uoc.gr> Message-ID: <223f97700706080354i6c7a7506g45f1a07106af5354@mail.gmail.com> On 08/06/07, Alexandros Fragkiadakis wrote: > On Fri, June 8, 2007 1:27 pm, Martin.Hepworth wrote: > > > > > Normal rotatelogs process getting it wrong?? > > > > > > How do you normally rotate the log files on your system? > > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Alexandros Fragkiadakis > >> Sent: 08 June 2007 11:13 > >> To: mailscanner@lists.mailscanner.info > >> Subject: /var/log/mail problems > >> > >> > >> hi all, > >> > >> i'm using mailscanner+postfix. A few days ago i restarted Mailscanner > >> through /etc/init.d/Mailscanner. After this, /var/log/mail loging > > lasts > >> for 24 hours and after this period a new logging starts with the past > > logs > >> being lost. > >> > >> Do you have any idea why is this happening? > >> > >> > >> > >> Many thanks in advance, > >> > >> > >> Alexandros > >> > >> > >> > >> > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is believed to be clean. > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> > >> Support MailScanner development - buy the book off the website! > >> > > > > > > > > > There is a rotatelogs2 process in /usr/sbin but not sure how to configure > it or test it. > > logrotate usually runs as a cron job ... so check those. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From js at wexoe.dk Fri Jun 8 14:25:22 2007 From: js at wexoe.dk (Jens W. Skov) Date: Fri Jun 8 14:25:35 2007 Subject: Periodic SA problem Message-ID: <196A8818B3B5D611AC8D0008024505DB0129452D@PDCWEXOE> Hi After upgrading to latest stable MS build last week and the Clam/SA package my hit-rate has eally improved, but now I have to restart MS once a day or so because SA suddenly does not tag anything. I can't see why this s happening. Can anyone give me an idea to hat I could check? Jens From rcooper at dwford.com Fri Jun 8 14:42:29 2007 From: rcooper at dwford.com (Rick Cooper) Date: Fri Jun 8 14:42:35 2007 Subject: Periodic SA problem In-Reply-To: <196A8818B3B5D611AC8D0008024505DB0129452D@PDCWEXOE> References: <196A8818B3B5D611AC8D0008024505DB0129452D@PDCWEXOE> Message-ID: <085801c7a9d2$dc088280$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Jens W. Skov > Sent: Friday, June 08, 2007 9:25 AM > To: 'MailScanner discussion' > Subject: Periodic SA problem > > Hi > > After upgrading to latest stable MS build last week and the > Clam/SA package > my hit-rate has eally improved, but now I have to restart MS > once a day or > so because SA suddenly does not tag anything. > > I can't see why this s happening. > Can anyone give me an idea to hat I could check? > > Jens > -- And your logs say what? If this is just the last couple days look for spamassassin timeouts possibly caused by the DDOS attacks on several key servers and disable them (I believe uribl, spamhaus, and something else). After so many timeouts MailScanner will disable SpamAssassin checks Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alvaro at hostalia.com Fri Jun 8 15:28:20 2007 From: alvaro at hostalia.com (=?ISO-8859-1?Q?Alvaro_Mar=EDn?=) Date: Fri Jun 8 15:28:30 2007 Subject: MailScanner won't start after upgrade to 4.60.8-1 In-Reply-To: <36803.87.238.80.64.1181296930.squirrel@www.croombs.org> References: <55207.87.238.80.64.1181295330.squirrel@www.croombs.org> <75b19690790cea4e8e1e5be3969f08a5@solidstatelogic.com> <36803.87.238.80.64.1181296930.squirrel@www.croombs.org> Message-ID: <46696784.50408@hostalia.com> Hello, > I assume this is the issue (new 1 to me) > check: no loaded plugin implements 'check_main': cannot scan! at > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 164. I got the same problem, check in MailScanner.conf these settings: SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin SpamAssassin Site Rules Dir = /etc/mail/spamassassin SpamAssassin Local Rules Dir = /etc/mail/spamassassin SpamAssassin Local State Dir = /var/lib/spamassassin SpamAssassin Default Rules Dir = /usr/local/share/spamassassin to ensure that SA can "see" v320.pre, and check that in /etc/mail/spamassassin/v320.pre you have: loadplugin Mail::SpamAssassin::Plugin::Check Regards, -- Alvaro Mar?n Illera Hostalia Internet www.hostalia.com From denis at croombs.org Fri Jun 8 16:01:14 2007 From: denis at croombs.org (Denis Croombs) Date: Fri Jun 8 16:01:17 2007 Subject: MailScanner won't start after upgrade to 4.60.8-1 In-Reply-To: <46696784.50408@hostalia.com> References: <55207.87.238.80.64.1181295330.squirrel@www.croombs.org> <75b19690790cea4e8e1e5be3969f08a5@solidstatelogic.com> <36803.87.238.80.64.1181296930.squirrel@www.croombs.org> <46696784.50408@hostalia.com> Message-ID: <65192.87.238.80.64.1181314874.squirrel@www.croombs.org> > Hello, > >> I assume this is the issue (new 1 to me) >> check: no loaded plugin implements 'check_main': cannot scan! at >> /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line >> 164. > > I got the same problem, check in MailScanner.conf these settings: > > SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin > SpamAssassin Site Rules Dir = /etc/mail/spamassassin > SpamAssassin Local Rules Dir = /etc/mail/spamassassin > SpamAssassin Local State Dir = /var/lib/spamassassin > SpamAssassin Default Rules Dir = /usr/local/share/spamassassin > > to ensure that SA can "see" v320.pre, and check that in > /etc/mail/spamassassin/v320.pre you have: > > loadplugin Mail::SpamAssassin::Plugin::Check Thanks for that I do not have a v320.pre I have:- [root@bob ~]# ls -l /etc/mail/spamassassin/v3* -rw-r--r-- 1 root root 2634 Jan 28 12:35 /etc/mail/spamassassin/v310.pre -rw-r--r-- 1 root root 806 Jan 28 12:35 /etc/mail/spamassassin/v312.pre I assume spamassassin 3.2x installs v320.pre ? Regards Denis From alvaro at hostalia.com Fri Jun 8 16:32:31 2007 From: alvaro at hostalia.com (=?ISO-8859-1?Q?Alvaro_Mar=EDn?=) Date: Fri Jun 8 16:32:40 2007 Subject: MailScanner won't start after upgrade to 4.60.8-1 In-Reply-To: <65192.87.238.80.64.1181314874.squirrel@www.croombs.org> References: <55207.87.238.80.64.1181295330.squirrel@www.croombs.org> <75b19690790cea4e8e1e5be3969f08a5@solidstatelogic.com> <36803.87.238.80.64.1181296930.squirrel@www.croombs.org> <46696784.50408@hostalia.com> <65192.87.238.80.64.1181314874.squirrel@www.croombs.org> Message-ID: <4669768F.5010004@hostalia.com> Hi, > I have:- > > [root@bob ~]# ls -l /etc/mail/spamassassin/v3* > -rw-r--r-- 1 root root 2634 Jan 28 12:35 /etc/mail/spamassassin/v310.pre > -rw-r--r-- 1 root root 806 Jan 28 12:35 /etc/mail/spamassassin/v312.pre > > I assume spamassassin 3.2x installs v320.pre ? Yes, at least in SA installed from CPAN: http://search.cpan.org/src/JMASON/Mail-SpamAssassin-3.2.0/rules/v320.pre Perhaps you have it installed in other path. Regards, -- Alvaro Mar?n Illera Hostalia Internet www.hostalia.com From uxbod at splatnix.net Fri Jun 8 17:13:46 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Fri Jun 8 17:10:38 2007 Subject: test Message-ID: <20070608171346.3c5284fa@uxbod.splatnix.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apologies. - -- - --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (GNU/Linux) iD8DBQFGaYA+H7GwL121aHsRAnZFAKCI1l/6hbKDVJzB2eCwW8xmOeC3MQCbBiui tTpl1rpjHake0mwW1Dz3cVE= =HCT0 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From pparsons at columbiafuels.com Fri Jun 8 17:14:38 2007 From: pparsons at columbiafuels.com (Philip Parsons) Date: Fri Jun 8 17:14:41 2007 Subject: http://www.rulesemporium.com/ In-Reply-To: <46696784.50408@hostalia.com> References: <36803.87.238.80.64.1181296930.squirrel@www.croombs.org> <46696784.50408@hostalia.com> Message-ID: <2023D81BC0235143A46589958FF543F504B1642E@bigbird.columbiafuels.com> Does anyone know what's going on with www.rulesemporium.com I cannot seem to access their page. ?? From martinh at solidstatelogic.com Fri Jun 8 17:20:30 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Jun 8 17:20:39 2007 Subject: http://www.rulesemporium.com/ In-Reply-To: <2023D81BC0235143A46589958FF543F504B1642E@bigbird.columbiafuels.com> Message-ID: <0fa5eaeb03e4a14ea1183d63c7073343@solidstatelogic.com> DDOS attack, along with www sites for uribl.org and spamhaus. Currently the chief ninja at rulesemporium is asking people to stop their normal checks so they can try deal with the issue better. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Philip Parsons > Sent: 08 June 2007 17:15 > To: MailScanner discussion > Subject: http://www.rulesemporium.com/ > > Does anyone know what's going on with www.rulesemporium.com I cannot > seem to access their page. ?? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From mkercher at nfsmith.com Fri Jun 8 17:31:32 2007 From: mkercher at nfsmith.com (Mike Kercher) Date: Fri Jun 8 17:31:39 2007 Subject: http://www.rulesemporium.com/ References: <36803.87.238.80.64.1181296930.squirrel@www.croombs.org><46696784.50408@hostalia.com> <2023D81BC0235143A46589958FF543F504B1642E@bigbird.columbiafuels.com> Message-ID: <6DEF8ABC1767C045B91F42066D36358E0B63C8@HOUPEX01.nfsmith.info> DDoS http://forums.cnet.com/5208-6132_102-0.html?forumID=32&threadID=251277&m essageID=2507921 -Mike ______________________ ROFL:ROFL:ROFL:ROFL __^__ L __/ []\ LOL===_ \ L \________] I I -------/ -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Philip Parsons Sent: Friday, June 08, 2007 11:15 AM To: MailScanner discussion Subject: http://www.rulesemporium.com/ Does anyone know what's going on with www.rulesemporium.com I cannot seem to access their page. ?? -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From pparsons at columbiafuels.com Fri Jun 8 17:32:50 2007 From: pparsons at columbiafuels.com (Philip Parsons) Date: Fri Jun 8 17:32:52 2007 Subject: http://www.rulesemporium.com/ In-Reply-To: <0fa5eaeb03e4a14ea1183d63c7073343@solidstatelogic.com> References: <2023D81BC0235143A46589958FF543F504B1642E@bigbird.columbiafuels.com> <0fa5eaeb03e4a14ea1183d63c7073343@solidstatelogic.com> Message-ID: <2023D81BC0235143A46589958FF543F504B1642F@bigbird.columbiafuels.com> Doing that now. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth Sent: Friday, June 08, 2007 9:21 AM To: MailScanner discussion Subject: RE: http://www.rulesemporium.com/ DDOS attack, along with www sites for uribl.org and spamhaus. Currently the chief ninja at rulesemporium is asking people to stop their normal checks so they can try deal with the issue better. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Philip Parsons > Sent: 08 June 2007 17:15 > To: MailScanner discussion > Subject: http://www.rulesemporium.com/ > > Does anyone know what's going on with www.rulesemporium.com I cannot > seem to access their page. ?? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From hmkash at arl.army.mil Fri Jun 8 17:48:45 2007 From: hmkash at arl.army.mil (Kash, Howard (Civ, ARL/CISD)) Date: Fri Jun 8 17:48:02 2007 Subject: Invalid postfix queue files (UNCLASSIFIED) Message-ID: <88991ECEE371C644986F0C8837C207B70173B1F1@ARLABML01.DS.ARL.ARMY.MIL> Classification: UNCLASSIFIED Caveats: NONE After upgrading to MS 4.60.8, MailScanner has started reporting "New Batch: Found invalid queue files: ". Each of the queue files appears to have a truncated message contents section and 90% of them end with "To: undisclosed-recipients:;". There's a total of about 30 of them since I upgraded on June 4. Anyone else seeing this? I also upgraded postfix from 2.3.9 to 2.3.11 at the same time, but figured I'd start here first since the postfix group will blame MailScanner anyway... Thanks, Howard Classification: UNCLASSIFIED Caveats: NONE -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070608/e8307f1d/attachment.html From gerard at seibercom.net Fri Jun 8 17:55:19 2007 From: gerard at seibercom.net (Gerard) Date: Fri Jun 8 17:55:00 2007 Subject: test In-Reply-To: <20070608171346.3c5284fa@uxbod.splatnix.net> References: <20070608171346.3c5284fa@uxbod.splatnix.net> Message-ID: <20070608125239.359E.GERARD@seibercom.net> On June 08, 2007 at 12:13PM --[ UxBoD ]-- wrote: > Apologies. Although this is somewhat of a rarity on this list, perhaps the setting up of a test network similar to what is used with the FreeBSD forum might be something to investigate. -- Gerard For AOL (L)Users: "RAM Disk" is not an installation procedure. From MailScanner at ecs.soton.ac.uk Fri Jun 8 19:52:06 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 8 19:55:57 2007 Subject: MailScanner won't start after upgrade to 4.60.8-1 In-Reply-To: <36803.87.238.80.64.1181296930.squirrel@www.croombs.org> References: <55207.87.238.80.64.1181295330.squirrel@www.croombs.org> <75b19690790cea4e8e1e5be3969f08a5@solidstatelogic.com> <36803.87.238.80.64.1181296930.squirrel@www.croombs.org> Message-ID: <4669A556.6060704@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070608/f4b360df/PGP.bin From denis at croombs.org Fri Jun 8 19:59:28 2007 From: denis at croombs.org (Denis Croombs) Date: Fri Jun 8 20:02:42 2007 Subject: MailScanner won't start after upgrade to 4.60.8-1 In-Reply-To: <4669768F.5010004@hostalia.com> Message-ID: <200706081902.l58J2bHA012200@mail.deniscroombs.org> > > I have:- > > > > [root@bob ~]# ls -l /etc/mail/spamassassin/v3* > > -rw-r--r-- 1 root root 2634 Jan 28 12:35 > > /etc/mail/spamassassin/v310.pre > > -rw-r--r-- 1 root root 806 Jan 28 12:35 > > /etc/mail/spamassassin/v312.pre > > > > I assume spamassassin 3.2x installs v320.pre ? > > Yes, at least in SA installed from CPAN: > > http://search.cpan.org/src/JMASON/Mail-SpamAssassin-3.2.0/rule s/v320.pre > > Perhaps you have it installed in other path. > Thanks, just installing that file solved it. Regards Denis From davi at jvsinfo.com.br Fri Jun 8 20:36:28 2007 From: davi at jvsinfo.com.br (davi@jvsinfo.com.br) Date: Fri Jun 8 20:36:43 2007 Subject: CustomFunctions Patch Proposal Message-ID: Hello list, I am developing a tool to configure polices for email with MailScanner. This police are store in SQL or XML. I consider that an alteration in the official code of the MailScanner is made to support the sending of parameter $name of the configuration directive to the custom function. Thus function would be possible inside of custom to know which parameter is being searched and return the corresponding value. In such a way, is not necessary to create a custom function for each directive to use the XML police. What you think about ? The Config.pm modification (in black) sub Value { my($name, $msg) = @_; my($funcname, $result); [...] # Make this as fast as possible in simple situations return $StaticScalars{$name} if exists $StaticScalars{$name}; # User custom-written functions are easy to spot too $funcname = $CustomFunctions{$name}; if ($funcname) { $funcname = 'MailScanner::CustomConfig::' . $funcname; no strict 'refs'; # Make patch HERE ! ! $result = &$funcname($msg,$name); use strict 'refs'; #print STDERR "It was a CF\n" if $name eq 'spamwhitelist'; return $result; } The CustonFunction with parameter; sub MailPolice { # New here ! ! my ($message,$name) = @_; MailScanner::Log::InfoLog("MailPolice: DUMPER message " .Dumper($ message)); MailScanner::Log::InfoLog("MailPolice: DUMPER name " .Dumper($name )); return XmlPoliceGetDirective($name); } so a find 100 and return proper value 100 to MailScanner and in MailScanner.conf i made this: Max Message Size = &MailPolice What you think about ? Sr. Julian Field, this patch in Config.pm are possible? best regards, Davi Baldin JVS do Brasil - IBM BP Premier davi@jvsinfo.com.br (19) 3254-1266 (19) 9266-6793 ** NOVO ** -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070608/3c111b45/attachment.html From matt at coders.co.uk Fri Jun 8 20:46:48 2007 From: matt at coders.co.uk (Matt Hampton) Date: Fri Jun 8 20:44:35 2007 Subject: CustomFunctions Patch Proposal In-Reply-To: References: Message-ID: <4669B228.4090403@coders.co.uk> davi@jvsinfo.com.br wrote: > > Hello list, > > I am developing a tool to configure polices for email with > MailScanner. This police are store in SQL or XML. I consider that an > alteration in the official code of the MailScanner is made to support > the sending of parameter *$name* of the configuration directive to the > custom function. Thus function would be possible inside of custom to > know which parameter is being searched and return the corresponding > value. In such a way, is not necessary to create a custom function for > each directive to use the XML police. What you think about ? > I submitted a similar patch to Jules a few weeks ago and it has been added to the 4.6x releases. matt From lists at jfworks.net Fri Jun 8 20:57:52 2007 From: lists at jfworks.net (James) Date: Fri Jun 8 20:57:10 2007 Subject: smf-sav causing problems with other networks? Message-ID: <4669B4C0.3060204@jfworks.net> Hello, After getting a call from a customer, I went to try to validate the email address @verizon.net with my favorite tool, sav I got this nice message: sav @verizon.net SAV v1.3.0 (C) 2005, 2006 by Eugene Kurmanin - http://smfs.sf.net/ verizon.net is handled (pri=0): relay.verizon.net Connecting to: relay.verizon.net. Connected to: relay.verizon.net. <<< 571 Email from x.X.x.X is currently blocked by Verizon Online's anti-spam system. The email sender or Email Service Provider may visit http://www.verizon.net/whitelist and request removal of the block. >>> RSET lorimor@verizon.net: Sender address verification failed. The only thing this server sends out to a connecting mail server is the sender address verification (aside from "normal" communication) so maybe all those folks who are/were against this type of method have won. Being the small kid on the block we will always have to bend to these larger companies with millions of customers. I can't confirm that its smf-sav causing the problem, but its the first thing that comes to mind. Of course there is no way to actually call and talk to someone about this to figure it out. "the worlds largest network - not answering calls?" The one tech I was able to get in touch with has "no way to contact anyone about the issue". Makes me think of those commercials and all those people... nice network there Has anyone else run into this with verizon specifically? Seems Im having to give up my tools. James From lists at jfworks.net Fri Jun 8 21:43:23 2007 From: lists at jfworks.net (James) Date: Fri Jun 8 21:42:50 2007 Subject: smf-sav causing problems with other networks? (wong list) In-Reply-To: <4669B4C0.3060204@jfworks.net> References: <4669B4C0.3060204@jfworks.net> Message-ID: <4669BF6B.5030005@jfworks.net> Sorry wrong list. James wrote: > Hello, > > After getting a call from a customer, I went to try to validate the > email address @verizon.net with my favorite tool, sav I got this > nice message: > > sav @verizon.net > SAV v1.3.0 (C) 2005, 2006 by Eugene Kurmanin - http://smfs.sf.net/ > verizon.net is handled (pri=0): relay.verizon.net > Connecting to: relay.verizon.net. > Connected to: relay.verizon.net. > <<< 571 Email from x.X.x.X is currently blocked by Verizon Online's > anti-spam system. The email sender or Email Service Provider may visit > http://www.verizon.net/whitelist and request removal of the block. > >>> RSET > lorimor@verizon.net: Sender address verification failed. > > > The only thing this server sends out to a connecting mail server is > the sender address verification (aside from "normal" communication) so > maybe all those folks who are/were against this type of method have > won. Being the small kid on the block we will always have to bend to > these larger companies with millions of customers. > > > I can't confirm that its smf-sav causing the problem, but its the > first thing that comes to mind. Of course there is no way to actually > call and talk to someone about this to figure it out. "the worlds > largest network - not answering calls?" The one tech I was able to get > in touch with has "no way to contact anyone about the issue". Makes me > think of those commercials and all those people... nice network there > > > Has anyone else run into this with verizon specifically? > > Seems Im having to give up my tools. > > James From hvdkooij at vanderkooij.org Fri Jun 8 22:03:47 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Jun 8 22:04:29 2007 Subject: Max Message and Attachment Sizes In-Reply-To: <466916CE.3090106@ecs.soton.ac.uk> References: <431717.45989.qm@web33310.mail.mud.yahoo.com> <466916CE.3090106@ecs.soton.ac.uk> Message-ID: On Fri, 8 Jun 2007, Julian Field wrote: > The maximum message size includes the size of the body of the message plus > the Base64-encoded attachments. Most admins know that a 9.9 MB file gets expanded by 4/3 factor so it will not fit into a 10 MB message size limit. But I keep running into people who are not aware that email results in a 33% overhead on each (binary) file. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From ssilva at sgvwater.com Fri Jun 8 22:16:05 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 8 22:16:27 2007 Subject: Invalid postfix queue files (UNCLASSIFIED) In-Reply-To: <88991ECEE371C644986F0C8837C207B70173B1F1@ARLABML01.DS.ARL.ARMY.MIL> References: <88991ECEE371C644986F0C8837C207B70173B1F1@ARLABML01.DS.ARL.ARMY.MIL> Message-ID: Kash, Howard (Civ, ARL/CISD) spake the following on 6/8/2007 9:48 AM: > Classification: _* UNCLASSIFIED*_** > Caveats: NONE > > > After upgrading to MS 4.60.8, MailScanner has started reporting "New > Batch: Found invalid queue files: ". Each of the > queue files appears to have a truncated message contents section and 90% > of them end with "To: undisclosed-recipients:;". There's a total of > about 30 of them since I upgraded on June 4. Anyone else seeing this? > I also upgraded postfix from 2.3.9 to 2.3.11 at the same time, but > figured I'd start here first since the postfix group will blame > MailScanner anyway... > Were blaming postfix! ;-) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mogens at fumlersoft.dk Fri Jun 8 22:20:53 2007 From: mogens at fumlersoft.dk (Mogens Melander) Date: Fri Jun 8 22:18:53 2007 Subject: test In-Reply-To: <20070608125239.359E.GERARD@seibercom.net> References: <20070608171346.3c5284fa@uxbod.splatnix.net> <20070608125239.359E.GERARD@seibercom.net> Message-ID: <22307.222.123.0.244.1181337653.squirrel@mail.fumlersoft.dk> On Fri, June 8, 2007 18:55, Gerard wrote: > On June 08, 2007 at 12:13PM --[ UxBoD ]-- wrote: > >> Apologies. > > > Although this is somewhat of a rarity on this list, perhaps the > setting up of a test network similar to what is used with the FreeBSD > forum might > be something to investigate. When making jokes like that, it's custom to append a smiley ( 8^P ). -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Fri Jun 8 22:20:08 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 8 22:25:17 2007 Subject: smf-sav causing problems with other networks? In-Reply-To: <4669B4C0.3060204@jfworks.net> References: <4669B4C0.3060204@jfworks.net> Message-ID: James spake the following on 6/8/2007 12:57 PM: > Hello, > > After getting a call from a customer, I went to try to validate the > email address @verizon.net with my favorite tool, sav I got this > nice message: > > sav @verizon.net > SAV v1.3.0 (C) 2005, 2006 by Eugene Kurmanin - http://smfs.sf.net/ > verizon.net is handled (pri=0): relay.verizon.net > Connecting to: relay.verizon.net. > Connected to: relay.verizon.net. > <<< 571 Email from x.X.x.X is currently blocked by Verizon Online's > anti-spam system. The email sender or Email Service Provider may visit > http://www.verizon.net/whitelist and request removal of the block. >>>> RSET > lorimor@verizon.net: Sender address verification failed. > > > The only thing this server sends out to a connecting mail server is the > sender address verification (aside from "normal" communication) so maybe > all those folks who are/were against this type of method have won. Being > the small kid on the block we will always have to bend to these larger > companies with millions of customers. > > > I can't confirm that its smf-sav causing the problem, but its the first > thing that comes to mind. Of course there is no way to actually call and > talk to someone about this to figure it out. "the worlds largest network > - not answering calls?" The one tech I was able to get in touch with has > "no way to contact anyone about the issue". Makes me think of those > commercials and all those people... nice network there > > Has anyone else run into this with verizon specifically? > > Seems Im having to give up my tools. > > James You can't contact any one at Verizon because they are all running around the world with the cell phone guy! Have you tried the latest version of smf-sav? Its at 1.4.0 now. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mogens at fumlersoft.dk Fri Jun 8 22:40:36 2007 From: mogens at fumlersoft.dk (Mogens Melander) Date: Fri Jun 8 22:38:30 2007 Subject: smf-sav causing problems with other networks? In-Reply-To: <4669B4C0.3060204@jfworks.net> References: <4669B4C0.3060204@jfworks.net> Message-ID: <11717.222.123.0.244.1181338836.squirrel@mail.fumlersoft.dk> Well, my sendmail access file says: verizon.net ERROR:"550 Reject : verizon.net - Spam source" That rule get about 70-130 hits a day. On Fri, June 8, 2007 21:57, James wrote: > Hello, > > After getting a call from a customer, I went to try to validate the > email address @verizon.net with my favorite tool, sav I got this > nice message: > > sav @verizon.net > SAV v1.3.0 (C) 2005, 2006 by Eugene Kurmanin - http://smfs.sf.net/ > verizon.net is handled (pri=0): relay.verizon.net > Connecting to: relay.verizon.net. > Connected to: relay.verizon.net. > <<< 571 Email from x.X.x.X is currently blocked by Verizon Online's > anti-spam system. The email sender or Email Service Provider may visit > http://www.verizon.net/whitelist and request removal of the block. > >>> RSET > lorimor@verizon.net: Sender address verification failed. > > > The only thing this server sends out to a connecting mail server is the > sender address verification (aside from "normal" communication) so maybe > all those folks who are/were against this type of method have won. Being > the small kid on the block we will always have to bend to these larger > companies with millions of customers. > > > I can't confirm that its smf-sav causing the problem, but its the first > thing that comes to mind. Of course there is no way to actually call and > talk to someone about this to figure it out. "the worlds largest network > - not answering calls?" The one tech I was able to get in touch with has > "no way to contact anyone about the issue". Makes me think of those > commercials and all those people... nice network there > > Has anyone else run into this with verizon specifically? > > Seems Im having to give up my tools. > > James > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Fri Jun 8 23:45:12 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 8 23:45:16 2007 Subject: Invalid postfix queue files (UNCLASSIFIED) In-Reply-To: <88991ECEE371C644986F0C8837C207B70173B1F1@ARLABML01.DS.ARL.ARMY.MIL> References: <88991ECEE371C644986F0C8837C207B70173B1F1@ARLABML01.DS.ARL.ARMY.MIL> Message-ID: <223f97700706081545q319991b7v8a57a7024bbc2003@mail.gmail.com> On 08/06/07, Kash, Howard (Civ, ARL/CISD) wrote: > > > > Classification: UNCLASSIFIED > Caveats: NONE > > > After upgrading to MS 4.60.8, MailScanner has started reporting "New Batch: > Found invalid queue files: ". Each of the queue files > appears to have a truncated message contents section and 90% of them end > with "To: undisclosed-recipients:;". There's a total of about 30 of them > since I upgraded on June 4. Anyone else seeing this? I also upgraded > postfix from 2.3.9 to 2.3.11 at the same time, but figured I'd start here > first since the postfix group will blame MailScanner anyway... > > > Thanks, > Howard Hi Howard, Do you employ any milter(s)? If not, the only changes that could possibly affect PF in that version of MS would be the spin-through of the body.... and any error in that would be.... more fatal:-) As is, I drop any mails hitting the end of the queue file from the batch, in that code segment. That way, it'll be picked up by the next one running through hold, hopefully more completely written than before. The only other way to break out of the loop is by finding the X record after the body... So any error should have rather disastrous (in a more prominent way:-) effects. None of the p record changes actually change how things are stored into the message object... apart from handling the p records (jumping to where they point) and w records (just ignoring them, they signify deleted records) I just let Jules code copy everything as before. Hm, one would want to get a look at both the queue files _before_ and _after_ MS. Probably a tad too much to wish for:-). Could you send us one of them? Or at least the postcat'd result? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Jun 8 23:47:38 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 8 23:47:41 2007 Subject: Invalid postfix queue files (UNCLASSIFIED) In-Reply-To: <223f97700706081545q319991b7v8a57a7024bbc2003@mail.gmail.com> References: <88991ECEE371C644986F0C8837C207B70173B1F1@ARLABML01.DS.ARL.ARMY.MIL> <223f97700706081545q319991b7v8a57a7024bbc2003@mail.gmail.com> Message-ID: <223f97700706081547i22fd18d0udf4d97d5d3af592b@mail.gmail.com> On 09/06/07, Glenn Steen wrote: > On 08/06/07, Kash, Howard (Civ, ARL/CISD) wrote: > > > > > > > > Classification: UNCLASSIFIED > > Caveats: NONE > > > > > > After upgrading to MS 4.60.8, MailScanner has started reporting "New Batch: > > Found invalid queue files: ". Each of the queue files > > appears to have a truncated message contents section and 90% of them end > > with "To: undisclosed-recipients:;". There's a total of about 30 of them > > since I upgraded on June 4. Anyone else seeing this? I also upgraded > > postfix from 2.3.9 to 2.3.11 at the same time, but figured I'd start here > > first since the postfix group will blame MailScanner anyway... > > > > > > Thanks, > > Howard > Hi Howard, > > Do you employ any milter(s)? > If not, the only changes that could possibly affect PF in that version > of MS would be the spin-through of the body.... and any error in that > would be.... more fatal:-) > As is, I drop any mails hitting the end of the queue file from the > batch, in that code segment. That way, it'll be picked up by the next > one running through hold, hopefully more completely written than > before. The only other way to break out of the loop is by finding the > X record after the body... So any error should have rather disastrous > (in a more prominent way:-) effects. > None of the p record changes actually change how things are stored > into the message object... apart from handling the p records (jumping > to where they point) and w records (just ignoring them, they signify > deleted records) I just let Jules code copy everything as before. > > Hm, one would want to get a look at both the queue files _before_ and > _after_ MS. Probably a tad too much to wish for:-). > Could you send us one of them? Or at least the postcat'd result? > > Cheers BTW, is there any error messages in the maillog? Mentioning p record handling? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From res at ausics.net Fri Jun 8 23:48:47 2007 From: res at ausics.net (Res) Date: Fri Jun 8 23:49:00 2007 Subject: smf-sav causing problems with other networks? In-Reply-To: <11717.222.123.0.244.1181338836.squirrel@mail.fumlersoft.dk> References: <4669B4C0.3060204@jfworks.net> <11717.222.123.0.244.1181338836.squirrel@mail.fumlersoft.dk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 8 Jun 2007, Mogens Melander wrote: > Well, my sendmail access file says: > verizon.net ERROR:"550 Reject : verizon.net - Spam source" Mines been similar for some years kind of ironic isn't it. if they cleaned their own act up, maybe they wouldnt be hit as much :P > > That rule get about 70-130 hits a day. > > On Fri, June 8, 2007 21:57, James wrote: >> Hello, >> >> After getting a call from a customer, I went to try to validate the >> email address @verizon.net with my favorite tool, sav I got this >> nice message: >> >> sav @verizon.net >> SAV v1.3.0 (C) 2005, 2006 by Eugene Kurmanin - http://smfs.sf.net/ >> verizon.net is handled (pri=0): relay.verizon.net >> Connecting to: relay.verizon.net. >> Connected to: relay.verizon.net. >> <<< 571 Email from x.X.x.X is currently blocked by Verizon Online's >> anti-spam system. The email sender or Email Service Provider may visit >> http://www.verizon.net/whitelist and request removal of the block. >> >>> RSET >> lorimor@verizon.net: Sender address verification failed. >> >> >> The only thing this server sends out to a connecting mail server is the >> sender address verification (aside from "normal" communication) so maybe >> all those folks who are/were against this type of method have won. Being >> the small kid on the block we will always have to bend to these larger >> companies with millions of customers. >> >> >> I can't confirm that its smf-sav causing the problem, but its the first >> thing that comes to mind. Of course there is no way to actually call and >> talk to someone about this to figure it out. "the worlds largest network >> - not answering calls?" The one tech I was able to get in touch with has >> "no way to contact anyone about the issue". Makes me think of those >> commercials and all those people... nice network there >> >> Has anyone else run into this with verizon specifically? >> >> Seems Im having to give up my tools. >> >> James >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> > > > - -- Cheers Res -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGadzUsWhAmSIQh7MRAosmAJ4556b4RSmGs58EqwB2seVvjh2SpACgm+UQ h3m8dyJE8Qg8ZnGd27apvxU= =l9pN -----END PGP SIGNATURE----- From itdept at fractalweb.com Sat Jun 9 00:30:32 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Sat Jun 9 00:30:46 2007 Subject: filenames getting mangled -- SOLVED! In-Reply-To: <46690A94.7090204@xplanation.com> References: <466836A7.8030706@fractalweb.com> <46684569.9070802@fractalweb.com> <46690A94.7090204@xplanation.com> Message-ID: <4669E698.3040403@fractalweb.com> Paul Bijnens wrote: > http://kb.mozillazine.org/Attachments_renamed > > For Thunderbird 1.5, do: > Preferences -> Advanced -> Config Editor... > look for the key "mail.strictly_mime.parm_folding" > and change the value from 2 to 0. > > In thunderbird 2.0 the value for that setting is "3" (which is not > allowed for tb1.5), and that manages to set the mimeheaders > for the filename so that even LookOut or GMail can use them. > So, better upgrade to tb2 and the problem is gone. > Yes, I have confirmed that upgrading the user's machine to Thunderbird 2.x solved the problem. I suspected that anyways, but it seemed an odd issue. Thanks for the help! Chris From micoots at yahoo.com Sat Jun 9 00:48:04 2007 From: micoots at yahoo.com (Michael Mansour) Date: Sat Jun 9 00:48:08 2007 Subject: Max Message and Attachment Sizes In-Reply-To: <466916CE.3090106@ecs.soton.ac.uk> Message-ID: <876985.767.qm@web33303.mail.mud.yahoo.com> Hi Julian, Firstly, thanks for the reply. I'm surprised to see you back into the swing of things so soon, but am glad you're back. Julian Field wrote: Michael Mansour wrote: Hi, The following two options seem to be the only ones to control this: # The maximum size, in bytes, of any message including the headers. # If this is set to zero, then no size checking is done. # This can also be the filename of a ruleset, so you can have different # settings for different users. You might want to set this quite small for # dialup users so their email applications don't time out downloading huge # messages. Maximum Message Size = %rules-dir%/maximum.message.size.rules # The maximum size, in bytes, of any attachment in a message. # If this is set to zero, effectively no attachments are allowed. # If this is set less than zero, then no size checking is done. # This can also be the filename of a ruleset, so you can have different # settings for different users. You might want to set this quite small for # large mailing lists so they don't get deluged by large attachments. Maximum Attachment Size = %rules-dir%/maximum.attachment.size.rules My problem is that I have set one domain to limit by 10M for each of the options above, but the problem is reading each option more carefully, it doesn't seem to talk about the _total_ size of the message plus attachement, only the size limit for each attachment onto a message. The maximum message size includes the size of the body of the message plus the Base64-encoded attachments. Ok, if that's the case then it's not working for me. My setup is like this: Maximum Message Size = %rules-dir%/maximum.message.size.rules Maximum Attachment Size = %rules-dir%/maximum.attachment.size.rules Minimum Attachment Size = -1 and: # cat ./rules/maximum.message.size.rules To: *@example.com 10M To: *@example.com.au 10M FromOrTo: default 0 # cat ./rules/maximum.attachment.size.rules To: *@example.com 10M To: *@example.com.au 10M FromOrTo: default -1 Yet when the SMTP server accepts the email and delivers to Mailscanner, both of my MX servers (where MailScanner runs) keep trying to send to the example.com SMTP server every 15 minutes. When looking at each the MX servers mail queue, the message sizes are over 10Mb. What I need is for any message for a particular domain (which I setup in each rules file above) that is over a _total_ of 10M, regardless if that 10Mb is made up of multiple xmb files or not, to be rejected with an email back to the sender explaining the email is too big. Use the Maximum Message Size. Reading the max.message.size.rules file: # The 2 lines involving domain3.com show that for email to user@domain3.com # has a limit of 5Mbytes per message, while email to any other user # @domain3.com has a limit of 500Kbytes per message. # To: *@domain1.com 10M To: *@domain2.com 20M From: user@domain3.com 5M From: *@domain3.com 500K So does this mean I need to change my ruleset above instead to: # cat ./rules/maximum.message.size.rules From: *@example.com 10M From: *@example.com.au 10M FromOrTo: default 0 ?? Thanks. Michael. For a history of why I need this, I route mail for a domain (virus/spam scanning) who run Exchange, so once Mailscanner does its job, it sends to their Exchange SMTP server. Their Exchange limits to 10Mb and then drops the connection. My end keeps retrying to send every 15mins forever, so their bandwidth costs skyrocket. I looked at blocking this at the MTA level (sendmail), but then feared that the sending smtp server would keep trying every 15mins and send our bandwidth costs through the roof. So I instead decided to let the MTA accept the message and pass it to MailScanner, which was then set to the 10Mb limit, and would also bounce the message back to the sender with the reason why (configured in MailScanner). But instead, I'm seeing the same occurance with any emails above 10mb trying to be sent from my SMTP server to the Exchange SMTP server. If MailScanner could say "any message totalling 10Mb is rejected" then I think this would solve the problem. Either that or find a way to tell MailScanner/sendmail to stop trying to send a message if it fails x number of times? Any help or advice is much appreciated. Thankyou. Michael. --------------------------------- How would you spend $50,000 to create a more sustainable environment in Australia? Go to Yahoo!7 Answers and share your idea. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Send instant messages to your online friends http://au.messenger.yahoo.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070609/2b54224f/attachment.html From micoots at yahoo.com Sat Jun 9 06:33:44 2007 From: micoots at yahoo.com (Michael Mansour) Date: Sat Jun 9 06:33:47 2007 Subject: Max Message and Attachment Sizes In-Reply-To: Message-ID: <151161.73115.qm@web33314.mail.mud.yahoo.com> Hi Hugo, Hugo van der Kooij wrote: On Fri, 8 Jun 2007, Julian Field wrote: > The maximum message size includes the size of the body of the message plus > the Base64-encoded attachments. Most admins know that a 9.9 MB file gets expanded by 4/3 factor so it will not fit into a 10 MB message size limit. But I keep running into people who are not aware that email results in a 33% overhead on each (binary) file. Hmm.. that may be the problem then. So instead of putting 10M I really should be putting 9.5M or 9M? Michael. Hugo. --------------------------------- How would you spend $50,000 to create a more sustainable environment in Australia? Go to Yahoo!7 Answers and share your idea. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070609/b66cd166/attachment.html From hvdkooij at vanderkooij.org Sat Jun 9 08:23:39 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Jun 9 08:24:23 2007 Subject: Max Message and Attachment Sizes In-Reply-To: <151161.73115.qm@web33314.mail.mud.yahoo.com> References: <151161.73115.qm@web33314.mail.mud.yahoo.com> Message-ID: On Sat, 9 Jun 2007, Michael Mansour wrote: > Hmm.. that may be the problem then. So instead of putting 10M I really should be putting 9.5M or 9M? You are not doing the math. So a 5 mB zip file is expanded using the formula to: 5 * 4 /3 = 6.67 MB If you want a 5MB binary attachment to be the max you must set your limit to 6.7 MB to handle the overhead of base64 encoding. Hugo. PS: Please learn yahoo to indent when you reply. (Or better: get awway from yahoo and other free emailsystems) -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From MailScanner at ecs.soton.ac.uk Sat Jun 9 13:53:47 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 9 13:54:29 2007 Subject: Book update released shortly... Message-ID: <466AA2DB.4030605@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've just finished updating Part 2 of the book to get it up to date with all the new features and settings. I've just got to generate the PDF and glue it all together, then I'll upload the updated book to the publisher's site, www.cafepress.com. Unfortunately this time the additions are little bits all over the place, so it's not going to practical to publish the new content separately, sorry. However, reading the Changelog will tell you all the new features and settings that have been added, and one version of the documentation is in the MailScanner.conf file. So you're not really missing out on anything. I'll announce it properly when I have uploaded the new content to the publisher's. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGaqLhEfZZRxQVtlQRAoKDAKDN/Xn+buKiubK/rSEUb4l6uaKn+wCfTWV1 I6x2YPSS9gwe9rK+C/zPxxQ= =w2wl -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Sat Jun 9 21:25:16 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 9 21:26:15 2007 Subject: Book update released shortly... In-Reply-To: <466AA2DB.4030605@ecs.soton.ac.uk> References: <466AA2DB.4030605@ecs.soton.ac.uk> Message-ID: <466B0CAC.2010101@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have uploaded the new book, and have ordered a few copies for a quick proof-check. Due to a bug in their website, I have had to temporarily put it in the "mailscanner2" shop while they get the bug sorted. All the configuration settings up to and including the Clamd settings from version 4.61 are included in the Training Manual, Part II of the book. Julian Field wrote: > * PGP Signed: 06/09/07 at 13:53:53 > > I've just finished updating Part 2 of the book to get it up to date > with all the new features and settings. I've just got to generate the > PDF and glue it all together, then I'll upload the updated book to the > publisher's site, www.cafepress.com. > > Unfortunately this time the additions are little bits all over the > place, so it's not going to practical to publish the new content > separately, sorry. However, reading the Changelog will tell you all > the new features and settings that have been added, and one version of > the documentation is in the MailScanner.conf file. So you're not > really missing out on anything. > > I'll announce it properly when I have uploaded the new content to the > publisher's. > > Jules > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGawy9EfZZRxQVtlQRAv5uAJ4kxz8yVGuZAqnx2Wllh3RzQ1peIQCgmYOY YJnAc5lUHHwzJ2ruYvVq4fY= =e7HF -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From root at doctor.nl2k.ab.ca Sat Jun 9 22:07:50 2007 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Sat Jun 9 22:08:40 2007 Subject: Book update released shortly... In-Reply-To: <466B0CAC.2010101@ecs.soton.ac.uk> References: <466AA2DB.4030605@ecs.soton.ac.uk> <466B0CAC.2010101@ecs.soton.ac.uk> Message-ID: <20070609210749.GA8716@doctor.nl2k.ab.ca> On Sat, Jun 09, 2007 at 09:25:16PM +0100, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have uploaded the new book, and have ordered a few copies for a quick > proof-check. > Due to a bug in their website, I have had to temporarily put it in the > "mailscanner2" shop while they get the bug sorted. > All the configuration settings up to and including the Clamd settings > from version 4.61 are included in the Training Manual, Part II of the book. > > Julian Field wrote: > > * PGP Signed: 06/09/07 at 13:53:53 > > > > I've just finished updating Part 2 of the book to get it up to date > > with all the new features and settings. I've just got to generate the > > PDF and glue it all together, then I'll upload the updated book to the > > publisher's site, www.cafepress.com. > > > > Unfortunately this time the additions are little bits all over the > > place, so it's not going to practical to publish the new content > > separately, sorry. However, reading the Changelog will tell you all > > the new features and settings that have been added, and one version of > > the documentation is in the MailScanner.conf file. So you're not > > really missing out on anything. > > > > I'll announce it properly when I have uploaded the new content to the > > publisher's. > > > > Jules I am glad I asked. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From carock at epconline.com Sun Jun 10 04:54:27 2007 From: carock at epconline.com (Chuck Rock) Date: Sun Jun 10 04:54:38 2007 Subject: AVG Antivirus scanner problem Message-ID: <062201c7ab13$0b0e8de0$8c007f0a@epctech.com> Is anyone using avgscan with MailScanner? I have FreeBSD, sendmail, MailScanner and I just downloaded a trial of AVG for Servers for FreeBSD. It does not appear to detect any viruses though. I ran Eicar and actual virus E-mails through it and all pass without any hesitation. I tried running the avgscan on the queue directory and it doesn't find anything wrong like that either. Does anyone have any idea why it isn't working? I installed F-Protect on another server like this, and it seems to work as expected, but seems a bit pricey in comparison. Thanks, Chuck -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070609/64184c6e/attachment.html From list-mailscanner at linguaphone.com Sun Jun 10 08:26:43 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Sun Jun 10 08:26:50 2007 Subject: Max Message and Attachment Sizes In-Reply-To: <151161.73115.qm@web33314.mail.mud.yahoo.com> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Michael > Mansour > Sent: 09 June 2007 06:34 > To: MailScanner discussion > Subject: Re: Max Message and Attachment Sizes > > > Hi Hugo, > > Hugo van der Kooij wrote: > On Fri, 8 Jun 2007, Julian Field wrote: > > > The maximum message size includes the size of the body of the > message plus > > the Base64-encoded attachments. > > Most admins know that a 9.9 MB file gets expanded by 4/3 factor > so it will > not fit into a 10 MB message size limit. > > But I keep running into people who are not aware that email results in a > 33% overhead on each (binary) file. > > Hmm.. that may be the problem then. So instead of putting 10M I > really should be putting 9.5M or 9M? > > Michael. > > Hugo. No if they only permit mails up to 10MB then the size of the attachment they cac accept is approx 10*3/4 = 7.5MB. You should therefore set the attachment size to 7MBjust to be sure. From andy.mac at global-domination.org Sun Jun 10 10:54:40 2007 From: andy.mac at global-domination.org (Andrew MacLachlan) Date: Sun Jun 10 10:54:46 2007 Subject: DomainKeys and DKIM signing support Message-ID: The Postfix way of doing it is that PF signs outbound messages based on a rule (very similar to an MS rule) and doesn't check inbound messages - The recommendation is to let SA score the inbound message (i.e. DKIM OK, score = 0, DKIM fails score = 5) - the same as you should do for SPF. Because a message is signed, you shouldn't trust it, however if it fails, the don't trust it. (e.g. a yahoo message that isn't signed shouldn't be trusted, because all legit yahoo messages are - and the DKIM framework says so... - same goes for all other organisations that use DKIM like Dell.) -Andy -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kevin Hansard Sent: 08 June 2007 10:17 To: MailScanner discussion Subject: RE: DomainKeys and DKIM signing support > Not yet, no; but it could be. > Have you got a nice simple short and sweet document describing DKIM, how > it works, what it protects against and why it will stop all spam :-) Well I am fairly certain it isn't going to stop all spam! Really it is just another step along the way. It will make it harder to spoof email addresses in both spam and virus messages. However it won't help that much when the spammers use botnets. The FAQ is here http://www.dkim.org/info/dkim-faq.html. For the full DKIM spec see http://www.ietf.org/rfc/rfc4871.txt?number=4871. > Assuming it's based on some checksum/hash function, what text of the > message does it use as its input? > Can you make it just operate on the body and not the headers at all? The whole message is required including the headers. I would expect that following all the header and body processing that you already do, but before you finally unlock the message for delivery you would pass the whole message into Mail::DKIM and this would return a new DKIM-Signature header that would need to be added into the message. > Am I just trying to add DKIM to a message, or do you need me to check it > as well? I think MailScanner probably only needs to be responsible for signing messages. Verifying the signatures can already be done by the receiving daemon or by spamassassin. -- Kevin Hansard www.ipl.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message was scanned by ESVA and is believed to be clean. Click here to report this message as spam. http://mail-gw.global-domination.org/cgi-bin/learn-msg.cgi?id=CB8CE27F9D .689F7 -- This message was scanned by ESVA and is believed to be clean. From rcooper at dwford.com Sun Jun 10 17:58:23 2007 From: rcooper at dwford.com (Rick Cooper) Date: Sun Jun 10 17:58:30 2007 Subject: AVG Antivirus scanner problem In-Reply-To: <062201c7ab13$0b0e8de0$8c007f0a@epctech.com> References: <062201c7ab13$0b0e8de0$8c007f0a@epctech.com> Message-ID: <0ba901c7ab80$8ef76510$0301a8c0@SAHOMELT> I do, there was a patch applied to the parser sometime in the past and it no longer recognizes "identified" only "found". I plan to release a patch to the avg scanner soon Rick Cooper _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Chuck Rock Sent: Saturday, June 09, 2007 11:54 PM To: mailscanner@lists.mailscanner.info Subject: AVG Antivirus scanner problem Is anyone using avgscan with MailScanner? I have FreeBSD, sendmail, MailScanner and I just downloaded a trial of AVG for Servers for FreeBSD. It does not appear to detect any viruses though. I ran Eicar and actual virus E-mails through it and all pass without any hesitation. I tried running the avgscan on the queue directory and it doesn't find anything wrong like that either. Does anyone have any idea why it isn't working? I installed F-Protect on another server like this, and it seems to work as expected, but seems a bit pricey in comparison. Thanks, Chuck -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070610/40825f5c/attachment.html From MailScanner at ecs.soton.ac.uk Sun Jun 10 18:34:23 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jun 10 18:35:37 2007 Subject: AVG Antivirus scanner problem In-Reply-To: <0ba901c7ab80$8ef76510$0301a8c0@SAHOMELT> References: <062201c7ab13$0b0e8de0$8c007f0a@epctech.com> <0ba901c7ab80$8ef76510$0301a8c0@SAHOMELT> Message-ID: <466C361F.2090905@ecs.soton.ac.uk> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070610/3e532e6d/PGP.bin From MailScanner at ecs.soton.ac.uk Sun Jun 10 18:43:09 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jun 10 18:44:43 2007 Subject: AVG Antivirus scanner problem In-Reply-To: <466C361F.2090905@ecs.soton.ac.uk> References: <062201c7ab13$0b0e8de0$8c007f0a@epctech.com> <0ba901c7ab80$8ef76510$0301a8c0@SAHOMELT> <466C361F.2090905@ecs.soton.ac.uk> Message-ID: <466C382D.2050402@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070610/0b02de9e/PGP.bin From paul.hutchings at mira.co.uk Sun Jun 10 18:54:08 2007 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Sun Jun 10 18:54:14 2007 Subject: Stopping content report if virus found? Message-ID: Not sure if I'm going to do a good job of explaining this but here goes. Our MailScanner is configured to check for viruses using ClamAV and to check filenames/types using the default conf files that come with MailScanner. Let's say I email myself the eicar.com test file from outside the network. It's a file that would be blocked as it's a virus, and also because it's an executable. As a sender I don't receive a "message blocked" report which is what I want as it's a virus. As a recipient I do receive a "someone sent you a virus" report, though is also gives me the MailScanner report output about the file type: At Sun Jun 10 18:33:52 2007 the scanner said: ClamAV: eicar.com contains Eicar-Test-Signature MailScanner: Executable DOS/Windows programs are dangerous in email (eicar.com) It's only a small thing, but is there any way around this? i.e. if it's a virus don't bother to check any further as it's a virus and I want to delete it? TIA, Paul Paul Hutchings Network Administrator, MIRA Ltd. Tel: 44 (0)24 7635 5378 Fax: 44 (0)24 7635 8378 mailto:paul.hutchings@mira.co.uk -- MIRA Ltd. Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070610/8bc7ea1d/attachment.html From rcooper at dwford.com Sun Jun 10 18:55:59 2007 From: rcooper at dwford.com (Rick Cooper) Date: Sun Jun 10 18:56:07 2007 Subject: AVG Antivirus scanner problem In-Reply-To: <466C361F.2090905@ecs.soton.ac.uk> References: <062201c7ab13$0b0e8de0$8c007f0a@epctech.com><0ba901c7ab80$8ef76510$0301a8c0@SAHOMELT> <466C361F.2090905@ecs.soton.ac.uk> Message-ID: <0bcc01c7ab88$9abc4480$0301a8c0@SAHOMELT> There was also an issue with the correct parsing of the virus if IIRC and the logout line was very unfriendly to MailWatch. I added $line =~ s/^(.+)(?:\s{1,}\(.+\))$/$1/; below $line =~ s/[\r\n]//g; to remove the new(?) (+2) junk at the end of found lines I changed my $virus = $1; to my $virus = $line; and added $virus =~ s/^.+\s+(.+?)$/$1/; because all of my log lines showed virus to be blank (found virus in file), and I also modifed the logout information to my $logout = $line; $logout =~ s/\s{2,}/ /gs; $logout =~ s/:./->/; $logout =~ /^.+\/(.+?)\s{1,}(.+)\s{0,}$/; MailScanner::Log::InfoLog ("Avg: %s in %s", $2,$1); so it would be easy for MailWatch to get the virus and file name (seemed to be backward from the regex I think). That brings me to a question I was going to ask next week. How about standardizing the virus found log messages? I look through the MailWatch code and every time something is added to MailScanner they would have to re-write the section that handles logging the virus and filename regex. If there was a standard logout put such as Scanner::ScannerName VIRUS_NAME Found In FILE_NAME then MailWatch (and other utlities) could easily parse the scanner, the virus name and the file. The MailWatch clamd, avg and panda support all need updated. What do you think? Rick _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Sunday, June 10, 2007 1:34 PM To: MailScanner discussion; MailScanner beta testers Subject: Re: AVG Antivirus scanner problem How about the applied patch? It's a very simple fix. Rick Cooper wrote: I do, there was a patch applied to the parser sometime in the past and it no longer recognizes "identified" only "found". I plan to release a patch to the avg scanner soon Rick Cooper _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Chuck Rock Sent: Saturday, June 09, 2007 11:54 PM To: mailscanner@lists.mailscanner.info Subject: AVG Antivirus scanner problem Is anyone using avgscan with MailScanner? I have FreeBSD, sendmail, MailScanner and I just downloaded a trial of AVG for Servers for FreeBSD. It does not appear to detect any viruses though. I ran Eicar and actual virus E-mails through it and all pass without any hesitation. I tried running the avgscan on the queue directory and it doesn't find anything wrong like that either. Does anyone have any idea why it isn't working? I installed F-Protect on another server like this, and it seems to work as expected, but seems a bit pricey in comparison. Thanks, Chuck -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070610/b4d590b0/attachment.html From mikej at rogers.com Sun Jun 10 20:12:07 2007 From: mikej at rogers.com (Mike Jakubik) Date: Sun Jun 10 20:14:29 2007 Subject: Releasing dangerous content from quarantine using MailWatch In-Reply-To: References: <4553D043.207@rogers.com> Message-ID: <466C4D07.1080505@rogers.com> Ugo Bellavance wrote: > Mike Jakubik wrote: >> While adding the local server (127.0.0.1) to the whitelist allows >> releasing of quarantined spam emails using MailWatch, doing so with >> emails that have blocked filenames or content does not work, as the >> whitelist seems to be ignored for this. Does anyone know of a >> workaround for this? >> > > Create a ruleset for "Virus Scanning = ". Should include > filetype/name checks. > > Ugo > That works for viruses, which is not very desirable anyways. What about skipping filetype and filename checks? From lhaig at haigmail.com Sun Jun 10 21:34:21 2007 From: lhaig at haigmail.com (Lance Haig) Date: Sun Jun 10 21:34:17 2007 Subject: Book update released shortly... In-Reply-To: <466AA2DB.4030605@ecs.soton.ac.uk> References: <466AA2DB.4030605@ecs.soton.ac.uk> Message-ID: <466C604D.8050308@haigmail.com> I am off to buy a new book. Mine is so old Lance Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I've just finished updating Part 2 of the book to get it up to date with > all the new features and settings. I've just got to generate the PDF and > glue it all together, then I'll upload the updated book to the > publisher's site, www.cafepress.com. > > Unfortunately this time the additions are little bits all over the > place, so it's not going to practical to publish the new content > separately, sorry. However, reading the Changelog will tell you all the > new features and settings that have been added, and one version of the > documentation is in the MailScanner.conf file. So you're not really > missing out on anything. > > I'll announce it properly when I have uploaded the new content to the > publisher's. > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.1 (Build 1012) > Charset: ISO-8859-1 > > wj8DBQFGaqLhEfZZRxQVtlQRAoKDAKDN/Xn+buKiubK/rSEUb4l6uaKn+wCfTWV1 > I6x2YPSS9gwe9rK+C/zPxxQ= > =w2wl > -----END PGP SIGNATURE----- > > From uxbod at splatnix.net Sun Jun 10 22:08:09 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Sun Jun 10 22:04:55 2007 Subject: Book update released shortly... In-Reply-To: <466C604D.8050308@haigmail.com> References: <466AA2DB.4030605@ecs.soton.ac.uk> <466C604D.8050308@haigmail.com> Message-ID: <466C6839.7040307@splatnix.net> Lance Haig wrote: > I am off to buy a new book. > > Mine is so old > > Lance > > Julian Field wrote: > I've just finished updating Part 2 of the book to get it up to date > with all the new features and settings. I've just got to generate the > PDF and glue it all together, then I'll upload the updated book to the > publisher's site, www.cafepress.com. > > Unfortunately this time the additions are little bits all over the > place, so it's not going to practical to publish the new content > separately, sorry. However, reading the Changelog will tell you all > the new features and settings that have been added, and one version of > the documentation is in the MailScanner.conf file. So you're not > really missing out on anything. > > I'll announce it properly when I have uploaded the new content to the > publisher's. > > Jules > > -- Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > Old like me but always a good read :)>> -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Mon Jun 11 06:21:43 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Jun 11 06:22:30 2007 Subject: Stopping content report if virus found? In-Reply-To: References: Message-ID: On Sun, 10 Jun 2007, Paul Hutchings wrote: > As a recipient I do receive a "someone sent you a virus" report, though > is also gives me the MailScanner report output about the file type: > > It's only a small thing, but is there any way around this? i.e. if it's > a virus don't bother to check any further as it's a virus and I want to > delete it? Detecting a filetype takes only a few CPU cycles. But doing a scan on a file is much more expensive. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From davi at jvsinfo.com.br Mon Jun 11 11:56:48 2007 From: davi at jvsinfo.com.br (davi@jvsinfo.com.br) Date: Mon Jun 11 11:57:03 2007 Subject: CustomFunctions Patch Proposal Message-ID: Matt, Thanks for reply. After you message, i got this in release notes in MailScanner. 1/6/2007 New in Version 4.60.8-1 ================================ * New Features and Improvements * 1 Improved Sophos.install script so that it sets up /etc/ld.so.conf ready for installation of Perl-SAVI module required for "sophossavi" virus scanner. 1 Custom Functions can now receive parameters not only to their Init and End functions, but also to their run-time calculation functions (i.e. the real custom function itself used when processing each message). The Custom Function is now passed not only the message, but also a ref to a list of parameters specified in the MailScanner.conf file. So, may this maybe are i need, but how to send parameter to each CustoFunction in run time ? can you help me ? Best regards, Davi Davi Baldin JVS do Brasil - IBM BP Premier davi@jvsinfo.com.br (19) 3254-1266 (19) 9266-6793 ** NOVO ** -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070611/a715642d/attachment.html From Phil.Udel at SalemCorp.com Mon Jun 11 13:19:55 2007 From: Phil.Udel at SalemCorp.com (Phil Udel) Date: Mon Jun 11 13:20:19 2007 Subject: Exchange Conversion Message-ID: <012801c7ac22$d222a5a0$6102a8c0@salemcorp.com> Hi Everyone. I know this is way off topic, but having used mailscanner for many years I have come to value your options and insight. Anyway, I found out last Friday that management has deemed it necessary to convert from our CentOS sendmail/pop server to Exchange on Winblows. I have about 250 mail boxes that I will need to convert and I would still like to you mailscanner to pre-process all internet mail inbound going to Exchange. I know that some of you have gone through this conversion, and since I am on my own to learn Exchange and windows at the same time. I was hoping I could get some. "This is the best way to do it" documents. Any help on the following topics would be greatly appreciated: 1) How to set up Mailscanner for pre-process inbound mail to Exchange. 2) Best way to convert Sendmail/Pop to exchange. All at once or little at a time? 3) Any add on tools for exchange to make it run better like, reporting tools, database repair tools. 4) Anything on how to set up a exchange server "Best Practices" They want me to order hardware this week. Lol. I told them I have a little reading to do first. So any help I can get from you guys would be really helpful Thanks in advance. Phil PS Currently I think I spent maybe $3k on the server I am running now, Exchange has priced out over $50K so far. LOL -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070611/cd5c1408/attachment.html From arjan at anymore.nl Mon Jun 11 13:22:57 2007 From: arjan at anymore.nl (Arjan Schrijver) Date: Mon Jun 11 13:23:14 2007 Subject: MailScanner flooding auth.log Message-ID: <466D3EA1.2090406@anymore.nl> Hi list, Ever since we installed MailScanner 4.60.8.1, our auth.log has been flooded with su's from root to nobody. A little investigation told us that MailScanner was su'ing to user nobody for every mail, just to execute 'hostname --fqdn'. This is new in 4.60, since the old MailScanner installation didn't have the problem. Why was this done this way, and isn't there a more clean way to do it? Regards, Arjan From MailScanner at ecs.soton.ac.uk Mon Jun 11 13:40:36 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 11 13:42:35 2007 Subject: MailScanner flooding auth.log In-Reply-To: <466D3EA1.2090406@anymore.nl> References: <466D3EA1.2090406@anymore.nl> Message-ID: <466D42C4.1000500@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The only time this is done is in the startup code if your MailScanner.conf hasn't been customised. Oh, and one of the sample Custom Functions use it. So I would check your Custom Functions. Arjan Schrijver wrote: > Hi list, > > Ever since we installed MailScanner 4.60.8.1, our auth.log has been > flooded with su's from root to nobody. > A little investigation told us that MailScanner was su'ing to user > nobody for every mail, just to execute 'hostname --fqdn'. > This is new in 4.60, since the old MailScanner installation didn't > have the problem. > Why was this done this way, and isn't there a more clean way to do it? > > Regards, > Arjan Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGbULSEfZZRxQVtlQRAlhAAJoCT6kKY0z+QGhyVZq5AmPCcG9QcQCgluvY 7J1QNEAtjJzjPyGrZQV9RJ8= =ON7A -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From carock at epconline.com Mon Jun 11 14:11:24 2007 From: carock at epconline.com (Chuck Rock) Date: Mon Jun 11 14:11:44 2007 Subject: AVG Antivirus scanner problem In-Reply-To: <0ba901c7ab80$8ef76510$0301a8c0@SAHOMELT> Message-ID: <016c01c7ac2a$039886c0$8c007f0a@epctech.com> This would keep it from removing the virus from a message or just reporting it? I have sent the buggabear virus and also .scr file virus through and it passed them on to the next hop intact. Chuck _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rick Cooper Sent: Sunday, June 10, 2007 11:58 AM To: 'MailScanner discussion' Subject: RE: AVG Antivirus scanner problem I do, there was a patch applied to the parser sometime in the past and it no longer recognizes "identified" only "found". I plan to release a patch to the avg scanner soon Rick Cooper _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Chuck Rock Sent: Saturday, June 09, 2007 11:54 PM To: mailscanner@lists.mailscanner.info Subject: AVG Antivirus scanner problem Is anyone using avgscan with MailScanner? I have FreeBSD, sendmail, MailScanner and I just downloaded a trial of AVG for Servers for FreeBSD. It does not appear to detect any viruses though. I ran Eicar and actual virus E-mails through it and all pass without any hesitation. I tried running the avgscan on the queue directory and it doesn't find anything wrong like that either. Does anyone have any idea why it isn't working? I installed F-Protect on another server like this, and it seems to work as expected, but seems a bit pricey in comparison. Thanks, Chuck -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070611/82cc900d/attachment.html From arjan at anymore.nl Mon Jun 11 14:14:11 2007 From: arjan at anymore.nl (Arjan Schrijver) Date: Mon Jun 11 14:14:27 2007 Subject: MailScanner flooding auth.log In-Reply-To: <466D42C4.1000500@ecs.soton.ac.uk> References: <466D3EA1.2090406@anymore.nl> <466D42C4.1000500@ecs.soton.ac.uk> Message-ID: <466D4AA3.1060900@anymore.nl> My MailScanner.conf is quite customized, but is there a specific line I should change for that? The Custom Functions aren't used at all. Thanks, Arjan Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > The only time this is done is in the startup code if your > MailScanner.conf hasn't been customised. > Oh, and one of the sample Custom Functions use it. > So I would check your Custom Functions. > > Arjan Schrijver wrote: > >> Hi list, >> >> Ever since we installed MailScanner 4.60.8.1, our auth.log has been >> flooded with su's from root to nobody. >> A little investigation told us that MailScanner was su'ing to user >> nobody for every mail, just to execute 'hostname --fqdn'. >> This is new in 4.60, since the old MailScanner installation didn't >> have the problem. >> Why was this done this way, and isn't there a more clean way to do it? >> >> Regards, >> Arjan >> > > Jules > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070611/b5640b4b/attachment.html From mwilson at cobasys.com Mon Jun 11 14:23:19 2007 From: mwilson at cobasys.com (Mike Wilson) Date: Mon Jun 11 14:23:25 2007 Subject: Exchange Conversion In-Reply-To: <012801c7ac22$d222a5a0$6102a8c0@salemcorp.com> Message-ID: <2C7100720056A2408E0DC6795A5CDF0A0316AC2A@COBS-EXCH-01.texaco.ovonic> HEY, finally something I can contribute on :-) ------------------------------------------------------------------------ ----------------------------------------- Question 1 How to set up Mailscanner for pre-process inbound mail to Exchange. I am currently using MailScanner as a MailScanner-Relay for MS-Exchange. Basically I have MailScanner setup on a box that has 2 ethernet ports, 1 inside & 1 outside for this example, my Exchange server is 10.1.1.15, MailScanner-Relay Inside address is 10.1.1.14, outside address is "1.1.1.2" the term "mydomain.com" is of course your email domain name Setup Default Route on your MailScanner-Relay server to use the "Outside" Ethernet Card "Inside" address is connected to local LAN with Exchange Server on it During base setup, besure to give a FQDN to your server eg: relay.mydomain.com Be ready to create or have created the proper DNS records, Host, PTR, MX, etc have them set & pointed to the Outside IP Address Setup MailScanner as basic as possible with no postfix or other mail options, then set the following entries... * In the /etc/mail/mailertable I have the following 2 entries: * mydomain.com smtp:[10.1.1.15] * .mydomain.com smtp:[10.1.1.15] * In the /etc/mail/access I have the following 2 entries: * 10.1.1.15 RELAY * To:mydomain.com RELAY In the Exchange system, I have pointed all outbound email to the "Inside" address of the MailScanner, this must be done in 2 areas Both in the Exchange Systems Manager (setting based on Exchange 2003, 2007 may have different locations to find the settings, but setting should be the same * First under Administrative Settings\Servers\UOURSERVERNAME\Protocols\SMTP\Default SMTP Virtual Server * Go To Properties, then to the Delivery Tab, Select the Advanced Button on the Lower right * Enter the Masquerade Domain as "mydomain.com" * Enter the Fully-Qualifies Domain as "exch.mydomain.com" * Enter the Smart-Host as "[10.1.1.14]" (be sure to use the [ ] around the IP address) * Second under Administrative Settings\Routing Groups\Connectios\"Your Default Connector Name" * Go to the Default Connectors' Properties, on the General tab Select * Foward All Mail through This Connector to the Following Smart Hosts * "[10.1.1.14]" (be sure to use the [ ] around the IP address) Question 2 Best way to convert Sendmail/Pop to exchange. All at once or little at a time? All at once in a way, cut over your MX records, then after each person empties the last of the email from the old server, put in thier new exchange server settings (your using MS Outlook as a Client I assume) Question 3 Any add on tools for exchange to make it run better like, reporting tools, database repair tools. See the MS Exchange 2003 Resource Kit, its has everything I found Useful. Also DoubleTake Replication Software (if your setting up a Standby Exchange System) Question 4 Anything on how to set up a exchange server "Best Practices" Several Books are your there, I havent found 1 that was more useful than this one Microsoft Exchange Server 2003 Administrator's Companion by Walter J Glenn/Microsoft Press ISBN# 0-7356-1979-4 (I believe) This should get you up & going for your exchange system Feel free to contact me with any other specific questions Mike Wilson ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Phil Udel Sent: Monday, June 11, 2007 8:20 AM To: mailscanner@lists.mailscanner.info Subject: Exchange Conversion Hi Everyone. I know this is way off topic, but having used mailscanner for many years I have come to value your options and insight. Anyway, I found out last Friday that management has deemed it necessary to convert from our CentOS sendmail/pop server to Exchange on Winblows. I have about 250 mail boxes that I will need to convert and I would still like to you mailscanner to pre-process all internet mail inbound going to Exchange. I know that some of you have gone through this conversion, and since I am on my own to learn Exchange and windows at the same time. I was hoping I could get some. "This is the best way to do it" documents. Any help on the following topics would be greatly appreciated: 1) How to set up Mailscanner for pre-process inbound mail to Exchange. 2) Best way to convert Sendmail/Pop to exchange. All at once or little at a time? 3) Any add on tools for exchange to make it run better like, reporting tools, database repair tools. 4) Anything on how to set up a exchange server "Best Practices" They want me to order hardware this week. Lol. I told them I have a little reading to do first. So any help I can get from you guys would be really helpful Thanks in advance. Phil PS Currently I think I spent maybe $3k on the server I am running now, Exchange has priced out over $50K so far. LOL -- This message has been scanned for viruses and dangerous content by MailScanner Relay-B , and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner Relay-B, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070611/69a868b3/attachment.html From rcooper at dwford.com Mon Jun 11 14:25:17 2007 From: rcooper at dwford.com (Rick Cooper) Date: Mon Jun 11 14:25:26 2007 Subject: AVG Antivirus scanner problem In-Reply-To: <016c01c7ac2a$039886c0$8c007f0a@epctech.com> References: <0ba901c7ab80$8ef76510$0301a8c0@SAHOMELT> <016c01c7ac2a$039886c0$8c007f0a@epctech.com> Message-ID: <0d0901c7ac2b$f4356660$0301a8c0@SAHOMELT> It would keep MailScanner from recognizing it at all. MS looks for specific expressions from each scanner and in the case of AVG it appears it only looks for virus found (now) and the latest avgscan outputs virus identified, so MailScanner ignores the line. I assume Julian is looking at what I sent last night and if he agrees with the additonal changes I listed you should get another patch. Either way it should be fixed soon. You could try appling the patch he sent last night, IIRC the other stuff only affected the logging and not the parsing. Rick _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Chuck Rock Sent: Monday, June 11, 2007 9:11 AM To: 'MailScanner discussion' Subject: RE: AVG Antivirus scanner problem This would keep it from removing the virus from a message or just reporting it? I have sent the buggabear virus and also .scr file virus through and it passed them on to the next hop intact. Chuck _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rick Cooper Sent: Sunday, June 10, 2007 11:58 AM To: 'MailScanner discussion' Subject: RE: AVG Antivirus scanner problem I do, there was a patch applied to the parser sometime in the past and it no longer recognizes "identified" only "found". I plan to release a patch to the avg scanner soon Rick Cooper _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Chuck Rock Sent: Saturday, June 09, 2007 11:54 PM To: mailscanner@lists.mailscanner.info Subject: AVG Antivirus scanner problem Is anyone using avgscan with MailScanner? I have FreeBSD, sendmail, MailScanner and I just downloaded a trial of AVG for Servers for FreeBSD. It does not appear to detect any viruses though. I ran Eicar and actual virus E-mails through it and all pass without any hesitation. I tried running the avgscan on the queue directory and it doesn't find anything wrong like that either. Does anyone have any idea why it isn't working? I installed F-Protect on another server like this, and it seems to work as expected, but seems a bit pricey in comparison. Thanks, Chuck -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070611/54f4cec4/attachment.html From rcooper at dwford.com Mon Jun 11 14:37:33 2007 From: rcooper at dwford.com (Rick Cooper) Date: Mon Jun 11 14:37:40 2007 Subject: AVG Antivirus scanner problem In-Reply-To: <0bcc01c7ab88$9abc4480$0301a8c0@SAHOMELT> References: <062201c7ab13$0b0e8de0$8c007f0a@epctech.com><0ba901c7ab80$8ef76510$0301a8c0@SAHOMELT><466C361F.2090905@ecs.soton.ac.uk> <0bcc01c7ab88$9abc4480$0301a8c0@SAHOMELT> Message-ID: <0d1a01c7ac2d$aaf6b830$0301a8c0@SAHOMELT> >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rick >> Cooper Sent: Sunday, June 10, 2007 1:56 PM To: 'MailScanner >> discussion' Subject: RE: AVG Antivirus scanner problem >> There was also an issue with the correct parsing of the virus if IIRC >> and the logout line was very unfriendly to MailWatch. >> I added $line =~ s/^(.+)(?:\s{1,}\(.+\))$/$1/; below $line =~ >> s/[\r\n]//g; to remove the new(?) (+2) junk at the end of found lines >> I changed my $virus = $1; to my $virus = $line; and added $virus =~ >> s/^.+\s+(.+?)$/$1/; because all of my log lines showed virus to be >> blank (found virus in file), and I also modifed the logout >> information to >> my $logout = $line; $logout =~ s/\s{2,}/ /gs; $logout =~ s/:./->/; >> $logout =~ /^.+\/(.+?)\s{1,}(.+)\s{0,}$/; MailScanner::Log::InfoLog >> ("Avg: %s in %s", $2,$1); >> so it would be easy for MailWatch to get the virus and file name >> (seemed to be backward from the regex I think). >> That brings me to a question I was going to ask next week. How about >> standardizing the virus found log messages? I look through the >> MailWatch code and every time something is added to MailScanner they >> would have to re-write the section that handles logging the virus and >> filename regex. If there was a standard logout put such as >> Scanner::ScannerName VIRUS_NAME Found In FILE_NAME then MailWatch >> (and other utlities) could easily parse the scanner, the virus name >> and the file. >> The MailWatch clamd, avg and panda support all need updated. >> What do you think? >> Rick There was something else I noticed. If you have the same file in two archives (I believe that was the trigger) MailScanner repeated the report so you got a report something like Scanner AVG: test_eicar_file was found in test.rar test_eircar_file was found in test.rar So also made the following change: $part =~ s/\t.*$//; $part =~ s/=\>.*$//; #print STDERR "id:$id:part = $part\n"; #print STDERR "$Name : Found virus $virus in file $part ID:$id\n"; - $infections->{$id}{$part} .= $Name . ': ' if $Name; - $infections->{$id}{$part} .= "Found virus $virus in file $part\n"; - $types->{$id}{$part} .= "v"; # so we know what to tell sender + # If avg finds both the archive and file to be infected and the file + # exists in more than one (because of SafeName) archive the archive is + # reported twice so check and make sure the archive is only reported once + my $Report = $Name . ': ' if $Name; + $Report .= "Found virus $virus in file $part"; + $infections->{$id}{$part} .= "$Report\n" unless $infections->{$id}{$part} =~ /$Report/si; + $types->{$id}{$part} .= "v" unless $types->{$id}{$part}; # so we know what to tell sender [...] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Mon Jun 11 14:41:49 2007 From: alex at nkpanama.com (Alex Neuman) Date: Mon Jun 11 14:42:31 2007 Subject: Exchange Conversion In-Reply-To: <2C7100720056A2408E0DC6795A5CDF0A0316AC2A@COBS-EXCH-01.texaco.ovonic> References: <2C7100720056A2408E0DC6795A5CDF0A0316AC2A@COBS-EXCH-01.texaco.ovonic> Message-ID: <466D511D.6030900@nkpanama.com> Mike Wilson wrote: > HEY, finally something I can contribute on :-) This is one way of doing it. You should, however, make sure you don't accept mail to nonexistent users. Look into using LDAP if your user base is big and/or dynamic, or create entries like To:alice@mydomain.com OK To:bob@mydomain.com OK mydomain.com 571 User unknown in your /etc/mail/access file. Oh, and try to get your outgoing server to authenticate if possible instead of adding a blanket "RELAY" - otherwise if your M-Sexchange computer becomes a spambot it'll bog down your MailScanner box. You can also just send all your mail to the exchange server instead of waiting for people to get it. Tell your machine that it isn't your company's mailserver anymore by taking away the "mydomain.com" that's in your /etc/mail/local-host-names and then go to /var/spool/mail and do the following (after creating *all* the users on the exchange box): for a in *; do formail -s sendmail $a@mydomain.com < $a; done If you want to do it manually, what you basically need to do is run "formail -s sendmail alice@mydomain.com" with the contents of /var/spool/mail/alice so that formail turns it into something the sendmail executable can then feed to your exchange box. It's the same as: cat /var/spool/mail/alice | formail -s sendmail alice@mydomain.com I'm sure everyone else can chip in with their own condolences and/or tips... From j.ede at birchenallhowden.co.uk Mon Jun 11 14:43:22 2007 From: j.ede at birchenallhowden.co.uk (Jason Ede) Date: Mon Jun 11 14:45:50 2007 Subject: Exchange Conversion In-Reply-To: <2C7100720056A2408E0DC6795A5CDF0A0316AC2A@COBS-EXCH-01.texaco.ovonic> References: <012801c7ac22$d222a5a0$6102a8c0@salemcorp.com>, <2C7100720056A2408E0DC6795A5CDF0A0316AC2A@COBS-EXCH-01.texaco.ovonic> Message-ID: ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mike Wilson [mwilson@cobasys.com] Sent: 11 June 2007 14:23 To: MailScanner discussion Subject: RE: Exchange Conversion HEY, finally something I can contribute on :-) ----------------------------------------------------------------------------------------------------------------- Question 1 How to set up Mailscanner for pre-process inbound mail to Exchange. I am currently using MailScanner as a MailScanner-Relay for MS-Exchange. Basically I have MailScanner setup on a box that has 2 ethernet ports, 1 inside & 1 outside for this example, my Exchange server is 10.1.1.15, MailScanner-Relay Inside address is 10.1.1.14, outside address is "1.1.1.2" the term "mydomain.com" is of course your email domain name Setup Default Route on your MailScanner-Relay server to use the "Outside" Ethernet Card "Inside" address is connected to local LAN with Exchange Server on it During base setup, besure to give a FQDN to your server eg: relay.mydomain.com Be ready to create or have created the proper DNS records, Host, PTR, MX, etc have them set & pointed to the Outside IP Address Setup MailScanner as basic as possible with no postfix or other mail options, then set the following entries... * In the /etc/mail/mailertable I have the following 2 entries: * mydomain.com smtp:[10.1.1.15] * .mydomain.com smtp:[10.1.1.15] * In the /etc/mail/access I have the following 2 entries: * 10.1.1.15 RELAY * To:mydomain.com RELAY [Snip] Although if you want to cut down on your work on the MailScanner box its best to have postfix or sendmail or whatever running with some decent reject rules and maybe use spamhaus and/or spamcop lists... The spamhaus list alone reduces the workload on our servers by 75% ----------------------------------------------------------- The information in this e-mail and any attachments is confidential. It is intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, or person responsible for delivering this information to the intended recipient, please notify the sender or email postmaster@birchenallhowden.co.uk and delete it from your computer systems. Unless you are the intended recipient or his/her representative you are not authorised to, and must not, read, copy, distribute, use or retain this message or any part of it. All messages are scanned by Mailscanner and are believed to be clean. Recipients are advised to apply their own virus checks to any message on delivery. No liability is accepted by BirchenallHowden Ltd for any losses caused by viruses contracted during transit over the internet or present in any receiving system. BirchenallHowden Ltd, 233 Edmund Road, Sheffield, S2 4EL -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070611/3c7641f7/attachment.html From steve.freegard at fsl.com Mon Jun 11 15:00:51 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Mon Jun 11 15:00:51 2007 Subject: AVG Antivirus scanner problem In-Reply-To: <0bcc01c7ab88$9abc4480$0301a8c0@SAHOMELT> References: <062201c7ab13$0b0e8de0$8c007f0a@epctech.com><0ba901c7ab80$8ef76510$0301a8c0@SAHOMELT> <466C361F.2090905@ecs.soton.ac.uk> <0bcc01c7ab88$9abc4480$0301a8c0@SAHOMELT> Message-ID: <466D5593.2090700@fsl.com> [Resent from different account as my original didn't seem to make the list last nigh...] Hi Rick, Rick Cooper wrote: > That brings me to a question I was going to ask next week. How about > standardizing the virus found log messages? I look through the MailWatch > code and every time something is added to MailScanner they would have to > re-write the section that handles logging the virus and filename regex. > If there was a standard logout put such as > Scanner::ScannerName VIRUS_NAME Found In FILE_NAME > then MailWatch (and other utlities) could easily parse the scanner, the > virus name and the file. > You raise a really good point here. I've recently made a start on the virus reporting for MailWatch 2.0 and the 'auto' functionality has now made this much harder for MailWatch to accurately report statistics per virus scanner, having consistent reports would therefore make this far easier. In the next released version of MailWatch - I wanted to avoid having to have regexps for the virus scanners and this would solve the problem for me. I would actually have liked to have taken this a step further and have an attachments structure as part of the Message object that records each attachment found by MailScanner on every message containing the name, filetype, and if any viruses found within it etc. If the above were done, and the filetype command was modifed to use 'file -i' instead of plain 'file', then MailWatch 2.0 would be able to report on attachments by MIME type also. Cheers, Steve. From MailScanner at ecs.soton.ac.uk Mon Jun 11 15:12:53 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 11 15:14:41 2007 Subject: AVG Antivirus scanner problem In-Reply-To: <0d1a01c7ac2d$aaf6b830$0301a8c0@SAHOMELT> References: <062201c7ab13$0b0e8de0$8c007f0a@epctech.com><0ba901c7ab80$8ef76510$0301a8c0@SAHOMELT><466C361F.2090905@ecs.soton.ac.uk> <0bcc01c7ab88$9abc4480$0301a8c0@SAHOMELT> <0d1a01c7ac2d$aaf6b830$0301a8c0@SAHOMELT> Message-ID: <466D5865.2020201@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070611/3462f04a/PGP-0001.bin From mkercher at nfsmith.com Mon Jun 11 15:15:48 2007 From: mkercher at nfsmith.com (Mike Kercher) Date: Mon Jun 11 15:15:53 2007 Subject: smf-sav causing problems with other networks? References: <4669B4C0.3060204@jfworks.net> Message-ID: <6DEF8ABC1767C045B91F42066D36358E1274E8@HOUPEX01.nfsmith.info> James <> wrote on Friday, June 08, 2007 2:58 PM: : Hello, : : After getting a call from a customer, I went to try to validate the : email address @verizon.net with my favorite tool, sav I got : this nice message: : : sav @verizon.net : SAV v1.3.0 (C) 2005, 2006 by Eugene Kurmanin - http://smfs.sf.net/ : verizon.net is handled (pri=0): relay.verizon.net Connecting to: : relay.verizon.net. : Connected to: relay.verizon.net. : <<< 571 Email from x.X.x.X is currently blocked by Verizon Online's : anti-spam system. The email sender or Email Service Provider may : visit http://www.verizon.net/whitelist and request removal of the : block. >>> RSET : lorimor@verizon.net: Sender address verification failed. : : : The only thing this server sends out to a connecting mail server is : the sender address verification (aside from "normal" communication) : so maybe all those folks who are/were against this type of method : have won. Being the small kid on the block we will always have to : bend to these larger companies with millions of customers. : : : I can't confirm that its smf-sav causing the problem, but its the : first thing that comes to mind. Of course there is no way to actually : call and talk to someone about this to figure it out. "the worlds : largest network - not answering calls?" The one tech I was able to : get in touch with has "no way to contact anyone about the issue". : Makes me think of those commercials and all those people... nice : network there : : Has anyone else run into this with verizon specifically? : : Seems Im having to give up my tools. : : James I had the same exact problem last week with Verizon. Although I use milter-sender, the end result was the same. I had to go through the motions of getting whitelisted with Verizon. -Mike ______________________ ROFL:ROFL:ROFL:ROFL __^__ L __/ []\ LOL===_ \ L \________] I I -------/ From paul.hutchings at mira.co.uk Mon Jun 11 16:36:46 2007 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Mon Jun 11 16:36:57 2007 Subject: Zipping of attachments? Message-ID: Just wondered how people are getting on with this? It's a very nice feature, and I don't mean this to sound disrespectful but (only because it seems to be a feature that "arrived overnight" is anyone using it in a production environment? TIA, Paul Paul Hutchings Network Administrator, MIRA Ltd. Tel: 44 (0)24 7635 5378 Fax: 44 (0)24 7635 8378 mailto:paul.hutchings@mira.co.uk -- MIRA Ltd. Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070611/725cc544/attachment.html From martinh at solidstatelogic.com Mon Jun 11 16:49:33 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Jun 11 16:49:49 2007 Subject: Zipping of attachments? In-Reply-To: Message-ID: <3708ca5b4e350045aa181648cbbb75b6@solidstatelogic.com> Yup Hence why we found a couple of problems. Use the latest beta if you want to use this... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Paul Hutchings > Sent: 11 June 2007 16:37 > To: MailScanner discussion > Subject: Zipping of attachments? > > Just wondered how people are getting on with this? > > > > It's a very nice feature, and I don't mean this to sound disrespectful but > (only because it seems to be a feature that "arrived overnight" is anyone > using it in a production environment? > > > > TIA, > > Paul > > > > Paul Hutchings > > Network Administrator, MIRA Ltd. > > Tel: 44 (0)24 7635 5378 > > Fax: 44 (0)24 7635 8378 > > mailto:paul.hutchings@mira.co.uk > > > > ________________________________ > > MIRA Ltd. > Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. > Registered in England No. 402570 > VAT Registration GB 114 5409 96 > > The contents of this e-mail are confidential and are solely for the use of > the intended recipient. > If you receive this e-mail in error, please delete it and notify us either > by e-mail, telephone or fax. > You should not copy, forward or otherwise disclose the content of the e- > mail as this is prohibited. ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From ryanw at falsehope.com Mon Jun 11 17:41:51 2007 From: ryanw at falsehope.com (Ryan Weaver) Date: Mon Jun 11 17:44:46 2007 Subject: MailScanner, ClamAV, and Sanesecurity In-Reply-To: <1181255740.23153.24.camel@csmdv.axint.net> References: <004f01c7a927$af2a6b80$0d7f4280$@com> <1181255740.23153.24.camel@csmdv.axint.net> Message-ID: <000c01c7ac47$6d8a63b0$489f2b10$@com> Chris Stone Wrote on Thursday, June 07, 2007 5:36 PM > > On Thu, 2007-06-07 at 12:17 -0500, Ryan Weaver wrote: > > I've started using the Sanesecurity signatures that have been mentioned on > > the list. I also use Vispan for its reporting and blocking features. > > > > The problem I have run into is that in the maillog, when the Sanesecurity > > signatures are matched the following is the output: > > > > Jun 7 12:07:30 c01 MailScanner[7634]: Infected message > > l57H05nK007460.header came from > > Jun 7 12:07:30 c01 MailScanner[7634]: Infected message > > l57H19sG007620.header came from > > Not picked up by MailWatch.pm and shown as viruses in MailWatch either. > I only note it though for the Email.Hdr.Sanesecurity* signatures - all > the rest report just fine, just not these - e.g.: > > Jun 7 16:32:49 smtp1 MailScanner[5919]: /var/spool/MailScanner/incoming/5919/./l57MWISF012136.header: Email.Hdr.Sanesecurity.07012400 FOUND > Jun 7 16:32:50 smtp1 MailScanner[5919]: Virus Scanning: ClamAV found 1 infections > Jun 7 16:32:51 smtp1 MailScanner[5919]: Infected message l57MWISF012136.header came from > Jun 7 16:32:51 smtp1 MailScanner[5919]: Virus Scanning: Found 1 viruses > Jun 7 16:32:51 smtp1 MailScanner[5919]: Logging message l57MWISF012136 to SQL > Jun 7 16:32:51 smtp1 MailScanner[6700]: l57MWISF012136: Logged to MailWatch SQL > > And even though MailWatch is logged as adding to SQL, when I look in the > database table, the message is not logged....... Anyone have any ideas about this ?? Thanks, Ryan From paul.hutchings at mira.co.uk Mon Jun 11 17:55:40 2007 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Mon Jun 11 17:55:47 2007 Subject: Exchange Conversion References: <012801c7ac22$d222a5a0$6102a8c0@salemcorp.com> Message-ID: I can't really comment on the sendmail specifics as we use Postfix, but in general the idea should be to have your external MX record continue to point to the MailScanner/MTA box and have your internal Exchange server use the box as a smarthost for outbound mail. What I do is to have as many SMTP level checks as possible done by Postfix before accepting the message (i.e. RBL/Greylisting/RFC & Format violations), and then what's left gets put through MailScanner and is then relayed on to the Exchange box. Outbound mail from our specific IPs is always accepted by the Postfix box, and we have some checks done by MailScanner i.e. Virus checks but others are skipped i.e. Spam checks. Postfix can pull a list of valid recipients from Active Directory so you only need accept mail to valid addresses, not sure if Sendmail can do this but I would be surprised if not? I know I keep mentioning Postfix, but what I do isn't really MTA specific I'd expect you can do the same with Sendmail. As for Exchange, so long as you buy good, solid proven hardware and configure it to best practices and ensure you back it up using an Exchange Aware backup program you should have few problems - the main things to check are that you are doing an "online" backup, that Circular logging is disabled, and that you have a sensible deleted item retention period setup. Paul Hutchings Network Administrator, MIRA Ltd. Tel: 44 (0)24 7635 5378 Fax: 44 (0)24 7635 8378 mailto:paul.hutchings@mira.co.uk From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Phil Udel Sent: 11 June 2007 13:20 To: mailscanner@lists.mailscanner.info Subject: Exchange Conversion Hi Everyone. I know this is way off topic, but having used mailscanner for many years I have come to value your options and insight. Anyway, I found out last Friday that management has deemed it necessary to convert from our CentOS sendmail/pop server to Exchange on Winblows. I have about 250 mail boxes that I will need to convert and I would still like to you mailscanner to pre-process all internet mail inbound going to Exchange. I know that some of you have gone through this conversion, and since I am on my own to learn Exchange and windows at the same time. I was hoping I could get some. "This is the best way to do it" documents. Any help on the following topics would be greatly appreciated: 1) How to set up Mailscanner for pre-process inbound mail to Exchange. 2) Best way to convert Sendmail/Pop to exchange. All at once or little at a time? 3) Any add on tools for exchange to make it run better like, reporting tools, database repair tools. 4) Anything on how to set up a exchange server "Best Practices" They want me to order hardware this week. Lol. I told them I have a little reading to do first. So any help I can get from you guys would be really helpful Thanks in advance. Phil PS Currently I think I spent maybe $3k on the server I am running now, Exchange has priced out over $50K so far. LOL -- MIRA Ltd. Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070611/2bc6b232/attachment.html From rcooper at dwford.com Mon Jun 11 18:14:25 2007 From: rcooper at dwford.com (Rick Cooper) Date: Mon Jun 11 18:14:32 2007 Subject: AVG Antivirus scanner problem In-Reply-To: <466D5865.2020201@ecs.soton.ac.uk> References: <062201c7ab13$0b0e8de0$8c007f0a@epctech.com><0ba901c7ab80$8ef76510$0301a8c0@SAHOMELT><466C361F.2090905@ecs.soton.ac.uk> <0bcc01c7ab88$9abc4480$0301a8c0@SAHOMELT><0d1a01c7ac2d$aaf6b830$0301a8c0@SAHOMELT> <466D5865.2020201@ecs.soton.ac.uk> Message-ID: <004d01c7ac4b$f6b12e40$0301a8c0@SAHOMELT> _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Monday, June 11, 2007 10:13 AM To: MailScanner discussion Subject: Re: AVG Antivirus scanner problem Can you send me a single patch including all your proposed changes (patch against the SweepViruses.pm including the patch I posted last night) so I can see what you're doing. And don't forget to quotemeta the $Report before you // for it! [Rick Cooper] I can and I did (forget to quotemeta). I was getting ready to make the patch and it occured to me that current avgscan supports trapping password protected files in archives. Should that be enabled depending on the setting for "Allow Password-Protected Archives"? If so the scanner options need changing and the parser needs to be updated to catch the "Contains password-protected files" string. Or would you prefer to catch them in the upack function only and not bother with the scanner(s) checking as well? Rick Cooper wrote: From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rick Cooper Sent: Sunday, June 10, 2007 1:56 PM To: 'MailScanner discussion' Subject: RE: AVG Antivirus scanner problem There was also an issue with the correct parsing of the virus if IIRC and the logout line was very unfriendly to MailWatch. I added $line =~ s/^(.+)(?:\s{1,}\(.+\))$/$1/; below $line =~ s/[\r\n]//g; to remove the new(?) (+2) junk at the end of found lines I changed my $virus = $1; to my $virus = $line; and added $virus =~ s/^.+\s+(.+?)$/$1/; because all of my log lines showed virus to be blank (found virus in file), and I also modifed the logout information to my $logout = $line; $logout =~ s/\s{2,}/ /gs; $logout =~ s/:./->/; $logout =~ /^.+\/(.+?)\s{1,}(.+)\s{0,}$/; MailScanner::Log::InfoLog ("Avg: %s in %s", $2,$1); so it would be easy for MailWatch to get the virus and file name (seemed to be backward from the regex I think). That brings me to a question I was going to ask next week. How about standardizing the virus found log messages? I look through the MailWatch code and every time something is added to MailScanner they would have to re-write the section that handles logging the virus and filename regex. If there was a standard logout put such as Scanner::ScannerName VIRUS_NAME Found In FILE_NAME then MailWatch (and other utlities) could easily parse the scanner, the virus name and the file. The MailWatch clamd, avg and panda support all need updated. What do you think? Rick There was something else I noticed. If you have the same file in two archives (I believe that was the trigger) MailScanner repeated the report so you got a report something like Scanner AVG: test_eicar_file was found in test.rar test_eircar_file was found in test.rar So also made the following change: $part =~ s/\t.*$//; $part =~ s/=\>.*$//; #print STDERR "id:$id:part = $part\n"; #print STDERR "$Name : Found virus $virus in file $part ID:$id\n"; - $infections->{$id}{$part} .= $Name . ': ' if $Name; - $infections->{$id}{$part} .= "Found virus $virus in file $part\n"; - $types->{$id}{$part} .= "v"; # so we know what to tell sender + # If avg finds both the archive and file to be infected and the file + # exists in more than one (because of SafeName) archive the archive is + # reported twice so check and make sure the archive is only reported once + my $Report = $Name . ': ' if $Name; + $Report .= "Found virus $virus in file $part"; + $infections->{$id}{$part} .= "$Report\n" unless $infections->{$id}{$part} =~ /$Report/si; + $types->{$id}{$part} .= "v" unless $types->{$id}{$part}; # so we know what to tell sender [...] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070611/7d0424c0/attachment.html From dominian at slackadelic.com Mon Jun 11 18:27:09 2007 From: dominian at slackadelic.com (Matt Hayes) Date: Mon Jun 11 18:27:20 2007 Subject: Zipping of attachments? In-Reply-To: References: Message-ID: <466D85ED.9040105@slackadelic.com> Paul Hutchings wrote: > Just wondered how people are getting on with this? > > > > It?s a very nice feature, and I don?t mean this to sound disrespectful > but (only because it seems to be a feature that ?arrived overnight? is > anyone using it in a production environment? > > > I'm using it.. Works great. -Matt From steve at swanseahost.co.uk Mon Jun 11 19:19:12 2007 From: steve at swanseahost.co.uk (steve@swanseahost.co.uk) Date: Mon Jun 11 19:19:17 2007 Subject: Mailscanner / Mailwatch Frontend Message-ID: <380-220076111181912375@M2W004.mail2web.com> Hi there, Could someone please tell me if it is possible to create a frontend for MailWatch/Mailscanner. I would like to have an admin interface where domains and mailservers could be added without the need to edit /etc/localdomains for email scanning that is not hosted on my server. Also give the client access to the spam settings, aliases and messages on the bottom. Thanks Steve James -------------------------------------------------------------------- mail2web.com - Microsoft? Exchange solutions from a leading provider - http://link.mail2web.com/Business/Exchange From MailScanner at ecs.soton.ac.uk Mon Jun 11 20:14:24 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 11 20:17:28 2007 Subject: AVG Antivirus scanner problem In-Reply-To: <004d01c7ac4b$f6b12e40$0301a8c0@SAHOMELT> References: <062201c7ab13$0b0e8de0$8c007f0a@epctech.com><0ba901c7ab80$8ef76510$0301a8c0@SAHOMELT><466C361F.2090905@ecs.soton.ac.uk> <0bcc01c7ab88$9abc4480$0301a8c0@SAHOMELT><0d1a01c7ac2d$aaf6b830$0301a8c0@SAHOMELT> <466D5865.2020201@ecs.soton.ac.uk> <004d01c7ac4b$f6b12e40$0301a8c0@SAHOMELT> Message-ID: <466D9F10.4000802@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070611/05484870/PGP.bin From rpoe at plattesheriff.org Mon Jun 11 20:39:08 2007 From: rpoe at plattesheriff.org (Rob Poe) Date: Mon Jun 11 20:40:57 2007 Subject: High ClamScan ... Message-ID: <466D5E96.65ED.00A2.0@plattesheriff.org> >From Top 30174 clam 25 0 26352 25M 1100 R 25.9 1.0 0:07 0 clamscan 30142 clam 25 0 27044 26M 1100 R 25.5 1.0 0:19 0 clamscan 30387 clam 25 0 13936 13M 1096 R 21.1 0.5 0:01 0 clamscan 30128 clam 25 0 27488 26M 1100 R 19.9 1.0 0:30 0 clamscan load average: 6.86, 4.74, 3.31 Centos 3.x, Dual Xeon 2.8 /w 2.5 gigs of ram/HP Proliand DL380G3 /w hardware RAID 1 (SCSI 10k drives) What gives? Is there a better way to do this? Seems that clamscan is tooo freaking slow any more.. Another box: 16842 clam 25 0 18260 13m 1204 R 99 0.6 0:29.65 clamscan 17024 clam 25 0 12100 6696 1204 R 92 0.3 0:06.72 clamscan 16884 clam 25 0 19416 12m 1204 R 72 0.6 0:23.79 clamscan 17050 clam 25 0 6808 2276 1044 R 54 0.1 0:01.95 clamscan load average: 5.01, 3.86, 3.43 Centos 4.x, dual 2.8 xeon, 2g ram, dual SATA on a 3Ware controller These aren't slow boxes .. but Clam is killing them.. From rpoe at plattesheriff.org Mon Jun 11 20:45:47 2007 From: rpoe at plattesheriff.org (Rob Poe) Date: Mon Jun 11 20:47:14 2007 Subject: Off topic - Slow batch processing In-Reply-To: <223f97700704270531m2b8599e0nec2d0313b3f3ea8d@mail.gmail.com> References: <1E293D3FF63A3740B10AD5AAD88535D204CD36CC@UBIMAIL1.ubisoft.org> <223f97700704270531m2b8599e0nec2d0313b3f3ea8d@mail.gmail.com> Message-ID: <466D6024.65ED.00A2.0@plattesheriff.org> > > Many diagnostics were run and metrics were gathered. For some >reason, the CPU would spike about 30 minutes after everybody left for >the day, and wouldn't drop again until the first people came back the >next morning. Oddly enough, it seemed to exhibit this behaviour ALL >day on Sunday as well! > > Has anybody guessed what it is yet? :) That's right - it was the >Windows "pipes" screensaver. Somebody had turned on the maximum >number of joints, colours, and pipes; and it ate all of the CPU power just > to render the graphics when nobody was around. Had that exact thing happen. Delivered a "high end" (486-66) server to a client. They put it in but were complaining of slowness. When you'd go up to it and do a directory list, it was extremely fast. The computer next to it was ok. You'd get downstairs it would be fast, for a minute or two longer, then it would slow down. We'd get upstairs, cancel the screen saver, check the server, all was OK. I was just a snot nosed kid (so to speak) but I suggested to them it was the screensaver - to which the not-so-snot nosed guys told me it wasn't (and couldn't be). From MailScanner at ecs.soton.ac.uk Mon Jun 11 20:57:24 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 11 20:58:26 2007 Subject: High ClamScan ... In-Reply-To: <466D5E96.65ED.00A2.0@plattesheriff.org> References: <466D5E96.65ED.00A2.0@plattesheriff.org> Message-ID: <466DA924.4050701@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Use the clamavmodule or clamd scanners instead. You can install the clamavmodule as part of my ClamAV+SA easy-to-install package available from www.mailscanner.info. Or else get the clamd RPM from dag.wieers.com, start it up and tell MailScanner to use the clamd scanner. Rob Poe wrote: > >From Top > > 30174 clam 25 0 26352 25M 1100 R 25.9 1.0 0:07 0 clamscan > 30142 clam 25 0 27044 26M 1100 R 25.5 1.0 0:19 0 clamscan > 30387 clam 25 0 13936 13M 1096 R 21.1 0.5 0:01 0 clamscan > 30128 clam 25 0 27488 26M 1100 R 19.9 1.0 0:30 0 clamscan > > load average: 6.86, 4.74, 3.31 > > Centos 3.x, Dual Xeon 2.8 /w 2.5 gigs of ram/HP Proliand DL380G3 /w hardware RAID 1 (SCSI 10k drives) > > What gives? > > Is there a better way to do this? Seems that clamscan is tooo freaking slow any more.. > > Another box: > 16842 clam 25 0 18260 13m 1204 R 99 0.6 0:29.65 clamscan > 17024 clam 25 0 12100 6696 1204 R 92 0.3 0:06.72 clamscan > 16884 clam 25 0 19416 12m 1204 R 72 0.6 0:23.79 clamscan > 17050 clam 25 0 6808 2276 1044 R 54 0.1 0:01.95 clamscan > load average: 5.01, 3.86, 3.43 > Centos 4.x, dual 2.8 xeon, 2g ram, dual SATA on a 3Ware controller > > These aren't slow boxes .. but Clam is killing them.. > > > > > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGbakxEfZZRxQVtlQRAsquAJ9FEm1oxMON1iLouPQW/W7DAK2QqwCg+tNp rUuq2j3hIDh9YxjUsOlmhf8= =Dh3L -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From z at ziff.net Mon Jun 11 20:59:09 2007 From: z at ziff.net (Zivago Lee) Date: Mon Jun 11 20:59:14 2007 Subject: High ClamScan ... In-Reply-To: <466D5E96.65ED.00A2.0@plattesheriff.org> References: <466D5E96.65ED.00A2.0@plattesheriff.org> Message-ID: <41848.209.104.55.7.1181591949.squirrel@mail.ziff.net> > load average: 6.86, 4.74, 3.31 > > Centos 3.x, Dual Xeon 2.8 /w 2.5 gigs of ram/HP Proliand DL380G3 /w > hardware RAID 1 (SCSI 10k drives) > > What gives? > > Is there a better way to do this? Seems that clamscan is tooo freaking > slow any more.. > > Another box: > 16842 clam 25 0 18260 13m 1204 R 99 0.6 0:29.65 clamscan > 17024 clam 25 0 12100 6696 1204 R 92 0.3 0:06.72 clamscan > 16884 clam 25 0 19416 12m 1204 R 72 0.6 0:23.79 clamscan > 17050 clam 25 0 6808 2276 1044 R 54 0.1 0:01.95 clamscan > load average: 5.01, 3.86, 3.43 > Centos 4.x, dual 2.8 xeon, 2g ram, dual SATA on a 3Ware controller > > These aren't slow boxes .. but Clam is killing them.. Use clamdscan. Mucho faster. -- Zivago Lee z@ziff.net From ssilva at sgvwater.com Mon Jun 11 21:02:01 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jun 11 21:11:55 2007 Subject: High ClamScan ... In-Reply-To: <466D5E96.65ED.00A2.0@plattesheriff.org> References: <466D5E96.65ED.00A2.0@plattesheriff.org> Message-ID: Rob Poe spake the following on 6/11/2007 12:39 PM: >>From Top > > 30174 clam 25 0 26352 25M 1100 R 25.9 1.0 0:07 0 clamscan > 30142 clam 25 0 27044 26M 1100 R 25.5 1.0 0:19 0 clamscan > 30387 clam 25 0 13936 13M 1096 R 21.1 0.5 0:01 0 clamscan > 30128 clam 25 0 27488 26M 1100 R 19.9 1.0 0:30 0 clamscan > > load average: 6.86, 4.74, 3.31 > > Centos 3.x, Dual Xeon 2.8 /w 2.5 gigs of ram/HP Proliand DL380G3 /w hardware RAID 1 (SCSI 10k drives) > > What gives? > > Is there a better way to do this? Seems that clamscan is tooo freaking slow any more.. > > Another box: > 16842 clam 25 0 18260 13m 1204 R 99 0.6 0:29.65 clamscan > 17024 clam 25 0 12100 6696 1204 R 92 0.3 0:06.72 clamscan > 16884 clam 25 0 19416 12m 1204 R 72 0.6 0:23.79 clamscan > 17050 clam 25 0 6808 2276 1044 R 54 0.1 0:01.95 clamscan > load average: 5.01, 3.86, 3.43 > Centos 4.x, dual 2.8 xeon, 2g ram, dual SATA on a 3Ware controller > > These aren't slow boxes .. but Clam is killing them.. > Clamscan is the slowest and most ram-intensive scanning method. It has to load the signatures every batch, and as the signatures get larger, it will only be worse. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From campbell at cnpapers.com Mon Jun 11 21:17:57 2007 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Jun 11 21:18:06 2007 Subject: High ClamScan ... In-Reply-To: <466DA924.4050701@ecs.soton.ac.uk> References: <466D5E96.65ED.00A2.0@plattesheriff.org> <466DA924.4050701@ecs.soton.ac.uk> Message-ID: <466DADF5.8070603@cnpapers.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Use the clamavmodule or clamd scanners instead. > You can install the clamavmodule as part of my ClamAV+SA easy-to-install > package available from www.mailscanner.info. > Or else get the clamd RPM from dag.wieers.com, start it up and tell > MailScanner to use the clamd scanner. > I figured I'd give the clamavmodule a try, and see how it faired. I have always used Julians ClamAV+SA easy-to-install package and up til now, the clamscan stuff.. It is not clear to me, now, though, how to tell if I am really using the Perl module or not. Are there any hints? Thanks, Steve > Rob Poe wrote: > >> >From Top >> >> 30174 clam 25 0 26352 25M 1100 R 25.9 1.0 0:07 0 clamscan >> 30142 clam 25 0 27044 26M 1100 R 25.5 1.0 0:19 0 clamscan >> 30387 clam 25 0 13936 13M 1096 R 21.1 0.5 0:01 0 clamscan >> 30128 clam 25 0 27488 26M 1100 R 19.9 1.0 0:30 0 clamscan >> >> load average: 6.86, 4.74, 3.31 >> >> Centos 3.x, Dual Xeon 2.8 /w 2.5 gigs of ram/HP Proliand DL380G3 /w hardware RAID 1 (SCSI 10k drives) >> >> What gives? >> >> Is there a better way to do this? Seems that clamscan is tooo freaking slow any more.. >> >> Another box: >> 16842 clam 25 0 18260 13m 1204 R 99 0.6 0:29.65 clamscan >> 17024 clam 25 0 12100 6696 1204 R 92 0.3 0:06.72 clamscan >> 16884 clam 25 0 19416 12m 1204 R 72 0.6 0:23.79 clamscan >> 17050 clam 25 0 6808 2276 1044 R 54 0.1 0:01.95 clamscan >> load average: 5.01, 3.86, 3.43 >> Centos 4.x, dual 2.8 xeon, 2g ram, dual SATA on a 3Ware controller >> >> These aren't slow boxes .. but Clam is killing them.. >> >> >> >> >> >> >> > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.1 (Build 1012) > Charset: ISO-8859-1 > > wj8DBQFGbakxEfZZRxQVtlQRAsquAJ9FEm1oxMON1iLouPQW/W7DAK2QqwCg+tNp > rUuq2j3hIDh9YxjUsOlmhf8= > =Dh3L > -----END PGP SIGNATURE----- > > From MailScanner at ecs.soton.ac.uk Mon Jun 11 21:26:35 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 11 21:27:23 2007 Subject: High ClamScan ... In-Reply-To: <466DADF5.8070603@cnpapers.com> References: <466D5E96.65ED.00A2.0@plattesheriff.org> <466DA924.4050701@ecs.soton.ac.uk> <466DADF5.8070603@cnpapers.com> Message-ID: <466DAFFB.3080506@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Steve Campbell wrote: > > > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Use the clamavmodule or clamd scanners instead. >> You can install the clamavmodule as part of my ClamAV+SA >> easy-to-install package available from www.mailscanner.info. >> Or else get the clamd RPM from dag.wieers.com, start it up and tell >> MailScanner to use the clamd scanner. >> > > I figured I'd give the clamavmodule a try, and see how it faired. I > have always used Julians ClamAV+SA easy-to-install package and up til > now, the clamscan stuff.. It is not clear to me, now, though, how to > tell if I am really using the Perl module or not. > > Are there any hints? The log entries will have changed. Chuck it a copy of eicar (see www.eicar.org) and you'll see different log entries. Also the speed should give it away. > > Thanks, > > Steve >> Rob Poe wrote: >> >>> >From Top >>> >>> 30174 clam 25 0 26352 25M 1100 R 25.9 1.0 0:07 0 >>> clamscan >>> 30142 clam 25 0 27044 26M 1100 R 25.5 1.0 0:19 0 >>> clamscan >>> 30387 clam 25 0 13936 13M 1096 R 21.1 0.5 0:01 0 >>> clamscan >>> 30128 clam 25 0 27488 26M 1100 R 19.9 1.0 0:30 0 >>> clamscan >>> >>> load average: 6.86, 4.74, 3.31 >>> >>> Centos 3.x, Dual Xeon 2.8 /w 2.5 gigs of ram/HP Proliand DL380G3 /w >>> hardware RAID 1 (SCSI 10k drives) >>> >>> What gives? >>> >>> Is there a better way to do this? Seems that clamscan is tooo >>> freaking slow any more.. >>> >>> Another box: 16842 clam 25 0 18260 13m 1204 R 99 0.6 >>> 0:29.65 >>> clamscan >>> 17024 clam 25 0 12100 6696 1204 R 92 0.3 0:06.72 >>> clamscan >>> 16884 clam 25 0 19416 12m 1204 R 72 0.6 0:23.79 >>> clamscan >>> 17050 clam 25 0 6808 2276 1044 R 54 0.1 0:01.95 >>> clamscan load average: 5.01, 3.86, 3.43 >>> Centos 4.x, dual 2.8 xeon, 2g ram, dual SATA on a 3Ware controller >>> >>> These aren't slow boxes .. but Clam is killing them.. >>> >>> >>> >>> >>> >>> >> >> Jules >> >> - -- Julian Field MEng CITP >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> For all your IT requirements visit www.transtec.co.uk >> >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.6.1 (Build 1012) >> Charset: ISO-8859-1 >> >> wj8DBQFGbakxEfZZRxQVtlQRAsquAJ9FEm1oxMON1iLouPQW/W7DAK2QqwCg+tNp >> rUuq2j3hIDh9YxjUsOlmhf8= >> =Dh3L >> -----END PGP SIGNATURE----- >> >> > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGba/+EfZZRxQVtlQRAhZFAKD/LQFC1kju0KZXQtEyzLvdgLgmgwCg6Q54 5slWXXzEvXCpvZlFhWbg2wE= =gejR -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From campbell at cnpapers.com Mon Jun 11 21:44:13 2007 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Jun 11 21:44:21 2007 Subject: High ClamScan ... In-Reply-To: <466DAFFB.3080506@ecs.soton.ac.uk> References: <466D5E96.65ED.00A2.0@plattesheriff.org> <466DA924.4050701@ecs.soton.ac.uk> <466DADF5.8070603@cnpapers.com> <466DAFFB.3080506@ecs.soton.ac.uk> Message-ID: <466DB41D.7030408@cnpapers.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Steve Campbell wrote: > >> Julian Field wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Use the clamavmodule or clamd scanners instead. >>> You can install the clamavmodule as part of my ClamAV+SA >>> easy-to-install package available from www.mailscanner.info. >>> Or else get the clamd RPM from dag.wieers.com, start it up and tell >>> MailScanner to use the clamd scanner. >>> >>> >> I figured I'd give the clamavmodule a try, and see how it faired. I >> have always used Julians ClamAV+SA easy-to-install package and up til >> now, the clamscan stuff.. It is not clear to me, now, though, how to >> tell if I am really using the Perl module or not. >> >> Are there any hints? >> > The log entries will have changed. Chuck it a copy of eicar (see > www.eicar.org) and you'll see different log entries. Also the speed > should give it away. > The speed is definitely different, but getting the files from eicar.org to download, and sending them through to one of our servers here is no easy task. We have so much stuffing blocking everything, it's near impossible to send something like that. I used to use a site that would send me a virus with the signature only, but it doesn't exist anymore. I can wait, I guess and view the logwatch stuff. Thanks, (I know this was answered many times, so I appreciate the "niceness" also) Steve > >> Thanks, >> >> Steve >> >>> Rob Poe wrote: >>> >>> >>>> >From Top >>>> >>>> 30174 clam 25 0 26352 25M 1100 R 25.9 1.0 0:07 0 >>>> clamscan >>>> 30142 clam 25 0 27044 26M 1100 R 25.5 1.0 0:19 0 >>>> clamscan >>>> 30387 clam 25 0 13936 13M 1096 R 21.1 0.5 0:01 0 >>>> clamscan >>>> 30128 clam 25 0 27488 26M 1100 R 19.9 1.0 0:30 0 >>>> clamscan >>>> >>>> load average: 6.86, 4.74, 3.31 >>>> >>>> Centos 3.x, Dual Xeon 2.8 /w 2.5 gigs of ram/HP Proliand DL380G3 /w >>>> hardware RAID 1 (SCSI 10k drives) >>>> >>>> What gives? >>>> >>>> Is there a better way to do this? Seems that clamscan is tooo >>>> freaking slow any more.. >>>> >>>> Another box: 16842 clam 25 0 18260 13m 1204 R 99 0.6 >>>> 0:29.65 >>>> clamscan >>>> 17024 clam 25 0 12100 6696 1204 R 92 0.3 0:06.72 >>>> clamscan >>>> 16884 clam 25 0 19416 12m 1204 R 72 0.6 0:23.79 >>>> clamscan >>>> 17050 clam 25 0 6808 2276 1044 R 54 0.1 0:01.95 >>>> clamscan load average: 5.01, 3.86, 3.43 >>>> Centos 4.x, dual 2.8 xeon, 2g ram, dual SATA on a 3Ware controller >>>> >>>> These aren't slow boxes .. but Clam is killing them.. >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>> Jules >>> >>> - -- Julian Field MEng CITP >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> MailScanner customisation, or any advanced system administration help? >>> Contact me at Jules@Jules.FM >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> For all your IT requirements visit www.transtec.co.uk >>> >>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: PGP Desktop 9.6.1 (Build 1012) >>> Charset: ISO-8859-1 >>> >>> wj8DBQFGbakxEfZZRxQVtlQRAsquAJ9FEm1oxMON1iLouPQW/W7DAK2QqwCg+tNp >>> rUuq2j3hIDh9YxjUsOlmhf8= >>> =Dh3L >>> -----END PGP SIGNATURE----- >>> >>> >>> > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.1 (Build 1012) > Charset: ISO-8859-1 > > wj8DBQFGba/+EfZZRxQVtlQRAhZFAKD/LQFC1kju0KZXQtEyzLvdgLgmgwCg6Q54 > 5slWXXzEvXCpvZlFhWbg2wE= > =gejR > -----END PGP SIGNATURE----- > > From mkettler at evi-inc.com Mon Jun 11 22:06:21 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Jun 11 22:08:29 2007 Subject: High ClamScan ... In-Reply-To: <466DB41D.7030408@cnpapers.com> References: <466D5E96.65ED.00A2.0@plattesheriff.org> <466DA924.4050701@ecs.soton.ac.uk> <466DADF5.8070603@cnpapers.com> <466DAFFB.3080506@ecs.soton.ac.uk> <466DB41D.7030408@cnpapers.com> Message-ID: <466DB94D.3050803@evi-inc.com> > The speed is definitely different, but getting the files from eicar.org > to download, and sending them through to one of our servers here is no > easy task. We have so much stuffing blocking everything, it's near > impossible to send something like that. > > I used to use a site that would send me a virus with the signature only, > but it doesn't exist anymore. There's a few dozen websites at least that will send you an email with the EICAR file already built in. Much easier than downloading it and emailing it to yourself. http://www.google.com/search?hl=en&q=eicar+test+email&btnG=Search This page will do the email trick, and also has the signature itself in the middle of the text of the page, I tested the email feature and it is currently working: http://www.aleph-tec.com/eicar/index.php However lots of them are broken atm: info-techs is broken, seems to generate emails with empty (0 byte) attachments, which obviously are not detected. http://www.info-techs.com/eicar.shtml GFI seems to have stopped working, as it errors on submit: http://www.gfi.com/emailsecuritytest/ From carock at epconline.com Mon Jun 11 22:10:10 2007 From: carock at epconline.com (Chuck Rock) Date: Mon Jun 11 22:10:24 2007 Subject: High ClamScan ... In-Reply-To: <466DB41D.7030408@cnpapers.com> Message-ID: <02af01c7ac6c$e70ca700$8c007f0a@epctech.com> Try this place, it will send a test virus to your mail server. http://www.declude.com/Articles.asp?ID=99 Chuck -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Campbell Sent: Monday, June 11, 2007 3:44 PM To: MailScanner discussion Subject: Re: High ClamScan ... Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Steve Campbell wrote: > >> Julian Field wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Use the clamavmodule or clamd scanners instead. >>> You can install the clamavmodule as part of my ClamAV+SA >>> easy-to-install package available from www.mailscanner.info. >>> Or else get the clamd RPM from dag.wieers.com, start it up and tell >>> MailScanner to use the clamd scanner. >>> >>> >> I figured I'd give the clamavmodule a try, and see how it faired. I >> have always used Julians ClamAV+SA easy-to-install package and up til >> now, the clamscan stuff.. It is not clear to me, now, though, how to >> tell if I am really using the Perl module or not. >> >> Are there any hints? >> > The log entries will have changed. Chuck it a copy of eicar (see > www.eicar.org) and you'll see different log entries. Also the speed > should give it away. > The speed is definitely different, but getting the files from eicar.org to download, and sending them through to one of our servers here is no easy task. We have so much stuffing blocking everything, it's near impossible to send something like that. I used to use a site that would send me a virus with the signature only, but it doesn't exist anymore. I can wait, I guess and view the logwatch stuff. Thanks, (I know this was answered many times, so I appreciate the "niceness" also) Steve > >> Thanks, >> >> Steve >> >>> Rob Poe wrote: >>> >>> >>>> >From Top >>>> >>>> 30174 clam 25 0 26352 25M 1100 R 25.9 1.0 0:07 0 >>>> clamscan >>>> 30142 clam 25 0 27044 26M 1100 R 25.5 1.0 0:19 0 >>>> clamscan >>>> 30387 clam 25 0 13936 13M 1096 R 21.1 0.5 0:01 0 >>>> clamscan >>>> 30128 clam 25 0 27488 26M 1100 R 19.9 1.0 0:30 0 >>>> clamscan >>>> >>>> load average: 6.86, 4.74, 3.31 >>>> >>>> Centos 3.x, Dual Xeon 2.8 /w 2.5 gigs of ram/HP Proliand DL380G3 /w >>>> hardware RAID 1 (SCSI 10k drives) >>>> >>>> What gives? >>>> >>>> Is there a better way to do this? Seems that clamscan is tooo >>>> freaking slow any more.. >>>> >>>> Another box: 16842 clam 25 0 18260 13m 1204 R 99 0.6 >>>> 0:29.65 >>>> clamscan >>>> 17024 clam 25 0 12100 6696 1204 R 92 0.3 0:06.72 >>>> clamscan >>>> 16884 clam 25 0 19416 12m 1204 R 72 0.6 0:23.79 >>>> clamscan >>>> 17050 clam 25 0 6808 2276 1044 R 54 0.1 0:01.95 >>>> clamscan load average: 5.01, 3.86, 3.43 >>>> Centos 4.x, dual 2.8 xeon, 2g ram, dual SATA on a 3Ware controller >>>> >>>> These aren't slow boxes .. but Clam is killing them.. >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>> Jules >>> >>> - -- Julian Field MEng CITP >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> MailScanner customisation, or any advanced system administration help? >>> Contact me at Jules@Jules.FM >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> For all your IT requirements visit www.transtec.co.uk >>> >>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: PGP Desktop 9.6.1 (Build 1012) >>> Charset: ISO-8859-1 >>> >>> wj8DBQFGbakxEfZZRxQVtlQRAsquAJ9FEm1oxMON1iLouPQW/W7DAK2QqwCg+tNp >>> rUuq2j3hIDh9YxjUsOlmhf8= >>> =Dh3L >>> -----END PGP SIGNATURE----- >>> >>> >>> > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.1 (Build 1012) > Charset: ISO-8859-1 > > wj8DBQFGba/+EfZZRxQVtlQRAhZFAKD/LQFC1kju0KZXQtEyzLvdgLgmgwCg6Q54 > 5slWXXzEvXCpvZlFhWbg2wE= > =gejR > -----END PGP SIGNATURE----- > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Mon Jun 11 22:14:51 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 11 22:14:54 2007 Subject: High ClamScan ... In-Reply-To: <466DB41D.7030408@cnpapers.com> References: <466D5E96.65ED.00A2.0@plattesheriff.org> <466DA924.4050701@ecs.soton.ac.uk> <466DADF5.8070603@cnpapers.com> <466DAFFB.3080506@ecs.soton.ac.uk> <466DB41D.7030408@cnpapers.com> Message-ID: <223f97700706111414x5dd66a99pad4dce91314780b7@mail.gmail.com> On 11/06/07, Steve Campbell wrote: > > > Julian Field wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > > > > Steve Campbell wrote: > > > >> Julian Field wrote: > >> > >>> -----BEGIN PGP SIGNED MESSAGE----- > >>> Hash: SHA1 > >>> > >>> Use the clamavmodule or clamd scanners instead. > >>> You can install the clamavmodule as part of my ClamAV+SA > >>> easy-to-install package available from www.mailscanner.info. > >>> Or else get the clamd RPM from dag.wieers.com, start it up and tell > >>> MailScanner to use the clamd scanner. > >>> > >>> > >> I figured I'd give the clamavmodule a try, and see how it faired. I > >> have always used Julians ClamAV+SA easy-to-install package and up til > >> now, the clamscan stuff.. It is not clear to me, now, though, how to > >> tell if I am really using the Perl module or not. > >> > >> Are there any hints? > >> > > The log entries will have changed. Chuck it a copy of eicar (see > > www.eicar.org) and you'll see different log entries. Also the speed > > should give it away. > > > > The speed is definitely different, but getting the files from eicar.org > to download, and sending them through to one of our servers here is no > easy task. We have so much stuffing blocking everything, it's near > impossible to send something like that. All you need is a telnet client .... See how in the wiki (http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mta:connexion#eicar_test_message) ... from some machine somewhere suitable, of course:). If the object is only to detect the use of clamavmodule.... The memory footprint is a dead giveaway:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rcooper at dwford.com Mon Jun 11 22:22:21 2007 From: rcooper at dwford.com (Rick Cooper) Date: Mon Jun 11 22:22:27 2007 Subject: AVG Antivirus scanner problem In-Reply-To: <466D9F10.4000802@ecs.soton.ac.uk> References: <062201c7ab13$0b0e8de0$8c007f0a@epctech.com><0ba901c7ab80$8ef76510$0301a8c0@SAHOMELT><466C361F.2090905@ecs.soton.ac.uk> <0bcc01c7ab88$9abc4480$0301a8c0@SAHOMELT><0d1a01c7ac2d$aaf6b830$0301a8c0@SAHOMELT> <466D5865.2020201@ecs.soton.ac.uk> <004d01c7ac4b$f6b12e40$0301a8c0@SAHOMELT> <466D9F10.4000802@ecs.soton.ac.uk> Message-ID: <466DBD0D.9040309@dwford.com> Julian Field wrote: > > > Rick Cooper wrote: > > > > > > ------------------------- *From:* > > mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > > *Julian Field *Sent:* Monday, June 11, 2007 10:13 AM *To:* > > MailScanner discussion *Subject:* Re: AVG Antivirus scanner problem > > > > [...] > > I can and I did (forget to quotemeta). I was getting ready to make > > the patch and it occured to me that current avgscan supports > > trapping password protected files in archives. Should that be > > enabled depending on the setting for "Allow Password-Protected > > Archives"? If so the scanner options need changing and the parser > > needs to be updated to catch the "Contains password-protected > > files" string. Or would you prefer to catch them in the upack > > function only and not bother with the scanner(s) checking as well? > > > I want them caught in the unpack function only, not in the virus > scanner. I just changed this for ClamAV as people only wanted it > doing in the unpack function. > > Thanks for the patch, I'll take look at it now. [...] er... I didn't send a patch yet, sorry Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Tue Jun 12 03:10:20 2007 From: rcooper at dwford.com (Rick Cooper) Date: Tue Jun 12 03:10:27 2007 Subject: Avg/Panda Patches Message-ID: <014f01c7ac96$d4a89b80$0301a8c0@SAHOMELT> The attached diffs address the avg and panda issues. One of the current Panda common options will make the latest version hang while "showing" the user the correct syntax. I also made one small change to the panda parser to address another issue (which is commented in the source). Assuming you would prefer not to check the clamd version and disable threading if too low a version please modify the clamd stuff in MailScanner.conf (I forgot to make a diff). If you want the version check it's pretty easy. # Clamd only: configuration options for using the clamd daemon. # 1. The port to use when communicating with clamd via TCP connection # 2. The Socket, or IP to use for communicating with the clamd Daemon. # You enter either the full path to the UNIX socket file or the IP # address the daemon is listening on. # 3. The ClamD Lock file should be created by clamd init script in most # cases. If it is not then the entry should be blank. # 4. If MailScanner is running on a system with more then 1 CPU core (or # more than 1 CPU) then you can set "Clamd Use Threads" to "yes" to # speed up the scanning, otherwise there is no advantage and it should # be set to "no". # CLAM VERSION MUST BE AT LEAST 0.90 TO USE THREADS. # # None of these options can be the filenames of rulesets, they must be just # simple values. Rick Cooper -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: SweepViruses.pm.diff Type: application/octet-stream Size: 3509 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070611/3185fc97/SweepViruses.pm.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: panda-wrapper.diff Type: application/octet-stream Size: 508 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070611/3185fc97/panda-wrapper.obj From wilson.galafassi at gmail.com Tue Jun 12 06:01:01 2007 From: wilson.galafassi at gmail.com (Wilson A. Galafassi Jr.) Date: Tue Jun 12 06:01:10 2007 Subject: clamd 100% cpu utilization Message-ID: Hello. If i start clamd installed with spamassassin package the CPU utilization goes to 100% imediately. How i can fix this? It?s possible? Thanks Wilson -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070612/05a5d4c2/attachment.html From alfrag at econ.soc.uoc.gr Tue Jun 12 07:26:27 2007 From: alfrag at econ.soc.uoc.gr (Alexandros Fragkiadakis) Date: Tue Jun 12 07:35:42 2007 Subject: High ClamScan ... In-Reply-To: <466D5E96.65ED.00A2.0@plattesheriff.org> References: <466D5E96.65ED.00A2.0@plattesheriff.org> Message-ID: <1094.147.52.239.225.1181629587.squirrel@econ.soc.uoc.gr> On Mon, June 11, 2007 10:39 pm, Rob Poe wrote: >> From Top >> > > 30174 clam 25 0 26352 25M 1100 R 25.9 1.0 0:07 0 > clamscan 30142 clam 25 0 27044 26M 1100 R 25.5 1.0 0:19 0 > clamscan 30387 clam 25 0 13936 13M 1096 R 21.1 0.5 0:01 0 > clamscan 30128 clam 25 0 27488 26M 1100 R 19.9 1.0 0:30 0 > clamscan > > load average: 6.86, 4.74, 3.31 > > Centos 3.x, Dual Xeon 2.8 /w 2.5 gigs of ram/HP Proliand DL380G3 /w > hardware RAID 1 (SCSI 10k drives) > > What gives? > > > Is there a better way to do this? Seems that clamscan is tooo freaking > slow any more.. > > Another box: > 16842 clam 25 0 18260 13m 1204 R 99 0.6 0:29.65 clamscan > 17024 clam 25 0 12100 6696 1204 R 92 0.3 0:06.72 clamscan > 16884 clam 25 0 19416 12m 1204 R 72 0.6 0:23.79 clamscan > 17050 clam 25 0 6808 2276 1044 R 54 0.1 0:01.95 clamscan > load average: 5.01, 3.86, 3.43 Centos 4.x, dual 2.8 xeon, 2g ram, dual SATA > on a 3Ware controller > > These aren't slow boxes .. but Clam is killing them.. > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > Before posting, read http://wiki.mailscanner.info/posting > > > Support MailScanner development - buy the book off the website! > > You can use clamdscan. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From prandal at herefordshire.gov.uk Tue Jun 12 07:36:38 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jun 12 07:36:48 2007 Subject: High ClamScan ... In-Reply-To: <466D5E96.65ED.00A2.0@plattesheriff.org> References: <466D5E96.65ED.00A2.0@plattesheriff.org> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAD53758@HC-MBX02.herefordshire.gov.uk> You should switch to ClamAVModule or the latest beta of MailScanner with clamd support instead. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Rob Poe > Sent: 11 June 2007 20:39 > To: MailScanner discussion > Subject: High ClamScan ... > > >From Top > > 30174 clam 25 0 26352 25M 1100 R 25.9 1.0 0:07 > 0 clamscan > 30142 clam 25 0 27044 26M 1100 R 25.5 1.0 0:19 > 0 clamscan > 30387 clam 25 0 13936 13M 1096 R 21.1 0.5 0:01 > 0 clamscan > 30128 clam 25 0 27488 26M 1100 R 19.9 1.0 0:30 > 0 clamscan > > load average: 6.86, 4.74, 3.31 > > Centos 3.x, Dual Xeon 2.8 /w 2.5 gigs of ram/HP Proliand > DL380G3 /w hardware RAID 1 (SCSI 10k drives) > > What gives? > > Is there a better way to do this? Seems that clamscan is > tooo freaking slow any more.. > > Another box: > 16842 clam 25 0 18260 13m 1204 R 99 0.6 0:29.65 > clamscan > > 17024 clam 25 0 12100 6696 1204 R 92 0.3 0:06.72 > clamscan > > 16884 clam 25 0 19416 12m 1204 R 72 0.6 0:23.79 > clamscan > > 17050 clam 25 0 6808 2276 1044 R 54 0.1 0:01.95 > clamscan > load average: 5.01, 3.86, 3.43 > Centos 4.x, dual 2.8 xeon, 2g ram, dual SATA on a 3Ware controller > > These aren't slow boxes .. but Clam is killing them.. > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From prandal at herefordshire.gov.uk Tue Jun 12 07:39:20 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jun 12 07:39:29 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAD53759@HC-MBX02.herefordshire.gov.uk> There are a few problems reported over on the spamassassin-users mailing list, so proceed with caution. Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK -----Original Message----- From: jm@jmason.org [mailto:jm@jmason.org] Sent: 11 June 2007 21:14 To: users@spamassassin.apache.org; dev@spamassassin.apache.org; announce@spamassassin.apache.org Subject: ANNOUNCE: Apache SpamAssassin 3.2.1 available Apache SpamAssassin 3.2.1 is now available! This is a maintenance and security release of the 3.2.x branch. It is highly recommended that people upgrade to this version from 3.2.0. Downloads are available from: http://spamassassin.apache.org/downloads.cgi?update=200706111806 The release file will also be available via CPAN in the near future. md5sum of archive files: 7b2fdbcdca5e9a181d4bb1b17663c138 Mail-SpamAssassin-3.2.1.tar.bz2 a7d51294c565999da01f212e5ad2a031 Mail-SpamAssassin-3.2.1.tar.gz e058ed0dfe82ee62f617c12cc02e538b Mail-SpamAssassin-3.2.1.zip sha1sum of archive files: 3095b38d90d0362c4e47e117fb612778a2ac362b Mail-SpamAssassin-3.2.1.tar.bz2 fbb5f538238e188f985c8e6672dad531fa035eea Mail-SpamAssassin-3.2.1.tar.gz d6566975544cd706052d310481d7a100ffce14d1 Mail-SpamAssassin-3.2.1.zip The release files also have a .asc accompanying them. The file serves as an external GPG signature for the given release file. The signing key is available via the wwwkeys.pgp.net key server, as well as http://spamassassin.apache.org/released/GPG-SIGNING-KEY The key information is: pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B 3.2.1 is a major bug-fix release, including a potential local DoS. The major highlights are: - bug 5480: fix for CVE-2007-2873: a local user symlink-attack DoS vulnerability. It only affects systems where spamd is run as root, is used with vpopmail or virtual users via the "-v"/"--vpopmail" OR "--virtual-config-dir" switch, AND with the "-x"/"--no-user-config AND WITHOUT the "-u"/"--username" switch AND with the "-l"/"--allow-tell" switch. This is not default on any distro package, and is not a common configuration. More details of the vulnerability can be read at . - bug 5488: zero some rules causing false positives: FH_HOST_EQ_D_D_D_DB and FH_HOST_EQ_D_D_D_D. - bug 5257: re-raise autolearn ham threshold to 1.0; the lower value used in 3.2.0 was creating problems. - bug 5422: in spamd, deleting hash entries from the SIGCHLD signal handler is unsafe, causes corruption of the data structure, and results in 'prefork: ordered child N to accept, but they reported state '1', killing rogue' errors. fix. - bug 5102: tighten up regexp for FORGED_HOTMAIL_RCVD to avoid some FPs. - bug 5457: spamc build and test should handle not having zlib available. - bug 5379: spamd could crash at startup if its preloading temporary directory already exists. fix. - bug 4616: spamc config can cause command line options to be ignored. fix. - bug 5485: zero score DK/DKIM_POLICY_SIGNSOME rules since they'll always fire due to defaults (unless there's an explicit SIGNALL policy). - bug 5492: VBounce rule was looking in header instead of body for whitelisted relays. fix. - bug 5487: prevent multiple "urirhssub"s using the same zone from overwriting each other. - bug 5432 - Change default in Win32 build to not build spamc. - bug 5446: add --updatedir option to sa-compile and remove inaccurate re2c required version info from pod. - bug 5436: add omitted "ifplugin" statements to the configuration, which would otherwise cause lint errors if the default plugins were disabled. - bug 5477: prevent Rule2XSBody info message from appearing on stderr during spamd startup. From prandal at herefordshire.gov.uk Tue Jun 12 07:41:51 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jun 12 07:41:57 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.1.9 available! Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAD5375A@HC-MBX02.herefordshire.gov.uk> FYI -- Phil Randal Network Engineer Herefordshire Council Hereford, UK -----Original Message----- From: jm@jmason.org [mailto:jm@jmason.org] Sent: 11 June 2007 21:16 To: users@spamassassin.apache.org; dev@spamassassin.apache.org; announce@spamassassin.apache.org Subject: ANNOUNCE: Apache SpamAssassin 3.1.9 available! Apache SpamAssassin 3.1.9 is now available! This is a maintenance and security release of the 3.1.x branch. It is highly recommended that people upgrade to this version from 3.0.x or 3.1.x. Downloads are available from: http://spamassassin.apache.org/downloads.cgi?update=200706111806 The release file will also be available via CPAN in the near future. md5sum of archive files: ad5d812b1a04228f3dc3147ebd649bb3 Mail-SpamAssassin-3.1.9.tar.bz2 c0a6dc8564e60bf50d1792e4edc18e97 Mail-SpamAssassin-3.1.9.tar.gz a1ed25d0878d102c17a91233ee741f87 Mail-SpamAssassin-3.1.9.zip sha1sum of archive files: bed85f0b7e269253e925831015f11809009080eb Mail-SpamAssassin-3.1.9.tar.bz2 181e0ca4e0568bb51e955b8b8e4595313fb7de8b Mail-SpamAssassin-3.1.9.tar.gz c5f87a454ce4562558fd1af9ea71b7b858899f3e Mail-SpamAssassin-3.1.9.zip The release files also have a .asc accompanying them. The file serves as an external GPG signature for the given release file. The signing key is available via the wwwkeys.pgp.net key server, as well as http://spamassassin.apache.org/released/GPG-SIGNING-KEY The key information is: pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B 3.1.9 is a major bug-fix release, including a potential local DoS. The major highlights are: - bug 5480: fix for CVE-2007-2873: a local user symlink-attack DoS vulnerability. It only affects systems where spamd is run as root, is used with vpopmail or virtual users via the "-v"/"--vpopmail" OR "--virtual-config-dir" switch, AND with the "-x"/"--no-user-config AND WITHOUT the "-u"/"--username" switch AND with the "-l"/"--allow-tell" switch. This is not default on any distro package, and is not a common configuration. More details of the vulnerability can be read at . - bug 5353 - meta rule parsing should handle not equal ("!=") syntax. - set the score for URI_TRUNCATED to 0.001. - bug 5337: change the start order for Fedora such that spamd starts before the MTA. From MailScanner at ecs.soton.ac.uk Tue Jun 12 09:39:22 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 12 09:41:09 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBAD53759@HC-MBX02.herefordshire.gov.uk> References: <7EF0EE5CB3B263488C8C18823239BEBAD53759@HC-MBX02.herefordshire.gov.uk> Message-ID: <466E5BBA.3070009@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Please can you summarise the reported problems, and post here? Also, please can you keep an eye open for fixes? Randal, Phil wrote: > There are a few problems reported over on the spamassassin-users mailing > list, so proceed with caution. > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > -----Original Message----- > From: jm@jmason.org [mailto:jm@jmason.org] > Sent: 11 June 2007 21:14 > To: users@spamassassin.apache.org; dev@spamassassin.apache.org; > announce@spamassassin.apache.org > Subject: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > Apache SpamAssassin 3.2.1 is now available! This is a maintenance and > security release of the 3.2.x branch. It is highly recommended that > people upgrade to this version from 3.2.0. > > Downloads are available from: > http://spamassassin.apache.org/downloads.cgi?update=200706111806 > > The release file will also be available via CPAN in the near future. > > md5sum of archive files: > 7b2fdbcdca5e9a181d4bb1b17663c138 Mail-SpamAssassin-3.2.1.tar.bz2 > a7d51294c565999da01f212e5ad2a031 Mail-SpamAssassin-3.2.1.tar.gz > e058ed0dfe82ee62f617c12cc02e538b Mail-SpamAssassin-3.2.1.zip > > sha1sum of archive files: > 3095b38d90d0362c4e47e117fb612778a2ac362b > Mail-SpamAssassin-3.2.1.tar.bz2 > fbb5f538238e188f985c8e6672dad531fa035eea > Mail-SpamAssassin-3.2.1.tar.gz > d6566975544cd706052d310481d7a100ffce14d1 Mail-SpamAssassin-3.2.1.zip > > The release files also have a .asc accompanying them. The file serves > as an external GPG signature for the given release file. The signing > key is available via the wwwkeys.pgp.net key server, as well as > http://spamassassin.apache.org/released/GPG-SIGNING-KEY > > The key information is: > > pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key > > Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B > > > 3.2.1 is a major bug-fix release, including a potential local DoS. The > major highlights are: > > - bug 5480: fix for CVE-2007-2873: a local user symlink-attack DoS > vulnerability. It only affects systems where spamd is run as root, is > used > with vpopmail or virtual users via the "-v"/"--vpopmail" OR > "--virtual-config-dir" switch, AND with the "-x"/"--no-user-config AND > WITHOUT the "-u"/"--username" switch AND with the "-l"/"--allow-tell" > switch. > This is not default on any distro package, and is not a common > configuration. > More details of the vulnerability can be read at > . > > - bug 5488: zero some rules causing false positives: FH_HOST_EQ_D_D_D_DB > and > FH_HOST_EQ_D_D_D_D. > > - bug 5257: re-raise autolearn ham threshold to 1.0; the lower value > used in 3.2.0 was creating problems. > > - bug 5422: in spamd, deleting hash entries from the SIGCHLD signal > handler is > unsafe, causes corruption of the data structure, and results in > 'prefork: > ordered child N to accept, but they reported state '1', killing rogue' > errors. fix. > > - bug 5102: tighten up regexp for FORGED_HOTMAIL_RCVD to avoid some FPs. > > - bug 5457: spamc build and test should handle not having zlib > available. > > - bug 5379: spamd could crash at startup if its preloading temporary > directory > already exists. fix. > > - bug 4616: spamc config can cause command line options to be ignored. > fix. > > - bug 5485: zero score DK/DKIM_POLICY_SIGNSOME rules since they'll > always fire > due to defaults (unless there's an explicit SIGNALL policy). > > - bug 5492: VBounce rule was looking in header instead of body for > whitelisted > relays. fix. > > - bug 5487: prevent multiple "urirhssub"s using the same zone from > overwriting > each other. > > - bug 5432 - Change default in Win32 build to not build spamc. > > - bug 5446: add --updatedir option to sa-compile and remove inaccurate > re2c > required version info from pod. > > - bug 5436: add omitted "ifplugin" statements to the configuration, > which would > otherwise cause lint errors if the default plugins were disabled. > > - bug 5477: prevent Rule2XSBody info message from appearing on stderr > during > spamd startup. > > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGblvJEfZZRxQVtlQRAitYAJ9ukdzbZfMxJOgA62fdd/pf6Eq/cwCfZ9ln DZrqSI6202fefWiIdrWzNOQ= =higr -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From martinh at solidstatelogic.com Tue Jun 12 09:55:37 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jun 12 09:55:41 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: <466E5BBA.3070009@ecs.soton.ac.uk> Message-ID: Jules Looks mainly like RPM build issues........no suggestions of fixes/work-arounds that I've seen on the list. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 12 June 2007 09:39 > To: MailScanner discussion > Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Please can you summarise the reported problems, and post here? > Also, please can you keep an eye open for fixes? > > Randal, Phil wrote: > > There are a few problems reported over on the spamassassin-users mailing > > list, so proceed with caution. > > > > Phil > > > > -- > > Phil Randal > > Network Engineer > > Herefordshire Council > > Hereford, UK > > > > -----Original Message----- > > From: jm@jmason.org [mailto:jm@jmason.org] > > Sent: 11 June 2007 21:14 > > To: users@spamassassin.apache.org; dev@spamassassin.apache.org; > > announce@spamassassin.apache.org > > Subject: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > > > Apache SpamAssassin 3.2.1 is now available! This is a maintenance and > > security release of the 3.2.x branch. It is highly recommended that > > people upgrade to this version from 3.2.0. > > > > Downloads are available from: > > http://spamassassin.apache.org/downloads.cgi?update=200706111806 > > > > The release file will also be available via CPAN in the near future. > > > > md5sum of archive files: > > 7b2fdbcdca5e9a181d4bb1b17663c138 Mail-SpamAssassin-3.2.1.tar.bz2 > > a7d51294c565999da01f212e5ad2a031 Mail-SpamAssassin-3.2.1.tar.gz > > e058ed0dfe82ee62f617c12cc02e538b Mail-SpamAssassin-3.2.1.zip > > > > sha1sum of archive files: > > 3095b38d90d0362c4e47e117fb612778a2ac362b > > Mail-SpamAssassin-3.2.1.tar.bz2 > > fbb5f538238e188f985c8e6672dad531fa035eea > > Mail-SpamAssassin-3.2.1.tar.gz > > d6566975544cd706052d310481d7a100ffce14d1 Mail-SpamAssassin-3.2.1.zip > > > > The release files also have a .asc accompanying them. The file serves > > as an external GPG signature for the given release file. The signing > > key is available via the wwwkeys.pgp.net key server, as well as > > http://spamassassin.apache.org/released/GPG-SIGNING-KEY > > > > The key information is: > > > > pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key > > > > Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B > > > > > > 3.2.1 is a major bug-fix release, including a potential local DoS. The > > major highlights are: > > > > - bug 5480: fix for CVE-2007-2873: a local user symlink-attack DoS > > vulnerability. It only affects systems where spamd is run as root, is > > used > > with vpopmail or virtual users via the "-v"/"--vpopmail" OR > > "--virtual-config-dir" switch, AND with the "-x"/"--no-user-config AND > > WITHOUT the "-u"/"--username" switch AND with the "-l"/"--allow-tell" > > switch. > > This is not default on any distro package, and is not a common > > configuration. > > More details of the vulnerability can be read at > > . > > > > - bug 5488: zero some rules causing false positives: FH_HOST_EQ_D_D_D_DB > > and > > FH_HOST_EQ_D_D_D_D. > > > > - bug 5257: re-raise autolearn ham threshold to 1.0; the lower value > > used in 3.2.0 was creating problems. > > > > - bug 5422: in spamd, deleting hash entries from the SIGCHLD signal > > handler is > > unsafe, causes corruption of the data structure, and results in > > 'prefork: > > ordered child N to accept, but they reported state '1', killing rogue' > > errors. fix. > > > > - bug 5102: tighten up regexp for FORGED_HOTMAIL_RCVD to avoid some FPs. > > > > - bug 5457: spamc build and test should handle not having zlib > > available. > > > > - bug 5379: spamd could crash at startup if its preloading temporary > > directory > > already exists. fix. > > > > - bug 4616: spamc config can cause command line options to be ignored. > > fix. > > > > - bug 5485: zero score DK/DKIM_POLICY_SIGNSOME rules since they'll > > always fire > > due to defaults (unless there's an explicit SIGNALL policy). > > > > - bug 5492: VBounce rule was looking in header instead of body for > > whitelisted > > relays. fix. > > > > - bug 5487: prevent multiple "urirhssub"s using the same zone from > > overwriting > > each other. > > > > - bug 5432 - Change default in Win32 build to not build spamc. > > > > - bug 5446: add --updatedir option to sa-compile and remove inaccurate > > re2c > > required version info from pod. > > > > - bug 5436: add omitted "ifplugin" statements to the configuration, > > which would > > otherwise cause lint errors if the default plugins were disabled. > > > > - bug 5477: prevent Rule2XSBody info message from appearing on stderr > > during > > spamd startup. > > > > > > > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.1 (Build 1012) > Charset: ISO-8859-1 > > wj8DBQFGblvJEfZZRxQVtlQRAitYAJ9ukdzbZfMxJOgA62fdd/pf6Eq/cwCfZ9ln > DZrqSI6202fefWiIdrWzNOQ= > =higr > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Tue Jun 12 10:15:41 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 12 10:16:37 2007 Subject: Avg/Panda Patches In-Reply-To: <014f01c7ac96$d4a89b80$0301a8c0@SAHOMELT> References: <014f01c7ac96$d4a89b80$0301a8c0@SAHOMELT> Message-ID: <466E643D.6090707@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have applied your diffs. The only changes I made were \s{1,} became \s+ and \s{0,} became \s* Many thanks for those patches, they will be in the next release. Rick Cooper wrote: > The attached diffs address the avg and panda issues. > One of the current Panda common options will make the latest version hang > while "showing" the user the correct syntax. I also made one small change to > the panda parser to address another issue (which is commented in the > source). Assuming you would prefer not to check the clamd version and > disable threading if too low a version please modify the clamd stuff in > MailScanner.conf (I forgot to make a diff). If you want the version check > it's pretty easy. > > # Clamd only: configuration options for using the clamd daemon. > # 1. The port to use when communicating with clamd via TCP connection > # 2. The Socket, or IP to use for communicating with the clamd Daemon. > # You enter either the full path to the UNIX socket file or the IP > # address the daemon is listening on. > # 3. The ClamD Lock file should be created by clamd init script in most > # cases. If it is not then the entry should be blank. > # 4. If MailScanner is running on a system with more then 1 CPU core (or > # more than 1 CPU) then you can set "Clamd Use Threads" to "yes" to > # speed up the scanning, otherwise there is no advantage and it should > # be set to "no". > # CLAM VERSION MUST BE AT LEAST 0.90 TO USE THREADS. > # > # None of these options can be the filenames of rulesets, they must be just > # simple values. > > > > > > > Rick Cooper > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGbmRBEfZZRxQVtlQRAq9TAKDoijmM7MeRGGKFPX5Kp4m6+4BKTgCfb+gB Qc+mXs4mCb+Z4rTAaK8CxEg= =zS5A -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From nerijusb at dtiltas.lt Tue Jun 12 10:38:39 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Tue Jun 12 10:40:04 2007 Subject: typo in MailScanner.conf Message-ID: <20070612093949.3FDC51224A2@mx-b.vdnet.lt> Hello, Above "Allow External Message Bodies = no" there is a missing word: # It is only currently supported by Netscape 6 anyway, and the only people # who it are the IETF. Should probably be "who use it". Regards, Nerijus From res at ausics.net Tue Jun 12 10:44:32 2007 From: res at ausics.net (Res) Date: Tue Jun 12 10:44:44 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NotDashEscaped: You need GnuPG to verify this message On Tue, 12 Jun 2007, Martin.Hepworth wrote: > Looks mainly like RPM build issues........no suggestions of > fixes/work-arounds that I've seen on the list. > So it's a packaging and not an operational issue? those using cpan to install wont be affected then? -- Cheers Res -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGbmsAsWhAmSIQh7MRAuZfAJ9QfHolXc34sybEaBOO1QRVjS2RQgCfdoTK 831pYMrT/BnWofuv8dJlQrI= =Mys+ -----END PGP SIGNATURE----- From martinh at solidstatelogic.com Tue Jun 12 10:50:43 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jun 12 10:50:39 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: Message-ID: <71604eb580d8d14f9a70267b3c9b7a82@solidstatelogic.com> Looks like it - only reports I've seen are people trying to build ....Mandriva trying to the rpm and RH ES4 trying to compile from source. Looks like a "make test" issue with parts of spamd and spamc. Which we won't care about anyway. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Res > Sent: 12 June 2007 10:45 > To: MailScanner discussion > Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > NotDashEscaped: You need GnuPG to verify this message > > On Tue, 12 Jun 2007, Martin.Hepworth wrote: > > > Looks mainly like RPM build issues........no suggestions of > > fixes/work-arounds that I've seen on the list. > > > > So it's a packaging and not an operational issue? those using cpan to > install wont be affected then? > > > -- > Cheers > Res > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFGbmsAsWhAmSIQh7MRAuZfAJ9QfHolXc34sybEaBOO1QRVjS2RQgCfdoTK > 831pYMrT/BnWofuv8dJlQrI= > =Mys+ > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From res at ausics.net Tue Jun 12 11:00:53 2007 From: res at ausics.net (Res) Date: Tue Jun 12 11:01:05 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: <71604eb580d8d14f9a70267b3c9b7a82@solidstatelogic.com> References: <71604eb580d8d14f9a70267b3c9b7a82@solidstatelogic.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NotDashEscaped: You need GnuPG to verify this message Cool, thanks, cpan -i'ng now on one server On Tue, 12 Jun 2007, Martin.Hepworth wrote: > Looks like it - only reports I've seen are people trying to build > ....Mandriva trying to the rpm and RH ES4 trying to compile from source. > > Looks like a "make test" issue with parts of spamd and spamc. Which we > won't care about anyway. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Res >> Sent: 12 June 2007 10:45 >> To: MailScanner discussion >> Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> NotDashEscaped: You need GnuPG to verify this message >> >> On Tue, 12 Jun 2007, Martin.Hepworth wrote: >> >>> Looks mainly like RPM build issues........no suggestions of >>> fixes/work-arounds that I've seen on the list. >>> >> >> So it's a packaging and not an operational issue? those using cpan to >> install wont be affected then? >> >> >> -- >> Cheers >> Res >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.7 (GNU/Linux) >> >> iD8DBQFGbmsAsWhAmSIQh7MRAuZfAJ9QfHolXc34sybEaBOO1QRVjS2RQgCfdoTK >> 831pYMrT/BnWofuv8dJlQrI= >> =Mys+ >> -----END PGP SIGNATURE----- >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Cheers Res -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGbm7VsWhAmSIQh7MRAou4AKCDZHT8gYa/tiW3xJZTwAufGPwrogCfZ0Qi jcm8P4nRpxsXcJh0yz1QK+M= =r4kp -----END PGP SIGNATURE----- From neilw at dcdata.co.za Tue Jun 12 11:14:05 2007 From: neilw at dcdata.co.za (Neil Wilson) Date: Tue Jun 12 11:13:57 2007 Subject: Clam testing Message-ID: <466E71ED.7030003@dcdata.co.za> After reading a few of the posts on the list this morning, I decided to try and send a few tests through my clamav, clamd and clamavmodule system, and neither of them pick up a few of the tests listed at http://www.declude.com/Articles.asp?ID=99 Of course I had to allow MailScanner to accept executable files first, but once I'd done this, I received quite a few of the eicar.com files in my mailbox that the site mentions as critical to block. For example: eicarspacegap "Tests for detection of the 'Space Gap' vulnerability (all mailserver AV programs need to catch this)." All of them pick up the "eicarplain" one though. Does everyone get the same behaviour, or should clam be blocking these? My clamscan reports the following version details. ClamAV 0.90.3/3406/Tue Jun 12 10:22:44 2007 Thanks. Neil Powered by Linux, driven by passion! -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html From res at ausics.net Tue Jun 12 11:28:53 2007 From: res at ausics.net (Res) Date: Tue Jun 12 11:29:05 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: References: <71604eb580d8d14f9a70267b3c9b7a82@solidstatelogic.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NotDashEscaped: You need GnuPG to verify this message On Tue, 12 Jun 2007, Res wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > NotDashEscaped: You need GnuPG to verify this message > > Cool, thanks, cpan -i'ng now on one server or maybe not... hasn't been pushed to the primary mirror yet :) I'll try tomorrow morning.. > > On Tue, 12 Jun 2007, Martin.Hepworth wrote: > >> Looks like it - only reports I've seen are people trying to build >> ....Mandriva trying to the rpm and RH ES4 trying to compile from source. >> >> Looks like a "make test" issue with parts of spamd and spamc. Which we >> won't care about anyway. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Res >>> Sent: 12 June 2007 10:45 >>> To: MailScanner discussion >>> Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> NotDashEscaped: You need GnuPG to verify this message >>> >>> On Tue, 12 Jun 2007, Martin.Hepworth wrote: >>> >>>> Looks mainly like RPM build issues........no suggestions of >>>> fixes/work-arounds that I've seen on the list. >>>> >>> >>> So it's a packaging and not an operational issue? those using cpan to >>> install wont be affected then? >>> >>> >>> -- >>> Cheers >>> Res >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1.4.7 (GNU/Linux) >>> >>> iD8DBQFGbmsAsWhAmSIQh7MRAuZfAJ9QfHolXc34sybEaBOO1QRVjS2RQgCfdoTK >>> 831pYMrT/BnWofuv8dJlQrI= >>> =Mys+ >>> -----END PGP SIGNATURE----- >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> >> ********************************************************************** >> Confidentiality : This e-mail and any attachments are intended for the >> addressee only and may be confidential. If they come to you in error >> you must take no action based on them, nor must you copy or show them >> to anyone. Please advise the sender by replying to this e-mail >> immediately and then delete the original from your computer. >> Opinion : Any opinions expressed in this e-mail are entirely those of >> the author and unless specifically stated to the contrary, are not >> necessarily those of the author's employer. >> Security Warning : Internet e-mail is not necessarily a secure >> communications medium and can be subject to data corruption. We advise >> that you consider this fact when e-mailing us. >> Viruses : We have taken steps to ensure that this e-mail and any >> attachments are free from known viruses but in keeping with good >> computing practice, you should ensure that they are virus free. >> >> Red Lion 49 Ltd T/A Solid State Logic >> Registered as a limited company in England and Wales >> (Company No:5362730) >> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >> United Kingdom >> ********************************************************************** >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > -- Cheers Res -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGbnVlsWhAmSIQh7MRAkDbAJ4ryTpBrSMED4rJ2gCDvYtVRuucbgCbB3Je ot7z0ZknEFdfeXndXOVgnyU= =nMRL -----END PGP SIGNATURE----- From andy.mac at global-domination.org Tue Jun 12 11:43:24 2007 From: andy.mac at global-domination.org (Andrew MacLachlan) Date: Tue Jun 12 11:43:25 2007 Subject: Clam testing Message-ID: My ESVA (1.7.1.5) scanner caught everything tested with clamd... What messages are in your logs? Are the permissions correct in your working directory? -Andy -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Neil Wilson Sent: 12 June 2007 11:14 To: MailScanner discussion Subject: Clam testing After reading a few of the posts on the list this morning, I decided to try and send a few tests through my clamav, clamd and clamavmodule system, and neither of them pick up a few of the tests listed at http://www.declude.com/Articles.asp?ID=99 Of course I had to allow MailScanner to accept executable files first, but once I'd done this, I received quite a few of the eicar.com files in my mailbox that the site mentions as critical to block. For example: eicarspacegap "Tests for detection of the 'Space Gap' vulnerability (all mailserver AV programs need to catch this)." All of them pick up the "eicarplain" one though. Does everyone get the same behaviour, or should clam be blocking these? My clamscan reports the following version details. ClamAV 0.90.3/3406/Tue Jun 12 10:22:44 2007 Thanks. Neil Powered by Linux, driven by passion! -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message was scanned by ESVA and is believed to be clean. Click here to report this message as spam. http://mail-gw.global-domination.org/cgi-bin/learn-msg.cgi?id=3F3382821F .A7358 -- This message was scanned by ESVA and is believed to be clean. From rcooper at dwford.com Tue Jun 12 11:53:52 2007 From: rcooper at dwford.com (Rick Cooper) Date: Tue Jun 12 11:54:01 2007 Subject: clamd 100% cpu utilization In-Reply-To: References: Message-ID: <00d601c7acdf$f73ddea0$0301a8c0@SAHOMELT> _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Wilson A. Galafassi Jr. Sent: Tuesday, June 12, 2007 1:01 AM To: 'MailScanner discussion' Subject: clamd 100% cpu utilization Hello. If i start clamd installed with spamassassin package the CPU utilization goes to 100% imediately. How i can fix this? It?s possible? Thanks Wilson [Rick Cooper] What versions? What are your MailScanner.conf settings for virus scanners and specifically clam Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070612/e67e9a48/attachment.html From rcooper at dwford.com Tue Jun 12 12:01:43 2007 From: rcooper at dwford.com (Rick Cooper) Date: Tue Jun 12 12:01:49 2007 Subject: Clam testing In-Reply-To: <466E71ED.7030003@dcdata.co.za> References: <466E71ED.7030003@dcdata.co.za> Message-ID: <00e101c7ace1$105c6c20$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Neil Wilson > Sent: Tuesday, June 12, 2007 6:14 AM > To: MailScanner discussion > Subject: Clam testing > > After reading a few of the posts on the list this morning, I > decided to try and send a few tests through my clamav, clamd > and clamavmodule system, and neither of them pick up a few > of the tests listed at http://www.declude.com/Articles.asp?ID=99 > > Of course I had to allow MailScanner to accept executable > files first, but once I'd done this, I received quite a few > of the eicar.com files in my mailbox that the site mentions > as critical to block. > > For example: > > eicarspacegap "Tests for detection of the 'Space Gap' > vulnerability (all mailserver AV programs need to catch this)." > > All of them pick up the "eicarplain" one though. > > Does everyone get the same behaviour, or should clam be > blocking these? > That site is a fun test, however be assured the tests are all designed to allow their virus/mime scanner to catch them. Some of these tests are tests of MIME problems that would allow the virus through in a state that would render it useless anyway. I have found in the past that all the virus scanner allow some of the tests through, but none of them clear Exim without my placing a full pass for the declude host/domain. Oddly enough there is one test (I can't remember which) that clam catches from exim that it doesn't from mailscanner. Remember that web site is selling something Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Tue Jun 12 12:03:03 2007 From: rcooper at dwford.com (Rick Cooper) Date: Tue Jun 12 12:03:08 2007 Subject: Avg/Panda Patches In-Reply-To: <466E643D.6090707@ecs.soton.ac.uk> References: <014f01c7ac96$d4a89b80$0301a8c0@SAHOMELT> <466E643D.6090707@ecs.soton.ac.uk> Message-ID: <00e201c7ace1$3f7c7a90$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Julian Field > Sent: Tuesday, June 12, 2007 5:16 AM > To: MailScanner discussion > Subject: Re: Avg/Panda Patches > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have applied your diffs. The only changes I made were > \s{1,} became \s+ and \s{0,} became \s* > > Many thanks for those patches, they will be in the next release. > The really important thing is : I made sure there were no tabs! ;-) Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jun 12 12:00:23 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 12 12:03:21 2007 Subject: typo in MailScanner.conf In-Reply-To: <20070612093949.3FDC51224A2@mx-b.vdnet.lt> References: <20070612093949.3FDC51224A2@mx-b.vdnet.lt> Message-ID: <466E7CC7.5070908@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks. Fixed. Nerijus Baliunas wrote: > Hello, > > Above "Allow External Message Bodies = no" there is a missing word: > > # It is only currently supported by Netscape 6 anyway, and the only people > # who it are the IETF. > > Should probably be "who use it". > > Regards, > Nerijus > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGbnzLEfZZRxQVtlQRAkzFAKDtPA+ZlMfStO+j6Tn5O1TQbn7b6wCfVCSV JdC/cdH4XS+CRdYo1qe9uNY= =qi6d -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From prandal at herefordshire.gov.uk Tue Jun 12 12:14:06 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jun 12 12:53:57 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAD5381C@HC-MBX02.herefordshire.gov.uk> FYI. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK -----Original Message----- From: Rose, Bobby [mailto:brose@med.wayne.edu] Sent: 12 June 2007 02:09 To: users@spamassassin.apache.org Subject: RE: ANNOUNCE: Apache SpamAssassin 3.2.1 available I'm seeing the same kind of messages mentioned after compiling from source on Redhat ES4 and running make test. -----Original Message----- From: Daniel J McDonald [mailto:dan.mcdonald@austinenergy.com] Sent: Monday, June 11, 2007 6:35 PM To: users@spamassassin.apache.org Subject: Re: ANNOUNCE: Apache SpamAssassin 3.2.1 available On Mon, 2007-06-11 at 21:14 +0100, Justin Mason wrote: > Apache SpamAssassin 3.2.1 is now available! This is a maintenance and > security release of the 3.2.x branch. It is highly recommended that > people upgrade to this version from 3.2.0. Whilst compiling the RPM for mandriva corporate server 4: t/spamc_optC................ Not found: reported spam = Message successfully reported/revoked # Failed test 2 in t/SATest.pm at line 635 Output can be examined in: log/d.spamc_optC/out.1 t/spamc_optC................NOK 2 Not found: revoked ham = Message successfully reported/revoked # Failed test 4 in t/SATest.pm at line 635 fail #2 Output can be examined in: log/d.spamc_optC/out.1 log/d.spamc_optC/out.3 t/spamc_optC................NOK 4 Not found: failed to report spam = Unable to report/revoke message [...] Output can be examined in: log/d.spamc_optC/out.1 log/d.spamc_optC/out.3 log/d.spamc_optC/out.5 log/d.spamc_optC/out.7 t/spamc_optC................FAILED tests 2, 4, 6, 8 Failed 4/9 tests, 55.56% okay t/spamc_optL................# Failed test 1 in t/spamc_optL.t at line 20 Not found: learned spam = Message successfully un/learned [...] t/spamc_optL................FAILED tests 1-16 Failed 16/16 tests, 0.00% okay Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------ ------- t/spamc_optC.t 9 4 44.44% 2 4 6 8 t/spamc_optL.t 16 16 100.00% 1-16 t/spamd_allow_user_rules.t 5 1 20.00% 4 t/spamd_plugin.t 6 2 33.33% 4 6 17 tests skipped. Failed 4/129 test scripts, 96.90% okay. 23/1981 subtests failed, 98.84% okay. make: *** [test_dynamic] Error 255 error: Bad exit status from /var/tmp/rpm-tmp.45769 (%check) Any thoughts? -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX Austin Energy http://www.austinenergy.com From root at doctor.nl2k.ab.ca Tue Jun 12 13:02:54 2007 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Tue Jun 12 13:03:41 2007 Subject: clamd 100% cpu utilization In-Reply-To: References: Message-ID: <20070612120253.GA6200@doctor.nl2k.ab.ca> On Tue, Jun 12, 2007 at 02:01:01AM -0300, Wilson A. Galafassi Jr. wrote: > Hello. > > > > If i start clamd installed with spamassassin package the CPU utilization > goes to 100% imediately. How i can fix this? It?s possible? > > Thanks > > Wilson > > > > Which OS are you using? > > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From root at doctor.nl2k.ab.ca Tue Jun 12 13:11:31 2007 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Tue Jun 12 13:12:51 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: <71604eb580d8d14f9a70267b3c9b7a82@solidstatelogic.com> References: <71604eb580d8d14f9a70267b3c9b7a82@solidstatelogic.com> Message-ID: <20070612121130.GB6200@doctor.nl2k.ab.ca> On Tue, Jun 12, 2007 at 10:50:43AM +0100, Martin.Hepworth wrote: > Looks like it - only reports I've seen are people trying to build > ....Mandriva trying to the rpm and RH ES4 trying to compile from source. > > Looks like a "make test" issue with parts of spamd and spamc. Which we > won't care about anyway. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Res > > Sent: 12 June 2007 10:45 > > To: MailScanner discussion > > Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > NotDashEscaped: You need GnuPG to verify this message > > > > On Tue, 12 Jun 2007, Martin.Hepworth wrote: > > > > > Looks mainly like RPM build issues........no suggestions of > > > fixes/work-arounds that I've seen on the list. > > > > > > > So it's a packaging and not an operational issue? those using cpan to > > install wont be affected then? > > > > > > -- > > Cheers > > Res > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.7 (GNU/Linux) > > > > iD8DBQFGbmsAsWhAmSIQh7MRAuZfAJ9QfHolXc34sybEaBOO1QRVjS2RQgCfdoTK > > 831pYMrT/BnWofuv8dJlQrI= > > =Mys+ > > -----END PGP SIGNATURE----- > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > Best that we should all do is then obtain the gzipped package, and go the perl Makefile.PL route. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From brose at med.wayne.edu Tue Jun 12 13:15:41 2007 From: brose at med.wayne.edu (Rose, Bobby) Date: Tue Jun 12 13:16:01 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: <71604eb580d8d14f9a70267b3c9b7a82@solidstatelogic.com> References: <71604eb580d8d14f9a70267b3c9b7a82@solidstatelogic.com> Message-ID: <8F2A53954C22554EB75D9643FCCE0C6B0472D26C@MED-CORE03-MS1.med.wayne.edu> Wow! I can't believe you'd install stuff into production if it fails the tests the developers have coded in. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth Sent: Tuesday, June 12, 2007 5:51 AM To: MailScanner discussion Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available Looks like it - only reports I've seen are people trying to build ....Mandriva trying to the rpm and RH ES4 trying to compile from source. Looks like a "make test" issue with parts of spamd and spamc. Which we won't care about anyway. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Res > Sent: 12 June 2007 10:45 > To: MailScanner discussion > Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > NotDashEscaped: You need GnuPG to verify this message > > On Tue, 12 Jun 2007, Martin.Hepworth wrote: > > > Looks mainly like RPM build issues........no suggestions of > > fixes/work-arounds that I've seen on the list. > > > > So it's a packaging and not an operational issue? those using cpan to > install wont be affected then? > > > -- > Cheers > Res > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFGbmsAsWhAmSIQh7MRAuZfAJ9QfHolXc34sybEaBOO1QRVjS2RQgCfdoTK > 831pYMrT/BnWofuv8dJlQrI= > =Mys+ > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From andy.mac at global-domination.org Tue Jun 12 13:23:18 2007 From: andy.mac at global-domination.org (Andrew MacLachlan) Date: Tue Jun 12 13:23:22 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available Message-ID: >Wow! I can't believe you'd install stuff into production if it fails the >tests the developers have coded in. Where's your sense of adventure? The only time you shouldn't do such things is on Friday... -- This message was scanned by ESVA and is believed to be clean. From martinh at solidstatelogic.com Tue Jun 12 13:26:01 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jun 12 13:26:01 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: <8F2A53954C22554EB75D9643FCCE0C6B0472D26C@MED-CORE03-MS1.med.wayne.edu> Message-ID: <7d451ff878ac62489bd9004d06919694@solidstatelogic.com> Bobby Mailscanner doesn't use spamc/spamd so if it fails these tests we don't care -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rose, Bobby > Sent: 12 June 2007 13:16 > To: MailScanner discussion > Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > Wow! I can't believe you'd install stuff into production if it fails the > tests the developers have coded in. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Martin.Hepworth > Sent: Tuesday, June 12, 2007 5:51 AM > To: MailScanner discussion > Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > Looks like it - only reports I've seen are people trying to build > ....Mandriva trying to the rpm and RH ES4 trying to compile from source. > > Looks like a "make test" issue with parts of spamd and spamc. Which we > won't care about anyway. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Res > > Sent: 12 June 2007 10:45 > > To: MailScanner discussion > > Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > NotDashEscaped: You need GnuPG to verify this message > > > > On Tue, 12 Jun 2007, Martin.Hepworth wrote: > > > > > Looks mainly like RPM build issues........no suggestions of > > > fixes/work-arounds that I've seen on the list. > > > > > > > So it's a packaging and not an operational issue? those using cpan to > > install wont be affected then? > > > > > > -- > > Cheers > > Res > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.7 (GNU/Linux) > > > > iD8DBQFGbmsAsWhAmSIQh7MRAuZfAJ9QfHolXc34sybEaBOO1QRVjS2RQgCfdoTK > > 831pYMrT/BnWofuv8dJlQrI= > > =Mys+ > > -----END PGP SIGNATURE----- > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error you > must take no action based on them, nor must you copy or show them to > anyone. Please advise the sender by replying to this e-mail immediately > and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales (Company > No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 > 1RU, United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From matt at coders.co.uk Tue Jun 12 13:28:51 2007 From: matt at coders.co.uk (Matt Hampton) Date: Tue Jun 12 13:26:13 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: <8F2A53954C22554EB75D9643FCCE0C6B0472D26C@MED-CORE03-MS1.med.wayne.edu> References: <71604eb580d8d14f9a70267b3c9b7a82@solidstatelogic.com> <8F2A53954C22554EB75D9643FCCE0C6B0472D26C@MED-CORE03-MS1.med.wayne.edu> Message-ID: <466E9183.5090304@coders.co.uk> Rose, Bobby wrote: > Wow! I can't believe you'd install stuff into production if it fails the > tests the developers have coded in. > > > To be fair - the code changes all related to spamd/spamc/sa-compile and none for the core perl libraries. There were changes to the some rules and some of the scores. From a risk point of view installing via CPAN and skipping spamd/spamc would be fine. matt From martinh at solidstatelogic.com Tue Jun 12 13:36:29 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jun 12 13:36:37 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: Message-ID: Ah looks like the cause has been found - you can't compile/build the RPM as root - do it as another user and it works fine! -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Res > Sent: 12 June 2007 11:01 > To: MailScanner discussion > Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > NotDashEscaped: You need GnuPG to verify this message > > Cool, thanks, cpan -i'ng now on one server > > On Tue, 12 Jun 2007, Martin.Hepworth wrote: > > > Looks like it - only reports I've seen are people trying to build > > ....Mandriva trying to the rpm and RH ES4 trying to compile from source. > > > > Looks like a "make test" issue with parts of spamd and spamc. Which we > > won't care about anyway. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Res > >> Sent: 12 June 2007 10:45 > >> To: MailScanner discussion > >> Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > >> > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> NotDashEscaped: You need GnuPG to verify this message > >> > >> On Tue, 12 Jun 2007, Martin.Hepworth wrote: > >> > >>> Looks mainly like RPM build issues........no suggestions of > >>> fixes/work-arounds that I've seen on the list. > >>> > >> > >> So it's a packaging and not an operational issue? those using cpan to > >> install wont be affected then? > >> > >> > >> -- > >> Cheers > >> Res > >> -----BEGIN PGP SIGNATURE----- > >> Version: GnuPG v1.4.7 (GNU/Linux) > >> > >> iD8DBQFGbmsAsWhAmSIQh7MRAuZfAJ9QfHolXc34sybEaBOO1QRVjS2RQgCfdoTK > >> 831pYMrT/BnWofuv8dJlQrI= > >> =Mys+ > >> -----END PGP SIGNATURE----- > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are intended for the > > addressee only and may be confidential. If they come to you in error > > you must take no action based on them, nor must you copy or show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data corruption. We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales > > (Company No:5362730) > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > United Kingdom > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > Cheers > Res > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFGbm7VsWhAmSIQh7MRAou4AKCDZHT8gYa/tiW3xJZTwAufGPwrogCfZ0Qi > jcm8P4nRpxsXcJh0yz1QK+M= > =r4kp > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From prandal at herefordshire.gov.uk Tue Jun 12 13:14:55 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jun 12 13:38:31 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: <466E5BBA.3070009@ecs.soton.ac.uk> References: <7EF0EE5CB3B263488C8C18823239BEBAD53759@HC-MBX02.herefordshire.gov.uk> <466E5BBA.3070009@ecs.soton.ac.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAD53840@HC-MBX02.herefordshire.gov.uk> I've just tested this on a CentOS 5.0 box. I plonked the 3.2.1 into Julian's install-Clam-0.9.3-SA-3.2.0/perl-tar directory, edited install.sh to adjust the SA version, and installed. No problems at all. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: 12 June 2007 09:39 > To: MailScanner discussion > Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Please can you summarise the reported problems, and post here? > Also, please can you keep an eye open for fixes? > > Randal, Phil wrote: > > There are a few problems reported over on the > spamassassin-users mailing > > list, so proceed with caution. > > > > Phil > > > > -- > > Phil Randal > > Network Engineer > > Herefordshire Council > > Hereford, UK > > > > -----Original Message----- > > From: jm@jmason.org [mailto:jm@jmason.org] > > Sent: 11 June 2007 21:14 > > To: users@spamassassin.apache.org; dev@spamassassin.apache.org; > > announce@spamassassin.apache.org > > Subject: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > > > Apache SpamAssassin 3.2.1 is now available! This is a > maintenance and > > security release of the 3.2.x branch. It is highly recommended that > > people upgrade to this version from 3.2.0. > > > > Downloads are available from: > > http://spamassassin.apache.org/downloads.cgi?update=200706111806 > > > > The release file will also be available via CPAN in the near future. > > > > md5sum of archive files: > > 7b2fdbcdca5e9a181d4bb1b17663c138 Mail-SpamAssassin-3.2.1.tar.bz2 > > a7d51294c565999da01f212e5ad2a031 Mail-SpamAssassin-3.2.1.tar.gz > > e058ed0dfe82ee62f617c12cc02e538b Mail-SpamAssassin-3.2.1.zip > > > > sha1sum of archive files: > > 3095b38d90d0362c4e47e117fb612778a2ac362b > > Mail-SpamAssassin-3.2.1.tar.bz2 > > fbb5f538238e188f985c8e6672dad531fa035eea > > Mail-SpamAssassin-3.2.1.tar.gz > > d6566975544cd706052d310481d7a100ffce14d1 > Mail-SpamAssassin-3.2.1.zip > > > > The release files also have a .asc accompanying them. The > file serves > > as an external GPG signature for the given release file. > The signing > > key is available via the wwwkeys.pgp.net key server, as well as > > http://spamassassin.apache.org/released/GPG-SIGNING-KEY > > > > The key information is: > > > > pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key > > > > Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 > 1987 265F A05B > > > > > > 3.2.1 is a major bug-fix release, including a potential > local DoS. The > > major highlights are: > > > > - bug 5480: fix for CVE-2007-2873: a local user symlink-attack DoS > > vulnerability. It only affects systems where spamd is run > as root, is > > used > > with vpopmail or virtual users via the "-v"/"--vpopmail" OR > > "--virtual-config-dir" switch, AND with the > "-x"/"--no-user-config AND > > WITHOUT the "-u"/"--username" switch AND with the > "-l"/"--allow-tell" > > switch. > > This is not default on any distro package, and is not a common > > configuration. > > More details of the vulnerability can be read at > > . > > > > - bug 5488: zero some rules causing false positives: > FH_HOST_EQ_D_D_D_DB > > and > > FH_HOST_EQ_D_D_D_D. > > > > - bug 5257: re-raise autolearn ham threshold to 1.0; the lower value > > used in 3.2.0 was creating problems. > > > > - bug 5422: in spamd, deleting hash entries from the SIGCHLD signal > > handler is > > unsafe, causes corruption of the data structure, and results in > > 'prefork: > > ordered child N to accept, but they reported state '1', > killing rogue' > > errors. fix. > > > > - bug 5102: tighten up regexp for FORGED_HOTMAIL_RCVD to > avoid some FPs. > > > > - bug 5457: spamc build and test should handle not having zlib > > available. > > > > - bug 5379: spamd could crash at startup if its preloading temporary > > directory > > already exists. fix. > > > > - bug 4616: spamc config can cause command line options to > be ignored. > > fix. > > > > - bug 5485: zero score DK/DKIM_POLICY_SIGNSOME rules since they'll > > always fire > > due to defaults (unless there's an explicit SIGNALL policy). > > > > - bug 5492: VBounce rule was looking in header instead of body for > > whitelisted > > relays. fix. > > > > - bug 5487: prevent multiple "urirhssub"s using the same zone from > > overwriting > > each other. > > > > - bug 5432 - Change default in Win32 build to not build spamc. > > > > - bug 5446: add --updatedir option to sa-compile and remove > inaccurate > > re2c > > required version info from pod. > > > > - bug 5436: add omitted "ifplugin" statements to the configuration, > > which would > > otherwise cause lint errors if the default plugins were disabled. > > > > - bug 5477: prevent Rule2XSBody info message from appearing > on stderr > > during > > spamd startup. > > > > > > > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.1 (Build 1012) > Charset: ISO-8859-1 > > wj8DBQFGblvJEfZZRxQVtlQRAitYAJ9ukdzbZfMxJOgA62fdd/pf6Eq/cwCfZ9ln > DZrqSI6202fefWiIdrWzNOQ= > =higr > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From hmkash at arl.army.mil Tue Jun 12 13:49:33 2007 From: hmkash at arl.army.mil (Kash, Howard (Civ, ARL/CISD)) Date: Tue Jun 12 13:48:47 2007 Subject: Invalid postfix queue files (UNCLASSIFIED) In-Reply-To: <223f97700706081547i22fd18d0udf4d97d5d3af592b@mail.gmail.com> References: <88991ECEE371C644986F0C8837C207B70173B1F1@ARLABML01.DS.ARL.ARMY.MIL><223f97700706081545q319991b7v8a57a7024bbc2003@mail.gmail.com> <223f97700706081547i22fd18d0udf4d97d5d3af592b@mail.gmail.com> Message-ID: <88991ECEE371C644986F0C8837C207B70173B1FE@ARLABML01.DS.ARL.ARMY.MIL> Classification: UNCLASSIFIED Caveats: NONE On 09/06/07, Glenn Steen wrote: > On 08/06/07, Kash, Howard (Civ, ARL/CISD) wrote: > > > > After upgrading to MS 4.60.8, MailScanner has started reporting "New Batch: > > Found invalid queue files: ". Each of the queue files > > appears to have a truncated message contents section and 90% of them end > > with "To: undisclosed-recipients:;". There's a total of about 30 of them > > since I upgraded on June 4. Anyone else seeing this? I also upgraded > > postfix from 2.3.9 to 2.3.11 at the same time, but figured I'd start here > > first since the postfix group will blame MailScanner anyway... > > > > > > Thanks, > > Howard > Hi Howard, > > Do you employ any milter(s)? > If not, the only changes that could possibly affect PF in that version > of MS would be the spin-through of the body.... and any error in that > would be.... more fatal:-) > As is, I drop any mails hitting the end of the queue file from the > batch, in that code segment. That way, it'll be picked up by the next > one running through hold, hopefully more completely written than > before. The only other way to break out of the loop is by finding the > X record after the body... So any error should have rather disastrous > (in a more prominent way:-) effects. > None of the p record changes actually change how things are stored > into the message object... apart from handling the p records (jumping > to where they point) and w records (just ignoring them, they signify > deleted records) I just let Jules code copy everything as before. > > Hm, one would want to get a look at both the queue files _before_ and > _after_ MS. Probably a tad too much to wish for:-). > Could you send us one of them? Or at least the postcat'd result? > > Cheers No, don't use milters. No errors in logs regarding p records. The only error is: Jun 11 09:40:41 mailserver MailScanner[6069]: New Batch: Found invalid queue files:0B06F50582D E1AB5505840 42F50505842 248EB505887 2EAC7505897 1575450589E 818BB5058AC C8D135058BB 0FC8C5058E1 09C92505914 Here's a postcat of one of the invalid queue files: *** ENVELOPE RECORDS 09C92505914 *** message_size: 495 623 1 0 message_arrival_time: Mon Jun 11 06:21:56 2007 create_time: Mon Jun 11 06:22:02 2007 named_attribute: rewrite_context=remote sender: wemihopzxds@yahoo.com named_attribute: log_client_name=cm34.omega17.maxonline.com.sg named_attribute: log_client_address=218.186.17.34 named_attribute: log_message_origin=cm34.omega17.maxonline.com.sg[218.186.17.34] named_attribute: log_helo_name=cm34.omega17.maxonline.com.sg named_attribute: log_protocol_name=SMTP named_attribute: client_name=cm34.omega17.maxonline.com.sg named_attribute: reverse_client_name=cm34.omega17.maxonline.com.sg named_attribute: client_address=218.186.17.34 named_attribute: helo_name=cm34.omega17.maxonline.com.sg named_attribute: client_address_type=2 named_attribute: dsn_orig_rcpt=rfc822;user@arl.mil original_recipient: user@arl.mil recipient: user@arl.mil *** MESSAGE CONTENTS 09C92505914 *** Received: from cm34.omega17.maxonline.com.sg (cm34.omega17.maxonline.com.sg [218.186.17.34]) by mailserver.arl.army.mil (Postfix) with SMTP id 09C92505914 for ; Mon, 11 Jun 2007 06:21:56 -0400 (EDT) Received: from crm9.yahoo.com (localhost.localdomain [127.0.0.1]) by crm5.yahoo.com (Postfix) with ESMTP id 1[6 Message-Id: <20070611102202.09C92505914@mailserver.arl.army.mil> Date: Mon, 11 Jun 2007 06:21:56 -0400 (EDT) From: wemihopzxds@yahoo.com To: undisclosed-recipients:; *** HEADER EXTRACTED 09C92505914 *** *** MESSAGE FILE END 09C92505914 *** All logs pertaining to this message: Jun 11 06:22:02 mailserver postfix/smtpd[17535]: 09C92505914: client=cm34.omega17.maxonline.com.sg[218.186.17.34] Jun 11 06:22:03 mailserver postfix/cleanup[18172]: 09C92505914: hold: header Received: from cm34.omega17.maxonline.com.sg (cm34.omega17.maxonline.com.sg [218.186.17.34])??by mailserver.arl.army.mil (Postfix) with SMTP id 09C92505914??for ; Mon, 11 Jun 2007 06:21:56 - from cm34.omega17.maxonline.com.sg[218.186.17.34]; from= to= proto=SMTP helo= Jun 11 06:22:03 mailserver postfix/cleanup[18172]: 09C92505914: message-id=<20070611102202.09C92505914@mailserver.arl.army.mil> Howard Classification: UNCLASSIFIED Caveats: NONE From prandal at herefordshire.gov.uk Tue Jun 12 13:32:36 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jun 12 13:53:11 2007 Subject: ANNOUNCE: Apache SpamAssassin 3.1.9 available! In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBAD5375A@HC-MBX02.herefordshire.gov.uk> References: <7EF0EE5CB3B263488C8C18823239BEBAD5375A@HC-MBX02.herefordshire.gov.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAD5384D@HC-MBX02.herefordshire.gov.uk> SA 3.1.9 went onto our live box without problems. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Randal, Phil > Sent: 12 June 2007 07:42 > To: mailscanner@lists.mailscanner.info > Subject: FW: ANNOUNCE: Apache SpamAssassin 3.1.9 available! > > > FYI > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > -----Original Message----- > From: jm@jmason.org [mailto:jm@jmason.org] > Sent: 11 June 2007 21:16 > To: users@spamassassin.apache.org; dev@spamassassin.apache.org; > announce@spamassassin.apache.org > Subject: ANNOUNCE: Apache SpamAssassin 3.1.9 available! > > Apache SpamAssassin 3.1.9 is now available! This is a maintenance and > security release of the 3.1.x branch. It is highly recommended that > people upgrade to this version from 3.0.x or 3.1.x. > > Downloads are available from: > http://spamassassin.apache.org/downloads.cgi?update=200706111806 > > The release file will also be available via CPAN in the near future. > > md5sum of archive files: > ad5d812b1a04228f3dc3147ebd649bb3 Mail-SpamAssassin-3.1.9.tar.bz2 > c0a6dc8564e60bf50d1792e4edc18e97 Mail-SpamAssassin-3.1.9.tar.gz > a1ed25d0878d102c17a91233ee741f87 Mail-SpamAssassin-3.1.9.zip > > sha1sum of archive files: > bed85f0b7e269253e925831015f11809009080eb > Mail-SpamAssassin-3.1.9.tar.bz2 > 181e0ca4e0568bb51e955b8b8e4595313fb7de8b > Mail-SpamAssassin-3.1.9.tar.gz > c5f87a454ce4562558fd1af9ea71b7b858899f3e > Mail-SpamAssassin-3.1.9.zip > > The release files also have a .asc accompanying them. The file serves > as an external GPG signature for the given release file. The signing > key is available via the wwwkeys.pgp.net key server, as well as > http://spamassassin.apache.org/released/GPG-SIGNING-KEY > > The key information is: > > pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key > > Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F > A05B > > > 3.1.9 is a major bug-fix release, including a potential local > DoS. The > major > highlights are: > > - bug 5480: fix for CVE-2007-2873: a local user symlink-attack DoS > vulnerability. It only affects systems where spamd is run > as root, is > used > with vpopmail or virtual users via the "-v"/"--vpopmail" OR > "--virtual-config-dir" switch, AND with the > "-x"/"--no-user-config AND > WITHOUT the "-u"/"--username" switch AND with the > "-l"/"--allow-tell" > switch. > This is not default on any distro package, and is not a common > configuration. > More details of the vulnerability can be read at > . > > - bug 5353 - meta rule parsing should handle not equal ("!=") syntax. > > - set the score for URI_TRUNCATED to 0.001. > > - bug 5337: change the start order for Fedora such that spamd starts > before the > MTA. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From prandal at herefordshire.gov.uk Tue Jun 12 13:49:45 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jun 12 14:03:40 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: <7d451ff878ac62489bd9004d06919694@solidstatelogic.com> References: <8F2A53954C22554EB75D9643FCCE0C6B0472D26C@MED-CORE03-MS1.med.wayne.edu> <7d451ff878ac62489bd9004d06919694@solidstatelogic.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAD5385A@HC-MBX02.herefordshire.gov.uk> Actually, MailScanner 4.61 has spamd support, so that's not entirely true. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Martin.Hepworth > Sent: 12 June 2007 13:26 > To: MailScanner discussion > Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > Bobby > > Mailscanner doesn't use spamc/spamd so if it fails these > tests we don't > care > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Rose, Bobby > > Sent: 12 June 2007 13:16 > > To: MailScanner discussion > > Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > > > Wow! I can't believe you'd install stuff into production if it fails > the > > tests the developers have coded in. > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > Martin.Hepworth > > Sent: Tuesday, June 12, 2007 5:51 AM > > To: MailScanner discussion > > Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > > > Looks like it - only reports I've seen are people trying to build > > ....Mandriva trying to the rpm and RH ES4 trying to compile from > source. > > > > Looks like a "make test" issue with parts of spamd and > spamc. Which we > > won't care about anyway. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Res > > > Sent: 12 June 2007 10:45 > > > To: MailScanner discussion > > > Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > NotDashEscaped: You need GnuPG to verify this message > > > > > > On Tue, 12 Jun 2007, Martin.Hepworth wrote: > > > > > > > Looks mainly like RPM build issues........no suggestions of > > > > fixes/work-arounds that I've seen on the list. > > > > > > > > > > So it's a packaging and not an operational issue? those using cpan > to > > > install wont be affected then? > > > > > > > > > -- > > > Cheers > > > Res > > > -----BEGIN PGP SIGNATURE----- > > > Version: GnuPG v1.4.7 (GNU/Linux) > > > > > > iD8DBQFGbmsAsWhAmSIQh7MRAuZfAJ9QfHolXc34sybEaBOO1QRVjS2RQgCfdoTK > > > 831pYMrT/BnWofuv8dJlQrI= > > > =Mys+ > > > -----END PGP SIGNATURE----- > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are > intended for the > > addressee only and may be confidential. If they come to you in error > you > > must take no action based on them, nor must you copy or show them to > > anyone. Please advise the sender by replying to this e-mail > immediately > > and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are > entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data > corruption. We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales (Company > > No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford > OX5 > > 1RU, United Kingdom > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are > intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. > We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From martinh at solidstatelogic.com Tue Jun 12 14:13:18 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jun 12 14:13:40 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBAD5385A@HC-MBX02.herefordshire.gov.uk> Message-ID: <601ee45c220cda46a6fff9af38285b7e@solidstatelogic.com> Phil Is has ? I thought that was clamd ! -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Randal, Phil > Sent: 12 June 2007 13:50 > To: MailScanner discussion > Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > Actually, > > MailScanner 4.61 has spamd support, so that's not entirely true. > > Cheers, > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Martin.Hepworth > > Sent: 12 June 2007 13:26 > > To: MailScanner discussion > > Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > > > Bobby > > > > Mailscanner doesn't use spamc/spamd so if it fails these > > tests we don't > > care > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Rose, Bobby > > > Sent: 12 June 2007 13:16 > > > To: MailScanner discussion > > > Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > > > > > Wow! I can't believe you'd install stuff into production if it fails > > the > > > tests the developers have coded in. > > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > > Martin.Hepworth > > > Sent: Tuesday, June 12, 2007 5:51 AM > > > To: MailScanner discussion > > > Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > > > > > Looks like it - only reports I've seen are people trying to build > > > ....Mandriva trying to the rpm and RH ES4 trying to compile from > > source. > > > > > > Looks like a "make test" issue with parts of spamd and > > spamc. Which we > > > won't care about anyway. > > > > > > -- > > > Martin Hepworth > > > Snr Systems Administrator > > > Solid State Logic > > > Tel: +44 (0)1865 842300 > > > > > > > -----Original Message----- > > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner- > > > > bounces@lists.mailscanner.info] On Behalf Of Res > > > > Sent: 12 June 2007 10:45 > > > > To: MailScanner discussion > > > > Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > Hash: SHA1 > > > > NotDashEscaped: You need GnuPG to verify this message > > > > > > > > On Tue, 12 Jun 2007, Martin.Hepworth wrote: > > > > > > > > > Looks mainly like RPM build issues........no suggestions of > > > > > fixes/work-arounds that I've seen on the list. > > > > > > > > > > > > > So it's a packaging and not an operational issue? those using cpan > > to > > > > install wont be affected then? > > > > > > > > > > > > -- > > > > Cheers > > > > Res > > > > -----BEGIN PGP SIGNATURE----- > > > > Version: GnuPG v1.4.7 (GNU/Linux) > > > > > > > > iD8DBQFGbmsAsWhAmSIQh7MRAuZfAJ9QfHolXc34sybEaBOO1QRVjS2RQgCfdoTK > > > > 831pYMrT/BnWofuv8dJlQrI= > > > > =Mys+ > > > > -----END PGP SIGNATURE----- > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > > > > > ********************************************************************** > > > Confidentiality : This e-mail and any attachments are > > intended for the > > > addressee only and may be confidential. If they come to you in error > > you > > > must take no action based on them, nor must you copy or show them to > > > anyone. Please advise the sender by replying to this e-mail > > immediately > > > and then delete the original from your computer. > > > Opinion : Any opinions expressed in this e-mail are > > entirely those of > > > the author and unless specifically stated to the contrary, are not > > > necessarily those of the author's employer. > > > Security Warning : Internet e-mail is not necessarily a secure > > > communications medium and can be subject to data > > corruption. We advise > > > that you consider this fact when e-mailing us. > > > Viruses : We have taken steps to ensure that this e-mail and any > > > attachments are free from known viruses but in keeping with good > > > computing practice, you should ensure that they are virus free. > > > > > > Red Lion 49 Ltd T/A Solid State Logic > > > Registered as a limited company in England and Wales (Company > > > No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford > > OX5 > > > 1RU, United Kingdom > > > > > ********************************************************************** > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are > > intended for the > > addressee only and may be confidential. If they come to you in error > > you must take no action based on them, nor must you copy or show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data corruption. > > We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales > > (Company No:5362730) > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > United Kingdom > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From neilw at dcdata.co.za Tue Jun 12 14:14:58 2007 From: neilw at dcdata.co.za (Neil Wilson) Date: Tue Jun 12 14:15:12 2007 Subject: Clam testing In-Reply-To: References: Message-ID: <466E9C52.2090904@dcdata.co.za> Andrew MacLachlan wrote: > My ESVA (1.7.1.5) scanner caught everything tested with clamd... > What messages are in your logs? Nothing regarding anything from clam, just the normal delivery messages in my mail logs. > Are the permissions correct in your working directory? Presume you're talking about my "Incoming Work Dir Settings" which are all default in my config, and all the permissions are correct in the folder... Thanks for the reply. Neil -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html From MailScanner at ecs.soton.ac.uk Tue Jun 12 14:10:53 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 12 14:16:02 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: References: Message-ID: <466E9B5D.90807@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070612/6addba31/PGP-0001.bin From MailScanner at ecs.soton.ac.uk Tue Jun 12 14:16:21 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 12 14:17:52 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBAD5385A@HC-MBX02.herefordshire.gov.uk> References: <8F2A53954C22554EB75D9643FCCE0C6B0472D26C@MED-CORE03-MS1.med.wayne.edu> <7d451ff878ac62489bd9004d06919694@solidstatelogic.com> <7EF0EE5CB3B263488C8C18823239BEBAD5385A@HC-MBX02.herefordshire.gov.uk> Message-ID: <466E9CA5.9060300@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 No it doesn't! Clamd, yes. Spamd, no. Randal, Phil wrote: > Actually, > > MailScanner 4.61 has spamd support, so that's not entirely true. > > Cheers, > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Martin.Hepworth >> Sent: 12 June 2007 13:26 >> To: MailScanner discussion >> Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available >> >> Bobby >> >> Mailscanner doesn't use spamc/spamd so if it fails these >> tests we don't >> care >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> >> [mailto:mailscanner- >> >>> bounces@lists.mailscanner.info] On Behalf Of Rose, Bobby >>> Sent: 12 June 2007 13:16 >>> To: MailScanner discussion >>> Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available >>> >>> Wow! I can't believe you'd install stuff into production if it fails >>> >> the >> >>> tests the developers have coded in. >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>> Martin.Hepworth >>> Sent: Tuesday, June 12, 2007 5:51 AM >>> To: MailScanner discussion >>> Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available >>> >>> Looks like it - only reports I've seen are people trying to build >>> ....Mandriva trying to the rpm and RH ES4 trying to compile from >>> >> source. >> >>> Looks like a "make test" issue with parts of spamd and >>> >> spamc. Which we >> >>> won't care about anyway. >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> >> [mailto:mailscanner- >> >>>> bounces@lists.mailscanner.info] On Behalf Of Res >>>> Sent: 12 June 2007 10:45 >>>> To: MailScanner discussion >>>> Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available >>>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> NotDashEscaped: You need GnuPG to verify this message >>>> >>>> On Tue, 12 Jun 2007, Martin.Hepworth wrote: >>>> >>>> >>>>> Looks mainly like RPM build issues........no suggestions of >>>>> fixes/work-arounds that I've seen on the list. >>>>> >>>>> >>>> So it's a packaging and not an operational issue? those using cpan >>>> >> to >> >>>> install wont be affected then? >>>> >>>> >>>> -- >>>> Cheers >>>> Res >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: GnuPG v1.4.7 (GNU/Linux) >>>> >>>> iD8DBQFGbmsAsWhAmSIQh7MRAuZfAJ9QfHolXc34sybEaBOO1QRVjS2RQgCfdoTK >>>> 831pYMrT/BnWofuv8dJlQrI= >>>> =Mys+ >>>> -----END PGP SIGNATURE----- >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> >>> >>> >> ********************************************************************** >> >>> Confidentiality : This e-mail and any attachments are >>> >> intended for the >> >>> addressee only and may be confidential. If they come to you in error >>> >> you >> >>> must take no action based on them, nor must you copy or show them to >>> anyone. Please advise the sender by replying to this e-mail >>> >> immediately >> >>> and then delete the original from your computer. >>> Opinion : Any opinions expressed in this e-mail are >>> >> entirely those of >> >>> the author and unless specifically stated to the contrary, are not >>> necessarily those of the author's employer. >>> Security Warning : Internet e-mail is not necessarily a secure >>> communications medium and can be subject to data >>> >> corruption. We advise >> >>> that you consider this fact when e-mailing us. >>> Viruses : We have taken steps to ensure that this e-mail and any >>> attachments are free from known viruses but in keeping with good >>> computing practice, you should ensure that they are virus free. >>> >>> Red Lion 49 Ltd T/A Solid State Logic >>> Registered as a limited company in England and Wales (Company >>> No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford >>> >> OX5 >> >>> 1RU, United Kingdom >>> >>> >> ********************************************************************** >> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> ********************************************************************** >> Confidentiality : This e-mail and any attachments are >> intended for the >> addressee only and may be confidential. If they come to you in error >> you must take no action based on them, nor must you copy or show them >> to anyone. Please advise the sender by replying to this e-mail >> immediately and then delete the original from your computer. >> Opinion : Any opinions expressed in this e-mail are entirely those of >> the author and unless specifically stated to the contrary, are not >> necessarily those of the author's employer. >> Security Warning : Internet e-mail is not necessarily a secure >> communications medium and can be subject to data corruption. >> We advise >> that you consider this fact when e-mailing us. >> Viruses : We have taken steps to ensure that this e-mail and any >> attachments are free from known viruses but in keeping with good >> computing practice, you should ensure that they are virus free. >> >> Red Lion 49 Ltd T/A Solid State Logic >> Registered as a limited company in England and Wales >> (Company No:5362730) >> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >> United Kingdom >> ********************************************************************** >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGbpypEfZZRxQVtlQRAss2AJ9S49hCUO/nUpg1pMB/jb08Lc2BUgCcD91F wgZ88Ajbf6Oa5sU1J02KX1M= =Dd8f -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From nerijusb at dtiltas.lt Tue Jun 12 14:17:08 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Tue Jun 12 14:20:04 2007 Subject: antivirus timeout = Denial of Service Message-ID: <20070612131949.CBB711224BE@mx-b.vdnet.lt> Hello, I got a message form MailScanner to postmaster with Subject Virus Detected: Sender: xxx@example.com IP Address: 216.82.... Recipient: xxx@example.lt Subject: Lenny order MessageID: 3EFAE8044D.484E7 Quarantine: Report: Denial of Service attack in message! I looked in the maillog and found this: Jun 12 13:50:14 mail MailScanner[1744]: Commercial scanner clamav timed out! Jun 12 13:50:14 mail MailScanner[1744]: clamav: Failed to complete, timed out Jun 12 13:50:14 mail MailScanner[1744]: Virus Scanning: Denial Of Service attack is in message 3EFAE8044D.484E7 Does it mean the message has been dealt as infected by virus and was deleted? I will move to clamd, but is it possible to allow the messages to be delivered when antivirus timeouts? Regards, Nerijus From neilw at dcdata.co.za Tue Jun 12 14:32:53 2007 From: neilw at dcdata.co.za (Neil Wilson) Date: Tue Jun 12 14:33:41 2007 Subject: Clam testing In-Reply-To: <00e101c7ace1$105c6c20$0301a8c0@SAHOMELT> References: <466E71ED.7030003@dcdata.co.za> <00e101c7ace1$105c6c20$0301a8c0@SAHOMELT> Message-ID: <466EA085.9010803@dcdata.co.za> Rick Cooper wrote: > That site is a fun test, however be assured the tests are all designed to > allow their virus/mime scanner to catch them. Some of these tests are tests > of MIME problems that would allow the virus through in a state that would > render it useless anyway. I have found in the past that all the virus > scanner allow some of the tests through, but none of them clear Exim without > my placing a full pass for the declude host/domain. Oddly enough there is > one test (I can't remember which) that clam catches from exim that it > doesn't from mailscanner. > > Remember that web site is selling something Yea agreed, I would assume that because it's catching a few of them, that my clam is working correctly. Will keep an eye on my Virus traffic over the next few days to make sure. Thanks for the reply. Cheers. -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html From root at doctor.nl2k.ab.ca Tue Jun 12 14:44:21 2007 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Tue Jun 12 14:45:05 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: <20070612121130.GB6200@doctor.nl2k.ab.ca> References: <71604eb580d8d14f9a70267b3c9b7a82@solidstatelogic.com> <20070612121130.GB6200@doctor.nl2k.ab.ca> Message-ID: <20070612134419.GA11536@doctor.nl2k.ab.ca> On Tue, Jun 12, 2007 at 06:11:31AM -0600, Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > On Tue, Jun 12, 2007 at 10:50:43AM +0100, Martin.Hepworth wrote: > > Looks like it - only reports I've seen are people trying to build > > ....Mandriva trying to the rpm and RH ES4 trying to compile from source. > > > > Looks like a "make test" issue with parts of spamd and spamc. Which we > > won't care about anyway. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Res > > > Sent: 12 June 2007 10:45 > > > To: MailScanner discussion > > > Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > NotDashEscaped: You need GnuPG to verify this message > > > > > > On Tue, 12 Jun 2007, Martin.Hepworth wrote: > > > > > > > Looks mainly like RPM build issues........no suggestions of > > > > fixes/work-arounds that I've seen on the list. > > > > > > > > > > So it's a packaging and not an operational issue? those using cpan to > > > install wont be affected then? > > > > > > > > > -- > > > Cheers > > > Res > > > -----BEGIN PGP SIGNATURE----- > > > Version: GnuPG v1.4.7 (GNU/Linux) > > > > > > iD8DBQFGbmsAsWhAmSIQh7MRAuZfAJ9QfHolXc34sybEaBOO1QRVjS2RQgCfdoTK > > > 831pYMrT/BnWofuv8dJlQrI= > > > =Mys+ > > > -----END PGP SIGNATURE----- > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are intended for the > > addressee only and may be confidential. If they come to you in error > > you must take no action based on them, nor must you copy or show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data corruption. We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales > > (Company No:5362730) > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > United Kingdom > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > Best that we should all do is then > > obtain the gzipped package, and go the perl Makefile.PL route. > Similar problem do occur in make test but nothing that showstopping. > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From paul.hutchings at mira.co.uk Tue Jun 12 15:08:28 2007 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Tue Jun 12 15:08:36 2007 Subject: Strictness of Phishing checks? Message-ID: Is there a way of not detecting things such as this as phishing attempts? "MailScanner has detected a possible fraud attempt from "www.imeche.org.uk" claiming to be http://www.imeche.org.uk " Cheers, Paul Paul Hutchings Network Administrator, MIRA Ltd. Tel: 44 (0)24 7635 5378 Fax: 44 (0)24 7635 8378 mailto:paul.hutchings@mira.co.uk -- MIRA Ltd. Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070612/41e048a9/attachment.html From wilson.galafassi at gmail.com Tue Jun 12 15:12:54 2007 From: wilson.galafassi at gmail.com (Wilson A. Galafassi Jr.) Date: Tue Jun 12 15:13:19 2007 Subject: RES: clamd 100% cpu utilization In-Reply-To: <20070612120253.GA6200@doctor.nl2k.ab.ca> References: <20070612120253.GA6200@doctor.nl2k.ab.ca> Message-ID: Fc6 with the latest Pack provide at maiscanner.info. -----Mensagem original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Em nome de Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem Enviada em: ter?a-feira, 12 de junho de 2007 09:03 Para: MailScanner discussion Assunto: Re: clamd 100% cpu utilization On Tue, Jun 12, 2007 at 02:01:01AM -0300, Wilson A. Galafassi Jr. wrote: > Hello. > > > > If i start clamd installed with spamassassin package the CPU utilization > goes to 100% imediately. How i can fix this? It?s possible? > > Thanks > > Wilson > > > > Which OS are you using? > > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From andy.mac at global-domination.org Tue Jun 12 15:14:41 2007 From: andy.mac at global-domination.org (Andrew MacLachlan) Date: Tue Jun 12 15:14:38 2007 Subject: antivirus timeout = Denial of Service Message-ID: I would have thought that store, notify might be a better option than deliver... (which looks to be the case here...) - Are you using Mailwatch? - Have a look to see if the message has the attachment still! -Andy -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Nerijus Baliunas Sent: 12 June 2007 14:17 To: mailscanner@lists.mailscanner.info Subject: antivirus timeout = Denial of Service Hello, I got a message form MailScanner to postmaster with Subject Virus Detected: Sender: xxx@example.com IP Address: 216.82.... Recipient: xxx@example.lt Subject: Lenny order MessageID: 3EFAE8044D.484E7 Quarantine: Report: Denial of Service attack in message! I looked in the maillog and found this: Jun 12 13:50:14 mail MailScanner[1744]: Commercial scanner clamav timed out! Jun 12 13:50:14 mail MailScanner[1744]: clamav: Failed to complete, timed out Jun 12 13:50:14 mail MailScanner[1744]: Virus Scanning: Denial Of Service attack is in message 3EFAE8044D.484E7 Does it mean the message has been dealt as infected by virus and was deleted? I will move to clamd, but is it possible to allow the messages to be delivered when antivirus timeouts? Regards, Nerijus -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message was scanned by ESVA and is believed to be clean. Click here to report this message as spam. http://mail-gw.global-domination.org/cgi-bin/learn-msg.cgi?id=438D82821F .EA212 -- This message was scanned by ESVA and is believed to be clean. From prandal at herefordshire.gov.uk Tue Jun 12 15:06:32 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jun 12 15:14:38 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBAD5385A@HC-MBX02.herefordshire.gov.uk> References: <8F2A53954C22554EB75D9643FCCE0C6B0472D26C@MED-CORE03-MS1.med.wayne.edu><7d451ff878ac62489bd9004d06919694@solidstatelogic.com> <7EF0EE5CB3B263488C8C18823239BEBAD5385A@HC-MBX02.herefordshire.gov.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAD5389D@HC-MBX02.herefordshire.gov.uk> Oops, ignore me, it's been a long day.... Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Randal, Phil > Sent: 12 June 2007 13:50 > To: MailScanner discussion > Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > Actually, > > MailScanner 4.61 has spamd support, so that's not entirely true. > > Cheers, > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Martin.Hepworth > > Sent: 12 June 2007 13:26 > > To: MailScanner discussion > > Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > > > Bobby > > > > Mailscanner doesn't use spamc/spamd so if it fails these > > tests we don't > > care > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Rose, Bobby > > > Sent: 12 June 2007 13:16 > > > To: MailScanner discussion > > > Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > > > > > Wow! I can't believe you'd install stuff into production > if it fails > > the > > > tests the developers have coded in. > > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > > Martin.Hepworth > > > Sent: Tuesday, June 12, 2007 5:51 AM > > > To: MailScanner discussion > > > Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > > > > > Looks like it - only reports I've seen are people trying to build > > > ....Mandriva trying to the rpm and RH ES4 trying to compile from > > source. > > > > > > Looks like a "make test" issue with parts of spamd and > > spamc. Which we > > > won't care about anyway. > > > > > > -- > > > Martin Hepworth > > > Snr Systems Administrator > > > Solid State Logic > > > Tel: +44 (0)1865 842300 > > > > > > > -----Original Message----- > > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner- > > > > bounces@lists.mailscanner.info] On Behalf Of Res > > > > Sent: 12 June 2007 10:45 > > > > To: MailScanner discussion > > > > Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > Hash: SHA1 > > > > NotDashEscaped: You need GnuPG to verify this message > > > > > > > > On Tue, 12 Jun 2007, Martin.Hepworth wrote: > > > > > > > > > Looks mainly like RPM build issues........no suggestions of > > > > > fixes/work-arounds that I've seen on the list. > > > > > > > > > > > > > So it's a packaging and not an operational issue? those > using cpan > > to > > > > install wont be affected then? > > > > > > > > > > > > -- > > > > Cheers > > > > Res > > > > -----BEGIN PGP SIGNATURE----- > > > > Version: GnuPG v1.4.7 (GNU/Linux) > > > > > > > > iD8DBQFGbmsAsWhAmSIQh7MRAuZfAJ9QfHolXc34sybEaBOO1QRVjS2RQgCfdoTK > > > > 831pYMrT/BnWofuv8dJlQrI= > > > > =Mys+ > > > > -----END PGP SIGNATURE----- > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > > > > > > ********************************************************************** > > > Confidentiality : This e-mail and any attachments are > > intended for the > > > addressee only and may be confidential. If they come to > you in error > > you > > > must take no action based on them, nor must you copy or > show them to > > > anyone. Please advise the sender by replying to this e-mail > > immediately > > > and then delete the original from your computer. > > > Opinion : Any opinions expressed in this e-mail are > > entirely those of > > > the author and unless specifically stated to the contrary, are not > > > necessarily those of the author's employer. > > > Security Warning : Internet e-mail is not necessarily a secure > > > communications medium and can be subject to data > > corruption. We advise > > > that you consider this fact when e-mailing us. > > > Viruses : We have taken steps to ensure that this e-mail and any > > > attachments are free from known viruses but in keeping with good > > > computing practice, you should ensure that they are virus free. > > > > > > Red Lion 49 Ltd T/A Solid State Logic > > > Registered as a limited company in England and Wales (Company > > > No:5362730) Registered Office: 25 Spring Hill Road, > Begbroke, Oxford > > OX5 > > > 1RU, United Kingdom > > > > > > ********************************************************************** > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are > > intended for the > > addressee only and may be confidential. If they come to you > in error > > you must take no action based on them, nor must you copy or > show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are > entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data corruption. > > We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales > > (Company No:5362730) > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > United Kingdom > > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Tue Jun 12 15:13:14 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 12 15:14:41 2007 Subject: antivirus timeout = Denial of Service In-Reply-To: <20070612131949.CBB711224BE@mx-b.vdnet.lt> References: <20070612131949.CBB711224BE@mx-b.vdnet.lt> Message-ID: <466EA9FA.9060704@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Just increase the timeout. Nerijus Baliunas wrote: > Hello, > > I got a message form MailScanner to postmaster with Subject Virus Detected: > Sender: xxx@example.com > IP Address: 216.82.... > Recipient: xxx@example.lt > Subject: Lenny order > MessageID: 3EFAE8044D.484E7 > Quarantine: > Report: Denial of Service attack in message! > > I looked in the maillog and found this: > > Jun 12 13:50:14 mail MailScanner[1744]: Commercial scanner clamav timed out! > Jun 12 13:50:14 mail MailScanner[1744]: clamav: Failed to complete, timed out > Jun 12 13:50:14 mail MailScanner[1744]: Virus Scanning: Denial Of Service attack is in message 3EFAE8044D.484E7 > > Does it mean the message has been dealt as infected by virus and was deleted? > I will move to clamd, but is it possible to allow the messages to be delivered when > antivirus timeouts? > > Regards, > Nerijus > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGbqoQEfZZRxQVtlQRAlP2AJ9nr9Ke34LEDtQ0tivCh+wG0CmKGgCg50RI YqmN1GgXRiTgeD/f0aDnIN8= =rHE3 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From rcooper at dwford.com Tue Jun 12 15:23:30 2007 From: rcooper at dwford.com (Rick Cooper) Date: Tue Jun 12 15:23:36 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBAD5385A@HC-MBX02.herefordshire.gov.uk> References: <8F2A53954C22554EB75D9643FCCE0C6B0472D26C@MED-CORE03-MS1.med.wayne.edu><7d451ff878ac62489bd9004d06919694@solidstatelogic.com> <7EF0EE5CB3B263488C8C18823239BEBAD5385A@HC-MBX02.herefordshire.gov.uk> Message-ID: <010101c7acfd$404ba0b0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Randal, Phil > Sent: Tuesday, June 12, 2007 8:50 AM > To: MailScanner discussion > Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > Actually, > > MailScanner 4.61 has spamd support, so that's not entirely true. > > Cheers, > > Phil That's not accurate, clamd support but not spamd support. I posted some memory figures awhile back using spamd instead of the built in perl spamassassin but the testing I am doing runs in the generic spam processing module. It's amazing how much of MailScanner's memory requirements are in the spamassassin portion, much larger even than ClamAvModule. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solidstatelogic.com Tue Jun 12 15:28:13 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jun 12 15:28:32 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: <010101c7acfd$404ba0b0$0301a8c0@SAHOMELT> Message-ID: Oh yes SA is a real memory hog...hence why they've started using re2c to able to build the rules into a C module, which is much smaller and faster than perl. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rick Cooper > Sent: 12 June 2007 15:24 > To: MailScanner discussion > Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Randal, Phil > > Sent: Tuesday, June 12, 2007 8:50 AM > > To: MailScanner discussion > > Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > > > Actually, > > > > MailScanner 4.61 has spamd support, so that's not entirely true. > > > > Cheers, > > > > Phil > > That's not accurate, clamd support but not spamd support. I posted some > memory figures awhile back using spamd instead of the built in perl > spamassassin but the testing I am doing runs in the generic spam > processing > module. It's amazing how much of MailScanner's memory requirements are in > the spamassassin portion, much larger even than ClamAvModule. > > Rick > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From prandal at herefordshire.gov.uk Tue Jun 12 15:38:44 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jun 12 15:38:57 2007 Subject: Strictness of Phishing checks? In-Reply-To: References: Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAD538B9@HC-MBX02.herefordshire.gov.uk> We got one yesterday complaining about support.microsoft.com claiming to be http://support.microsoft.com too. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Hutchings Sent: 12 June 2007 15:08 To: MailScanner discussion Subject: Strictness of Phishing checks? Is there a way of not detecting things such as this as phishing attempts? "MailScanner has detected a possible fraud attempt from "www.imeche.org.uk" claiming to be http://www.imeche.org.uk " Cheers, Paul Paul Hutchings Network Administrator, MIRA Ltd. Tel: 44 (0)24 7635 5378 Fax: 44 (0)24 7635 8378 mailto:paul.hutchings@mira.co.uk ________________________________ MIRA Ltd. Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070612/8c9d8c27/attachment.html From dave.list at pixelhammer.com Tue Jun 12 15:42:15 2007 From: dave.list at pixelhammer.com (DAve) Date: Tue Jun 12 15:43:47 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: <466E9B5D.90807@ecs.soton.ac.uk> References: <466E9B5D.90807@ecs.soton.ac.uk> Message-ID: <466EB0C7.90206@pixelhammer.com> Julian Field wrote: > I have just upgraded my ClamAV+SA package to contain the newly release > SpamAssassin 3.2.1. > You can download it from www.mailscanner.info. Has anyone used this package on FreeBSD? I'm not real enamored with the ports system any longer. No offense to the MS port maintainer, it has always worked for us just fine, it is packaging systems in general I have a problem with. Our Mailscanner servers are all dedicated to MS only so I have no problem installing in 'non-freebsd' directories providing everything works as Julian intended. I have a test platform with a fresh copy of FreeBSD 6.2 to try it on if I decide to give it a go. Thanks, DAve > > Martin.Hepworth wrote: >> Ah looks like the cause has been found - you can't compile/build the RPM >> as root - do it as another user and it works fine! >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Res >>> Sent: 12 June 2007 11:01 >>> To: MailScanner discussion >>> Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> NotDashEscaped: You need GnuPG to verify this message >>> >>> Cool, thanks, cpan -i'ng now on one server >>> >>> On Tue, 12 Jun 2007, Martin.Hepworth wrote: >>> >>> >>>> Looks like it - only reports I've seen are people trying to build >>>> ....Mandriva trying to the rpm and RH ES4 trying to compile from >>>> >> source. >> >>>> Looks like a "make test" issue with parts of spamd and spamc. Which >>>> >> we >> >>>> won't care about anyway. >>>> >>>> -- >>>> Martin Hepworth >>>> Snr Systems Administrator >>>> Solid State Logic >>>> Tel: +44 (0)1865 842300 >>>> >>>> >>>>> -----Original Message----- >>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>> >> [mailto:mailscanner- >> >>>>> bounces@lists.mailscanner.info] On Behalf Of Res >>>>> Sent: 12 June 2007 10:45 >>>>> To: MailScanner discussion >>>>> Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available >>>>> >>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>> Hash: SHA1 >>>>> NotDashEscaped: You need GnuPG to verify this message >>>>> >>>>> On Tue, 12 Jun 2007, Martin.Hepworth wrote: >>>>> >>>>> >>>>>> Looks mainly like RPM build issues........no suggestions of >>>>>> fixes/work-arounds that I've seen on the list. >>>>>> >>>>>> >>>>> So it's a packaging and not an operational issue? those using cpan >>>>> >> to >> >>>>> install wont be affected then? >>>>> >>>>> >>>>> -- >>>>> Cheers >>>>> Res >>>>> -----BEGIN PGP SIGNATURE----- >>>>> Version: GnuPG v1.4.7 (GNU/Linux) >>>>> >>>>> iD8DBQFGbmsAsWhAmSIQh7MRAuZfAJ9QfHolXc34sybEaBOO1QRVjS2RQgCfdoTK >>>>> 831pYMrT/BnWofuv8dJlQrI= >>>>> =Mys+ >>>>> -----END PGP SIGNATURE----- >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> >>>> >>>> >>>> >> ********************************************************************** >> >>>> Confidentiality : This e-mail and any attachments are intended for >>>> >> the >> >>>> addressee only and may be confidential. If they come to you in error >>>> you must take no action based on them, nor must you copy or show >>>> >> them >> >>>> to anyone. Please advise the sender by replying to this e-mail >>>> immediately and then delete the original from your computer. >>>> Opinion : Any opinions expressed in this e-mail are entirely those >>>> >> of >> >>>> the author and unless specifically stated to the contrary, are not >>>> necessarily those of the author's employer. >>>> Security Warning : Internet e-mail is not necessarily a secure >>>> communications medium and can be subject to data corruption. We >>>> >> advise >> >>>> that you consider this fact when e-mailing us. >>>> Viruses : We have taken steps to ensure that this e-mail and any >>>> attachments are free from known viruses but in keeping with good >>>> computing practice, you should ensure that they are virus free. >>>> >>>> Red Lion 49 Ltd T/A Solid State Logic >>>> Registered as a limited company in England and Wales >>>> (Company No:5362730) >>>> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >>>> United Kingdom >>>> >>>> >> ********************************************************************** >> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> -- >>> Cheers >>> Res >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1.4.7 (GNU/Linux) >>> >>> iD8DBQFGbm7VsWhAmSIQh7MRAou4AKCDZHT8gYa/tiW3xJZTwAufGPwrogCfZ0Qi >>> jcm8P4nRpxsXcJh0yz1QK+M= >>> =r4kp >>> -----END PGP SIGNATURE----- >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> >> >> ********************************************************************** >> Confidentiality : This e-mail and any attachments are intended for the >> addressee only and may be confidential. If they come to you in error >> you must take no action based on them, nor must you copy or show them >> to anyone. Please advise the sender by replying to this e-mail >> immediately and then delete the original from your computer. >> Opinion : Any opinions expressed in this e-mail are entirely those of >> the author and unless specifically stated to the contrary, are not >> necessarily those of the author's employer. >> Security Warning : Internet e-mail is not necessarily a secure >> communications medium and can be subject to data corruption. We advise >> that you consider this fact when e-mailing us. >> Viruses : We have taken steps to ensure that this e-mail and any >> attachments are free from known viruses but in keeping with good >> computing practice, you should ensure that they are virus free. >> >> Red Lion 49 Ltd T/A Solid State Logic >> Registered as a limited company in England and Wales >> (Company No:5362730) >> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >> United Kingdom >> ********************************************************************** >> >> > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From dominian at slackadelic.com Tue Jun 12 15:49:37 2007 From: dominian at slackadelic.com (Matt Hayes) Date: Tue Jun 12 15:49:45 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: <466EB0C7.90206@pixelhammer.com> References: <466E9B5D.90807@ecs.soton.ac.uk> <466EB0C7.90206@pixelhammer.com> Message-ID: <466EB281.5000801@slackadelic.com> DAve wrote: > Julian Field wrote: >> I have just upgraded my ClamAV+SA package to contain the newly release >> SpamAssassin 3.2.1. >> You can download it from www.mailscanner.info. > > Has anyone used this package on FreeBSD? I'm not real enamored with the > ports system any longer. No offense to the MS port maintainer, it has > always worked for us just fine, it is packaging systems in general I > have a problem with. > > Our Mailscanner servers are all dedicated to MS only so I have no > problem installing in 'non-freebsd' directories providing everything > works as Julian intended. > > I have a test platform with a fresh copy of FreeBSD 6.2 to try it on if > I decide to give it a go. > > Thanks, > > DAve > I know a few people running FreeBSD 6.2 with the latest SA and MailScanner installs having no issues at all. -Matt From rcooper at dwford.com Tue Jun 12 15:51:36 2007 From: rcooper at dwford.com (Rick Cooper) Date: Tue Jun 12 15:51:41 2007 Subject: clamd 100% cpu utilization In-Reply-To: References: <20070612120253.GA6200@doctor.nl2k.ab.ca> Message-ID: <010801c7ad01$2d444590$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Wilson A. Galafassi Jr. > Sent: Tuesday, June 12, 2007 10:13 AM > To: 'MailScanner discussion' > Subject: RES: clamd 100% cpu utilization > > Fc6 with the latest Pack provide at maiscanner.info. > > -----Mensagem original----- > De: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] Em nome > de Dave Shariff Yadallee - System Administrator a.k.a. The > Root of the Problem Enviada em: ter?a-feira, 12 de junho de > 2007 09:03 > Para: MailScanner discussion > Assunto: Re: clamd 100% cpu utilization > [...] Now, when you say it jumps immediately to 100%, where is it after about 1 min? Clamd will gobble up cycles while it's loading it's databases and it should then drop to zero/near zero once idled. This db load happens on startup and to an extent when reloading due to db update. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jun 12 15:55:01 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 12 16:01:29 2007 Subject: Strictness of Phishing checks? In-Reply-To: References: Message-ID: <466EB3C5.10904@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070612/9499365e/PGP.bin From MailScanner at ecs.soton.ac.uk Tue Jun 12 15:55:36 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 12 16:01:33 2007 Subject: Strictness of Phishing checks? In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBAD538B9@HC-MBX02.herefordshire.gov.uk> References: <7EF0EE5CB3B263488C8C18823239BEBAD538B9@HC-MBX02.herefordshire.gov.uk> Message-ID: <466EB3E8.20308@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070612/4ab7abd8/PGP-0001.bin From rcooper at dwford.com Tue Jun 12 16:02:56 2007 From: rcooper at dwford.com (Rick Cooper) Date: Tue Jun 12 16:03:02 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: References: <010101c7acfd$404ba0b0$0301a8c0@SAHOMELT> Message-ID: <010901c7ad02$c2f5d8a0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Martin.Hepworth > Sent: Tuesday, June 12, 2007 10:28 AM > To: MailScanner discussion > Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > Oh yes SA is a real memory hog...hence why they've started > using re2c to able to build the rules into a C module, which > is much smaller and faster than perl. > [...] IIRC MailScanner drops to about 19 mg when I disable spamassassin and use the spamd daemon alone. That is about half the size. I am running both on the test server right now for timing, load, etc. There appears to be virtually no difference between the two except when server load is up spamd seems to be faster as a rule which I found kind of odd. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From wilson.galafassi at gmail.com Tue Jun 12 16:03:49 2007 From: wilson.galafassi at gmail.com (Wilson A. Galafassi Jr.) Date: Tue Jun 12 16:04:00 2007 Subject: RES: clamd 100% cpu utilization In-Reply-To: <010801c7ad01$2d444590$0301a8c0@SAHOMELT> References: <20070612120253.GA6200@doctor.nl2k.ab.ca> <010801c7ad01$2d444590$0301a8c0@SAHOMELT> Message-ID: Yes. But when clamdscam or clamd is used the CPU utilization goes high too. I have installed the latest development version of clamav and the error dont ocour more. Thanks Wilson -----Mensagem original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Em nome de Rick Cooper Enviada em: ter?a-feira, 12 de junho de 2007 11:52 Para: 'MailScanner discussion' Assunto: RE: clamd 100% cpu utilization > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Wilson A. Galafassi Jr. > Sent: Tuesday, June 12, 2007 10:13 AM > To: 'MailScanner discussion' > Subject: RES: clamd 100% cpu utilization > > Fc6 with the latest Pack provide at maiscanner.info. > > -----Mensagem original----- > De: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] Em nome > de Dave Shariff Yadallee - System Administrator a.k.a. The > Root of the Problem Enviada em: ter?a-feira, 12 de junho de > 2007 09:03 > Para: MailScanner discussion > Assunto: Re: clamd 100% cpu utilization > [...] Now, when you say it jumps immediately to 100%, where is it after about 1 min? Clamd will gobble up cycles while it's loading it's databases and it should then drop to zero/near zero once idled. This db load happens on startup and to an extent when reloading due to db update. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jun 12 16:11:12 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 12 16:17:41 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: References: Message-ID: <466EB790.6020002@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070612/0034a748/PGP.bin From dave.list at pixelhammer.com Tue Jun 12 16:16:14 2007 From: dave.list at pixelhammer.com (DAve) Date: Tue Jun 12 16:17:43 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: <466EB281.5000801@slackadelic.com> References: <466E9B5D.90807@ecs.soton.ac.uk> <466EB0C7.90206@pixelhammer.com> <466EB281.5000801@slackadelic.com> Message-ID: <466EB8BE.4010606@pixelhammer.com> Matt Hayes wrote: > DAve wrote: >> Julian Field wrote: >>> I have just upgraded my ClamAV+SA package to contain the newly >>> release SpamAssassin 3.2.1. >>> You can download it from www.mailscanner.info. >> >> Has anyone used this package on FreeBSD? I'm not real enamored with >> the ports system any longer. No offense to the MS port maintainer, it >> has always worked for us just fine, it is packaging systems in general >> I have a problem with. >> >> Our Mailscanner servers are all dedicated to MS only so I have no >> problem installing in 'non-freebsd' directories providing everything >> works as Julian intended. >> >> I have a test platform with a fresh copy of FreeBSD 6.2 to try it on >> if I decide to give it a go. >> >> Thanks, >> >> DAve >> > > I know a few people running FreeBSD 6.2 with the latest SA and > MailScanner installs having no issues at all. > > -Matt My question is on using Julian's prepackaged tarball instead of building from our own source, or using the FreeBSD ports system. When I built from source previously I built everything into it's own directory, then an upgrade (or downgrade) was as simple as moving a directory and restarting. I would like to go back to that. It's all for you Matt, I'm just lookin' for ways to make it easier on you if I get abducted by aliens... DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From Richard.Frovarp at sendit.nodak.edu Tue Jun 12 16:20:23 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Tue Jun 12 16:20:26 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: References: Message-ID: <466EB9B7.3030603@sendit.nodak.edu> Martin.Hepworth wrote: > Oh yes SA is a real memory hog...hence why they've started using re2c to > able to build the rules into a C module, which is much smaller and > faster than perl. > Actually, using re2c should use more memory. Every rule that hits under the re2c module is double checked under the normal Perl calls. So it loads all of the rules the normal Perl way, and the re2c way. From dominian at slackadelic.com Tue Jun 12 16:25:28 2007 From: dominian at slackadelic.com (Matt Hayes) Date: Tue Jun 12 16:25:38 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: <466EB8BE.4010606@pixelhammer.com> References: <466E9B5D.90807@ecs.soton.ac.uk> <466EB0C7.90206@pixelhammer.com> <466EB281.5000801@slackadelic.com> <466EB8BE.4010606@pixelhammer.com> Message-ID: <466EBAE8.7030106@slackadelic.com> DAve wrote: > > My question is on using Julian's prepackaged tarball instead of building > from our own source, or using the FreeBSD ports system. When I built > from source previously I built everything into it's own directory, then > an upgrade (or downgrade) was as simple as moving a directory and > restarting. I would like to go back to that. > > It's all for you Matt, I'm just lookin' for ways to make it easier on > you if I get abducted by aliens... > > DAve > > *gulp* Something DID just fly over the office headed your way! -Matt From stinkybob at gmail.com Tue Jun 12 16:30:11 2007 From: stinkybob at gmail.com (Eugene MacDougal) Date: Tue Jun 12 16:30:20 2007 Subject: bytes per second calculation Message-ID: <2579c6b20706120830j2d171d76j3b3426528af6bdc7@mail.gmail.com> I am running MailScanner 4.60.8 with Postfix 2.4.3 on Solaris 10 (x86). It seems that when large mails are scanned, the "bytes per second" caclulation comes out to 0. When I send a very small message (2k or so), the number calculates just fine. I started to look at the code, but perl is not really my thing....Here is a sampling of my MS logs Jun 12 10:03:13 syn MailScanner[22753]: [ID 702911 mail.info] MailScanner E-Mail Virus Scanner version 4.60.8 starting... Jun 12 10:03:13 syn MailScanner[22753]: [ID 702911 mail.info] Using SpamAssassin results cache Jun 12 10:03:13 syn MailScanner[22753]: [ID 702911 mail.info] Connected to SpamAssassin cache database Jun 12 10:03:13 syn MailScanner[22753]: [ID 702911 mail.info] Enabling SpamAssassin auto-whitelist functionality... Jun 12 10:03:15 syn MailScanner[22573]: [ID 702911 mail.info] New Batch: Scanning 1 messages, 54874732 bytes Jun 12 10:03:15 syn MailScanner[22573]: [ID 702911 mail.info] Spam Checks: Starting Jun 12 10:03:15 syn MailScanner[22573]: [ID 702911 mail.info] Message 6684E277D.307B0 from 172.16.99.16 (stinkybob@gmail.com) to mydomain.com is too big for spam checks (54874732 > 150000 bytes) Jun 12 10:03:15 syn MailScanner[22753]: [ID 702911 mail.info] I have found f-prot clamavmodule scanners installed, and will use them all by default. Jun 12 10:03:23 syn MailScanner[22753]: [ID 702911 mail.info] Using locktype = flock Jun 12 10:03:25 syn MailScanner[22573]: [ID 702911 mail.info] Virus and Content Scanning: Starting Jun 12 10:03:32 syn MailScanner[22573]: [ID 702911 mail.info] Filename Checks: Allowing 6684E277D.307B0 sgos-4.2.4.1-510.img (no rule matched) Jun 12 10:03:32 syn MailScanner[22573]: [ID 702911 mail.info] Filename Checks: Allowing 6684E277D.307B0 msg-22573-1.txt (no rule matched) Jun 12 10:03:32 syn MailScanner[22573]: [ID 702911 mail.info] Filetype Checks: Allowing 6684E277D.307B0 sgos-4.2.4.1-510.img (no match found) Jun 12 10:03:32 syn MailScanner[22573]: [ID 702911 mail.info] Filetype Checks: Allowing 6684E277D.307B0 msg-22573-1.txt Jun 12 10:03:43 syn MailScanner[22573]: [ID 702911 mail.info] Requeue: 6684E277D.307B0 to 880012850 Jun 12 10:03:43 syn MailScanner[22573]: [ID 702911 mail.info] Uninfected: Delivered 1 messages Jun 12 10:03:43 syn MailScanner[22573]: [ID 702911 mail.info] Batch completed at 0 bytes per second (54874732 / 27) Jun 12 10:03:43 syn MailScanner[22573]: [ID 702911 mail.info] Batch (1 message) processed in 27.60 seconds -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070612/9e978e45/attachment.html From prandal at herefordshire.gov.uk Tue Jun 12 16:28:34 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jun 12 16:31:16 2007 Subject: Strictness of Phishing checks? In-Reply-To: <466EB3E8.20308@ecs.soton.ac.uk> References: <7EF0EE5CB3B263488C8C18823239BEBAD538B9@HC-MBX02.herefordshire.gov.uk> <466EB3E8.20308@ecs.soton.ac.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAD538EA@HC-MBX02.herefordshire.gov.uk> MailScanner 4.60.8-1, original html isn't available (as the email wasn't quarantined). Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 12 June 2007 15:56 To: MailScanner discussion Subject: Re: Strictness of Phishing checks? What version are you running, and please can you send me the original HTML if possible? Randal, Phil wrote: We got one yesterday complaining about support.microsoft.com claiming to be http://support.microsoft.com too. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Hutchings Sent: 12 June 2007 15:08 To: MailScanner discussion Subject: Strictness of Phishing checks? Is there a way of not detecting things such as this as phishing attempts? " MailScanner has detected a possible fraud attempt from "www.imeche.org.uk" claiming to be http://www.imeche.org.uk" Cheers, Paul Paul Hutchings Network Administrator, MIRA Ltd. Tel: 44 (0)24 7635 5378 Fax: 44 (0)24 7635 8378 mailto:paul.hutchings@mira.co.uk ________________________________ MIRA Ltd. Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070612/d10a82c4/attachment.html From pparsons at columbiafuels.com Tue Jun 12 16:58:16 2007 From: pparsons at columbiafuels.com (Philip Parsons) Date: Tue Jun 12 16:58:30 2007 Subject: Error when running spamassassin --lint In-Reply-To: <466E643D.6090707@ecs.soton.ac.uk> References: <014f01c7ac96$d4a89b80$0301a8c0@SAHOMELT> <466E643D.6090707@ecs.soton.ac.uk> Message-ID: <1181663896.10248.4.camel@pparsons-linux> We recently just upgraded clamav and started to use ClamAV::Module. [30092] warn: config: SpamAssassin failed to parse line, "Mail::SpamAssassin::Plugin::ImageInfo /etc/mail/spamassassin/ImageInfo.pmloadplugin Mail::SpamAssassin::Plugin::ASN" is not valid for "loadplugin", skipping: loadplugin Mail::SpamAssassin::Plugin::ImageInfo /etc/mail/spamassassin/ImageInfo.pmloadplugin Mail::SpamAssassin::Plugin::ASN [30092] warn: plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/ASN.pm in @INC (@INC contains: /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4 /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.6/i386-linux-thread-multi /usr/lib/perl5/5.8.6) at (eval 76) line 1. [30092] warn: plugin: failed to create instance of plugin Mail::SpamAssassin::Plugin::ASN: Can't locate object method "new" via package "Mail::SpamAssassin::Plugin::ASN" at (eval 77) line 1. [30092] warn: lint: 1 issues detected, please rerun with debug enabled for more information -- Thank you. Philip Parsons Corporate Leader ? Information Systems Columbia Fuels Inc. 2nd Floor 2659 Douglas St Victoria BC, V8T 5M2 Phone: (250) 391-3638 Cell: (250) 883-5972 http://www.columbiafuels.com http://www.columbiaice.com pparsons@columbiafuels.com IMPORTANT NOTICE This e-mail is confidential, may be legally privileged, and is for the intended recipient only. Access, disclosure, copying and distribution or reliance on any of it by anyone else is prohibited and may be a criminal offence. Please delete if obtained in error and e-mail confirmation to the sender. From MailScanner at ecs.soton.ac.uk Tue Jun 12 16:59:37 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 12 17:01:32 2007 Subject: Strictness of Phishing checks? In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBAD538EA@HC-MBX02.herefordshire.gov.uk> References: <7EF0EE5CB3B263488C8C18823239BEBAD538B9@HC-MBX02.herefordshire.gov.uk> <466EB3E8.20308@ecs.soton.ac.uk> <7EF0EE5CB3B263488C8C18823239BEBAD538EA@HC-MBX02.herefordshire.gov.uk> Message-ID: <466EC2E9.1060202@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070612/0b2d55c0/PGP.bin From glenn.steen at gmail.com Tue Jun 12 17:13:33 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 12 17:13:35 2007 Subject: Invalid postfix queue files (UNCLASSIFIED) In-Reply-To: <88991ECEE371C644986F0C8837C207B70173B1FE@ARLABML01.DS.ARL.ARMY.MIL> References: <88991ECEE371C644986F0C8837C207B70173B1F1@ARLABML01.DS.ARL.ARMY.MIL> <223f97700706081545q319991b7v8a57a7024bbc2003@mail.gmail.com> <223f97700706081547i22fd18d0udf4d97d5d3af592b@mail.gmail.com> <88991ECEE371C644986F0C8837C207B70173B1FE@ARLABML01.DS.ARL.ARMY.MIL> Message-ID: <223f97700706120913x54d55848uf1665a358f2bd8d1@mail.gmail.com> On 12/06/07, Kash, Howard (Civ, ARL/CISD) wrote: > Classification: UNCLASSIFIED > Caveats: NONE > > > On 09/06/07, Glenn Steen wrote: > > On 08/06/07, Kash, Howard (Civ, ARL/CISD) wrote: > > > > > > After upgrading to MS 4.60.8, MailScanner has started reporting "New > Batch: > > > Found invalid queue files: ". Each of the > queue files > > > appears to have a truncated message contents section and 90% of them > end > > > with "To: undisclosed-recipients:;". There's a total of about 30 of > them > > > since I upgraded on June 4. Anyone else seeing this? I also > upgraded > > > postfix from 2.3.9 to 2.3.11 at the same time, but figured I'd start > here > > > first since the postfix group will blame MailScanner anyway... > > > > > > > > > Thanks, > > > Howard > > Hi Howard, > > > > Do you employ any milter(s)? > > If not, the only changes that could possibly affect PF in that version > > of MS would be the spin-through of the body.... and any error in that > > would be.... more fatal:-) > > As is, I drop any mails hitting the end of the queue file from the > > batch, in that code segment. That way, it'll be picked up by the next > > one running through hold, hopefully more completely written than > > before. The only other way to break out of the loop is by finding the > > X record after the body... So any error should have rather disastrous > > (in a more prominent way:-) effects. > > None of the p record changes actually change how things are stored > > into the message object... apart from handling the p records (jumping > > to where they point) and w records (just ignoring them, they signify > > deleted records) I just let Jules code copy everything as before. > > > > Hm, one would want to get a look at both the queue files _before_ and > > _after_ MS. Probably a tad too much to wish for:-). > > Could you send us one of them? Or at least the postcat'd result? > > > > Cheers > > No, don't use milters. No errors in logs regarding p records. The only > error is: > > Jun 11 09:40:41 mailserver MailScanner[6069]: New Batch: Found invalid > queue files:0B06F50582D E1AB5505840 42F50505842 248EB505887 2EAC7505897 > 1575450589E 818BB5058AC C8D135058BB 0FC8C5058E1 09C92505914 > > > Here's a postcat of one of the invalid queue files: > > *** ENVELOPE RECORDS 09C92505914 *** > message_size: 495 623 1 > 0 > message_arrival_time: Mon Jun 11 06:21:56 2007 > create_time: Mon Jun 11 06:22:02 2007 > named_attribute: rewrite_context=remote > sender: wemihopzxds@yahoo.com > named_attribute: log_client_name=cm34.omega17.maxonline.com.sg > named_attribute: log_client_address=218.186.17.34 > named_attribute: > log_message_origin=cm34.omega17.maxonline.com.sg[218.186.17.34] > named_attribute: log_helo_name=cm34.omega17.maxonline.com.sg > named_attribute: log_protocol_name=SMTP > named_attribute: client_name=cm34.omega17.maxonline.com.sg > named_attribute: reverse_client_name=cm34.omega17.maxonline.com.sg > named_attribute: client_address=218.186.17.34 > named_attribute: helo_name=cm34.omega17.maxonline.com.sg > named_attribute: client_address_type=2 > named_attribute: dsn_orig_rcpt=rfc822;user@arl.mil > original_recipient: user@arl.mil > recipient: user@arl.mil > *** MESSAGE CONTENTS 09C92505914 *** > Received: from cm34.omega17.maxonline.com.sg > (cm34.omega17.maxonline.com.sg [218.186.17.34]) > by mailserver.arl.army.mil (Postfix) with SMTP id 09C92505914 > for ; Mon, 11 Jun 2007 06:21:56 -0400 (EDT) > Received: from crm9.yahoo.com (localhost.localdomain [127.0.0.1]) > by crm5.yahoo.com (Postfix) with ESMTP id 1[6 > Message-Id: <20070611102202.09C92505914@mailserver.arl.army.mil> > Date: Mon, 11 Jun 2007 06:21:56 -0400 (EDT) > From: wemihopzxds@yahoo.com > To: undisclosed-recipients:; > *** HEADER EXTRACTED 09C92505914 *** > *** MESSAGE FILE END 09C92505914 *** > > > > All logs pertaining to this message: > > Jun 11 06:22:02 mailserver postfix/smtpd[17535]: 09C92505914: > client=cm34.omega17.maxonline.com.sg[218.186.17.34] > Jun 11 06:22:03 mailserver postfix/cleanup[18172]: 09C92505914: hold: > header Received: from cm34.omega17.maxonline.com.sg > (cm34.omega17.maxonline.com.sg [218.186.17.34])??by > mailserver.arl.army.mil (Postfix) with SMTP id 09C92505914??for > ; Mon, 11 Jun 2007 06:21:56 - from > cm34.omega17.maxonline.com.sg[218.186.17.34]; > from= to= proto=SMTP > helo= > Jun 11 06:22:03 mailserver postfix/cleanup[18172]: 09C92505914: > message-id=<20070611102202.09C92505914@mailserver.arl.army.mil> Hi Howard, and thanks for getting back. I'll be looking hard at this, time permitting, over the next few days. Ie also gotten a good report (very detailed) from Nerijus Baliunas along the same lines, but... I can't really see how any MailScanner code could be responsible for damaging anything in hold (might be me needing new glasses:-) simply due to the fact that we only _read_ from hold (well, eventually we unlink that message, after successful requeue, of course). But I will make an effort to ascertain whether this really is due to the code added to 4.60.8 or not. Who knows, perhaps I'm doing something stupid when droping the message from the batch (rightly)... But I rather doubt it:-) You can help further by giving more complete log snippets/examples (from connect until it pops up as invalid). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Tue Jun 12 17:13:51 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 12 17:15:59 2007 Subject: Error when running spamassassin --lint In-Reply-To: <1181663896.10248.4.camel@pparsons-linux> References: <014f01c7ac96$d4a89b80$0301a8c0@SAHOMELT> <466E643D.6090707@ecs.soton.ac.uk> <1181663896.10248.4.camel@pparsons-linux> Message-ID: <466EC63F.7000500@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ClamAV::Module is nothing to do with SpamAssassin. Sounds like you've got an error in one of your /etc/mail/spamassassin/*.pre files though. Philip Parsons wrote: > We recently just upgraded clamav and started to use ClamAV::Module. > > > > [30092] warn: config: SpamAssassin failed to parse line, > "Mail::SpamAssassin::Plugin::ImageInfo /etc/mail/spamassassin/ImageInfo.pmloadplugin Mail::SpamAssassin::Plugin::ASN" is not valid for "loadplugin", skipping: loadplugin Mail::SpamAssassin::Plugin::ImageInfo /etc/mail/spamassassin/ImageInfo.pmloadplugin Mail::SpamAssassin::Plugin::ASN > [30092] warn: plugin: failed to parse plugin (from @INC): Can't locate > Mail/SpamAssassin/Plugin/ASN.pm in @INC (@INC > contains: /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4 /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.6/i386-linux-thread-multi /usr/lib/perl5/5.8.6) at (eval 76) line 1. > [30092] warn: plugin: failed to create instance of plugin > Mail::SpamAssassin::Plugin::ASN: Can't locate object method "new" via > package "Mail::SpamAssassin::Plugin::ASN" at (eval 77) line 1. > [30092] warn: lint: 1 issues detected, please rerun with debug enabled > for more information > > > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: UTF-8 wj8DBQFGbsZDEfZZRxQVtlQRAm55AKDzEDS6giaOoMb3xFNHbKNRPTAp0gCeM9rE ouGDvX9juDGzNCuz0RG29J4= =parT -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From pparsons at columbiafuels.com Tue Jun 12 17:34:22 2007 From: pparsons at columbiafuels.com (Philip Parsons) Date: Tue Jun 12 17:34:26 2007 Subject: Error when running spamassassin --lint In-Reply-To: <466EC63F.7000500@ecs.soton.ac.uk> References: <014f01c7ac96$d4a89b80$0301a8c0@SAHOMELT> <466E643D.6090707@ecs.soton.ac.uk> <1181663896.10248.4.camel@pparsons-linux> <466EC63F.7000500@ecs.soton.ac.uk> Message-ID: <1181666062.10248.8.camel@pparsons-linux> looks like the file init.pre loadplugin Mail::SpamAssassin::Plugin::ImageInfo /etc/mail/spamassassin/ImageInfo.pmloadplugin Mail::SpamAssassin::Plugin::ASN has this line in it that is new. On Tue, 2007-06-12 at 17:13 +0100, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ClamAV::Module is nothing to do with SpamAssassin. Sounds like you've > got an error in one of your /etc/mail/spamassassin/*.pre files though. > > Philip Parsons wrote: > > We recently just upgraded clamav and started to use ClamAV::Module. > > > > > > > > [30092] warn: config: SpamAssassin failed to parse line, > > "Mail::SpamAssassin::Plugin::ImageInfo /etc/mail/spamassassin/ImageInfo.pmloadplugin Mail::SpamAssassin::Plugin::ASN" is not valid for "loadplugin", skipping: loadplugin Mail::SpamAssassin::Plugin::ImageInfo /etc/mail/spamassassin/ImageInfo.pmloadplugin Mail::SpamAssassin::Plugin::ASN > > [30092] warn: plugin: failed to parse plugin (from @INC): Can't locate > > Mail/SpamAssassin/Plugin/ASN.pm in @INC (@INC > > contains: /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4 /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.6/i386-linux-thread-multi /usr/lib/perl5/5.8.6) at (eval 76) line 1. > > [30092] warn: plugin: failed to create instance of plugin > > Mail::SpamAssassin::Plugin::ASN: Can't locate object method "new" via > > package "Mail::SpamAssassin::Plugin::ASN" at (eval 77) line 1. > > [30092] warn: lint: 1 issues detected, please rerun with debug enabled > > for more information > > > > > > > > > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.1 (Build 1012) > Charset: UTF-8 > > wj8DBQFGbsZDEfZZRxQVtlQRAm55AKDzEDS6giaOoMb3xFNHbKNRPTAp0gCeM9rE > ouGDvX9juDGzNCuz0RG29J4= > =parT > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > -- Thank you. Philip Parsons Corporate Leader ? Information Systems Columbia Fuels Inc. 2nd Floor 2659 Douglas St Victoria BC, V8T 5M2 Phone: (250) 391-3638 Cell: (250) 883-5972 http://www.columbiafuels.com http://www.columbiaice.com pparsons@columbiafuels.com IMPORTANT NOTICE This e-mail is confidential, may be legally privileged, and is for the intended recipient only. Access, disclosure, copying and distribution or reliance on any of it by anyone else is prohibited and may be a criminal offence. Please delete if obtained in error and e-mail confirmation to the sender. From gerard at seibercom.net Tue Jun 12 17:54:59 2007 From: gerard at seibercom.net (Gerard) Date: Tue Jun 12 17:54:30 2007 Subject: Invalid postfix queue files (UNCLASSIFIED) In-Reply-To: <223f97700706120913x54d55848uf1665a358f2bd8d1@mail.gmail.com> References: <88991ECEE371C644986F0C8837C207B70173B1FE@ARLABML01.DS.ARL.ARMY.MIL> <223f97700706120913x54d55848uf1665a358f2bd8d1@mail.gmail.com> Message-ID: <20070612125156.E3D6.GERARD@seibercom.net> On June 12, 2007 at 12:13PM Glenn Steen wrote: {snip] > I'll be looking hard at this, time permitting, over the next few days. > Ie also gotten a good report (very detailed) from Nerijus Baliunas > along the same lines, but... I can't really see how any MailScanner > code could be responsible for damaging anything in hold (might be me > needing new glasses:-) simply due to the fact that we only _read_ from > hold (well, eventually we unlink that message, after successful > requeue, of course). > > But I will make an effort to ascertain whether this really is due to > the code added to 4.60.8 or not. Who knows, perhaps I'm doing > something stupid when droping the message from the batch (rightly)... > But I rather doubt it:-) > > You can help further by giving more complete log snippets/examples > (from connect until it pops up as invalid). I thought I saw some chatter regarding this on the Postfix forum a short time ago. In any case, I think it can be safely stated that Wietse will not be rushing to your door offering assistance. -- Gerard From igalvarez at gmail.com Tue Jun 12 18:02:14 2007 From: igalvarez at gmail.com (Israel Garcia) Date: Tue Jun 12 18:02:20 2007 Subject: kaspersky and MScanner Message-ID: <194a2c240706121002s358ef0advf8259cbc8a5921b7@mail.gmail.com> Hi, I've upgrade kaspersky AV with this version: kav4fs-5.5-27.rpm in my CentOS server using mailscanner (MailScanner-4.60.8-1) and I think there's a problem because, I dont see mailscanner scanning for viruses with kaspersky, the new version of kaspersky installed all files under /opt/kaspersky/kav4fs/ .. so I had ti edit /etc/MailScanner/virus.scanners.conf with: kaspersky-4.5 /usr/lib/MailScanner/kaspersky-wrapper /opt/kaspersky/kav4fs I also test the wrapper running: [root@domain:~]$ /usr/lib/MailScanner/kaspersky-wrapper /opt/kaspersky/kav4fs /tmp [12/06/07 12:45:15 I] Kaspersky Anti-Virus On-Demand Scanner for Linux. Version 5.5.27/RELEASE build #15, compiled Feb 28 2007, 18:30:23 [12/06/07 12:45:15 I] Copyright (C) Kaspersky Lab, 1997-2007. [12/06/07 12:45:15 I] Portions Copyright (C) Lan Crypto [12/06/07 12:45:16 I] License "Kaspersky Anti-Virus BO Suite International Edition. 3-3 FileServer 1 year Renewal Licence", expires 05-06-2008 in 359 days [12/06/07 12:45:16 I] License file 0179FADF.key, serial 02B7-0003F5-0179FADF, "Kaspersky Anti-Virus BO Suite International Edition. 3-3 FileServer 1 year Renewal Licence", expires 05-06-2008 [12/06/07 12:45:19 I] There are 321455 records loaded, the latest update 12-06-2007, using standard bases set [12/06/07 12:45:19 I] The scan path: /tmp [12/06/07 12:45:19 I] Silent mode is on [12/06/07 12:45:19 A] /tmp/KasperskyBusy.lock OK [12/06/07 12:45:19 A] /tmp/mc-root/extfsyv6wxcCONTENTS.cpio OK [12/06/07 12:45:19 A] /tmp/mc-root/extfsEHhZxdCONTENTS.cpio OK [12/06/07 12:45:19 A] /tmp/mc-root/extfsHmhOldCONTENTS.cpio OK But, I see no log of kaspersky nor kavscanner in maillog, or in a top command, so I think mailscanner is not using kaspersky. I also sent the eicar.test file and mailscanner/kaspersky did not see any virus... I debug mailscanner and it did not say error.. Can you help me to see if mailscanner is using kerpersky or not when scanning emais? regards Israel From gerard at seibercom.net Tue Jun 12 18:03:09 2007 From: gerard at seibercom.net (Gerard) Date: Tue Jun 12 18:02:38 2007 Subject: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: <466EB281.5000801@slackadelic.com> References: <466EB0C7.90206@pixelhammer.com> <466EB281.5000801@slackadelic.com> Message-ID: <20070612125814.E3DA.GERARD@seibercom.net> On June 12, 2007 at 10:49AM Matt Hayes wrote: [snip] > I know a few people running FreeBSD 6.2 with the latest SA and > MailScanner installs having no issues at all. I run FBSD-6.2 also. Just make sure that you update your ports system just prior to the installation. I might suggest that you use something like 'portmanager' to install it. Using it with the '-u -l -p' flags will ensure that all dependencies are updated correctly, as well as instaling the new updated program. Just my 2?. -- Gerard If bill gates put his fortune in dollar bills under his mattress and fell off, it would take him 6 1/2 minutes to hit the ground. From ssilva at sgvwater.com Tue Jun 12 18:38:54 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jun 12 18:39:18 2007 Subject: Error when running spamassassin --lint In-Reply-To: <1181666062.10248.8.camel@pparsons-linux> References: <014f01c7ac96$d4a89b80$0301a8c0@SAHOMELT> <466E643D.6090707@ecs.soton.ac.uk> <1181663896.10248.4.camel@pparsons-linux> <466EC63F.7000500@ecs.soton.ac.uk> <1181666062.10248.8.camel@pparsons-linux> Message-ID: Philip Parsons spake the following on 6/12/2007 9:34 AM: > looks like the file init.pre > > loadplugin > Mail::SpamAssassin::Plugin::ImageInfo /etc/mail/spamassassin/ImageInfo.pmloadplugin Mail::SpamAssassin::Plugin::ASN > > has this line in it that is new. I had that problem in my last upgrade. I thought it was a glitch in the install script, leaving out a linefeed. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Tue Jun 12 18:59:12 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 12 19:02:19 2007 Subject: kaspersky and MScanner In-Reply-To: <194a2c240706121002s358ef0advf8259cbc8a5921b7@mail.gmail.com> References: <194a2c240706121002s358ef0advf8259cbc8a5921b7@mail.gmail.com> Message-ID: <466EDEF0.7090605@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Please can you do MailScanner --lint and tell me if it finds kaspersky installed. If it does, then the parser needs updating for this new version, for which I will need a fully licensed copy of it to use for development purposes. Israel Garcia wrote: > Hi, I've upgrade kaspersky AV with this version: kav4fs-5.5-27.rpm in > my CentOS server using > mailscanner (MailScanner-4.60.8-1) and I think there's a problem > because, I dont see mailscanner > scanning for viruses with kaspersky, the new version of kaspersky > installed all files under /opt/kaspersky/kav4fs/ .. so I had ti edit > /etc/MailScanner/virus.scanners.conf with: > > kaspersky-4.5 /usr/lib/MailScanner/kaspersky-wrapper > /opt/kaspersky/kav4fs > > I also test the wrapper running: > > [root@domain:~]$ /usr/lib/MailScanner/kaspersky-wrapper > /opt/kaspersky/kav4fs /tmp > [12/06/07 12:45:15 I] Kaspersky Anti-Virus On-Demand Scanner for > Linux. Version 5.5.27/RELEASE build #15, compiled Feb 28 2007, > 18:30:23 > [12/06/07 12:45:15 I] Copyright (C) Kaspersky Lab, 1997-2007. > [12/06/07 12:45:15 I] Portions Copyright (C) Lan Crypto > [12/06/07 12:45:16 I] License "Kaspersky Anti-Virus BO Suite > International Edition. 3-3 FileServer 1 year Renewal Licence", expires > 05-06-2008 in 359 days > [12/06/07 12:45:16 I] License file 0179FADF.key, serial > 02B7-0003F5-0179FADF, "Kaspersky Anti-Virus BO Suite International > Edition. 3-3 FileServer 1 year Renewal Licence", expires 05-06-2008 > [12/06/07 12:45:19 I] There are 321455 records loaded, the latest > update 12-06-2007, using standard bases set > [12/06/07 12:45:19 I] The scan path: /tmp > [12/06/07 12:45:19 I] Silent mode is on > [12/06/07 12:45:19 A] /tmp/KasperskyBusy.lock OK > [12/06/07 12:45:19 A] /tmp/mc-root/extfsyv6wxcCONTENTS.cpio OK > [12/06/07 12:45:19 A] /tmp/mc-root/extfsEHhZxdCONTENTS.cpio OK > [12/06/07 12:45:19 A] /tmp/mc-root/extfsHmhOldCONTENTS.cpio OK > > But, I see no log of kaspersky nor kavscanner in maillog, or in a top > command, so I think mailscanner is not using kaspersky. > I also sent the eicar.test file and mailscanner/kaspersky did not see > any virus... > > I debug mailscanner and it did not say error.. > > Can you help me to see if mailscanner is using kerpersky or not when > scanning emais? > > regards > Israel Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGbt8UEfZZRxQVtlQRAhQWAKC1GcyHo6V/5iuDXmx8/LSrwq08BgCdE+Bz gjuYaUGVaMaVhFtOGFFM+DA= =Pvd1 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From glenn.steen at gmail.com Tue Jun 12 19:18:32 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 12 19:18:34 2007 Subject: Invalid postfix queue files (UNCLASSIFIED) In-Reply-To: <20070612125156.E3D6.GERARD@seibercom.net> References: <88991ECEE371C644986F0C8837C207B70173B1FE@ARLABML01.DS.ARL.ARMY.MIL> <223f97700706120913x54d55848uf1665a358f2bd8d1@mail.gmail.com> <20070612125156.E3D6.GERARD@seibercom.net> Message-ID: <223f97700706121118k66b00571u5c0ed200d82e9114@mail.gmail.com> On 12/06/07, Gerard wrote: > On June 12, 2007 at 12:13PM Glenn Steen wrote: > > {snip] > > > I'll be looking hard at this, time permitting, over the next few days. > > Ie also gotten a good report (very detailed) from Nerijus Baliunas > > along the same lines, but... I can't really see how any MailScanner > > code could be responsible for damaging anything in hold (might be me > > needing new glasses:-) simply due to the fact that we only _read_ from > > hold (well, eventually we unlink that message, after successful > > requeue, of course). > > > > But I will make an effort to ascertain whether this really is due to > > the code added to 4.60.8 or not. Who knows, perhaps I'm doing > > something stupid when droping the message from the batch (rightly)... > > But I rather doubt it:-) > > > > You can help further by giving more complete log snippets/examples > > (from connect until it pops up as invalid). > > I thought I saw some chatter regarding this on the Postfix forum a > short time ago. In any case, I think it can be safely stated that Wietse > will not be rushing to your door offering assistance. > That is todays understatement, methinks:-) And as it turns out, he likely shouldn't either. Nerijus helped me pinpoint that this only happens with messages lacking a body, so ... I need to fix that:). Unless Jules sees this and beats me to it, I should have something by sometime tomorrow... Stay tuned....:-) I've also been thinking of "reintroducing" pristine p records (0 variant) wherever I munge them, simply to preserve them for any locally resubmitted queue files (on systems using that type of milter)... Just to be sure...:-). Perhaps not the most needed thing, so ... we'll see. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From jan-peter at koopmann.eu Tue Jun 12 19:30:28 2007 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Tue Jun 12 19:30:17 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: References: <466E9B5D.90807@ecs.soton.ac.uk> Message-ID: Hi, > Has anyone used this package on FreeBSD? I'm not real enamored with the > ports system any longer. No offense to the MS port maintainer, it has none taken. > always worked for us just fine, it is packaging systems in general I > have a problem with. I would like to understand this a bit better since I fail to see the problem. As long as you keep your ports up to date (which you need to do one way or the other) you should have no trouble at all. I never tried Jules installation script on BSD and have no clue whether or not it works. Unless there is a damn good reason for doing everything manually I really strongly advise against it. Otherwise you could get parallel perl modules etc. Nasty. Do you use portmanager or portupgrade? From nerijusb at dtiltas.lt Tue Jun 12 19:49:53 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Tue Jun 12 19:57:55 2007 Subject: kaspersky and MScanner In-Reply-To: <194a2c240706121002s358ef0advf8259cbc8a5921b7@mail.gmail.com> References: <194a2c240706121002s358ef0advf8259cbc8a5921b7@mail.gmail.com> Message-ID: <20070612184949.4528E123513@mx-b.vdnet.lt> On Tue, 12 Jun 2007 12:02:14 -0500 Israel Garcia wrote: > installed all files under /opt/kaspersky/kav4fs/ .. so I had ti edit > /etc/MailScanner/virus.scanners.conf with: > > kaspersky-4.5 /usr/lib/MailScanner/kaspersky-wrapper /opt/kaspersky/kav4fs As I use workstation, not file server version, I use kaspersky-4.5 /usr/lib/MailScanner/kaspersky-wrapper /opt/kaspersky/kav4ws And I also had to make these symlinks: cd /opt/kaspersky/kav4ws/bin ln -s kav4ws-kavscanner kavscanner ln -s kav4ws-keepup2date keepup2date And then MailScanner finds kaspersky. You don't have kav4ws-kavscanner, so you should use kav4fs-kavscanner and kav4fs-keepup2date instead. Then it should work. Kaspersky support for MailScanner should probably be updated, but I see they have just released 5.7 version. It should be tested too. Regards, Nerijus From pparsons at columbiafuels.com Tue Jun 12 20:25:40 2007 From: pparsons at columbiafuels.com (Philip Parsons) Date: Tue Jun 12 20:25:46 2007 Subject: Error when running spamassassin --lint In-Reply-To: References: <014f01c7ac96$d4a89b80$0301a8c0@SAHOMELT> <466E643D.6090707@ecs.soton.ac.uk> <1181663896.10248.4.camel@pparsons-linux> <466EC63F.7000500@ecs.soton.ac.uk> <1181666062.10248.8.camel@pparsons-linux> Message-ID: <1181676340.13038.3.camel@pparsons-linux> On Tue, 2007-06-12 at 10:38 -0700, Scott Silva wrote: > Philip Parsons spake the following on 6/12/2007 9:34 AM: > > looks like the file init.pre > > > > loadplugin > > Mail::SpamAssassin::Plugin::ImageInfo /etc/mail/spamassassin/ImageInfo.pmloadplugin Mail::SpamAssassin::Plugin::ASN > > > > has this line in it that is new. > I had that problem in my last upgrade. I thought it was a glitch in the > install script, leaving out a linefeed. > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > There are no files called ImageInfo.pm at the location /etc/mail/spamassassin/ so I do not know what was suppose to install those files I have commented the line out for now. -- Thank you. Philip Parsons Corporate Leader ? Information Systems Columbia Fuels Inc. 2nd Floor 2659 Douglas St Victoria BC, V8T 5M2 Phone: (250) 391-3638 Cell: (250) 883-5972 http://www.columbiafuels.com http://www.columbiaice.com pparsons@columbiafuels.com IMPORTANT NOTICE This e-mail is confidential, may be legally privileged, and is for the intended recipient only. Access, disclosure, copying and distribution or reliance on any of it by anyone else is prohibited and may be a criminal offence. Please delete if obtained in error and e-mail confirmation to the sender. From igalvarez at gmail.com Tue Jun 12 21:54:54 2007 From: igalvarez at gmail.com (Israel Garcia) Date: Tue Jun 12 21:54:58 2007 Subject: kaspersky and MScanner In-Reply-To: <466EDEF0.7090605@ecs.soton.ac.uk> References: <194a2c240706121002s358ef0advf8259cbc8a5921b7@mail.gmail.com> <466EDEF0.7090605@ecs.soton.ac.uk> Message-ID: <194a2c240706121354sa0fd221u28695707d2305696@mail.gmail.com> Here I go: [root@domain:/opt/kaspersky/kav4fs/bin]$ MailScanner --lint Read 776 hostnames from the phishing whitelist Checking version numbers... Version number in MailScanner.conf (4.60.8) is correct. MailScanner setting GID to (89) MailScanner setting UID to (89) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. Using locktype = flock MailScanner.conf says "Virus Scanners = auto" Found these virus scanners installed: clamavmodule, kaspersky-4.5 I sent the eicar.exe test and maillog says; MailScanner[30462]: ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./3CA742B1A2.2FBE0/eicar.exe Jun 12 16:43:05 picaso1 MailScanner[30462]: Filename Checks: Windows/DOS Executable (3CA742B1A2.2FBE0 eicar.exe) Jun 12 16:43:05 picaso1 MailScanner[30462]: Viruses marked as silent: eicar.exe was infected: Eicar-Test-Signature Only clamav detected the virus (test) file :-( In /opt/kaspersky/kav4fs/bin I have: [root@domain:/opt/kaspersky/kav4fs/bin]$ ll total 3808 -rwxr-xr-x 1 root root 1322024 Mar 14 13:08 kav4fs-kavscanner -rwxr-xr-x 1 root root 1548264 Mar 14 13:08 kav4fs-keepup2date -rwxr-xr-x 1 root root 1015016 Mar 14 13:08 kav4fs-licensemanager lrwxrwxrwx 1 root root 19 Jun 12 16:46 kavscanner -> ./kav4fs-kavscanner lrwxrwxrwx 1 root root 18 Jun 12 16:30 keepup2date -> kav4ws-keepup2date Is this version of maillscanner ready to work with this version of kaspersky kav4fs-5.5-27.rpm? thanks a lot!! Israel On 6/12/07, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Please can you do > MailScanner --lint > and tell me if it finds kaspersky installed. > > If it does, then the parser needs updating for this new version, for > which I will need a fully licensed copy of it to use for development > purposes. > > Israel Garcia wrote: > > Hi, I've upgrade kaspersky AV with this version: kav4fs-5.5-27.rpm in > > my CentOS server using > > mailscanner (MailScanner-4.60.8-1) and I think there's a problem > > because, I dont see mailscanner > > scanning for viruses with kaspersky, the new version of kaspersky > > installed all files under /opt/kaspersky/kav4fs/ .. so I had ti edit > > /etc/MailScanner/virus.scanners.conf with: > > > > kaspersky-4.5 /usr/lib/MailScanner/kaspersky-wrapper > > /opt/kaspersky/kav4fs > > > > I also test the wrapper running: > > > > [root@domain:~]$ /usr/lib/MailScanner/kaspersky-wrapper > > /opt/kaspersky/kav4fs /tmp > > [12/06/07 12:45:15 I] Kaspersky Anti-Virus On-Demand Scanner for > > Linux. Version 5.5.27/RELEASE build #15, compiled Feb 28 2007, > > 18:30:23 > > [12/06/07 12:45:15 I] Copyright (C) Kaspersky Lab, 1997-2007. > > [12/06/07 12:45:15 I] Portions Copyright (C) Lan Crypto > > [12/06/07 12:45:16 I] License "Kaspersky Anti-Virus BO Suite > > International Edition. 3-3 FileServer 1 year Renewal Licence", expires > > 05-06-2008 in 359 days > > [12/06/07 12:45:16 I] License file 0179FADF.key, serial > > 02B7-0003F5-0179FADF, "Kaspersky Anti-Virus BO Suite International > > Edition. 3-3 FileServer 1 year Renewal Licence", expires 05-06-2008 > > [12/06/07 12:45:19 I] There are 321455 records loaded, the latest > > update 12-06-2007, using standard bases set > > [12/06/07 12:45:19 I] The scan path: /tmp > > [12/06/07 12:45:19 I] Silent mode is on > > [12/06/07 12:45:19 A] /tmp/KasperskyBusy.lock OK > > [12/06/07 12:45:19 A] /tmp/mc-root/extfsyv6wxcCONTENTS.cpio OK > > [12/06/07 12:45:19 A] /tmp/mc-root/extfsEHhZxdCONTENTS.cpio OK > > [12/06/07 12:45:19 A] /tmp/mc-root/extfsHmhOldCONTENTS.cpio OK > > > > But, I see no log of kaspersky nor kavscanner in maillog, or in a top > > command, so I think mailscanner is not using kaspersky. > > I also sent the eicar.test file and mailscanner/kaspersky did not see > > any virus... > > > > I debug mailscanner and it did not say error.. > > > > Can you help me to see if mailscanner is using kerpersky or not when > > scanning emais? > > > > regards > > Israel > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.1 (Build 1012) > Charset: ISO-8859-1 > > wj8DBQFGbt8UEfZZRxQVtlQRAhQWAKC1GcyHo6V/5iuDXmx8/LSrwq08BgCdE+Bz > gjuYaUGVaMaVhFtOGFFM+DA= > =Pvd1 > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Regards; Israel Garcia From nerijusb at dtiltas.lt Tue Jun 12 21:50:49 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Tue Jun 12 22:04:18 2007 Subject: antivirus timeout = Denial of Service In-Reply-To: <466EA9FA.9060704@ecs.soton.ac.uk> References: <20070612131949.CBB711224BE@mx-b.vdnet.lt> <466EA9FA.9060704@ecs.soton.ac.uk> Message-ID: <20070612205949.D240C122B16@mx-b.vdnet.lt> On Tue, 12 Jun 2007 15:13:14 +0100 Julian Field wrote: > Just increase the timeout. It's already 300 (5 minutes) and I am afraid to increase it more. What I'd like is to either have a configuration option how to deal with such situation, or treat it like when Bad Filename is detected - i.e. deliver message w/o attachment and quarantine it. Because now the whole message is lost which is not good. Nerijus > Nerijus Baliunas wrote: > > Hello, > > > > I got a message form MailScanner to postmaster with Subject Virus Detected: > > Sender: xxx@example.com > > IP Address: 216.82.... > > Recipient: xxx@example.lt > > Subject: Lenny order > > MessageID: 3EFAE8044D.484E7 > > Quarantine: > > Report: Denial of Service attack in message! > > > > I looked in the maillog and found this: > > > > Jun 12 13:50:14 mail MailScanner[1744]: Commercial scanner clamav timed out! > > Jun 12 13:50:14 mail MailScanner[1744]: clamav: Failed to complete, timed out > > Jun 12 13:50:14 mail MailScanner[1744]: Virus Scanning: Denial Of Service attack is in message 3EFAE8044D.484E7 > > > > Does it mean the message has been dealt as infected by virus and was deleted? > > I will move to clamd, but is it possible to allow the messages to be delivered when > > antivirus timeouts? > > > > Regards, > > Nerijus From holger at noefer.org Tue Jun 12 22:33:09 2007 From: holger at noefer.org (=?ISO-8859-15?Q?Holger_N=F6fer?=) Date: Tue Jun 12 22:33:19 2007 Subject: sa-update and sa-compile Message-ID: <466F1115.2090106@noefer.org> Hi, how do you use sa-update and sa-compile? If I use sa-update it puts the rules to /var/lib/spamassassin/3.002000. If I use sa-compile it compiles the rules to /var/lib/spamassassin/compiled. Does sa-compile use the rules in /var/lib/spamassassin/3.002000 or in /usr/local/share/spamassassin? If I test spamassassin with spamassassin -D --lint -p /etc/mail/spamassassin/mailscanner.cf it seems that spamassassin uses the files under /var/lib/spamassassin/3.002000 and /var/lib/spamassassin/compiled. Is that right? If yes, do you delete /var/lib/spamassassin/3.002000 to only use the /var/lib/spamassassin/compiled files? Without /var/lib/spamassassin/3.002000 files spamassassin is much faster. Best regards, Holger From hvdkooij at vanderkooij.org Tue Jun 12 22:55:38 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Jun 12 22:56:23 2007 Subject: kaspersky and MScanner In-Reply-To: <194a2c240706121354sa0fd221u28695707d2305696@mail.gmail.com> References: <194a2c240706121002s358ef0advf8259cbc8a5921b7@mail.gmail.com> <466EDEF0.7090605@ecs.soton.ac.uk> <194a2c240706121354sa0fd221u28695707d2305696@mail.gmail.com> Message-ID: On Tue, 12 Jun 2007, Israel Garcia wrote: > [root@domain:/opt/kaspersky/kav4fs/bin]$ MailScanner --lint > Read 776 hostnames from the phishing whitelist > Checking version numbers... > Version number in MailScanner.conf (4.60.8) is correct. > MailScanner setting GID to (89) > MailScanner setting UID to (89) .... > In /opt/kaspersky/kav4fs/bin I have: > > [root@domain:/opt/kaspersky/kav4fs/bin]$ ll > total 3808 > -rwxr-xr-x 1 root root 1322024 Mar 14 13:08 kav4fs-kavscanner > -rwxr-xr-x 1 root root 1548264 Mar 14 13:08 kav4fs-keepup2date > -rwxr-xr-x 1 root root 1015016 Mar 14 13:08 kav4fs-licensemanager > lrwxrwxrwx 1 root root 19 Jun 12 16:46 kavscanner -> > ./kav4fs-kavscanner > lrwxrwxrwx 1 root root 18 Jun 12 16:30 keepup2date -> > kav4ws-keepup2date > > Is this version of maillscanner ready to work with this version of > kaspersky kav4fs-5.5-27.rpm? There is a problem. kav4fs will only run as root as far as I can tell and MailScanner is not calling it as root. Perhaps a small shell script called kavscanner which will run sudo kav4fs-kavscanner and pass on all arguments might do the trick. But for sure the latest Kaspersky software is a bitch to automate for a non-root account. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From nerijusb at dtiltas.lt Tue Jun 12 22:58:45 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Tue Jun 12 23:06:22 2007 Subject: kaspersky and MScanner In-Reply-To: <194a2c240706121354sa0fd221u28695707d2305696@mail.gmail.com> References: <194a2c240706121002s358ef0advf8259cbc8a5921b7@mail.gmail.com><466EDEF0.7090605@ecs.soton.ac.uk> <194a2c240706121354sa0fd221u28695707d2305696@mail.gmail.com> Message-ID: <20070612220002.2687B10DD0@mx-a.vdnet.lt> On Tue, 12 Jun 2007 15:54:54 -0500 Israel Garcia wrote: > In /opt/kaspersky/kav4fs/bin I have: > > [root@domain:/opt/kaspersky/kav4fs/bin]$ ll > total 3808 > -rwxr-xr-x 1 root root 1322024 Mar 14 13:08 kav4fs-kavscanner > -rwxr-xr-x 1 root root 1548264 Mar 14 13:08 kav4fs-keepup2date > -rwxr-xr-x 1 root root 1015016 Mar 14 13:08 kav4fs-licensemanager > lrwxrwxrwx 1 root root 19 Jun 12 16:46 kavscanner -> ./kav4fs-kavscanner > lrwxrwxrwx 1 root root 18 Jun 12 16:30 keepup2date -> kav4ws-keepup2date I see you created the links, ok (well, keepup2date link is wrong). What MTA do you use? Have you seen http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:kaspersky:install ? Regards, Nerijus From r.berber at computer.org Tue Jun 12 22:58:22 2007 From: r.berber at computer.org (=?ISO-8859-15?Q?Ren=E9_Berber?=) Date: Tue Jun 12 23:08:42 2007 Subject: [OT]Re: sa-update and sa-compile In-Reply-To: <466F1115.2090106@noefer.org> References: <466F1115.2090106@noefer.org> Message-ID: Holger N?fer wrote: > how do you use sa-update and sa-compile? > > If I use sa-update it puts the rules to > /var/lib/spamassassin/3.002000. If I use > sa-compile it compiles the rules to > /var/lib/spamassassin/compiled. > > Does sa-compile use the rules in /var/lib/spamassassin/3.002000 > or in /usr/local/share/spamassassin? All it can find, including the SARE rules in /etc/mail/spamassassin. > If I test spamassassin with > spamassassin -D --lint -p /etc/mail/spamassassin/mailscanner.cf > it seems that spamassassin uses the files under > /var/lib/spamassassin/3.002000 and /var/lib/spamassassin/compiled. > Is that right? Yep. > If yes, do you delete /var/lib/spamassassin/3.002000 to only use > the /var/lib/spamassassin/compiled files? Interesting... > Without /var/lib/spamassassin/3.002000 files spamassassin is much > faster. Did you remember to configure SA to use compiled rules before you did this test? (i.e. in v320.pre, option Rule2XSBody) Why don't you ask the SA list? -- Ren? Berber From do.not.eat.yellow.snow at gmail.com Wed Jun 13 00:38:26 2007 From: do.not.eat.yellow.snow at gmail.com (Martin Strand) Date: Wed Jun 13 00:38:52 2007 Subject: Bayes works with SA but not MailScanner Message-ID: I get Bayes hits when I run a message through SA with "spamassassin -t < message" but I don't get any hits when the message is passed through MailScanner. Bayes is enabled in spam.assassin.prefs.conf and all db files are owned by the postfix user (I assume that's correct) I don't even know where to look, maillog tells me nothing... help? Thanks, Martin From andy.mac at global-domination.org Wed Jun 13 01:04:21 2007 From: andy.mac at global-domination.org (Andrew MacLachlan) Date: Wed Jun 13 01:04:24 2007 Subject: Bayes works with SA but not MailScanner Message-ID: Which user are you running the test as??? Try running as postfix. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin Strand Sent: 13 June 2007 00:38 To: mailscanner@lists.mailscanner.info Subject: Bayes works with SA but not MailScanner I get Bayes hits when I run a message through SA with "spamassassin -t < message" but I don't get any hits when the message is passed through MailScanner. Bayes is enabled in spam.assassin.prefs.conf and all db files are owned by the postfix user (I assume that's correct) I don't even know where to look, maillog tells me nothing... help? Thanks, Martin -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message was scanned by ESVA and is believed to be clean. Click here to report this message as spam. http://mail-gw.global-domination.org/cgi-bin/learn-msg.cgi?id=B8ABE2821F .DE458 -- This message was scanned by ESVA and is believed to be clean. From gcle at smcaus.com.au Wed Jun 13 07:03:22 2007 From: gcle at smcaus.com.au (Gerard Cleary) Date: Wed Jun 13 07:03:40 2007 Subject: kaspersky and MScanner Message-ID: <200706131603.22200.gcle@smcaus.com.au> We are running Kaspersky version 5.5 for mail servers. I know very little about perl but with the following setup, we don't seem to have any trouble: In /opt/kav/ I have a directory called 5.5 and two soft links as follows: drwxr-xr-x 3 root root 4096 Aug 15 2006 5.5 lrwxrwxrwx 1 root root 23 Aug 15 2006 bin -> 5.5/kav4mailservers/bin lrwxrwxrwx 1 root root 23 Aug 15 2006 man -> 5.5/kav4mailservers/man Then in directory /opt/kav/5.5/ I have a single directory called kav4mailservers as follows: drwxr-xr-x 7 root root 4096 Aug 15 2006 kav4mailservers Finally, in directory /opt/kav/5.5/kav4mailservers we have the Kaspersky installed directories and files as follows: drwxr-xr-x 2 root root 4096 Aug 15 2006 bin -rw-r--r-- 1 root root 1839 Aug 15 2006 ChangeLog drwxr-xr-x 2 root root 4096 Aug 15 2006 contrib drwxr-xr-x 2 root root 4096 Aug 15 2006 init.d -rw-r--r-- 1 root root 14921 Aug 15 2006 LICENSE drwxr-xr-x 3 root root 4096 Aug 15 2006 man drwxr-xr-x 2 root root 4096 Aug 15 2006 setup Hope this helps. Gerard. -- Gerard Cleary System Administrator SMC Pneumatics Australia Pty Ltd PH: (02) 9354 8222 -- This email message and any related attachments are confidential and should only be read by those persons to whom they were addressed. They may contain copyright, personal or legally privileged information. If you are not the intended recipient of this email, any use of this information is strictly prohibited and it must be deleted from your system. Views expressed in this message are the views of the sender and are not necessarily views of SMC Corporation, or it's subsidiaries, except where the message expressly states otherwise. Any advice contained herein should be treated as preliminary advice only and subject to formal written confirmation. Although this email and any attachments are believed to be free of any virus or any other defect which may cause damage or loss, it is the responsibility of the recipient to ensure that they are virus-free. SMC accepts no liability for any loss or damage that may occur as a result of the transmission of this email or its attachments to the recipient. From martinh at solidstatelogic.com Wed Jun 13 09:05:34 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jun 13 09:05:46 2007 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available In-Reply-To: Message-ID: <3b24265dddccc94ba3f5c5c40af5303a@solidstatelogic.com> The generic tar.gz installer works fine on freebsd....it'll install in /opt and it's up to you to run the upgrade scripts and symlink /opt/Mailscanner to the new version when upgrading. But it does mean rolling back a version is a doddle! -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Koopmann, Jan-Peter > Sent: 12 June 2007 19:30 > To: MailScanner discussion > Subject: RE: FW: ANNOUNCE: Apache SpamAssassin 3.2.1 available > > Hi, > > > Has anyone used this package on FreeBSD? I'm not real enamored with > the > > ports system any longer. No offense to the MS port maintainer, it has > > none taken. > > > always worked for us just fine, it is packaging systems in general I > > have a problem with. > > I would like to understand this a bit better since I fail to see the > problem. As long as you keep your ports up to date (which you need to do > one way or the other) you should have no trouble at all. I never tried > Jules installation script on BSD and have no clue whether or not it > works. > > Unless there is a damn good reason for doing everything manually I > really strongly advise against it. Otherwise you could get parallel perl > modules etc. Nasty. > > Do you use portmanager or portupgrade? > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From glenn.steen at gmail.com Wed Jun 13 09:54:36 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Jun 13 09:54:38 2007 Subject: Invalid postfix queue files (UNCLASSIFIED) In-Reply-To: <223f97700706121118k66b00571u5c0ed200d82e9114@mail.gmail.com> References: <88991ECEE371C644986F0C8837C207B70173B1FE@ARLABML01.DS.ARL.ARMY.MIL> <223f97700706120913x54d55848uf1665a358f2bd8d1@mail.gmail.com> <20070612125156.E3D6.GERARD@seibercom.net> <223f97700706121118k66b00571u5c0ed200d82e9114@mail.gmail.com> Message-ID: <223f97700706130154m4fa4db61tf178ffaa79313695@mail.gmail.com> On 12/06/07, Glenn Steen wrote: > On 12/06/07, Gerard wrote: > > On June 12, 2007 at 12:13PM Glenn Steen wrote: > > > > {snip] > > > > > I'll be looking hard at this, time permitting, over the next few days. > > > Ie also gotten a good report (very detailed) from Nerijus Baliunas > > > along the same lines, but... I can't really see how any MailScanner > > > code could be responsible for damaging anything in hold (might be me > > > needing new glasses:-) simply due to the fact that we only _read_ from > > > hold (well, eventually we unlink that message, after successful > > > requeue, of course). > > > > > > But I will make an effort to ascertain whether this really is due to > > > the code added to 4.60.8 or not. Who knows, perhaps I'm doing > > > something stupid when droping the message from the batch (rightly)... > > > But I rather doubt it:-) > > > > > > You can help further by giving more complete log snippets/examples > > > (from connect until it pops up as invalid). > > > > I thought I saw some chatter regarding this on the Postfix forum a > > short time ago. In any case, I think it can be safely stated that Wietse > > will not be rushing to your door offering assistance. > > > That is todays understatement, methinks:-) > > And as it turns out, he likely shouldn't either. > Nerijus helped me pinpoint that this only happens with messages > lacking a body, so ... I need to fix that:). Unless Jules sees this > and beats me to it, I should have something by sometime tomorrow... > Stay tuned....:-) As promised, here is a patch to cure MailScanner deeming "bodyless" messages to be invalid. It's really not that massive (just an if statement), but looks worse because of indentation (which is probably wrong anyway... I've been a tad lazy. Again:-). When you've applied this, the supposedly invalid messages will clear out quickly. Remember to restart after apply. This should be in the next beta/stable. Hopefully (fingers crossed and all that:-) this is the final bug in this code:-P. > I've also been thinking of "reintroducing" pristine p records (0 > variant) wherever I munge them, simply to preserve them for any > locally resubmitted queue files (on systems using that type of > milter)... Just to be sure...:-). Perhaps not the most needed thing, > so ... we'll see. The patch doesw _NOT_ do the reintro thing. I've no time to test that. Sorry. I imagine we'll see eventually if it is needed:). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- A non-text attachment was scrubbed... Name: Postfix.pm.prec_fix_nobody.patch Type: application/octet-stream Size: 6803 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070613/7b5a7a5f/Postfix.pm.prec_fix_nobody.obj From nerijusb at dtiltas.lt Wed Jun 13 11:28:23 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Wed Jun 13 11:36:11 2007 Subject: /etc/cron.daily/sa-update rpm conflict In-Reply-To: References: <20070607193111.13C531224A5@mx-b.vdnet.lt> Message-ID: <20070613103001.8BCD6FF29@mx-a.vdnet.lt> On Thu, 7 Jun 2007 21:22:30 +0200 (CEST) Hugo van der Kooij wrote: > > I tried to update to spamassassin-3.2.0-39.el4.x86_64.rpm from ATrpms, > > but got: > > file /etc/cron.daily/sa-update from install of spamassassin-3.2.0-39.el4 conflicts with file from package mailscanner-4.58.9-1 > > Could you please rename /etc/cron.daily/sa-update in MailScanner rpm to > > something else, for example, saupdate or sa_update? Of course, I could > > also ask ATrpms guys... > > Please ask Axel to fix this. SpamAssasin from rpmforge is not having this > issue. I asked - please see http://bugzilla.atrpms.net/show_bug.cgi?id=1222 Axel renamed sa-update to sa_update, but he noted that Fedora 7 has /etc/cron.d/sa-update which can be moved to /etc/cron.daily in the future. As all other MailScanner cron scripts (which update something) are named update* (update_phishing_sites, update_virus_scanners), I'd suggest to rename sa-update to update_sa or update_SA or update_spamassassin. Then it will not clash with something else. And btw, sa-update has a bit incorrect comment at the top: # Change the next '1' to '0' to enable this regular update. # It is disabled by default as it causes problems on many systems. it should be # Change the next 'yes' to 'no' to enable this regular update. # It is disabled by default as it causes problems on many systems. > You may want to move from ATRPMS to rpmforge (for this package). I like ATrpms package as it uses saupdates.openprotect.com channel for SA updates, which I use too. Regards, Nerijus From nerijusb at dtiltas.lt Wed Jun 13 11:36:53 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Wed Jun 13 11:40:05 2007 Subject: Invalid postfix queue files (UNCLASSIFIED) In-Reply-To: <223f97700706130154m4fa4db61tf178ffaa79313695@mail.gmail.com> References: <88991ECEE371C644986F0C8837C207B70173B1FE@ARLABML01.DS.ARL.ARMY.MIL><223f97700706120913x54d55848uf1665a358f2bd8d1@mail.gmail.com><20070612125156.E3D6.GERARD@seibercom.net><223f97700706121118k66b00571u5c0ed200d82e9114@mail.gmail.com> <223f97700706130154m4fa4db61tf178ffaa79313695@mail.gmail.com> Message-ID: <20070613103947.65BE3122A9D@mx-b.vdnet.lt> On Wed, 13 Jun 2007 10:54:36 +0200 Glenn Steen wrote: > As promised, here is a patch to cure MailScanner deeming "bodyless" > messages to be invalid. It's really not that massive (just an if > statement), but looks worse because of indentation (which is probably > wrong anyway... I've been a tad lazy. Again:-). > When you've applied this, the supposedly invalid messages will clear > out quickly. Remember to restart after apply. Yes, hold queue is empty now. Thanks! Regards, Nerijus From john at tradoc.fr Wed Jun 13 11:45:53 2007 From: john at tradoc.fr (John Wilcock) Date: Wed Jun 13 11:45:57 2007 Subject: /etc/cron.daily/sa-update rpm conflict In-Reply-To: <20070613103001.8BCD6FF29@mx-a.vdnet.lt> References: <20070607193111.13C531224A5@mx-b.vdnet.lt> <20070613103001.8BCD6FF29@mx-a.vdnet.lt> Message-ID: <466FCAE1.2000308@tradoc.fr> @A@ wrote > As all other MailScanner cron scripts (which update something) are named > update* (update_phishing_sites, update_virus_scanners), I'd suggest > to rename sa-update to update_sa or update_SA or update_spamassassin. > Then it will not clash with something else. If they're going to be renamed it would make sense to put the word "MailScanner" in their name. Then again any such renaming is going to pose problems for people updating... John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From nerijusb at dtiltas.lt Wed Jun 13 11:56:32 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Wed Jun 13 12:00:05 2007 Subject: /etc/cron.daily/sa-update rpm conflict In-Reply-To: <466FCAE1.2000308@tradoc.fr> References: <20070607193111.13C531224A5@mx-b.vdnet.lt> <20070613103001.8BCD6FF29@mx-a.vdnet.lt> <466FCAE1.2000308@tradoc.fr> Message-ID: <20070613110001.E5F91FF77@mx-a.vdnet.lt> On Wed, 13 Jun 2007 12:45:53 +0200 John Wilcock wrote: > > As all other MailScanner cron scripts (which update something) are named > > update* (update_phishing_sites, update_virus_scanners), I'd suggest > > to rename sa-update to update_sa or update_SA or update_spamassassin. > > Then it will not clash with something else. > > If they're going to be renamed it would make sense to put the word > "MailScanner" in their name. But only if all other update* scripts are renamed too. If only sa-update is renamed, I think update_spamassassin is quite a good choice. > Then again any such renaming is going to pose problems for people > updating... Not really, as sa-update is disabled by default. If people enabled it, the new one will be disabled by default, so they will not clash. And people of course should read changelog in the announcement :) Regards, Nerijus From alfrag at econ.soc.uoc.gr Wed Jun 13 12:14:10 2007 From: alfrag at econ.soc.uoc.gr (Alexandros Fragkiadakis) Date: Wed Jun 13 12:46:21 2007 Subject: A simple question Message-ID: <3384.147.52.239.225.1181733250.squirrel@econ.soc.uoc.gr> hi, when postfix tries to send an email to a remote smtp server and if this server is not online, postfix defers the mail. How long does it try to communicate with that remote server? Thanks. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From list-mailscanner at linguaphone.com Wed Jun 13 13:15:19 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Jun 13 13:15:34 2007 Subject: A simple question In-Reply-To: <3384.147.52.239.225.1181733250.squirrel@econ.soc.uoc.gr> References: <3384.147.52.239.225.1181733250.squirrel@econ.soc.uoc.gr> Message-ID: <1181736919.26139.7.camel@gblades-suse.linguaphone-intranet.co.uk> On Wed, 2007-06-13 at 12:14, Alexandros Fragkiadakis wrote: > hi, > > when postfix tries to send an email to a remote smtp server and if this > server is not online, postfix defers the mail. How long does it try to > communicate with that remote server? > > Thanks. The default is to keep retrying for about 3-4 days however you can change the time in the configuration file. From glenn.steen at gmail.com Wed Jun 13 13:19:37 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Jun 13 13:19:37 2007 Subject: A simple question In-Reply-To: <3384.147.52.239.225.1181733250.squirrel@econ.soc.uoc.gr> References: <3384.147.52.239.225.1181733250.squirrel@econ.soc.uoc.gr> Message-ID: <223f97700706130519wd8d80dbr12e6c002be8f43cf@mail.gmail.com> On 13/06/07, Alexandros Fragkiadakis wrote: > hi, > > when postfix tries to send an email to a remote smtp server and if this > server is not online, postfix defers the mail. How long does it try to > communicate with that remote server? > > Thanks. This question is very far OT on this list, should be on the postfix one;-). How _long_? What do you mean? How many times? How much time? Depends on your setup/timeouts entirely. Do postconf|egrep "^smtp_"|grep timeout ... to see some relevant ones. I seem to timeout after 30 seconds (the default), you might have something entirely different:). This excerpt from "man 5 postconf" might shed some more light on how this works: ------- smtp_connect_timeout (default: 30s) The SMTP client time limit for completing a TCP connection, or zero (use the operating system built-in time limit). When no connection can be made within the deadline, the SMTP client tries the next address on the mail exchanger list. Specify 0 to disable the time limit (i.e. use whatever timeout is implemented by the operat- ing system). Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is s (seconds). ------- Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Jun 13 13:22:17 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Jun 13 13:22:18 2007 Subject: A simple question In-Reply-To: <1181736919.26139.7.camel@gblades-suse.linguaphone-intranet.co.uk> References: <3384.147.52.239.225.1181733250.squirrel@econ.soc.uoc.gr> <1181736919.26139.7.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <223f97700706130522hab6aa09q8344e423283c9e16@mail.gmail.com> On 13/06/07, Gareth wrote: > On Wed, 2007-06-13 at 12:14, Alexandros Fragkiadakis wrote: > > hi, > > > > when postfix tries to send an email to a remote smtp server and if this > > server is not online, postfix defers the mail. How long does it try to > > communicate with that remote server? > > > > Thanks. > > The default is to keep retrying for about 3-4 days however you can > change the time in the configuration file. > Yes, if there is a complete failure:-). Again, OP should check his config (and read the man page:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dhawal at netmagicsolutions.com Wed Jun 13 14:41:47 2007 From: dhawal at netmagicsolutions.com (Dhawal Doshy) Date: Wed Jun 13 14:42:03 2007 Subject: A simple question In-Reply-To: <3384.147.52.239.225.1181733250.squirrel@econ.soc.uoc.gr> References: <3384.147.52.239.225.1181733250.squirrel@econ.soc.uoc.gr> Message-ID: <466FF41B.4070808@netmagicsolutions.com> Alexandros Fragkiadakis wrote: > hi, > > when postfix tries to send an email to a remote smtp server and if this > server is not online, postfix defers the mail. How long does it try to > communicate with that remote server? postconf bounce_queue_lifetime maximal_queue_lifetime default is 5d (5 days) From ram at netcore.co.in Wed Jun 13 15:49:55 2007 From: ram at netcore.co.in (ram) Date: Wed Jun 13 15:50:08 2007 Subject: is there a limit to max whitelist & blacklist Message-ID: <1181746195.25877.177.camel@localhost.localdomain> We use MS + SA + postfix for around 1000 domains Custom whitelists and blacklists are implemented using ( in MailScanner.conf ) Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules Is Definitely Spam = %rules-dir%/spam.blacklist.rules and these files have entries like ------ From: domain1 and To: domain2 yes From: user@domain1 and To: domain3 yes . . . ------------- I have around 40k entries in both files together This had been working fine for over 3 years now but suddenly off late I have been noticing that whitelists sometimes fail to get applied Unfortunately I am not able to reproduce the situation, but can someone tell me if there is something obvious that can go wrong in this kind of scenario Thanks Ram From m.anderlini at database.it Wed Jun 13 16:06:38 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Wed Jun 13 16:06:57 2007 Subject: Is it possibile to whitelist an ip address in spam.assassin.prefs.conf In-Reply-To: <1181746195.25877.177.camel@localhost.localdomain> References: <1181746195.25877.177.camel@localhost.localdomain> Message-ID: <005001c7adcc$711f7890$3f01a8c0@dbdomain.database.it> I'm still using the parameter whitelist_from in spam.assassin.prefs.conf. Now I need the possibilty to set an ip (an our server) as whitelist whatever sender it is. Is it possibile in any way ? Thanks a lot -- Messaggio verificato dal servizio antivirus di Database Informatica From ms-list at alexb.ch Wed Jun 13 16:46:09 2007 From: ms-list at alexb.ch (Alex Broens) Date: Wed Jun 13 16:46:16 2007 Subject: Is it possibile to whitelist an ip address in spam.assassin.prefs.conf In-Reply-To: <005001c7adcc$711f7890$3f01a8c0@dbdomain.database.it> References: <1181746195.25877.177.camel@localhost.localdomain> <005001c7adcc$711f7890$3f01a8c0@dbdomain.database.it> Message-ID: <46701141.70608@alexb.ch> On 6/13/2007 5:06 PM, Marcello Anderlini wrote: > I'm still using the parameter whitelist_from in spam.assassin.prefs.conf. > Now I need the possibilty to set an ip (an our server) as whitelist whatever > sender it is. > > Is it possibile in any way ? > > Thanks a lot there is a third party SA plugin which allows this. If you search in the SA list archive for "WhitelistRcvdIP" you'll probably find it. h2h Alex From alex at nkpanama.com Wed Jun 13 18:12:41 2007 From: alex at nkpanama.com (Alex Neuman) Date: Wed Jun 13 18:13:26 2007 Subject: _DATE_ function in archive Message-ID: <46702589.9010102@nkpanama.com> IANAPP (in fact, I have *zero* knowledge of Perl), but... From "message.pm" I see a few lines that say the following: $date = sprintf("%04d%02d%02d", $year+1900, $month+1, $day); and if ($archiveplaces =~ /_DATE_/) { # Only do the work for the date substitution if we really have to $archiveplaces =~ s/_DATE_/$date/g; #print STDERR "Archive location is $archiveplaces\n"; } Could I add something like: $shortdate = sprintf("%04d%02d%02d", $year+1900, $month+1); if ($archiveplaces =~ /_SHORTDATE_/) { # Only do the work for the short date substitution if we really have to $archiveplaces =~ s/_DATE_/$shortdate/g; #print STDERR "Archive location is $archiveplaces\n"; } ... so I could use year+month instead of year+month+date and then rotate/backup my archive once a month if I used the magic string _SHORTDATE_ instead of _DATE_ ? Thanks in advance... From ssilva at sgvwater.com Wed Jun 13 18:19:20 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 13 18:20:16 2007 Subject: _DATE_ function in archive In-Reply-To: <46702589.9010102@nkpanama.com> References: <46702589.9010102@nkpanama.com> Message-ID: Alex Neuman spake the following on 6/13/2007 10:12 AM: > IANAPP (in fact, I have *zero* knowledge of Perl), but... > > From "message.pm" I see a few lines that say the following: > > $date = sprintf("%04d%02d%02d", $year+1900, $month+1, $day); > > and > > if ($archiveplaces =~ /_DATE_/) { > # Only do the work for the date substitution if we really have to > $archiveplaces =~ s/_DATE_/$date/g; > #print STDERR "Archive location is $archiveplaces\n"; > } > > Could I add something like: > > $shortdate = sprintf("%04d%02d%02d", $year+1900, $month+1); > > if ($archiveplaces =~ /_SHORTDATE_/) { > # Only do the work for the short date substitution if we really have to > $archiveplaces =~ s/_DATE_/$shortdate/g; > #print STDERR "Archive location is $archiveplaces\n"; > } > > ... so I could use year+month instead of year+month+date and then > rotate/backup my archive once a month if I used the magic string > _SHORTDATE_ instead of _DATE_ ? > > Thanks in advance... That probably wasn't thought of since a month could be a very large datafile. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From alex at nkpanama.com Wed Jun 13 18:29:59 2007 From: alex at nkpanama.com (Alex Neuman) Date: Wed Jun 13 18:30:42 2007 Subject: _DATE_ function in archive In-Reply-To: References: <46702589.9010102@nkpanama.com> Message-ID: <46702997.5060406@nkpanama.com> Scott Silva wrote: >> ... so I could use year+month instead of year+month+date and then >> rotate/backup my archive once a month if I used the magic string >> _SHORTDATE_ instead of _DATE_ ? >> >> Thanks in advance... > That probably wasn't thought of since a month could be a very large datafile. > Except that with rulesets, you could have something like: FromOrTo: default /home/archive/mail/general/_SHORTDATE_ From: alice@domain.com /home/archive/mail/incoming/alice/_SHORTDATE_ To: alice@domain.com /home/archive/mail/outgoing/alice/_SHORTDATE_ From: bob@domain.com /home/archive/mail/incoming/bob/_SHORTDATE_ To: bob@domain.com /home/archive/mail/outgoing/bob/_SHORTDATE_ That way the file wouldn't grow as much or as easily. If your users average less than 2gb/month in or out, it's not a bad solution - you can check the archives using IMAP by logging in as the "archive" user. From alex at nkpanama.com Wed Jun 13 18:30:33 2007 From: alex at nkpanama.com (Alex Neuman) Date: Wed Jun 13 18:31:13 2007 Subject: _DATE_ function in archive In-Reply-To: References: <46702589.9010102@nkpanama.com> Message-ID: <467029B9.5090609@nkpanama.com> Scott Silva wrote: >> ... so I could use year+month instead of year+month+date and then >> rotate/backup my archive once a month if I used the magic string >> _SHORTDATE_ instead of _DATE_ ? >> >> Thanks in advance... >> > That probably wasn't thought of since a month could be a very large datafile. > > ... but anyhow, would it work? From Richard.Frovarp at sendit.nodak.edu Wed Jun 13 18:56:20 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Wed Jun 13 18:56:24 2007 Subject: sa-update and sa-compile In-Reply-To: <466F1115.2090106@noefer.org> References: <466F1115.2090106@noefer.org> Message-ID: <46702FC4.4000605@sendit.nodak.edu> Holger N?fer wrote: > Hi, > > how do you use sa-update and sa-compile? > > If I use sa-update it puts the rules to > /var/lib/spamassassin/3.002000. If I use > sa-compile it compiles the rules to > /var/lib/spamassassin/compiled. > > Does sa-compile use the rules in /var/lib/spamassassin/3.002000 > or in /usr/local/share/spamassassin? > > If I test spamassassin with > spamassassin -D --lint -p /etc/mail/spamassassin/mailscanner.cf > it seems that spamassassin uses the files under > /var/lib/spamassassin/3.002000 and /var/lib/spamassassin/compiled. > Is that right? > If yes, do you delete /var/lib/spamassassin/3.002000 to only use > the /var/lib/spamassassin/compiled files? > Without /var/lib/spamassassin/3.002000 files spamassassin is much > faster. > > Best regards, > Holger > It tries to use all the rules it can find. sa-compile only works on body rules, and it doesn't work for all of those rules. I've seen reports stating 60% of the body rules can be compiled. Furthermore, there isn't a guarantee that the compiled version of the rules are identical to the original version of the rules. Therefore, SA checks with the original rules for any that hit from the compiled list. So no, don't delete /var/lib/spamassassin/3.002000 as no rules there will be used. Deleting that directory probably means you're only using local rules in /etc/mail/spamassassin. From Denis.Beauchemin at USherbrooke.ca Wed Jun 13 18:56:20 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Jun 13 18:56:34 2007 Subject: _DATE_ function in archive In-Reply-To: <46702589.9010102@nkpanama.com> References: <46702589.9010102@nkpanama.com> Message-ID: <46702FC4.4030904@USherbrooke.ca> Alex Neuman a ?crit : > IANAPP (in fact, I have *zero* knowledge of Perl), but... > > From "message.pm" I see a few lines that say the following: > > $date = sprintf("%04d%02d%02d", $year+1900, $month+1, $day); > > and > > if ($archiveplaces =~ /_DATE_/) { > # Only do the work for the date substitution if we really have to > $archiveplaces =~ s/_DATE_/$date/g; > #print STDERR "Archive location is $archiveplaces\n"; > } > > Could I add something like: > > $shortdate = sprintf("%04d%02d%02d", $year+1900, $month+1); $shortdate = sprintf("%04d%02d", $year+1900, $month+1); > > if ($archiveplaces =~ /_SHORTDATE_/) { > # Only do the work for the short date substitution if we really > have to > $archiveplaces =~ s/_DATE_/$shortdate/g; $archiveplaces =~ s/_SHORTDATE_/$shortdate/g; > #print STDERR "Archive location is $archiveplaces\n"; > } > > ... so I could use year+month instead of year+month+date and then > rotate/backup my archive once a month if I used the magic string > _SHORTDATE_ instead of _DATE_ ? > > Thanks in advance... With my 2 minor corrections it should substitute _SHORTDATE_ for YYYYMM wherever this matches (assuming this is in the reports or rules). Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070613/109e3a1b/smime.bin From alex at nkpanama.com Wed Jun 13 19:15:38 2007 From: alex at nkpanama.com (Alex Neuman) Date: Wed Jun 13 19:16:20 2007 Subject: _DATE_ function in archive In-Reply-To: <46702FC4.4030904@USherbrooke.ca> References: <46702589.9010102@nkpanama.com> <46702FC4.4030904@USherbrooke.ca> Message-ID: <4670344A.5010803@nkpanama.com> Denis Beauchemin wrote: > $shortdate = sprintf("%04d%02d", $year+1900, $month+1); >> > $archiveplaces =~ s/_SHORTDATE_/$shortdate/g; >> > With my 2 minor corrections it should substitute _SHORTDATE_ for > YYYYMM wherever this matches (assuming this is in the reports or rules). > > Denis Just to make sure I get the gist of it... This *couldn't* be supported as some custom function so that it would work across upgrades, right? Unless it were added to the next version of MailScanner, this would have to be done manually, right? From garry at glendown.de Wed Jun 13 19:27:46 2007 From: garry at glendown.de (Garry Glendown) Date: Wed Jun 13 19:28:01 2007 Subject: OT: SORBS a PITA on spam backscatter ... Message-ID: <46703722.60909@glendown.de> Sorry, this is most likely somewhat off topic, but maybe I could get some suggestions ... One of our customers was hit by a presumably larger amount of spam mails, addressed to mail addresses collected somehow, but with errors in the addresses (first part of the mail address duplicated, like "johnjohn@do.main" instead of "john@do.main"). They are operating a multi-level mail service, with MS on our side, delivering to an SMTP proxy, then over through a virus scanner, and finally to the actual mail server (M$ Exchange). Mails are accepted, even by the Exchange server, which in turn generates a non-delivery receipt for wrong addresses. For outgoing mail, our central mail server is the smarthost. Which in turn got listed on SORBS for delivering spam backscatter ... great. As far as I see it, delivering the mails, which in themselves are generated in compliance with RFCs, is fully legitimate. What should we do? We get complaints due to the fact that certain mails sent from other customers are being blocked on recipient mailservers due to our server being SORBS-listed ... I personally do not see any way of identifying whether such a receipt (if I'm able to even decide that it is a non-delivery receipt) is for legitimate mails that couldn't be delivered, or for spam. Any suggestions? tnx, -garry -- Orwell war ein Optimist From Denis.Beauchemin at USherbrooke.ca Wed Jun 13 19:59:58 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Jun 13 20:00:13 2007 Subject: _DATE_ function in archive In-Reply-To: <4670344A.5010803@nkpanama.com> References: <46702589.9010102@nkpanama.com> <46702FC4.4030904@USherbrooke.ca> <4670344A.5010803@nkpanama.com> Message-ID: <46703EAE.4040101@USherbrooke.ca> Alex Neuman a ?crit : > > > Denis Beauchemin wrote: >> $shortdate = sprintf("%04d%02d", $year+1900, $month+1); >>> >> $archiveplaces =~ s/_SHORTDATE_/$shortdate/g; >>> >> With my 2 minor corrections it should substitute _SHORTDATE_ for >> YYYYMM wherever this matches (assuming this is in the reports or rules). >> >> Denis > Just to make sure I get the gist of it... This *couldn't* be supported > as some custom function so that it would work across upgrades, right? > Unless it were added to the next version of MailScanner, this would > have to be done manually, right? Right! You better convince Julian of supporting it if you don't want to have to patch the code with every new version... But adding a few lines to one file is not really that difficult... unless you forget about it... I for one modify SweepViruses.pm to translate McAfee warnings in French... Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070613/48c09417/smime.bin From mkettler at evi-inc.com Wed Jun 13 20:06:11 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Jun 13 20:06:30 2007 Subject: OT: SORBS a PITA on spam backscatter ... In-Reply-To: <46703722.60909@glendown.de> References: <46703722.60909@glendown.de> Message-ID: <46704023.5050501@evi-inc.com> Garry Glendown wrote: > Sorry, this is most likely somewhat off topic, but maybe I could get > some suggestions ... > > One of our customers was hit by a presumably larger amount of spam > mails, addressed to mail addresses collected somehow, but with errors in > the addresses (first part of the mail address duplicated, like > "johnjohn@do.main" instead of "john@do.main"). They are operating a > multi-level mail service, with MS on our side, delivering to an SMTP > proxy, then over through a virus scanner, and finally to the actual mail > server (M$ Exchange). Mails are accepted, even by the Exchange server, > which in turn generates a non-delivery receipt for wrong addresses. > > For outgoing mail, our central mail server is the smarthost. Which in > turn got listed on SORBS for delivering spam backscatter ... great. As > far as I see it, delivering the mails, which in themselves are generated > in compliance with RFCs, is fully legitimate. > > What should we do? We get complaints due to the fact that certain mails > sent from other customers are being blocked on recipient mailservers due > to our server being SORBS-listed ... > > I personally do not see any way of identifying whether such a receipt > (if I'm able to even decide that it is a non-delivery receipt) is for > legitimate mails that couldn't be delivered, or for spam. > > Any suggestions? Don't concern yourself with determining if the message is spam or nonspam, concern yourself with validating the recipient of inbound email at delivery time on the outside server. There are lots of tools to handle this, milter-ahead, etc. While post-delivery bounces may be 100% RFC compliant, they're a denial-of-service problem waiting to happen. A 100% RFC compliant network will also accept pings (icmp echo request) sent to its broadcast, and generate one reply per host in the whole network. However, that's also what's called a "smurf amplifier" in the mid 90's and will generally get you disconnected by your ISP for acting as a passive facilitator of DoS attacks. Post-delivery bounces are the "smurf attack" of today. Yet another way for a malicious user to use your network to attack others. > tnx, -garry > From hvdkooij at vanderkooij.org Wed Jun 13 20:11:24 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Jun 13 20:12:14 2007 Subject: OT: SORBS a PITA on spam backscatter ... In-Reply-To: <46703722.60909@glendown.de> References: <46703722.60909@glendown.de> Message-ID: On Wed, 13 Jun 2007, Garry Glendown wrote: > Sorry, this is most likely somewhat off topic, but maybe I could get > some suggestions ... > > One of our customers was hit by a presumably larger amount of spam > mails, addressed to mail addresses collected somehow, but with errors in > the addresses (first part of the mail address duplicated, like > "johnjohn@do.main" instead of "john@do.main"). They are operating a > multi-level mail service, with MS on our side, delivering to an SMTP > proxy, then over through a virus scanner, and finally to the actual mail > server (M$ Exchange). Mails are accepted, even by the Exchange server, > which in turn generates a non-delivery receipt for wrong addresses. Don't we just hate Exchange for this? Perhaps you should just let them have all the spam untill Exchange behaves correctly. Or setup some trick to learn wether or not a receiver address is in fact valid before you accept it. Such an LDAP link is part of the competition. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From holger at noefer.org Wed Jun 13 20:56:33 2007 From: holger at noefer.org (=?ISO-8859-15?Q?Holger_N=F6fer?=) Date: Wed Jun 13 20:56:45 2007 Subject: sa-update and sa-compile In-Reply-To: <46702FC4.4000605@sendit.nodak.edu> References: <466F1115.2090106@noefer.org> <46702FC4.4000605@sendit.nodak.edu> Message-ID: <46704BF1.5010500@noefer.org> Richard Frovarp schrieb: > Holger N?fer wrote: >> Hi, >> >> how do you use sa-update and sa-compile? >> >> If I use sa-update it puts the rules to >> /var/lib/spamassassin/3.002000. If I use >> sa-compile it compiles the rules to >> /var/lib/spamassassin/compiled. >> >> Does sa-compile use the rules in /var/lib/spamassassin/3.002000 >> or in /usr/local/share/spamassassin? >> >> If I test spamassassin with >> spamassassin -D --lint -p /etc/mail/spamassassin/mailscanner.cf >> it seems that spamassassin uses the files under >> /var/lib/spamassassin/3.002000 and /var/lib/spamassassin/compiled. >> Is that right? >> If yes, do you delete /var/lib/spamassassin/3.002000 to only use >> the /var/lib/spamassassin/compiled files? >> Without /var/lib/spamassassin/3.002000 files spamassassin is much >> faster. >> >> Best regards, >> Holger >> > > It tries to use all the rules it can find. sa-compile only works on body > rules, and it doesn't work for all of those rules. I've seen reports > stating 60% of the body rules can be compiled. Furthermore, there isn't > a guarantee that the compiled version of the rules are identical to the > original version of the rules. Therefore, SA checks with the original > rules for any that hit from the compiled list. So no, don't delete > /var/lib/spamassassin/3.002000 as no rules there will be used. Deleting > that directory probably means you're only using local rules in > /etc/mail/spamassassin. Hi, I did some research today on my virtual private server, before I change my big mail servers. The VPS is not very fast and not much ram but for scanning some mails it's ok. I did some local test, without network tests (blacklists, dcc and others). The first I can say is that I agree with Richard, so don't delete /var/lib/spamassassin/3.002000 ;-) I did the test with 675 spam mails with different size. only updates spamasassin rules real 3m16.442s 576 spam mails detected user 1m37.806s sys 0m0.412s real 3m18.819s 576 spam mails detected user 1m38.896s sys 0m0.482s updates spamasassin rules + compiled real 2m11.203s 576 spam mails detected user 1m4.988s ~ 33% faster sys 0m0.392s real 2m13.268s 576 spam mails detected user 1m5.735s ~ 33% faster sys 0m0.404s updates spamasassin rules + sare rules real 6m35.319s 593 spam mails detected user 3m16.920s ~ 200% slower sys 0m0.548s real 6m32.300s 593 spam mails detected user 3m15.861s ~ 200% slower sys 0m0.609s updates spamasassin rules + sare rules + compiled real 3m33.363s 593 spam mails detected user 1m46.339s ~ 9% slower sys 0m0.603s real 3m31.846s 593 spam mails detected user 1m45.265s ~ 9% slower sys 0m0.516s sare rules + compiled (bad idea, spamassassin takes only /usr/local/share/spamassassin Rules, so don't delete /var/lib/spamassassin/3.002000) real 2m19.859s 573 spam mails detected user 1m9.448s ~ 30 faster sys 0m0.393s real 2m20.007s 573 spam mails detected user 1m9.553s ~ 30 faster sys 0m0.391s Perhaps these are some useful information. Best regards, Holger From hvdkooij at vanderkooij.org Wed Jun 13 21:31:12 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Jun 13 21:32:09 2007 Subject: OT: SORBS a PITA on spam backscatter ... In-Reply-To: References: <46703722.60909@glendown.de> Message-ID: On Wed, 13 Jun 2007, Hugo van der Kooij wrote: > On Wed, 13 Jun 2007, Garry Glendown wrote: > >> Sorry, this is most likely somewhat off topic, but maybe I could get >> some suggestions ... >> >> One of our customers was hit by a presumably larger amount of spam >> mails, addressed to mail addresses collected somehow, but with errors in >> the addresses (first part of the mail address duplicated, like >> "johnjohn@do.main" instead of "john@do.main"). They are operating a >> multi-level mail service, with MS on our side, delivering to an SMTP >> proxy, then over through a virus scanner, and finally to the actual mail >> server (M$ Exchange). Mails are accepted, even by the Exchange server, >> which in turn generates a non-delivery receipt for wrong addresses. > > Don't we just hate Exchange for this? Perhaps you should just let them have > all the spam untill Exchange behaves correctly. Or setup some trick to learn > wether or not a receiver address is in fact valid before you accept it. > > Such an LDAP link is part of the competition. The closest thing I have seen online is a static method: http://www-personal.umich.edu/~malth/gaptuning/postfix/ Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From j.ede at birchenallhowden.co.uk Wed Jun 13 21:41:58 2007 From: j.ede at birchenallhowden.co.uk (Jason Ede) Date: Wed Jun 13 21:42:30 2007 Subject: SORBS a PITA on spam backscatter ... In-Reply-To: <46703722.60909@glendown.de> References: <46703722.60909@glendown.de> Message-ID: There are ways, using LDAP lookups, of checking for valid addresses on the MS box... If you search for MailScanner Exchange and LDAP on google it brings up a few howtos. I've had some success of checking for NDR bounces and then if the destination address is not one of ours then just flag the email as SPAM... Mind you its probably simpler to use the LDAP lookup to block illegal addresses at the MTA level and just leave it at that. Jason -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Garry Glendown Sent: 13 June 2007 19:28 To: MailScanner discussion Subject: OT: SORBS a PITA on spam backscatter ... Sorry, this is most likely somewhat off topic, but maybe I could get some suggestions ... One of our customers was hit by a presumably larger amount of spam mails, addressed to mail addresses collected somehow, but with errors in the addresses (first part of the mail address duplicated, like "johnjohn@do.main" instead of "john@do.main"). They are operating a multi-level mail service, with MS on our side, delivering to an SMTP proxy, then over through a virus scanner, and finally to the actual mail server (M$ Exchange). Mails are accepted, even by the Exchange server, which in turn generates a non-delivery receipt for wrong addresses. For outgoing mail, our central mail server is the smarthost. Which in turn got listed on SORBS for delivering spam backscatter ... great. As far as I see it, delivering the mails, which in themselves are generated in compliance with RFCs, is fully legitimate. What should we do? We get complaints due to the fact that certain mails sent from other customers are being blocked on recipient mailservers due to our server being SORBS-listed ... I personally do not see any way of identifying whether such a receipt (if I'm able to even decide that it is a non-delivery receipt) is for legitimate mails that couldn't be delivered, or for spam. Any suggestions? tnx, -garry -- Orwell war ein Optimist -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From paul.edlund at comtrol.com Wed Jun 13 22:00:23 2007 From: paul.edlund at comtrol.com (Paul) Date: Wed Jun 13 22:05:12 2007 Subject: Invalid postfix queue files (UNCLASSIFIED) References: <88991ECEE371C644986F0C8837C207B70173B1F1@ARLABML01.DS.ARL.ARMY.MIL> Message-ID: Kash, Howard (Civ, ARL/CISD arl.army.mil> writes: > > After upgrading to MS 4.60.8, MailScanner has started reporting "New Batch: Found invalid queue files: ".? Each of the queue files appears to have a truncated message contents section and 90% of them end with "To: undisclosed-recipients:;".? There's a total of about 30 of them since I upgraded on June 4.? Anyone else seeing this?? I also upgraded postfix from 2.3.9 to 2.3.11 at the same time, but figured I'd start here first since the postfix group will blame MailScanner anyway... > Thanks, > > Howard I'm seeing this also on all three of my MailScanner servers runnning SuSE 10.2, MailScanner version 4.61.2 with Postfix 2.4.3 From andy.mac at global-domination.org Wed Jun 13 22:31:24 2007 From: andy.mac at global-domination.org (Andrew MacLachlan) Date: Wed Jun 13 22:31:28 2007 Subject: SORBS a PITA on spam backscatter ... Message-ID: The problem I can see with this is the customer allowing an inbound LDAP connection straight through the DMZ to their AD DC - it's not quite best practice is it... As an alternative, you could do two things after explaining the problem to them: - Block all NDRs from their Exchange Server - Ask them to supply a properly formatted list of valid recipients extracted from AD on a regular basis (maybe they could FTP/SCP it to you a few times a day). -Andy -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason Ede Sent: 13 June 2007 21:42 To: MailScanner discussion Subject: RE: SORBS a PITA on spam backscatter ... There are ways, using LDAP lookups, of checking for valid addresses on the MS box... If you search for MailScanner Exchange and LDAP on google it brings up a few howtos. I've had some success of checking for NDR bounces and then if the destination address is not one of ours then just flag the email as SPAM... Mind you its probably simpler to use the LDAP lookup to block illegal addresses at the MTA level and just leave it at that. Jason -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Garry Glendown Sent: 13 June 2007 19:28 To: MailScanner discussion Subject: OT: SORBS a PITA on spam backscatter ... Sorry, this is most likely somewhat off topic, but maybe I could get some suggestions ... One of our customers was hit by a presumably larger amount of spam mails, addressed to mail addresses collected somehow, but with errors in the addresses (first part of the mail address duplicated, like "johnjohn@do.main" instead of "john@do.main"). They are operating a multi-level mail service, with MS on our side, delivering to an SMTP proxy, then over through a virus scanner, and finally to the actual mail server (M$ Exchange). Mails are accepted, even by the Exchange server, which in turn generates a non-delivery receipt for wrong addresses. For outgoing mail, our central mail server is the smarthost. Which in turn got listed on SORBS for delivering spam backscatter ... great. As far as I see it, delivering the mails, which in themselves are generated in compliance with RFCs, is fully legitimate. What should we do? We get complaints due to the fact that certain mails sent from other customers are being blocked on recipient mailservers due to our server being SORBS-listed ... I personally do not see any way of identifying whether such a receipt (if I'm able to even decide that it is a non-delivery receipt) is for legitimate mails that couldn't be delivered, or for spam. Any suggestions? tnx, -garry -- Orwell war ein Optimist -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message was scanned by ESVA and is believed to be clean. Click here to report this message as spam. http://mail-gw.global-domination.org/cgi-bin/learn-msg.cgi?id=0D21228223 .81EAB -- This message was scanned by ESVA and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Jun 13 22:37:45 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 13 22:38:57 2007 Subject: MailScanner ANNOUNCE: Book updated Message-ID: <467063A9.1020202@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just received my proof copy of the latest revision of the MailScanner book. I have updated the Training Manual to describe every new feature up to and including the current beta release 4.61. Unfortunately, this time the new additions are spread throughout the Training Manual, removing the possibility of releasing the new material as a free PDF file. However, if you read the Change Log since version 4.44, you will get brief descriptions of all the new features. More documentation about each configuration setting can be found on the web for free at http://www.mailscanner.info/MailScanner.conf.index.html And before you ask, no, you cannot buy a PDF copy of the book. It is only available in dead tree format. Sorry. Best regards, Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGcGO+EfZZRxQVtlQRApOMAJ993AFhGPPcmuIzC1VxEymf/g/TdQCePgOH oGEqz0iF+1TYb/U80k6AYn0= =G6HV -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From iarteaga at cwpanama.net Wed Jun 13 22:43:11 2007 From: iarteaga at cwpanama.net (Ivan Arteaga) Date: Wed Jun 13 22:43:08 2007 Subject: email spoofing Message-ID: <00c401c7ae03$d6f8e840$84eab8c0$@net> Hello list, This is not exactly a MS related issue but mta related, anyway I'll post it here and u guys let me know what to do.. When I telnet port 25 in some sendmail servers (all I tried) also postfix and even ms exchange I can send mails with no authentication (using smtp commands), all the cases internal mails but also can relay to external accounts. In both cases I can send mails via mail client (outlook, Eudora etc.) just defining the account and leaving blank the password field, even if I have to authenticate the users in order to send email. Had anyone else see this kinda behavior? It is the default normal behavior or it is a bug? I will appreciate your comments. Regards, --Ivan. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070613/13e72b0e/attachment-0001.html From MailScanner at ecs.soton.ac.uk Wed Jun 13 22:46:53 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 13 22:47:46 2007 Subject: Invalid postfix queue files In-Reply-To: References: <88991ECEE371C644986F0C8837C207B70173B1F1@ARLABML01.DS.ARL.ARMY.MIL> Message-ID: <467065CD.8040508@ecs.soton.ac.uk> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070613/0af17088/PGP.bin From glenn.steen at gmail.com Wed Jun 13 22:54:56 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Jun 13 22:54:58 2007 Subject: Invalid postfix queue files (UNCLASSIFIED) In-Reply-To: References: <88991ECEE371C644986F0C8837C207B70173B1F1@ARLABML01.DS.ARL.ARMY.MIL> Message-ID: <223f97700706131454s2dfef139tc79b58be63e9c773@mail.gmail.com> On 13/06/07, Paul wrote: > Kash, Howard (Civ, ARL/CISD arl.army.mil> writes: > > > > After upgrading to MS 4.60.8, MailScanner has started reporting "New Batch: > Found invalid queue files: ". Each of the queue files > appears to have a truncated message contents section and 90% of them end > with "To: undisclosed-recipients:;". There's a total of about 30 of them > since I upgraded on June 4. Anyone else seeing this? I also upgraded postfix > from 2.3.9 to 2.3.11 at the same time, but figured I'd start here first since > the postfix group will blame MailScanner anyway... > > Thanks, > > > > Howard > > > I'm seeing this also on all three of my MailScanner servers runnning SuSE > 10.2, MailScanner version 4.61.2 with Postfix 2.4.3 > There is a patch (in one of the other messagesin this thread) that fixes this problem. The messages were completely lacking a body, and I failed to see this in time... All better now:-) If I didn't offend Jules too much (I thought I asked nicely for a beta, but he read it as a more ... assertive statement (rightly so, english baffels me from time to time:-) ...), he'll find the time and energy to put this in the next beta (which hopefully isn't too far off). Jules, since this affects all postfix systems... Could we have one rather soonish, please? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Wed Jun 13 23:02:45 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 13 23:04:31 2007 Subject: email spoofing In-Reply-To: <00c401c7ae03$d6f8e840$84eab8c0$@net> References: <00c401c7ae03$d6f8e840$84eab8c0$@net> Message-ID: Ivan Arteaga spake the following on 6/13/2007 2:43 PM: > Hello list, > > > > This is not exactly a MS related issue but mta related, anyway I?ll post > it here and u guys let me know what to do.. > > When I telnet port 25 in some sendmail servers (all I tried) also > postfix and even ms exchange I can send mails with no authentication > (using smtp commands), all the cases internal mails but also can relay > to external accounts. In both cases I can send mails via mail client > (outlook, Eudora etc.) just defining the account and leaving blank the > password field, even if I have to authenticate the users in order to > send email. > > Had anyone else see this kinda behavior? It is the default normal > behavior or it is a bug? I will appreciate your comments. > are you trying this from an ip address on your network, or from outside? Internal addresses on your subnet usually will bypass auth (at least in sendmail). -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From iarteaga at cwpanama.net Wed Jun 13 23:12:01 2007 From: iarteaga at cwpanama.net (Ivan Arteaga) Date: Wed Jun 13 23:11:56 2007 Subject: email spoofing In-Reply-To: References: <00c401c7ae03$d6f8e840$84eab8c0$@net> Message-ID: <00ed01c7ae07$de02fb90$9a08f2b0$@net> I tried both from internal and external network. Same behavior. --Ivan. > Hello list, > > > > This is not exactly a MS related issue but mta related, anyway I?ll post > it here and u guys let me know what to do.. > > When I telnet port 25 in some sendmail servers (all I tried) also > postfix and even ms exchange I can send mails with no authentication > (using smtp commands), all the cases internal mails but also can relay > to external accounts. In both cases I can send mails via mail client > (outlook, Eudora etc.) just defining the account and leaving blank the > password field, even if I have to authenticate the users in order to > send email. > > Had anyone else see this kinda behavior? It is the default normal > behavior or it is a bug? I will appreciate your comments. > are you trying this from an ip address on your network, or from outside? Internal addresses on your subnet usually will bypass auth (at least in sendmail). -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Wed Jun 13 23:14:39 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Jun 13 23:14:41 2007 Subject: SORBS a PITA on spam backscatter ... In-Reply-To: References: Message-ID: <223f97700706131514k248ee5a4r77eeddf2d75e49@mail.gmail.com> On 13/06/07, Andrew MacLachlan wrote: > The problem I can see with this is the customer allowing an inbound LDAP > connection straight through the DMZ to their AD DC - it's not quite best > practice is it... For a lot of setups the distance between the "outside" MS box and the "inside" M-Sexchange box is very short (1 hop or so:-), for the ones you express concern over, there are a wealth of possible solutions (including intelligent FW rules, "offline" dumping of AD and subsequent transferal by ... other means)... Or you could use a wellbehaved SAV (with a modern, well-behaved MSEX). > As an alternative, you could do two things after explaining the problem > to them: > - Block all NDRs from their Exchange Server ... provided you do outbound filtering too. > - Ask them to supply a properly formatted list of valid recipients > extracted from AD on a regular basis (maybe they could FTP/SCP it to you > a few times a day). Kind of suggestion 1b above;-). (I'm not really disagreeing with you Andy;). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Wed Jun 13 23:20:42 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 13 23:21:06 2007 Subject: email spoofing In-Reply-To: <00ed01c7ae07$de02fb90$9a08f2b0$@net> References: <00c401c7ae03$d6f8e840$84eab8c0$@net> <00ed01c7ae07$de02fb90$9a08f2b0$@net> Message-ID: Ivan Arteaga spake the following on 6/13/2007 3:12 PM: > I tried both from internal and external network. Same behavior. > > --Ivan. > >> Hello list, >> >> >> >> This is not exactly a MS related issue but mta related, anyway I?ll post >> it here and u guys let me know what to do.. >> >> When I telnet port 25 in some sendmail servers (all I tried) also >> postfix and even ms exchange I can send mails with no authentication >> (using smtp commands), all the cases internal mails but also can relay >> to external accounts. In both cases I can send mails via mail client >> (outlook, Eudora etc.) just defining the account and leaving blank the >> password field, even if I have to authenticate the users in order to >> send email. >> >> Had anyone else see this kinda behavior? It is the default normal >> behavior or it is a bug? I will appreciate your comments. >> > are you trying this from an ip address on your network, or from outside? > Internal addresses on your subnet usually will bypass auth (at least in sendmail). > Have you tried with both the from and to addresses not being from your domain? This is typical of tests for open relays. Look at this page; http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mta:relay and maybe this; http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mta:connexion -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From alex at nkpanama.com Thu Jun 14 00:41:04 2007 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jun 14 00:41:54 2007 Subject: SORBS a PITA on spam backscatter ... In-Reply-To: References: <46703722.60909@glendown.de> Message-ID: <46708090.8010705@nkpanama.com> You can also mitigate the problem using milter-null in some cases, although it wouldn't help with your particular case right now, I think... Jason Ede wrote: > There are ways, using LDAP lookups, of checking for valid addresses on the MS box... If you search for MailScanner Exchange and LDAP on google it brings up a few howtos. > > I've had some success of checking for NDR bounces and then if the destination address is not one of ours then just flag the email as SPAM... > > Mind you its probably simpler to use the LDAP lookup to block illegal addresses at the MTA level and just leave it at that. > > Jason > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Garry Glendown > Sent: 13 June 2007 19:28 > To: MailScanner discussion > Subject: OT: SORBS a PITA on spam backscatter ... > > Sorry, this is most likely somewhat off topic, but maybe I could get > some suggestions ... > > One of our customers was hit by a presumably larger amount of spam > mails, addressed to mail addresses collected somehow, but with errors in > the addresses (first part of the mail address duplicated, like > "johnjohn@do.main" instead of "john@do.main"). They are operating a > multi-level mail service, with MS on our side, delivering to an SMTP > proxy, then over through a virus scanner, and finally to the actual mail > server (M$ Exchange). Mails are accepted, even by the Exchange server, > which in turn generates a non-delivery receipt for wrong addresses. > > For outgoing mail, our central mail server is the smarthost. Which in > turn got listed on SORBS for delivering spam backscatter ... great. As > far as I see it, delivering the mails, which in themselves are generated > in compliance with RFCs, is fully legitimate. > > What should we do? We get complaints due to the fact that certain mails > sent from other customers are being blocked on recipient mailservers due > to our server being SORBS-listed ... > > I personally do not see any way of identifying whether such a receipt > (if I'm able to even decide that it is a non-delivery receipt) is for > legitimate mails that couldn't be delivered, or for spam. > > Any suggestions? > > tnx, -garry > > -- > Orwell war ein Optimist > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From alex at nkpanama.com Thu Jun 14 00:51:10 2007 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jun 14 00:51:55 2007 Subject: email spoofing In-Reply-To: References: <00c401c7ae03$d6f8e840$84eab8c0$@net> Message-ID: <467082EE.9050708@nkpanama.com> Scott Silva wrote: > > are you trying this from an ip address on your network, or from outside? > Internal addresses on your subnet usually will bypass auth (at least in sendmail). > > Only if you're lazy and set up things like: 192.168 RELAY in your /etc/mail/access file... From res at ausics.net Thu Jun 14 01:21:45 2007 From: res at ausics.net (Res) Date: Thu Jun 14 01:21:55 2007 Subject: email spoofing In-Reply-To: <467082EE.9050708@nkpanama.com> References: <00c401c7ae03$d6f8e840$84eab8c0$@net> <467082EE.9050708@nkpanama.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NotDashEscaped: You need GnuPG to verify this message On Wed, 13 Jun 2007, Alex Neuman wrote: > > > Scott Silva wrote: >> >> are you trying this from an ip address on your network, or from outside? >> Internal addresses on your subnet usually will bypass auth (at least in >> sendmail). >> >> > Only if you're lazy and set up things like: > > 192.168 RELAY > > in your /etc/mail/access file... Lazy? WTF is the point of smtp auth for your own lan... I abandoned smtp-auth years ago because too many customers can use it to get you blacklisted (deliberate spam) it was more of a hassle then thats its worth, if they are not on our network they can use their own ISP's smtp and not ours. I will always allow all of our IP ranges for relay on the cust-out-smtp's as there is nothing at all wrong with doing so, so long as you don't add in IP ranges that aren't your own, and since no network competently setup routes RFC1918 addresses, its moot point. -- Cheers Res -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGcIoZsWhAmSIQh7MRAnfEAJ9BD6blHHLVnhddcIDtWfq8zFw6DACcCQOd GHFnMsyeXjPVXFCDtmRLaKE= =p8Fj -----END PGP SIGNATURE----- From gcle at smcaus.com.au Thu Jun 14 01:51:44 2007 From: gcle at smcaus.com.au (Gerard Cleary) Date: Thu Jun 14 01:52:04 2007 Subject: kaspersky and MScanner In-Reply-To: <200706131603.22200.gcle@smcaus.com.au> References: <200706131603.22200.gcle@smcaus.com.au> Message-ID: <200706141051.44893.gcle@smcaus.com.au> On Wed, 13 Jun 2007 16:03, Gerard Cleary wrote: > We are running Kaspersky version 5.5 for mail servers. > > I know very little about perl but with the following setup, we don't seem > to have any trouble: > > In /opt/kav/ I have a directory called 5.5 and two soft links as follows: > > drwxr-xr-x 3 root root 4096 Aug 15 2006 5.5 > lrwxrwxrwx 1 root root 23 Aug 15 2006 bin -> 5.5/kav4mailservers/bin > lrwxrwxrwx 1 root root 23 Aug 15 2006 man -> 5.5/kav4mailservers/man > > > Then in directory /opt/kav/5.5/ I have a single directory called > kav4mailservers as follows: > > drwxr-xr-x 7 root root 4096 Aug 15 2006 kav4mailservers > > > Finally, in directory /opt/kav/5.5/kav4mailservers we have the Kaspersky > installed directories and files as follows: > > drwxr-xr-x 2 root root 4096 Aug 15 2006 bin > -rw-r--r-- 1 root root 1839 Aug 15 2006 ChangeLog > drwxr-xr-x 2 root root 4096 Aug 15 2006 contrib > drwxr-xr-x 2 root root 4096 Aug 15 2006 init.d > -rw-r--r-- 1 root root 14921 Aug 15 2006 LICENSE > drwxr-xr-x 3 root root 4096 Aug 15 2006 man > drwxr-xr-x 2 root root 4096 Aug 15 2006 setup > > Hope this helps. > Gerard. > > -- I've just realised that we are running Kaspersky Version 5.5 for MAIL SERVERS whereas the package kav4fs-5.5-27.rpm is Kaspersky 5.5 for FILE SERVERS. Perhaps MailScanner has been configured to run with the MAIL SERVER version of Kaspersky rather than any other version ? Gerard. -- This email message and any related attachments are confidential and should only be read by those persons to whom they were addressed. They may contain copyright, personal or legally privileged information. If you are not the intended recipient of this email, any use of this information is strictly prohibited and it must be deleted from your system. Views expressed in this message are the views of the sender and are not necessarily views of SMC Corporation, or it's subsidiaries, except where the message expressly states otherwise. Any advice contained herein should be treated as preliminary advice only and subject to formal written confirmation. Although this email and any attachments are believed to be free of any virus or any other defect which may cause damage or loss, it is the responsibility of the recipient to ensure that they are virus-free. SMC accepts no liability for any loss or damage that may occur as a result of the transmission of this email or its attachments to the recipient. From alex at nkpanama.com Thu Jun 14 01:51:28 2007 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jun 14 01:52:16 2007 Subject: email spoofing In-Reply-To: References: <00c401c7ae03$d6f8e840$84eab8c0$@net> <467082EE.9050708@nkpanama.com> Message-ID: <46709110.5030200@nkpanama.com> Res wrote: > > Lazy? WTF is the point of smtp auth for your own lan... > I abandoned smtp-auth years ago because too many customers can use it > to get you blacklisted (deliberate spam) it was more of a hassle then > thats its worth, if they are not on our network they can use their own > ISP's smtp and not ours. > > I will always allow all of our IP ranges for relay on the > cust-out-smtp's as there is nothing at all wrong with doing so, so > long as you don't add in IP ranges that aren't your own, and since no > network competently setup routes RFC1918 addresses, its moot point. > > The F point, to use your own terms, is to avoid (read: make it more difficult to happen) spam zombies spewing stuff out of your network and getting you blacklisted. Most spam zombies will not authenticate - therefore, the e-mail won't leave your network. This, combined with a firewall policy that only allows port 25 traffic on your own servers can mitigate a spam zombie problem before it begins. That and using other ports like 587 (for SMTP+AUTH with optional TLS) or 465 (SMTPS) will also allow your users to bypass such filtering at other locations. You can also tell sendmail (and probably postfix and other MTA's) to include the *who authenticated* information (look for REC_FULL_AUTH instead of REC_AUTH in the cf files) so you can tell who sent the e-mail more surely. For example, in your setup nothing prevents a person from spoofing another user's known (or guessed at) IP address and sending an e-mail purporting to be someone else. If you force people to authenticate, you get a header like: Received: from mini.local (nkcenter [201.226.170.130]) (user=alex mech=PLAIN bits=0) by nkpanama.com (8.14.0/8.14.0) with ESMTP id l5DNf4nd026079 for ; Wed, 13 Jun 2007 18:41:33 -0500 ... which at least tells you the user who sent the e-mail did so using the "alex" account and knows the password for it. I know that *anything* is circumventable in one way or another - and that's what I meant by *lazy*. I believe the UK expression is "I can't be bothered to...", in this case, set up SMTP AUTH so that spoofing becomes just a bit more difficult. That, along with checking for valid recipients using milter-ahead or an LDAP lookup, and proper SPF records, for example, makes it even more difficult for spoofing and backscatter to occur. From andy.mac at global-domination.org Thu Jun 14 01:56:38 2007 From: andy.mac at global-domination.org (Andrew MacLachlan) Date: Thu Jun 14 01:56:34 2007 Subject: SORBS a PITA on spam backscatter ... Message-ID: Apologies for the reply to my own post, but the following link I just found on the postfix website might be useful for extracting the addresses from AD and securely sending to postfix, although it's specific to exchange 5.5 the ldap code should be easily tweakable http://www.unixwiz.net/techtips/postfix-exchange-users.html -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Andrew MacLachlan Sent: 13 June 2007 22:31 To: MailScanner discussion Subject: RE: SORBS a PITA on spam backscatter ... The problem I can see with this is the customer allowing an inbound LDAP connection straight through the DMZ to their AD DC - it's not quite best practice is it... As an alternative, you could do two things after explaining the problem to them: - Block all NDRs from their Exchange Server - Ask them to supply a properly formatted list of valid recipients extracted from AD on a regular basis (maybe they could FTP/SCP it to you a few times a day). -Andy -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason Ede Sent: 13 June 2007 21:42 To: MailScanner discussion Subject: RE: SORBS a PITA on spam backscatter ... There are ways, using LDAP lookups, of checking for valid addresses on the MS box... If you search for MailScanner Exchange and LDAP on google it brings up a few howtos. I've had some success of checking for NDR bounces and then if the destination address is not one of ours then just flag the email as SPAM... Mind you its probably simpler to use the LDAP lookup to block illegal addresses at the MTA level and just leave it at that. Jason -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Garry Glendown Sent: 13 June 2007 19:28 To: MailScanner discussion Subject: OT: SORBS a PITA on spam backscatter ... Sorry, this is most likely somewhat off topic, but maybe I could get some suggestions ... One of our customers was hit by a presumably larger amount of spam mails, addressed to mail addresses collected somehow, but with errors in the addresses (first part of the mail address duplicated, like "johnjohn@do.main" instead of "john@do.main"). They are operating a multi-level mail service, with MS on our side, delivering to an SMTP proxy, then over through a virus scanner, and finally to the actual mail server (M$ Exchange). Mails are accepted, even by the Exchange server, which in turn generates a non-delivery receipt for wrong addresses. For outgoing mail, our central mail server is the smarthost. Which in turn got listed on SORBS for delivering spam backscatter ... great. As far as I see it, delivering the mails, which in themselves are generated in compliance with RFCs, is fully legitimate. What should we do? We get complaints due to the fact that certain mails sent from other customers are being blocked on recipient mailservers due to our server being SORBS-listed ... I personally do not see any way of identifying whether such a receipt (if I'm able to even decide that it is a non-delivery receipt) is for legitimate mails that couldn't be delivered, or for spam. Any suggestions? tnx, -garry -- Orwell war ein Optimist -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message was scanned by ESVA and is believed to be clean. Click here to report this message as spam. http://mail-gw.global-domination.org/cgi-bin/learn-msg.cgi?id=0D21228223 .81EAB -- This message was scanned by ESVA and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message was scanned by ESVA and is believed to be clean. From andy.mac at global-domination.org Thu Jun 14 02:03:47 2007 From: andy.mac at global-domination.org (Andrew MacLachlan) Date: Thu Jun 14 02:03:42 2007 Subject: SORBS a PITA on spam backscatter ... Message-ID: > (I'm not really disagreeing with you Andy;). Yeah - I know, but the whole external provider validating addresses is a minefield as you know - Granted it's easy for your own setup without really breaking security best practice, but that wasn't the case. I'd love to hear how a decent external mail provider handles this particular issue... (Res???) - Andy -- This message was scanned by ESVA and is believed to be clean. From andy.mac at global-domination.org Thu Jun 14 02:15:42 2007 From: andy.mac at global-domination.org (Andrew MacLachlan) Date: Thu Jun 14 02:15:43 2007 Subject: email spoofing Message-ID: >spam zombies spewing stuff out of your network and getting you blacklisted. >Most spam zombies will not authenticate - therefore, the e-mail won't leave >your network. This, combined with a firewall policy that only allows port >25 traffic on your own servers can mitigate a spam zombie problem before it >begins. How many spam zombies look for a usable relay so they can deliver their wares? If the firewall is configured so that only the proper MTA(s) can send out I can't see a problem or a need for SMTP auth on private / managed networks... -- This message was scanned by ESVA and is believed to be clean. From alex at nkpanama.com Thu Jun 14 03:06:09 2007 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jun 14 03:07:11 2007 Subject: email spoofing In-Reply-To: References: Message-ID: <4670A291.5000307@nkpanama.com> Andrew MacLachlan wrote: >> spam zombies spewing stuff out of your network and getting you >> > blacklisted. >Most spam zombies will not authenticate - therefore, the > e-mail won't leave >your network. This, combined with a firewall policy > that only allows port >25 traffic on your own servers can mitigate a > spam zombie problem before it >begins. > > How many spam zombies look for a usable relay so they can deliver their > wares? If the firewall is configured so that only the proper MTA(s) can > send out I can't see a problem or a need for SMTP auth on private / > managed networks... > > Again, spam zombies will try to look for SMTP relays. If they find one on the local network, they will try to use it. If it won't let them send stuff through because authentication is needed, then the problem is mitigated - and you'll have lines on your log that'll let you see where the problem is. It also makes roaming users more "transparent" since they can relay by authenticating from anywhere. It also gives you an additional line on your headers which can be used to trace abuse. The "it's more trouble than it's worth" line is the only point I see that is really a matter of opinion; otherwise enabling AUTH is a win-win situation, in my experience. I don't want this to become a flame war or anything, it's just that this topic has been covered already (search for Muhamad Nauman's contributions on the subject), and even ISP's with thousands of users find it helps a lot. Maybe I shouldn't have used the term "lazy"; in retrospect I think it might have hurt someone's feelings. For that I'm sorry. I just find it an option too easy to implement nowadays, with too much to gain and so little to lose. I'm responsible, directly or indirectly, for a lot of people's mail; I only get AUTH-related support calls once or twice a year, from a pool of a few thousand accounts at a couple of dozen companies. My clients monitor their logs for rogue machines trying to send out unauthenticated e-mail from their own networks and will often spot compromised machines that way. That's the reason why I find it trivial to implement and immensely beneficial. > -- > This message was scanned by ESVA and is believed to be clean. > > From R.Sterenborg at netsourcing.nl Thu Jun 14 06:43:40 2007 From: R.Sterenborg at netsourcing.nl (Rob Sterenborg) Date: Thu Jun 14 06:44:08 2007 Subject: email spoofing In-Reply-To: <00ed01c7ae07$de02fb90$9a08f2b0$@net> References: <00c401c7ae03$d6f8e840$84eab8c0$@net> <00ed01c7ae07$de02fb90$9a08f2b0$@net> Message-ID: <74ACEB3E6A055643A89B8CEC74C7BF2488E07C@WISENT.dcyb.net> >> When I telnet port 25 in some sendmail servers (all I tried) also >> postfix and even ms exchange I can send mails with no authentication >> (using smtp commands), all the cases internal mails but also can >> relay to external accounts. In both cases I can send mails via mail >> client (outlook, Eudora etc.) just defining the account and leaving >> blank the password field, even if I have to authenticate the users >> in order to send email. As said, internal IP's indeed usually bypass smtp-auth. In fact, you shouldn't even need to specify a user/pass to send email via the MTA. External IP's should use smtp-auth with a valid user/pass (although res thinks it's not worth it: well, maybe in his case it isn't). If you can relay email from an external IP with only a valid user and no pass, then I think your MTA is misconfigured and you should look at it's configuration. -- Rob From res at ausics.net Thu Jun 14 07:08:09 2007 From: res at ausics.net (Res) Date: Thu Jun 14 07:08:21 2007 Subject: email spoofing In-Reply-To: <46709110.5030200@nkpanama.com> References: <00c401c7ae03$d6f8e840$84eab8c0$@net> <467082EE.9050708@nkpanama.com> <46709110.5030200@nkpanama.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NotDashEscaped: You need GnuPG to verify this message On Wed, 13 Jun 2007, Alex Neuman wrote: >> I will always allow all of our IP ranges for relay on the cust-out-smtp's >> as there is nothing at all wrong with doing so, so long as you don't add in >> IP ranges that aren't your own, and since no network competently setup >> routes RFC1918 addresses, its moot point. >> >> > The F point, to use your own terms, is to avoid (read: make it more difficult > to happen) spam zombies spewing stuff out of your network and getting you > blacklisted. Most spam zombies will not authenticate - therefore, the e-mail > won't leave your network. This, combined with a firewall policy that only > allows port 25 traffic on your own servers can mitigate a spam zombie problem > before it begins. How many IP ranges are you responsible for? certainly not a major network. Blocking outgoing 25 is also not an acceptable choice in this part of the world, unless all major carriers do it, which wont happen because the moment some do the others use that as a customer sales point. We have very little outgoing spam issues, (I say very little because to say we have none, would be very nieve, everybody has it, no mater how good our networks are with inplace ACL's policies etc). We had far more when we used smtp auth. If a customer gets their IP blacklisted, so be it, better that then our cust out servers RBL'd affecting countless thousands. -- Cheers Res -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGcNtJsWhAmSIQh7MRAtQEAKCm695OD4KatqsatJtS/iu7OF6uCwCfWwda +lYr2Z66rEMGSZQfRClbKzg= =LRm/ -----END PGP SIGNATURE----- From list-mailscanner at linguaphone.com Thu Jun 14 09:03:41 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Thu Jun 14 09:03:47 2007 Subject: Problem with filename checks within archives. Message-ID: <1181808221.28926.4.camel@gblades-suse.linguaphone-intranet.co.uk> I have a problem with my mailscanner installation in that mailscanner is performing filename checks of files within zip and rar archives. Also when the mail is quaranteened the original zip/rar file is quaranteened together with uncompressed copies of all it contents. What I want to do is have attachments filename/filetype checked but not the contents of the archives. It looks like I can comment out the rar command in the config but this will disable checking to see if rar files are password protected. Am I missing an option somewhere? From prandal at herefordshire.gov.uk Thu Jun 14 09:18:33 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Jun 14 09:18:59 2007 Subject: SORBS a PITA on spam backscatter ... In-Reply-To: <46703722.60909@glendown.de> References: <46703722.60909@glendown.de> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAD53AB3@HC-MBX02.herefordshire.gov.uk> The "Scam-backscatter" milter might do what you want. http://www.elandsys.com/scam/scam-backscatter/ You need to configure exchange 2003 (or later) to reject invalid recipients during the SMTP phase for this to work: https://support.interjuncture.com/index.php?_m=knowledgebase&_a=viewarti cle&kbarticleid=25 Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Garry Glendown > Sent: 13 June 2007 19:28 > To: MailScanner discussion > Subject: OT: SORBS a PITA on spam backscatter ... > > Sorry, this is most likely somewhat off topic, but maybe I could get > some suggestions ... > > One of our customers was hit by a presumably larger amount of spam > mails, addressed to mail addresses collected somehow, but > with errors in > the addresses (first part of the mail address duplicated, like > "johnjohn@do.main" instead of "john@do.main"). They are operating a > multi-level mail service, with MS on our side, delivering to an SMTP > proxy, then over through a virus scanner, and finally to the > actual mail > server (M$ Exchange). Mails are accepted, even by the Exchange server, > which in turn generates a non-delivery receipt for wrong addresses. > > For outgoing mail, our central mail server is the smarthost. Which in > turn got listed on SORBS for delivering spam backscatter ... great. As > far as I see it, delivering the mails, which in themselves > are generated > in compliance with RFCs, is fully legitimate. > > What should we do? We get complaints due to the fact that > certain mails > sent from other customers are being blocked on recipient > mailservers due > to our server being SORBS-listed ... > > I personally do not see any way of identifying whether such a receipt > (if I'm able to even decide that it is a non-delivery receipt) is for > legitimate mails that couldn't be delivered, or for spam. > > Any suggestions? > > tnx, -garry > > -- > Orwell war ein Optimist > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Thu Jun 14 10:36:48 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 14 10:38:46 2007 Subject: Invalid postfix queue files (UNCLASSIFIED) In-Reply-To: <223f97700706131454s2dfef139tc79b58be63e9c773@mail.gmail.com> References: <88991ECEE371C644986F0C8837C207B70173B1F1@ARLABML01.DS.ARL.ARMY.MIL> <223f97700706131454s2dfef139tc79b58be63e9c773@mail.gmail.com> Message-ID: <46710C30.6040402@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: > On 13/06/07, Paul wrote: >> Kash, Howard (Civ, ARL/CISD arl.army.mil> writes: >> > >> > After upgrading to MS 4.60.8, MailScanner has started reporting >> "New Batch: >> Found invalid queue files: ". Each of the queue >> files >> appears to have a truncated message contents section and 90% of them end >> with "To: undisclosed-recipients:;". There's a total of about 30 of them >> since I upgraded on June 4. Anyone else seeing this? I also upgraded >> postfix >> from 2.3.9 to 2.3.11 at the same time, but figured I'd start here >> first since >> the postfix group will blame MailScanner anyway... >> > Thanks, >> > >> > Howard >> >> >> I'm seeing this also on all three of my MailScanner servers runnning >> SuSE >> 10.2, MailScanner version 4.61.2 with Postfix 2.4.3 >> > There is a patch (in one of the other messagesin this thread) that > fixes this problem. The messages were completely lacking a body, and I > failed to see this in time... All better now:-) > > If I didn't offend Jules too much (I thought I asked nicely for a > beta, but he read it as a more ... assertive statement (rightly so, > english baffels me from time to time:-) ...), :-) > he'll find the time and > energy to put this in the next beta (which hopefully isn't too far > off). > Jules, since this affects all postfix systems... Could we have one > rather soonish, please? Sure thing. Give me a minute or two to catch up, and I'll do it for you. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGcQxVEfZZRxQVtlQRAulPAKD2ASNUw6XLk1vprJ995Iw5isoVRACgotgH bSUTuvd9gsA4J+3XSOZZI5U= =QhAg -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Thu Jun 14 10:41:34 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 14 10:44:09 2007 Subject: Problem with filename checks within archives. In-Reply-To: <1181808221.28926.4.camel@gblades-suse.linguaphone-intranet.co.uk> References: <1181808221.28926.4.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <46710D4E.2080501@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gareth wrote: > I have a problem with my mailscanner installation in that mailscanner is > performing filename checks of files within zip and rar archives. > > Also when the mail is quaranteened the original zip/rar file is > quaranteened together with uncompressed copies of all it contents. > > What I want to do is have attachments filename/filetype checked but not > the contents of the archives. > It looks like I can comment out the rar command in the config but this > will disable checking to see if rar files are password protected. > > Am I missing an option somewhere? > Yes, you are :-) Look at "Maximum Archive Depth = 0". Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGcQ2BEfZZRxQVtlQRArEIAJ9WY06t+wy3NBo+e5dSPNNP4SciigCgtJ1V vr0CKK/CE7twIWsTZNmfMSg= =lR4y -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Thu Jun 14 11:04:15 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 14 11:06:19 2007 Subject: Beta release 4.61.3 Message-ID: <4671129F.80201@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just released the latest beta, 4.61.3. I would particularly like clamd users and Postfix users to test this release, please. Download as usual from www.mailscanner.info. New additions in this beta versus the previous beta are: 3 'MailScanner --lint' now finds clamd virus scanner. 3 Made clamd subsys lock file blank by default, so it works on non-Linux systems. 3 Added another example to the Allowed Sophos Error Messages setting for password-protected files. 3 Fixed "identified/found" bug in AVG parser. 3 Fixed bugs in Panda and AVG parsers courtesy of Rick Cooper. 3 Fixed bug in Postfix handler which caused a problem with empty messages. The entire Change Log for this version is currently: * New Features and Improvements * 1 Direct support for the "clamd" virus scanner -- now talks directly to the clamd daemon without any overhead of calling clamd-wrapper or clamdscan. As a result, this should be faster than the previous clamd support. It also has a much smaller memory footprint than the "clamavmodule" scanner. This is all thanks to Rick Cooper who wrote the original code. New configuration options are - Clamd Port = 3310 - Clamd Socket = /tmp/clamd - Clamd Lock File = /var/lock/subsys/clamd - Clamd Use Threads = no The use of these settings is explained in the MailScanner.conf file. 2 Changed session handling in direct clamd virus scanner support. 3 'MailScanner --lint' now finds clamd virus scanner. 3 Made clamd subsys lock file blank by default, so it works on non-Linux systems. 3 Added another example to the Allowed Sophos Error Messages setting for password-protected files. * Fixes * 2 Fixed bug in auto-zip feature with a message containing 2 attachments with the same filename. 2 Fixed bug in auto-zip feature that would allow zipping of an attachment which had been cleaned out of the message. 3 Fixed "identified/found" bug in AVG parser. 3 Fixed bugs in Panda and AVG parsers courtesy of Rick Cooper. 3 Fixed bug in Postfix handler which caused a problem with empty messages. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGcRKiEfZZRxQVtlQRAtliAKCgWYm6Rw05c9kAIu5Rv5S3S6e5gwCaAp6t kQUYsCd1oLtmm32euXG+5Lg= =G7Oz -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From uxbod at splatnix.net Thu Jun 14 11:48:41 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Jun 14 11:48:50 2007 Subject: Beta release 4.61.3 In-Reply-To: <4671129F.80201@ecs.soton.ac.uk> References: <4671129F.80201@ecs.soton.ac.uk> Message-ID: Have just installed so will see how it goes. On Thu, 14 Jun 2007 11:04:15 +0100, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have just released the latest beta, 4.61.3. > I would particularly like clamd users and Postfix users to test this > release, please. > > Download as usual from www.mailscanner.info. > > New additions in this beta versus the previous beta are: > 3 'MailScanner --lint' now finds clamd virus scanner. > 3 Made clamd subsys lock file blank by default, so it works on non-Linux > systems. > 3 Added another example to the Allowed Sophos Error Messages setting for > password-protected files. > 3 Fixed "identified/found" bug in AVG parser. > 3 Fixed bugs in Panda and AVG parsers courtesy of Rick Cooper. > 3 Fixed bug in Postfix handler which caused a problem with empty messages. > > The entire Change Log for this version is currently: > > * New Features and Improvements * > 1 Direct support for the "clamd" virus scanner -- now talks directly to > the > clamd daemon without any overhead of calling clamd-wrapper or clamdscan. > As a result, this should be faster than the previous clamd support. > It also has a much smaller memory footprint than the "clamavmodule" > scanner. > This is all thanks to Rick Cooper who wrote the original code. > New configuration options are > - Clamd Port = 3310 > - Clamd Socket = /tmp/clamd > - Clamd Lock File = /var/lock/subsys/clamd > - Clamd Use Threads = no > The use of these settings is explained in the MailScanner.conf file. > 2 Changed session handling in direct clamd virus scanner support. > 3 'MailScanner --lint' now finds clamd virus scanner. > 3 Made clamd subsys lock file blank by default, so it works on non-Linux > systems. > 3 Added another example to the Allowed Sophos Error Messages setting for > password-protected files. > > * Fixes * > 2 Fixed bug in auto-zip feature with a message containing 2 attachments > with > the same filename. > 2 Fixed bug in auto-zip feature that would allow zipping of an attachment > which had been cleaned out of the message. > 3 Fixed "identified/found" bug in AVG parser. > 3 Fixed bugs in Panda and AVG parsers courtesy of Rick Cooper. > 3 Fixed bug in Postfix handler which caused a problem with empty messages. > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.1 (Build 1012) > Charset: ISO-8859-1 > > wj8DBQFGcRKiEfZZRxQVtlQRAtliAKCgWYm6Rw05c9kAIu5Rv5S3S6e5gwCaAp6t > kQUYsCd1oLtmm32euXG+5Lg= > =G7Oz > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From nerijusb at dtiltas.lt Thu Jun 14 12:02:49 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Thu Jun 14 12:10:06 2007 Subject: kaspersky and MScanner In-Reply-To: <200706141051.44893.gcle@smcaus.com.au> References: <200706131603.22200.gcle@smcaus.com.au> <200706141051.44893.gcle@smcaus.com.au> Message-ID: <20070614110944.427631224AC@mx-b.vdnet.lt> On Thu, 14 Jun 2007 10:51:44 +1000 Gerard Cleary wrote: > I've just realised that we are running Kaspersky Version 5.5 for MAIL SERVERS > whereas the package kav4fs-5.5-27.rpm is Kaspersky 5.5 for FILE SERVERS. > Perhaps MailScanner has been configured to run with the MAIL SERVER version of > Kaspersky rather than any other version ? No. Even workstation version is ok, you just need to have kavscanner (executable or link) and be able to run it as ordinary user (not root). See my earlier messages in this thread. Regards, Nerijus From nerijusb at dtiltas.lt Thu Jun 14 12:10:42 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Thu Jun 14 12:20:06 2007 Subject: Beta release 4.61.3 In-Reply-To: <4671129F.80201@ecs.soton.ac.uk> References: <4671129F.80201@ecs.soton.ac.uk> Message-ID: <20070614112002.C2A4EFF0F@mx-a.vdnet.lt> On Thu, 14 Jun 2007 11:04:15 +0100 Julian Field wrote: > I have just released the latest beta, 4.61.3. Could you please rename /etc/cron.daily/sa-update to update_spamassassin as per discussion in "/etc/cron.daily/sa-update rpm conflict" thread? Because it clashes now with atrpms spamassassin package and will probably clash with Fedora package in the future. And it will be consistent with update_phishing_sites and update_virus_scanners :) Regards, Nerijus From alex at nkpanama.com Thu Jun 14 15:10:08 2007 From: alex at nkpanama.com (Alex Neuman) Date: Thu Jun 14 15:10:49 2007 Subject: email spoofing In-Reply-To: <74ACEB3E6A055643A89B8CEC74C7BF2488E07C@WISENT.dcyb.net> References: <00c401c7ae03$d6f8e840$84eab8c0$@net> <00ed01c7ae07$de02fb90$9a08f2b0$@net> <74ACEB3E6A055643A89B8CEC74C7BF2488E07C@WISENT.dcyb.net> Message-ID: <46714C40.4030006@nkpanama.com> Rob Sterenborg wrote: >>> When I telnet port 25 in some sendmail servers (all I tried) also >>> postfix and even ms exchange I can send mails with no authentication >>> (using smtp commands), all the cases internal mails but also can >>> relay to external accounts. In both cases I can send mails via mail >>> client (outlook, Eudora etc.) just defining the account and leaving >>> blank the password field, even if I have to authenticate the users >>> in order to send email. >>> > > As said, internal IP's indeed usually bypass smtp-auth. In fact, you > shouldn't even need to specify a user/pass to send email via the MTA. > > Indeed usually because admins set it up that way. Sendmail, for example, only whitelists localhost and 127.0.0.1 by default. > External IP's should use smtp-auth with a valid user/pass (although res > thinks it's not worth it: well, maybe in his case it isn't). If you can > relay email from an external IP with only a valid user and no pass, then > I think your MTA is misconfigured and you should look at it's > configuration. > > > -- > Rob > From rpoe at plattesheriff.org Thu Jun 14 17:39:30 2007 From: rpoe at plattesheriff.org (Rob Poe) Date: Thu Jun 14 17:42:00 2007 Subject: High ClamScan ... In-Reply-To: <466DA924.4050701@ecs.soton.ac.uk> References: <466D5E96.65ED.00A2.0@plattesheriff.org> <466DA924.4050701@ecs.soton.ac.uk> Message-ID: <467128F4.65ED.00A2.0@plattesheriff.org> Worked great on my Centos 4.x boxes. I have a Perl problem on the Centos 3.x box (i.e. some dumb ass upgraded Perl to a Centos 4.x version). The Mail::ClamAV won't compile in CPAN (but finally got it to on the command line by untarring, perl Makefile.PL make / make install .. and CPAN says it's installed correctly, but MailScanner says it cannot filnd the module. >>> Julian Field 6/11/2007 2:57 PM >>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Use the clamavmodule or clamd scanners instead. You can install the clamavmodule as part of my ClamAV+SA easy-to-install package available from www.mailscanner.info. Or else get the clamd RPM from dag.wieers.com, start it up and tell MailScanner to use the clamd scanner. Rob Poe wrote: > >From Top > > 30174 clam 25 0 26352 25M 1100 R 25.9 1.0 0:07 0 clamscan > 30142 clam 25 0 27044 26M 1100 R 25.5 1.0 0:19 0 clamscan > 30387 clam 25 0 13936 13M 1096 R 21.1 0.5 0:01 0 clamscan > 30128 clam 25 0 27488 26M 1100 R 19.9 1.0 0:30 0 clamscan > > load average: 6.86, 4.74, 3.31 > > Centos 3.x, Dual Xeon 2.8 /w 2.5 gigs of ram/HP Proliand DL380G3 /w hardware RAID 1 (SCSI 10k drives) > > What gives? > > Is there a better way to do this? Seems that clamscan is tooo freaking slow any more.. > > Another box: > 16842 clam 25 0 18260 13m 1204 R 99 0.6 0:29.65 clamscan > 17024 clam 25 0 12100 6696 1204 R 92 0.3 0:06.72 clamscan > 16884 clam 25 0 19416 12m 1204 R 72 0.6 0:23.79 clamscan > 17050 clam 25 0 6808 2276 1044 R 54 0.1 0:01.95 clamscan > load average: 5.01, 3.86, 3.43 > Centos 4.x, dual 2.8 xeon, 2g ram, dual SATA on a 3Ware controller > > These aren't slow boxes .. but Clam is killing them.. > > > > > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGbakxEfZZRxQVtlQRAsquAJ9FEm1oxMON1iLouPQW/W7DAK2QqwCg+tNp rUuq2j3hIDh9YxjUsOlmhf8= =Dh3L -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From rpoe at plattesheriff.org Thu Jun 14 17:41:44 2007 From: rpoe at plattesheriff.org (Rob Poe) Date: Thu Jun 14 17:44:15 2007 Subject: how to block mail where From and To are the same? In-Reply-To: <463215E2.4060402@ecs.soton.ac.uk> References: <1E293D3FF63A3740B10AD5AAD88535D204CD3925@UBIMAIL1.ubisoft.org> <463215E2.4060402@ecs.soton.ac.uk> Message-ID: <46712979.65ED.00A2.0@plattesheriff.org> So that would break me sending myself love notes? :) >>> Julian Field 4/27/2007 10:25 AM >>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You could do this with a very simple Custom Function. It would just check to see if 1) There is only 1 recipient 2) The recipient address @{$message->{from}}[0] eq the sender address $message->{from}. Don't trust the syntax is 100% accurate, my Perl is a bit rusty due to my hospital stay. Quite which configuration option you would attach this to is left as an exercise for the reader :-) Jules. Daniel Maher wrote: > > Hello all, > > Lately I have been receiving an increasingly large amount of spam > where both the From and To fields are identical (and, of course, > forged). The net result is that many of my users appear to be > receiving spam /from themselves/, which is causing some distress > amongst the user base. > > Now, there are a handful of ways to deal with this situation; however, > like always, the community probably already knows the best way to > block ? or at least add SA points to ? such spam. > > I?m using Postfix 2.0 (yes, I know), and the newest MailScanner & > SpamAssassin. Thank you all for your comments and suggestions. > > -- > > _ > ?v? Daniel Maher > /(_)\ Administrateur Syst?me Unix > ^ ^ Unix System Administrator > > //?How can a man choose between Fresh and Fly? And believe me, there > IS a difference.? ? Crack Stuntman, 2007.//// > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: windows-1252 wj8DBQFGMhYMEfZZRxQVtlQRAlhSAJsEYUkTK0EpuiQw4g5r8aICLEcWgACZAc1K +qxaacs+nk0jHtE0tSkRE2c= =WpyW -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From rpoe at plattesheriff.org Thu Jun 14 17:57:28 2007 From: rpoe at plattesheriff.org (Rob Poe) Date: Thu Jun 14 17:58:39 2007 Subject: ANNOUNCE: BarricadeMX is released In-Reply-To: <456601c7a24b$9104db50$b30e91f0$@swaney@fsl.com> References: <54C6E1F0-01FF-4365-A395-D00BFED6C980@ecs.soton.ac.uk> <465C87FD.7090507@tc3net.com> <447401c7a230$fbdd1b10$f3975130$@swaney@fsl.com> <456601c7a24b$9104db50$b30e91f0$@swaney@fsl.com> Message-ID: <46712D2A.65ED.00A2.0@plattesheriff.org> So, I understand that Fort and Snert have partnered up to stop spam at the MTA ...... and obviously it will be a proprietary method, but inquiring minds still want to know .. Anyone have any kind of idea on the techniques? I have 2 clients. One is a trucking firm. They get a lot of trade industry magazines (which SpamAssassin hates) and a lot of people in the trucking industry who think it fine that they have a 400x400 inline .gif with their signature and other misc. stuff, in an email with a "Hey give me a call if you want me to service your loads" ... yeah SA hates that too.. The other is a law firm. They want Artificial Intelligence for their spam filter. Everything that ISN'T SPAM gets delivered and everything that IS SPAM doesn't -- no errors. Of course, if you go too strict on filtering you can lose emails, and if you go too lose you end up with horse sex in your inbox ... how does this product compare to current methods? Greylisting has helped tremendously, but there are still some seriously BRAIN DEAD admins running some seriously BRAIN DEAD email apps that don't ever retry.. So for the two above clients, it didn't work so well. (oh, and why do people make 10 outbound mail gateways, so a message that retries goes between the 10 different hosts, getting a greylist deny every time, but te delivery retry is > 1 minute) ??? From steve.swaney at fsl.com Thu Jun 14 19:30:15 2007 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jun 14 19:30:20 2007 Subject: ANNOUNCE: BarricadeMX is released In-Reply-To: <46712D2A.65ED.00A2.0@plattesheriff.org> References: <54C6E1F0-01FF-4365-A395-D00BFED6C980@ecs.soton.ac.uk> <465C87FD.7090507@tc3net.com> <447401c7a230$fbdd1b10$f3975130$@swaney@fsl.com> <456601c7a24b$9104db50$b30e91f0$@swaney@fsl.com> <46712D2A.65ED.00A2.0@plattesheriff.org> Message-ID: <0d7801c7aeb2$0da81740$28f845c0$@swaney@fsl.com> > -----Original Message----- > From: Rob Poe [mailto:rpoe@plattesheriff.org] > Sent: Thursday, June 14, 2007 12:57 PM > To: info@fsl.com; 'MailScanner discussion' > Subject: RE: ANNOUNCE: BarricadeMX is released > > So, I understand that Fort and Snert have partnered up to stop spam at > the MTA ...... and obviously it will be a proprietary method, but > inquiring minds still want to know .. Anyone have any kind of idea on > the techniques? I can send any who wants the full documentation which will give some clues as to how the application works. Please contact me off list. Just knowing the test that are run is however only a small part of the answer. The process works by examining the behavior of the spammer during the initial part of the SMTP conversation before the DATA phase of the transmission. Bad guys are dropped or rejected as soon as we know they are a spammer. Why waste time with spammers. Why run stuff that's obviously spam through SpamAssassin. I'll take a 4MB multi-threaded C program over Perl any time it does (most of) job :) The tests are applied using branching logic. each test the sender passed or fails affect their path through the rest of the tests (over 60 individual tests) - thousands of different paths. This is the true secret (proprietary) part of the application. They are deadly accurate. The idea here is to safely reject (with an NDR) as much of the junk as possible and it does work. Most of the BarricadeMX sites are rejecting over 90% of all of the incoming traffic with very little with listing required for required for the really clueless administrators out there. > > I have 2 clients. One is a trucking firm. They get a lot of trade > industry magazines (which SpamAssassin hates) and a lot of people in > the trucking industry who think it fine that they have a 400x400 inline > .gif with their signature and other misc. stuff, in an email with a > "Hey give me a call if you want me to service your loads" ... yeah SA > hates that too.. No SpamAssassin types heuristic tests are used. Body checks for URLs / URIs may be configured against different RBLs. > > The other is a law firm. They want Artificial Intelligence for their > spam filter. Everything that ISN'T SPAM gets delivered and everything > that IS SPAM doesn't -- no errors. Everything that is rejected is sent a NDR (customizable by site) which can let the blocked sender know who to contact to fix the problem. > > Of course, if you go too strict on filtering you can lose emails, and > if you go too lose you end up with horse sex in your inbox ... how does > this product compare to current methods? Less spam without more false positives. Reduced load on the gateways and mail hubs And increased capacity for MailScanner systems. Most site that use multiple gateways an turn off 1/2 of the gateways. (do leave two for redundancy ;) Please note that this is not normally a standalone system. While it can run SpamAssassin and ClamAV against each message, It's normally used in front of MailScanner, DefenderMX or any spam detection / antivirus gateway. A good MailScanner system can and will catch the last 6% to 10% of the spam that gets through. It just won't be working very hard to catch it :) > > Greylisting has helped tremendously, but there are still some seriously > BRAIN DEAD admins running some seriously BRAIN DEAD email apps that > don't ever retry.. So for the two above clients, it didn't work so > well. > We have some new grey listing techniques (patent pending) that are better than those currently available. Brain dead sites (very few actually) are easily white listed. > (oh, and why do people make 10 outbound mail gateways, so a message > that retries goes between the 10 different hosts, getting a greylist > deny every time, but te delivery retry is > 1 minute) ??? Actually we fixed that problem too. Thanks for asking and I hope that I addressed your concerns. Free no obligation demos are available for CentOS / RH 3 (no web interface) 4 and 5 on our web site. FreeBSD and OpenBSD versions are also available but please contact me off list for these. Best regards, Steve Steve Swaney steve@fsl.com www.fsl.com From andy.mac at global-domination.org Thu Jun 14 19:39:31 2007 From: andy.mac at global-domination.org (Andrew MacLachlan) Date: Thu Jun 14 19:39:27 2007 Subject: ANNOUNCE: BarricadeMX is released Message-ID: This message had me ROFL, but some valid points made. -----Original Message----- >Greylisting has helped tremendously, but there are still some seriously >BRAIN DEAD admins running some seriously BRAIN DEAD email apps that don't >ever retry.. So for the two above clients, it didn't work so well. >(oh, and why do people make 10 outbound mail gateways, so a message that >retries goes between the 10 different hosts, getting a greylist deny every >time, but te delivery retry is > 1 minute) ??? Have you tried SQLgrey? It uses some intelligence when deciding what to Greylist - i.e. if it looks like a real mailserver (reverse lookup) it will often pass the message straight through - sometimes it will allow anything within the same class c network resend the message - other times it insists the original host resends. It also AWLs entire domains once it's seen enough legit traffic from the same mailservers... - Granted SQLgrey doesn't help those braindead apps, but it does have some good reporting via an add-on php interface. -- This message was scanned by ESVA and is believed to be clean. From ssilva at sgvwater.com Thu Jun 14 19:43:30 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 14 19:43:45 2007 Subject: ANNOUNCE: BarricadeMX is released In-Reply-To: <46712D2A.65ED.00A2.0@plattesheriff.org> References: <54C6E1F0-01FF-4365-A395-D00BFED6C980@ecs.soton.ac.uk> <465C87FD.7090507@tc3net.com> <447401c7a230$fbdd1b10$f3975130$@swaney@fsl.com> <456601c7a24b$9104db50$b30e91f0$@swaney@fsl.com> <46712D2A.65ED.00A2.0@plattesheriff.org> Message-ID: Rob Poe spake the following on 6/14/2007 9:57 AM: > So, I understand that Fort and Snert have partnered up to stop spam at the > MTA ...... and obviously it will be a proprietary method, but inquiring > minds still want to know .. Anyone have any kind of idea on the techniques? > > > I have 2 clients. One is a trucking firm. They get a lot of trade > industry magazines (which SpamAssassin hates) and a lot of people in the > trucking industry who think it fine that they have a 400x400 inline .gif > with their signature and other misc. stuff, in an email with a "Hey give me > a call if you want me to service your loads" ... yeah SA hates that too.. Spamassassin is not perfect. No machine will be as intelligent as a person..the "brains" just don't work the same. > The other is a law firm. They want Artificial Intelligence for their spam > filter. Everything that ISN'T SPAM gets delivered and everything that IS > SPAM doesn't -- no errors. If they want NO false positives or negatives, they will need a warm body sitting at a desk reviewing what gets caught and correcting what doesn't get caught. If they can find a lawyer who; 1) never makes a mistake 2) admits it when he could be wrong maybe they will find a machine that good. Many law firms only screen for viruses, and let all spam in just so they don't miss things. > Of course, if you go too strict on filtering you can lose emails, and if > you go too lose you end up with horse sex in your inbox ... how does this > product compare to current methods? > > Greylisting has helped tremendously, but there are still some seriously > BRAIN DEAD admins running some seriously BRAIN DEAD email apps that don't > ever retry.. So for the two above clients, it didn't work so well. > > (oh, and why do people make 10 outbound mail gateways, so a message that > retries goes between the 10 different hosts, getting a greylist deny every > time, but te delivery retry is > 1 minute) ??? > The reason people have multiple outbound gateways is for; 1) load 2) redundancy What I would like to see is an addin for mailscanner that watches outgoing mail and whitelists the "to" addresses for a configurable period of time. Usually mail sent out is expected to be replied to. But IANAP. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From steve.freegard at fsl.com Thu Jun 14 20:48:47 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Thu Jun 14 20:48:48 2007 Subject: [Fwd: Some highlights about BarricadeMX] Message-ID: <46719B9F.9070305@fsl.com> Cross posting Anthony's reply to Rob as Anthony is not a member of this list. -------- Original Message -------- Subject: Some highlights about BarricadeMX Date: Thu, 14 Jun 2007 21:16:02 +0200 From: Anthony Howe To: Steve Freegard CC: barricademx@snertsoft.info Steve, please forward my reply to the MailScanner list. I'm posting to the BarricadeMX list as it might be of some interest there too. Rob Poe (from the MailScanner list) wrote: > So, I understand that Fort and Snert have partnered up to stop spam > at the MTA ...... and obviously it will be a proprietary method, but > inquiring minds still want to know .. Anyone have any kind of idea on > the techniques? The usual suspects. BarricadeMX blends many of the SnertSoft milters into one comprehensive package. a) Enhanced grey-listing which applies two optimisations (one to address mail server pools sharing a common queue ie. gmail.com; the other, once a message from a host passes greylisting messages from that host/domain for all subsequent messages will pass, ie. pay the grey-list delay ONCE only); see http://www.snertsoft.com/smtp/smtpf/smtpf-cf.html#smtpf_grey_list b) Enhanced Message-ID as Email Watermark, which can be used to filter backscatter and skip content filtering if a message is identified as reply to previously sent mail. http://www.snertsoft.com/smtp/smtpf/smtpf-cf.html#smtpf_emew MailScanner had a patch applied to take advantage of EMEW. If combined with dns-gl it would be possible to by-pass both pre and post-DATA filtering. Of course we have dns-bl and dns-wl support too. c) Some other interesting tests are "client is MX" to softens PTR requirements and IP-in-PTR ie. looks like dynamic IP tests. http://www.snertsoft.com/smtp/smtpf/smtpf-cf.html#smtpf_client_is_mx d) Another interesting combination is multiline welcome banner combined with 500ms or 1s command-pause will catch out e) The multicast/unicast cache deals with the problem of sharing call-ahead, grey-listing, and other global data between MXes. It is fast and effective. f) Client Rate Throttling, Global Rate Throttle, & Client Concurrency. Nothing particularly spectacular there, sendmail already has this and ours is similar, though we apply ours in the accept() loop. g) URLBL application to HELO and MAIL FROM:. Not a new idea, but not widely used either. h) Tar-pitting of negatives SMTP responses. Handy for dictionary like probing during a SMTP session. i) EHLO no HELO and schizophrenic HELO checks. By disabling ESMTP you catch some spamware that assume EHLO and fail to fall back on HELO when rejected. Also if they EHLO/HELO with one name, but fail to EHLO/HELO with the same name on the next or subsequent attempts you can reject too. Note that RFC 2821 HELO/EHLO is equivalent to RSET once the first HELO is accepted. http://www.snertsoft.com/smtp/smtpf/smtpf-cf.html#smtpf_smtp (last paragraph) There is more. So much I forget what is novel and what has been done before. You have to read the documentation to get see for yourself. > I have 2 clients. One is a trucking firm. They get a lot of trade > industry magazines (which SpamAssassin hates) and a lot of people in > the trucking industry who think it fine that they have a 400x400 > inline .gif with their signature and other misc. stuff, in an email > with a "Hey give me a call if you want me to service your loads" ... > yeah SA hates that too.. BarricadeMX can do some real-time content filtering such as clamav, spamassassin, and uribl tests in which it will reject or discard. However, it is limited by the proxy design in that it cannot tag nor quarantine messages based on content (we don't use temp. or queue files). milter-spamc, MailScanner, or similar is still required for that level of functionality. So things like inline images and their like will require tweaking of SpamAssassin as with MailScanner. > The other is a law firm. They want Artificial Intelligence for their > spam filter. Everything that ISN'T SPAM gets delivered and > everything that IS SPAM doesn't -- no errors. No anti-spam technique is perfect. Expectations of such are unrealistic. We just don't have enough good AI for such yet. (I'll note it as an enhancement request though; insert Spock's brain.) Depending on your paranoia and the set of BarricadeMX options you apply, you can tone down the filtering or make it really strict. The FSL web user interface for BarricadeMX provides three default levels of strength, after which you can customise. Regardless of the options you apply, a MailScanner or SpamAssassin installation will still benefit as the machine will see less system load. In your example, you turn on only those tests you are happy with and then let a second level filter like MailScanner have its turn. BarricadeMX was originally intended as a pre-filter for MailScanner to reduce system load by catching the low hanging fruit. What we found with BarricadeMX in beta testing, was it would catch the low hanging fruit on really tall trees :-) > Of course, if you go too strict on filtering you can lose emails, and > if you go too lose you end up with horse sex in your inbox ... how > does this product compare to current methods? > > Greylisting has helped tremendously, but there are still some > seriously BRAIN DEAD admins running some seriously BRAIN DEAD email > apps that don't ever retry.. So for the two above clients, it didn't > work so well. There is no suitable solution for brain dead brokeness that fails to follow RFC 2821 recommended mail delievery strategies. If a customer chooses to use broken software and the developer won't fix it, then all you can do is white list them if you like them enough. > (oh, and why do people make 10 outbound mail gateways, so a message > that retries goes between the 10 different hosts, getting a greylist > deny every time, but te delivery retry is > 1 minute) ??? We can fix ignorance, we can't fix stupidity. Really short retry times less than 5 minutes are IMHO are just stupid and the result of pointy clickity type mentalities performing system administration tasks in which they are not competent in. However, rate throttling and the multicast/unicast cache does help some aspects of this problem. Another feature of BarricadeMX are the runtime and hourly stats (version 1.1 will have rolling 60 minutes stats too). Below is an example from a test machine. Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220-XXX.XXX.XXX ESMTP Welcome to smtpf 220 Copyright 2006, 2007 by SnertSoft. All rights reserved. stats 214-2.0.0 smtpf/1.0.146 (runtime) 214-2.0.0 start-time=Thu, 14 Jun 2007 11:57:12 -0400 214-2.0.0 age=10493 214-2.0.0 active-connections=11 214-2.0.0 high-connections=23 (100.00%) 214-2.0.0 high-connections-per-second=5 (100.00%) 214-2.0.0 high-session-time=350 (100.00%) 214-2.0.0 total-KB=973 (100.00%) 214-2.0.0 CLIENTS=5724 (100.00%) 214-2.0.0 dropped=4422 (77.25%) 214-2.0.0 data-354=76 (1.33%) 214-2.0.0 client-io-error=1076 (18.80%) 214-2.0.0 client-timeout=11 (0.19%) 214-2.0.0 server-io-error=113 (1.97%) 214-2.0.0 admin-commands=75 (1.31%) 214-2.0.0 auth-pass=0 (0.00%) 214-2.0.0 auth-fail=0 (0.00%) 214-2.0.0 bogus-helo=2 (0.03%) 214-2.0.0 concurrent=0 (0.00%) 214-2.0.0 connect-bl=12 (0.21%) 214-2.0.0 connect-lan=0 (0.00%) 214-2.0.0 connect-localhost=76 (1.33%) 214-2.0.0 connect-relay=76 (1.33%) 214-2.0.0 connect-wl=0 (0.00%) 214-2.0.0 dns-bl=2750 (48.04%) 214-2.0.0 dns-gl=38 (0.66%) 214-2.0.0 dns-wl=0 (0.00%) 214-2.0.0 ehlo-no-helo=1508 (26.35%) 214-2.0.0 helo-claims-us=0 (0.00%) 214-2.0.0 helo-ip-mismatch=110 (1.92%) 214-2.0.0 helo-schizophrenic=7 (0.12%) 214-2.0.0 idle-retest-timer=0 (0.00%) 214-2.0.0 rate-client=51 (0.89%) 214-2.0.0 rate-throttle=0 (0.00%) 214-2.0.0 client-ip-in-ptr=0 (0.00%) 214-2.0.0 client-ptr-required=873 (15.25%) 214-2.0.0 client-ptr-required-error=60 (1.05%) 214-2.0.0 rfc2821-strict-helo=30 (0.52%) 214-2.0.0 smtp-command-non-ascii=0 (0.00%) 214-2.0.0 smtp-command-pause=51 (0.89%) 214-2.0.0 smtp-drop-after=0 (0.00%) 214-2.0.0 smtp-drop-unknown=6 (0.10%) 214-2.0.0 smtp-enable-esmtp=2813 (49.14%) 214-2.0.0 smtp-greet-pause=65 (1.14%) 214-2.0.0 smtp-reject-delay=0 (0.00%) 214-2.0.0 uri-bl-helo=34 (0.59%) 214-2.0.0 uri-bl-ptr=206 (3.60%) 214-2.0.0 SENDERS=3411 (100.00%) 214-2.0.0 null-sender=18 (0.53%) 214-2.0.0 call-back-cache=0 (0.00%) 214-2.0.0 call-back-made=0 (0.00%) 214-2.0.0 cli-envelope=0 (0.00%) 214-2.0.0 client-is-mx=130 (3.81%) 214-2.0.0 grey-continue=40 (1.17%) 214-2.0.0 grey-tempfail=171 (5.01%) 214-2.0.0 mail-bl=1 (0.03%) 214-2.0.0 mail-wl=0 (0.00%) 214-2.0.0 mail-parse=4 (0.12%) 214-2.0.0 require-sender-mx=0 (0.00%) 214-2.0.0 require-sender-mx-error=0 (0.00%) 214-2.0.0 siq-query-cache=0 (0.00%) 214-2.0.0 siq-query-made=0 (0.00%) 214-2.0.0 siq-score-reject=0 (0.00%) 214-2.0.0 siq-score-tag=0 (0.00%) 214-2.0.0 spf-pass=97 (2.84%) 214-2.0.0 spf-fail=9 (0.26%) 214-2.0.0 spf-none=220 (6.45%) 214-2.0.0 spf-neutral=1 (0.03%) 214-2.0.0 spf-softfail=7 (0.21%) 214-2.0.0 spf-perm-error=0 (0.00%) 214-2.0.0 spf-temp-error=0 (0.00%) 214-2.0.0 uri-bl-mail=64 (1.88%) 214-2.0.0 RECIPIENTS=257 (100.00%) 214-2.0.0 rcpt-reject=9 (3.50%) 214-2.0.0 one-rcpt-per-null=0 (0.00%) 214-2.0.0 rcpt-bl=0 (0.00%) 214-2.0.0 rcpt-wl=0 (0.00%) 214-2.0.0 rcpt-parse=0 (0.00%) 214-2.0.0 MESSAGES=80 (100.00%) 214-2.0.0 msg-accept=60 (75.00%) 214-2.0.0 msg-discard=0 (0.00%) 214-2.0.0 msg-drop=0 (0.00%) 214-2.0.0 msg-reject=20 (25.00%) 214-2.0.0 dsn-sent=0 (0.00%) 214-2.0.0 7bit-headers=0 (0.00%) 214-2.0.0 cli-content=0 (0.00%) 214-2.0.0 infected=0 (0.00%) 214-2.0.0 junk-mail=0 (0.00%) 214-2.0.0 line-length=0 (0.00%) 214-2.0.0 message-limit=0 (0.00%) 214-2.0.0 message-size=0 (0.00%) 214-2.0.0 ret-pass=0 (0.00%) 214-2.0.0 ret-fail=11 (13.75%) 214-2.0.0 ret-ttl=0 (0.00%) 214-2.0.0 strict-dot=0 (0.00%) 214-2.0.0 uri-bl=9 (11.25%) 214-2.0.0 uri-max-limit=0 (0.00%) 214-2.0.0 uri-max-test=4 (5.00%) 214 2.0.0 End. -- Anthony C Howe Skype: SirWumpus SnertSoft +33 6 11 89 73 78 ICQ: 7116561 Sendmail Milter Solutions http://www.snert.com/ http://www.snertsoft.com/ From steve.freegard at fsl.com Thu Jun 14 20:52:23 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Thu Jun 14 20:52:23 2007 Subject: ANNOUNCE: BarricadeMX is released In-Reply-To: References: <54C6E1F0-01FF-4365-A395-D00BFED6C980@ecs.soton.ac.uk> <465C87FD.7090507@tc3net.com> <447401c7a230$fbdd1b10$f3975130$@swaney@fsl.com> <456601c7a24b$9104db50$b30e91f0$@swaney@fsl.com> <46712D2A.65ED.00A2.0@plattesheriff.org> Message-ID: <46719C77.4070501@fsl.com> Hi Scott, Scott Silva wrote: > What I would like to see is an addin for mailscanner that watches outgoing > mail and whitelists the "to" addresses for a configurable period of time. > Usually mail sent out is expected to be replied to. This can already be done - see the BarricadeMX documentation on 'EMEW' (E-Mail Electronic Watermark) which recent versions of MailScanner recognise to automagically whitelist message replies though SpamAssassin. Cheers, Steve. -- Steve Freegard Fort Systems Ltd. From ssilva at sgvwater.com Thu Jun 14 21:19:41 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 14 21:20:03 2007 Subject: ANNOUNCE: BarricadeMX is released In-Reply-To: <46719C77.4070501@fsl.com> References: <54C6E1F0-01FF-4365-A395-D00BFED6C980@ecs.soton.ac.uk> <465C87FD.7090507@tc3net.com> <447401c7a230$fbdd1b10$f3975130$@swaney@fsl.com> <456601c7a24b$9104db50$b30e91f0$@swaney@fsl.com> <46712D2A.65ED.00A2.0@plattesheriff.org> <46719C77.4070501@fsl.com> Message-ID: Steve Freegard spake the following on 6/14/2007 12:52 PM: > Hi Scott, > > Scott Silva wrote: >> What I would like to see is an addin for mailscanner that watches >> outgoing >> mail and whitelists the "to" addresses for a configurable period of time. >> Usually mail sent out is expected to be replied to. > > This can already be done - see the BarricadeMX documentation on 'EMEW' > (E-Mail Electronic Watermark) which recent versions of MailScanner > recognise to automagically whitelist message replies though SpamAssassin. > > Cheers, > Steve. > > -- > Steve Freegard > Fort Systems Ltd. I am going to have to take another look at DefenderMX and BarricadeMX! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From uxbod at splatnix.net Thu Jun 14 21:20:49 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Jun 14 21:20:54 2007 Subject: ANNOUNCE: BarricadeMX is released In-Reply-To: <46719C77.4070501@fsl.com> References: <46719C77.4070501@fsl.com> Message-ID: As MailScanner parses the message then it should be fairly easy to write the to_address to a file, or even hold it as a global hash shared between the perl processes. When the recipient replies, if they do, then the hash could be checked and allow the message through without any checks. Or if using a file the whitelisted entry can be looked up. A hash value could be created for the time the message was sent including the to_address, and then reversed on its way back in. If within a pre-determined time it passes through okay, or it has the normal checks applied. This would be a interesting project to work on. Anybody interested ? Regards, On Thu, 14 Jun 2007 20:52:23 +0100, Steve Freegard wrote: > Hi Scott, > > Scott Silva wrote: >> What I would like to see is an addin for mailscanner that watches > outgoing >> mail and whitelists the "to" addresses for a configurable period of > time. >> Usually mail sent out is expected to be replied to. > > This can already be done - see the BarricadeMX documentation on 'EMEW' > (E-Mail Electronic Watermark) which recent versions of MailScanner > recognise to automagically whitelist message replies though SpamAssassin. > > Cheers, > Steve. > > -- > Steve Freegard > Fort Systems Ltd. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is > believed to be clean. -- --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mikea at mikea.ath.cx Thu Jun 14 21:40:21 2007 From: mikea at mikea.ath.cx (mikea) Date: Thu Jun 14 21:40:29 2007 Subject: ANNOUNCE: BarricadeMX is released Message-ID: <20070614204021.GM11109@mikea.ath.cx> On Thu, Jun 14, 2007 at 02:30:15PM -0400, Stephen Swaney wrote: > I can send any who wants the full documentation which will give some clues > as to how the application works. Please contact me off list. Just knowing > the test that are run is however only a small part of the answer. > > The process works by examining the behavior of the spammer during the > initial part of the SMTP conversation before the DATA phase of the > transmission. Bad guys are dropped or rejected as soon as we know they are a > spammer. Why waste time with spammers. Why run stuff that's obviously spam > through SpamAssassin. I'll take a 4MB multi-threaded C program over Perl any > time it does (most of) job :) > > The tests are applied using branching logic. each test the sender passed or > fails affect their path through the rest of the tests (over 60 individual > tests) - thousands of different paths. > This is the true secret (proprietary) part of the application. They are > deadly accurate. > > The idea here is to safely reject (with an NDR) as much of the junk as > possible and it does work. Most of the BarricadeMX sites are rejecting over > 90% of all of the incoming traffic with very little with listing required > for required for the really clueless administrators out there. I'd like a copy -- and permission to share it with "Al Iverson" . I'm copying him on this, and he may get in touch with you to request his own. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From mikea at mikea.ath.cx Thu Jun 14 21:41:21 2007 From: mikea at mikea.ath.cx (mikea) Date: Thu Jun 14 21:41:27 2007 Subject: ANNOUNCE: BarricadeMX is released Message-ID: <20070614204121.GN11109@mikea.ath.cx> On Thu, Jun 14, 2007 at 02:30:15PM -0400, Stephen Swaney wrote: > I can send any who wants the full documentation which will give some clues > as to how the application works. Please contact me off list. Just knowing > the test that are run is however only a small part of the answer. > > The process works by examining the behavior of the spammer during the > initial part of the SMTP conversation before the DATA phase of the > transmission. Bad guys are dropped or rejected as soon as we know they are a > spammer. Why waste time with spammers. Why run stuff that's obviously spam > through SpamAssassin. I'll take a 4MB multi-threaded C program over Perl any > time it does (most of) job :) > > The tests are applied using branching logic. each test the sender passed or > fails affect their path through the rest of the tests (over 60 individual > tests) - thousands of different paths. > This is the true secret (proprietary) part of the application. They are > deadly accurate. > > The idea here is to safely reject (with an NDR) as much of the junk as > possible and it does work. Most of the BarricadeMX sites are rejecting over > 90% of all of the incoming traffic with very little with listing required > for required for the really clueless administrators out there. Bummer! Response was supposed to be private. Sorry! -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From rpoe at plattesheriff.org Thu Jun 14 23:14:41 2007 From: rpoe at plattesheriff.org (Rob Poe) Date: Thu Jun 14 23:16:25 2007 Subject: ClamAVModule Not Found ... Message-ID: <46717781020000A200006146@platteco-2.plattesheriff.org> On a (actually, two) Centos 4.x box I'm now having the same issue I had on the Centos 3.x box. Clam 0.90.3 MailScanner 4.60.8-1 The Mail::ClamAV failed to compile in CPAN, but compiled well outside of CPAN .. to the make / make install CPAN now reports it is up to date, but in MailScanner I get Jun 14 17:05:23 mail MailScanner[30466]: ClamAV Perl module not found, did you install it? Cleaned up the install, retried it in CPAN -- this is what I get Running make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/Mail-ClamAV.... # Failed test 'use Mail::ClamAV;' # at t/Mail-ClamAV.t line 9. # Tried to use 'Mail::ClamAV'. # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' # # Can't load '/root/.cpan/build/Mail-ClamAV-0.20/blib/arch/auto/Mail/ClamAV/ClamAV.so' for module Mail::ClamAV: libclamav.so.2: cannot open shared object file: No such file or directory at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. # at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500 # # # at /root/.cpan/build/Mail-ClamAV-0.20/blib/lib/Mail/ClamAV.pm line 173 # BEGIN failed--compilation aborted at t/Mail-ClamAV.t line 9. # Compilation failed in require at (eval 3) line 2. # BEGIN failed--compilation aborted at (eval 3) line 2. t/Mail-ClamAV....NOK 1"all" is not defined in %Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t line 11 Can't continue after import errors at t/Mail-ClamAV.t line 11 # Looks like you planned 10 tests but only ran 1. # Looks like you failed 1 test of 1 run. From steve.freegard at fsl.com Thu Jun 14 23:21:33 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Thu Jun 14 23:21:32 2007 Subject: ANNOUNCE: BarricadeMX is released In-Reply-To: References: <46719C77.4070501@fsl.com> Message-ID: <4671BF6D.3050907@fsl.com> Hi Phil, --[ UxBoD ]-- wrote: > As MailScanner parses the message then it should be fairly easy to write > the to_address to a file, or even hold it as a global hash shared between > the perl processes. When the recipient replies, if they do, then the hash > could be checked and allow the message through without any checks. Or if > using a file the whitelisted entry can be looked up. > > A hash value could be created for the time the message was sent including > the to_address, and then reversed on its way back in. If within a > pre-determined time it passes through okay, or it has the normal checks > applied. This sort of thing could easily be written as a Custom Function applied to the 'Is Definitely Not Spam' option - but there are definitely a few issues to consider when using a method like this as this was something we considered when we were developing BarricadeMX. It requires some sort of backing store to be effective as you need to keep the data around for a while for it to be effective (BarricadeMX allows for auto-whitelisting for 7 days by default and this is adjustable), this data also needs to be shared amongst multiple gateways if you have them (which would then require a proper database). Things like BATV, SRS, VERP, Out-of-Office replies and autoreponders also cause issues when you are attempting to auto-whitelist anyone that your users have sent mail to and you leave yourself open to sender address spoofing during the auto-whitelist period. In BarricadeMX we came up with a very clever way to handle this and backscatter prevention at the same time without the need for a database or the tracking of senders/recipients and is one of the things we decided to patent so our competitors couldn't steal the idea. Because of this we can't offer this functionality natively for MailScanner (as Julian already said on the -beta list). Kind regards, Steve. -- Steve Freegard Development Director Fort Systems Ltd. From glenn.steen at gmail.com Thu Jun 14 23:25:28 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jun 14 23:25:31 2007 Subject: [Fwd: Some highlights about BarricadeMX] In-Reply-To: <46719B9F.9070305@fsl.com> References: <46719B9F.9070305@fsl.com> Message-ID: <223f97700706141525k23d6f469s9a44d0a8f964b08c@mail.gmail.com> On 14/06/07, Steve Freegard wrote: > Cross posting Anthony's reply to Rob as Anthony is not a member of this > list. > (snip Antonys very sane reply...) Why isn't Anthony part of this list?! He should be, to collect all very sane spam-fighters in one forum:-D. .... Makes me want to buy BMX... The combination sounds like the "ultimate condom"... Now that I've finally found the problem with the primary MX (bad RAM, that the HP support pack missed completely.... Sigh) Cheers (One day early, with yet a new batch of Single Malts... not only Islay (note: correct spelling:) this time... topped of with a nice Rioja:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From jtm.koekkoek at home.nl Thu Jun 14 23:50:11 2007 From: jtm.koekkoek at home.nl (Jeroen Koekkoek) Date: Thu Jun 14 23:50:15 2007 Subject: ClamAVModule Not Found ... In-Reply-To: <46717781020000A200006146@platteco-2.plattesheriff.org> References: <46717781020000A200006146@platteco-2.plattesheriff.org> Message-ID: <1181861411.5489.4.camel@jetfire> Hi, Did you include the Inline Perl module. I recently build some Debian packages for MailScanner 4.60.8 (Inline is a build dependency) and discovered that when the Inline module is missing Mail::ClamAV is not found. Tn other words, the Inline module is needed for Mail::ClamAV to work. Maybe this helps. Regards, Jeroen On Thu, 2007-06-14 at 17:14 -0500, Rob Poe wrote: > On a (actually, two) Centos 4.x box I'm now having the same issue I had on the Centos 3.x box. > > Clam 0.90.3 > MailScanner 4.60.8-1 > > The Mail::ClamAV failed to compile in CPAN, but compiled well outside of CPAN .. to the make / make install > > CPAN now reports it is up to date, but in MailScanner I get > > Jun 14 17:05:23 mail MailScanner[30466]: ClamAV Perl module not found, did you install it? > > Cleaned up the install, retried it in CPAN -- this is what I get > > Running make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/Mail-ClamAV.... > # Failed test 'use Mail::ClamAV;' > # at t/Mail-ClamAV.t line 9. > # Tried to use 'Mail::ClamAV'. > # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' > # > # Can't load '/root/.cpan/build/Mail-ClamAV-0.20/blib/arch/auto/Mail/ClamAV/ClamAV.so' for module Mail::ClamAV: libclamav.so.2: cannot open shared object file: No such file or directory at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. > # at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500 > # > # > # at /root/.cpan/build/Mail-ClamAV-0.20/blib/lib/Mail/ClamAV.pm line 173 > # BEGIN failed--compilation aborted at t/Mail-ClamAV.t line 9. > # Compilation failed in require at (eval 3) line 2. > # BEGIN failed--compilation aborted at (eval 3) line 2. > t/Mail-ClamAV....NOK 1"all" is not defined in %Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t line 11 > Can't continue after import errors at t/Mail-ClamAV.t line 11 > # Looks like you planned 10 tests but only ran 1. > # Looks like you failed 1 test of 1 run. From jtm.koekkoek at home.nl Fri Jun 15 00:07:37 2007 From: jtm.koekkoek at home.nl (Jeroen Koekkoek) Date: Fri Jun 15 00:07:39 2007 Subject: Beta release 4.61.3 In-Reply-To: <20070614112002.C2A4EFF0F@mx-a.vdnet.lt> References: <4671129F.80201@ecs.soton.ac.uk> <20070614112002.C2A4EFF0F@mx-a.vdnet.lt> Message-ID: <1181862457.5489.22.camel@jetfire> Hi, I agree with the consistency argument! I would like to add that I personally think that all MailScanner executables should start with ms-, and that underscores should be replaced by hyphens. By doing this it's easier to just put those scripts in the /usr/bin or /usr/sbin directories. Of course the ms- prefix can be replaced by another prefix. I have another question for Julian: Why are all wrappers scripts that need to be executed in order to execute the virusscanner. Isn't it better to put the required code in modules. E.g. MailScanner::VirusScanner::BitDefender? Leaving out the shell environment completely is more beautiful. It could even improve performance as well. I know amavis-ng does have some modules available. I'd even be interested in helping to migrate/rewrite the code. Please let me know if I can be of service. Regards, Jeroen On Thu, 2007-06-14 at 14:10 +0300, Nerijus Baliunas wrote: > On Thu, 14 Jun 2007 11:04:15 +0100 Julian Field wrote: > > > I have just released the latest beta, 4.61.3. > > Could you please rename /etc/cron.daily/sa-update to update_spamassassin > as per discussion in "/etc/cron.daily/sa-update rpm conflict" thread? > Because it clashes now with atrpms spamassassin package and will > probably clash with Fedora package in the future. And it will be consistent > with update_phishing_sites and update_virus_scanners :) > > Regards, > Nerijus From steve.freegard at fsl.com Fri Jun 15 00:23:01 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Fri Jun 15 00:23:02 2007 Subject: OT: Re: [Fwd: Some highlights about BarricadeMX] In-Reply-To: <223f97700706141525k23d6f469s9a44d0a8f964b08c@mail.gmail.com> References: <46719B9F.9070305@fsl.com> <223f97700706141525k23d6f469s9a44d0a8f964b08c@mail.gmail.com> Message-ID: <4671CDD5.4020504@fsl.com> Glenn Steen wrote: > Why isn't Anthony part of this list?! He should be, to collect all > very sane spam-fighters in one forum:-D. He currently reads the list via GMANE - but I agree he probably sould be ;-) > .... Makes me want to buy BMX... The combination sounds like the > "ultimate condom"... ROFL - I might have to use that in our Marketing material ;-) Great, because this was exactly what we were attempting to do. > Cheers (One day early, with yet a new batch of Single Malts... not > only Islay (note: correct spelling:) this time... topped of with a > nice Rioja:-) Whiskey and Red Wine?!? - sounds lethal to me (but I was always a lightweight: http://www.jules.fm/gallery/v/swaneyuk/DSC08665.png.html). Cheers, Steve. From ssilva at sgvwater.com Fri Jun 15 00:43:22 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 15 00:43:51 2007 Subject: [Fwd: Some highlights about BarricadeMX] In-Reply-To: <223f97700706141525k23d6f469s9a44d0a8f964b08c@mail.gmail.com> References: <46719B9F.9070305@fsl.com> <223f97700706141525k23d6f469s9a44d0a8f964b08c@mail.gmail.com> Message-ID: Glenn Steen spake the following on 6/14/2007 3:25 PM: > On 14/06/07, Steve Freegard wrote: >> Cross posting Anthony's reply to Rob as Anthony is not a member of this >> list. >> > (snip Antonys very sane reply...) > Why isn't Anthony part of this list?! He should be, to collect all > very sane spam-fighters in one forum:-D. > .... Makes me want to buy BMX... The combination sounds like the > "ultimate condom"... Now that I've finally found the problem with the > primary MX (bad RAM, that the HP support pack missed completely.... > Sigh) > > Cheers (One day early, with yet a new batch of Single Malts... not > only Islay (note: correct spelling:) this time... topped of with a > nice Rioja:-) I haven't yet acquired the taste for single malts yet...the peat is a little bitter for me. But my neighbor says he will be bringing me to the dark side soon. Maybe with a Sherry-cask aged variety. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From glenn.steen at gmail.com Fri Jun 15 02:35:30 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 15 02:35:35 2007 Subject: OT: Re: [Fwd: Some highlights about BarricadeMX] In-Reply-To: <4671CDD5.4020504@fsl.com> References: <46719B9F.9070305@fsl.com> <223f97700706141525k23d6f469s9a44d0a8f964b08c@mail.gmail.com> <4671CDD5.4020504@fsl.com> Message-ID: <223f97700706141835s18f6fd0bqdeb8711ccdd5946@mail.gmail.com> On 15/06/07, Steve Freegard wrote: > Glenn Steen wrote: > > Why isn't Anthony part of this list?! He should be, to collect all > > very sane spam-fighters in one forum:-D. > > He currently reads the list via GMANE - but I agree he probably sould be ;-) > > > .... Makes me want to buy BMX... The combination sounds like the > > "ultimate condom"... > > ROFL - I might have to use that in our Marketing material ;-) > > Great, because this was exactly what we were attempting to do. > > > Cheers (One day early, with yet a new batch of Single Malts... not > > only Islay (note: correct spelling:) this time... topped of with a > > nice Rioja:-) > > Whiskey and Red Wine?!? - sounds lethal to me (but I was always a > lightweight: http://www.jules.fm/gallery/v/swaneyuk/DSC08665.png.html). Yeah, well... you can't swill down malt whiskey to the food... Not andalusian (food) anyway, so ... "roaring headache, here I come":-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Jun 15 02:41:44 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 15 02:41:46 2007 Subject: [Fwd: Some highlights about BarricadeMX] In-Reply-To: References: <46719B9F.9070305@fsl.com> <223f97700706141525k23d6f469s9a44d0a8f964b08c@mail.gmail.com> Message-ID: <223f97700706141841t46b35479wa4feb5fc06bab49f@mail.gmail.com> On 15/06/07, Scott Silva wrote: > Glenn Steen spake the following on 6/14/2007 3:25 PM: > > On 14/06/07, Steve Freegard wrote: > >> Cross posting Anthony's reply to Rob as Anthony is not a member of this > >> list. > >> > > (snip Antonys very sane reply...) > > Why isn't Anthony part of this list?! He should be, to collect all > > very sane spam-fighters in one forum:-D. > > .... Makes me want to buy BMX... The combination sounds like the > > "ultimate condom"... Now that I've finally found the problem with the > > primary MX (bad RAM, that the HP support pack missed completely.... > > Sigh) > > > > Cheers (One day early, with yet a new batch of Single Malts... not > > only Islay (note: correct spelling:) this time... topped of with a > > nice Rioja:-) > I haven't yet acquired the taste for single malts yet...the peat is a little > bitter for me. But my neighbor says he will be bringing me to the dark side > soon. Maybe with a Sherry-cask aged variety. > Ladies drink?! Ohmegod...:-). I did taste a nice double-wood Balvenie earlier tonight, but it pales beside the freshness of a citrusy full-bodied Ardbeg (and the Macallan, Caol Isla... and somewhat weaker Scapa, Glenkichie, Cardhu, Tamdhu.....:-) I sampled a bit later on... As they say, it's an acquired tase... But once you're hooked...:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From FStein at thehill.org Fri Jun 15 03:12:48 2007 From: FStein at thehill.org (Stein, Mr. Fred) Date: Fri Jun 15 03:15:06 2007 Subject: Beta release 4.61.3 In-Reply-To: <4671129F.80201@ecs.soton.ac.uk> References: <4671129F.80201@ecs.soton.ac.uk> Message-ID: -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, June 14, 2007 6:04 AM To: MailScanner discussion; MailScanner beta testers Subject: Beta release 4.61.3 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just released the latest beta, 4.61.3. I would particularly like clamd users and Postfix users to test this release, please. Download as usual from www.mailscanner.info. New additions in this beta versus the previous beta are: 3 'MailScanner --lint' now finds clamd virus scanner. 3 Made clamd subsys lock file blank by default, so it works on non-Linux systems. 3 Added another example to the Allowed Sophos Error Messages setting for password-protected files. 3 Fixed "identified/found" bug in AVG parser. 3 Fixed bugs in Panda and AVG parsers courtesy of Rick Cooper. 3 Fixed bug in Postfix handler which caused a problem with empty messages. The entire Change Log for this version is currently: * New Features and Improvements * 1 Direct support for the "clamd" virus scanner -- now talks directly to the clamd daemon without any overhead of calling clamd-wrapper or clamdscan. As a result, this should be faster than the previous clamd support. It also has a much smaller memory footprint than the "clamavmodule" scanner. This is all thanks to Rick Cooper who wrote the original code. New configuration options are - Clamd Port = 3310 - Clamd Socket = /tmp/clamd - Clamd Lock File = /var/lock/subsys/clamd - Clamd Use Threads = no The use of these settings is explained in the MailScanner.conf file. 2 Changed session handling in direct clamd virus scanner support. 3 'MailScanner --lint' now finds clamd virus scanner. 3 Made clamd subsys lock file blank by default, so it works on non-Linux systems. 3 Added another example to the Allowed Sophos Error Messages setting for password-protected files. * Fixes * 2 Fixed bug in auto-zip feature with a message containing 2 attachments with the same filename. 2 Fixed bug in auto-zip feature that would allow zipping of an attachment which had been cleaned out of the message. 3 Fixed "identified/found" bug in AVG parser. 3 Fixed bugs in Panda and AVG parsers courtesy of Rick Cooper. 3 Fixed bug in Postfix handler which caused a problem with empty messages. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGcRKiEfZZRxQVtlQRAtliAKCgWYm6Rw05c9kAIu5Rv5S3S6e5gwCaAp6t kQUYsCd1oLtmm32euXG+5Lg= =G7Oz -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Postfix 2.43 Clamavmodule Bitdefender f-prot Batch processing time has risen from ~7 to 9 secs a batch to 14 to 22 sec a batch. 1 message in each batch, if 2 messages it goes to 30+ seconds Fred From rpoe at plattesheriff.org Fri Jun 15 07:33:58 2007 From: rpoe at plattesheriff.org (Rob Poe) Date: Fri Jun 15 07:34:28 2007 Subject: MailScanner / Clam .. (grrrr) Message-ID: <4671EC86020000A200006157@platteco-2.plattesheriff.org> Well, I've finally figured out on the boxes that the Mail::ClamAV won't install with CPAN -- how to get them to install via RPM (not exactly a fun time figuring that out) .. the DAG repo for Centos is where I got everything (they have the perl-mail-clamav module, the perl-inline-perl, and obviously the clamav). now, however, when MailScanner is starting, it takes a LOOOOOOOOONNNNNNNG time to get the children to start. (on the order of 5 minutes) the MailScanner --lint isn't that slow though.. output from top looks something like ... 16477 root 25 0 65128 63M 3688 R 20.6 2.5 0:17 0 MailScanner 16498 root 25 0 64908 63M 3684 R 19.6 2.5 0:13 0 MailScanner 16503 root 25 0 64684 63M 3684 R 19.6 2.5 0:10 0 MailScanner 16506 root 25 0 63748 62M 3684 R 19.6 2.4 0:08 0 MailScanner 16510 root 25 0 60668 59M 3680 R 19.6 2.3 0:07 0 MailScanner But once it's started, it works a treat Jun 15 01:32:03 mail MailScanner[16477]: ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./l5F6T5xE016496/msg-16477-1.txt From prandal at herefordshire.gov.uk Fri Jun 15 07:59:15 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Jun 15 07:59:21 2007 Subject: MailScanner / Clam .. (grrrr) In-Reply-To: <4671EC86020000A200006157@platteco-2.plattesheriff.org> References: <4671EC86020000A200006157@platteco-2.plattesheriff.org> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAF78EF7@HC-MBX02.herefordshire.gov.uk> Yes, It sure does. Taking forever to load the virus database is a known "feature" of ClamAV 0.90.x. It's fixed in ClamAV 0.91RC. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Rob Poe > Sent: 15 June 2007 07:34 > To: mailscanner@lists.mailscanner.info > Subject: MailScanner / Clam .. (grrrr) > > Well, I've finally figured out on the boxes that the > Mail::ClamAV won't install with CPAN -- how to get them to > install via RPM (not exactly a fun time figuring that out) .. > the DAG repo for Centos is where I got everything (they have > the perl-mail-clamav module, the perl-inline-perl, and > obviously the clamav). > > now, however, when MailScanner is starting, it takes a > LOOOOOOOOONNNNNNNG time to get the children to start. > > (on the order of 5 minutes) > > the MailScanner --lint isn't that slow though.. > > output from top looks something like ... > > > 16477 root 25 0 65128 63M 3688 R 20.6 2.5 0:17 > 0 MailScanner > 16498 root 25 0 64908 63M 3684 R 19.6 2.5 0:13 > 0 MailScanner > 16503 root 25 0 64684 63M 3684 R 19.6 2.5 0:10 > 0 MailScanner > 16506 root 25 0 63748 62M 3684 R 19.6 2.4 0:08 > 0 MailScanner > 16510 root 25 0 60668 59M 3680 R 19.6 2.3 0:07 > 0 MailScanner > > But once it's started, it works a treat > > Jun 15 01:32:03 mail MailScanner[16477]: > ClamAVModule::INFECTED:: Eicar-Test-Signature:: > ./l5F6T5xE016496/msg-16477-1.txt > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From r.berber at computer.org Fri Jun 15 08:36:48 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Fri Jun 15 08:37:21 2007 Subject: MailScanner / Clam .. (grrrr) In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBAF78EF7@HC-MBX02.herefordshire.gov.uk> References: <4671EC86020000A200006157@platteco-2.plattesheriff.org> <7EF0EE5CB3B263488C8C18823239BEBAF78EF7@HC-MBX02.herefordshire.gov.uk> Message-ID: Randal, Phil wrote: > It sure does. > > Taking forever to load the virus database is a known "feature" of ClamAV > 0.90.x. Not in the order of 5 minutes, it's around 30 seconds. Something else must be the problem. > It's fixed in ClamAV 0.91RC. -- Ren? Berber From uxbod at splatnix.net Fri Jun 15 08:47:27 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Fri Jun 15 08:47:36 2007 Subject: [Fwd: Some highlights about BarricadeMX] In-Reply-To: <223f97700706141841t46b35479wa4feb5fc06bab49f@mail.gmail.com> References: <223f97700706141841t46b35479wa4feb5fc06bab49f@mail.gmail.com> Message-ID: Yuck Whiskey ! :) Cannot stand the stuff. Red wine all the way for me :D On Fri, 15 Jun 2007 03:41:44 +0200, "Glenn Steen" wrote: > On 15/06/07, Scott Silva wrote: >> Glenn Steen spake the following on 6/14/2007 3:25 PM: >> > On 14/06/07, Steve Freegard wrote: >> >> Cross posting Anthony's reply to Rob as Anthony is not a member of > this >> >> list. >> >> >> > (snip Antonys very sane reply...) >> > Why isn't Anthony part of this list?! He should be, to collect all >> > very sane spam-fighters in one forum:-D. >> > .... Makes me want to buy BMX... The combination sounds like the >> > "ultimate condom"... Now that I've finally found the problem with the >> > primary MX (bad RAM, that the HP support pack missed completely.... >> > Sigh) >> > >> > Cheers (One day early, with yet a new batch of Single Malts... not >> > only Islay (note: correct spelling:) this time... topped of with a >> > nice Rioja:-) >> I haven't yet acquired the taste for single malts yet...the peat is a > little >> bitter for me. But my neighbor says he will be bringing me to the dark > side >> soon. Maybe with a Sherry-cask aged variety. >> > Ladies drink?! Ohmegod...:-). I did taste a nice double-wood Balvenie > earlier tonight, but it pales beside the freshness of a citrusy > full-bodied Ardbeg (and the Macallan, Caol Isla... and somewhat weaker > Scapa, Glenkichie, Cardhu, Tamdhu.....:-) I sampled a bit later on... > As they say, it's an acquired tase... But once you're hooked...:-) > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is > believed to be clean. -- --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From zeman at JULI.CZ Fri Jun 15 09:14:36 2007 From: zeman at JULI.CZ (Petr Zeman) Date: Fri Jun 15 09:14:02 2007 Subject: Wrong MPEG movie detection (for e-mails written in czech language) Message-ID: <46724A6C.8080403@juli.cz> Hello, after MailScanner upgrade from old old version to 4.61.2 have problem. I found too much e-mails marked as "MailScanner: No MPEG movies allowed". After "little" analysis i found this: when e-mail begin with "V??en? pane" (english equivalent "Dear Sir") in ISO-8859-2 encoding, is detected as MPEG video. Is possibe to make in the future better MPEG detection ? Attaching one e-mail as sample and here is MailScanner report: Sender: junec@skrin.cz IP Address: 194.228.2.92 Recipient: cernoch@juli.cz Subject: Re: Mail z Vasich WWW stranek - NEODPOVIDEJTE NA TENTO MAIL MessageID: l58D50LM014485 Quarantine: /var/spool/MailScanner/quarantine/20070608/l58D50LM014485 Report: MailScanner: No MPEG movies allowed (msg-5984-27.txt) Thanks for answer Petr Zeman JULI Motorenwerk -------------- next part -------------- Return-Path: Received: from smtp-out4.iol.cz (smtp-out4.iol.cz [194.228.2.92]) by mail.juli.cz (8.13.3/8.13.1/SuSE Linux 0.7) with ESMTP id l58D50LM014485 for ; Fri, 8 Jun 2007 15:05:12 +0200 Received: from antivir6.iol.cz (unknown [192.168.30.215]) by smtp-out4.iol.cz (Postfix) with ESMTP id 5E45216581A for ; Fri, 8 Jun 2007 13:04:48 +0000 (UTC) Received: from localhost (antivir6.iol.cz [127.0.0.1]) by antivir6.iol.cz (Postfix) with ESMTP id 26D43260042 for ; Fri, 8 Jun 2007 15:04:48 +0200 (CEST) X-Virus-Scanned: amavisd-new at iol.cz Received: from antivir6.iol.cz ([127.0.0.1]) by localhost (antivir6.iol.cz [127.0.0.1]) (amavisd-new, port 10224) with LMTP id 26TAGpBj-B4D for ; Fri, 8 Jun 2007 15:04:47 +0200 (CEST) Received: from smtp-out4.iol.cz (mta-out4 [192.168.30.31]) by antivir6.iol.cz (Postfix) with ESMTP id ABE16260036 for ; Fri, 8 Jun 2007 15:04:47 +0200 (CEST) Received: from [83.208.58.173] (173.58.broadband2.iol.cz [83.208.58.173]) by smtp-out4.iol.cz (Postfix) with ESMTP id E612E47E47 for ; Fri, 8 Jun 2007 15:04:44 +0200 (CEST) Message-ID: <466953ED.7060602@skrin.cz> Disposition-Notification-To: Petr Junec Date: Fri, 08 Jun 2007 15:04:45 +0200 From: Petr Junec Reply-To: junec@skrin.cz User-Agent: Thunderbird 1.5.0.12 (Windows/20070509) MIME-Version: 1.0 To: cernoch@juli.cz Subject: Re: Mail z Vasich WWW stranek - NEODPOVIDEJTE NA TENTO MAIL References: <200706051637.l55GbphO010197@venuse.savvy.cz> In-Reply-To: <200706051637.l55GbphO010197@venuse.savvy.cz> Content-Type: multipart/mixed; boundary="------------050802030307060908060903" This is a multi-part message in MIME format. --------------050802030307060908060903 Content-Type: multipart/alternative; boundary="------------060700050007070903000105" --------------060700050007070903000105 Content-Type: text/plain; charset=ISO-8859-2; format=flowed Content-Transfer-Encoding: 8bit V??en? pane ?ernochu, sd?lte mi pros?m kv?li na?? marketingov? studii, odkud jste p?i?el na na?e www.str?nky. (vyhledava?: SEZNAM, CENTRUM, ATLAS atd hled?n? na kl??ov? slovo - ? na internetu nbo ve firm?ch? d?ky moc www.skrin.cz napsal(a): > Zakaznik vyplnil a odeslal formular: > NA TENTO MAIL NIKDY NEODPOVIDEJTE VASE ZPRAVA NEBUDE NIKAM DORUCENA!!!!!! > POUZIJTE ADRESU KTEROU ZAKAZNIK UVEDL. > MAIL ODESLAN ZE STRANKY: > http://www.skrin.cz/poptavkovy-formular.php > > --------------------------- > Jmeno: Petr ?ernoch > Mesto: 612 00 Brno > E-mail: cernoch@juli.cz > Adresa: > Telefon: 603286114 > > Rozm?ry sk??n? > Vyska: 280 > Sirka: 400 > Hloubka: 70 > > Dvere: kombinace > Dezen vestavby: lamino d?evodekor > > Doplnky > satni tyc (delka): 200 > zasuvky (ks): 16 > kos (vyska 200mm) (ks): > kos (v??ka 100mm) (ks): > sklopna tyc: > kravatnik: ANO > police na boty: > v???k na kalhoty: > zehlici prkno: > vysuv na prepravku: > drzak na hadici vysavace: > --------------------------- > --------------060700050007070903000105 Content-Type: multipart/related; boundary="------------070402090100010301000405" --------------070402090100010301000405 Content-Type: text/html; charset=ISO-8859-2 Content-Transfer-Encoding: 8bit V??en? pane ?ernochu, sd?lte mi pros?m? kv?li na?? marketingov? studii, odkud jste p?i?el na na?e www.str?nky.
(vyhledava?: SEZNAM, CENTRUM, ATLAS atd
hled?n? na kl??ov? slovo - ?
na internetu nbo ve firm?ch?

d?ky moc






www.skrin.cz napsal(a): 
Zakaznik vyplnil a odeslal formular:
NA TENTO MAIL NIKDY NEODPOVIDEJTE VASE ZPRAVA NEBUDE NIKAM DORUCENA!!!!!!
POUZIJTE ADRESU KTEROU ZAKAZNIK UVEDL.
MAIL ODESLAN ZE STRANKY:
http://www.skrin.cz/poptavkovy-formular.php

---------------------------
Jmeno: Petr ?ernoch
Mesto: 612 00 Brno
E-mail: cernoch@juli.cz
Adresa: 
Telefon: 603286114

Rozm?ry sk??n?
Vyska: 280
Sirka: 400
Hloubka: 70

Dvere: kombinace
Dezen vestavby: lamino d?evodekor

Doplnky
satni tyc (delka): 200
zasuvky  (ks): 16
kos (vyska 200mm) (ks): 
kos (v??ka 100mm)  (ks): 
sklopna tyc: 
kravatnik: ANO
police na boty: 
v???k na kalhoty: 
zehlici prkno: 
vysuv na prepravku: 
drzak na hadici vysavace: 
---------------------------
--------------070402090100010301000405 Content-Type: image/jpeg; name="UBUS.jpg" Content-Transfer-Encoding: base64 Content-ID: Content-Disposition: inline; filename="UBUS.jpg" /9j/4AAQSkZJRgABAQEASABIAAD/2wBDABQODxIPDRQSEBIXFRQYHjIhHhwcHj0sLiQySUBM S0dARkVQWnNiUFVtVkVGZIhlbXd7gYKBTmCNl4x9lnN+gXz/2wBDARUXFx4aHjshITt8U0ZT fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHz/wAAR CACfALwDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAA AgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkK FhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWG h4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl 5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREA AgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYk NOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOE hYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk 5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwDs6KKKACiiigAooooAKKKKACiiigAooooA KKKKACiikJxycAd6AFqvc3cVuyq7He33UVSxP4Co2lkuiVtyUiBw0uMk/wC7/j/PtNBBHCDs UAseT1LH3NABHMsjldrBgASCPXP+FSjpVaEb7meX+E7Yx6HGSSPxYj8KsjpQAtFFFABRRRQA UUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUh60AIxABJOAOuaplZLt/nzHbqeFxzJ9fQe3fv xwXEi7ZgcG3U4IxneQefw/mfpzbX7o/rQAKAFAHAFBHOaWigBsaCONUXooxTqKKACiiigAoo ooAKKKKACmmkY7cknjqcmqQZr5TlXS3z64MuP5L/AD9u4BN9oaYkWqhwDjeT8ue49T+H50wW tyclr6QE5wEjQAfmCf1q4gCqAoAAGAAMYpaAIIXkBMUuCw6MP4x64qYVXnZUu7Zj95y0Q/EF v/ZKsCgBaKKKACiionmiWVY2kQSN91Sw3H6D8KAJaq3TMzLBHkPICSwONqjGSPfkY/8ArUT3 ccHy8vLjIiTBYjpnHp79Ko6be+cZ7m4TyVeTZHl927bxgDHt2oA1kVURVQBVUYAAwAKU1nSa n5aGQWVy6Y67QuT6YYgk/hWb9quNXuDayQyQDbuaIgrtGcDeSOc84AB/HkAA3YbiK4DGJw4V tpI6Z+tRG/thdJb+eDK5ICgZ5AzyRwPxpkWnRIqxtzEg2rEB+7A9x3Puac1rILlpFlURlAgX ZkoO+0578fkKALg6VXnvbeCQRySDzD0Qcn8qRLNdp853n3dRIwIP4AAfpU8caRqFjRUUdFUY AoAga4fgpbTuM4yNq/jhiDTfNujIwW1ULj7zy4J/AA1cooArwtcMT58UaAdCkhbP5qKnHSlo oAKYSQ33fxzTj0rNu5JDIIFY725PsB1/Pp+PtQAshW/ZkdFNup7n/WEf0B/z1Bt+Y395KrKq ooVRhV4H0paALG5j/GgoKyno4qvUc0jIAI13yH7q54/H2oATUXMIt3lIP74be/JBHTqevQet L9pu/tAVrd1hJAEpYck/7PUDp+dVp49ktqztvlabGX+bHyk/LnhenbrRcXLXl2LdDuig+edR kFz/AAqOnXuOew9aALC6pkyZjcIgBDlMb8g8L69KSS7lWN5biRYIlzwowe/Un8OMUWEckWZb wiS4dy7FW+RT0wo9MYqe5jt7vYsyM6I24L2J9x3x1oAr211cXMEYIMY2DdJ3Y47Dtz3P/wBe o5IZVuoRagRwrud33bmZsYHJ64B7nHTrjB0v3Htz6Zo8uHs2PxoAqs3k2/lxf6yVsF2PLMep /LJ/CnRtBZxOYoEjX7x2gLn/AOvQ6o14iZG2NC5Poeg/TdUpijbAMimgCvEC8wubhQ8mP3Yx jYv+PvTpHxcRSBRvOUGOeDz/AOyip/KU9JFqsULaisQOUSPex9CTgfyagCz9obtjFH2hvQUv 2cn+IUht2HQg0AKLg45X9aes6nqCKgaN16im0AXVYN0p1VYFJbIOAOtWqACiiigCOV1jRnch VUZJz0Hc1VhgdwJZQElflgDnb6AfhU12jSBFAJXzFLbTg4Bz/MDPsTU46UARrAgHIzThGn90 flT6huJVhjZ257AdCx7Ae/p9aAGTMqMERFMjdF/r9KdFbqinIyx6npSQRMm55TmV+WweB7D0 HFTjpQBSuoEaSLYAZEJdVJ4Pykc+3Ipmn6alnbBNzNI53SuT99+5qwwD3wIPzRxHI/3iMf8A oJqzQBX+z/7X6UfZv9r9KsUUAVvsx/vCj7Mf7wqzSHrQBSjtyZZmJAYEKpx1AAI/UmpxbDH3 jRabvKbecnzH59txx+lT0AVzCiqSxbjk1DbQFleUlkaQ5Cn+EDgfyzT7lWnlEAX93w0h7Edl /Hv7fWrQ6UARCNwOJD+Ipf3o/usKlooAjDNj5k/I0jbHHzZX3IxipaSgBEAVAB0p1IBgYpaA CiiigAooooAQmq0Z8+beQQicIPU9z/T86fcFjiONtjv364A6n/PqKljVUQKgAVeAAOg9KAFA wKD1oprkKCx6AZNAFa2RTLczg7vMfAPpt4x+YNWxjHFQ2iFLWMOAHI3OB/ePJ/UmpqAFopKK V0AtNPX3paQ98UXAbbkNCpGPfHr3/Wo5nIYrGAZCB16KPU/4f/XwkduIi/lyOqsd2zjaCeTj j15qZVCg+p6nPWmAyGFYVwg5JyxPVj61KKKKAFopKKAFooooAKKKKACiiigApp5NOqC6LeSw QlWb5Aw6qTxn8M0ANgBeR5m3cnCqwwVA4/pmrNNjRY41ReFUAD6U6gCG5JWFiDg1zGpa4Ypb i2dCyooLZfG8ZGR+R/Q1011/qHrhNfIS5uOqvIy8/wCyFH9f5e1YtXmWnaJrQeIGmsri48uR fIxx5nXNVv8AhLGzxBJ6f6z/AD61nafxoup/8A/nWWv3h+FCitQvY67UPELWN00BjkfABz5m Ooz6VW/4S1v+eEn/AH9/+tWZ4g/5Cz/7q/yqrA9strcCZC0pA8ojse9CiuVMG2dDB4pSWVUl jljDHAYPmpdQ8QNY3Jh2O/yg5EmM/pXK28ElzKI4VLMfTt71f8QLt1MqeoRQfyocVzWHzM3L XxA1zBdTCORfIXdjfnNVP+Esbj9w/wD39zWfpP8AyDtS/wCuI/rWUeh+hoUVqHMzsr/XxZeW pEkkrqG2huAPeqX/AAlj/wDPB/8Av7/9aqGvwSLdRzFT5bRKA3bPoao2j2yl1uomdWXAZTyh 9RRGKtcG2joIvFm6QLLFIik4LCTOPetiS4kKqySvgjIO48iubtdHsLxR5F+zNjG0qA35VvyK sMEakjaigZJ9qlNcyQfZHfaJv+e0n/fRo+0Tf89pP++jVA6lZdDcx/nT2vbVYhKZkEZOAc9T XQZlz7RN/wA9pP8Avo0faJv+e0n/AH0apC/tCVHnx5bpg0st7bQMFlnRWPYmgC39omzkTSfi xrbtyTbxk9So/lXMxXltO+yGZGb0B610tt/x7Rf7g/lQBLUErK1zFHk7gC/H/fP/ALN+lT1C qr9pkkBycBD7d/8A2agCUdKWkHQUtAEF3/qH+lee68+/VJPlUYCgFe47V3uoNiHZn5nOB1+p 6ewP6VzGq6G95cCa2dFJGGVsgHtWLkoy1LSujKsJEXR9QRmUMdmAT15rNX7w69R1rX/4Ru9/ vw/99H/Cpbbw3P5ym4ljCAgnb3xzinzRV2HK2VfEH/IVf/dX+VV7aCCSxupJX2yRqpjG7GT9 O9bWq6LcXt688TxqrAABicj9Kqf8I1d/89YfzP8AhUqceVIbi7mRFK0EqyRsVZTkY+taPiBt +qFj1ZFP6Vat/DUvnKZ5kCA5Ozv7Vc1fRWvZFlt3RWCBMNnkChzjzAouxkaXIiafqIdgpaIY BPXrWYeh+hrYPhu9PO+H/vo/4VJB4auDKvnyxhAcnBPIqueKuxKLZbvtaWzdbZrYSjy1Jyev H0rMb7DqEVzIsItHjXcMScPz0wa1tW0Q3siy28gR1UKQ+cH0rNPhu9yfnh/76P8AhUQcFsU1 IyAxUhl4YYII7HrXaXSvc6aBn55Is5z6gVjQ+GrguPOliVP4tpJOK3L2DzLMwKSv7sqDVcy5 lYSulqck0LWe5Ly2Yqe/QjnsasXX2f8AsuI2u/aZzuDnODipRo16sckQki2ORkZPOD9KlbRp /sCRK6F/M8wnPA4xWxmQWukC8sYZUk8tiGDEgnPPWoLqP/iciJ8MN6IfccV0GnW72lnHDIVL LnJU5HWs++0m4lvTcQOg3EEbj0I/CgCjYqE1tFUAASsBj8a9Ftv+PaL/AHB/KuIstJuIr4XM 7x8Evhe+c129t/x7Rf7g/lQBLVeD/X3X/XUf+gLViq8IPnXOehkGP++FoAsUhpaguXZV2pne /wAowOnqfw/z1oAairLO8hAZVG1cgfiR+g/4DUvlJ/dX8qWJFjjCqoUDsO1PpNXHcj8qP+4v 5UeVH/cX8qkoo5UFyPyo/wC4v5UeVH/cX8qkoo5UFyPyo/7i/lR5Sf3F/KpKKOVC1I/Kj/uL +VHlR/3F/KpKKXKh3I/Kj/uL+VHlR/3F/KpKKfKguR+VH/dX8qQwx941P/ARUtFFkK7IvIi/ 55J/3yKPIi/55J/3yKlopgReRF/zyT/vkUeRF/zyT/vkVLRQBF5EX/PJP++RUgAAwMY9qWig AqBgVudx5RlwR6Ef/WJ/Kp6ZIocFW+vFACSOkSF5GCqOpJ4qKMGSQzkY4wn0/wDr8H8KiS0a TP2qY3Ee7cqlAAAPX155q6OlAAOlLRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFF FFABRRRQB//Z --------------070402090100010301000405-- --------------060700050007070903000105-- --------------050802030307060908060903 Content-Type: text/x-vcard; charset=utf-8; name="junec.vcf" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="junec.vcf" begin:vcard fn:Petr Junec n:Junec;Petr org:Petr Junec adr;quoted-printable;quoted-printable;dom:;;Mikul=C4=8Dice 20;Mikul=C4=8Dice;;69619 email;internet:junec@skrin.cz tel;cell:603111575 url:http://www.skrin.cz version:2.1 end:vcard --------------050802030307060908060903-- From shuttlebox at gmail.com Fri Jun 15 09:19:04 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Jun 15 09:19:07 2007 Subject: Wrong MPEG movie detection (for e-mails written in czech language) In-Reply-To: <46724A6C.8080403@juli.cz> References: <46724A6C.8080403@juli.cz> Message-ID: <625385e30706150119t32b0d216jfb62e8406c2502c8@mail.gmail.com> On 6/15/07, Petr Zeman wrote: > Hello, > > after MailScanner upgrade from old old version to 4.61.2 have problem. I > found too much e-mails marked as "MailScanner: No MPEG movies allowed". > After "little" analysis i found this: when e-mail begin with "V??en? > pane" (english equivalent "Dear Sir") in ISO-8859-2 encoding, is > detected as MPEG video. Is possibe to make in the future better MPEG > detection ? File type detection is made by the "file" command, not MailScanner itself. Read the manual page for file if you want to know how to adjust it yourself. -- /peter From zeman at JULI.CZ Fri Jun 15 10:20:01 2007 From: zeman at JULI.CZ (Petr Zeman) Date: Fri Jun 15 10:19:26 2007 Subject: Wrong MPEG movie detection (for e-mails written in czech language) In-Reply-To: <625385e30706150119t32b0d216jfb62e8406c2502c8@mail.gmail.com> References: <46724A6C.8080403@juli.cz> <625385e30706150119t32b0d216jfb62e8406c2502c8@mail.gmail.com> Message-ID: <467259C1.1030806@juli.cz> shuttlebox napsal(a): > On 6/15/07, Petr Zeman wrote: >> Hello, >> >> after MailScanner upgrade from old old version to 4.61.2 have problem. I >> found too much e-mails marked as "MailScanner: No MPEG movies allowed". >> After "little" analysis i found this: when e-mail begin with "V??en? >> pane" (english equivalent "Dear Sir") in ISO-8859-2 encoding, is >> detected as MPEG video. Is possibe to make in the future better MPEG >> detection ? > > File type detection is made by the "file" command, not MailScanner > itself. Read the manual page for file if you want to know how to > adjust it yourself. > thnx for help, "file" detects it as MPEG-4 LOAS. Only first 2 letters is enough for "txt file" detection as "MPEG-4 stream". Something wrong in "file" utility. Petr From rcooper at dwford.com Fri Jun 15 10:58:53 2007 From: rcooper at dwford.com (Rick Cooper) Date: Fri Jun 15 10:58:58 2007 Subject: MailScanner / Clam .. (grrrr) In-Reply-To: <4671EC86020000A200006157@platteco-2.plattesheriff.org> References: <4671EC86020000A200006157@platteco-2.plattesheriff.org> Message-ID: <020d01c7af33$c8304cf0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Rob Poe > Sent: Friday, June 15, 2007 2:34 AM > To: mailscanner@lists.mailscanner.info > Subject: MailScanner / Clam .. (grrrr) > > Well, I've finally figured out on the boxes that the > Mail::ClamAV won't install with CPAN -- how to get them to > install via RPM (not exactly a fun time figuring that out) > .. the DAG repo for Centos is where I got everything (they > have the perl-mail-clamav module, the perl-inline-perl, and > obviously the clamav). > > now, however, when MailScanner is starting, it takes a > LOOOOOOOOONNNNNNNG time to get the children to start. > > (on the order of 5 minutes) > > the MailScanner --lint isn't that slow though.. > > output from top looks something like ... > > > 16477 root 25 0 65128 63M 3688 R 20.6 2.5 > 0:17 0 MailScanner > 16498 root 25 0 64908 63M 3684 R 19.6 2.5 > 0:13 0 MailScanner > 16503 root 25 0 64684 63M 3684 R 19.6 2.5 > 0:10 0 MailScanner > 16506 root 25 0 63748 62M 3684 R 19.6 2.4 > 0:08 0 MailScanner > 16510 root 25 0 60668 59M 3680 R 19.6 2.3 > 0:07 0 MailScanner > > But once it's started, it works a treat > > Jun 15 01:32:03 mail MailScanner[16477]: > ClamAVModule::INFECTED:: Eicar-Test-Signature:: > ./l5F6T5xE016496/msg-16477-1.txt > Supposedly they have fixed the long load time with the current clamav rcx version. Bear im mind when you use clamavmodule you are loading the database and basically becoming a clamd. Thus if libclamav has a long load each of your children will also have a long load (although 5 min is WAY longer than I have heard of). Try commenting out the clamavmodule from your scanner list and see if the load times come down. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From m.anderlini at database.it Fri Jun 15 11:07:31 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Fri Jun 15 11:07:41 2007 Subject: Rules du jour update error In-Reply-To: <467259C1.1030806@juli.cz> References: <46724A6C.8080403@juli.cz><625385e30706150119t32b0d216jfb62e8406c2502c8@mail.gmail.com> <467259C1.1030806@juli.cz> Message-ID: <00b801c7af34$fcd22860$3f01a8c0@dbdomain.database.it> In these last two day I'm getting this error when rules du jour try to update. ================= SARE Abused Redirect Subject Ruleset for SpamAssassin (post3.0.0) has changed on netra.database.it. Version line: ***WARNING***: /usr/bin/spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf /etc/mail/spamassassin/RulesDuJour/72_sare_redirect_post3.0.0.cf.2; mv -f /etc/mail/spamassassin/RulesDuJour/72_sare_redirect_post3.0.0.cf.20070615-04 45 /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf; Lint output: [23588] warn: config: failed to parse line, skipping, in "/etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf": [23588] warn: config: failed to parse line, skipping, in "/etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf": [23588] warn: config: failed to parse line, skipping, in "/etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf": [23588] warn: config: failed to parse line, skipping, in "/etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf": [23588] warn: lint: 4 issues detected, please rerun with debug enabled for more information ================= I get the same error on two machine, I've not changed nothing. What could be ? thanks -- Messaggio verificato dal servizio antivirus di Database Informatica From rcooper at dwford.com Fri Jun 15 11:07:43 2007 From: rcooper at dwford.com (Rick Cooper) Date: Fri Jun 15 11:07:48 2007 Subject: MailScanner / Clam .. (grrrr) In-Reply-To: References: <4671EC86020000A200006157@platteco-2.plattesheriff.org><7EF0EE5CB3B263488C8C18823239BEBAF78EF7@HC-MBX02.herefordshire.gov.uk> Message-ID: <021401c7af35$03f67740$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Ren? Berber > Sent: Friday, June 15, 2007 3:37 AM > To: mailscanner@lists.mailscanner.info > Subject: Re: MailScanner / Clam .. (grrrr) > > Randal, Phil wrote: > > > It sure does. > > > > Taking forever to load the virus database is a known > "feature" of ClamAV > > 0.90.x. > > Not in the order of 5 minutes, it's around 30 seconds. > Something else must be > the problem. > [...] Another thing to look at is the sig count, should be 140,000+ if you see 200,000+ look in the db dir (/usr/share/clamav) and see if you have both .inc dirs and .cvd files for main and/or daily (ex: main.inc and main.cvd). This will cause you to load the db's twice, hence the 200,000+ Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From themba at dcdata.co.za Fri Jun 15 11:18:56 2007 From: themba at dcdata.co.za (Themba Ntleki) Date: Fri Jun 15 11:20:00 2007 Subject: MailScanner/Mailwatch not logging messages Message-ID: <46726790.2070805@dcdata.co.za> Hi Guys, I'm new to MailScanner, I just installed the latest MailScanner/Mailwatch on Suse 10.2, but it is logging any emails, please help. :-) Themba -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html From ms-list at alexb.ch Fri Jun 15 11:33:13 2007 From: ms-list at alexb.ch (Alex Broens) Date: Fri Jun 15 11:33:20 2007 Subject: Rules du jour update error In-Reply-To: <00b801c7af34$fcd22860$3f01a8c0@dbdomain.database.it> References: <46724A6C.8080403@juli.cz><625385e30706150119t32b0d216jfb62e8406c2502c8@mail.gmail.com> <467259C1.1030806@juli.cz> <00b801c7af34$fcd22860$3f01a8c0@dbdomain.database.it> Message-ID: <46726AE9.1040004@alexb.ch> On 6/15/2007 12:07 PM, Marcello Anderlini wrote: > In these last two day I'm getting this error when rules du jour try to > update. > > ================= > SARE Abused Redirect Subject Ruleset for SpamAssassin (post3.0.0) has > changed on netra.database.it. > Version line: > > ***WARNING***: /usr/bin/spamassassin -p > /etc/MailScanner/spam.assassin.prefs.conf --lint failed. > Rolling configuration files back, not restarting SpamAssassin. > Rollback command is: mv -f > /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf > /etc/mail/spamassassin/RulesDuJour/72_sare_redirect_post3.0.0.cf.2; mv -f > /etc/mail/spamassassin/RulesDuJour/72_sare_redirect_post3.0.0.cf.20070615-04 > 45 /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf; > > Lint output: [23588] warn: config: failed to parse line, skipping, in > "/etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf": HTTP-EQUIV="Refresh" CONTENT="0.1"> > [23588] warn: config: failed to parse line, skipping, in > "/etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf": HTTP-EQUIV="Pragma" CONTENT="no-cache"> > [23588] warn: config: failed to parse line, skipping, in > "/etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf": HTTP-EQUIV="Expires" CONTENT="-1"> > [23588] warn: config: failed to parse line, skipping, in > "/etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf": > [23588] warn: lint: 4 issues detected, please rerun with debug enabled for > more information > ================= > > > I get the same error on two machine, I've not changed nothing. > > What could be ? You have a borked update. If you look at the files you'll see html code in them. remove all sare rules, re-run RDJ and it will be ok h2h Alex From uxbod at splatnix.net Fri Jun 15 11:37:54 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Fri Jun 15 11:38:12 2007 Subject: MailScanner/Mailwatch not logging messages In-Reply-To: <46726790.2070805@dcdata.co.za> References: <46726790.2070805@dcdata.co.za> Message-ID: Have you set in MailScanner.conf :- Always Looked Up Last = &MailWatchLogging Have you changed the SQL details in MailWatch.pm ? Can you connect to the database using the credentials ? What is reported in /var/log/messages ? Does it load the MailWatch module ? Extract from logfile for when MailScanner starts would be useful. On Fri, 15 Jun 2007 12:18:56 +0200, Themba Ntleki wrote: > Hi Guys, > > I'm new to MailScanner, I just installed the latest > MailScanner/Mailwatch on Suse 10.2, but it is logging any emails, please > help. :-) > > Themba > > -- > This email and all contents are subject to the following disclaimer: > http://www.dcdata.co.za/emaildisclaimer.html > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is > believed to be clean. -- --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From prandal at herefordshire.gov.uk Fri Jun 15 12:06:59 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Jun 15 12:07:07 2007 Subject: MailScanner / Clam .. (grrrr) In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBAF78EF7@HC-MBX02.herefordshire.gov.uk> References: <4671EC86020000A200006157@platteco-2.plattesheriff.org> <7EF0EE5CB3B263488C8C18823239BEBAF78EF7@HC-MBX02.herefordshire.gov.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAF78F99@HC-MBX02.herefordshire.gov.uk> OK, on my test (completely unloaded) CentOS 5 box MailScanner starts all its children thus (to nearest 10 seconds, I hate excessive precision): without clamavmodule: 40 seconds with clamavmodule: 190 seconds Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Randal, Phil > Sent: 15 June 2007 07:59 > To: MailScanner discussion > Subject: RE: MailScanner / Clam .. (grrrr) > > Yes, > > It sure does. > > Taking forever to load the virus database is a known > "feature" of ClamAV > 0.90.x. > > It's fixed in ClamAV 0.91RC. > > Cheers, > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Rob Poe > > Sent: 15 June 2007 07:34 > > To: mailscanner@lists.mailscanner.info > > Subject: MailScanner / Clam .. (grrrr) > > > > Well, I've finally figured out on the boxes that the > > Mail::ClamAV won't install with CPAN -- how to get them to > > install via RPM (not exactly a fun time figuring that out) .. > > the DAG repo for Centos is where I got everything (they have > > the perl-mail-clamav module, the perl-inline-perl, and > > obviously the clamav). > > > > now, however, when MailScanner is starting, it takes a > > LOOOOOOOOONNNNNNNG time to get the children to start. > > > > (on the order of 5 minutes) > > > > the MailScanner --lint isn't that slow though.. > > > > output from top looks something like ... > > > > > > 16477 root 25 0 65128 63M 3688 R 20.6 2.5 0:17 > > 0 MailScanner > > 16498 root 25 0 64908 63M 3684 R 19.6 2.5 0:13 > > 0 MailScanner > > 16503 root 25 0 64684 63M 3684 R 19.6 2.5 0:10 > > 0 MailScanner > > 16506 root 25 0 63748 62M 3684 R 19.6 2.4 0:08 > > 0 MailScanner > > 16510 root 25 0 60668 59M 3680 R 19.6 2.3 0:07 > > 0 MailScanner > > > > But once it's started, it works a treat > > > > Jun 15 01:32:03 mail MailScanner[16477]: > > ClamAVModule::INFECTED:: Eicar-Test-Signature:: > > ./l5F6T5xE016496/msg-16477-1.txt > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From rcooper at dwford.com Fri Jun 15 12:33:41 2007 From: rcooper at dwford.com (Rick Cooper) Date: Fri Jun 15 12:33:46 2007 Subject: MailScanner / Clam .. (grrrr) In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBAF78F99@HC-MBX02.herefordshire.gov.uk> References: <4671EC86020000A200006157@platteco-2.plattesheriff.org><7EF0EE5CB3B263488C8C18823239BEBAF78EF7@HC-MBX02.herefordshire.gov.uk> <7EF0EE5CB3B263488C8C18823239BEBAF78F99@HC-MBX02.herefordshire.gov.uk> Message-ID: <023901c7af41$064e2c70$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Randal, Phil > Sent: Friday, June 15, 2007 7:07 AM > To: MailScanner discussion > Subject: RE: MailScanner / Clam .. (grrrr) > > OK, on my test (completely unloaded) CentOS 5 box > MailScanner starts all > its children thus (to nearest 10 seconds, I hate excessive > precision): > > without clamavmodule: 40 seconds > > with clamavmodule: 190 seconds > > Cheers, > > Phil > I downloaded http://freshmeat.net/redir/clamav/38302/url_tgz/clamav-0.91rc1.tar.gz and the difference in load time is huge. From nearly 30 seconds to about 2 seconds. I am timing how long it takes clamd to create and listen to it's socket, which it does after it loads it's DBs (of course). This should translate directly to MailScanner and ClamAVModule, as well as clamscan (since the DB load time per file is the slowest part of clamscan). Given your times it sounds like youmust be running about 5 children? Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gdoris at rogers.com Fri Jun 15 12:38:17 2007 From: gdoris at rogers.com (Gerry Doris) Date: Fri Jun 15 12:38:55 2007 Subject: Rules du jour update error In-Reply-To: <00b801c7af34$fcd22860$3f01a8c0@dbdomain.database.it> References: <46724A6C.8080403@juli.cz><625385e30706150119t32b0d216jfb62e8406c2502c8@mail.gmail.com> <467259C1.1030806@juli.cz> <00b801c7af34$fcd22860$3f01a8c0@dbdomain.database.it> Message-ID: <46727A29.4020006@rogers.com> Marcello Anderlini wrote: > In these last two day I'm getting this error when rules du jour try to > update. > > ================= > SARE Abused Redirect Subject Ruleset for SpamAssassin (post3.0.0) has > changed on netra.database.it. > Version line: > > ***WARNING***: /usr/bin/spamassassin -p > /etc/MailScanner/spam.assassin.prefs.conf --lint failed. > Rolling configuration files back, not restarting SpamAssassin. > Rollback command is: mv -f > /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf > /etc/mail/spamassassin/RulesDuJour/72_sare_redirect_post3.0.0.cf.2; mv -f > /etc/mail/spamassassin/RulesDuJour/72_sare_redirect_post3.0.0.cf.20070615-04 > 45 /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf; > > Lint output: [23588] warn: config: failed to parse line, skipping, in > "/etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf": HTTP-EQUIV="Refresh" CONTENT="0.1"> > [23588] warn: config: failed to parse line, skipping, in > "/etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf": HTTP-EQUIV="Pragma" CONTENT="no-cache"> > [23588] warn: config: failed to parse line, skipping, in > "/etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf": HTTP-EQUIV="Expires" CONTENT="-1"> > [23588] warn: config: failed to parse line, skipping, in > "/etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf": > [23588] warn: lint: 4 issues detected, please rerun with debug enabled for > more information > ================= > > > I get the same error on two machine, I've not changed nothing. > > What could be ? > > thanks > > This started after the DDOS attacks earlier this week. Go into the directory where you download the rules files (looks like /etc/mail/spamassassin/RulesDuJour) and check each of the files. Erase the ones that only have the following garbage... HTTP-EQUIV="Refresh" CONTENT="0.1"> HTTP-EQUIV="Pragma" CONTENT="no-cache"> HTTP-EQUIV="Expires" CONTENT="-1"> From root at doctor.nl2k.ab.ca Fri Jun 15 13:09:43 2007 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Fri Jun 15 13:10:43 2007 Subject: Rules du jour update error In-Reply-To: <00b801c7af34$fcd22860$3f01a8c0@dbdomain.database.it> References: <467259C1.1030806@juli.cz> <00b801c7af34$fcd22860$3f01a8c0@dbdomain.database.it> Message-ID: <20070615120942.GB13361@doctor.nl2k.ab.ca> On Fri, Jun 15, 2007 at 12:07:31PM +0200, Marcello Anderlini wrote: > In these last two day I'm getting this error when rules du jour try to > update. > > ================= > SARE Abused Redirect Subject Ruleset for SpamAssassin (post3.0.0) has > changed on netra.database.it. > Version line: > > ***WARNING***: /usr/bin/spamassassin -p > /etc/MailScanner/spam.assassin.prefs.conf --lint failed. > Rolling configuration files back, not restarting SpamAssassin. > Rollback command is: mv -f > /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf > /etc/mail/spamassassin/RulesDuJour/72_sare_redirect_post3.0.0.cf.2; mv -f > /etc/mail/spamassassin/RulesDuJour/72_sare_redirect_post3.0.0.cf.20070615-04 > 45 /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf; > > Lint output: [23588] warn: config: failed to parse line, skipping, in > "/etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf": HTTP-EQUIV="Refresh" CONTENT="0.1"> > [23588] warn: config: failed to parse line, skipping, in > "/etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf": HTTP-EQUIV="Pragma" CONTENT="no-cache"> > [23588] warn: config: failed to parse line, skipping, in > "/etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf": HTTP-EQUIV="Expires" CONTENT="-1"> > [23588] warn: config: failed to parse line, skipping, in > "/etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf": > [23588] warn: lint: 4 issues detected, please rerun with debug enabled for > more information > ================= > > > I get the same error on two machine, I've not changed nothing. > > What could be ? > > thanks > Looks like rulesemporium is skewed up! > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From prandal at herefordshire.gov.uk Fri Jun 15 13:10:43 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Jun 15 13:16:25 2007 Subject: MailScanner / Clam .. (grrrr) In-Reply-To: <023901c7af41$064e2c70$0301a8c0@SAHOMELT> References: <4671EC86020000A200006157@platteco-2.plattesheriff.org><7EF0EE5CB3B263488C8C18823239BEBAF78EF7@HC-MBX02.herefordshire.gov.uk><7EF0EE5CB3B263488C8C18823239BEBAF78F99@HC-MBX02.herefordshire.gov.uk> <023901c7af41$064e2c70$0301a8c0@SAHOMELT> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAF78FB5@HC-MBX02.herefordshire.gov.uk> Rick Cooper opined: > > OK, on my test (completely unloaded) CentOS 5 box > > MailScanner starts all > > its children thus (to nearest 10 seconds, I hate excessive > > precision): > > > > without clamavmodule: 40 seconds > > > > with clamavmodule: 190 seconds > > > > Cheers, > > > > Phil > > > > I downloaded > http://freshmeat.net/redir/clamav/38302/url_tgz/clamav-0.91rc1 > .tar.gz and > the difference in load time is huge. From nearly 30 seconds to about 2 > seconds. I am timing how long it takes clamd to create and > listen to it's > socket, which it does after it loads it's DBs (of course). This should > translate directly to MailScanner and ClamAVModule, as well > as clamscan > (since the DB load time per file is the slowest part of > clamscan). Given > your times it sounds like youmust be running about 5 children? > > Rick Actually, it was 8 MailScanner children, dual processor box, though. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK From rcooper at dwford.com Fri Jun 15 13:25:17 2007 From: rcooper at dwford.com (Rick Cooper) Date: Fri Jun 15 13:25:25 2007 Subject: MailScanner / Clam .. (grrrr) In-Reply-To: <023901c7af41$064e2c70$0301a8c0@SAHOMELT> References: <4671EC86020000A200006157@platteco-2.plattesheriff.org><7EF0EE5CB3B263488C8C18823239BEBAF78EF7@HC-MBX02.herefordshire.gov.uk><7EF0EE5CB3B263488C8C18823239BEBAF78F99@HC-MBX02.herefordshire.gov.uk> <023901c7af41$064e2c70$0301a8c0@SAHOMELT> Message-ID: <023b01c7af48$3bfdbfa0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Rick Cooper > Sent: Friday, June 15, 2007 7:34 AM > To: 'MailScanner discussion' > Subject: RE: MailScanner / Clam .. (grrrr) > > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Randal, Phil > > Sent: Friday, June 15, 2007 7:07 AM > > To: MailScanner discussion > > Subject: RE: MailScanner / Clam .. (grrrr) > > > > OK, on my test (completely unloaded) CentOS 5 box > > MailScanner starts all > > its children thus (to nearest 10 seconds, I hate excessive > > precision): > > > > without clamavmodule: 40 seconds > > > > with clamavmodule: 190 seconds > > > > Cheers, > > > > Phil > > > > I downloaded > http://freshmeat.net/redir/clamav/38302/url_tgz/clamav-0.91rc > 1.tar.gz and > the difference in load time is huge. From nearly 30 seconds > to about 2 > seconds. I am timing how long it takes clamd to create and > listen to it's > socket, which it does after it loads it's DBs (of course). > This should > translate directly to MailScanner and ClamAVModule, as well > as clamscan > (since the DB load time per file is the slowest part of > clamscan). Given > your times it sounds like you must be running about 5 children? > > Rick > > > -- I put that clamscan theory to the test and found: (Scanning same eicar.rar file rounding to nearest second) Version 0.90.3 : average time 23 seconds Version 0.91rc1: average time 3 seconds So I would think 0.91rc1 would be a worth using Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From m.anderlini at database.it Fri Jun 15 13:26:38 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Fri Jun 15 13:26:40 2007 Subject: R: Rules du jour update error In-Reply-To: <46726AE9.1040004@alexb.ch> References: <46724A6C.8080403@juli.cz><625385e30706150119t32b0d216jfb62e8406c2502c8@mail.gmail.com> <467259C1.1030806@juli.cz><00b801c7af34$fcd22860$3f01a8c0@dbdomain.database.it> <46726AE9.1040004@alexb.ch> Message-ID: <00d401c7af48$6be11e10$3f01a8c0@dbdomain.database.it> Great, worked well, thanks a lot. Best regards -----Messaggio originale----- Da: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Per conto di Alex Broens Inviato: venerd? 15 giugno 2007 12.33 A: MailScanner discussion Oggetto: Re: Rules du jour update error On 6/15/2007 12:07 PM, Marcello Anderlini wrote: > In these last two day I'm getting this error when rules du jour try to > update. > > ================= > SARE Abused Redirect Subject Ruleset for SpamAssassin (post3.0.0) has > changed on netra.database.it. > Version line: > > ***WARNING***: /usr/bin/spamassassin -p > /etc/MailScanner/spam.assassin.prefs.conf --lint failed. > Rolling configuration files back, not restarting SpamAssassin. > Rollback command is: mv -f > /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf > /etc/mail/spamassassin/RulesDuJour/72_sare_redirect_post3.0.0.cf.2; mv > -f > /etc/mail/spamassassin/RulesDuJour/72_sare_redirect_post3.0.0.cf.20070 > 615-04 > 45 /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf; > > Lint output: [23588] warn: config: failed to parse line, skipping, in > "/etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf": > [23588] warn: > config: failed to parse line, skipping, in > "/etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf": HTTP-EQUIV="Pragma" CONTENT="no-cache"> [23588] warn: config: failed > to parse line, skipping, in > "/etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf": HTTP-EQUIV="Expires" CONTENT="-1"> [23588] warn: config: failed to > parse line, skipping, in > "/etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf": > [23588] warn: lint: 4 issues detected, please rerun with debug enabled > for more information ================= > > > I get the same error on two machine, I've not changed nothing. > > What could be ? You have a borked update. If you look at the files you'll see html code in them. remove all sare rules, re-run RDJ and it will be ok h2h Alex -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Messaggio verificato dal servizio antivirus di Database Informatica -- Messaggio verificato dal servizio antivirus di Database Informatica From sailer at bnl.gov Fri Jun 15 13:48:19 2007 From: sailer at bnl.gov (Tim Sailer) Date: Fri Jun 15 13:48:26 2007 Subject: [Fwd: Some highlights about BarricadeMX] In-Reply-To: References: <46719B9F.9070305@fsl.com> <223f97700706141525k23d6f469s9a44d0a8f964b08c@mail.gmail.com> Message-ID: <20070615124819.GA22901@bnl.gov> On Thu, Jun 14, 2007 at 04:43:22PM -0700, Scott Silva wrote: > I haven't yet acquired the taste for single malts yet...the peat is a little > bitter for me. But my neighbor says he will be bringing me to the dark side > soon. Maybe with a Sherry-cask aged variety. Nah... that's what makes it so nice... Laugavaulin (I think that's how you spell it... I just drink it) is my favorite. *Very* smokey and peaty... I put 2 fingers (holding out hand with index and pinky fingers extended) into a glass with some crushed ice, just a splash of water to open up the flavor... Huh. It's almost 0900 here... it's 1700 somewhere... Where's that bottle? From andy.mac at global-domination.org Fri Jun 15 14:11:16 2007 From: andy.mac at global-domination.org (Andrew MacLachlan) Date: Fri Jun 15 14:11:13 2007 Subject: [Fwd: Some highlights about BarricadeMX] Message-ID: 17:00?? I consider anything before noon to be bad form, but any time after then is acceptable -Cheers! -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Tim Sailer Sent: 15 June 2007 13:48 To: MailScanner discussion Subject: Re: [Fwd: Some highlights about BarricadeMX] On Thu, Jun 14, 2007 at 04:43:22PM -0700, Scott Silva wrote: > I haven't yet acquired the taste for single malts yet...the peat is a little > bitter for me. But my neighbor says he will be bringing me to the dark side > soon. Maybe with a Sherry-cask aged variety. Nah... that's what makes it so nice... Laugavaulin (I think that's how you spell it... I just drink it) is my favorite. *Very* smokey and peaty... I put 2 fingers (holding out hand with index and pinky fingers extended) into a glass with some crushed ice, just a splash of water to open up the flavor... Huh. It's almost 0900 here... it's 1700 somewhere... Where's that bottle? -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message was scanned by ESVA and is believed to be clean. Click here to report this message as spam. http://mail-gw.global-domination.org/cgi-bin/learn-msg.cgi?id=DAA1328223 .BDD52 -- This message was scanned by ESVA and is believed to be clean. From paul.hutchings at mira.co.uk Fri Jun 15 14:39:02 2007 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Fri Jun 15 14:39:10 2007 Subject: Phishing Detection Bug? Message-ID: Any ideas why this isn't being flagged?
Dear Halifax Bank Customers,
Halifax Bank is constantly working to increase security for all online Banking users. To ensure the integrity
of our online payment system, we periodically review accounts.Your account might be place on restricted
status.Restricted accounts continue to receive payments, but they are limited in their ability to send or withdraw funds. To lift up this restriction, you need to login into your account, then you have to complete our verification process.
However, failure to update your records will result in account termination. Please update your records before June 19th 2007.
As part of our security measures, We believe that, in everything else, you deserve the best in banking too. Therefore protective measures is been applied to satisfy our striving customer needs.
You must confirm your details and your billing information as well. To initiate the billing update confirmation
process If you are the rightful holder of the account you must click the link below and then complete all steps from the following page as we try to verify your identity.

Click here to verify your account

Restricted accounts have their billing information unconfirmed,meaning that you may no longer send money
from your account until you have updated your billing information on file.

Please do not reply to this e-mail. Mail sent to this address cannot be answered.For assistance, log in to our account and choose the "Help" link in the footer of any page.

To receive email notifications in plain text instead of HTML, update your preferences here.

Thank you for using Halifax!

Paul Hutchings Network Administrator, MIRA Ltd. Tel: 44 (0)24 7635 5378 Fax: 44 (0)24 7635 8378 mailto:paul.hutchings@mira.co.uk -- MIRA Ltd. Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From rpoe at plattesheriff.org Fri Jun 15 15:50:43 2007 From: rpoe at plattesheriff.org (Rob Poe) Date: Fri Jun 15 15:51:24 2007 Subject: MailScanner / Clam .. (grrrr) Message-ID: <467260F3020000A200006161@platteco-2.plattesheriff.org> This is Clam 0.90.3 >>> "Randal, Phil" 06/15/07 1:59 AM >>> Yes, It sure does. Taking forever to load the virus database is a known "feature" of ClamAV 0.90.x. It's fixed in ClamAV 0.91RC. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Rob Poe > Sent: 15 June 2007 07:34 > To: mailscanner@lists.mailscanner.info > Subject: MailScanner / Clam .. (grrrr) > > Well, I've finally figured out on the boxes that the > Mail::ClamAV won't install with CPAN -- how to get them to > install via RPM (not exactly a fun time figuring that out) .. > the DAG repo for Centos is where I got everything (they have > the perl-mail-clamav module, the perl-inline-perl, and > obviously the clamav). > > now, however, when MailScanner is starting, it takes a > LOOOOOOOOONNNNNNNG time to get the children to start. > > (on the order of 5 minutes) > > the MailScanner --lint isn't that slow though.. > > output from top looks something like ... > > > 16477 root 25 0 65128 63M 3688 R 20.6 2.5 0:17 > 0 MailScanner > 16498 root 25 0 64908 63M 3684 R 19.6 2.5 0:13 > 0 MailScanner > 16503 root 25 0 64684 63M 3684 R 19.6 2.5 0:10 > 0 MailScanner > 16506 root 25 0 63748 62M 3684 R 19.6 2.4 0:08 > 0 MailScanner > 16510 root 25 0 60668 59M 3680 R 19.6 2.3 0:07 > 0 MailScanner > > But once it's started, it works a treat > > Jun 15 01:32:03 mail MailScanner[16477]: > ClamAVModule::INFECTED:: Eicar-Test-Signature:: > ./l5F6T5xE016496/msg-16477-1.txt > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From rpoe at plattesheriff.org Fri Jun 15 15:51:01 2007 From: rpoe at plattesheriff.org (Rob Poe) Date: Fri Jun 15 15:51:54 2007 Subject: MailScanner / Clam .. (grrrr) Message-ID: <46726105020000A200006164@platteco-2.plattesheriff.org> >>> "Randal, Phil" 06/15/07 6:06 AM >>> OK, on my test (completely unloaded) CentOS 5 box MailScanner starts all its children thus (to nearest 10 seconds, I hate excessive precision): without clamavmodule: 40 seconds with clamavmodule: 190 seconds Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Randal, Phil > Sent: 15 June 2007 07:59 > To: MailScanner discussion > Subject: RE: MailScanner / Clam .. (grrrr) > > Yes, > > It sure does. > > Taking forever to load the virus database is a known > "feature" of ClamAV > 0.90.x. > > It's fixed in ClamAV 0.91RC. > > Cheers, > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Rob Poe > > Sent: 15 June 2007 07:34 > > To: mailscanner@lists.mailscanner.info > > Subject: MailScanner / Clam .. (grrrr) > > > > Well, I've finally figured out on the boxes that the > > Mail::ClamAV won't install with CPAN -- how to get them to > > install via RPM (not exactly a fun time figuring that out) .. > > the DAG repo for Centos is where I got everything (they have > > the perl-mail-clamav module, the perl-inline-perl, and > > obviously the clamav). > > > > now, however, when MailScanner is starting, it takes a > > LOOOOOOOOONNNNNNNG time to get the children to start. > > > > (on the order of 5 minutes) > > > > the MailScanner --lint isn't that slow though.. > > > > output from top looks something like ... > > > > > > 16477 root 25 0 65128 63M 3688 R 20.6 2.5 0:17 > > 0 MailScanner > > 16498 root 25 0 64908 63M 3684 R 19.6 2.5 0:13 > > 0 MailScanner > > 16503 root 25 0 64684 63M 3684 R 19.6 2.5 0:10 > > 0 MailScanner > > 16506 root 25 0 63748 62M 3684 R 19.6 2.4 0:08 > > 0 MailScanner > > 16510 root 25 0 60668 59M 3680 R 19.6 2.3 0:07 > > 0 MailScanner > > > > But once it's started, it works a treat > > > > Jun 15 01:32:03 mail MailScanner[16477]: > > ClamAVModule::INFECTED:: Eicar-Test-Signature:: > > ./l5F6T5xE016496/msg-16477-1.txt > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From rpoe at plattesheriff.org Fri Jun 15 15:55:04 2007 From: rpoe at plattesheriff.org (Rob Poe) Date: Fri Jun 15 15:55:58 2007 Subject: MailScanner / Clam .. (grrrr) Message-ID: <467261F8020000A200006169@platteco-2.plattesheriff.org> Oh yeah, if I remove ClamAVModule from the MailScanner.conf it's a startup of a few seconds. >Try commenting out the clamavmodule from your scanner list and see if the l>oad times come down. From andy.mac at global-domination.org Fri Jun 15 15:57:38 2007 From: andy.mac at global-domination.org (Andrew MacLachlan) Date: Fri Jun 15 15:57:46 2007 Subject: Phishing Detection Bug? Message-ID: Because the English is so bad? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Hutchings Sent: 15 June 2007 14:39 To: MailScanner discussion Subject: Phishing Detection Bug? Any ideas why this isn't being flagged?
Dear Halifax Bank Customers,
Halifax Bank is constantly working to increase security for all online Banking users. To ensure the integrity
of our online payment system, we periodically review accounts.Your account might be place on restricted
status.Restricted accounts continue to receive payments, but they are limited in their ability to send or withdraw funds. To lift up this restriction, you need to login into your account, then you have to complete our verification process.
However, failure to update your records will result in account termination. Please update your records before June 19th 2007.
As part of our security measures, We believe that, in everything else, you deserve the best in banking too. Therefore protective measures is been applied to satisfy our striving customer needs.
You must confirm your details and your billing information as well. To initiate the billing update confirmation
process If you are the rightful holder of the account you must click the link below and then complete all steps from the following page as we try to verify your identity.

Click here to verify your account

Restricted accounts have their billing information unconfirmed,meaning that you may no longer send money
from your account until you have updated your billing information on file.

Please do not reply to this e-mail. Mail sent to this address cannot be answered.For assistance, log in to our account and choose the "Help" link in the footer of any page.

To receive email notifications in plain text instead of HTML, update your preferences here.

Thank you for using Halifax!

Paul Hutchings Network Administrator, MIRA Ltd. Tel: 44 (0)24 7635 5378 Fax: 44 (0)24 7635 8378 mailto:paul.hutchings@mira.co.uk -- MIRA Ltd. Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message was scanned by ESVA and is believed to be clean. Click here to report this message as spam. http://mail-gw.global-domination.org/cgi-bin/learn-msg.cgi?id=5E27F28223 .5AF12 -- This message was scanned by ESVA and is believed to be clean. From ssilva at sgvwater.com Fri Jun 15 17:09:11 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 15 17:09:43 2007 Subject: OT: Re: [Fwd: Some highlights about BarricadeMX] In-Reply-To: <223f97700706141835s18f6fd0bqdeb8711ccdd5946@mail.gmail.com> References: <46719B9F.9070305@fsl.com> <223f97700706141525k23d6f469s9a44d0a8f964b08c@mail.gmail.com> <4671CDD5.4020504@fsl.com> <223f97700706141835s18f6fd0bqdeb8711ccdd5946@mail.gmail.com> Message-ID: Glenn Steen spake the following on 6/14/2007 6:35 PM: > On 15/06/07, Steve Freegard wrote: >> Glenn Steen wrote: >> > Why isn't Anthony part of this list?! He should be, to collect all >> > very sane spam-fighters in one forum:-D. >> >> He currently reads the list via GMANE - but I agree he probably sould >> be ;-) >> >> > .... Makes me want to buy BMX... The combination sounds like the >> > "ultimate condom"... >> >> ROFL - I might have to use that in our Marketing material ;-) >> >> Great, because this was exactly what we were attempting to do. >> >> > Cheers (One day early, with yet a new batch of Single Malts... not >> > only Islay (note: correct spelling:) this time... topped of with a >> > nice Rioja:-) >> >> Whiskey and Red Wine?!? - sounds lethal to me (but I was always a >> lightweight: http://www.jules.fm/gallery/v/swaneyuk/DSC08665.png.html). > > Yeah, well... you can't swill down malt whiskey to the food... Not > andalusian (food) anyway, so ... "roaring headache, here I come":-) > > Cheers Can you ever really "swill" down a good whiskey? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Fri Jun 15 17:38:47 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 15 17:39:40 2007 Subject: [Fwd: Some highlights about BarricadeMX] In-Reply-To: <223f97700706141841t46b35479wa4feb5fc06bab49f@mail.gmail.com> References: <46719B9F.9070305@fsl.com> <223f97700706141525k23d6f469s9a44d0a8f964b08c@mail.gmail.com> <223f97700706141841t46b35479wa4feb5fc06bab49f@mail.gmail.com> Message-ID: Glenn Steen spake the following on 6/14/2007 6:41 PM: > On 15/06/07, Scott Silva wrote: >> Glenn Steen spake the following on 6/14/2007 3:25 PM: >> > On 14/06/07, Steve Freegard wrote: >> >> Cross posting Anthony's reply to Rob as Anthony is not a member of >> this >> >> list. >> >> >> > (snip Antonys very sane reply...) >> > Why isn't Anthony part of this list?! He should be, to collect all >> > very sane spam-fighters in one forum:-D. >> > .... Makes me want to buy BMX... The combination sounds like the >> > "ultimate condom"... Now that I've finally found the problem with the >> > primary MX (bad RAM, that the HP support pack missed completely.... >> > Sigh) >> > >> > Cheers (One day early, with yet a new batch of Single Malts... not >> > only Islay (note: correct spelling:) this time... topped of with a >> > nice Rioja:-) >> I haven't yet acquired the taste for single malts yet...the peat is a >> little >> bitter for me. But my neighbor says he will be bringing me to the dark >> side >> soon. Maybe with a Sherry-cask aged variety. >> > Ladies drink?! Ohmegod...:-). I did taste a nice double-wood Balvenie > earlier tonight, but it pales beside the freshness of a citrusy > full-bodied Ardbeg (and the Macallan, Caol Isla... and somewhat weaker > Scapa, Glenkichie, Cardhu, Tamdhu.....:-) I sampled a bit later on... > As they say, it's an acquired tase... But once you're hooked...:-) > > Cheers I had no problem "acquiring" the taste for a good bourbon, or maybe even an irish single malt, but I just need a little more time with the "subtle" ;-) flavors that a good scotch has. And I am not one to give up easily. I'll get there even if I have to drink the whole bottle! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From glenn.steen at gmail.com Fri Jun 15 17:43:20 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 15 17:43:24 2007 Subject: OT: Re: [Fwd: Some highlights about BarricadeMX] In-Reply-To: References: <46719B9F.9070305@fsl.com> <223f97700706141525k23d6f469s9a44d0a8f964b08c@mail.gmail.com> <4671CDD5.4020504@fsl.com> <223f97700706141835s18f6fd0bqdeb8711ccdd5946@mail.gmail.com> Message-ID: <223f97700706150943k5eae8bf3w31b171daf10ad9fc@mail.gmail.com> If you apply yourself;). -- -- Glenn (using the mobile phone, sorry about the quoting) On 15/06/07, Scott Silva wrote: > Glenn Steen spake the following on 6/14/2007 6:35 PM: > > On 15/06/07, Steve Freegard wrote: > >> Glenn Steen wrote: > >> > Why isn't Anthony part of this list?! He should be, to collect all > >> > very sane spam-fighters in one forum:-D. > >> > >> He currently reads the list via GMANE - but I agree he probably sould > >> be ;-) > >> > >> > .... Makes me want to buy BMX... The combination sounds like the > >> > "ultimate condom"... > >> > >> ROFL - I might have to use that in our Marketing material ;-) > >> > >> Great, because this was exactly what we were attempting to do. > >> > >> > Cheers (One day early, with yet a new batch of Single Malts... not > >> > only Islay (note: correct spelling:) this time... topped of with a > >> > nice Rioja:-) > >> > >> Whiskey and Red Wine?!? - sounds lethal to me (but I was always a > >> lightweight: http://www.jules.fm/gallery/v/swaneyuk/DSC08665.png.html). > > > > Yeah, well... you can't swill down malt whiskey to the food... Not > > andalusian (food) anyway, so ... "roaring headache, here I come":-) > > > > Cheers > Can you ever really "swill" down a good whiskey? > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Fri Jun 15 17:50:19 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 15 17:51:03 2007 Subject: Wrong MPEG movie detection (for e-mails written in czech language) In-Reply-To: <467259C1.1030806@juli.cz> References: <46724A6C.8080403@juli.cz> <625385e30706150119t32b0d216jfb62e8406c2502c8@mail.gmail.com> <467259C1.1030806@juli.cz> Message-ID: Petr Zeman spake the following on 6/15/2007 2:20 AM: > shuttlebox napsal(a): >> On 6/15/07, Petr Zeman wrote: >>> Hello, >>> >>> after MailScanner upgrade from old old version to 4.61.2 have problem. I >>> found too much e-mails marked as "MailScanner: No MPEG movies allowed". >>> After "little" analysis i found this: when e-mail begin with "V?en? >>> pane" (english equivalent "Dear Sir") in ISO-8859-2 encoding, is >>> detected as MPEG video. Is possibe to make in the future better MPEG >>> detection ? >> >> File type detection is made by the "file" command, not MailScanner >> itself. Read the manual page for file if you want to know how to >> adjust it yourself. >> > > > thnx for help, > > "file" detects it as MPEG-4 LOAS. Only first 2 letters is enough for > "txt file" detection as "MPEG-4 stream". Something wrong in "file" utility. > > > Petr > The problem is that those strings are the most common "magic" to detect an mpeg. It is not the file commands problem, the designers of that format neglected to add a better magic into their file format. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mkercher at nfsmith.com Fri Jun 15 20:42:58 2007 From: mkercher at nfsmith.com (Mike Kercher) Date: Fri Jun 15 20:43:02 2007 Subject: ClamAVModule Not Found ... References: <46717781020000A200006146@platteco-2.plattesheriff.org> Message-ID: <224FA7E11EA39E45843E11CEBBD3A36F0935AE@HOUPEX01.nfsmith.info> Try running ldconfig and try again. -Mike ______________________ ROFL:ROFL:ROFL:ROFL __^__ L __/ []\ LOL===_ \ L \________] I I -------/ -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rob Poe Sent: Thursday, June 14, 2007 5:15 PM To: mailscanner@lists.mailscanner.info Subject: ClamAVModule Not Found ... On a (actually, two) Centos 4.x box I'm now having the same issue I had on the Centos 3.x box. Clam 0.90.3 MailScanner 4.60.8-1 The Mail::ClamAV failed to compile in CPAN, but compiled well outside of CPAN .. to the make / make install CPAN now reports it is up to date, but in MailScanner I get Jun 14 17:05:23 mail MailScanner[30466]: ClamAV Perl module not found, did you install it? Cleaned up the install, retried it in CPAN -- this is what I get Running make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/Mail-ClamAV.... # Failed test 'use Mail::ClamAV;' # at t/Mail-ClamAV.t line 9. # Tried to use 'Mail::ClamAV'. # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' # # Can't load '/root/.cpan/build/Mail-ClamAV-0.20/blib/arch/auto/Mail/ClamAV/ClamAV.so ' for module Mail::ClamAV: libclamav.so.2: cannot open shared object file: No such file or directory at /usr/lib/perl5/5.8.5/i386-linux-thread-multi/DynaLoader.pm line 230. # at /usr/lib/perl5/site_perl/5.8.5/Inline.pm line 500 # # # at /root/.cpan/build/Mail-ClamAV-0.20/blib/lib/Mail/ClamAV.pm line 173 # BEGIN failed--compilation aborted at t/Mail-ClamAV.t line 9. # Compilation failed in require at (eval 3) line 2. # BEGIN failed--compilation aborted at (eval 3) line 2. t/Mail-ClamAV....NOK 1"all" is not defined in %Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t line 11 Can't continue after import errors at t/Mail-ClamAV.t line 11 # Looks like you planned 10 tests but only ran 1. # Looks like you failed 1 test of 1 run. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Fri Jun 15 22:15:49 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 15 22:15:51 2007 Subject: Beta release 4.61.3 In-Reply-To: References: <4671129F.80201@ecs.soton.ac.uk> Message-ID: <223f97700706151415q723d63f6ya68adbae8d92d180@mail.gmail.com> On 15/06/07, Stein, Mr. Fred wrote: > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Thursday, June 14, 2007 6:04 AM > To: MailScanner discussion; MailScanner beta testers > Subject: Beta release 4.61.3 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have just released the latest beta, 4.61.3. > I would particularly like clamd users and Postfix users to test this > release, please. > > Download as usual from www.mailscanner.info. > > New additions in this beta versus the previous beta are: > 3 'MailScanner --lint' now finds clamd virus scanner. > 3 Made clamd subsys lock file blank by default, so it works on non-Linux > systems. > 3 Added another example to the Allowed Sophos Error Messages setting for > password-protected files. > 3 Fixed "identified/found" bug in AVG parser. > 3 Fixed bugs in Panda and AVG parsers courtesy of Rick Cooper. > 3 Fixed bug in Postfix handler which caused a problem with empty > messages. > > The entire Change Log for this version is currently: > > * New Features and Improvements * > 1 Direct support for the "clamd" virus scanner -- now talks directly to > the > clamd daemon without any overhead of calling clamd-wrapper or > clamdscan. > As a result, this should be faster than the previous clamd support. > It also has a much smaller memory footprint than the "clamavmodule" > scanner. > This is all thanks to Rick Cooper who wrote the original code. > New configuration options are > - Clamd Port = 3310 > - Clamd Socket = /tmp/clamd > - Clamd Lock File = /var/lock/subsys/clamd > - Clamd Use Threads = no > The use of these settings is explained in the MailScanner.conf file. > 2 Changed session handling in direct clamd virus scanner support. > 3 'MailScanner --lint' now finds clamd virus scanner. > 3 Made clamd subsys lock file blank by default, so it works on non-Linux > systems. > 3 Added another example to the Allowed Sophos Error Messages setting for > password-protected files. > > * Fixes * > 2 Fixed bug in auto-zip feature with a message containing 2 attachments > with > the same filename. > 2 Fixed bug in auto-zip feature that would allow zipping of an > attachment > which had been cleaned out of the message. > 3 Fixed "identified/found" bug in AVG parser. > 3 Fixed bugs in Panda and AVG parsers courtesy of Rick Cooper. > 3 Fixed bug in Postfix handler which caused a problem with empty > messages. > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.1 (Build 1012) > Charset: ISO-8859-1 > > wj8DBQFGcRKiEfZZRxQVtlQRAtliAKCgWYm6Rw05c9kAIu5Rv5S3S6e5gwCaAp6t > kQUYsCd1oLtmm32euXG+5Lg= > =G7Oz > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Postfix 2.43 > Clamavmodule > Bitdefender > f-prot > Batch processing time has risen from ~7 to 9 secs a batch to 14 to 22 > sec a batch. 1 message in each batch, if 2 messages it goes to 30+ > seconds > > Fred Yes, this is very likely due to the spin-through of the body, which will punish larger messages more. I plan to make a small enhancemet, so that we only do that when there is p records to handle. When there are, we cannot avoid the spinn-through. Not before monday, an traveling without net access, apart from the phone. . . It's a bit of a chore tapping this in, even with T9:-). > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From res at ausics.net Fri Jun 15 22:37:27 2007 From: res at ausics.net (Res) Date: Fri Jun 15 22:37:37 2007 Subject: Phishing Detection Bug? In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NotDashEscaped: You need GnuPG to verify this message On Fri, 15 Jun 2007, Andrew MacLachlan wrote: > Because the English is so bad? *sigh* It's not detected because there is no discrepancy in the URL to hyperlink, not that I can see in how pine displays the code anyway. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul > Hutchings > Sent: 15 June 2007 14:39 > To: MailScanner discussion > Subject: Phishing Detection Bug? > > Any ideas why this isn't being flagged? > > > >
Dear Halifax > Bank > Customers,
>
>
Halifax Bank is > > constantly working to increase security for all online > Banking > users. To ensure the integrity
of our online payment > system, we > periodically review accounts.Your account might be place on > restricted
status. size=2>Restricted > accounts continue to receive payments, but they are limited > in their > ability to send or withdraw funds. To lift up this > restriction, you > need to login into your account, then you have to complete > our > verification process.
>
>
However, > failure to > update your records will result in account termination. > Please > update your records before June 19th 2007.
>
>
As part of our > security > measures, We believe that, in everything else, you deserve > the best > in banking too. Therefore protective measures is been > applied to > satisfy our striving customer needs.
>
>
You must > confirm your > details and your billing information as well. To initiate > the > billing update confirmation
process face=Verdana > size=2>If you are the rightful holder of the account you > must > click the link below and then complete all steps from > the > following page as we try to verify your > identity.

> href="http://southernmainefoosball.com/bb/uploads/halifax-online.co.uk/_ > mem_/formslogin.asp/" > target=_blank rel=nofollow>Click here to verify > your > account
>

Restricted > accounts have > their billing information unconfirmed,meaning that you may > no longer > send money
from your account until you have updated your > billing > information on file.

>
>
>
>

Please do not > reply to > this e-mail. Mail sent to this address cannot be > answered.For assistance, > > href="http://southernmainefoosball.com/bb/uploads/halifax-online.co.uk/_ > mem_/formslogin.asp/" > target=_blank rel=nofollow>log in to our account and > choose the > "Help" link in the footer of any page.

face=Verdana size=2> >

To receive email > notifications in plain text instead of HTML, update your > preferences > > href="http://southernmainefoosball.com/bb/uploads/halifax-online.co.uk/_ > mem_/formslogin.asp/" > target=_blank rel=nofollow>here.

>

Thank you for > using > Halifax!

>

>

> > Paul Hutchings > Network Administrator, MIRA Ltd. > Tel: 44 (0)24 7635 5378 > Fax: 44 (0)24 7635 8378 > mailto:paul.hutchings@mira.co.uk > > > -- Cheers Res -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGcwaXsWhAmSIQh7MRAirHAJ9sn10S+tsFmNxXUZbNa9jVodZ6GgCfQXnt cizWqxsJ7nRdmtk7PAFm9mk= =wJGp -----END PGP SIGNATURE----- From am.lists at gmail.com Sat Jun 16 02:19:31 2007 From: am.lists at gmail.com (am.lists) Date: Sat Jun 16 02:19:34 2007 Subject: DomainKeys and DKIM signing support In-Reply-To: References: Message-ID: <25a66d840706151819y35cc3949if56eb0fcdaad225b@mail.gmail.com> On 6/10/07, Andrew MacLachlan wrote: > The Postfix way of doing it is that PF signs outbound messages based on > a rule (very similar to an MS rule) and doesn't check inbound messages - > The recommendation is to let SA score the inbound message (i.e. DKIM OK, > score = 0, DKIM fails score = 5) - the same as you should do for SPF. > Because a message is signed, you shouldn't trust it, however if it > fails, the don't trust it. (e.g. a yahoo message that isn't signed > shouldn't be trusted, because all legit yahoo messages are - and the > DKIM framework says so... - same goes for all other organisations that > use DKIM like Dell.) > > -Andy > I realize this thread is a bit old now, but to bring up another point about DKIM and signing, trusting a message purely based on DKIM pass is a bad thing. Simultenously, failing a message purely based on a DKIM fail is an equally bad thing. Reason: Different MTA plug-ins use different methods for pulling the private key from DNS. Remember DNS uses UDP (the "unreliable data protocol") and in my experience, I occasionally (not always, but more than just sometimes) see "temp fail" on a message that is signed and the key is there. The error in the header just says "temp fail, couldn't retrieve key" -- and if I recall correctly, the DKIM plugins for SA/MS do not tell you if it was a temp fail or a flat our key did not decrypt successfully. I think it's a great idea, but the technology framework seems to not be perfectly fortified well enough to pass/fail solely based on it. Bumping a point or two in SA score is valid, but I wouldn't say pass=0, fail=5 just yet. Angelo From am.lists at gmail.com Sat Jun 16 02:23:51 2007 From: am.lists at gmail.com (am.lists) Date: Sat Jun 16 02:23:58 2007 Subject: Phishing Detection Bug? In-Reply-To: References: Message-ID: <25a66d840706151823n2f58c54ajf7c5de1505831b32@mail.gmail.com> Guessing, but two line breaks between the opening and tags does not display text that has a domain.tld within it, it merely says "log in" Angelo From am.lists at gmail.com Sat Jun 16 02:27:17 2007 From: am.lists at gmail.com (am.lists) Date: Sat Jun 16 02:27:20 2007 Subject: Wrong MPEG movie detection (for e-mails written in czech language) In-Reply-To: References: <46724A6C.8080403@juli.cz> <625385e30706150119t32b0d216jfb62e8406c2502c8@mail.gmail.com> <467259C1.1030806@juli.cz> Message-ID: <25a66d840706151827u1c48384dmab98b2dd7e8b5ab7@mail.gmail.com> >> On 6/15/07, Petr Zeman wrote: >>> Hello, >>> >>> after MailScanner upgrade from old old version to 4.61.2 have problem. I >>> found too much e-mails marked as "MailScanner: No MPEG movies allowed". >>> After "little" analysis i found this: when e-mail begin with "V?en? >>> pane" (english equivalent "Dear Sir") in ISO-8859-2 encoding, is >>> detected as MPEG video. Is possibe to make in the future better MPEG >>> detection ? Maybe have all of your users write their mail in English only for now, until this gets sorted out. LOL Just kidding, of course. :-) Like others say, the file format is inherently not "unique" enough, and normally I would not suggest modifying a system-level utility like "file" but your case is problematic enough that you may have to do so. Angelo From hvdkooij at vanderkooij.org Sat Jun 16 08:27:13 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Jun 16 08:28:03 2007 Subject: Rules du jour update error In-Reply-To: <00b801c7af34$fcd22860$3f01a8c0@dbdomain.database.it> References: <46724A6C.8080403@juli.cz><625385e30706150119t32b0d216jfb62e8406c2502c8@mail.gmail.com> <467259C1.1030806@juli.cz> <00b801c7af34$fcd22860$3f01a8c0@dbdomain.database.it> Message-ID: On Fri, 15 Jun 2007, Marcello Anderlini wrote: > In these last two day I'm getting this error when rules du jour try to > update. ... > I get the same error on two machine, I've not changed nothing. >From a practical point. The fact that you use an automated update system means you change things all the time. Which means the double negate might be true but not what you mtried to say. Any automated update is in fact a hidden change you need to be aware of as a potential source of problems. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From uxbod at splatnix.net Sat Jun 16 11:29:17 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Sat Jun 16 11:26:22 2007 Subject: MailScanner / Clam .. (grrrr) In-Reply-To: <46726105020000A200006164@platteco-2.plattesheriff.org> References: <46726105020000A200006164@platteco-2.plattesheriff.org> Message-ID: <4673BB7D.9060101@splatnix.net> Why not use clamd direct ? Rob Poe wrote: >>>> "Randal, Phil" 06/15/07 6:06 AM >>> >>>> > OK, on my test (completely unloaded) CentOS 5 box MailScanner starts all > its children thus (to nearest 10 seconds, I hate excessive precision): > > without clamavmodule: 40 seconds > > with clamavmodule: 190 seconds > > Cheers, > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Randal, Phil >> Sent: 15 June 2007 07:59 >> To: MailScanner discussion >> Subject: RE: MailScanner / Clam .. (grrrr) >> >> Yes, >> >> It sure does. >> >> Taking forever to load the virus database is a known >> "feature" of ClamAV >> 0.90.x. >> >> It's fixed in ClamAV 0.91RC. >> >> Cheers, >> >> Phil >> >> -- >> Phil Randal >> Network Engineer >> Herefordshire Council >> Hereford, UK >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>> Of Rob Poe >>> Sent: 15 June 2007 07:34 >>> To: mailscanner@lists.mailscanner.info >>> Subject: MailScanner / Clam .. (grrrr) >>> >>> Well, I've finally figured out on the boxes that the >>> Mail::ClamAV won't install with CPAN -- how to get them to >>> install via RPM (not exactly a fun time figuring that out) .. >>> the DAG repo for Centos is where I got everything (they have >>> the perl-mail-clamav module, the perl-inline-perl, and >>> obviously the clamav). >>> >>> now, however, when MailScanner is starting, it takes a >>> LOOOOOOOOONNNNNNNG time to get the children to start. >>> >>> (on the order of 5 minutes) >>> >>> the MailScanner --lint isn't that slow though.. >>> >>> output from top looks something like ... >>> >>> >>> 16477 root 25 0 65128 63M 3688 R 20.6 2.5 0:17 >>> 0 MailScanner >>> 16498 root 25 0 64908 63M 3684 R 19.6 2.5 0:13 >>> 0 MailScanner >>> 16503 root 25 0 64684 63M 3684 R 19.6 2.5 0:10 >>> 0 MailScanner >>> 16506 root 25 0 63748 62M 3684 R 19.6 2.4 0:08 >>> 0 MailScanner >>> 16510 root 25 0 60668 59M 3680 R 19.6 2.3 0:07 >>> 0 MailScanner >>> >>> But once it's started, it works a treat >>> >>> Jun 15 01:32:03 mail MailScanner[16477]: >>> ClamAVModule::INFECTED:: Eicar-Test-Signature:: >>> ./l5F6T5xE016496/msg-16477-1.txt >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Jun 16 16:16:37 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 16 16:44:25 2007 Subject: Beta release 4.61.3 In-Reply-To: <20070614112002.C2A4EFF0F@mx-a.vdnet.lt> References: <4671129F.80201@ecs.soton.ac.uk> <20070614112002.C2A4EFF0F@mx-a.vdnet.lt> Message-ID: <4673FED5.6030306@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070616/e7ed5041/PGP.bin From mogens at fumlersoft.dk Sat Jun 16 17:02:30 2007 From: mogens at fumlersoft.dk (Mogens Melander) Date: Sat Jun 16 17:02:24 2007 Subject: Install confusion Message-ID: <4711.90.184.17.152.1182009750.squirrel@mail.fumlersoft.dk> Hi all, After my openprotect outdated, i decided to go for the "easy" install packages, and ran the openprotect-uninstall script, which really worked. No trace left of openprotect, anywhere :) I got MailScanner-install-4.60.8 and install-Clam-0.90.3-SA-3.2.0, and ran the install.sh in both. The install seem to run smooth, besides, not all the cpan installed modules where found, so they got installed again. While checking config and scripts, i notice check_mailscanner expect MailScanner.conf to reside in /etc/MailScanner but was installed in /opt/MailScanner/etc. I moved etc to /etc/MailScanner, and now MailScanner can't find the .conf. Ok, a symlink worked. After some tweeking and customizing the conf, i flicked a startup script together in /etc/rc.d/rc.mailscanner, and fired it up. All good, it worked, spam stopped flooding in (tsunami style). I does seem that MCP check is'nt working as the MCP score always is 0, and no report about what rules was used. I remembered install-clam-sa saying something about installing RulesDuJour, so i got it, did a manual install, as the install script seems confused about where to put things. I put it in /etc/mail/spamassassin/RulesDuJour, and ran the upgrade script. Edit MailScanner.conf setting "SpamAssassin Local Rules Dir" to the above path. Restarting. No --lint errors or other. Now i try to send some test-mail: GTUBE (delivered), Eicar (caught), TBTF ping (delivered), VIAGRA & CIALIS JOINT-CORPORATE RENEWAL/RE-ORDER PROGRAM (delivered), THIS ENTERPRISE IS AWESOMELY FEATURED (delivered). All tests (except eicar) have same headers: X-TIT-GPH-MailScanner: Found to be clean X-TIT-GPH-MailScanner-MCPCheck: MCP-Clean, MCP-Checker (score=0, required 5) X-TIT-GPH-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=0,required 4, autolearn=) X-TIT-GPH-MailScanner-From: nobody@nowhere.com X-Spam-Status: No I believe only TBTF should have gotten here. No report in maillog either. If i comment out "SpamAssassin Local Rules Dir" all is fine again, except MCP still does nothing. Spam-report is back, both in headers and maillog. X-TIT-GPH-MailScanner: Found to be clean X-TIT-GPH-MailScanner-MCPCheck: MCP-Clean, MCP-Checker (score=0, required 5) X-TIT-GPH-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-2.598, required 4, autolearn=not spam, BAYES_00 -2.60, DKIM_POLICY_SIGNSOME 0.00, DK_POLICY_SIGNSOME 0.00, HTML_MESSAGE 0.00) I have no clue on what is going on. I'm running Zenwalk 3.0 (slackware), sendmail 8.13.8 Any clues, anybody ? -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Sun Jun 17 11:40:56 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Jun 17 11:40:58 2007 Subject: [Fwd: Some highlights about BarricadeMX] In-Reply-To: References: <46719B9F.9070305@fsl.com> <223f97700706141525k23d6f469s9a44d0a8f964b08c@mail.gmail.com> <223f97700706141841t46b35479wa4feb5fc06bab49f@mail.gmail.com> Message-ID: <223f97700706170340v2d5c67d3q39808eca50085818@mail.gmail.com> On 15/06/07, Scott Silva wrote: > Glenn Steen spake the following on 6/14/2007 6:41 PM: > > On 15/06/07, Scott Silva wrote: > >> Glenn Steen spake the following on 6/14/2007 3:25 PM: > >> > On 14/06/07, Steve Freegard wrote: > >> >> Cross posting Anthony's reply to Rob as Anthony is not a member of > >> this > >> >> list. > >> >> > >> > (snip Antonys very sane reply...) > >> > Why isn't Anthony part of this list?! He should be, to collect all > >> > very sane spam-fighters in one forum:-D. > >> > .... Makes me want to buy BMX... The combination sounds like the > >> > "ultimate condom"... Now that I've finally found the problem with the > >> > primary MX (bad RAM, that the HP support pack missed completely.... > >> > Sigh) > >> > > >> > Cheers (One day early, with yet a new batch of Single Malts... not > >> > only Islay (note: correct spelling:) this time... topped of with a > >> > nice Rioja:-) > >> I haven't yet acquired the taste for single malts yet...the peat is a > >> little > >> bitter for me. But my neighbor says he will be bringing me to the dark > >> side > >> soon. Maybe with a Sherry-cask aged variety. > >> > > Ladies drink?! Ohmegod...:-). I did taste a nice double-wood Balvenie > > earlier tonight, but it pales beside the freshness of a citrusy > > full-bodied Ardbeg (and the Macallan, Caol Isla... and somewhat weaker > > Scapa, Glenkichie, Cardhu, Tamdhu.....:-) I sampled a bit later on... > > As they say, it's an acquired tase... But once you're hooked...:-) > > > > Cheers > I had no problem "acquiring" the taste for a good bourbon, or maybe even an > irish single malt, but I just need a little more time with the "subtle" ;-) > flavors that a good scotch has. And I am not one to give up easily. I'll get > there even if I have to drink the whole bottle! That's the spirit! Literally:-D Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sun Jun 17 11:43:10 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Jun 17 11:43:12 2007 Subject: DomainKeys and DKIM signing support In-Reply-To: <25a66d840706151819y35cc3949if56eb0fcdaad225b@mail.gmail.com> References: <25a66d840706151819y35cc3949if56eb0fcdaad225b@mail.gmail.com> Message-ID: <223f97700706170343l5a742c7dy6313d30ec50ea293@mail.gmail.com> On 16/06/07, am.lists wrote: > On 6/10/07, Andrew MacLachlan wrote: > > The Postfix way of doing it is that PF signs outbound messages based on > > a rule (very similar to an MS rule) and doesn't check inbound messages - > > The recommendation is to let SA score the inbound message (i.e. DKIM OK, > > score = 0, DKIM fails score = 5) - the same as you should do for SPF. > > Because a message is signed, you shouldn't trust it, however if it > > fails, the don't trust it. (e.g. a yahoo message that isn't signed > > shouldn't be trusted, because all legit yahoo messages are - and the > > DKIM framework says so... - same goes for all other organisations that > > use DKIM like Dell.) > > > > -Andy > > > > > I realize this thread is a bit old now, but to bring up another point > about DKIM and signing, trusting a message purely based on DKIM pass > is a bad thing. Simultenously, failing a message purely based on a > DKIM fail is an equally bad thing. Reason: Different MTA plug-ins use > different methods for pulling the private key from DNS. Remember DNS > uses UDP (the "unreliable data protocol") and in my experience, I Even though I think you are essintially correct.... It's "user datagram protocol:-) > occasionally (not always, but more than just sometimes) see "temp > fail" on a message that is signed and the key is there. The error in > the header just says "temp fail, couldn't retrieve key" -- and if I > recall correctly, the DKIM plugins for SA/MS do not tell you if it was > a temp fail or a flat our key did not decrypt successfully. > > I think it's a great idea, but the technology framework seems to not > be perfectly fortified well enough to pass/fail solely based on it. > Bumping a point or two in SA score is valid, but I wouldn't say > pass=0, fail=5 just yet. > > Angelo Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sun Jun 17 11:48:32 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Jun 17 11:48:33 2007 Subject: Wrong MPEG movie detection (for e-mails written in czech language) In-Reply-To: <25a66d840706151827u1c48384dmab98b2dd7e8b5ab7@mail.gmail.com> References: <46724A6C.8080403@juli.cz> <625385e30706150119t32b0d216jfb62e8406c2502c8@mail.gmail.com> <467259C1.1030806@juli.cz> <25a66d840706151827u1c48384dmab98b2dd7e8b5ab7@mail.gmail.com> Message-ID: <223f97700706170348q61274f8ej7a551349eed42bb8@mail.gmail.com> On 16/06/07, am.lists wrote: > >> On 6/15/07, Petr Zeman wrote: > >>> Hello, > >>> > >>> after MailScanner upgrade from old old version to 4.61.2 have problem. I > >>> found too much e-mails marked as "MailScanner: No MPEG movies allowed". > >>> After "little" analysis i found this: when e-mail begin with "V?en? > >>> pane" (english equivalent "Dear Sir") in ISO-8859-2 encoding, is > >>> detected as MPEG video. Is possibe to make in the future better MPEG > >>> detection ? > > Maybe have all of your users write their mail in English only for now, > until this gets sorted out. > > LOL > > Just kidding, of course. :-) > > Like others say, the file format is inherently not "unique" enough, > and normally I would not suggest modifying a system-level utility like > "file" but your case is problematic enough that you may have to do so. > > Angelo > Since file is essentially meant to be interpreted by a human (no utilities, apart from systems like MailScanner ever try rely on file... Purely informational stuff, not really "system-level", IMO), it is perfectly fine to edit the magic file to suit your local situation. That some file formats are less than well endowed, in the "magic" department, is a very tired old thing... Not much to do about that, apart form "fixing" it for ones own situation. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From andy.mac at global-domination.org Sun Jun 17 18:45:13 2007 From: andy.mac at global-domination.org (Andrew MacLachlan) Date: Sun Jun 17 18:45:29 2007 Subject: DomainKeys and DKIM signing support Message-ID: On 16/06/07, am.lists wrote: > On 6/10/07, Andrew MacLachlan wrote: > > The Postfix way of doing it is that PF signs outbound messages based on > > a rule (very similar to an MS rule) and doesn't check inbound messages - > > The recommendation is to let SA score the inbound message (i.e. DKIM OK, > > score = 0, DKIM fails score = 5) - the same as you should do for SPF. > > Because a message is signed, you shouldn't trust it, however if it > > fails, the don't trust it. (e.g. a yahoo message that isn't signed > > shouldn't be trusted, because all legit yahoo messages are - and the > > DKIM framework says so... - same goes for all other organisations that > > use DKIM like Dell.) > > > > -Andy > > > > > I realize this thread is a bit old now, but to bring up another point > about DKIM and signing, trusting a message purely based on DKIM pass > is a bad thing. Simultenously, failing a message purely based on a > DKIM fail is an equally bad thing. Reason: Different MTA plug-ins use > different methods for pulling the private key from DNS. Remember DNS > uses UDP (the "unreliable data protocol") and in my experience, I Even though I think you are essintially correct.... It's "user datagram protocol:-) > occasionally (not always, but more than just sometimes) see "temp > fail" on a message that is signed and the key is there. The error in > the header just says "temp fail, couldn't retrieve key" -- and if I > recall correctly, the DKIM plugins for SA/MS do not tell you if it was > a temp fail or a flat our key did not decrypt successfully. > > I think it's a great idea, but the technology framework seems to not > be perfectly fortified well enough to pass/fail solely based on it. > Bumping a point or two in SA score is valid, but I wouldn't say > pass=0, fail=5 just yet. andy.mac> OK - 5 is a little extreme, but the most important bit was pass=0 - currently softfails generate 1.8 or so. > Angelo Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message was scanned by ESVA and is believed to be clean. Click here to report this message as spam. http://mail-gw.global-domination.org/cgi-bin/learn-msg.cgi?id=64BEB27FE2 .3D5F7 -- This message was scanned by ESVA and is believed to be clean. From ssilva at sgvwater.com Mon Jun 18 04:08:11 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jun 18 04:10:15 2007 Subject: [Fwd: Some highlights about BarricadeMX] In-Reply-To: <223f97700706141841t46b35479wa4feb5fc06bab49f@mail.gmail.com> References: <46719B9F.9070305@fsl.com> <223f97700706141525k23d6f469s9a44d0a8f964b08c@mail.gmail.com> <223f97700706141841t46b35479wa4feb5fc06bab49f@mail.gmail.com> Message-ID: Glenn Steen spake the following on 6/14/2007 6:41 PM: > On 15/06/07, Scott Silva wrote: >> Glenn Steen spake the following on 6/14/2007 3:25 PM: >> > On 14/06/07, Steve Freegard wrote: >> >> Cross posting Anthony's reply to Rob as Anthony is not a member of >> this >> >> list. >> >> >> > (snip Antonys very sane reply...) >> > Why isn't Anthony part of this list?! He should be, to collect all >> > very sane spam-fighters in one forum:-D. >> > .... Makes me want to buy BMX... The combination sounds like the >> > "ultimate condom"... Now that I've finally found the problem with the >> > primary MX (bad RAM, that the HP support pack missed completely.... >> > Sigh) >> > >> > Cheers (One day early, with yet a new batch of Single Malts... not >> > only Islay (note: correct spelling:) this time... topped of with a >> > nice Rioja:-) >> I haven't yet acquired the taste for single malts yet...the peat is a >> little >> bitter for me. But my neighbor says he will be bringing me to the dark >> side >> soon. Maybe with a Sherry-cask aged variety. >> > Ladies drink?! Ohmegod...:-). I did taste a nice double-wood Balvenie > earlier tonight, but it pales beside the freshness of a citrusy > full-bodied Ardbeg (and the Macallan, Caol Isla... and somewhat weaker > Scapa, Glenkichie, Cardhu, Tamdhu.....:-) I sampled a bit later on... > As they say, it's an acquired tase... But once you're hooked...:-) > > Cheers I would have taken it as a jab if I new better! ;-0 -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From hvdkooij at vanderkooij.org Mon Jun 18 06:28:11 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Jun 18 06:29:03 2007 Subject: [Fwd: Some highlights about BarricadeMX] In-Reply-To: References: <46719B9F.9070305@fsl.com> <223f97700706141525k23d6f469s9a44d0a8f964b08c@mail.gmail.com> <223f97700706141841t46b35479wa4feb5fc06bab49f@mail.gmail.com> Message-ID: On Sun, 17 Jun 2007, Scott Silva wrote: > Glenn Steen spake the following on 6/14/2007 6:41 PM: >> On 15/06/07, Scott Silva wrote: >>> Glenn Steen spake the following on 6/14/2007 3:25 PM: >>>> On 14/06/07, Steve Freegard wrote: If it is all the same to you. We should keep the drinking habits of the list. I don't mind either ways as I never took to it. But it must be rather uncomfortable for those that at one time had a problem with it. As I have seen how much torment it can be to a former alcoholic I would appreciate your consideration in this matter. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From martin.lyberg at gmail.com Mon Jun 18 14:30:23 2007 From: martin.lyberg at gmail.com (Martin) Date: Mon Jun 18 14:39:49 2007 Subject: New install, where are clamav-sigs located? Message-ID: Hi, I've setup a test-box with Centos, and installed MailScanner, Clamav and spamassassin through Julians installer. My question is, where are the clamav-sigs located? They used to reside in /var/lib/clamav on my Debian install. I'm about to install sanesecuritys sigs, but don't know where to put them? Anyone? From mailscanner at slackadelic.com Mon Jun 18 14:49:59 2007 From: mailscanner at slackadelic.com (Matt Hayes) Date: Mon Jun 18 14:50:08 2007 Subject: New install, where are clamav-sigs located? In-Reply-To: References: Message-ID: <46768D87.3050805@slackadelic.com> Try looking in /usr/share/clamav -Matt Martin wrote: > Hi, > > I've setup a test-box with Centos, and installed MailScanner, Clamav and > spamassassin through Julians installer. > > My question is, where are the clamav-sigs located? They used to reside > in /var/lib/clamav on my Debian install. > > I'm about to install sanesecuritys sigs, but don't know where to put them? > > Anyone? > From glenn.steen at gmail.com Mon Jun 18 15:36:54 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 18 15:36:57 2007 Subject: New install, where are clamav-sigs located? In-Reply-To: <46768D87.3050805@slackadelic.com> References: <46768D87.3050805@slackadelic.com> Message-ID: <223f97700706180736r57f59963ua83b171b0e4cb0ee@mail.gmail.com> On 18/06/07, Matt Hayes wrote: > Try looking in /usr/share/clamav > > -Matt If using Jules easy-install package, it's more likely to be /usr/local/share/clamav -- Glenn > Martin wrote: > > Hi, > > > > I've setup a test-box with Centos, and installed MailScanner, Clamav and > > spamassassin through Julians installer. > > > > My question is, where are the clamav-sigs located? They used to reside > > in /var/lib/clamav on my Debian install. > > > > I'm about to install sanesecuritys sigs, but don't know where to put them? > > > > Anyone? > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Jun 18 15:40:09 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 18 15:40:11 2007 Subject: [Fwd: Some highlights about BarricadeMX] In-Reply-To: References: <46719B9F.9070305@fsl.com> <223f97700706141525k23d6f469s9a44d0a8f964b08c@mail.gmail.com> <223f97700706141841t46b35479wa4feb5fc06bab49f@mail.gmail.com> Message-ID: <223f97700706180740ubf2c917jb5d87d70f334c882@mail.gmail.com> On 18/06/07, Hugo van der Kooij wrote: > On Sun, 17 Jun 2007, Scott Silva wrote: > > Glenn Steen spake the following on 6/14/2007 6:41 PM: > >> On 15/06/07, Scott Silva wrote: > >>> Glenn Steen spake the following on 6/14/2007 3:25 PM: > >>>> On 14/06/07, Steve Freegard wrote: > > If it is all the same to you. We should keep the drinking habits of the > list. I don't mind either ways as I never took to it. But it must be > rather uncomfortable for those that at one time had a problem with it. > > As I have seen how much torment it can be to a former alcoholic I would > appreciate your consideration in this matter. > > Hugo. > Depressing but true. I'll pretend to be more sober then:-)... Actually (and contrary to what a cursory search of the list archives might imply) my normal modus operandi... Which isn't as depressing as one might first think, considering the alternatives. Anyway, you view is duly noted. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martin.lyberg at gmail.com Mon Jun 18 14:56:23 2007 From: martin.lyberg at gmail.com (Martin) Date: Mon Jun 18 15:54:34 2007 Subject: New install, where are clamav-sigs located? In-Reply-To: <46768D87.3050805@slackadelic.com> References: <46768D87.3050805@slackadelic.com> Message-ID: Matt Hayes wrote: > Try looking in /usr/share/clamav That directory doesn't exist :( From rcooper at dwford.com Mon Jun 18 16:15:43 2007 From: rcooper at dwford.com (Rick Cooper) Date: Mon Jun 18 16:15:49 2007 Subject: New install, where are clamav-sigs located? In-Reply-To: References: <46768D87.3050805@slackadelic.com> Message-ID: <067c01c7b1bb$8ab30fe0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Martin > Sent: Monday, June 18, 2007 9:56 AM > To: mailscanner@lists.mailscanner.info > Subject: Re: New install, where are clamav-sigs located? > > Matt Hayes wrote: > > > Try looking in /usr/share/clamav > > That directory doesn't exist :( > > -- Could try locate clamav/dail.inc or locate clamav/main.inc Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martin.lyberg at gmail.com Mon Jun 18 15:43:22 2007 From: martin.lyberg at gmail.com (Martin) Date: Mon Jun 18 17:01:16 2007 Subject: New install, where are clamav-sigs located? In-Reply-To: <223f97700706180736r57f59963ua83b171b0e4cb0ee@mail.gmail.com> References: <46768D87.3050805@slackadelic.com> <223f97700706180736r57f59963ua83b171b0e4cb0ee@mail.gmail.com> Message-ID: Glenn Steen wrote: > If using Jules easy-install package, it's more likely to be > /usr/local/share/clamav Still no go :( From glenn.steen at gmail.com Mon Jun 18 17:08:52 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 18 17:08:53 2007 Subject: New install, where are clamav-sigs located? In-Reply-To: References: <46768D87.3050805@slackadelic.com> <223f97700706180736r57f59963ua83b171b0e4cb0ee@mail.gmail.com> Message-ID: <223f97700706180908l5d3dd248y99390b779d6e063c@mail.gmail.com> On 18/06/07, Martin wrote: > Glenn Steen wrote: > > > If using Jules easy-install package, it's more likely to be > > /usr/local/share/clamav > > Still no go :( > Well then... either do as Rick suggests, or check your config with clamconf ... something like: clamconf | grep DatabaseDir ... should get you there:-). Have you run freshclam? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From prandal at herefordshire.gov.uk Mon Jun 18 17:39:40 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Jun 18 17:39:52 2007 Subject: New install, where are clamav-sigs located? In-Reply-To: References: <46768D87.3050805@slackadelic.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAF791C8@HC-MBX02.herefordshire.gov.uk> freshclam --help leads you to: # freshclam -v Current working dir is /usr/local/share/clamav Max retries == 3 ClamAV update process started at Mon Jun 18 17:38:42 2007 Querying current.cvd.clamav.net TTL: 888 Software version from DNS: 0.90.3 main.cvd version from DNS: 43 main.inc is up to date (version: 43, sigs: 104500, f-level: 14, builder: sven) daily.cvd version from DNS: 3454 daily.inc is up to date (version: 3454, sigs: 23292, f-level: 16, builder: arnaud) Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Martin > Sent: 18 June 2007 14:56 > To: mailscanner@lists.mailscanner.info > Subject: Re: New install, where are clamav-sigs located? > > Matt Hayes wrote: > > > Try looking in /usr/share/clamav > > That directory doesn't exist :( > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From Heinz.Knutzen at dataport.de Mon Jun 18 17:43:15 2007 From: Heinz.Knutzen at dataport.de (Heinz.Knutzen@dataport.de) Date: Mon Jun 18 17:43:20 2007 Subject: please fix /etc/init.d/MailScanner reload for SuSE Message-ID: <6FC4FABB58655144A7EF4BBB19D90B8D01059000@wscxpr12.fhhnet.stadt.hamburg.de> The SuSE version of /etc/init.d/MailScanner reload doesn't work: Reload service MailScanner failed This has been verified with current version 4.60.8-1 of MailScanner. Please apply this patch to correct the problem: --- etc/init.d/MailScanner.orig 2007-06-18 18:20:41.478623000 +0200 +++ etc/init.d/MailScanner 2007-06-18 18:21:59.330058015 +0200 @@ -183,7 +183,7 @@ ;; reload|force-reload) echo -n "Reload service MailScanner" - killproc -p $mspid -HUP /usr/sbin/MailScanner + killproc -p $mspid -HUP MailScanner rc_status -v ;; status) This patch is similar to this one from Peter Peters: http://article.gmane.org/gmane.mail.virus.mailscanner/34895 Greetings Heinz Knutzen From MailScanner at ecs.soton.ac.uk Mon Jun 18 18:02:23 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 18 18:04:19 2007 Subject: please fix /etc/init.d/MailScanner reload for SuSE In-Reply-To: <6FC4FABB58655144A7EF4BBB19D90B8D01059000@wscxpr12.fhhnet.stadt.hamburg.de> References: <6FC4FABB58655144A7EF4BBB19D90B8D01059000@wscxpr12.fhhnet.stadt.hamburg.de> Message-ID: <4676BA9F.70505@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Many thanks for letting me know about this problem. It will be fixed in the next release. What versions of SuSE have you tested this with? Heinz.Knutzen@dataport.de wrote: > The SuSE version of > /etc/init.d/MailScanner reload > doesn't work: > Reload service MailScanner failed > > This has been verified with current version 4.60.8-1 of MailScanner. > Please apply this patch to correct the problem: > > --- etc/init.d/MailScanner.orig 2007-06-18 18:20:41.478623000 +0200 > +++ etc/init.d/MailScanner 2007-06-18 18:21:59.330058015 +0200 > @@ -183,7 +183,7 @@ > ;; > reload|force-reload) > echo -n "Reload service MailScanner" > - killproc -p $mspid -HUP /usr/sbin/MailScanner > + killproc -p $mspid -HUP MailScanner > rc_status -v > ;; > status) > > > This patch is similar to this one from Peter Peters: > http://article.gmane.org/gmane.mail.virus.mailscanner/34895 > > > Greetings > Heinz Knutzen > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGdrqiEfZZRxQVtlQRAnnxAKCaG2pv2jh6gp98jL72uFYlSdYV3wCeIUcN Fu41LbNL/THm8sCxAkId2bM= =1g43 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From theodrake at comcast.net Mon Jun 18 19:18:37 2007 From: theodrake at comcast.net (Ed Bruce) Date: Mon Jun 18 19:18:41 2007 Subject: Virus not detected Message-ID: <4676CC7D.6060708@comcast.net> Anybody get the "perfroma_invoice.doc" virus? Or is it? We have received this email attachment twice. I've run the original email through both clamav and bdc by hand and it comes up clean. I've extracted the attachment and it also comes up clean. Yes I'm seeing alot of chatter on the internet claiming it really is a virus and one person claims to have sent in the signature to clamav so it's in their database. But it scans clean for me???? From ssilva at sgvwater.com Mon Jun 18 18:47:09 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jun 18 19:20:43 2007 Subject: [Fwd: Some highlights about BarricadeMX] In-Reply-To: References: <46719B9F.9070305@fsl.com> <223f97700706141525k23d6f469s9a44d0a8f964b08c@mail.gmail.com> <223f97700706141841t46b35479wa4feb5fc06bab49f@mail.gmail.com> Message-ID: Hugo van der Kooij spake the following on 6/17/2007 10:28 PM: > On Sun, 17 Jun 2007, Scott Silva wrote: >> Glenn Steen spake the following on 6/14/2007 6:41 PM: >>> On 15/06/07, Scott Silva wrote: >>>> Glenn Steen spake the following on 6/14/2007 3:25 PM: >>>>> On 14/06/07, Steve Freegard wrote: > > If it is all the same to you. We should keep the drinking habits of the > list. I don't mind either ways as I never took to it. But it must be > rather uncomfortable for those that at one time had a problem with it. > > As I have seen how much torment it can be to a former alcoholic I would > appreciate your consideration in this matter. > > Hugo. > Done! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Jun 18 18:50:34 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jun 18 19:21:08 2007 Subject: [Fwd: Some highlights about BarricadeMX] In-Reply-To: <223f97700706180740ubf2c917jb5d87d70f334c882@mail.gmail.com> References: <46719B9F.9070305@fsl.com> <223f97700706141525k23d6f469s9a44d0a8f964b08c@mail.gmail.com> <223f97700706141841t46b35479wa4feb5fc06bab49f@mail.gmail.com> <223f97700706180740ubf2c917jb5d87d70f334c882@mail.gmail.com> Message-ID: Glenn Steen spake the following on 6/18/2007 7:40 AM: > On 18/06/07, Hugo van der Kooij wrote: >> On Sun, 17 Jun 2007, Scott Silva wrote: >> > Glenn Steen spake the following on 6/14/2007 6:41 PM: >> >> On 15/06/07, Scott Silva wrote: >> >>> Glenn Steen spake the following on 6/14/2007 3:25 PM: >> >>>> On 14/06/07, Steve Freegard wrote: >> >> If it is all the same to you. We should keep the drinking habits of the >> list. I don't mind either ways as I never took to it. But it must be >> rather uncomfortable for those that at one time had a problem with it. >> >> As I have seen how much torment it can be to a former alcoholic I would >> appreciate your consideration in this matter. >> >> Hugo. >> > Depressing but true. I'll pretend to be more sober then:-)... Actually > (and contrary to what a cursory search of the list archives might > imply) my normal modus operandi... Which isn't as depressing as one > might first think, considering the alternatives. > Anyway, you view is duly noted. > Glenn, I just always assumed that your day was ending about the time mine started. I'm at GMT -7, so that is a fair part of the day different. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Jun 18 20:13:51 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jun 18 20:14:38 2007 Subject: Virus not detected In-Reply-To: <4676CC7D.6060708@comcast.net> References: <4676CC7D.6060708@comcast.net> Message-ID: Ed Bruce spake the following on 6/18/2007 11:18 AM: > Anybody get the "perfroma_invoice.doc" virus? Or is it? We have received > this email attachment twice. I've run the original email through both > clamav and bdc by hand and it comes up clean. I've extracted the > attachment and it also comes up clean. > > Yes I'm seeing alot of chatter on the internet claiming it really is a > virus and one person claims to have sent in the signature to clamav so > it's in their database. But it scans clean for me???? Do you have a raw message sample to put up for others to test on? Did you try it on Virus Total? (http://www.virustotal.com) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From theodrake at comcast.net Mon Jun 18 20:19:01 2007 From: theodrake at comcast.net (Ed Bruce) Date: Mon Jun 18 20:19:08 2007 Subject: Virus not detected In-Reply-To: <4676CC7D.6060708@comcast.net> References: <4676CC7D.6060708@comcast.net> Message-ID: <4676DAA5.7070604@comcast.net> Ed Bruce wrote: > Anybody get the "perfroma_invoice.doc" virus? Or is it? We have received > this email attachment twice. I've run the original email through both > clamav and bdc by hand and it comes up clean. I've extracted the > attachment and it also comes up clean. > > Yes I'm seeing alot of chatter on the internet claiming it really is a > virus and one person claims to have sent in the signature to clamav so > it's in their database. But it scans clean for me???? > Well to reply to myself. This is a Word document with a macro inside of it that is an executable called Performa_Invoice.exe. If I save this off to my computer, it is scanned by eTrust antivirus and eliminated from my computer. Would be nice if this could be caught some how by clamscan and MS. From martinh at solidstatelogic.com Mon Jun 18 20:22:59 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Jun 18 20:22:58 2007 Subject: Virus not detected In-Reply-To: <4676DAA5.7070604@comcast.net> Message-ID: <10b73091399f6e49adf414b52630bd4c@solidstatelogic.com> Ed 1) Tell clamav about it 2) You allow .exes in 'blind' ...... I leave that on, it's save me a few times. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ed Bruce > Sent: 18 June 2007 20:19 > To: MailScanner discussion > Subject: Re: Virus not detected > > Ed Bruce wrote: > > Anybody get the "perfroma_invoice.doc" virus? Or is it? We have received > > this email attachment twice. I've run the original email through both > > clamav and bdc by hand and it comes up clean. I've extracted the > > attachment and it also comes up clean. > > > > Yes I'm seeing alot of chatter on the internet claiming it really is a > > virus and one person claims to have sent in the signature to clamav so > > it's in their database. But it scans clean for me???? > > > Well to reply to myself. This is a Word document with a macro inside of > it that is an executable called Performa_Invoice.exe. If I save this off > to my computer, it is scanned by eTrust antivirus and eliminated from my > computer. Would be nice if this could be caught some how by clamscan and > MS. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From hvdkooij at vanderkooij.org Mon Jun 18 20:39:18 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Jun 18 20:40:15 2007 Subject: Virus not detected In-Reply-To: <4676CC7D.6060708@comcast.net> References: <4676CC7D.6060708@comcast.net> Message-ID: On Mon, 18 Jun 2007, Ed Bruce wrote: > Anybody get the "perfroma_invoice.doc" virus? Or is it? We have received > this email attachment twice. I've run the original email through both > clamav and bdc by hand and it comes up clean. I've extracted the > attachment and it also comes up clean. > > Yes I'm seeing alot of chatter on the internet claiming it really is a > virus and one person claims to have sent in the signature to clamav so > it's in their database. But it scans clean for me???? You can send it through http://www.viruspool.net/scan.cms I will then give it the works with a bunch of scanners. But to the best of my knowledge this is not a Virus but yet another SCAM. Some other public services are faster them I am. I hope to automate a lot somewhere in July when I can work a full week on the project. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From martin.lyberg at gmail.com Tue Jun 19 08:01:32 2007 From: martin.lyberg at gmail.com (Martin) Date: Tue Jun 19 08:01:55 2007 Subject: New install, where are clamav-sigs located? In-Reply-To: <223f97700706180908l5d3dd248y99390b779d6e063c@mail.gmail.com> References: <46768D87.3050805@slackadelic.com> <223f97700706180736r57f59963ua83b171b0e4cb0ee@mail.gmail.com> <223f97700706180908l5d3dd248y99390b779d6e063c@mail.gmail.com> Message-ID: Glenn Steen wrote: > On 18/06/07, Martin wrote: >> Glenn Steen wrote: >> >> > If using Jules easy-install package, it's more likely to be >> > /usr/local/share/clamav >> >> Still no go :( >> > Well then... either do as Rick suggests, or check your config with > clamconf ... something like: > clamconf | grep DatabaseDir > ... should get you there:-). > Have you run freshclam? > Strange, tried to locate daily.inc, no match. clamconf does not exist, neither does freshclam. / Martin From nerijusb at dtiltas.lt Tue Jun 19 10:01:53 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Tue Jun 19 10:10:08 2007 Subject: New install, where are clamav-sigs located? In-Reply-To: References: <46768D87.3050805@slackadelic.com> <223f97700706180736r57f59963ua83b171b0e4cb0ee@mail.gmail.com> <223f97700706180908l5d3dd248y99390b779d6e063c@mail.gmail.com> Message-ID: <20070619091002.2E827FF17@mx-a.vdnet.lt> On Tue, 19 Jun 2007 09:01:32 +0200 Martin wrote: > Strange, tried to locate daily.inc, no match. > > clamconf does not exist, neither does freshclam. At least you should tell us your OS and how did you install clamav (from package, port or by running ./configure?). Regards, Nerijus From daniel at danielf.ch Tue Jun 19 10:20:39 2007 From: daniel at danielf.ch (Daniel Fuhrer) Date: Tue Jun 19 10:21:02 2007 Subject: MCP Check not working Message-ID: <96EF3FB3C374A64187CCB0D0DA716F2446E3@idefix.danielf.local> Hi all The MCP check is not working. Here are my settings. System: FreeBSD 5.5-RELEASE-p8 SpamAssassin version 3.002000 MailScanner version 4.60.8 I installed the patches Conf.pm.patch.3.0.0 Message.pm.patch.3.0.0 PerMsgStatus.pm.patch.3.0.0 MailScanner.conf: %mcp-dir% = /usr/local/etc/MailScanner/mcp Keep Spam And MCP Archive Clean = no MCP Checks = yes MCP Required SpamAssassin Score = 6 MCP High SpamAssassin Score = 10 MCP Error Score = 1 MCP Header = X-%org-name%-MailScanner-MCPCheck: Non MCP Actions = deliver MCP Actions = deliver High Scoring MCP Actions = delete Bounce MCP As Attachment = no MCP Modify Subject = yes MCP Subject Text = {MCP?} High Scoring MCP Modify Subject = yes High Scoring MCP Subject Text = {MCP?} Is Definitely MCP = no Is Definitely Not MCP = no Definite MCP Is High Scoring = no Always Include MCP Report = no Detailed MCP Report = yes Include Scores In MCP Report = no Log MCP = yes MCP Max SpamAssassin Timeouts = 20 MCP Max SpamAssassin Size = 100k MCP SpamAssassin Timeout = 10 MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf MCP SpamAssassin User State Dir = MCP SpamAssassin Local Rules Dir = %mcp-dir% MCP SpamAssassin Default Rules Dir = %mcp-dir% MCP SpamAssassin Install Prefix = %mcp-dir% Recipient MCP Report = %report-dir%/recipient.mcp.report.txt Sender MCP Report = %report-dir%/sender.mcp.report.txt mcp.spam.assassin.prefs.conf skip_rbl_checks 1 use_bayes 0 use_dcc 0 use_pyzor 0 use_razor1 0 use_razor2 0 decode_attachments 1 languages.conf MCP = MCP MCPSpamAssassin = MCP-Checker MCPnotspam = MCP-Clean MCPspam = MCP-Trapped MCPblacklisted = MCP-Blacklisted MCPwhitelisted = MCP-Whitelisted MCPsadisabled = MCP disabled MCPsanoheaders = MCP Message had no headers MCPsatimedout = MCP timed out I use the default rule for testing. In the logfile I get the following entry MailScanner[86752]: MCP Checks: Starting But the mails wouldn't markt as MCP. Thanks for your help. Cheers, Daniel -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070619/0be9d8dc/attachment.html From martin.lyberg at gmail.com Tue Jun 19 10:22:22 2007 From: martin.lyberg at gmail.com (Martin) Date: Tue Jun 19 10:38:08 2007 Subject: New install, where are clamav-sigs located? In-Reply-To: <20070619091002.2E827FF17@mx-a.vdnet.lt> References: <46768D87.3050805@slackadelic.com> <223f97700706180736r57f59963ua83b171b0e4cb0ee@mail.gmail.com> <223f97700706180908l5d3dd248y99390b779d6e063c@mail.gmail.com> <20070619091002.2E827FF17@mx-a.vdnet.lt> Message-ID: Nerijus Baliunas wrote: > At least you should tell us your OS and how did you install clamav (from > package, port or by running ./configure?). I did, in my first post. Centos 5. Julian's packages: MS 4.60.8-1 and ClamAV 0.90.3 and SpamAssassin 3.2.1 easy installation package / Martin From glenn.steen at gmail.com Tue Jun 19 10:46:10 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 19 10:46:12 2007 Subject: New install, where are clamav-sigs located? In-Reply-To: References: <46768D87.3050805@slackadelic.com> <223f97700706180736r57f59963ua83b171b0e4cb0ee@mail.gmail.com> <223f97700706180908l5d3dd248y99390b779d6e063c@mail.gmail.com> <20070619091002.2E827FF17@mx-a.vdnet.lt> Message-ID: <223f97700706190246s55542206h42a8ccb80f3d56a@mail.gmail.com> On 19/06/07, Martin wrote: > Nerijus Baliunas wrote: > > > At least you should tell us your OS and how did you install clamav (from > > package, port or by running ./configure?). > > I did, in my first post. > > Centos 5. Julian's packages: MS 4.60.8-1 and ClamAV 0.90.3 and > SpamAssassin 3.2.1 easy installation package > > / Martin > Well, Jules package will install clamav into /usr/local/{bin,share,etc,...}, so if it isn't there, the build proces likely borked out, for some reason. It should be perfectly harmless to rerun the package (at least the clam+SA one), so do that again... Unpack a fresh copy, cd into it, run ./install.sh ... and keep an eye out for problems! You can start s transcript session (via the script command) or redirect standard input and standard error to a file... That way you can at least go back and see what broke:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Jun 19 10:49:45 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 19 10:49:46 2007 Subject: MCP Check not working In-Reply-To: <96EF3FB3C374A64187CCB0D0DA716F2446E3@idefix.danielf.local> References: <96EF3FB3C374A64187CCB0D0DA716F2446E3@idefix.danielf.local> Message-ID: <223f97700706190249t726d25c8vc73ad480e27bed36@mail.gmail.com> On 19/06/07, Daniel Fuhrer wrote: > > > > > Hi all > > The MCP check is not working. Here are my settings. > > > > System: (snip) > Log MCP = yes (snip) Very well, Daniel... What did the log say? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martin.lyberg at gmail.com Tue Jun 19 10:55:22 2007 From: martin.lyberg at gmail.com (Martin) Date: Tue Jun 19 11:35:02 2007 Subject: New install, where are clamav-sigs located? In-Reply-To: <223f97700706190246s55542206h42a8ccb80f3d56a@mail.gmail.com> References: <46768D87.3050805@slackadelic.com> <223f97700706180736r57f59963ua83b171b0e4cb0ee@mail.gmail.com> <223f97700706180908l5d3dd248y99390b779d6e063c@mail.gmail.com> <20070619091002.2E827FF17@mx-a.vdnet.lt> <223f97700706190246s55542206h42a8ccb80f3d56a@mail.gmail.com> Message-ID: Glenn Steen wrote: > Well, Jules package will install clamav into > /usr/local/{bin,share,etc,...}, so if it isn't there, the build proces > likely borked out, for some reason. > It should be perfectly harmless to rerun the package (at least the > clam+SA one), so do that again... Unpack a fresh copy, cd into it, run > ./install.sh ... and keep an eye out for problems! > You can start s transcript session (via the script command) or > redirect standard input and standard error to a file... That way you > can at least go back and see what broke:-) Glenn, Will try to re-run setup again and watch the log. The odd thing is that clamav seems to work anyway. I send myself some Eicar messages and it was blocked. Anyway, i'll get back with the results later. Thank you / Martin From martin.lyberg at gmail.com Tue Jun 19 11:09:21 2007 From: martin.lyberg at gmail.com (Martin) Date: Tue Jun 19 11:47:01 2007 Subject: New install, where are clamav-sigs located? In-Reply-To: <223f97700706190246s55542206h42a8ccb80f3d56a@mail.gmail.com> References: <46768D87.3050805@slackadelic.com> <223f97700706180736r57f59963ua83b171b0e4cb0ee@mail.gmail.com> <223f97700706180908l5d3dd248y99390b779d6e063c@mail.gmail.com> <20070619091002.2E827FF17@mx-a.vdnet.lt> <223f97700706190246s55542206h42a8ccb80f3d56a@mail.gmail.com> Message-ID: Glenn Steen wrote: > Well, Jules package will install clamav into > /usr/local/{bin,share,etc,...}, so if it isn't there, the build proces > likely borked out, for some reason. > It should be perfectly harmless to rerun the package (at least the > clam+SA one), so do that again... Unpack a fresh copy, cd into it, run > ./install.sh ... and keep an eye out for problems! > You can start s transcript session (via the script command) or > redirect standard input and standard error to a file... That way you > can at least go back and see what broke:-) Glenn, Downloaded a fresh copy of the Easy installation package for Clamav and SA. Re-ran setup, no errors from the clamav installation. Skipped all perl-modules since they we're installed. Still no clamav-sigs on the system. / Martin From marcel-ml at irc-addicts.de Tue Jun 19 11:47:53 2007 From: marcel-ml at irc-addicts.de (Marcel Blenkers) Date: Tue Jun 19 11:48:18 2007 Subject: Blocking IPs after a while Message-ID: Hi there everyone, currently i am seeing a lot of mails towards a user, who does not exist on the mail-server or the system. There are a lot of different ips, always trying to send to this specific user. So, they are not changing the to-field, they are always trying to send it to this user.. There are about 20 different ips trying to send to this user..some of them belong to some *.jp-domains. Ok, there is no problem with those ips sending to an unknown user, but they are flooding my maillog ;) Is there a chance to block those ips automatically? Like vispan for example. So i could set up a rule like After 10 unknown users block ip for x hours via access-rule.. Any ideas are welcome.. and no, there is no chance to block those ips via firewall, as i do not have the rights to handle the firewall on my own.. and my provider says, some other users behind the firewall would love to have those mails.. *shrug* ok..he could setup an individual rule-set for me..told him that.. answer: "Then i have to setup individual rulesets for everyone".. Thanks in advance.. Marcel From daniel at danielf.ch Tue Jun 19 11:58:37 2007 From: daniel at danielf.ch (Daniel Fuhrer) Date: Tue Jun 19 11:59:04 2007 Subject: AW: MCP Check not working In-Reply-To: <223f97700706190249t726d25c8vc73ad480e27bed36@mail.gmail.com> References: <96EF3FB3C374A64187CCB0D0DA716F2446E3@idefix.danielf.local> <223f97700706190249t726d25c8vc73ad480e27bed36@mail.gmail.com> Message-ID: <96EF3FB3C374A64187CCB0D0DA716F2446E4@idefix.danielf.local> Hi Glenn Thanks for the quick answer. In the maillog I have the following entry: MailScanner[91239]: New Batch: Found 3 messages waiting MailScanner[91239]: New Batch: Scanning 2 messages, 4371 bytes MailScanner[91239]: MCP Checks: Starting MailScanner[91239]: Expired 3 records from the SpamAssassin cache MailScanner[91239]: Message l5IM2IkH094951 from ... is not spam, SpamAssassin (not cached, score=-2.099, required 6, BAYES_00 -2.60, RCVD_IN_WHOIS_INVALID 0.40, RDNS_NONE 0.10) MailScanner[91239]: Spam Checks: Found 1 spam messages MailScanner[91239]: Virus and Content Scanning: Starting MailScanner[91239]: Uninfected: Delivered 1 messages MailScanner[91239]: Logging message l5IM1aFQ094932 to SQL MailScanner[91239]: Logging message l5IM2IkH094951 to SQL MailScanner[91239]: New Batch: Scanning 3 messages, 7151 bytes That's a complete batch scan. In the message log I can't find any entry. Is there an other logfile I should have a look on it? Cheers Daniel -----Urspr?ngliche Nachricht----- Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Im Auftrag von Glenn Steen Gesendet: Dienstag, 19. Juni 2007 11:50 An: Mailscanner Betreff: Re: MCP Check not working On 19/06/07, Daniel Fuhrer wrote: > > > > > Hi all > > The MCP check is not working. Here are my settings. > > > > System: (snip) > Log MCP = yes (snip) Very well, Daniel... What did the log say? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From prandal at herefordshire.gov.uk Tue Jun 19 12:16:49 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jun 19 12:18:12 2007 Subject: New install, where are clamav-sigs located? In-Reply-To: References: <46768D87.3050805@slackadelic.com> <223f97700706180736r57f59963ua83b171b0e4cb0ee@mail.gmail.com> <223f97700706180908l5d3dd248y99390b779d6e063c@mail.gmail.com> <20070619091002.2E827FF17@mx-a.vdnet.lt> <223f97700706190246s55542206h42a8ccb80f3d56a@mail.gmail.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAF792B1@HC-MBX02.herefordshire.gov.uk> update_virus_scanners freshclam -v Cheerrs, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Martin > Sent: 19 June 2007 11:09 > To: mailscanner@lists.mailscanner.info > Subject: Re: New install, where are clamav-sigs located? > > Glenn Steen wrote: > > > Well, Jules package will install clamav into > > /usr/local/{bin,share,etc,...}, so if it isn't there, the > build proces > > likely borked out, for some reason. > > It should be perfectly harmless to rerun the package (at least the > > clam+SA one), so do that again... Unpack a fresh copy, cd > into it, run > > ./install.sh ... and keep an eye out for problems! > > You can start s transcript session (via the script command) or > > redirect standard input and standard error to a file... That way you > > can at least go back and see what broke:-) > > Glenn, > > Downloaded a fresh copy of the Easy installation package for > Clamav and > SA. Re-ran setup, no errors from the clamav installation. Skipped all > perl-modules since they we're installed. > > Still no clamav-sigs on the system. > > / Martin > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From martin.lyberg at gmail.com Tue Jun 19 12:41:04 2007 From: martin.lyberg at gmail.com (Martin) Date: Tue Jun 19 12:58:32 2007 Subject: New install, where are clamav-sigs located? In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBAF792B1@HC-MBX02.herefordshire.gov.uk> References: <46768D87.3050805@slackadelic.com> <223f97700706180736r57f59963ua83b171b0e4cb0ee@mail.gmail.com> <223f97700706180908l5d3dd248y99390b779d6e063c@mail.gmail.com> <20070619091002.2E827FF17@mx-a.vdnet.lt> <223f97700706190246s55542206h42a8ccb80f3d56a@mail.gmail.com> <7EF0EE5CB3B263488C8C18823239BEBAF792B1@HC-MBX02.herefordshire.gov.uk> Message-ID: Randal, Phil wrote: > update_virus_scanners > > freshclam -v this is what i get: update_virus_scanners maillog: Jun 19 13:38:50 antispam2 update.virus.scanners: Found generic installed Jun 19 13:38:50 antispam2 update.virus.scanners: Running autoupdate for generic [root@antispam2 MailScanner]# freshclam -v -bash: freshclam: command not found / Martin From glenn.steen at gmail.com Tue Jun 19 13:01:11 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 19 13:01:13 2007 Subject: MCP Check not working In-Reply-To: <96EF3FB3C374A64187CCB0D0DA716F2446E4@idefix.danielf.local> References: <96EF3FB3C374A64187CCB0D0DA716F2446E3@idefix.danielf.local> <223f97700706190249t726d25c8vc73ad480e27bed36@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E4@idefix.danielf.local> Message-ID: <223f97700706190501u4b16bf00scbddbe1f9a9c61a9@mail.gmail.com> On 19/06/07, Daniel Fuhrer wrote: > Hi Glenn > Thanks for the quick answer. > > In the maillog I have the following entry: > > MailScanner[91239]: New Batch: Found 3 messages waiting > MailScanner[91239]: New Batch: Scanning 2 messages, 4371 bytes > MailScanner[91239]: MCP Checks: Starting > MailScanner[91239]: Expired 3 records from the SpamAssassin cache > MailScanner[91239]: Message l5IM2IkH094951 from ... is not spam, SpamAssassin (not cached, score=-2.099, required 6, BAYES_00 -2.60, RCVD_IN_WHOIS_INVALID 0.40, RDNS_NONE 0.10) > MailScanner[91239]: Spam Checks: Found 1 spam messages > MailScanner[91239]: Virus and Content Scanning: Starting > MailScanner[91239]: Uninfected: Delivered 1 messages > MailScanner[91239]: Logging message l5IM1aFQ094932 to SQL > MailScanner[91239]: Logging message l5IM2IkH094951 to SQL > MailScanner[91239]: New Batch: Scanning 3 messages, 7151 bytes > > That's a complete batch scan. In the message log I can't find any entry. Is there an other logfile I should have a look on it? If you have your maillog split into info/warning/error ... Or you could likely get a good view of things in the syslog file (that usually contain close to all log messages). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rcooper at dwford.com Tue Jun 19 13:04:11 2007 From: rcooper at dwford.com (Rick Cooper) Date: Tue Jun 19 13:04:15 2007 Subject: New install, where are clamav-sigs located? In-Reply-To: References: <46768D87.3050805@slackadelic.com> <223f97700706180736r57f59963ua83b171b0e4cb0ee@mail.gmail.com> <223f97700706180908l5d3dd248y99390b779d6e063c@mail.gmail.com> <20070619091002.2E827FF17@mx-a.vdnet.lt> <223f97700706190246s55542206h42a8ccb80f3d56a@mail.gmail.com> Message-ID: <08e101c7b269$f2c02f60$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Martin > Sent: Tuesday, June 19, 2007 6:09 AM > To: mailscanner@lists.mailscanner.info > Subject: Re: New install, where are clamav-sigs located? > [...] > > Downloaded a fresh copy of the Easy installation package for > Clamav and > SA. Re-ran setup, no errors from the clamav installation. > Skipped all > perl-modules since they we're installed. > > Still no clamav-sigs on the system. > Try locate clamav/main.inc clamav/daily.inc clamav/mirrors.dat Although this would make one thing that freshclam hasn't updated the db if the *.cvd files still exist. I am also assuming you are running locate as root just in case your user doesn't have permissions for the clam files/dirs. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From daniel at danielf.ch Tue Jun 19 13:32:58 2007 From: daniel at danielf.ch (Daniel Fuhrer) Date: Tue Jun 19 13:33:30 2007 Subject: AW: MCP Check not working In-Reply-To: <223f97700706190501u4b16bf00scbddbe1f9a9c61a9@mail.gmail.com> References: <96EF3FB3C374A64187CCB0D0DA716F2446E3@idefix.danielf.local><223f97700706190249t726d25c8vc73ad480e27bed36@mail.gmail.com><96EF3FB3C374A64187CCB0D0DA716F2446E4@idefix.danielf.local> <223f97700706190501u4b16bf00scbddbe1f9a9c61a9@mail.gmail.com> Message-ID: <96EF3FB3C374A64187CCB0D0DA716F2446E5@idefix.danielf.local> Hi Glenn I'm not sure. I have added the following line to syslog.conf: mail.* /var/log/maillog.all But I don't get more information in the maillog.all file. Is that wrong? Cheers Daniel -----Urspr?ngliche Nachricht----- Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Im Auftrag von Glenn Steen Gesendet: Dienstag, 19. Juni 2007 14:01 An: Mailscanner Betreff: Re: MCP Check not working On 19/06/07, Daniel Fuhrer wrote: > Hi Glenn > Thanks for the quick answer. > > In the maillog I have the following entry: > > MailScanner[91239]: New Batch: Found 3 messages waiting > MailScanner[91239]: New Batch: Scanning 2 messages, 4371 bytes > MailScanner[91239]: MCP Checks: Starting > MailScanner[91239]: Expired 3 records from the SpamAssassin cache > MailScanner[91239]: Message l5IM2IkH094951 from ... is not spam, SpamAssassin (not cached, score=-2.099, required 6, BAYES_00 -2.60, RCVD_IN_WHOIS_INVALID 0.40, RDNS_NONE 0.10) > MailScanner[91239]: Spam Checks: Found 1 spam messages > MailScanner[91239]: Virus and Content Scanning: Starting > MailScanner[91239]: Uninfected: Delivered 1 messages > MailScanner[91239]: Logging message l5IM1aFQ094932 to SQL > MailScanner[91239]: Logging message l5IM2IkH094951 to SQL > MailScanner[91239]: New Batch: Scanning 3 messages, 7151 bytes > > That's a complete batch scan. In the message log I can't find any entry. Is there an other logfile I should have a look on it? If you have your maillog split into info/warning/error ... Or you could likely get a good view of things in the syslog file (that usually contain close to all log messages). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From theodrake at comcast.net Tue Jun 19 13:37:05 2007 From: theodrake at comcast.net (Ed Bruce) Date: Tue Jun 19 13:37:10 2007 Subject: Virus not detected In-Reply-To: <10b73091399f6e49adf414b52630bd4c@solidstatelogic.com> References: <10b73091399f6e49adf414b52630bd4c@solidstatelogic.com> Message-ID: <4677CDF1.7030401@comcast.net> Martin.Hepworth wrote: > Ed > > 1) Tell clamav about it > Well I didn't because I had found a discussion where someone claimed to have already done this on the 16th. I will be more proactive in future. > 2) You allow .exes in 'blind' ...... I leave that on, it's save me a few > times. > I really don't know what you mean by "allow .exes in 'blind' ". I deny executables in both the file type and file name checks. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Ed Bruce >> Sent: 18 June 2007 20:19 >> To: MailScanner discussion >> Subject: Re: Virus not detected >> >> Ed Bruce wrote: >> >>> Anybody get the "perfroma_invoice.doc" virus? Or is it? We have >>> > received > >>> this email attachment twice. I've run the original email through >>> > both > >>> clamav and bdc by hand and it comes up clean. I've extracted the >>> attachment and it also comes up clean. >>> >>> Yes I'm seeing alot of chatter on the internet claiming it really is >>> > a > >>> virus and one person claims to have sent in the signature to clamav >>> > so > >>> it's in their database. But it scans clean for me???? >>> >>> >> Well to reply to myself. This is a Word document with a macro inside >> > of > >> it that is an executable called Performa_Invoice.exe. If I save this >> > off > >> to my computer, it is scanned by eTrust antivirus and eliminated from >> > my > >> computer. Would be nice if this could be caught some how by clamscan >> > and > >> MS. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > From glenn.steen at gmail.com Tue Jun 19 14:18:18 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 19 14:18:20 2007 Subject: New install, where are clamav-sigs located? In-Reply-To: References: <223f97700706180908l5d3dd248y99390b779d6e063c@mail.gmail.com> <20070619091002.2E827FF17@mx-a.vdnet.lt> <223f97700706190246s55542206h42a8ccb80f3d56a@mail.gmail.com> <7EF0EE5CB3B263488C8C18823239BEBAF792B1@HC-MBX02.herefordshire.gov.uk> Message-ID: <223f97700706190618s5cd444dfj82837c04a66ef092@mail.gmail.com> On 19/06/07, Martin wrote: > Randal, Phil wrote: > > update_virus_scanners > > > > freshclam -v > > this is what i get: > > update_virus_scanners > > maillog: > > Jun 19 13:38:50 antispam2 update.virus.scanners: Found generic installed > Jun 19 13:38:50 antispam2 update.virus.scanners: Running autoupdate for > generic > > [root@antispam2 MailScanner]# freshclam -v > -bash: freshclam: command not found > Hmmm. Either you are missing where the install fails, or you might have some ... residue... in your bach command hash table ("hash -r" to fix)... or /usr/local/bin isn't in your path... Worst case, paste (somewhere ... like pastebin) the transcript you made of the install.sh run so that we can help you locate this problem. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Jun 19 14:21:25 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 19 14:21:27 2007 Subject: MCP Check not working In-Reply-To: <96EF3FB3C374A64187CCB0D0DA716F2446E5@idefix.danielf.local> References: <96EF3FB3C374A64187CCB0D0DA716F2446E3@idefix.danielf.local> <223f97700706190249t726d25c8vc73ad480e27bed36@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E4@idefix.danielf.local> <223f97700706190501u4b16bf00scbddbe1f9a9c61a9@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E5@idefix.danielf.local> Message-ID: <223f97700706190621p3206d346t9f3eb2c89447e495@mail.gmail.com> On 19/06/07, Daniel Fuhrer wrote: > Hi Glenn > I'm not sure. I have added the following line to syslog.conf: > mail.* /var/log/maillog.all > > But I don't get more information in the maillog.all file. > > Is that wrong? Not wrong, no. If you get the same info in the maillog.info, that means that there were no errors/warnings. If you lint mcp, do you see anything ... erroneous? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Richard.Frovarp at sendit.nodak.edu Tue Jun 19 14:48:20 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Tue Jun 19 14:48:24 2007 Subject: Blocking IPs after a while In-Reply-To: References: Message-ID: <4677DEA4.7010501@sendit.nodak.edu> Marcel Blenkers wrote: > Hi there everyone, > > currently i am seeing a lot of mails towards a user, who does not exist on > the mail-server or the system. > > There are a lot of different ips, always trying to send to this specific > user. So, they are not changing the to-field, they are always trying to > send it to this user.. > > There are about 20 different ips trying to send to this user..some of them > belong to some *.jp-domains. > > Ok, there is no problem with those ips sending to an unknown user, but > they are flooding my maillog ;) > > Is there a chance to block those ips automatically? > > Like vispan for example. > > So i could set up a rule like > > After 10 unknown users block ip for x hours via access-rule.. > > Any ideas are welcome.. > > and no, there is no chance to block those ips via firewall, as i do not > have the rights to handle the firewall on my own.. > and my provider says, some other users behind the firewall would love to > have those mails.. *shrug* > > ok..he could setup an individual rule-set for me..told him that.. > answer: "Then i have to setup individual rulesets for everyone".. > > Thanks in advance.. > > Marcel > > > You should probably be rejecting mail to unkown users. If you don't have the user, what's the point in accepting the mail in the first place? From martin.lyberg at gmail.com Tue Jun 19 13:59:02 2007 From: martin.lyberg at gmail.com (Martin) Date: Tue Jun 19 15:12:30 2007 Subject: New install, where are clamav-sigs located? In-Reply-To: <08e101c7b269$f2c02f60$0301a8c0@SAHOMELT> References: <46768D87.3050805@slackadelic.com> <223f97700706180736r57f59963ua83b171b0e4cb0ee@mail.gmail.com> <223f97700706180908l5d3dd248y99390b779d6e063c@mail.gmail.com> <20070619091002.2E827FF17@mx-a.vdnet.lt> <223f97700706190246s55542206h42a8ccb80f3d56a@mail.gmail.com> <08e101c7b269$f2c02f60$0301a8c0@SAHOMELT> Message-ID: Rick Cooper wrote: > Try locate clamav/main.inc clamav/daily.inc clamav/mirrors.dat Nothing... > > Although this would make one thing that freshclam hasn't updated the db if > the *.cvd files still exist. I am also assuming you are running locate as > root just in case your user doesn't have permissions for the clam > files/dirs. Yes, running as root, did an updatedb before to make sure it was updated. Still no match though. And as mentioned in another post. 'freshclam' doesn't exist. / Martin From martin.lyberg at gmail.com Tue Jun 19 14:29:46 2007 From: martin.lyberg at gmail.com (Martin) Date: Tue Jun 19 15:51:02 2007 Subject: New install, where are clamav-sigs located? In-Reply-To: <223f97700706190618s5cd444dfj82837c04a66ef092@mail.gmail.com> References: <223f97700706180908l5d3dd248y99390b779d6e063c@mail.gmail.com> <20070619091002.2E827FF17@mx-a.vdnet.lt> <223f97700706190246s55542206h42a8ccb80f3d56a@mail.gmail.com> <7EF0EE5CB3B263488C8C18823239BEBAF792B1@HC-MBX02.herefordshire.gov.uk> <223f97700706190618s5cd444dfj82837c04a66ef092@mail.gmail.com> Message-ID: Glenn Steen wrote: > Hmmm. Either you are missing where the install fails, or you might > have some ... residue... in your bach command hash table ("hash -r" to > fix)... or /usr/local/bin isn't in your path... > > Worst case, paste (somewhere ... like pastebin) the transcript you > made of the install.sh run so that we can help you locate this > problem. Gleen, If you tell me the syntax how to output the install-log to a file, i will gladly attach it to the list. Thank you / Martin From martin.lyberg at gmail.com Tue Jun 19 15:20:01 2007 From: martin.lyberg at gmail.com (Martin) Date: Tue Jun 19 16:04:43 2007 Subject: SOLVED! Re: New install, where are clamav-sigs located? In-Reply-To: <223f97700706190618s5cd444dfj82837c04a66ef092@mail.gmail.com> References: <223f97700706180908l5d3dd248y99390b779d6e063c@mail.gmail.com> <20070619091002.2E827FF17@mx-a.vdnet.lt> <223f97700706190246s55542206h42a8ccb80f3d56a@mail.gmail.com> <7EF0EE5CB3B263488C8C18823239BEBAF792B1@HC-MBX02.herefordshire.gov.uk> <223f97700706190618s5cd444dfj82837c04a66ef092@mail.gmail.com> Message-ID: Glenn Steen wrote: > Hmmm. Either you are missing where the install fails, or you might > have some ... residue... in your bach command hash table ("hash -r" to > fix)... or /usr/local/bin isn't in your path... > > Worst case, paste (somewhere ... like pastebin) the transcript you > made of the install.sh run so that we can help you locate this > problem. > > Cheers Well, i did as you said. Wrote the output of the installation to a log, and watched at the screen when it suddenly complained that 'zlib-devel' were missing. I installed it and re-run the setup, and suddenly clamav is working :) Thanks for all your help :) From glenn.steen at gmail.com Tue Jun 19 16:04:48 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 19 16:04:50 2007 Subject: New install, where are clamav-sigs located? In-Reply-To: References: <20070619091002.2E827FF17@mx-a.vdnet.lt> <223f97700706190246s55542206h42a8ccb80f3d56a@mail.gmail.com> <7EF0EE5CB3B263488C8C18823239BEBAF792B1@HC-MBX02.herefordshire.gov.uk> <223f97700706190618s5cd444dfj82837c04a66ef092@mail.gmail.com> Message-ID: <223f97700706190804w20c3a54dsbef882d6878dd2ce@mail.gmail.com> On 19/06/07, Martin wrote: > Glenn Steen wrote: > > > Hmmm. Either you are missing where the install fails, or you might > > have some ... residue... in your bach command hash table ("hash -r" to > > fix)... or /usr/local/bin isn't in your path... > > > > Worst case, paste (somewhere ... like pastebin) the transcript you > > made of the install.sh run so that we can help you locate this > > problem. > > Gleen, "stomping" the wrong char there:-). > > If you tell me the syntax how to output the install-log to a file, i > will gladly attach it to the list. Simplest would be to do # ./install.sh .... all the mumbo jumbo of building/installing clamav, Mail::ClamAV and SA ... # exit Skriptet f?rdigt, filen ?r typescript And then put the file "typescript" somewhere (like http://pastebin.com/, your public website or ... whatever:-), perhaps not in an attachment to the list... it might get big:-) (I'm counting on my memory of you understanding Swedish/being a fellow countryman... to darned lazy to reset the locale:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Jun 19 16:05:52 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 19 16:05:54 2007 Subject: New install, where are clamav-sigs located? In-Reply-To: <223f97700706190804w20c3a54dsbef882d6878dd2ce@mail.gmail.com> References: <20070619091002.2E827FF17@mx-a.vdnet.lt> <223f97700706190246s55542206h42a8ccb80f3d56a@mail.gmail.com> <7EF0EE5CB3B263488C8C18823239BEBAF792B1@HC-MBX02.herefordshire.gov.uk> <223f97700706190618s5cd444dfj82837c04a66ef092@mail.gmail.com> <223f97700706190804w20c3a54dsbef882d6878dd2ce@mail.gmail.com> Message-ID: <223f97700706190805p3ecef518ve6669c969842df77@mail.gmail.com> On 19/06/07, Glenn Steen wrote: > On 19/06/07, Martin wrote: > > Glenn Steen wrote: > > > > > Hmmm. Either you are missing where the install fails, or you might > > > have some ... residue... in your bach command hash table ("hash -r" to > > > fix)... or /usr/local/bin isn't in your path... > > > > > > Worst case, paste (somewhere ... like pastebin) the transcript you > > > made of the install.sh run so that we can help you locate this > > > problem. > > > > Gleen, > "stomping" the wrong char there:-). > > > > > If you tell me the syntax how to output the install-log to a file, i > > will gladly attach it to the list. > > Simplest would be to do Misswed a few lines... all better now:-) # script Skriptet startades, filen ?r typescript # ./install.sh .... all the mumbo jumbo of building/installing clamav, Mail::ClamAV and SA ... # exit Skriptet f?rdigt, filen ?r typescript > > And then put the file "typescript" somewhere (like > http://pastebin.com/, your public website or ... whatever:-), perhaps > not in an attachment to the list... it might get big:-) > > (I'm counting on my memory of you understanding Swedish/being a fellow > countryman... to darned lazy to reset the locale:-). > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Heinz.Knutzen at dataport.de Tue Jun 19 16:25:21 2007 From: Heinz.Knutzen at dataport.de (Heinz.Knutzen@dataport.de) Date: Tue Jun 19 16:25:31 2007 Subject: please fix /etc/init.d/MailScanner reload for SuSE In-Reply-To: <4676BA9F.70505@ecs.soton.ac.uk> Message-ID: <6FC4FABB58655144A7EF4BBB19D90B8D01059005@wscxpr12.fhhnet.stadt.hamburg.de> I have testet this with SLES 9 and SLES 10. Julian Field wrote: > What versions of SuSE have you tested this with? Heinz.Knutzen@dataport.de wrote: > The SuSE version of > /etc/init.d/MailScanner reload > doesn't work: > Reload service MailScanner failed > > This has been verified with current version 4.60.8-1 of MailScanner. > Please apply this patch to correct the problem: > > --- etc/init.d/MailScanner.orig 2007-06-18 18:20:41.478623000 +0200 > +++ etc/init.d/MailScanner 2007-06-18 18:21:59.330058015 +0200 > @@ -183,7 +183,7 @@ > ;; > reload|force-reload) > echo -n "Reload service MailScanner" > - killproc -p $mspid -HUP /usr/sbin/MailScanner > + killproc -p $mspid -HUP MailScanner > rc_status -v > ;; > status) From glenn.steen at gmail.com Tue Jun 19 16:29:08 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 19 16:29:10 2007 Subject: SOLVED! Re: New install, where are clamav-sigs located? In-Reply-To: References: <20070619091002.2E827FF17@mx-a.vdnet.lt> <223f97700706190246s55542206h42a8ccb80f3d56a@mail.gmail.com> <7EF0EE5CB3B263488C8C18823239BEBAF792B1@HC-MBX02.herefordshire.gov.uk> <223f97700706190618s5cd444dfj82837c04a66ef092@mail.gmail.com> Message-ID: <223f97700706190829h58f49319iede50748f0b4b59a@mail.gmail.com> On 19/06/07, Martin wrote: > Glenn Steen wrote: > > > Hmmm. Either you are missing where the install fails, or you might > > have some ... residue... in your bach command hash table ("hash -r" to > > fix)... or /usr/local/bin isn't in your path... > > > > Worst case, paste (somewhere ... like pastebin) the transcript you > > made of the install.sh run so that we can help you locate this > > problem. > > > > Cheers > > Well, i did as you said. Wrote the output of the installation to a log, > and watched at the screen when it suddenly complained that 'zlib-devel' > were missing. > > I installed it and re-run the setup, and suddenly clamav is working :) :-). Thought it'd be something simple like that... > Thanks for all your help :) > You're welcome... Eller v?l bekomme;-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mrm at quantumcc.com Tue Jun 19 18:38:52 2007 From: mrm at quantumcc.com (Mike Masse) Date: Tue Jun 19 18:55:23 2007 Subject: Blocking IPs after a while In-Reply-To: References: Message-ID: Why not just use the following which vispan can do for you: After 10 spams block ip for x hours via access-rule ?? Mike Marcel Blenkers wrote: > > Is there a chance to block those ips automatically? > > Like vispan for example. > > So i could set up a rule like > > After 10 unknown users block ip for x hours via access-rule.. > > Any ideas are welcome.. > From daniel at danielf.ch Tue Jun 19 20:43:33 2007 From: daniel at danielf.ch (Daniel Fuhrer) Date: Tue Jun 19 20:44:20 2007 Subject: AW: MCP Check not working In-Reply-To: <223f97700706190621p3206d346t9f3eb2c89447e495@mail.gmail.com> References: <96EF3FB3C374A64187CCB0D0DA716F2446E3@idefix.danielf.local><223f97700706190249t726d25c8vc73ad480e27bed36@mail.gmail.com><96EF3FB3C374A64187CCB0D0DA716F2446E4@idefix.danielf.local><223f97700706190501u4b16bf00scbddbe1f9a9c61a9@mail.gmail.com><96EF3FB3C374A64187CCB0D0DA716F2446E5@idefix.danielf.local> <223f97700706190621p3206d346t9f3eb2c89447e495@mail.gmail.com> Message-ID: <96EF3FB3C374A64187CCB0D0DA716F2446E7@idefix.danielf.local> Hi Glenn Sorry fort hat late reply. I had to figure out what you mean with lint. I hope I found did it right. I run the command: /usr/local/sbin/MailScanner --lint And the output was: Read 764 hostnames from the phishing whitelist Config: calling custom init function SQLBlacklist Config: calling custom init function MailWatchLogging Config: calling custom init function SQLWhitelist Checking version numbers... Version number in MailScanner.conf (4.60.8) is correct. Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. Using locktype = posix Creating hardcoded struct_flock subroutine for freebsd (BSD-type) MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamav Cheers Daniel -----Urspr?ngliche Nachricht----- Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Im Auftrag von Glenn Steen Gesendet: Dienstag, 19. Juni 2007 15:21 An: Mailscanner Betreff: Re: MCP Check not working On 19/06/07, Daniel Fuhrer wrote: > Hi Glenn > I'm not sure. I have added the following line to syslog.conf: > mail.* /var/log/maillog.all > > But I don't get more information in the maillog.all file. > > Is that wrong? Not wrong, no. If you get the same info in the maillog.info, that means that there were no errors/warnings. If you lint mcp, do you see anything ... erroneous? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Tue Jun 19 22:03:38 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 19 22:03:40 2007 Subject: MCP Check not working In-Reply-To: <96EF3FB3C374A64187CCB0D0DA716F2446E7@idefix.danielf.local> References: <96EF3FB3C374A64187CCB0D0DA716F2446E3@idefix.danielf.local> <223f97700706190249t726d25c8vc73ad480e27bed36@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E4@idefix.danielf.local> <223f97700706190501u4b16bf00scbddbe1f9a9c61a9@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E5@idefix.danielf.local> <223f97700706190621p3206d346t9f3eb2c89447e495@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E7@idefix.danielf.local> Message-ID: <223f97700706191403g4ac4bd17l328277e1c92c3f39@mail.gmail.com> On 19/06/07, Daniel Fuhrer wrote: > Hi Glenn > Sorry fort hat late reply. I had to figure out what you mean with lint. I hope I found did it right. > > I run the command: > /usr/local/sbin/MailScanner --lint > > And the output was: > > Read 764 hostnames from the phishing whitelist > Config: calling custom init function SQLBlacklist > Config: calling custom init function MailWatchLogging > Config: calling custom init function SQLWhitelist > Checking version numbers... > Version number in MailScanner.conf (4.60.8) is correct. > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > Using locktype = posix > Creating hardcoded struct_flock subroutine for freebsd (BSD-type) > MailScanner.conf says "Virus Scanners = clamav" > Found these virus scanners installed: clamav > > > Cheers Daniel Ummmm.... Close:-) I honestly could have been more verbose... I meant:' do a spamassassin lint for the MCP stuff .... This is from memory, so might be wrong, but something like: spamassassin --lint -D -p /etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf (perhaps end that with the usual "2>&1 | less -e" to have a chance to read it all:-). ... I'm sure someone who has access to a MailScanner box ATM will correct that, if it in some way would be wrong;-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From febrianto at sioenasia.com Wed Jun 20 04:49:46 2007 From: febrianto at sioenasia.com (Budi Febrianto) Date: Wed Jun 20 04:44:10 2007 Subject: Blocking IPs after a while In-Reply-To: <4677DEA4.7010501@sendit.nodak.edu> Message-ID: mailscanner-bounces@lists.mailscanner.info wrote on 06-19-2007 08:48:20 PM: > Marcel Blenkers wrote: > > Hi there everyone, > > > > currently i am seeing a lot of mails towards a user, who does not exist on > > the mail-server or the system. > > > > There are a lot of different ips, always trying to send to this specific > > user. So, they are not changing the to-field, they are always trying to > > send it to this user.. > > > > There are about 20 different ips trying to send to this user..some of them > > belong to some *.jp-domains. > > > > Ok, there is no problem with those ips sending to an unknown user, but > > they are flooding my maillog ;) > > > > You should probably be rejecting mail to unkown users. If you don't have > the user, what's the point in accepting the mail in the first place? > -- I think he already rejecting the mails for unknown users, but it still creates entry in maillog and taking up some bandwidth, and that he want to avoid. From r.berber at computer.org Wed Jun 20 05:11:18 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Wed Jun 20 05:11:34 2007 Subject: Blocking IPs after a while In-Reply-To: References: Message-ID: Marcel Blenkers wrote: > currently i am seeing a lot of mails towards a user, who does not exist on > the mail-server or the system. > > There are a lot of different ips, always trying to send to this specific > user. So, they are not changing the to-field, they are always trying to > send it to this user.. > > There are about 20 different ips trying to send to this user..some of them > belong to some *.jp-domains. > > Ok, there is no problem with those ips sending to an unknown user, but > they are flooding my maillog ;) > > Is there a chance to block those ips automatically? Yep, I use milter-error which blacklists them after a given number of errors for a given amount of time. Also sendmail's rate control wich tries to slow them down (and many spammers do try a lot even after receiving the 450 response). That one is the automatic procedure, I also use a semi-auto procedure adding the worst offenders to the tcp-wrappers blacklist (my sendmail is built with tcp-wrapper support). I have not tried firewall blocking, wich would be better since now sendmail accepts the connection and shows them the few operations they can do: none useful to send mail. > Like vispan for example. > > So i could set up a rule like > > After 10 unknown users block ip for x hours via access-rule.. Not all offenders act the same, I have some computer in China trying to relay through our server, once every day, they have been in the hosts.deny list for more than a year... and keep trying. > Any ideas are welcome.. > > and no, there is no chance to block those ips via firewall, as i do not > have the rights to handle the firewall on my own.. > and my provider says, some other users behind the firewall would love to > have those mails.. *shrug* > > ok..he could setup an individual rule-set for me..told him that.. > answer: "Then i have to setup individual rulesets for everyone".. > > Thanks in advance.. The log doesn't get much cleaner, the spammers keep trying, the difference is they don't get the chance to try usernames or anything else, so you see only "reject" messages. -- Ren? Berber From daniel at danielf.ch Wed Jun 20 07:03:53 2007 From: daniel at danielf.ch (Daniel Fuhrer) Date: Wed Jun 20 07:04:36 2007 Subject: AW: MCP Check not working In-Reply-To: <223f97700706191403g4ac4bd17l328277e1c92c3f39@mail.gmail.com> References: <96EF3FB3C374A64187CCB0D0DA716F2446E3@idefix.danielf.local><223f97700706190249t726d25c8vc73ad480e27bed36@mail.gmail.com><96EF3FB3C374A64187CCB0D0DA716F2446E4@idefix.danielf.local><223f97700706190501u4b16bf00scbddbe1f9a9c61a9@mail.gmail.com><96EF3FB3C374A64187CCB0D0DA716F2446E5@idefix.danielf.local><223f97700706190621p3206d346t9f3eb2c89447e495@mail.gmail.com><96EF3FB3C374A64187CCB0D0DA716F2446E7@idefix.danielf.local> <223f97700706191403g4ac4bd17l328277e1c92c3f39@mail.gmail.com> Message-ID: <96EF3FB3C374A64187CCB0D0DA716F2446E8@idefix.danielf.local> Hi Glenn Ok her is he output. [60272] dbg: logger: adding facilities: all [60272] dbg: logger: logging level is DBG [60272] dbg: generic: SpamAssassin version 3.2.0 [60272] dbg: config: score set 0 chosen. [60272] dbg: util: running in taint mode? yes [60272] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [60272] dbg: util: PATH included '/sbin', keeping [60272] dbg: util: PATH included '/bin', keeping [60272] dbg: util: PATH included '/usr/sbin', keeping [60272] dbg: util: PATH included '/usr/bin', keeping [60272] dbg: util: PATH included '/usr/games', keeping [60272] dbg: util: PATH included '/usr/local/sbin', keeping [60272] dbg: util: PATH included '/usr/local/bin', keeping [60272] dbg: util: PATH included '/usr/X11R6/bin', keeping [60272] dbg: util: PATH included '/root/bin', which doesn't exist, dropping [60272] dbg: util: final PATH set to: /sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin [60272] dbg: dns: is Net::DNS::Resolver available? yes [60272] dbg: dns: Net::DNS version: 0.59 [60272] dbg: diag: perl platform: 5.008008 freebsd [60272] dbg: diag: module installed: Digest::SHA1, version 2.11 [60272] dbg: diag: module installed: HTML::Parser, version 3.56 [60272] dbg: diag: module installed: Net::DNS, version 0.59 [60272] dbg: diag: module installed: MIME::Base64, version 3.07 [60272] dbg: diag: module installed: DB_File, version 1.814 [60272] dbg: diag: module installed: Net::SMTP, version 2.30 [60272] dbg: diag: module not installed: Mail::SPF ('require' failed) [60272] dbg: diag: module installed: Mail::SPF::Query, version 1.999001 [60272] dbg: diag: module not installed: IP::Country::Fast ('require' failed) [60272] dbg: diag: module installed: Razor2::Client::Agent, version 2.82 [60272] dbg: diag: module installed: Net::Ident, version 1.20 [60272] dbg: diag: module installed: IO::Socket::INET6, version 2.51 [60272] dbg: diag: module installed: IO::Socket::SSL, version 1.06 [60272] dbg: diag: module installed: Compress::Zlib, version 2.004 [60272] dbg: diag: module installed: Time::HiRes, version 1.9707 [60272] dbg: diag: module not installed: Mail::DomainKeys ('require' failed) [60272] dbg: diag: module not installed: Mail::DKIM ('require' failed) [60272] dbg: diag: module installed: DBI, version 1.56 [60272] dbg: diag: module installed: Getopt::Long, version 2.36 [60272] dbg: diag: module installed: LWP::UserAgent, version 2.033 [60272] dbg: diag: module installed: HTTP::Date, version 1.47 [60272] dbg: diag: module installed: Archive::Tar, version 1.32 [60272] dbg: diag: module installed: IO::Zlib, version 1.05 [60272] dbg: diag: module installed: Encode::Detect, version 1.00 [60272] dbg: ignore: using a test message to lint rules [60272] dbg: config: using "/usr/local/etc/mail/spamassassin" for site rules pre files [60272] dbg: config: read file /usr/local/etc/mail/spamassassin/init.pre [60272] dbg: config: read file /usr/local/etc/mail/spamassassin/v310.pre [60272] dbg: config: read file /usr/local/etc/mail/spamassassin/v312.pre [60272] dbg: config: read file /usr/local/etc/mail/spamassassin/v320.pre [60272] dbg: config: using "/usr/local/share/spamassassin" for sys rules pre files [60272] dbg: config: using "/usr/local/share/spamassassin" for default rules dir [60272] dbg: config: read file /usr/local/share/spamassassin/10_default_prefs.cf [60272] dbg: config: read file /usr/local/share/spamassassin/20_advance_fee.cf [60272] dbg: config: read file /usr/local/share/spamassassin/20_body_tests.cf [60272] dbg: config: read file /usr/local/share/spamassassin/20_compensate.cf [60272] dbg: config: read file /usr/local/share/spamassassin/20_dnsbl_tests.cf [60272] dbg: config: read file /usr/local/share/spamassassin/20_drugs.cf [60272] dbg: config: read file /usr/local/share/spamassassin/20_dynrdns.cf [60272] dbg: config: read file /usr/local/share/spamassassin/20_fake_helo_tests.cf [60272] dbg: config: read file /usr/local/share/spamassassin/20_head_tests.cf [60272] dbg: config: read file /usr/local/share/spamassassin/20_html_tests.cf [60272] dbg: config: read file /usr/local/share/spamassassin/20_imageinfo.cf [60272] dbg: config: read file /usr/local/share/spamassassin/20_meta_tests.cf [60272] dbg: config: read file /usr/local/share/spamassassin/20_net_tests.cf [60272] dbg: config: read file /usr/local/share/spamassassin/20_phrases.cf [60272] dbg: config: read file /usr/local/share/spamassassin/20_porn.cf [60272] dbg: config: read file /usr/local/share/spamassassin/20_ratware.cf [60272] dbg: config: read file /usr/local/share/spamassassin/20_uri_tests.cf [60272] dbg: config: read file /usr/local/share/spamassassin/20_vbounce.cf [60272] dbg: config: read file /usr/local/share/spamassassin/23_bayes.cf [60272] dbg: config: read file /usr/local/share/spamassassin/25_accessdb.cf [60272] dbg: config: read file /usr/local/share/spamassassin/25_antivirus.cf [60272] dbg: config: read file /usr/local/share/spamassassin/25_asn.cf [60272] dbg: config: read file /usr/local/share/spamassassin/25_dcc.cf [60272] dbg: config: read file /usr/local/share/spamassassin/25_dkim.cf [60272] dbg: config: read file /usr/local/share/spamassassin/25_domainkeys.cf [60272] dbg: config: read file /usr/local/share/spamassassin/25_hashcash.cf [60272] dbg: config: read file /usr/local/share/spamassassin/25_pyzor.cf [60272] dbg: config: read file /usr/local/share/spamassassin/25_razor2.cf [60272] dbg: config: read file /usr/local/share/spamassassin/25_replace.cf [60272] dbg: config: read file /usr/local/share/spamassassin/25_spf.cf [60272] dbg: config: read file /usr/local/share/spamassassin/25_textcat.cf [60272] dbg: config: read file /usr/local/share/spamassassin/25_uribl.cf [60272] dbg: config: read file /usr/local/share/spamassassin/30_text_de.cf [60272] dbg: config: read file /usr/local/share/spamassassin/30_text_fr.cf [60272] dbg: config: read file /usr/local/share/spamassassin/30_text_it.cf [60272] dbg: config: read file /usr/local/share/spamassassin/30_text_nl.cf [60272] dbg: config: read file /usr/local/share/spamassassin/30_text_pl.cf [60272] dbg: config: read file /usr/local/share/spamassassin/30_text_pt_br.cf [60272] dbg: config: read file /usr/local/share/spamassassin/50_scores.cf [60272] dbg: config: read file /usr/local/share/spamassassin/60_awl.cf [60272] dbg: config: read file /usr/local/share/spamassassin/60_shortcircuit.cf [60272] dbg: config: read file /usr/local/share/spamassassin/60_whitelist.cf [60272] dbg: config: read file /usr/local/share/spamassassin/60_whitelist_dk.cf [60272] dbg: config: read file /usr/local/share/spamassassin/60_whitelist_dkim.cf [60272] dbg: config: read file /usr/local/share/spamassassin/60_whitelist_spf.cf [60272] dbg: config: read file /usr/local/share/spamassassin/60_whitelist_subject.cf [60272] dbg: config: read file /usr/local/share/spamassassin/72_active.cf [60272] dbg: config: using "/usr/local/etc/mail/spamassassin" for site rules dir [60272] dbg: config: read file /usr/local/etc/mail/spamassassin/mailscanner.cf [60272] dbg: config: using "/usr/local/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf" for user prefs file [60272] dbg: config: read file /usr/local/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf [60272] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [60272] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC [60272] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [60272] dbg: pyzor: local tests only, disabling Pyzor [60272] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [60272] dbg: razor2: local tests only, skipping Razor [60272] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [60272] dbg: reporter: local tests only, disabling SpamCop [60272] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [60272] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [60272] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [60272] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [60272] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [60272] dbg: plugin: loading Mail::SpamAssassin::Plugin::Check from @INC [60272] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC [60272] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDetail from @INC [60272] dbg: plugin: loading Mail::SpamAssassin::Plugin::Bayes from @INC [60272] dbg: plugin: loading Mail::SpamAssassin::Plugin::BodyEval from @INC [60272] dbg: plugin: loading Mail::SpamAssassin::Plugin::DNSEval from @INC [60272] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval from @INC [60272] dbg: plugin: loading Mail::SpamAssassin::Plugin::HeaderEval from @INC [60272] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEEval from @INC [60272] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayEval from @INC [60272] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIEval from @INC [60272] dbg: plugin: loading Mail::SpamAssassin::Plugin::WLBLEval from @INC [60272] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from @INC [60272] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from @INC [60272] warn: config: failed to parse line, skipping, in "/usr/local/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf": use_dcc 0 [60272] warn: config: failed to parse line, skipping, in "/usr/local/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf": use_razor1 0 [60272] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA [60272] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E [60272] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E __MO_OL_F3B05 [60272] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF __XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01 [60272] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA [60272] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: HS_SUBJ_NEW_SOFTWARE [60272] dbg: rules: __FH_HAS_XMSMAIL merged duplicates: __HAS_MSMAIL_PRI [60272] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A [60272] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 __MO_OL_CF0C0 [60272] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1 __XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8 [60272] dbg: rules: __XM_OL_5E7ED merged duplicates: __XM_OL_D03AB [60272] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 __MO_OL_ADFF7 [60272] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6 [60272] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB __MO_OL_7533E [60272] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40 [60272] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: __HAS_ANY_URI [60272] dbg: rules: __XM_OL_C7C33 merged duplicates: __XM_OL_C9068 __XM_OL_EF20B [60272] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E [60272] dbg: rules: __MO_OL_5E7ED merged duplicates: __MO_OL_C7C33 [60272] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8 [60272] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01 [60272] dbg: conf: finish parsing [60272] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x943b0e8) implements 'finish_parsing_end', priority 0 [60272] dbg: replacetags: replacing tags [60272] dbg: replacetags: done replacing tags [60272] dbg: config: score set 0 chosen. [60272] dbg: message: main message type: text/plain [60272] dbg: message: ---- MIME PARSER START ---- [60272] dbg: message: parsing normal part [60272] dbg: message: ---- MIME PARSER END ---- [60272] dbg: plugin: Mail::SpamAssassin::Plugin::DNSEval=HASH(0x92fbf0c) implements 'check_start', priority 0 [60272] dbg: plugin: Mail::SpamAssassin::Plugin::Check=HASH(0x946d43c) implements 'check_main', priority 0 [60272] dbg: conf: trusted_networks are not configured; it is recommended that you configure trusted_networks manually [60272] dbg: metadata: X-Spam-Relays-Trusted: [60272] dbg: metadata: X-Spam-Relays-Untrusted: [60272] dbg: metadata: X-Spam-Relays-Internal: [60272] dbg: metadata: X-Spam-Relays-External: [60272] dbg: message: no encoding detected [60272] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x91cc574) implements 'parsed_metadata', priority 0 [60272] dbg: dns: is DNS available? 0 [60272] dbg: rules: local tests only, ignoring RBL eval [60272] dbg: check: running tests for priority: -1000 [60272] dbg: rules: running head tests; score so far=0 [60272] dbg: rules: compiled head tests [60272] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org [60272] dbg: eval: all '*To' addrs: [60272] dbg: rules: running body tests; score so far=0 [60272] dbg: rules: compiled body tests [60272] dbg: rules: running uri tests; score so far=0 [60272] dbg: rules: compiled uri tests [60272] dbg: rules: running rawbody tests; score so far=0 [60272] dbg: rules: compiled rawbody tests [60272] dbg: rules: running full tests; score so far=0 [60272] dbg: rules: compiled full tests [60272] dbg: rules: running meta tests; score so far=0 [60272] dbg: rules: compiled meta tests [60272] dbg: check: running tests for priority: -950 [60272] dbg: rules: running head tests; score so far=0 [60272] dbg: rules: compiled head tests [60272] dbg: rules: running body tests; score so far=0 [60272] dbg: rules: compiled body tests [60272] dbg: rules: running uri tests; score so far=0 [60272] dbg: rules: compiled uri tests [60272] dbg: rules: running rawbody tests; score so far=0 [60272] dbg: rules: compiled rawbody tests [60272] dbg: rules: running full tests; score so far=0 [60272] dbg: rules: compiled full tests [60272] dbg: rules: running meta tests; score so far=0 [60272] dbg: rules: compiled meta tests [60272] dbg: check: running tests for priority: -900 [60272] dbg: rules: running head tests; score so far=0 [60272] dbg: rules: compiled head tests [60272] dbg: rules: running body tests; score so far=0 [60272] dbg: rules: compiled body tests [60272] dbg: rules: running uri tests; score so far=0 [60272] dbg: rules: compiled uri tests [60272] dbg: rules: running rawbody tests; score so far=0 [60272] dbg: rules: compiled rawbody tests [60272] dbg: rules: running full tests; score so far=0 [60272] dbg: rules: compiled full tests [60272] dbg: rules: running meta tests; score so far=0 [60272] dbg: rules: compiled meta tests [60272] dbg: check: running tests for priority: -400 [60272] dbg: rules: running head tests; score so far=0 [60272] dbg: rules: compiled head tests [60272] dbg: rules: running body tests; score so far=0 [60272] dbg: rules: compiled body tests [60272] dbg: rules: running uri tests; score so far=0 [60272] dbg: rules: compiled uri tests [60272] dbg: rules: running rawbody tests; score so far=0 [60272] dbg: rules: compiled rawbody tests [60272] dbg: rules: running full tests; score so far=0 [60272] dbg: rules: compiled full tests [60272] dbg: rules: running meta tests; score so far=0 [60272] dbg: rules: compiled meta tests [60272] dbg: check: running tests for priority: 0 [60272] dbg: rules: running head tests; score so far=0 [60272] dbg: rules: compiled head tests [60272] dbg: rules: ran header rule __MISSING_REF ======> got hit: "UNSET" [60272] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@lint_rules>" [60272] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1182318781" [60272] dbg: rules: ran header rule __MSOE_MID_WRONG_CASE ======> got hit: " [60272] dbg: rules: Message-Id: " [60272] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [60272] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1182318781@lint_rules> [60272] dbg: rules: " [60272] dbg: rules: ran header rule MISSING_DATE ======> got hit: "UNSET" [60272] dbg: rules: ran eval rule NO_RELAYS ======> got hit (1) [60272] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit (1) [60272] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit (1) [60272] dbg: rules: running body tests; score so far=1.899 [60272] dbg: rules: compiled body tests [60272] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" [60272] dbg: rules: running uri tests; score so far=1.899 [60272] dbg: rules: compiled uri tests [60272] dbg: https_http_mismatch: anchors 0 [60272] dbg: eval: stock info total: 0 [60272] dbg: rules: running rawbody tests; score so far=1.899 [60272] dbg: rules: compiled rawbody tests [60272] dbg: rules: running full tests; score so far=1.899 [60272] dbg: rules: compiled full tests [60272] dbg: rules: running meta tests; score so far=1.899 [60272] dbg: rules: compiled meta tests [60272] dbg: check: running tests for priority: 500 [60272] dbg: rules: running head tests; score so far=1.899 [60272] dbg: rules: compiled head tests [60272] dbg: rules: running body tests; score so far=1.899 [60272] dbg: rules: compiled body tests [60272] dbg: rules: running uri tests; score so far=1.899 [60272] dbg: rules: compiled uri tests [60272] dbg: rules: running rawbody tests; score so far=1.899 [60272] dbg: rules: compiled rawbody tests [60272] dbg: rules: running full tests; score so far=1.899 [60272] dbg: rules: compiled full tests [60272] dbg: rules: running meta tests; score so far=1.899 [60272] dbg: rules: meta test DIGEST_MULTIPLE has undefined dependency 'DCC_CHECK' [60272] info: rules: meta test HS_PHARMA_1 has dependency 'HS_SUBJ_ONLINE_PHARMACEUTICAL' with a zero score [60272] dbg: rules: compiled meta tests [60272] dbg: check: running tests for priority: 1000 [60478] dbg: rules: running head tests; score so far=4.205 [60478] dbg: rules: compiled head tests [60478] dbg: rules: running body tests; score so far=4.205 [60478] dbg: rules: compiled body tests [60478] dbg: rules: running uri tests; score so far=4.205 [60478] dbg: rules: compiled uri tests [60478] dbg: rules: running rawbody tests; score so far=4.205 [60478] dbg: rules: compiled rawbody tests [60478] dbg: rules: running full tests; score so far=4.205 [60478] dbg: rules: compiled full tests [60478] dbg: rules: running meta tests; score so far=4.205 [60478] dbg: rules: compiled meta tests [60478] dbg: check: is spam? score=4.205 required=5 [60478] dbg: check: tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS [60478] dbg: check: subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID [60478] warn: lint: 2 issues detected, please rerun with debug enabled for more information Does that help? Cheers Daniel -----Urspr?ngliche Nachricht----- Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Im Auftrag von Glenn Steen Gesendet: Dienstag, 19. Juni 2007 23:04 An: Mailscanner Betreff: Re: MCP Check not working On 19/06/07, Daniel Fuhrer wrote: > Hi Glenn > Sorry fort hat late reply. I had to figure out what you mean with lint. I hope I found did it right. > > I run the command: > /usr/local/sbin/MailScanner --lint > > And the output was: > > Read 764 hostnames from the phishing whitelist > Config: calling custom init function SQLBlacklist > Config: calling custom init function MailWatchLogging > Config: calling custom init function SQLWhitelist > Checking version numbers... > Version number in MailScanner.conf (4.60.8) is correct. > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > Using locktype = posix > Creating hardcoded struct_flock subroutine for freebsd (BSD-type) > MailScanner.conf says "Virus Scanners = clamav" > Found these virus scanners installed: clamav > > > Cheers Daniel Ummmm.... Close:-) I honestly could have been more verbose... I meant:' do a spamassassin lint for the MCP stuff .... This is from memory, so might be wrong, but something like: spamassassin --lint -D -p /etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf (perhaps end that with the usual "2>&1 | less -e" to have a chance to read it all:-). ... I'm sure someone who has access to a MailScanner box ATM will correct that, if it in some way would be wrong;-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Wed Jun 20 11:43:48 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Jun 20 11:43:50 2007 Subject: MCP Check not working In-Reply-To: <96EF3FB3C374A64187CCB0D0DA716F2446E8@idefix.danielf.local> References: <96EF3FB3C374A64187CCB0D0DA716F2446E3@idefix.danielf.local> <223f97700706190249t726d25c8vc73ad480e27bed36@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E4@idefix.danielf.local> <223f97700706190501u4b16bf00scbddbe1f9a9c61a9@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E5@idefix.danielf.local> <223f97700706190621p3206d346t9f3eb2c89447e495@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E7@idefix.danielf.local> <223f97700706191403g4ac4bd17l328277e1c92c3f39@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E8@idefix.danielf.local> Message-ID: <223f97700706200343o2b9a4a8em879b3431492e45bf@mail.gmail.com> On 20/06/07, Daniel Fuhrer wrote: > Hi Glenn > Ok her is he output. > (snip) > > Does that help? > Nope, sorry... I forgot to set the relevant siteconfigdir etc ... Try do this instead: 1) Create a very basic "testmessage" like this: echo "Subject: this subject is banned\ this text is banned" > testmcp.txt 2) Run it through like this: spamassassin -D -t -C /etc/MailScanner/mcp/ --siteconfigpath=/etc/MailScanner/mcp/ -p /etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf < testmcp.txt 2>&1 | less -e (that is all on one line...) If everything is correct, you should get a score of 7 on that... Else you should eb seeing some error messages (the ones about missing directives like use_dcc (etc) shouldn't matter one whit... But you might see whatever is preventing things from working;). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From stef at aoc-uk.com Wed Jun 20 11:51:27 2007 From: stef at aoc-uk.com (Stef Morrell) Date: Wed Jun 20 11:52:16 2007 Subject: OT: rules du jour Message-ID: <2861F1B24EB21D4EBD8A2A72DD821905189AB4@flatulous.aoc-uk.com> Hi guys, Someone here will know the answer to this I'm sure. I currently can't update my rulesets, I'm getting the error AUTOBAN: Over 500 *.cf requests in 48 hours period - Check your CRON CONTACT: webmaster@uribl.com I turned the cron jobs off shortly after the DDOS started. I've also tried emailing the webmaster as suggested, but no reply. Is anyone else getting this, or is it working for you guys? I'm moderately convinced my email gateways aren't hammering away with RDJ, but I suppose it could have come from my network - in which case, how do I find out which of my evil clientbase need the LART? Any advice welcomed! Stef Stefan Morrell | Operations Director Tel: 0845 3452820 | Alpha Omega Computers Ltd Fax: 0845 3452830 | Incorporating Level 5 Internet stef@aoc-uk.com | stef@l5net.net Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER. Registered in England No. 3867142. VAT No. UK734421454 From res at ausics.net Wed Jun 20 12:49:00 2007 From: res at ausics.net (Res) Date: Wed Jun 20 12:49:13 2007 Subject: OT: rules du jour In-Reply-To: <2861F1B24EB21D4EBD8A2A72DD821905189AB4@flatulous.aoc-uk.com> References: <2861F1B24EB21D4EBD8A2A72DD821905189AB4@flatulous.aoc-uk.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NotDashEscaped: You need GnuPG to verify this message On Wed, 20 Jun 2007, Stef Morrell wrote: > I currently can't update my rulesets, I'm getting the error > > AUTOBAN: Over 500 *.cf requests in 48 hours period - Check your CRON > CONTACT: webmaster@uribl.com > > I turned the cron jobs off shortly after the DDOS started. I've also > tried emailing the webmaster as suggested, but no reply. > > Is anyone else getting this, or is it working for you guys? works fine here. -- Cheers Res -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGeRQtsWhAmSIQh7MRAmjlAJ4lK8CnHIlNBAol3nKJBc7yM4RqRACePFsS +dk4+hraGNKUlDF9qrYZs0I= =gKNM -----END PGP SIGNATURE----- From Q.G.Campbell at newcastle.ac.uk Wed Jun 20 13:01:58 2007 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Wed Jun 20 13:04:17 2007 Subject: SA 3.2.1 problem Message-ID: <4165CF7A7F12DE4B96622CCBB90586470AA7E9BB@largo.campus.ncl.ac.uk> Have installed SA 3.2.1 with MS 4.63.3-1. A 'spamassassin --lint' throws up a number of warnings for some of the SAR rules. EG: [12334] warn: rules: failed to run __SARE_HTML_HAS_DIV test, skipping: [12334] warn: (Can't locate object method "html_tag_exists" via package "Mail::SpamAssassin::PerMsgStatus" at (eval 1299) line 153. The '__SARE_HTML_HAS_DIV' test in 70_sare_html.cf does an 'eval:html_tag_exists('div')'. However the 'html_tag_exits' function is no longer present in SA 3.2.1 (it was in ~spamassassin/EvalTests.pm which is no longer present in SA 3.2.1). The Rules Emporium web site casts no light on this. Any comments welcome. Quentin From smlists at shaw.ca Wed Jun 20 13:54:43 2007 From: smlists at shaw.ca (Steve Mason) Date: Wed Jun 20 13:54:52 2007 Subject: rules du jour In-Reply-To: <2861F1B24EB21D4EBD8A2A72DD821905189AB4@flatulous.aoc-uk.com> References: <2861F1B24EB21D4EBD8A2A72DD821905189AB4@flatulous.aoc-uk.com> Message-ID: <000901c7b33a$2c639fb0$fa24010a@mcscore> There were some problems with the rules earlier. If you delete all of the .cf files from /etc/mail/spamassassin/RulesDuJour Then re-run it, it should be fine. Steve -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Stef Morrell Sent: June 20, 2007 4:51 AM To: mailscanner@lists.mailscanner.info Subject: OT: rules du jour Hi guys, Someone here will know the answer to this I'm sure. I currently can't update my rulesets, I'm getting the error AUTOBAN: Over 500 *.cf requests in 48 hours period - Check your CRON CONTACT: webmaster@uribl.com I turned the cron jobs off shortly after the DDOS started. I've also tried emailing the webmaster as suggested, but no reply. Is anyone else getting this, or is it working for you guys? I'm moderately convinced my email gateways aren't hammering away with RDJ, but I suppose it could have come from my network - in which case, how do I find out which of my evil clientbase need the LART? Any advice welcomed! Stef Stefan Morrell | Operations Director Tel: 0845 3452820 | Alpha Omega Computers Ltd Fax: 0845 3452830 | Incorporating Level 5 Internet stef@aoc-uk.com | stef@l5net.net Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER. Registered in England No. 3867142. VAT No. UK734421454 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mailscanner at slackadelic.com Wed Jun 20 13:58:22 2007 From: mailscanner at slackadelic.com (Matt Hayes) Date: Wed Jun 20 13:58:28 2007 Subject: rules du jour In-Reply-To: <000901c7b33a$2c639fb0$fa24010a@mcscore> References: <2861F1B24EB21D4EBD8A2A72DD821905189AB4@flatulous.aoc-uk.com> <000901c7b33a$2c639fb0$fa24010a@mcscore> Message-ID: <4679246E.8030401@slackadelic.com> Speaking of that.. I've found that I keep having rules saying they are being "rolled back." I've removed all the rules and resynced.. then a day later.. does it again.. Quite annoying. -Matt Steve Mason wrote: > There were some problems with the rules earlier. > If you delete all of the .cf files from /etc/mail/spamassassin/RulesDuJour > Then re-run it, it should be fine. > > > Steve > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Stef > Morrell > Sent: June 20, 2007 4:51 AM > To: mailscanner@lists.mailscanner.info > Subject: OT: rules du jour > > Hi guys, > > Someone here will know the answer to this I'm sure. > > I currently can't update my rulesets, I'm getting the error > > AUTOBAN: Over 500 *.cf requests in 48 hours period - Check your CRON > CONTACT: webmaster@uribl.com > > I turned the cron jobs off shortly after the DDOS started. I've also tried > emailing the webmaster as suggested, but no reply. > > Is anyone else getting this, or is it working for you guys? > > I'm moderately convinced my email gateways aren't hammering away with RDJ, > but I suppose it could have come from my network - in which case, how do I > find out which of my evil clientbase need the LART? > > Any advice welcomed! > > Stef > Stefan Morrell | Operations Director > Tel: 0845 3452820 | Alpha Omega Computers Ltd > Fax: 0845 3452830 | Incorporating Level 5 Internet > stef@aoc-uk.com | stef@l5net.net > > Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER. > Registered in England No. 3867142. VAT No. UK734421454 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From j.ede at birchenallhowden.co.uk Wed Jun 20 14:04:33 2007 From: j.ede at birchenallhowden.co.uk (Jason Ede) Date: Wed Jun 20 14:05:37 2007 Subject: rules du jour In-Reply-To: <4679246E.8030401@slackadelic.com> References: <2861F1B24EB21D4EBD8A2A72DD821905189AB4@flatulous.aoc-uk.com> <000901c7b33a$2c639fb0$fa24010a@mcscore>, <4679246E.8030401@slackadelic.com> Message-ID: I also needed to delete the rules from /etc/mail/spamassassin and then re-run rules_du_jour for it to properly sort itself out. Jason ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Hayes [mailscanner@slackadelic.com] Sent: 20 June 2007 13:58 To: MailScanner discussion Subject: Re: rules du jour Speaking of that.. I've found that I keep having rules saying they are being "rolled back." I've removed all the rules and resynced.. then a day later.. does it again.. Quite annoying. -Matt Steve Mason wrote: > There were some problems with the rules earlier. > If you delete all of the .cf files from /etc/mail/spamassassin/RulesDuJour > Then re-run it, it should be fine. > > > Steve > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Stef > Morrell > Sent: June 20, 2007 4:51 AM > To: mailscanner@lists.mailscanner.info > Subject: OT: rules du jour > > Hi guys, > > Someone here will know the answer to this I'm sure. > > I currently can't update my rulesets, I'm getting the error > > AUTOBAN: Over 500 *.cf requests in 48 hours period - Check your CRON > CONTACT: webmaster@uribl.com > > I turned the cron jobs off shortly after the DDOS started. I've also tried > emailing the webmaster as suggested, but no reply. > > Is anyone else getting this, or is it working for you guys? > > I'm moderately convinced my email gateways aren't hammering away with RDJ, > but I suppose it could have come from my network - in which case, how do I > find out which of my evil clientbase need the LART? > > Any advice welcomed! > > Stef > Stefan Morrell | Operations Director > Tel: 0845 3452820 | Alpha Omega Computers Ltd > Fax: 0845 3452830 | Incorporating Level 5 Internet > stef@aoc-uk.com | stef@l5net.net > > Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER. > Registered in England No. 3867142. VAT No. UK734421454 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From stef at aoc-uk.com Wed Jun 20 14:07:19 2007 From: stef at aoc-uk.com (Stef Morrell) Date: Wed Jun 20 14:07:19 2007 Subject: rules du jour *FIXED* References: <2861F1B24EB21D4EBD8A2A72DD821905189AB4@flatulous.aoc-uk.com> Message-ID: <2861F1B24EB21D4EBD8A2A72DD821905189AB7@flatulous.aoc-uk.com> Steve Mason wrote: > There were some problems with the rules earlier. > If you delete all of the .cf files from > /etc/mail/spamassassin/RulesDuJour > Then re-run it, it should be fine. That does seem to have resolved the problem. Many thanks! Stef Stefan Morrell | Operations Director Tel: 0845 3452820 | Alpha Omega Computers Ltd Fax: 0845 3452830 | Incorporating Level 5 Internet stef@aoc-uk.com | stef@l5net.net Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER. Registered in England No. 3867142. VAT No. UK734421454 From daniel at danielf.ch Wed Jun 20 14:30:05 2007 From: daniel at danielf.ch (Daniel Fuhrer) Date: Wed Jun 20 14:30:54 2007 Subject: AW: MCP Check not working In-Reply-To: <223f97700706200343o2b9a4a8em879b3431492e45bf@mail.gmail.com> References: <96EF3FB3C374A64187CCB0D0DA716F2446E3@idefix.danielf.local><223f97700706190249t726d25c8vc73ad480e27bed36@mail.gmail.com><96EF3FB3C374A64187CCB0D0DA716F2446E4@idefix.danielf.local><223f97700706190501u4b16bf00scbddbe1f9a9c61a9@mail.gmail.com><96EF3FB3C374A64187CCB0D0DA716F2446E5@idefix.danielf.local><223f97700706190621p3206d346t9f3eb2c89447e495@mail.gmail.com><96EF3FB3C374A64187CCB0D0DA716F2446E7@idefix.danielf.local><223f97700706191403g4ac4bd17l328277e1c92c3f39@mail.gmail.com><96EF3FB3C374A64187CCB0D0DA716F2446E8@idefix.danielf.local> <223f97700706200343o2b9a4a8em879b3431492e45bf@mail.gmail.com> Message-ID: <96EF3FB3C374A64187CCB0D0DA716F2446E9@idefix.danielf.local> Hi Glenn Here is the output: [77171] dbg: logger: adding facilities: all [77171] dbg: logger: logging level is DBG [77171] dbg: generic: SpamAssassin version 3.2.0 [77171] dbg: config: score set 0 chosen. [77171] dbg: util: running in taint mode? yes [77171] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [77171] dbg: util: PATH included '/sbin', keeping [77171] dbg: util: PATH included '/bin', keeping [77171] dbg: util: PATH included '/usr/sbin', keeping [77171] dbg: util: PATH included '/usr/bin', keeping [77171] dbg: util: PATH included '/usr/games', keeping [77171] dbg: util: PATH included '/usr/local/sbin', keeping [77171] dbg: util: PATH included '/usr/local/bin', keeping [77171] dbg: util: PATH included '/usr/X11R6/bin', keeping [77171] dbg: util: PATH included '/root/bin', which doesn't exist, dropping [77171] dbg: util: final PATH set to: /sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin [77171] dbg: dns: is Net::DNS::Resolver available? yes [77171] dbg: dns: Net::DNS version: 0.59 [77171] dbg: config: using "/usr/local/etc/MailScanner/mcp/" for site rules pre files [77171] dbg: config: using "/usr/local/etc/MailScanner/mcp/" for sys rules pre files [77171] dbg: config: using "/usr/local/etc/MailScanner/mcp/" for default rules dir [77171] dbg: config: read file /usr/local/etc/MailScanner/mcp//10_example.cf [77171] dbg: config: read file /usr/local/etc/MailScanner/mcp//mail.delivery.failed.cf [77171] dbg: config: read file /usr/local/etc/MailScanner/mcp//mail.reply.spam.cf [77171] dbg: config: using "/usr/local/etc/MailScanner/mcp/" for site rules dir [77171] dbg: config: read file /usr/local/etc/MailScanner/mcp//10_example.cf [77171] dbg: config: read file /usr/local/etc/MailScanner/mcp//mail.delivery.failed.cf [77171] dbg: config: read file /usr/local/etc/MailScanner/mcp//mail.reply.spam.cf [77171] dbg: config: using "/root/.spamassassin" for user state dir [77171] dbg: config: using "/usr/local/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf" for user prefs file [77171] dbg: config: read file /usr/local/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf [77171] info: config: failed to parse line, skipping, in "/usr/local/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf": use_dcc 0 [77171] info: config: failed to parse line, skipping, in "/usr/local/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf": use_pyzor 0 [77171] info: config: failed to parse line, skipping, in "/usr/local/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf": use_razor1 0 [77171] info: config: failed to parse line, skipping, in "/usr/local/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf": use_razor2 0 [77171] dbg: conf: finish parsing [77171] dbg: config: score set 1 chosen. [77171] dbg: message: main message type: text/plain check: no loaded plugin implements 'check_main': cannot scan! at /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 164. I don't understand what's wrong with the config directives " use_dcc 0", " use_pyzor 0", "use_razor1 0" and "use_razor2 0"? Is there a something wrong in the PerMsgStatus.pm on line 164? There is the following Code: 158: # The primary check functionality occurs via a plugin call. For more 159: # information, please see: Mail::SpamAssassin::Plugin::Check 160: if (!$self->{main}->call_plugins ("check_main", { permsgstatus => $self })) 161: { 162: # did anything happen? if not, this is fatal 163: if (!$self->{main}->have_plugin("check_main")) { 164: die "check: no loaded plugin implements 'check_main': cannot scan!"; 165: } 166: } Hope that helps. Cheers Daniel -----Urspr?ngliche Nachricht----- Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Im Auftrag von Glenn Steen Gesendet: Mittwoch, 20. Juni 2007 12:44 An: Mailscanner Betreff: Re: MCP Check not working On 20/06/07, Daniel Fuhrer wrote: > Hi Glenn > Ok her is he output. > (snip) > > Does that help? > Nope, sorry... I forgot to set the relevant siteconfigdir etc ... Try do this instead: 1) Create a very basic "testmessage" like this: echo "Subject: this subject is banned\ this text is banned" > testmcp.txt 2) Run it through like this: spamassassin -D -t -C /etc/MailScanner/mcp/ --siteconfigpath=/etc/MailScanner/mcp/ -p /etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf < testmcp.txt 2>&1 | less -e (that is all on one line...) If everything is correct, you should get a score of 7 on that... Else you should eb seeing some error messages (the ones about missing directives like use_dcc (etc) shouldn't matter one whit... But you might see whatever is preventing things from working;). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From tim.sattler at nordcapital.com Wed Jun 20 14:49:02 2007 From: tim.sattler at nordcapital.com (Sattler, Tim) Date: Wed Jun 20 14:49:21 2007 Subject: OT: pdf spam Message-ID: Hello, today we received a lot of penny stock spam with just dummy text and a pdf attachment "_report.pdf". All "spammy" key words are inside the pdf document, so these mails are not marked as spam in the majority of cases. If this becomes fashion, I guess it will require new techniques like regex filtering inside attachments or hash databases for "spammy" documents. Best regards Tim Sattler From glenn.steen at gmail.com Wed Jun 20 15:07:29 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Jun 20 15:07:31 2007 Subject: MCP Check not working In-Reply-To: <96EF3FB3C374A64187CCB0D0DA716F2446E9@idefix.danielf.local> References: <96EF3FB3C374A64187CCB0D0DA716F2446E3@idefix.danielf.local> <96EF3FB3C374A64187CCB0D0DA716F2446E4@idefix.danielf.local> <223f97700706190501u4b16bf00scbddbe1f9a9c61a9@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E5@idefix.danielf.local> <223f97700706190621p3206d346t9f3eb2c89447e495@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E7@idefix.danielf.local> <223f97700706191403g4ac4bd17l328277e1c92c3f39@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E8@idefix.danielf.local> <223f97700706200343o2b9a4a8em879b3431492e45bf@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E9@idefix.danielf.local> Message-ID: <223f97700706200707y94e3e31s2c97369fe9308acc@mail.gmail.com> On 20/06/07, Daniel Fuhrer wrote: > Hi Glenn > Here is the output: > (snip) > check: no loaded plugin implements 'check_main': cannot scan! at /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 164. > The line above indicates the error... You don't have a v320.pre file in /etc/MailScanner/mcp ... This is fixed in the latest (trust Jules;), but apparantly not in the version you installed... You can create it, it only need contain one line... Here is mine: ---------- # cat /etc/MailScanner/mcp/v320.pre # Check - Provides main check functionality # loadplugin Mail::SpamAssassin::Plugin::Check ---------- then perhaps restart MailScanner to reinstantiate MCP. > I don't understand what's wrong with the config directives " use_dcc 0", " use_pyzor 0", "use_razor1 0" and "use_razor2 0"? Pretty much as with the actual error above... These are now implemented in plugins, so ... if you don't load the plugin, you don't have anything understanding the parameter:-). MCP don't use, and don't need, those... One could argue that one should make some IfPlugin statements around them, or just plan comment them out... But they do no real harm either... And they are needed if you run with an old SA (to implement MCP)... So just ignore those errors. > Is there a something wrong in the PerMsgStatus.pm on line 164? No. It is the fact that there is no handler for check_main that is the problem, and it is cured by loading the plugin that now implements it. > There is the following Code: > > 158: # The primary check functionality occurs via a plugin call. For more > 159: # information, please see: Mail::SpamAssassin::Plugin::Check > 160: if (!$self->{main}->call_plugins ("check_main", { permsgstatus => $self })) > 161: { > 162: # did anything happen? if not, this is fatal > 163: if (!$self->{main}->have_plugin("check_main")) { > 164: die "check: no loaded plugin implements 'check_main': cannot scan!"; > 165: } > 166: } > > > Hope that helps. As do I:-) > Cheers Daniel Cheers to you too -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From list-mailscanner at linguaphone.com Wed Jun 20 15:35:40 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Jun 20 15:35:52 2007 Subject: OT: pdf spam In-Reply-To: References: Message-ID: <1182350139.12630.4.camel@gblades-suse.linguaphone-intranet.co.uk> On Wed, 2007-06-20 at 14:49, Sattler, Tim wrote: > Hello, > > today we received a lot of penny stock spam with just dummy text and a > pdf attachment "_report.pdf". All "spammy" key words are > inside the pdf document, so these mails are not marked as spam in the > majority of cases. If this becomes fashion, I guess it will require new > techniques like regex filtering inside attachments or hash databases for > "spammy" documents. I was just about to post about these myself. I have attached an example. I have found if I use 'less' to view the document it renders it to plain text and is very readable. So would it be possible to convert a pdf to plain text and append it to the email message for the purposes of the spamassassin checks? Alternativly perhaps this is a job for MCP? Another possibility would be for the author of fuzzyocr to recognise .pdf files and render them so they can be scanned for keywords. I can think of a few keyword and load issues this could cause though. From j.ede at birchenallhowden.co.uk Wed Jun 20 15:40:43 2007 From: j.ede at birchenallhowden.co.uk (Jason Ede) Date: Wed Jun 20 15:43:38 2007 Subject: OT: pdf spam In-Reply-To: <1182350139.12630.4.camel@gblades-suse.linguaphone-intranet.co.uk> References: , <1182350139.12630.4.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: [snip] Another possibility would be for the author of fuzzyocr to recognise .pdf files and render them so they can be scanned for keywords. I can think of a few keyword and load issues this could cause though. Yes, but I'm guessing that as fuzzyocr currently does with images then it would generate a checksum for each pdf and therefore the expesive decoding need only occur once for each pdf? Also I'm guessing the same checksum approach could be used if the pdf was rendered into readable format using less. Jason From daniel.maher at ubisoft.com Wed Jun 20 15:52:50 2007 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Wed Jun 20 15:52:53 2007 Subject: OT: pdf spam In-Reply-To: <1182350139.12630.4.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <1E293D3FF63A3740B10AD5AAD88535D2051FF882@UBIMAIL1.ubisoft.org> > I was just about to post about these myself. I have attached an example. > > I have found if I use 'less' to view the document it renders it to plain > text and is very readable. So would it be possible to convert a pdf to > plain text and append it to the email message for the purposes of the > spamassassin checks? > > Alternativly perhaps this is a job for MCP? > > Another possibility would be for the author of fuzzyocr to recognise > .pdf files and render them so they can be scanned for keywords. I can > think of a few keyword and load issues this could cause though. I'm not sure that the example was attached - at the very least, I didn't get it over here. :) Would you be so kind as to forward a sample? Thanks! -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator "The most incomprehensible thing about the world is that it is comprehensible." -- Albert Einstein. From martinh at solidstatelogic.com Wed Jun 20 15:57:00 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jun 20 15:57:10 2007 Subject: OT: pdf spam In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D2051FF882@UBIMAIL1.ubisoft.org> Message-ID: <7ae6254e523b3148b02a58977ee56f4a@solidstatelogic.com> Or post it to pastebin or somethinh.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Daniel Maher > Sent: 20 June 2007 15:53 > To: MailScanner discussion > Subject: RE: OT: pdf spam > > > I was just about to post about these myself. I have attached an example. > > > > I have found if I use 'less' to view the document it renders it to plain > > text and is very readable. So would it be possible to convert a pdf to > > plain text and append it to the email message for the purposes of the > > spamassassin checks? > > > > Alternativly perhaps this is a job for MCP? > > > > Another possibility would be for the author of fuzzyocr to recognise > > .pdf files and render them so they can be scanned for keywords. I can > > think of a few keyword and load issues this could cause though. > > I'm not sure that the example was attached - at the very least, I didn't > get it over here. :) Would you be so kind as to forward a sample? > Thanks! > > > -- > _ > ?v? Daniel Maher > /(_)\ Administrateur Syst?me Unix > ^ ^ Unix System Administrator > > "The most incomprehensible thing about the world is that it is > comprehensible." -- Albert Einstein. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From btaber at diversecg.com Wed Jun 20 15:58:47 2007 From: btaber at diversecg.com (Brian Taber) Date: Wed Jun 20 15:58:50 2007 Subject: MailScanner/Postfix local users Message-ID: <40084.192.168.250.51.1182351527.squirrel@mail.diversecg.com> I have MailScanner setup with Postfix using the single instance Hold queue method (http://www.mailscanner.info/install/postfix.shtml). Everything works fine for incomming messages, the issue is with local authenticated users. I would like to have MS assign a negative score to locally authenticated users but I have been unable to find a way. They are getting picked up as spam because they are mostly dial-up/dynamic users and ther mail is incorrectly getting marked. I don't want to disable the scanning of local users completely because users might have accounts ompromised and the server is used to relay spam, and MS catches it (happened in the past). Any help would be appreciated. From Q.G.Campbell at newcastle.ac.uk Wed Jun 20 16:04:00 2007 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Wed Jun 20 16:04:56 2007 Subject: Rules_du_Jour script Message-ID: <4165CF7A7F12DE4B96622CCBB90586470AA7EA75@largo.campus.ncl.ac.uk> Is there any source of the Rules_du_Jour script other than sandgnat.com? The latter has disappeared from the DNS. Quentin From list-mailscanner at linguaphone.com Wed Jun 20 16:08:59 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Jun 20 16:09:12 2007 Subject: OT: pdf spam In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D2051FF882@UBIMAIL1.ubisoft.org> References: <1E293D3FF63A3740B10AD5AAD88535D2051FF882@UBIMAIL1.ubisoft.org> Message-ID: <1182352139.12630.10.camel@gblades-suse.linguaphone-intranet.co.uk> On Wed, 2007-06-20 at 15:52, Daniel Maher wrote: > > I was just about to post about these myself. I have attached an example. > > > > I have found if I use 'less' to view the document it renders it to plain > > text and is very readable. So would it be possible to convert a pdf to > > plain text and append it to the email message for the purposes of the > > spamassassin checks? > > > > Alternativly perhaps this is a job for MCP? > > > > Another possibility would be for the author of fuzzyocr to recognise > > .pdf files and render them so they can be scanned for keywords. I can > > think of a few keyword and load issues this could cause though. > > I'm not sure that the example was attached - at the very least, I didn't get it over here. :) Would you be so kind as to forward a sample? Thanks! > It was too big to send so I have uploaded it :- http://www.gbnetwork.co.uk/temp/ee_report.pdf From smlists at shaw.ca Wed Jun 20 16:10:35 2007 From: smlists at shaw.ca (Steve Mason) Date: Wed Jun 20 16:11:13 2007 Subject: Rules_du_Jour script In-Reply-To: <4165CF7A7F12DE4B96622CCBB90586470AA7EA75@largo.campus.ncl.ac.uk> References: <4165CF7A7F12DE4B96622CCBB90586470AA7EA75@largo.campus.ncl.ac.uk> Message-ID: <000001c7b34d$2759d1c0$fa24010a@mcscore> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Quentin Campbell Sent: June 20, 2007 9:04 AM To: MailScanner discussion Subject: Rules_du_Jour script Is there any source of the Rules_du_Jour script other than sandgnat.com? The latter has disappeared from the DNS. Quentin >From the MAQ :) http://www.fsl.com/support/Rules_Du_Jour.tar.gz Steve From glenn.steen at gmail.com Wed Jun 20 16:23:30 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Jun 20 16:23:32 2007 Subject: OT: pdf spam In-Reply-To: <1182352139.12630.10.camel@gblades-suse.linguaphone-intranet.co.uk> References: <1E293D3FF63A3740B10AD5AAD88535D2051FF882@UBIMAIL1.ubisoft.org> <1182352139.12630.10.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <223f97700706200823p54e3fd3bv50679b9026bd7a46@mail.gmail.com> On 20/06/07, Gareth wrote: > On Wed, 2007-06-20 at 15:52, Daniel Maher wrote: > > > I was just about to post about these myself. I have attached an example. > > > > > > I have found if I use 'less' to view the document it renders it to plain > > > text and is very readable. So would it be possible to convert a pdf to > > > plain text and append it to the email message for the purposes of the > > > spamassassin checks? > > > > > > Alternativly perhaps this is a job for MCP? > > > > > > Another possibility would be for the author of fuzzyocr to recognise > > > .pdf files and render them so they can be scanned for keywords. I can > > > think of a few keyword and load issues this could cause though. > > > > I'm not sure that the example was attached - at the very least, I didn't get it over here. :) Would you be so kind as to forward a sample? Thanks! > > > It was too big to send so I have uploaded it :- > http://www.gbnetwork.co.uk/temp/ee_report.pdf > Ow, looks good, doesn't it:-). I wonder if one could do something with pdftotext (that less uses), since it mostly is text anyway ... pdftotext (or similar tools... that's just the one used by lesspipe) aren't that horrendous, not like fuzzyocr, but still... and how soon the b*stards will start having "only image PDFs"... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Wed Jun 20 16:33:11 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 20 16:36:35 2007 Subject: OT: pdf spam In-Reply-To: <1182350139.12630.4.camel@gblades-suse.linguaphone-intranet.co.uk> References: <1182350139.12630.4.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <467948B7.2040400@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070620/452523b3/PGP.bin From sandrews at andrewscompanies.com Wed Jun 20 16:50:05 2007 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Wed Jun 20 16:50:12 2007 Subject: Mail Flow Options In-Reply-To: <467948B7.2040400@ecs.soton.ac.uk> References: <1182350139.12630.4.camel@gblades-suse.linguaphone-intranet.co.uk> <467948B7.2040400@ecs.soton.ac.uk> Message-ID: <1964AAFBC212F742958F9275BF63DBB04B0CC0@winchester.andrewscompanies.com> Is there any configuration in MS where, say it hits my high score threshold that MS won't both passing it to the virus scanner? Related, what's the flow of a message? sendmail---MS--clamav---etc? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070620/abe5ad36/attachment.html From prandal at herefordshire.gov.uk Wed Jun 20 16:38:32 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Jun 20 16:51:34 2007 Subject: OT: pdf spam In-Reply-To: <1182352139.12630.10.camel@gblades-suse.linguaphone-intranet.co.uk> References: <1E293D3FF63A3740B10AD5AAD88535D2051FF882@UBIMAIL1.ubisoft.org> <1182352139.12630.10.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAF794FE@HC-MBX02.herefordshire.gov.uk> Can you upload the raw email too? Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Gareth > Sent: 20 June 2007 16:09 > To: MailScanner discussion > Subject: RE: OT: pdf spam > > On Wed, 2007-06-20 at 15:52, Daniel Maher wrote: > > > I was just about to post about these myself. I have > attached an example. > > > > > > I have found if I use 'less' to view the document it > renders it to plain > > > text and is very readable. So would it be possible to > convert a pdf to > > > plain text and append it to the email message for the > purposes of the > > > spamassassin checks? > > > > > > Alternativly perhaps this is a job for MCP? > > > > > > Another possibility would be for the author of fuzzyocr > to recognise > > > .pdf files and render them so they can be scanned for > keywords. I can > > > think of a few keyword and load issues this could cause though. > > > > I'm not sure that the example was attached - at the very > least, I didn't get it over here. :) Would you be so kind as > to forward a sample? Thanks! > > > It was too big to send so I have uploaded it :- > http://www.gbnetwork.co.uk/temp/ee_report.pdf > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From prandal at herefordshire.gov.uk Wed Jun 20 16:45:58 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Jun 20 16:53:43 2007 Subject: OT: pdf spam In-Reply-To: <223f97700706200823p54e3fd3bv50679b9026bd7a46@mail.gmail.com> References: <1E293D3FF63A3740B10AD5AAD88535D2051FF882@UBIMAIL1.ubisoft.org><1182352139.12630.10.camel@gblades-suse.linguaphone-intranet.co.uk> <223f97700706200823p54e3fd3bv50679b9026bd7a46@mail.gmail.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAF79503@HC-MBX02.herefordshire.gov.uk> pdftotext does indeed convert that example into text we can do things with. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Glenn Steen > Sent: 20 June 2007 16:24 > To: MailScanner discussion > Subject: Re: OT: pdf spam > > On 20/06/07, Gareth wrote: > > On Wed, 2007-06-20 at 15:52, Daniel Maher wrote: > > > > I was just about to post about these myself. I have > attached an example. > > > > > > > > I have found if I use 'less' to view the document it > renders it to plain > > > > text and is very readable. So would it be possible to > convert a pdf to > > > > plain text and append it to the email message for the > purposes of the > > > > spamassassin checks? > > > > > > > > Alternativly perhaps this is a job for MCP? > > > > > > > > Another possibility would be for the author of fuzzyocr > to recognise > > > > .pdf files and render them so they can be scanned for > keywords. I can > > > > think of a few keyword and load issues this could cause though. > > > > > > I'm not sure that the example was attached - at the very > least, I didn't get it over here. :) Would you be so kind as > to forward a sample? Thanks! > > > > > It was too big to send so I have uploaded it :- > > http://www.gbnetwork.co.uk/temp/ee_report.pdf > > > Ow, looks good, doesn't it:-). > I wonder if one could do something with pdftotext (that less uses), > since it mostly is text anyway ... pdftotext (or similar tools... > that's just the one used by lesspipe) aren't that horrendous, not like > fuzzyocr, but still... and how soon the b*stards will start having > "only image PDFs"... > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From david at gnsa.us Wed Jun 20 17:11:28 2007 From: david at gnsa.us (David Nalley) Date: Wed Jun 20 17:11:32 2007 Subject: Rules_du_Jour script In-Reply-To: <4165CF7A7F12DE4B96622CCBB90586470AA7EA75@largo.campus.ncl.ac.uk> References: <4165CF7A7F12DE4B96622CCBB90586470AA7EA75@largo.campus.ncl.ac.uk> Message-ID: <467951B0.4040405@gnsa.us> If you are using MailScanner, why not use the one from FSL, it works quite well. http://www.fsl.com/support/Rules_Du_Jour.tar.gz Quentin Campbell wrote: > Is there any source of the Rules_du_Jour script other than sandgnat.com? > The latter has disappeared from the DNS. > > Quentin > From Richard.Frovarp at sendit.nodak.edu Wed Jun 20 17:25:19 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Wed Jun 20 17:25:25 2007 Subject: Mail Flow Options In-Reply-To: <1964AAFBC212F742958F9275BF63DBB04B0CC0@winchester.andrewscompanies.com> References: <1182350139.12630.4.camel@gblades-suse.linguaphone-intranet.co.uk> <467948B7.2040400@ecs.soton.ac.uk> <1964AAFBC212F742958F9275BF63DBB04B0CC0@winchester.andrewscompanies.com> Message-ID: <467954EF.1070700@sendit.nodak.edu> Steven Andrews wrote: > Is there any configuration in MS where, say it hits my high score > threshold that MS won't both passing it to the virus scanner? > > Related, what's the flow of a message? sendmail---MS--clamav---etc? What's your high spam action? If it is delete, it won't be passed to the virus scanner. Other actions might have that effect as well. From sandrews at andrewscompanies.com Wed Jun 20 17:32:59 2007 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Wed Jun 20 17:33:14 2007 Subject: Mail Flow Options In-Reply-To: <467954EF.1070700@sendit.nodak.edu> References: <1182350139.12630.4.camel@gblades-suse.linguaphone-intranet.co.uk> <467948B7.2040400@ecs.soton.ac.uk><1964AAFBC212F742958F9275BF63DBB04B0CC0@winchester.andrewscompanies.com> <467954EF.1070700@sendit.nodak.edu> Message-ID: <1964AAFBC212F742958F9275BF63DBB04B0CC7@winchester.andrewscompanies.com> It's delete. Thanks for the info. Is all non-high-scoring spam passed to the virus scanner or only mails with attachments? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Richard Frovarp Sent: Wednesday, June 20, 2007 12:25 PM To: MailScanner discussion Subject: Re: Mail Flow Options Steven Andrews wrote: > Is there any configuration in MS where, say it hits my high score > threshold that MS won't both passing it to the virus scanner? > > Related, what's the flow of a message? sendmail---MS--clamav---etc? What's your high spam action? If it is delete, it won't be passed to the virus scanner. Other actions might have that effect as well. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Richard.Frovarp at sendit.nodak.edu Wed Jun 20 18:02:59 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Wed Jun 20 18:03:05 2007 Subject: Mail Flow Options In-Reply-To: <1964AAFBC212F742958F9275BF63DBB04B0CC7@winchester.andrewscompanies.com> References: <1182350139.12630.4.camel@gblades-suse.linguaphone-intranet.co.uk> <467948B7.2040400@ecs.soton.ac.uk><1964AAFBC212F742958F9275BF63DBB04B0CC0@winchester.andrewscompanies.com> <467954EF.1070700@sendit.nodak.edu> <1964AAFBC212F742958F9275BF63DBB04B0CC7@winchester.andrewscompanies.com> Message-ID: <46795DC3.6030404@sendit.nodak.edu> Steven Andrews wrote: > It's delete. Thanks for the info. Is all non-high-scoring spam passed > to the virus scanner or only mails with attachments? > > All mail. Some virus scanners have definitions to catch certain types of junk mail. It would also be possible to have a virus contained in the body without an attachment, so everything needs to be scanned. From ssilva at sgvwater.com Wed Jun 20 17:25:18 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 20 18:09:05 2007 Subject: Mail Flow Options In-Reply-To: <1964AAFBC212F742958F9275BF63DBB04B0CC0@winchester.andrewscompanies.com> References: <1182350139.12630.4.camel@gblades-suse.linguaphone-intranet.co.uk> <467948B7.2040400@ecs.soton.ac.uk> <1964AAFBC212F742958F9275BF63DBB04B0CC0@winchester.andrewscompanies.com> Message-ID: Steven Andrews spake the following on 6/20/2007 8:50 AM: > Is there any configuration in MS where, say it hits my high score > threshold that MS won't both passing it to the virus scanner? > > Related, what's the flow of a message? sendmail---MS--clamav---etc? > high spam won't go to the virus scanners unless you have "Keep Spam And MCP Archive Clean = yes" -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From list-mailscanner at linguaphone.com Wed Jun 20 18:10:15 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Jun 20 18:10:22 2007 Subject: OT: pdf spam In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBAF794FE@HC-MBX02.herefordshire.gov.uk> Message-ID: 3 examples http://www.gbnetwork.co.uk/temp/1192.gz http://www.gbnetwork.co.uk/temp/1193.gz http://www.gbnetwork.co.uk/temp/1194.gz > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Randal, > Phil > Sent: 20 June 2007 16:39 > To: MailScanner discussion > Subject: RE: OT: pdf spam > > > Can you upload the raw email too? > > Cheers, > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Gareth > > Sent: 20 June 2007 16:09 > > To: MailScanner discussion > > Subject: RE: OT: pdf spam > > > > On Wed, 2007-06-20 at 15:52, Daniel Maher wrote: > > > > I was just about to post about these myself. I have > > attached an example. > > > > > > > > I have found if I use 'less' to view the document it > > renders it to plain > > > > text and is very readable. So would it be possible to > > convert a pdf to > > > > plain text and append it to the email message for the > > purposes of the > > > > spamassassin checks? > > > > > > > > Alternativly perhaps this is a job for MCP? > > > > > > > > Another possibility would be for the author of fuzzyocr > > to recognise > > > > .pdf files and render them so they can be scanned for > > keywords. I can > > > > think of a few keyword and load issues this could cause though. > > > > > > I'm not sure that the example was attached - at the very > > least, I didn't get it over here. :) Would you be so kind as > > to forward a sample? Thanks! > > > > > It was too big to send so I have uploaded it :- > > http://www.gbnetwork.co.uk/temp/ee_report.pdf > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From mkettler at evi-inc.com Wed Jun 20 18:11:16 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Jun 20 18:17:16 2007 Subject: SA 3.2.1 problem In-Reply-To: <4165CF7A7F12DE4B96622CCBB90586470AA7E9BB@largo.campus.ncl.ac.uk> References: <4165CF7A7F12DE4B96622CCBB90586470AA7E9BB@largo.campus.ncl.ac.uk> Message-ID: <46795FB4.5070904@evi-inc.com> Quentin Campbell wrote: > Have installed SA 3.2.1 with MS 4.63.3-1. > > A 'spamassassin --lint' throws up a number of warnings for some of the > SAR rules. > > EG: > > [12334] warn: rules: failed to run __SARE_HTML_HAS_DIV test, skipping: > [12334] warn: (Can't locate object method "html_tag_exists" via package > "Mail::SpamAssassin::PerMsgStatus" at (eval 1299) line 153. > > The '__SARE_HTML_HAS_DIV' test in 70_sare_html.cf does an > 'eval:html_tag_exists('div')'. > > However the 'html_tag_exits' function is no longer present in SA 3.2.1 > (it was in ~spamassassin/EvalTests.pm which is no longer present in SA > 3.2.1). > This should now be in Plugin/HTMLEval.pm That plugin should be loaded by default in v320.pre, which ought be in your site rules directory (ie: /etc/mail/spamassassin/) From ssilva at sgvwater.com Wed Jun 20 17:21:18 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 20 18:32:59 2007 Subject: OT: pdf spam In-Reply-To: <223f97700706200823p54e3fd3bv50679b9026bd7a46@mail.gmail.com> References: <1E293D3FF63A3740B10AD5AAD88535D2051FF882@UBIMAIL1.ubisoft.org> <1182352139.12630.10.camel@gblades-suse.linguaphone-intranet.co.uk> <223f97700706200823p54e3fd3bv50679b9026bd7a46@mail.gmail.com> Message-ID: Glenn Steen spake the following on 6/20/2007 8:23 AM: > On 20/06/07, Gareth wrote: >> On Wed, 2007-06-20 at 15:52, Daniel Maher wrote: >> > > I was just about to post about these myself. I have attached an >> example. >> > > >> > > I have found if I use 'less' to view the document it renders it to >> plain >> > > text and is very readable. So would it be possible to convert a >> pdf to >> > > plain text and append it to the email message for the purposes of the >> > > spamassassin checks? >> > > >> > > Alternativly perhaps this is a job for MCP? >> > > >> > > Another possibility would be for the author of fuzzyocr to recognise >> > > .pdf files and render them so they can be scanned for keywords. I can >> > > think of a few keyword and load issues this could cause though. >> > >> > I'm not sure that the example was attached - at the very least, I >> didn't get it over here. :) Would you be so kind as to forward a >> sample? Thanks! >> > >> It was too big to send so I have uploaded it :- >> http://www.gbnetwork.co.uk/temp/ee_report.pdf >> > Ow, looks good, doesn't it:-). > I wonder if one could do something with pdftotext (that less uses), > since it mostly is text anyway ... pdftotext (or similar tools... > that's just the one used by lesspipe) aren't that horrendous, not like > fuzzyocr, but still... and how soon the b*stards will start having > "only image PDFs"... > That explains why it was unintelligible on my system. No xpdf so no pdftotext. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From rcooper at dwford.com Wed Jun 20 18:40:34 2007 From: rcooper at dwford.com (Rick Cooper) Date: Wed Jun 20 18:40:41 2007 Subject: Rules_du_Jour script In-Reply-To: <000001c7b34d$2759d1c0$fa24010a@mcscore> References: <4165CF7A7F12DE4B96622CCBB90586470AA7EA75@largo.campus.ncl.ac.uk> <000001c7b34d$2759d1c0$fa24010a@mcscore> Message-ID: <0bfc01c7b362$1b3bf6b0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Steve Mason > Sent: Wednesday, June 20, 2007 11:11 AM > To: 'MailScanner discussion' > Subject: RE: Rules_du_Jour script > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Quentin > Campbell > Sent: June 20, 2007 9:04 AM > To: MailScanner discussion > Subject: Rules_du_Jour script > > Is there any source of the Rules_du_Jour script other than > sandgnat.com? > The latter has disappeared from the DNS. > > Quentin > > > >From the MAQ :) > > http://www.fsl.com/support/Rules_Du_Jour.tar.gz > > Steve > > -- Prefered method is via sa-update http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Jun 20 18:38:32 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 20 18:41:42 2007 Subject: MCP patching SpamAssassin Message-ID: <46796618.7070106@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 After looking at the source for 3.2.1, I have come up with a far easier way of making SpamAssassin search binary attachments as well as just text and HTML, when doing MCP tests. The new method involves just a single 1-line patch to Util.pm. This will be in the next release, and should be far simpler to maintain across future versions, as it works at a much lower level, in a utility function for reading the MIME type of an attachment. I would advise anyone using SpamAssassin version 3.2.0 or higher to switch to the new method when I release it. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGeWYcEfZZRxQVtlQRArbJAJ4jiO9oBhE+Eq1xeDbMLVwW/wLDcwCgni/C f/VlgCDaKhuT7huy26Faqgk= =pkT/ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From rcooper at dwford.com Wed Jun 20 20:12:29 2007 From: rcooper at dwford.com (Rick Cooper) Date: Wed Jun 20 20:12:59 2007 Subject: OT: pdf spam In-Reply-To: <223f97700706200823p54e3fd3bv50679b9026bd7a46@mail.gmail.com> References: <1E293D3FF63A3740B10AD5AAD88535D2051FF882@UBIMAIL1.ubisoft.org><1182352139.12630.10.camel@gblades-suse.linguaphone-intranet.co.uk> <223f97700706200823p54e3fd3bv50679b9026bd7a46@mail.gmail.com> Message-ID: <0c0901c7b36e$fd836650$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Glenn Steen > Sent: Wednesday, June 20, 2007 11:24 AM > To: MailScanner discussion > Subject: Re: OT: pdf spam > [...] > Ow, looks good, doesn't it:-). > I wonder if one could do something with pdftotext (that less uses), > since it mostly is text anyway ... pdftotext (or similar tools... > that's just the one used by lesspipe) aren't that > horrendous, not like > fuzzyocr, but still... and how soon the b*stards will start having > "only image PDFs"... > Not too difficult to handle with pdftotext, however you have to remove all the missing header stuff form the report, recalc the score without the missin header stuff (I have a proof of concept program written), and of course if it's only an image file you have to extract the image (and probably convert from .ppm to .jpg), create a dummy email and attach the image so fuzzy would work on it. This is why I wish SpamAssassin supported pre-processors which would be a better use of FuzzyOcr. It would create the additional text and SpamAssassin would consider that ouput with the message it's self. I have suggested adding pre-processing to SpamAssassin before and have never gotten a response. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From binaryflow at gmail.com Thu Jun 21 02:32:32 2007 From: binaryflow at gmail.com (Douglas Ward) Date: Thu Jun 21 02:32:36 2007 Subject: Bayes will not run auto/manual expiry Message-ID: I found an abort message in spamassassin (bayes related). Does this look bad? Has my bayes db grown too large to expire? Should I clear it and start over? Any thoughts would be most helpful. Thanks! [root@mx spamassassin]# spamassassin -D --lint [8615] dbg: bayes: DB journal sync: last sync: 1182387243 [8615] dbg: bayes: corpus size: nspam = 41590, nham = 136390 [8615] dbg: bayes: score = 0.613357629956347 [8615] dbg: bayes: DB expiry: tokens in DB: 316397, Expiry max size: 150000, Oldest atime: 1176182136, Newest atime: 1182386879, Last expire: 1176225633, Current time: 1182389157 [8615] dbg: bayes: opportunistic call found expiry due [8615] dbg: bayes: bayes journal sync starting [8615] dbg: locker: safe_lock: created /etc/MailScanner/bayes/bayes.mutex [8615] dbg: locker: safe_lock: trying to get lock on /etc/MailScanner/bayes/bayes with 10 timeout [8615] dbg: locker: safe_lock: link to /etc/MailScanner/bayes/bayes.mutex: link ok [8615] dbg: bayes: tie-ing to DB file R/W /etc/MailScanner/bayes/bayes_toks [8615] dbg: bayes: tie-ing to DB file R/W /etc/MailScanner/bayes/bayes_seen [8615] dbg: bayes: found bayes db version 3 [8615] dbg: locker: refresh_lock: refresh /etc/MailScanner/bayes/bayes.mutex [8615] dbg: bayes: synced databases from journal in 0 seconds: 370 unique entries (400 total entries) [8615] dbg: bayes: bayes journal sync completed [8615] dbg: bayes: expiry starting [8615] dbg: locker: refresh_lock: refresh /etc/MailScanner/bayes/bayes.mutex [8615] dbg: locker: refresh_lock: refresh /etc/MailScanner/bayes/bayes.mutex [8615] dbg: bayes: DB expiry: tokens in DB: 316397, Expiry max size: 150000, Oldest atime: 1176182136, Newest atime: 1182387535, Last expire: 1176225633, Current time: 1182389157 [8615] dbg: bayes: expiry check keep size, 0.75 * max: 112500 [8615] dbg: bayes: token count: 316397, final goal reduction size: 203897 [8615] dbg: bayes: first pass? current: 1182389157, Last: 1176225633, atime: 43200, count: 161535, newdelta: 34224, ratio: 1.26224657195035, period: 43200 [8615] dbg: bayes: can't use estimation method for expiry, unexpected result, calculating optimal atime delta (first pass) [8615] dbg: bayes: expiry max exponent: 9 [8615] dbg: bayes: atime token reduction [8615] dbg: bayes: ======== =============== [8615] dbg: bayes: 43200 73442 [8615] dbg: bayes: 86400 70494 [8615] dbg: bayes: 172800 64774 [8615] dbg: bayes: 345600 61009 [8615] dbg: bayes: 691200 56206 [8615] dbg: bayes: 1382400 48678 [8615] dbg: bayes: 2764800 39890 [8615] dbg: bayes: 5529600 26596 [8615] dbg: bayes: 11059200 0 [8615] dbg: bayes: 22118400 0 [8615] dbg: bayes: first pass decided on 43200 for atime delta [8615] dbg: bayes: token expiration would expire too many tokens, aborting [8615] dbg: bayes: untie-ing [8615] dbg: bayes: untie-ing db_toks [8615] dbg: bayes: untie-ing db_seen [8615] dbg: bayes: files locked, now unlocking lock [8615] dbg: locker: safe_unlock: unlocked /etc/MailScanner/bayes/bayes.mutex [8615] dbg: bayes: expired old bayes database entries in 31 seconds: 316397 entries kept, 0 deleted [8615] dbg: bayes: expiry completed [root@mx spamassassin]# sa-learn --force-expire bayes: synced databases from journal in 0 seconds: 2 unique entries (2 total entries) expired old bayes database entries in 31 seconds 316397 entries kept, 0 deleted token frequency: 1-occurrence tokens: 0.00% token frequency: less than 8 occurrences: 0.00% -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070620/f23b2f4b/attachment.html From daniel at danielf.ch Thu Jun 21 06:35:31 2007 From: daniel at danielf.ch (Daniel Fuhrer) Date: Thu Jun 21 06:35:35 2007 Subject: AW: MCP Check not working In-Reply-To: <223f97700706200707y94e3e31s2c97369fe9308acc@mail.gmail.com> References: <96EF3FB3C374A64187CCB0D0DA716F2446E3@idefix.danielf.local><96EF3FB3C374A64187CCB0D0DA716F2446E4@idefix.danielf.local><223f97700706190501u4b16bf00scbddbe1f9a9c61a9@mail.gmail.com><96EF3FB3C374A64187CCB0D0DA716F2446E5@idefix.danielf.local><223f97700706190621p3206d346t9f3eb2c89447e495@mail.gmail.com><96EF3FB3C374A64187CCB0D0DA716F2446E7@idefix.danielf.local><223f97700706191403g4ac4bd17l328277e1c92c3f39@mail.gmail.com><96EF3FB3C374A64187CCB0D0DA716F2446E8@idefix.danielf.local><223f97700706200343o2b9a4a8em879b3431492e45bf@mail.gmail.com><96EF3FB3C374A64187CCB0D0DA716F2446E9@idefix.danielf.local> <223f97700706200707y94e3e31s2c97369fe9308acc@mail.gmail.com> Message-ID: <96EF3FB3C374A64187CCB0D0DA716F2446EA@idefix.danielf.local> Hi Glenn Thanks for your answer. I had a v320.pre (/usr/local/etc/mail/spamassassin/v320.pre) file. In there are the Lines: # Check - Provides main check functionality # loadplugin Mail::SpamAssassin::Plugin::Check # HTTPSMismatch - find URI mismatches between href and anchor text # loadplugin Mail::SpamAssassin::Plugin::HTTPSMismatch So I tried to comment this out. But still not working. Then I tried to copy it to the mcp Directory (/usr/local/etc/MailScanner/mcp/). But without success. In the same directory I have as well a v310.pre, v310.pre.sample and a v320.pre.sample For me it look, that SpamAssassin is not loading the Plugin for some reason. Cheer Daniel -----Urspr?ngliche Nachricht----- Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Im Auftrag von Glenn Steen Gesendet: Mittwoch, 20. Juni 2007 16:07 An: Mailscanner Betreff: Re: MCP Check not working On 20/06/07, Daniel Fuhrer wrote: > Hi Glenn > Here is the output: > (snip) > check: no loaded plugin implements 'check_main': cannot scan! at /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 164. > The line above indicates the error... You don't have a v320.pre file in /etc/MailScanner/mcp ... This is fixed in the latest (trust Jules;), but apparantly not in the version you installed... You can create it, it only need contain one line... Here is mine: ---------- # cat /etc/MailScanner/mcp/v320.pre # Check - Provides main check functionality # loadplugin Mail::SpamAssassin::Plugin::Check ---------- then perhaps restart MailScanner to reinstantiate MCP. > I don't understand what's wrong with the config directives " use_dcc 0", " use_pyzor 0", "use_razor1 0" and "use_razor2 0"? Pretty much as with the actual error above... These are now implemented in plugins, so ... if you don't load the plugin, you don't have anything understanding the parameter:-). MCP don't use, and don't need, those... One could argue that one should make some IfPlugin statements around them, or just plan comment them out... But they do no real harm either... And they are needed if you run with an old SA (to implement MCP)... So just ignore those errors. > Is there a something wrong in the PerMsgStatus.pm on line 164? No. It is the fact that there is no handler for check_main that is the problem, and it is cured by loading the plugin that now implements it. > There is the following Code: > > 158: # The primary check functionality occurs via a plugin call. For more > 159: # information, please see: Mail::SpamAssassin::Plugin::Check > 160: if (!$self->{main}->call_plugins ("check_main", { permsgstatus => $self })) > 161: { > 162: # did anything happen? if not, this is fatal > 163: if (!$self->{main}->have_plugin("check_main")) { > 164: die "check: no loaded plugin implements 'check_main': cannot scan!"; > 165: } > 166: } > > > Hope that helps. As do I:-) > Cheers Daniel Cheers to you too -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Q.G.Campbell at newcastle.ac.uk Thu Jun 21 08:03:46 2007 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Thu Jun 21 08:04:12 2007 Subject: SA 3.2.1 problem - solved In-Reply-To: <46795FB4.5070904@evi-inc.com> References: <4165CF7A7F12DE4B96622CCBB90586470AA7E9BB@largo.campus.ncl.ac.uk> <46795FB4.5070904@evi-inc.com> Message-ID: <4165CF7A7F12DE4B96622CCBB90586470AA7EADD@largo.campus.ncl.ac.uk> >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >bounces@lists.mailscanner.info] On Behalf Of Matt Kettler >Sent: 20 June 2007 18:11 >To: MailScanner discussion >Subject: Re: SA 3.2.1 problem > >Quentin Campbell wrote: >> Have installed SA 3.2.1 with MS 4.63.3-1. >> >> A 'spamassassin --lint' throws up a number of warnings for some of >the >> SAR rules. >> >> EG: >> >> [12334] warn: rules: failed to run __SARE_HTML_HAS_DIV test, skipping: >> [12334] warn: (Can't locate object method "html_tag_exists" via >package >> "Mail::SpamAssassin::PerMsgStatus" at (eval 1299) line 153. >> >> The '__SARE_HTML_HAS_DIV' test in 70_sare_html.cf does an >> 'eval:html_tag_exists('div')'. >> >> However the 'html_tag_exits' function is no longer present in SA 3.2.1 >> (it was in ~spamassassin/EvalTests.pm which is no longer present in SA >> 3.2.1). >> > >This should now be in Plugin/HTMLEval.pm > >That plugin should be loaded by default in v320.pre, which ought be in >your site rules directory (ie: /etc/mail/spamassassin/) >[snip] Matt Thanks for that. Installing the correct v320.pre file has fixed things for SA-3.2.1. It looks as if I had managed to overwrite the v320.pre installed by SA-3.2.1 with the v320.pre installed earlier by SA-3.2.0. Not sure why SA-3.2.1 didn't install a v321.pre as I have a v310.pre and a v312.pre in /etc/mail/spamassassin. NB Still have 'lint' problems after loading tripwire.cf from Rules Emporium. Have cleared out /etc/mail/spamassassin/RulesDuJour and re-run the rules_du_jour script to no good effect. For the moment have removed 'TRIPWIRE' from /etc/rulesdujour/config. Quentin From carl at theholidayclub.com Thu Jun 21 10:00:31 2007 From: carl at theholidayclub.com (Carl Werner) Date: Thu Jun 21 10:01:34 2007 Subject: Mailscanner not proccessing emails Message-ID: <6E47773645094FCF9E8C7C658813621F@thccwerner> Hi, I have done a clean install of Mailscanner from the sunrise overlay on Gentoo, together with Sendmail, Spamassassin and ClamAV. I followed the guide located at http://gentoo-wiki.com/HOWTO_Email_Virus_Scanner_--_Mailscanner#Configuratio n_for_Sendmail with the installation. The problem is that Mailscanner does not process the emails. I have setup Sendmail to run with SMTP auth (not sure if that is the problem). Sendmail is working perfectly even though Mailscanner is also running. The emails seem to bypass Mailscanner and is delivered directly. I have run Mailscanner in debug mode. The only errors that I have received is the following Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1050. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1052. [28333] dbg: config: read_scoreonly_config: cannot open "": No such file or directory When I disable the use of Spamassassin this error does not appear any more. Except for the normal info messages nothing else is shown and Mailscanner seems to be waiting for emails as input. What am I missing? Is there a problem with my incoming/outgoing queues in Mailscanner/Sendmail. Is Sendmail being started the right way? Any help would be appreciated. Regards Carl Werner -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070621/d4d9a64a/attachment.html From uxbod at splatnix.net Thu Jun 21 10:09:21 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Jun 21 10:10:17 2007 Subject: Mailscanner not proccessing emails In-Reply-To: <6E47773645094FCF9E8C7C658813621F@thccwerner> References: <6E47773645094FCF9E8C7C658813621F@thccwerner> Message-ID: <8a80e6b7bea7a4cf7fa6945a89528dc6@62.49.223.244> Hi, What is showing in /var/log/message when MailScanner is started ? Have you tried running MailScanner --lint ? Have you tried running MailScanner --debug-sa ? If you can post this information it will help us to diagnose. Regards, On Thu, 21 Jun 2007 11:00:31 +0200, "Carl Werner" wrote: > Hi, > > > > I have done a clean install of Mailscanner from the sunrise overlay on > Gentoo, together with Sendmail, Spamassassin and ClamAV. I followed the > guide located at > http://gentoo-wiki.com/HOWTO_Email_Virus_Scanner_--_Mailscanner#Configuratio > n_for_Sendmail with the installation. The problem is that Mailscanner does > not process the emails. I have setup Sendmail to run with SMTP auth (not > sure if that is the problem). Sendmail is working perfectly even though > Mailscanner is also running. The emails seem to bypass Mailscanner and is > delivered directly. I have run Mailscanner in debug mode. The only errors > that I have received is the following > > > > Use of uninitialized value in concatenation (.) or string at > /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1050. > > Use of uninitialized value in concatenation (.) or string at > /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1052. > > [28333] dbg: config: read_scoreonly_config: cannot open "": No such file > or > directory > > > > When I disable the use of Spamassassin this error does not appear any > more. > Except for the normal info messages nothing else is shown and Mailscanner > seems to be waiting for emails as input. > > > > What am I missing? Is there a problem with my incoming/outgoing queues in > Mailscanner/Sendmail. Is Sendmail being started the right way? Any help > would be appreciated. > > > > Regards > > > > Carl Werner > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is > believed to be clean. -- --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From prandal at herefordshire.gov.uk Thu Jun 21 10:36:53 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Jun 21 10:37:18 2007 Subject: MCP patching SpamAssassin In-Reply-To: <46796618.7070106@ecs.soton.ac.uk> References: <46796618.7070106@ecs.soton.ac.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAF7957A@HC-MBX02.herefordshire.gov.uk> Julian, Is there any chance of you raising a spamassassin bug to get this functionality included in the standard release? Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: 20 June 2007 18:39 > To: MailScanner discussion > Subject: MCP patching SpamAssassin > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > After looking at the source for 3.2.1, I have come up with a > far easier > way of making SpamAssassin search binary attachments as well as just > text and HTML, when doing MCP tests. > > The new method involves just a single 1-line patch to Util.pm. > > This will be in the next release, and should be far simpler > to maintain > across future versions, as it works at a much lower level, in > a utility > function for reading the MIME type of an attachment. > > I would advise anyone using SpamAssassin version 3.2.0 or higher to > switch to the new method when I release it. > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.1 (Build 1012) > Charset: ISO-8859-1 > > wj8DBQFGeWYcEfZZRxQVtlQRArbJAJ4jiO9oBhE+Eq1xeDbMLVwW/wLDcwCgni/C > f/VlgCDaKhuT7huy26Faqgk= > =pkT/ > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From carl at theholidayclub.com Thu Jun 21 10:39:17 2007 From: carl at theholidayclub.com (Carl Werner) Date: Thu Jun 21 10:40:33 2007 Subject: Mailscanner not proccessing emails In-Reply-To: <8a80e6b7bea7a4cf7fa6945a89528dc6@62.49.223.244> References: <6E47773645094FCF9E8C7C658813621F@thccwerner> <8a80e6b7bea7a4cf7fa6945a89528dc6@62.49.223.244> Message-ID: <67DA48CF76BC494FBF99472938E83438@thccwerner> Hi, /var/log/messages contain the following when Mailscanner is started Jun 21 11:35:39 mail3 sendmail[30540]: gethostbyaddr(10.2.0.233) failed: 1 Jun 21 11:35:39 mail3 sendmail[30540]: alias database /etc/mail/aliases rebuilt by root Jun 21 11:35:39 mail3 sendmail[30540]: /etc/mail/aliases: 1 aliases, longest 4 bytes, 14 bytes total Jun 21 11:35:39 mail3 sm-mta[30543]: gethostbyaddr(10.2.0.233) failed: 1 Jun 21 11:35:39 mail3 sm-mta[30544]: starting daemon (8.14.0): SMTP+queueing@00:30:00 Jun 21 11:35:39 mail3 sm-mta[30544]: STARTTLS: CRLFile missing Jun 21 11:35:39 mail3 sm-mta[30544]: STARTTLS=server, Diffie-Hellman init, key=512 bit (1) Jun 21 11:35:39 mail3 sm-mta[30544]: STARTTLS=server, init=1 Jun 21 11:35:39 mail3 sm-mta[30544]: started as: /usr/sbin/sendmail -bd -q30m -L sm-mta Jun 21 11:35:39 mail3 sm-cm[30547]: starting daemon (8.14.0): queueing@00:30:00 Jun 21 11:35:40 mail3 MailScanner[30571]: MailScanner E-Mail Virus Scanner version 4.57.6 starting... Jun 21 11:35:40 mail3 MailScanner[30571]: Read 759 hostnames from the phishing whitelist Jun 21 11:35:40 mail3 MailScanner[30571]: Using locktype = posix Jun 21 11:35:40 mail3 MailScanner[30571]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jun 21 11:35:45 mail3 MailScanner[30576]: MailScanner E-Mail Virus Scanner version 4.57.6 starting... Jun 21 11:35:45 mail3 MailScanner[30576]: Read 759 hostnames from the phishing whitelist Jun 21 11:35:45 mail3 MailScanner[30576]: Using locktype = posix Jun 21 11:35:45 mail3 MailScanner[30576]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jun 21 11:35:50 mail3 MailScanner[30577]: MailScanner E-Mail Virus Scanner version 4.57.6 starting... Jun 21 11:35:50 mail3 MailScanner[30577]: Read 759 hostnames from the phishing whitelist Jun 21 11:35:50 mail3 MailScanner[30577]: Using locktype = posix Jun 21 11:35:50 mail3 MailScanner[30577]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jun 21 11:35:55 mail3 MailScanner[30578]: MailScanner E-Mail Virus Scanner version 4.57.6 starting... Jun 21 11:35:55 mail3 MailScanner[30578]: Read 759 hostnames from the phishing whitelist Jun 21 11:35:56 mail3 MailScanner[30578]: Using locktype = posix Jun 21 11:35:56 mail3 MailScanner[30578]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Jun 21 11:36:00 mail3 MailScanner[30579]: MailScanner E-Mail Virus Scanner version 4.57.6 starting... Jun 21 11:36:00 mail3 MailScanner[30579]: Read 759 hostnames from the phishing whitelist Jun 21 11:36:00 mail3 MailScanner[30579]: Using locktype = posix Jun 21 11:36:00 mail3 MailScanner[30579]: Creating hardcoded struct_flock subroutine for linux (Linux-type) MailScanner --lint has the following output: Read 759 hostnames from the phishing whitelist Checking for SpamAssassin errors (if you use it)... Using locktype = posix Creating hardcoded struct_flock subroutine for linux (Linux-type) MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamav MailScanner --debug-sa does not give any output. Hope this helps Thanks Carl -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of --[ UxBoD ]-- Sent: 21 June 2007 11:09 AM To: MailScanner discussion Subject: Re: Mailscanner not proccessing emails Hi, What is showing in /var/log/message when MailScanner is started ? Have you tried running MailScanner --lint ? Have you tried running MailScanner --debug-sa ? If you can post this information it will help us to diagnose. Regards, On Thu, 21 Jun 2007 11:00:31 +0200, "Carl Werner" wrote: > Hi, > > > > I have done a clean install of Mailscanner from the sunrise overlay on > Gentoo, together with Sendmail, Spamassassin and ClamAV. I followed the > guide located at > http://gentoo-wiki.com/HOWTO_Email_Virus_Scanner_--_Mailscanner#Configuratio > n_for_Sendmail with the installation. The problem is that Mailscanner does > not process the emails. I have setup Sendmail to run with SMTP auth (not > sure if that is the problem). Sendmail is working perfectly even though > Mailscanner is also running. The emails seem to bypass Mailscanner and is > delivered directly. I have run Mailscanner in debug mode. The only errors > that I have received is the following > > > > Use of uninitialized value in concatenation (.) or string at > /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1050. > > Use of uninitialized value in concatenation (.) or string at > /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1052. > > [28333] dbg: config: read_scoreonly_config: cannot open "": No such file > or > directory > > > > When I disable the use of Spamassassin this error does not appear any > more. > Except for the normal info messages nothing else is shown and Mailscanner > seems to be waiting for emails as input. > > > > What am I missing? Is there a problem with my incoming/outgoing queues in > Mailscanner/Sendmail. Is Sendmail being started the right way? Any help > would be appreciated. > > > > Regards > > > > Carl Werner > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is > believed to be clean. -- --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Thu Jun 21 10:43:56 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jun 21 10:43:58 2007 Subject: MCP Check not working In-Reply-To: <96EF3FB3C374A64187CCB0D0DA716F2446EA@idefix.danielf.local> References: <96EF3FB3C374A64187CCB0D0DA716F2446E3@idefix.danielf.local> <96EF3FB3C374A64187CCB0D0DA716F2446E5@idefix.danielf.local> <223f97700706190621p3206d346t9f3eb2c89447e495@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E7@idefix.danielf.local> <223f97700706191403g4ac4bd17l328277e1c92c3f39@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E8@idefix.danielf.local> <223f97700706200343o2b9a4a8em879b3431492e45bf@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E9@idefix.danielf.local> <223f97700706200707y94e3e31s2c97369fe9308acc@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446EA@idefix.danielf.local> Message-ID: <223f97700706210243m1c35033fg436d73d0d14dce85@mail.gmail.com> On 21/06/07, Daniel Fuhrer wrote: > Hi Glenn > Thanks for your answer. > I had a v320.pre (/usr/local/etc/mail/spamassassin/v320.pre) file. In there are the Lines: Daniel, stop right there and go back and read my last message again. MCP is all about running a second _specially configured_ spamassassin instance. It does not, nor should it, read the standard spamassassin configuration files. So please, undo the damage you did to your v320.pre in /usr/etc/mail/spamassassin, and create a v320.pre in /etc/MailScanner/mcp (which is where MCP needs it to be), as I instructed in the previous message. > # Check - Provides main check functionality > # > loadplugin Mail::SpamAssassin::Plugin::Check > > # HTTPSMismatch - find URI mismatches between href and anchor text > # > loadplugin Mail::SpamAssassin::Plugin::HTTPSMismatch > > So I tried to comment this out. But still not working. Then I tried to copy it to the mcp Directory (/usr/local/etc/MailScanner/mcp/). But without success. > In the same directory I have as well a v310.pre, v310.pre.sample and a v320.pre.sample > > For me it look, that SpamAssassin is not loading the Plugin for some reason. That is because you haven't considered what MCP is ... a _second, separate_ invocation of spamassassin, that share _no_ configuration with the normal spamassassin run by MailScanner. The error is simply due to that second (MCP) invocation of spamassassin not finding a function that previously used to be part of spamassassin proper, but now is part of a plugin... so all you need do is tell that instance what plugin to load. And that is the whole point of the v320.pre file you need place in /etc/MailScanner/mcp ... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From uxbod at splatnix.net Thu Jun 21 10:45:21 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Jun 21 10:45:47 2007 Subject: Mailscanner not proccessing emails In-Reply-To: <67DA48CF76BC494FBF99472938E83438@thccwerner> References: <67DA48CF76BC494FBF99472938E83438@thccwerner> Message-ID: <855ec3480d39b7636dd1b9cee7ffb571@62.49.223.244> Also, grep "Queue Dir" MailScanner.conf do these match where you SendMail queues are ? On Thu, 21 Jun 2007 11:39:17 +0200, "Carl Werner" wrote: > Hi, > > /var/log/messages contain the following when Mailscanner is started > > Jun 21 11:35:39 mail3 sendmail[30540]: gethostbyaddr(10.2.0.233) failed: 1 > Jun 21 11:35:39 mail3 sendmail[30540]: alias database /etc/mail/aliases > rebuilt by root > Jun 21 11:35:39 mail3 sendmail[30540]: /etc/mail/aliases: 1 aliases, > longest > 4 bytes, 14 bytes total > Jun 21 11:35:39 mail3 sm-mta[30543]: gethostbyaddr(10.2.0.233) failed: 1 > Jun 21 11:35:39 mail3 sm-mta[30544]: starting daemon (8.14.0): > SMTP+queueing@00:30:00 > Jun 21 11:35:39 mail3 sm-mta[30544]: STARTTLS: CRLFile missing > Jun 21 11:35:39 mail3 sm-mta[30544]: STARTTLS=server, Diffie-Hellman init, > key=512 bit (1) > Jun 21 11:35:39 mail3 sm-mta[30544]: STARTTLS=server, init=1 > Jun 21 11:35:39 mail3 sm-mta[30544]: started as: /usr/sbin/sendmail -bd > -q30m -L sm-mta > Jun 21 11:35:39 mail3 sm-cm[30547]: starting daemon (8.14.0): > queueing@00:30:00 > Jun 21 11:35:40 mail3 MailScanner[30571]: MailScanner E-Mail Virus Scanner > version 4.57.6 starting... > Jun 21 11:35:40 mail3 MailScanner[30571]: Read 759 hostnames from the > phishing whitelist > Jun 21 11:35:40 mail3 MailScanner[30571]: Using locktype = posix > Jun 21 11:35:40 mail3 MailScanner[30571]: Creating hardcoded struct_flock > subroutine for linux (Linux-type) > Jun 21 11:35:45 mail3 MailScanner[30576]: MailScanner E-Mail Virus Scanner > version 4.57.6 starting... > Jun 21 11:35:45 mail3 MailScanner[30576]: Read 759 hostnames from the > phishing whitelist > Jun 21 11:35:45 mail3 MailScanner[30576]: Using locktype = posix > Jun 21 11:35:45 mail3 MailScanner[30576]: Creating hardcoded struct_flock > subroutine for linux (Linux-type) > Jun 21 11:35:50 mail3 MailScanner[30577]: MailScanner E-Mail Virus Scanner > version 4.57.6 starting... > Jun 21 11:35:50 mail3 MailScanner[30577]: Read 759 hostnames from the > phishing whitelist > Jun 21 11:35:50 mail3 MailScanner[30577]: Using locktype = posix > Jun 21 11:35:50 mail3 MailScanner[30577]: Creating hardcoded struct_flock > subroutine for linux (Linux-type) > Jun 21 11:35:55 mail3 MailScanner[30578]: MailScanner E-Mail Virus Scanner > version 4.57.6 starting... > Jun 21 11:35:55 mail3 MailScanner[30578]: Read 759 hostnames from the > phishing whitelist > Jun 21 11:35:56 mail3 MailScanner[30578]: Using locktype = posix > Jun 21 11:35:56 mail3 MailScanner[30578]: Creating hardcoded struct_flock > subroutine for linux (Linux-type) > Jun 21 11:36:00 mail3 MailScanner[30579]: MailScanner E-Mail Virus Scanner > version 4.57.6 starting... > Jun 21 11:36:00 mail3 MailScanner[30579]: Read 759 hostnames from the > phishing whitelist > Jun 21 11:36:00 mail3 MailScanner[30579]: Using locktype = posix > Jun 21 11:36:00 mail3 MailScanner[30579]: Creating hardcoded struct_flock > subroutine for linux (Linux-type) > > > MailScanner --lint has the following output: > > Read 759 hostnames from the phishing whitelist > > Checking for SpamAssassin errors (if you use it)... > Using locktype = posix > Creating hardcoded struct_flock subroutine for linux (Linux-type) > MailScanner.conf says "Virus Scanners = clamav" > Found these virus scanners installed: clamav > > MailScanner --debug-sa does not give any output. > > Hope this helps > > Thanks > > Carl > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of --[ UxBoD > ]-- > Sent: 21 June 2007 11:09 AM > To: MailScanner discussion > Subject: Re: Mailscanner not proccessing emails > > Hi, > > What is showing in /var/log/message when MailScanner is started ? > Have you tried running MailScanner --lint ? > Have you tried running MailScanner --debug-sa ? > > If you can post this information it will help us to diagnose. > > Regards, > > > On Thu, 21 Jun 2007 11:00:31 +0200, "Carl Werner" > > wrote: >> Hi, >> >> >> >> I have done a clean install of Mailscanner from the sunrise overlay on >> Gentoo, together with Sendmail, Spamassassin and ClamAV. I followed the >> guide located at >> > http://gentoo-wiki.com/HOWTO_Email_Virus_Scanner_--_Mailscanner#Configuratio >> n_for_Sendmail with the installation. The problem is that Mailscanner > does >> not process the emails. I have setup Sendmail to run with SMTP auth (not >> sure if that is the problem). Sendmail is working perfectly even though >> Mailscanner is also running. The emails seem to bypass Mailscanner and > is >> delivered directly. I have run Mailscanner in debug mode. The only > errors >> that I have received is the following >> >> >> >> Use of uninitialized value in concatenation (.) or string at >> /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1050. >> >> Use of uninitialized value in concatenation (.) or string at >> /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1052. >> >> [28333] dbg: config: read_scoreonly_config: cannot open "": No such file >> or >> directory >> >> >> >> When I disable the use of Spamassassin this error does not appear any >> more. >> Except for the normal info messages nothing else is shown and > Mailscanner >> seems to be waiting for emails as input. >> >> >> >> What am I missing? Is there a problem with my incoming/outgoing queues > in >> Mailscanner/Sendmail. Is Sendmail being started the right way? Any help >> would be appreciated. >> >> >> >> Regards >> >> >> >> Carl Werner >> >> >> -- >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is >> believed to be clean. > -- > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is > believed to be clean. -- --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Q.G.Campbell at newcastle.ac.uk Thu Jun 21 11:12:17 2007 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Thu Jun 21 11:12:40 2007 Subject: MCP patching SpamAssassin In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBAF7957A@HC-MBX02.herefordshire.gov.uk> References: <46796618.7070106@ecs.soton.ac.uk> <7EF0EE5CB3B263488C8C18823239BEBAF7957A@HC-MBX02.herefordshire.gov.uk> Message-ID: <4165CF7A7F12DE4B96622CCBB90586470AA7EB80@largo.campus.ncl.ac.uk> >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >bounces@lists.mailscanner.info] On Behalf Of Randal, Phil >Sent: 21 June 2007 10:37 >To: MailScanner discussion >Subject: RE: MCP patching SpamAssassin > >Julian, > >Is there any chance of you raising a spamassassin bug to get this >functionality included in the standard release? > >Cheers, > >Phil > [snip] Phil It appears that I did not understand Julian's posting fully. I thought that he was referring to a fix for MS, not SA. Your request above implies that the Util.pm patch from Julian will be part of his SpamAssassin & ClamAV install package? Is that correct? If so then sites like ours that separately get and build SA and ClamAV from source will need to get the patch for Util.pm from somewhere and apply it ourselves. Quentin From mogens at fumlersoft.dk Thu Jun 21 11:32:39 2007 From: mogens at fumlersoft.dk (Mogens Melander) Date: Thu Jun 21 11:32:19 2007 Subject: MCP Check not working In-Reply-To: <223f97700706210243m1c35033fg436d73d0d14dce85@mail.gmail.com> References: <96EF3FB3C374A64187CCB0D0DA716F2446E3@idefix.danielf.local> <96EF3FB3C374A64187CCB0D0DA716F2446E5@idefix.danielf.local> <223f97700706190621p3206d346t9f3eb2c89447e495@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E7@idefix.danielf.local> <223f97700706191403g4ac4bd17l328277e1c92c3f39@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E8@idefix.danielf.local> <223f97700706200343o2b9a4a8em879b3431492e45bf@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E9@idefix.danielf.local> <223f97700706200707y94e3e31s2c97369fe9308acc@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446EA@idefix.danielf.local> <223f97700706210243m1c35033fg436d73d0d14dce85@mail.gmail.com> Message-ID: <3057.90.184.17.152.1182421959.squirrel@mail.fumlersoft.dk> What other stuff need to be in mcp/v320.pre ? Mine only contain loadplugin Mail::SpamAssassin::Plugin::Check On Thu, June 21, 2007 11:43, Glenn Steen wrote: > On 21/06/07, Daniel Fuhrer wrote: >> Hi Glenn >> Thanks for your answer. >> I had a v320.pre (/usr/local/etc/mail/spamassassin/v320.pre) file. In >> there are the Lines: > > Daniel, stop right there and go back and read my last message again. > MCP is all about running a second _specially configured_ spamassassin > instance. It does not, nor should it, read the standard spamassassin > configuration files. > > So please, undo the damage you did to your v320.pre in > /usr/etc/mail/spamassassin, and create a v320.pre in > /etc/MailScanner/mcp (which is where MCP needs it to be), as I > instructed in the previous message. > >> # Check - Provides main check functionality >> # >> loadplugin Mail::SpamAssassin::Plugin::Check >> >> # HTTPSMismatch - find URI mismatches between href and anchor text >> # >> loadplugin Mail::SpamAssassin::Plugin::HTTPSMismatch >> >> So I tried to comment this out. But still not working. Then I tried to >> copy it to the mcp Directory (/usr/local/etc/MailScanner/mcp/). But >> without success. >> In the same directory I have as well a v310.pre, v310.pre.sample and a >> v320.pre.sample >> >> For me it look, that SpamAssassin is not loading the Plugin for some >> reason. > > That is because you haven't considered what MCP is ... a _second, > separate_ invocation of spamassassin, that share _no_ configuration > with the normal spamassassin run by MailScanner. > > The error is simply due to that second (MCP) invocation of > spamassassin not finding a function that previously used to be part of > spamassassin proper, but now is part of a plugin... so all you need do > is tell that instance what plugin to load. And that is the whole point > of the v320.pre file you need place in /etc/MailScanner/mcp ... > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Thu Jun 21 11:42:03 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jun 21 11:42:07 2007 Subject: MCP Check not working In-Reply-To: <3057.90.184.17.152.1182421959.squirrel@mail.fumlersoft.dk> References: <96EF3FB3C374A64187CCB0D0DA716F2446E3@idefix.danielf.local> <96EF3FB3C374A64187CCB0D0DA716F2446E7@idefix.danielf.local> <223f97700706191403g4ac4bd17l328277e1c92c3f39@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E8@idefix.danielf.local> <223f97700706200343o2b9a4a8em879b3431492e45bf@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E9@idefix.danielf.local> <223f97700706200707y94e3e31s2c97369fe9308acc@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446EA@idefix.danielf.local> <223f97700706210243m1c35033fg436d73d0d14dce85@mail.gmail.com> <3057.90.184.17.152.1182421959.squirrel@mail.fumlersoft.dk> Message-ID: <223f97700706210342i626973e6x2484b8fd1be09ffc@mail.gmail.com> On 21/06/07, Mogens Melander wrote: > What other stuff need to be in mcp/v320.pre ? > > Mine only contain loadplugin Mail::SpamAssassin::Plugin::Check > That's it. Nothing more, nothing less. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From carl at theholidayclub.com Thu Jun 21 12:15:53 2007 From: carl at theholidayclub.com (Carl Werner) Date: Thu Jun 21 12:17:29 2007 Subject: Mailscanner not proccessing emails In-Reply-To: <855ec3480d39b7636dd1b9cee7ffb571@62.49.223.244> References: <67DA48CF76BC494FBF99472938E83438@thccwerner> <855ec3480d39b7636dd1b9cee7ffb571@62.49.223.244> Message-ID: <58320743E1194ECB84C4D48E95593FC4@thccwerner> grep "Queue Dir" MailScanner.conf gives the following: Incoming Queue Dir = /var/spool/mqueue.in Outgoing Queue Dir = /var/spool/mqueue My /etc/conf.d/MailScanner-mta contains the following SENDMAIL=/usr/sbin/sendmail QUEUETIME=15m INQDIR=/var/spool/mqueue INPID=/var/run/sendmail.in.pid OUTPID=/var/run/sendmail.out.pid SMPID=/var/run/sm-client.pid MSPUSER=smmsp # User for mail submission queue runner MSPGROUP=smmsp # Group for mail submission queue runner I guess that this is where the MailScanner init script gets the settings that it starts Sendmail with from -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of --[ UxBoD ]-- Sent: 21 June 2007 11:45 AM To: MailScanner discussion Subject: RE: Mailscanner not proccessing emails Also, grep "Queue Dir" MailScanner.conf do these match where you SendMail queues are ? On Thu, 21 Jun 2007 11:39:17 +0200, "Carl Werner" wrote: > Hi, > > /var/log/messages contain the following when Mailscanner is started > > Jun 21 11:35:39 mail3 sendmail[30540]: gethostbyaddr(10.2.0.233) failed: 1 > Jun 21 11:35:39 mail3 sendmail[30540]: alias database /etc/mail/aliases > rebuilt by root > Jun 21 11:35:39 mail3 sendmail[30540]: /etc/mail/aliases: 1 aliases, > longest > 4 bytes, 14 bytes total > Jun 21 11:35:39 mail3 sm-mta[30543]: gethostbyaddr(10.2.0.233) failed: 1 > Jun 21 11:35:39 mail3 sm-mta[30544]: starting daemon (8.14.0): > SMTP+queueing@00:30:00 > Jun 21 11:35:39 mail3 sm-mta[30544]: STARTTLS: CRLFile missing > Jun 21 11:35:39 mail3 sm-mta[30544]: STARTTLS=server, Diffie-Hellman init, > key=512 bit (1) > Jun 21 11:35:39 mail3 sm-mta[30544]: STARTTLS=server, init=1 > Jun 21 11:35:39 mail3 sm-mta[30544]: started as: /usr/sbin/sendmail -bd > -q30m -L sm-mta > Jun 21 11:35:39 mail3 sm-cm[30547]: starting daemon (8.14.0): > queueing@00:30:00 > Jun 21 11:35:40 mail3 MailScanner[30571]: MailScanner E-Mail Virus Scanner > version 4.57.6 starting... > Jun 21 11:35:40 mail3 MailScanner[30571]: Read 759 hostnames from the > phishing whitelist > Jun 21 11:35:40 mail3 MailScanner[30571]: Using locktype = posix > Jun 21 11:35:40 mail3 MailScanner[30571]: Creating hardcoded struct_flock > subroutine for linux (Linux-type) > Jun 21 11:35:45 mail3 MailScanner[30576]: MailScanner E-Mail Virus Scanner > version 4.57.6 starting... > Jun 21 11:35:45 mail3 MailScanner[30576]: Read 759 hostnames from the > phishing whitelist > Jun 21 11:35:45 mail3 MailScanner[30576]: Using locktype = posix > Jun 21 11:35:45 mail3 MailScanner[30576]: Creating hardcoded struct_flock > subroutine for linux (Linux-type) > Jun 21 11:35:50 mail3 MailScanner[30577]: MailScanner E-Mail Virus Scanner > version 4.57.6 starting... > Jun 21 11:35:50 mail3 MailScanner[30577]: Read 759 hostnames from the > phishing whitelist > Jun 21 11:35:50 mail3 MailScanner[30577]: Using locktype = posix > Jun 21 11:35:50 mail3 MailScanner[30577]: Creating hardcoded struct_flock > subroutine for linux (Linux-type) > Jun 21 11:35:55 mail3 MailScanner[30578]: MailScanner E-Mail Virus Scanner > version 4.57.6 starting... > Jun 21 11:35:55 mail3 MailScanner[30578]: Read 759 hostnames from the > phishing whitelist > Jun 21 11:35:56 mail3 MailScanner[30578]: Using locktype = posix > Jun 21 11:35:56 mail3 MailScanner[30578]: Creating hardcoded struct_flock > subroutine for linux (Linux-type) > Jun 21 11:36:00 mail3 MailScanner[30579]: MailScanner E-Mail Virus Scanner > version 4.57.6 starting... > Jun 21 11:36:00 mail3 MailScanner[30579]: Read 759 hostnames from the > phishing whitelist > Jun 21 11:36:00 mail3 MailScanner[30579]: Using locktype = posix > Jun 21 11:36:00 mail3 MailScanner[30579]: Creating hardcoded struct_flock > subroutine for linux (Linux-type) > > > MailScanner --lint has the following output: > > Read 759 hostnames from the phishing whitelist > > Checking for SpamAssassin errors (if you use it)... > Using locktype = posix > Creating hardcoded struct_flock subroutine for linux (Linux-type) > MailScanner.conf says "Virus Scanners = clamav" > Found these virus scanners installed: clamav > > MailScanner --debug-sa does not give any output. > > Hope this helps > > Thanks > > Carl > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of --[ UxBoD > ]-- > Sent: 21 June 2007 11:09 AM > To: MailScanner discussion > Subject: Re: Mailscanner not proccessing emails > > Hi, > > What is showing in /var/log/message when MailScanner is started ? > Have you tried running MailScanner --lint ? > Have you tried running MailScanner --debug-sa ? > > If you can post this information it will help us to diagnose. > > Regards, > > > On Thu, 21 Jun 2007 11:00:31 +0200, "Carl Werner" > > wrote: >> Hi, >> >> >> >> I have done a clean install of Mailscanner from the sunrise overlay on >> Gentoo, together with Sendmail, Spamassassin and ClamAV. I followed the >> guide located at >> > http://gentoo-wiki.com/HOWTO_Email_Virus_Scanner_--_Mailscanner#Configuratio >> n_for_Sendmail with the installation. The problem is that Mailscanner > does >> not process the emails. I have setup Sendmail to run with SMTP auth (not >> sure if that is the problem). Sendmail is working perfectly even though >> Mailscanner is also running. The emails seem to bypass Mailscanner and > is >> delivered directly. I have run Mailscanner in debug mode. The only > errors >> that I have received is the following >> >> >> >> Use of uninitialized value in concatenation (.) or string at >> /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1050. >> >> Use of uninitialized value in concatenation (.) or string at >> /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1052. >> >> [28333] dbg: config: read_scoreonly_config: cannot open "": No such file >> or >> directory >> >> >> >> When I disable the use of Spamassassin this error does not appear any >> more. >> Except for the normal info messages nothing else is shown and > Mailscanner >> seems to be waiting for emails as input. >> >> >> >> What am I missing? Is there a problem with my incoming/outgoing queues > in >> Mailscanner/Sendmail. Is Sendmail being started the right way? Any help >> would be appreciated. >> >> >> >> Regards >> >> >> >> Carl Werner >> >> >> -- >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is >> believed to be clean. > -- > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is > believed to be clean. -- --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From daniel at danielf.ch Thu Jun 21 12:18:46 2007 From: daniel at danielf.ch (Daniel Fuhrer) Date: Thu Jun 21 12:18:52 2007 Subject: AW: MCP Check not working In-Reply-To: <223f97700706210243m1c35033fg436d73d0d14dce85@mail.gmail.com> References: <96EF3FB3C374A64187CCB0D0DA716F2446E3@idefix.danielf.local><96EF3FB3C374A64187CCB0D0DA716F2446E5@idefix.danielf.local><223f97700706190621p3206d346t9f3eb2c89447e495@mail.gmail.com><96EF3FB3C374A64187CCB0D0DA716F2446E7@idefix.danielf.local><223f97700706191403g4ac4bd17l328277e1c92c3f39@mail.gmail.com><96EF3FB3C374A64187CCB0D0DA716F2446E8@idefix.danielf.local><223f97700706200343o2b9a4a8em879b3431492e45bf@mail.gmail.com><96EF3FB3C374A64187CCB0D0DA716F2446E9@idefix.danielf.local><223f97700706200707y94e3e31s2c97369fe9308acc@mail.gmail.com><96EF3FB3C374A64187CCB0D0DA716F2446EA@idefix.danielf.local> <223f97700706210243m1c35033fg436d73d0d14dce85@mail.gmail.com> Message-ID: <96EF3FB3C374A64187CCB0D0DA716F2446EB@idefix.danielf.local> Hi Glenn Thanks a lot for your help. Now it works perfectly. I hope I didn't bother you to much. I have some more questions about MCP. Can I make some rules according to the sender or the recipient? We have some automatic mailboxes, where only certain subject's or message body's are allowed. We also have some mailboxes where only certain customers are allowed to send emails. Thank you very much for your help. Cheers, Daniel -----Urspr?ngliche Nachricht----- Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Im Auftrag von Glenn Steen Gesendet: Donnerstag, 21. Juni 2007 11:44 An: Mailscanner Betreff: Re: MCP Check not working On 21/06/07, Daniel Fuhrer wrote: > Hi Glenn > Thanks for your answer. > I had a v320.pre (/usr/local/etc/mail/spamassassin/v320.pre) file. In there are the Lines: Daniel, stop right there and go back and read my last message again. MCP is all about running a second _specially configured_ spamassassin instance. It does not, nor should it, read the standard spamassassin configuration files. So please, undo the damage you did to your v320.pre in /usr/etc/mail/spamassassin, and create a v320.pre in /etc/MailScanner/mcp (which is where MCP needs it to be), as I instructed in the previous message. > # Check - Provides main check functionality > # > loadplugin Mail::SpamAssassin::Plugin::Check > > # HTTPSMismatch - find URI mismatches between href and anchor text > # > loadplugin Mail::SpamAssassin::Plugin::HTTPSMismatch > > So I tried to comment this out. But still not working. Then I tried to copy it to the mcp Directory (/usr/local/etc/MailScanner/mcp/). But without success. > In the same directory I have as well a v310.pre, v310.pre.sample and a v320.pre.sample > > For me it look, that SpamAssassin is not loading the Plugin for some reason. That is because you haven't considered what MCP is ... a _second, separate_ invocation of spamassassin, that share _no_ configuration with the normal spamassassin run by MailScanner. The error is simply due to that second (MCP) invocation of spamassassin not finding a function that previously used to be part of spamassassin proper, but now is part of a plugin... so all you need do is tell that instance what plugin to load. And that is the whole point of the v320.pre file you need place in /etc/MailScanner/mcp ... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From uxbod at splatnix.net Thu Jun 21 12:31:20 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Jun 21 12:33:48 2007 Subject: Mailscanner not proccessing emails In-Reply-To: <58320743E1194ECB84C4D48E95593FC4@thccwerner> References: <58320743E1194ECB84C4D48E95593FC4@thccwerner> Message-ID: Final thing. With MailScanner stopped but something in the inbound SendMail queue. Run MailScanner --debug and see if that throws any errors. On Thu, 21 Jun 2007 13:15:53 +0200, "Carl Werner" wrote: > grep "Queue Dir" MailScanner.conf gives the following: > > Incoming Queue Dir = /var/spool/mqueue.in > Outgoing Queue Dir = /var/spool/mqueue > > My /etc/conf.d/MailScanner-mta contains the following > > SENDMAIL=/usr/sbin/sendmail > QUEUETIME=15m > INQDIR=/var/spool/mqueue > INPID=/var/run/sendmail.in.pid > OUTPID=/var/run/sendmail.out.pid > SMPID=/var/run/sm-client.pid > MSPUSER=smmsp # User for mail submission queue runner > MSPGROUP=smmsp # Group for mail submission queue runner > > I guess that this is where the MailScanner init script gets the settings > that it starts Sendmail with from > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of --[ UxBoD > ]-- > Sent: 21 June 2007 11:45 AM > To: MailScanner discussion > Subject: RE: Mailscanner not proccessing emails > > Also, > > grep "Queue Dir" MailScanner.conf > > do these match where you SendMail queues are ? > > On Thu, 21 Jun 2007 11:39:17 +0200, "Carl Werner" > > wrote: >> Hi, >> >> /var/log/messages contain the following when Mailscanner is started >> >> Jun 21 11:35:39 mail3 sendmail[30540]: gethostbyaddr(10.2.0.233) failed: > 1 >> Jun 21 11:35:39 mail3 sendmail[30540]: alias database /etc/mail/aliases >> rebuilt by root >> Jun 21 11:35:39 mail3 sendmail[30540]: /etc/mail/aliases: 1 aliases, >> longest >> 4 bytes, 14 bytes total >> Jun 21 11:35:39 mail3 sm-mta[30543]: gethostbyaddr(10.2.0.233) failed: 1 >> Jun 21 11:35:39 mail3 sm-mta[30544]: starting daemon (8.14.0): >> SMTP+queueing@00:30:00 >> Jun 21 11:35:39 mail3 sm-mta[30544]: STARTTLS: CRLFile missing >> Jun 21 11:35:39 mail3 sm-mta[30544]: STARTTLS=server, Diffie-Hellman > init, >> key=512 bit (1) >> Jun 21 11:35:39 mail3 sm-mta[30544]: STARTTLS=server, init=1 >> Jun 21 11:35:39 mail3 sm-mta[30544]: started as: /usr/sbin/sendmail -bd >> -q30m -L sm-mta >> Jun 21 11:35:39 mail3 sm-cm[30547]: starting daemon (8.14.0): >> queueing@00:30:00 >> Jun 21 11:35:40 mail3 MailScanner[30571]: MailScanner E-Mail Virus > Scanner >> version 4.57.6 starting... >> Jun 21 11:35:40 mail3 MailScanner[30571]: Read 759 hostnames from the >> phishing whitelist >> Jun 21 11:35:40 mail3 MailScanner[30571]: Using locktype = posix >> Jun 21 11:35:40 mail3 MailScanner[30571]: Creating hardcoded > struct_flock >> subroutine for linux (Linux-type) >> Jun 21 11:35:45 mail3 MailScanner[30576]: MailScanner E-Mail Virus > Scanner >> version 4.57.6 starting... >> Jun 21 11:35:45 mail3 MailScanner[30576]: Read 759 hostnames from the >> phishing whitelist >> Jun 21 11:35:45 mail3 MailScanner[30576]: Using locktype = posix >> Jun 21 11:35:45 mail3 MailScanner[30576]: Creating hardcoded > struct_flock >> subroutine for linux (Linux-type) >> Jun 21 11:35:50 mail3 MailScanner[30577]: MailScanner E-Mail Virus > Scanner >> version 4.57.6 starting... >> Jun 21 11:35:50 mail3 MailScanner[30577]: Read 759 hostnames from the >> phishing whitelist >> Jun 21 11:35:50 mail3 MailScanner[30577]: Using locktype = posix >> Jun 21 11:35:50 mail3 MailScanner[30577]: Creating hardcoded > struct_flock >> subroutine for linux (Linux-type) >> Jun 21 11:35:55 mail3 MailScanner[30578]: MailScanner E-Mail Virus > Scanner >> version 4.57.6 starting... >> Jun 21 11:35:55 mail3 MailScanner[30578]: Read 759 hostnames from the >> phishing whitelist >> Jun 21 11:35:56 mail3 MailScanner[30578]: Using locktype = posix >> Jun 21 11:35:56 mail3 MailScanner[30578]: Creating hardcoded > struct_flock >> subroutine for linux (Linux-type) >> Jun 21 11:36:00 mail3 MailScanner[30579]: MailScanner E-Mail Virus > Scanner >> version 4.57.6 starting... >> Jun 21 11:36:00 mail3 MailScanner[30579]: Read 759 hostnames from the >> phishing whitelist >> Jun 21 11:36:00 mail3 MailScanner[30579]: Using locktype = posix >> Jun 21 11:36:00 mail3 MailScanner[30579]: Creating hardcoded > struct_flock >> subroutine for linux (Linux-type) >> >> >> MailScanner --lint has the following output: >> >> Read 759 hostnames from the phishing whitelist >> >> Checking for SpamAssassin errors (if you use it)... >> Using locktype = posix >> Creating hardcoded struct_flock subroutine for linux (Linux-type) >> MailScanner.conf says "Virus Scanners = clamav" >> Found these virus scanners installed: clamav >> >> MailScanner --debug-sa does not give any output. >> >> Hope this helps >> >> Thanks >> >> Carl >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of --[ > UxBoD >> ]-- >> Sent: 21 June 2007 11:09 AM >> To: MailScanner discussion >> Subject: Re: Mailscanner not proccessing emails >> >> Hi, >> >> What is showing in /var/log/message when MailScanner is started ? >> Have you tried running MailScanner --lint ? >> Have you tried running MailScanner --debug-sa ? >> >> If you can post this information it will help us to diagnose. >> >> Regards, >> >> >> On Thu, 21 Jun 2007 11:00:31 +0200, "Carl Werner" >> >> wrote: >>> Hi, >>> >>> >>> >>> I have done a clean install of Mailscanner from the sunrise overlay on >>> Gentoo, together with Sendmail, Spamassassin and ClamAV. I followed the >>> guide located at >>> >> > http://gentoo-wiki.com/HOWTO_Email_Virus_Scanner_--_Mailscanner#Configuratio >>> n_for_Sendmail with the installation. The problem is that Mailscanner >> does >>> not process the emails. I have setup Sendmail to run with SMTP auth > (not >>> sure if that is the problem). Sendmail is working perfectly even though >>> Mailscanner is also running. The emails seem to bypass Mailscanner and >> is >>> delivered directly. I have run Mailscanner in debug mode. The only >> errors >>> that I have received is the following >>> >>> >>> >>> Use of uninitialized value in concatenation (.) or string at >>> /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1050. >>> >>> Use of uninitialized value in concatenation (.) or string at >>> /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1052. >>> >>> [28333] dbg: config: read_scoreonly_config: cannot open "": No such > file >>> or >>> directory >>> >>> >>> >>> When I disable the use of Spamassassin this error does not appear any >>> more. >>> Except for the normal info messages nothing else is shown and >> Mailscanner >>> seems to be waiting for emails as input. >>> >>> >>> >>> What am I missing? Is there a problem with my incoming/outgoing queues >> in >>> Mailscanner/Sendmail. Is Sendmail being started the right way? Any help >>> would be appreciated. >>> >>> >>> >>> Regards >>> >>> >>> >>> Carl Werner >>> >>> >>> -- >>> This message has been scanned for viruses and dangerous content by >>> MailScanner, and is >>> believed to be clean. >> -- >> --[ UxBoD ]-- >> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" >> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B >> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B >> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net >> >> >> -- >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is >> believed to be clean. > -- > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is > believed to be clean. -- --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mogens at fumlersoft.dk Thu Jun 21 12:35:06 2007 From: mogens at fumlersoft.dk (Mogens Melander) Date: Thu Jun 21 12:34:44 2007 Subject: MCP Check not working In-Reply-To: <223f97700706210342i626973e6x2484b8fd1be09ffc@mail.gmail.com> References: <96EF3FB3C374A64187CCB0D0DA716F2446E3@idefix.danielf.local> <96EF3FB3C374A64187CCB0D0DA716F2446E7@idefix.danielf.local> <223f97700706191403g4ac4bd17l328277e1c92c3f39@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E8@idefix.danielf.local> <223f97700706200343o2b9a4a8em879b3431492e45bf@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E9@idefix.danielf.local> <223f97700706200707y94e3e31s2c97369fe9308acc@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446EA@idefix.danielf.local> <223f97700706210243m1c35033fg436d73d0d14dce85@mail.gmail.com> <3057.90.184.17.152.1182421959.squirrel@mail.fumlersoft.dk> <223f97700706210342i626973e6x2484b8fd1be09ffc@mail.gmail.com> Message-ID: <3181.90.184.17.152.1182425706.squirrel@mail.fumlersoft.dk> On Thu, June 21, 2007 12:42, Glenn Steen wrote: > On 21/06/07, Mogens Melander wrote: >> What other stuff need to be in mcp/v320.pre ? >> >> Mine only contain loadplugin Mail::SpamAssassin::Plugin::Check >> > That's it. Nothing more, nothing less. I must be missing something else, as my mail-headers still show no MCP score. X-TIT-GPH-MailScanner-MCPCheck: MCP-Clean, MCP-Checker (score=0, required 6) X-TIT-GPH-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-0.994, required 6, BAYES_00 -2.60, DEAR_SOMETHING 1.60, DKIM_POLICY_SIGNSOME 0.00, DK_POLICY_SIGNSOME 0.00) > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Thu Jun 21 13:10:19 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jun 21 13:10:21 2007 Subject: MCP Check not working In-Reply-To: <96EF3FB3C374A64187CCB0D0DA716F2446EB@idefix.danielf.local> References: <96EF3FB3C374A64187CCB0D0DA716F2446E3@idefix.danielf.local> <96EF3FB3C374A64187CCB0D0DA716F2446E7@idefix.danielf.local> <223f97700706191403g4ac4bd17l328277e1c92c3f39@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E8@idefix.danielf.local> <223f97700706200343o2b9a4a8em879b3431492e45bf@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E9@idefix.danielf.local> <223f97700706200707y94e3e31s2c97369fe9308acc@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446EA@idefix.danielf.local> <223f97700706210243m1c35033fg436d73d0d14dce85@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446EB@idefix.danielf.local> Message-ID: <223f97700706210510l117750c4h6eab88734a86a378@mail.gmail.com> On 21/06/07, Daniel Fuhrer wrote: > Hi Glenn > Thanks a lot for your help. Now it works perfectly. I hope I didn't bother you to much. No problem. > I have some more questions about MCP. > Can I make some rules according to the sender or the recipient? We have some automatic mailboxes, where only certain subject's or message body's are allowed. We also have some mailboxes where only certain customers are allowed to send emails. > You can make any SA rule you like, AFAIK... At least all the "plain simple" ones:). How to make the rules is far better described by others (Matt Kettler has written some very informative things on that subject... Think you should find it somewhere on www.rulesemporium.com .... hmmm nope, they do have the link to http://mywebpages.comcast.net/mkettler/sa/SA-rules-howto.txt though... Matt will tell us if it is the latest&greatest:-). You could also just check out the relevant man pages (Mail::SpaAssassin::Conf, according to Jules install doc for MCP),or via perldoc if you prefer that, just to see the syntax etc. The thing with MCP is that it (due to only using your specific rules) is something really lightweight and very flexible. The alternative would've been to "reinvent the wheel" for this functionality... Again, a testament to Jules genius:). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Jun 21 13:12:22 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jun 21 13:12:23 2007 Subject: MCP Check not working In-Reply-To: <3181.90.184.17.152.1182425706.squirrel@mail.fumlersoft.dk> References: <96EF3FB3C374A64187CCB0D0DA716F2446E3@idefix.danielf.local> <96EF3FB3C374A64187CCB0D0DA716F2446E8@idefix.danielf.local> <223f97700706200343o2b9a4a8em879b3431492e45bf@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E9@idefix.danielf.local> <223f97700706200707y94e3e31s2c97369fe9308acc@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446EA@idefix.danielf.local> <223f97700706210243m1c35033fg436d73d0d14dce85@mail.gmail.com> <3057.90.184.17.152.1182421959.squirrel@mail.fumlersoft.dk> <223f97700706210342i626973e6x2484b8fd1be09ffc@mail.gmail.com> <3181.90.184.17.152.1182425706.squirrel@mail.fumlersoft.dk> Message-ID: <223f97700706210512m78289820tc567f005e9b7152f@mail.gmail.com> On 21/06/07, Mogens Melander wrote: > > On Thu, June 21, 2007 12:42, Glenn Steen wrote: > > On 21/06/07, Mogens Melander wrote: > >> What other stuff need to be in mcp/v320.pre ? > >> > >> Mine only contain loadplugin Mail::SpamAssassin::Plugin::Check > >> > > That's it. Nothing more, nothing less. > > I must be missing something else, as my mail-headers still show > no MCP score. > > X-TIT-GPH-MailScanner-MCPCheck: MCP-Clean, MCP-Checker (score=0, required 6) > X-TIT-GPH-MailScanner-SpamCheck: not spam, > SpamAssassin (not cached, score=-0.994, required 6, > BAYES_00 -2.60, DEAR_SOMETHING 1.60, > DKIM_POLICY_SIGNSOME 0.00, DK_POLICY_SIGNSOME 0.00) > If you run through the test I suggested to Daniel, does that work/have the expected result? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Thu Jun 21 13:58:23 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 21 14:02:26 2007 Subject: MCP patching SpamAssassin In-Reply-To: <4165CF7A7F12DE4B96622CCBB90586470AA7EB80@largo.campus.ncl.ac.uk> References: <46796618.7070106@ecs.soton.ac.uk> <7EF0EE5CB3B263488C8C18823239BEBAF7957A@HC-MBX02.herefordshire.gov.uk> <4165CF7A7F12DE4B96622CCBB90586470AA7EB80@largo.campus.ncl.ac.uk> Message-ID: <467A75EF.6000400@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070621/440b025d/PGP.bin From MailScanner at ecs.soton.ac.uk Thu Jun 21 13:59:01 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 21 14:03:05 2007 Subject: MCP patching SpamAssassin In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBAF7957A@HC-MBX02.herefordshire.gov.uk> References: <46796618.7070106@ecs.soton.ac.uk> <7EF0EE5CB3B263488C8C18823239BEBAF7957A@HC-MBX02.herefordshire.gov.uk> Message-ID: <467A7615.40801@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Any chance you could do it for me please? Take a look at the patch (linked from www.mailscanner.info/mcp.html). Randal, Phil wrote: > Julian, > > Is there any chance of you raising a spamassassin bug to get this > functionality included in the standard release? > > Cheers, > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Julian Field >> Sent: 20 June 2007 18:39 >> To: MailScanner discussion >> Subject: MCP patching SpamAssassin >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> After looking at the source for 3.2.1, I have come up with a >> far easier >> way of making SpamAssassin search binary attachments as well as just >> text and HTML, when doing MCP tests. >> >> The new method involves just a single 1-line patch to Util.pm. >> >> This will be in the next release, and should be far simpler >> to maintain >> across future versions, as it works at a much lower level, in >> a utility >> function for reading the MIME type of an attachment. >> >> I would advise anyone using SpamAssassin version 3.2.0 or higher to >> switch to the new method when I release it. >> >> Jules >> >> - -- >> Julian Field MEng CITP >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> For all your IT requirements visit www.transtec.co.uk >> >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.6.1 (Build 1012) >> Charset: ISO-8859-1 >> >> wj8DBQFGeWYcEfZZRxQVtlQRArbJAJ4jiO9oBhE+Eq1xeDbMLVwW/wLDcwCgni/C >> f/VlgCDaKhuT7huy26Faqgk= >> =pkT/ >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> For all your IT requirements visit www.transtec.co.uk >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGenaUEfZZRxQVtlQRAl+1AKC7g0TASQzBa1lVxvkty0kAvYJ1TQCeIHUO XsuTMQ8cy70Ft5tSZCScn14= =S6ws -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From mogens at fumlersoft.dk Thu Jun 21 14:10:47 2007 From: mogens at fumlersoft.dk (Mogens Melander) Date: Thu Jun 21 14:10:27 2007 Subject: MCP Check not working In-Reply-To: <223f97700706210512m78289820tc567f005e9b7152f@mail.gmail.com> References: <96EF3FB3C374A64187CCB0D0DA716F2446E3@idefix.danielf.local> <96EF3FB3C374A64187CCB0D0DA716F2446E8@idefix.danielf.local> <223f97700706200343o2b9a4a8em879b3431492e45bf@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446E9@idefix.danielf.local> <223f97700706200707y94e3e31s2c97369fe9308acc@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446EA@idefix.danielf.local> <223f97700706210243m1c35033fg436d73d0d14dce85@mail.gmail.com> <3057.90.184.17.152.1182421959.squirrel@mail.fumlersoft.dk> <223f97700706210342i626973e6x2484b8fd1be09ffc@mail.gmail.com> <3181.90.184.17.152.1182425706.squirrel@mail.fumlersoft.dk> <223f97700706210512m78289820tc567f005e9b7152f@mail.gmail.com> Message-ID: <3323.90.184.17.152.1182431447.squirrel@mail.fumlersoft.dk> On Thu, June 21, 2007 14:12, Glenn Steen wrote: > On 21/06/07, Mogens Melander wrote: >> >> On Thu, June 21, 2007 12:42, Glenn Steen wrote: >> > On 21/06/07, Mogens Melander wrote: >> >> What other stuff need to be in mcp/v320.pre ? >> >> >> >> Mine only contain loadplugin Mail::SpamAssassin::Plugin::Check >> >> >> > That's it. Nothing more, nothing less. >> >> I must be missing something else, as my mail-headers still show >> no MCP score. >> > If you run through the test I suggested to Daniel, does that work/have > the expected result? > Yes, i did a: /opt/MailScanner/bin/MailScanner --debug --debug-sa In Debugging mode, not forking... [25474] dbg: logger: adding facilities: all [25474] dbg: logger: logging level is DBG [25474] dbg: generic: SpamAssassin version 3.2.1 [25474] dbg: config: score set 0 chosen. [25474] dbg: dns: no ipv6 [25474] dbg: dns: is Net::DNS::Resolver available? yes [25474] dbg: dns: Net::DNS version: 0.59 Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.4/Mail/SpamAssassin.pm line 1087. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.4/Mail/SpamAssassin.pm line 1089. [25474] dbg: config: read_scoreonly_config: cannot open "" : No such file or directory (And then its just hanging there) Arghh, and then i did a: spamassassin -D -t -C /etc/MailScanner/mcp \ --siteconfigpath=/etc/MailScanner/mcp \ -p /etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf \ < testmcp.txt 2>&1 |less -e I noticed that: dbg: config: using "/root/.spamassassin" for user state dir Which is wrong, and at the end i have: (no report template found) dbg: check: subtests= Received: from localhost by styx.fumlersoft.dk with SpamAssassin (version 3.2.1); Thu, 21 Jun 2007 14:57:50 +0200 Subject: this subject is banned X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on styx.fumlersoft.dk MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------=_467A75CE.9FD16FEF" This is a multi-part message in MIME format. ------------=_467A75CE.9FD16FEF Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit (no report template found) ------------=_467A75CE.9FD16FEF Content-Type: message/rfc822; x-spam-type=original Content-Description: original message before SpamAssassin Content-Disposition: inline Content-Transfer-Encoding: 8bit Subject: this subject is banned this text is banned ------------=_467A75CE.9FD16FEF-- (no report template found) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Thu Jun 21 14:23:17 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jun 21 14:24:15 2007 Subject: Bug in 4.58.9 ? Message-ID: <467A7BC5.2000704@USherbrooke.ca> Hello, Yesterday I got sendmail errors on 10 emails processed by MS. Sendmail complained about invalid lines in the q* file. Turns out the subject line had many returns (^M) while there was an unencoded accented character on the subject line. Here is an example from a Q* file: HX-Mailer: WhatCounts HX-UdeS-MailScanner: Aucun code suspect =?ISO-8859-1?Q?d=E9tect=E9?= HX-MailScanner-SpamCheck: n'est pas un polluriel, SpamAssassin (not cached, score=-1.103, requis 4.5, BASE64_LENGTH_79_INF 1.50, BAYES_00 -2.60) HSubject: Jean-Fran?ois, envoyez des messages qui en disent long HX-Spam-Status: No The subject line has ^M that sendmail doesn't like. I just removed them and renamed the Q* files to q* and then sendmail was happy to send them. I'm not sure if the problem comes from the sender but I received over 2000 emails from them yesterday and only 9 had this problem. Here are the details about my MS setup: MailScanner --version Running on Linux smtpe4.usherbrooke.ca 2.6.18-8.1.4.el5 #1 SMP Fri May 4 22:15:13 EDT 2007 i686 i686 i386 GNU/Linux This is Red Hat Enterprise Linux Server release 5 (Tikanga) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.58.9 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.04 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.16 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.22 IO 1.13 IO::File 1.13 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.03 MIME::QuotedPrint 5.420 MIME::Tools 0.10 Net::CIDR 1.09 POSIX 1.78 Socket 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.814 DB_File 1.12 DBD::SQLite 1.52 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 0.44 Inline 0.20 Mail::ClamAV 3.002001 Mail::SpamAssassin 1.999001 Mail::SPF::Query 0.20 Net::CIDR::Lite 1.25 Net::IP 0.59 Net::DNS 0.33 Net::LDAP 1.94 Parse::RecDescent missing SAVI 2.56 Test::Harness 0.7 Test::Simple 1.98 Text::Balanced 1.35 URI Thanks again! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From glenn.steen at gmail.com Thu Jun 21 14:30:39 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jun 21 14:30:41 2007 Subject: MCP Check not working In-Reply-To: <3323.90.184.17.152.1182431447.squirrel@mail.fumlersoft.dk> References: <96EF3FB3C374A64187CCB0D0DA716F2446E3@idefix.danielf.local> <96EF3FB3C374A64187CCB0D0DA716F2446E9@idefix.danielf.local> <223f97700706200707y94e3e31s2c97369fe9308acc@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446EA@idefix.danielf.local> <223f97700706210243m1c35033fg436d73d0d14dce85@mail.gmail.com> <3057.90.184.17.152.1182421959.squirrel@mail.fumlersoft.dk> <223f97700706210342i626973e6x2484b8fd1be09ffc@mail.gmail.com> <3181.90.184.17.152.1182425706.squirrel@mail.fumlersoft.dk> <223f97700706210512m78289820tc567f005e9b7152f@mail.gmail.com> <3323.90.184.17.152.1182431447.squirrel@mail.fumlersoft.dk> Message-ID: <223f97700706210630l714e6f9bs2c1c92689b434e3f@mail.gmail.com> On 21/06/07, Mogens Melander wrote: > > On Thu, June 21, 2007 14:12, Glenn Steen wrote: > > On 21/06/07, Mogens Melander wrote: > >> > >> On Thu, June 21, 2007 12:42, Glenn Steen wrote: > >> > On 21/06/07, Mogens Melander wrote: > >> >> What other stuff need to be in mcp/v320.pre ? > >> >> > >> >> Mine only contain loadplugin Mail::SpamAssassin::Plugin::Check > >> >> > >> > That's it. Nothing more, nothing less. > >> > >> I must be missing something else, as my mail-headers still show > >> no MCP score. > >> > > If you run through the test I suggested to Daniel, does that work/have > > the expected result? > > > > Yes, i did a: > > /opt/MailScanner/bin/MailScanner --debug --debug-sa (snip) > (And then its just hanging there) not relevant, and expected:-). > Arghh, and then i did a: > > spamassassin -D -t -C /etc/MailScanner/mcp \ > --siteconfigpath=/etc/MailScanner/mcp \ > -p /etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf \ > < testmcp.txt 2>&1 |less -e > > I noticed that: > > dbg: config: using "/root/.spamassassin" for user state dir > > Which is wrong, and at the end i have: (no report template found) Blame it on my invocation of spamassassin, I'm sure MCP is setting this to the /etc/MailScanner/mcp directory (or something equally, and correctly, empty directory:-). Since I don't run SA (or MS) as root normally, that dir is essentially empty for me. > dbg: check: subtests= > Received: from localhost by styx.fumlersoft.dk > with SpamAssassin (version 3.2.1); > Thu, 21 Jun 2007 14:57:50 +0200 > Subject: this subject is banned > X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on styx.fumlersoft.dk > MIME-Version: 1.0 > Content-Type: multipart/mixed; boundary="----------=_467A75CE.9FD16FEF" > > This is a multi-part message in MIME format. > > ------------=_467A75CE.9FD16FEF > Content-Type: text/plain; charset=iso-8859-1 > Content-Disposition: inline > Content-Transfer-Encoding: 8bit > > (no report template found) > > ------------=_467A75CE.9FD16FEF > Content-Type: message/rfc822; x-spam-type=original > Content-Description: original message before SpamAssassin > Content-Disposition: inline > Content-Transfer-Encoding: 8bit > > Subject: this subject is banned > this text is banned > > ------------=_467A75CE.9FD16FEF-- > > (no report template found) > All well and good, but the relevant thing isn't whether it finds the report templates, but rather if the expected rules fire or not (and the accumulated score)... Which should be just above the snippet you quote here. Also, look for any syntax errors (or similar) pertaining to your particular rules. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mogens at fumlersoft.dk Thu Jun 21 14:48:27 2007 From: mogens at fumlersoft.dk (Mogens Melander) Date: Thu Jun 21 14:48:09 2007 Subject: MCP Check not working In-Reply-To: <223f97700706210630l714e6f9bs2c1c92689b434e3f@mail.gmail.com> References: <96EF3FB3C374A64187CCB0D0DA716F2446E3@idefix.danielf.local> <96EF3FB3C374A64187CCB0D0DA716F2446E9@idefix.danielf.local> <223f97700706200707y94e3e31s2c97369fe9308acc@mail.gmail.com> <96EF3FB3C374A64187CCB0D0DA716F2446EA@idefix.danielf.local> <223f97700706210243m1c35033fg436d73d0d14dce85@mail.gmail.com> <3057.90.184.17.152.1182421959.squirrel@mail.fumlersoft.dk> <223f97700706210342i626973e6x2484b8fd1be09ffc@mail.gmail.com> <3181.90.184.17.152.1182425706.squirrel@mail.fumlersoft.dk> <223f97700706210512m78289820tc567f005e9b7152f@mail.gmail.com> <3323.90.184.17.152.1182431447.squirrel@mail.fumlersoft.dk> <223f97700706210630l714e6f9bs2c1c92689b434e3f@mail.gmail.com> Message-ID: <3399.90.184.17.152.1182433707.squirrel@mail.fumlersoft.dk> On Thu, June 21, 2007 15:30, Glenn Steen wrote: > On 21/06/07, Mogens Melander wrote: >> It looks OK, but, no MCP score, or rules report, in incomming mail. The missing part: ... ... (all good) [26203] dbg: dns: no ipv6 [26203] dbg: dns: is Net::DNS::Resolver available? yes [26203] dbg: dns: Net::DNS version: 0.59 [26203] dbg: config: using "/etc/MailScanner/mcp" for site rules pre files [26203] dbg: config: read file /etc/MailScanner/mcp/v320.pre [26203] dbg: config: using "/etc/MailScanner/mcp" for sys rules pre files [26203] dbg: config: read file /etc/MailScanner/mcp/v320.pre [26203] dbg: config: using "/etc/MailScanner/mcp" for default rules dir [26203] dbg: config: read file /etc/MailScanner/mcp/10_example.cf [26203] dbg: config: using "/etc/MailScanner/mcp" for site rules dir [26203] dbg: config: read file /etc/MailScanner/mcp/10_example.cf [26203] dbg: config: using "/root/.spamassassin" for user state dir [26203] dbg: config: using "/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf" for user prefs file [26203] dbg: config: read file /etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf [26203] dbg: plugin: loading Mail::SpamAssassin::Plugin::Check from @INC [26203] dbg: plugin: loading Mail::SpamAssassin::Plugin::Check from @INC [26203] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Check=HASH(0x871feb4), already registered [26203] dbg: conf: finish parsing [26203] dbg: config: score set 1 chosen. [26203] dbg: message: main message type: text/plain [26203] dbg: plugin: Mail::SpamAssassin::Plugin::Check=HASH(0x8c53098) implements 'check_main', priority 0 [26203] dbg: conf: trusted_networks are not configured; it is recommended that you configure trusted_networks manually [26203] dbg: metadata: X-Spam-Relays-Trusted: [26203] dbg: metadata: X-Spam-Relays-Untrusted: [26203] dbg: metadata: X-Spam-Relays-Internal: [26203] dbg: metadata: X-Spam-Relays-External: [26203] dbg: message: ---- MIME PARSER START ---- [26203] dbg: message: parsing normal part [26203] dbg: message: ---- MIME PARSER END ---- [26203] dbg: message: no encoding detected [26203] dbg: check: running tests for priority: 0 [26203] dbg: rules: running head tests; score so far=0 [26203] dbg: rules: compiled head tests [26203] dbg: rules: ran header rule SAMPLE_RULE1 ======> got hit: "this subject is banned" [26203] dbg: rules: running body tests; score so far=2 [26203] dbg: rules: compiled body tests [26203] dbg: rules: ran body rule SAMPLE_RULE2 ======> got hit: "this text is banned" [26203] dbg: rules: running uri tests; score so far=7 [26203] dbg: rules: compiled uri tests [26203] dbg: rules: running rawbody tests; score so far=7 [26203] dbg: rules: compiled rawbody tests [26203] dbg: rules: running full tests; score so far=7 [26203] dbg: rules: compiled full tests [26203] dbg: rules: running meta tests; score so far=7 [26203] dbg: rules: compiled meta tests [26203] dbg: check: is spam? score=7 required=5 [26203] dbg: check: tests=SAMPLE_RULE1,SAMPLE_RULE2 [26203] dbg: check: subtests= >> dbg: check: subtests= >> Received: from localhost by styx.fumlersoft.dk >> with SpamAssassin (version 3.2.1); >> Thu, 21 Jun 2007 14:57:50 +0200 >> Subject: this subject is banned >> X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on >> styx.fumlersoft.dk >> MIME-Version: 1.0 >> Content-Type: multipart/mixed; boundary="----------=_467A75CE.9FD16FEF" >> >> This is a multi-part message in MIME format. >> >> ------------=_467A75CE.9FD16FEF >> Content-Type: text/plain; charset=iso-8859-1 >> Content-Disposition: inline >> Content-Transfer-Encoding: 8bit >> >> (no report template found) >> >> ------------=_467A75CE.9FD16FEF >> Content-Type: message/rfc822; x-spam-type=original >> Content-Description: original message before SpamAssassin >> Content-Disposition: inline >> Content-Transfer-Encoding: 8bit >> >> Subject: this subject is banned >> this text is banned >> >> ------------=_467A75CE.9FD16FEF-- >> >> (no report template found) >> > > All well and good, but the relevant thing isn't whether it finds the > report templates, but rather if the expected rules fire or not (and > the accumulated score)... Which should be just above the snippet you > quote here. > > Also, look for any syntax errors (or similar) pertaining to your > particular rules. I thing that might be the problem. No rules loaded, or something like that. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Phil.Udel at SalemCorp.com Thu Jun 21 15:07:19 2007 From: Phil.Udel at SalemCorp.com (Phil Udel) Date: Thu Jun 21 15:07:33 2007 Subject: Problem with BAYES not running Message-ID: <02cc01c7b40d$7b15a8a0$6102a8c0@salemcorp.com> Running the Following SpamAssassin version 3.1.9 MailScanner-4.55.10-3 Fo some unaperant reason I am not getting Bayes scores anymore I normaly would get at lease a BAYES_00 like this Jun 10 04:03:21 mail MailScanner[9467]: Message l5A83ACo017882 from 127.0.0.1 ( root@mail.X.com) to mail.X.com is not spam (whitelisted), ,SpamAssassin (not cached, score=-2.601, required 5, autolearn=not spam, BAYES_00 -2.60,SPF_HELO_PASS -0.00, SPF_PASS -0.00) But Now I get no BAYES Reporting at all even with spam like this Jun 19 17:09:09 mail MailScanner[19863]: Message l5JL8xIA031013 from 201.15.66.40 (xdshipley@crewstart.com) to X.com is spam, SBL+XBL, SpamAssassin (not cached, score=20.355, required 5, autolearn=spam, PYZOR_CHECK 3.70, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CF_RANGE_E8_51_100 1.50 , RAZOR2_CHECK 0.50, SARE_SXLIFE 1.07, URIBL_BLACK 3.00, URIBL_JP_SURBL 4.09, UR IBL_SC_SURBL 4.50) Other than SARE Updates that has been the only change that gets made. ALl has been working fine since I install 4.55 some time ago. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070621/568b2ae3/attachment.html From glenn.steen at gmail.com Thu Jun 21 15:20:29 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jun 21 15:20:31 2007 Subject: MCP Check not working In-Reply-To: <3399.90.184.17.152.1182433707.squirrel@mail.fumlersoft.dk> References: <96EF3FB3C374A64187CCB0D0DA716F2446E3@idefix.danielf.local> <96EF3FB3C374A64187CCB0D0DA716F2446EA@idefix.danielf.local> <223f97700706210243m1c35033fg436d73d0d14dce85@mail.gmail.com> <3057.90.184.17.152.1182421959.squirrel@mail.fumlersoft.dk> <223f97700706210342i626973e6x2484b8fd1be09ffc@mail.gmail.com> <3181.90.184.17.152.1182425706.squirrel@mail.fumlersoft.dk> <223f97700706210512m78289820tc567f005e9b7152f@mail.gmail.com> <3323.90.184.17.152.1182431447.squirrel@mail.fumlersoft.dk> <223f97700706210630l714e6f9bs2c1c92689b434e3f@mail.gmail.com> <3399.90.184.17.152.1182433707.squirrel@mail.fumlersoft.dk> Message-ID: <223f97700706210720g6adfe0c8q7d7fdb6cac8e973b@mail.gmail.com> On 21/06/07, Mogens Melander wrote: > > On Thu, June 21, 2007 15:30, Glenn Steen wrote: > > On 21/06/07, Mogens Melander wrote: > >> > > > It looks OK, but, no MCP score, or rules report, in incomming mail. > > The missing part: > ... > ... > (all good) (snip) This is the interesting part: > [26203] dbg: check: running tests for priority: 0 > [26203] dbg: rules: running head tests; score so far=0 > [26203] dbg: rules: compiled head tests > [26203] dbg: rules: ran header rule SAMPLE_RULE1 > ======> got hit: "this subject is banned" Hit sample rule number 1! Good. > [26203] dbg: rules: running body tests; score so far=2 > [26203] dbg: rules: compiled body tests > [26203] dbg: rules: ran body rule SAMPLE_RULE2 > ======> got hit: "this text is banned" > [26203] dbg: rules: running uri tests; score so far=7 Hit sample rule number 2! Good... > [26203] dbg: rules: compiled uri tests > [26203] dbg: rules: running rawbody tests; score so far=7 > [26203] dbg: rules: compiled rawbody tests > [26203] dbg: rules: running full tests; score so far=7 > [26203] dbg: rules: compiled full tests > [26203] dbg: rules: running meta tests; score so far=7 > [26203] dbg: rules: compiled meta tests > [26203] dbg: check: is spam? score=7 required=5 > [26203] dbg: check: tests=SAMPLE_RULE1,SAMPLE_RULE2 Reporting the relevant hits... Good. (snip) What perhaps isn't that goiod is that these are the only rules found and tested... Where did you put your specific ones? They should be in a .cf file in /etc/MailScanner/mcp, and nowhere else. > > > > Also, look for any syntax errors (or similar) pertaining to your > > particular rules. > > I thing that might be the problem. No rules loaded, or something like that. > Likely never finds them, or rejects the file (but that is unlikely... I only see the 10_sample.cf file being read... and the prefs file...). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From daniel at danielf.ch Thu Jun 21 15:35:52 2007 From: daniel at danielf.ch (Daniel Fuhrer) Date: Thu Jun 21 15:35:59 2007 Subject: AW: MCP Check not working In-Reply-To: <223f97700706210510l117750c4h6eab88734a86a378@mail.gmail.com> References: <96EF3FB3C374A64187CCB0D0DA716F2446E3@idefix.danielf.local><96EF3FB3C374A64187CCB0D0DA716F2446E7@idefix.danielf.local><223f97700706191403g4ac4bd17l328277e1c92c3f39@mail.gmail.com><96EF3FB3C374A64187CCB0D0DA716F2446E8@idefix.danielf.local><223f97700706200343o2b9a4a8em879b3431492e45bf@mail.gmail.com><96EF3FB3C374A64187CCB0D0DA716F2446E9@idefix.danielf.local><223f97700706200707y94e3e31s2c97369fe9308acc@mail.gmail.com><96EF3FB3C374A64187CCB0D0DA716F2446EA@idefix.danielf.local><223f97700706210243m1c35033fg436d73d0d14dce85@mail.gmail.com><96EF3FB3C374A64187CCB0D0DA716F2446EB@idefix.danielf.local> <223f97700706210510l117750c4h6eab88734a86a378@mail.gmail.com> Message-ID: <96EF3FB3C374A64187CCB0D0DA716F2446EC@idefix.danielf.local> Hi Glenn Thanks again for your help and that useful link. I have everything sorted now. Cheers Daniel -----Urspr?ngliche Nachricht----- Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Im Auftrag von Glenn Steen Gesendet: Donnerstag, 21. Juni 2007 14:10 An: Mailscanner Betreff: Re: MCP Check not working On 21/06/07, Daniel Fuhrer wrote: > Hi Glenn > Thanks a lot for your help. Now it works perfectly. I hope I didn't bother you to much. No problem. > I have some more questions about MCP. > Can I make some rules according to the sender or the recipient? We have some automatic mailboxes, where only certain subject's or message body's are allowed. We also have some mailboxes where only certain customers are allowed to send emails. > You can make any SA rule you like, AFAIK... At least all the "plain simple" ones:). How to make the rules is far better described by others (Matt Kettler has written some very informative things on that subject... Think you should find it somewhere on www.rulesemporium.com .... hmmm nope, they do have the link to http://mywebpages.comcast.net/mkettler/sa/SA-rules-howto.txt though... Matt will tell us if it is the latest&greatest:-). You could also just check out the relevant man pages (Mail::SpaAssassin::Conf, according to Jules install doc for MCP),or via perldoc if you prefer that, just to see the syntax etc. The thing with MCP is that it (due to only using your specific rules) is something really lightweight and very flexible. The alternative would've been to "reinvent the wheel" for this functionality... Again, a testament to Jules genius:). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From js at wexoe.dk Thu Jun 21 15:36:34 2007 From: js at wexoe.dk (Jens W. Skov) Date: Thu Jun 21 15:36:36 2007 Subject: Spam list Message-ID: <196A8818B3B5D611AC8D0008024505DB01294567@PDCWEXOE> Hi What spam lists are you using now? I'm only using SBL-XBL and would like to add a few more if you can recommend some. Jens From Denis.Beauchemin at USherbrooke.ca Thu Jun 21 15:42:52 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jun 21 15:43:16 2007 Subject: Spam list In-Reply-To: <196A8818B3B5D611AC8D0008024505DB01294567@PDCWEXOE> References: <196A8818B3B5D611AC8D0008024505DB01294567@PDCWEXOE> Message-ID: <467A8E6C.7080305@USherbrooke.ca> Jens W. Skov a ?crit : > Hi > > What spam lists are you using now? > I'm only using SBL-XBL and would like to add a few more if you can recommend > some. > > > Jens > Jens, I use none. I prefer to let SpamAssassin use them. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From prandal at herefordshire.gov.uk Thu Jun 21 15:46:00 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Jun 21 15:46:12 2007 Subject: Spam list In-Reply-To: <196A8818B3B5D611AC8D0008024505DB01294567@PDCWEXOE> References: <196A8818B3B5D611AC8D0008024505DB01294567@PDCWEXOE> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAF79638@HC-MBX02.herefordshire.gov.uk> sbl-xbl has been superceded by zen (http://www.spamhaus.org/zen/). However, you're advised to read the caveats: "In most cases, zen.spamhaus.org replaces sbl-xbl.spamhaus.org. If you are currently using sbl-xbl.spamhaus.org you should now replace 'sbl-xbl.spamhaus.org' with 'zen.spamhaus.org'. zen.spamhaus.org should now be the only spamhaus.org DNSBL in your configuration. You should not use ZEN together with other Spamhaus blocklists, or with blocklists already included in our zones (such as the CBL) or you will simply be wasting DNS queries and slowing your mail queue. Caution: Because ZEN includes the XBL and PBL lists, do not use ZEN on smarthosts or SMTP AUTH outbound servers for your own customers (or you risk blocking your own customers). Do not use ZEN in filters that do any 'deep parsing' of Received headers, or for other than checking IP addresses that hand off to your mailservers." and "Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL mirrors is free for low-traffic mail servers serving less than 100 users. Use of the Spamhaus DNSBLs by commercial or corporate networks, ISPs and ESPs, requires a subscription to Spamhaus's Data Feed service." Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Jens W. Skov > Sent: 21 June 2007 15:37 > To: 'MailScanner discussion' > Subject: Spam list > > Hi > > What spam lists are you using now? > I'm only using SBL-XBL and would like to add a few more if > you can recommend > some. > > > Jens > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From dyioulos at firstbhph.com Thu Jun 21 15:53:48 2007 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Thu Jun 21 15:53:48 2007 Subject: MCP rule to check attachments Message-ID: <200706211053.48924.dyioulos@firstbhph.com> Hello all. My MCP rules for checking mail subject and body, based on the sample, work fine. I'd like to check attachments, but am not sure how to write the rules. Can anyone tell me how compose a rule to check, say, a M$ Word document for certain words or phrases? Many thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Jun 21 16:02:39 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 21 16:06:26 2007 Subject: Spam list In-Reply-To: <196A8818B3B5D611AC8D0008024505DB01294567@PDCWEXOE> References: <196A8818B3B5D611AC8D0008024505DB01294567@PDCWEXOE> Message-ID: <467A930F.2080905@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The one and only that I use is spamhaus-ZEN. This is defined in spam.lists.conf as follows: spamhaus-ZEN zen.spamhaus.org. It contains all the great Spamhaus spam lists rolled into one, including SBL-XBL.So, assuming you have an even vaguely recent /etc/MailScanner/spam.lists.conf, all you need in MailScanner.conf is Spam List = spamhaus-ZEN Jules. Jens W. Skov wrote: > Hi > > What spam lists are you using now? > I'm only using SBL-XBL and would like to add a few more if you can recommend > some. > > > Jens > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGepNiEfZZRxQVtlQRAoDEAKDW2cjsDbOG39yqB/wDaTKn/VN9wACeLdD2 0cu2W+euPacu4RWEA+svXDU= =EcDA -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From prandal at herefordshire.gov.uk Thu Jun 21 16:05:54 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Jun 21 16:08:04 2007 Subject: MCP patching SpamAssassin In-Reply-To: <467A7615.40801@ecs.soton.ac.uk> References: <46796618.7070106@ecs.soton.ac.uk><7EF0EE5CB3B263488C8C18823239BEBAF7957A@HC-MBX02.herefordshire.gov.uk> <467A7615.40801@ecs.soton.ac.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAF79641@HC-MBX02.herefordshire.gov.uk> Sorry, but I'm going to have to give that one a miss, because I don't understand it enough to phrase it in a way which would not be MailScanner-specific and appear generally useful. Jules, you have two pages on MailScanner.info about MCP. http://www.mailscanner.info/install/mcp/ is obsolete, superceded by the link you gave below. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: 21 June 2007 13:59 > To: MailScanner discussion > Subject: Re: MCP patching SpamAssassin > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Any chance you could do it for me please? Take a look at the patch > (linked from www.mailscanner.info/mcp.html). > > Randal, Phil wrote: > > Julian, > > > > Is there any chance of you raising a spamassassin bug to get this > > functionality included in the standard release? > > > > Cheers, > > > > Phil > > > > -- > > Phil Randal > > Network Engineer > > Herefordshire Council > > Hereford, UK > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > >> Of Julian Field > >> Sent: 20 June 2007 18:39 > >> To: MailScanner discussion > >> Subject: MCP patching SpamAssassin > >> > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> After looking at the source for 3.2.1, I have come up with a > >> far easier > >> way of making SpamAssassin search binary attachments as > well as just > >> text and HTML, when doing MCP tests. > >> > >> The new method involves just a single 1-line patch to Util.pm. > >> > >> This will be in the next release, and should be far simpler > >> to maintain > >> across future versions, as it works at a much lower level, in > >> a utility > >> function for reading the MIME type of an attachment. > >> > >> I would advise anyone using SpamAssassin version 3.2.0 or > higher to > >> switch to the new method when I release it. > >> > >> Jules > >> > >> - -- > >> Julian Field MEng CITP > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> > >> MailScanner customisation, or any advanced system > administration help? > >> Contact me at Jules@Jules.FM > >> > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> For all your IT requirements visit www.transtec.co.uk > >> > >> > >> > >> -----BEGIN PGP SIGNATURE----- > >> Version: PGP Desktop 9.6.1 (Build 1012) > >> Charset: ISO-8859-1 > >> > >> wj8DBQFGeWYcEfZZRxQVtlQRArbJAJ4jiO9oBhE+Eq1xeDbMLVwW/wLDcwCgni/C > >> f/VlgCDaKhuT7huy26Faqgk= > >> =pkT/ > >> -----END PGP SIGNATURE----- > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> For all your IT requirements visit www.transtec.co.uk > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > >> > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.1 (Build 1012) > Charset: ISO-8859-1 > > wj8DBQFGenaUEfZZRxQVtlQRAl+1AKC7g0TASQzBa1lVxvkty0kAvYJ1TQCeIHUO > XsuTMQ8cy70Ft5tSZCScn14= > =S6ws > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Thu Jun 21 16:08:38 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 21 16:11:38 2007 Subject: MCP rule to check attachments In-Reply-To: <200706211053.48924.dyioulos@firstbhph.com> References: <200706211053.48924.dyioulos@firstbhph.com> Message-ID: <467A9476.4040201@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dimitri Yioulos wrote: > Hello all. > > My MCP rules for checking mail subject and body, based on the sample, work > fine. I'd like to check attachments, but am not sure how to write the rules. > Can anyone tell me how compose a rule to check, say, a M$ Word document for > certain words or phrases? > The MCP SpamAssassin patches enable it to look in things like Word docs, so you can just use normal SA rules that search the entire message. > Many thanks. > > Dimitri > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGepR5EfZZRxQVtlQRAkS/AJ4/oLwdW9yYTnC9EJ5NAkEAr7CaiwCgpdXe rZBk0pLq7pwLFxt73wlKPUk= =p7XE -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From G.Pentland at soton.ac.uk Thu Jun 21 16:21:02 2007 From: G.Pentland at soton.ac.uk (Pentland G.) Date: Thu Jun 21 16:21:28 2007 Subject: Sendmail and multiple queue groups In-Reply-To: <467A930F.2080905@ecs.soton.ac.uk> References: <196A8818B3B5D611AC8D0008024505DB01294567@PDCWEXOE> <467A930F.2080905@ecs.soton.ac.uk> Message-ID: Jules and everyone, I am working on a new setup using MailScanner 4.59.4. I have configured sendmail to have several queue groups /var/spool/mqueue/internal /var/spool/mqueue/external /var/spool/mqueue/fromexchange /var/spool/mqueue/outbound Where 3 differently configured MailScanner setups process the different queues into the outbound queue. I got loads of errors along the lines of... NOQUEUE: SYSERR(root): QueuePath /var/spool/mqueue/internal not subpath of QueueDirectory /var/spool/mqueue/outbound/ Having checked the MailScanner code, Sendmail.pm, in line 715, sendmail is called with a -OQueueDirectory=$queue. I've commented this line out and all works well but I'd like to ask your opinion if there is a better, or more permanent fix, and would that be more appropriate. Please keep in mind that upgrades are fairly rare here and we already change a good number of bits and pieces from their normal states. Also, what was the reasoning for calling sendmail in that way in the first place? Cheers, Gary From dyioulos at firstbhph.com Thu Jun 21 16:44:19 2007 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Thu Jun 21 16:47:39 2007 Subject: MCP rule to check attachments In-Reply-To: <467A9476.4040201@ecs.soton.ac.uk> References: <200706211053.48924.dyioulos@firstbhph.com> <467A9476.4040201@ecs.soton.ac.uk> Message-ID: <200706211144.20027.dyioulos@firstbhph.com> On Thursday 21 June 2007 11:08 am, Julian Field wrote: > Dimitri Yioulos wrote: > > Hello all. > > > > My MCP rules for checking mail subject and body, based on the sample, > > work fine. I'd like to check attachments, but am not sure how to write > > the rules. Can anyone tell me how compose a rule to check, say, a M$ Word > > document for certain words or phrases? > > The MCP SpamAssassin patches enable it to look in things like Word docs, > so you can just use normal SA rules that search the entire message. > > > Many thanks. > > > > Dimitri > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > Thanks, Jules! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From res at ausics.net Thu Jun 21 16:42:45 2007 From: res at ausics.net (Res) Date: Thu Jun 21 16:57:14 2007 Subject: Bug in 4.58.9 ? In-Reply-To: <467A7BC5.2000704@USherbrooke.ca> References: <467A7BC5.2000704@USherbrooke.ca> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NotDashEscaped: You need GnuPG to verify this message Bug reports of ancient MailScanner (or *any* software) version is really pointless. Please upgrade to the current stable version. On Thu, 21 Jun 2007, Denis Beauchemin wrote: > Hello, > > Yesterday I got sendmail errors on 10 emails processed by MS. Sendmail > complained about invalid lines in the q* file. Turns out the subject line > had many returns (^M) while there was an unencoded accented character on the > subject line. > > Here is an example from a Q* file: > HX-Mailer: WhatCounts > HX-UdeS-MailScanner: Aucun code suspect =?ISO-8859-1?Q?d=E9tect=E9?= > HX-MailScanner-SpamCheck: n'est pas un polluriel, SpamAssassin (not cached, > score=-1.103, requis 4.5, BASE64_LENGTH_79_INF 1.50, BAYES_00 -2.60) > HSubject: > > Jean-Fran?ois, envoyez des messages qui en disent long > HX-Spam-Status: No > > The subject line has ^M that sendmail doesn't like. I just removed them and > renamed the Q* files to q* and then sendmail was happy to send them. > > I'm not sure if the problem comes from the sender but I received over 2000 > emails from them yesterday and only 9 had this problem. > > Here are the details about my MS setup: > MailScanner --version > Running on > Linux smtpe4.usherbrooke.ca 2.6.18-8.1.4.el5 #1 SMP Fri May 4 22:15:13 EDT > 2007 i686 i686 i386 GNU/Linux > This is Red Hat Enterprise Linux Server release 5 (Tikanga) > This is Perl version 5.008008 (5.8.8) > > This is MailScanner version 4.58.9 > Module versions are: > 1.00 AnyDBM_File > 1.16 Archive::Zip > 1.04 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.74 File::Basename > 2.09 File::Copy > 2.01 FileHandle > 1.08 File::Path > 0.16 File::Temp > 0.90 Filesys::Df > 1.35 HTML::Entities > 3.56 HTML::Parser > 2.37 HTML::TokeParser > 1.22 IO > 1.13 IO::File > 1.13 IO::Pipe > 1.71 Mail::Header > 3.05 MIME::Base64 > 5.420 MIME::Decoder > 5.420 MIME::Decoder::UU > 5.420 MIME::Head > 5.420 MIME::Parser > 3.03 MIME::QuotedPrint > 5.420 MIME::Tools > 0.10 Net::CIDR > 1.09 POSIX > 1.78 Socket > 1.4 Sys::Hostname::Long > 0.18 Sys::Syslog > 1.86 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 0.17 Convert::TNEF > 1.814 DB_File > 1.12 DBD::SQLite > 1.52 DBI > 1.15 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.11 Digest::SHA1 > 0.44 Inline > 0.20 Mail::ClamAV > 3.002001 Mail::SpamAssassin > 1.999001 Mail::SPF::Query > 0.20 Net::CIDR::Lite > 1.25 Net::IP > 0.59 Net::DNS > 0.33 Net::LDAP > 1.94 Parse::RecDescent > missing SAVI > 2.56 Test::Harness > 0.7 Test::Simple > 1.98 Text::Balanced > 1.35 URI > > Thanks again! > > Denis > > -- Cheers Res -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGepx1sWhAmSIQh7MRAptMAKCqcEobyVtG53o+EB4CJsk9d6IX7wCeNCPy 1i5I/ztLwAuUT8ht2yO6Je4= =z4hK -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Thu Jun 21 17:21:38 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 21 17:24:38 2007 Subject: Sendmail and multiple queue groups In-Reply-To: References: <196A8818B3B5D611AC8D0008024505DB01294567@PDCWEXOE> <467A930F.2080905@ecs.soton.ac.uk> Message-ID: <467AA592.2060400@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pentland G. wrote: > Also, what was the reasoning for calling sendmail in that way in the > first place? > The reason I do it this way is that the sendmail -qI.... call to kick sendmail into making a delivery attempt has to know which queue directory the message is in, or else it will just look in the one defined in sendmail.cf. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGeqWoEfZZRxQVtlQRAquAAKC0bsD084Ljl/0UzGzjNtIzCJiVtgCfSB2w UxlcZGLmuJB8Oh5A9n0lTmw= =Bwvt -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From drew at technologytiger.net Thu Jun 21 17:34:15 2007 From: drew at technologytiger.net (Drew Marshall) Date: Thu Jun 21 17:34:21 2007 Subject: Spam list In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBAF79638@HC-MBX02.herefordshire.gov.uk> References: <196A8818B3B5D611AC8D0008024505DB01294567@PDCWEXOE> <7EF0EE5CB3B263488C8C18823239BEBAF79638@HC-MBX02.herefordshire.gov.uk> Message-ID: <49047.194.70.180.170.1182443655.squirrel@www.technologytiger.net> On Thu, June 21, 2007 15:46, Randal, Phil wrote: > "Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL mirrors > is free for low-traffic mail servers serving less than 100 users. Use of > the Spamhaus DNSBLs by commercial or corporate networks, ISPs and ESPs, > requires a subscription to Spamhaus's Data Feed service." So what do people here do? Do they pay up or use something else? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by the Technology Tiger MailScanner. Further information can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From rcooper at dwford.com Thu Jun 21 17:35:24 2007 From: rcooper at dwford.com (Rick Cooper) Date: Thu Jun 21 17:35:30 2007 Subject: MCP works, doesn't deliver Message-ID: <00be01c7b422$2bbf8d10$0301a8c0@SAHOMELT> I have never used the MCP features of MailScanner before, after all the traffic thought I would try it. My problem is a bit odd in that if I do a test (with the sample rules) it hits fine, and if I sent it locally it delivers the mail tagged correctly. However, if I send it from remote it does exactly the same thing, logs the same way, says it delivered and then the message is just gone. Not in any queue, not in the inbox, just gone. MCP Setup as follows: MCP Checks = yes MCP Required SpamAssassin Score = 5 MCP High SpamAssassin Score = 14 MCP Error Score = 1 MCP Header = X-%org-name%-MailScanner-MCPCheck: Non MCP Actions = deliver MCP Actions = deliver High Scoring MCP Actions = deliver Bounce MCP As Attachment = no MCP Modify Subject = yes MCP Subject Text = [MCP Content Bad?] High Scoring MCP Modify Subject = yes High Scoring MCP Subject Text = [MCP Content BAD YES] Is Definitely MCP = no Is Definitely Not MCP = no Definite MCP Is High Scoring = no Always Include MCP Report = yes Detailed MCP Report = yes Include Scores In MCP Report = yes Log MCP = yes MCP Max SpamAssassin Timeouts = 20 MCP Max SpamAssassin Size = 1000000 MCP SpamAssassin Timeout = 60 MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf MCP SpamAssassin User State Dir = MCP SpamAssassin Local Rules Dir = %mcp-dir% MCP SpamAssassin Default Rules Dir = %mcp-dir% MCP SpamAssassin Install Prefix = %mcp-dir% Recipient MCP Report = %report-dir%/recipient.mcp.report.txt Sender MCP Report = %report-dir%/sender.mcp.report.txt The etc/mcp/v320.pre is the default as is the prefs file The log says (on a message that never arrives) New Batch: Scanning 1 messages, 17233 bytes MCP Checks: Starting Message 1I1PHy-0008VY-I7 from 66.249.241.90 (rcooper@dwford.com) to cooper-home.com is MCP, MCP-Checker (score=5, required 5, SAMPLE_RULE2 5.00) MCP Checks: Found 1 MCP messages MCP Actions: message 1I1PHy-0008VY-I7 actions are deliver Spam Checks: Starting Virus and Content Scanning: Starting <----------- CLAMD SCAN BEGIN--------> CLAMD VER : ClamAV 0.91rc1/3486/Thu Jun 21 01:56:11 2007 CLAMD VERNO : 0911 ----------------------------------------------------------------------- CLAMD ELAPSED TIME : 0.025145 ----------------------------------------------------------------------- HTML Img tag found in message 1I1PHy-0008VY-I7 from rcooper@dwford.com Uninfected: Delivered 1 messages Logging message 1I1PHy-0008VY-I7 to SQL I am stumped, anyone care to guess? Rick Cooper -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mogens at fumlersoft.dk Thu Jun 21 18:25:20 2007 From: mogens at fumlersoft.dk (Mogens Melander) Date: Thu Jun 21 18:25:00 2007 Subject: MCP Check not working In-Reply-To: <223f97700706210720g6adfe0c8q7d7fdb6cac8e973b@mail.gmail.com> References: <96EF3FB3C374A64187CCB0D0DA716F2446E3@idefix.danielf.local> <96EF3FB3C374A64187CCB0D0DA716F2446EA@idefix.danielf.local> <223f97700706210243m1c35033fg436d73d0d14dce85@mail.gmail.com> <3057.90.184.17.152.1182421959.squirrel@mail.fumlersoft.dk> <223f97700706210342i626973e6x2484b8fd1be09ffc@mail.gmail.com> <3181.90.184.17.152.1182425706.squirrel@mail.fumlersoft.dk> <223f97700706210512m78289820tc567f005e9b7152f@mail.gmail.com> <3323.90.184.17.152.1182431447.squirrel@mail.fumlersoft.dk> <223f97700706210630l714e6f9bs2c1c92689b434e3f@mail.gmail.com> <3399.90.184.17.152.1182433707.squirrel@mail.fumlersoft.dk> <223f97700706210720g6adfe0c8q7d7fdb6cac8e973b@mail.gmail.com> Message-ID: <4091.90.184.17.152.1182446720.squirrel@mail.fumlersoft.dk> Ok, thanks Glenn, I think got a handle on it now. When actually sending the "this text is banned" mail it was marked MCP, and i got the notice. It did fail to forward to the address in MCP Action, but thats another story. BTW. Back in DK freezing my ass of :( On Thu, June 21, 2007 16:20, Glenn Steen wrote: -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lists at jfworks.net Thu Jun 21 18:33:52 2007 From: lists at jfworks.net (James) Date: Thu Jun 21 18:34:19 2007 Subject: Spam list In-Reply-To: <49047.194.70.180.170.1182443655.squirrel@www.technologytiger.net> References: <196A8818B3B5D611AC8D0008024505DB01294567@PDCWEXOE> <7EF0EE5CB3B263488C8C18823239BEBAF79638@HC-MBX02.herefordshire.gov.uk> <49047.194.70.180.170.1182443655.squirrel@www.technologytiger.net> Message-ID: <467AB680.2060209@jfworks.net> Drew Marshall wrote: > On Thu, June 21, 2007 15:46, Randal, Phil wrote: > >> "Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL mirrors >> is free for low-traffic mail servers serving less than 100 users. Use of >> the Spamhaus DNSBLs by commercial or corporate networks, ISPs and ESPs, >> requires a subscription to Spamhaus's Data Feed service." >> > > So what do people here do? Do they pay up or use something else? > > Drew > > > We pay to use the datafeed service and so far its definatly worth it at least for our customers. At first we were only using the free service as we started offering mail scanning service to a few of our existing customers. As the number of customer requests started to grow for spam detection/removal ( Thanks MailScanner! ) we thought, we should pay now and not risk loosing the service later. I'm sure they would remove us eventually from their blacklist, but it would be a hassle and the existing customers would bear the brunt of it. Pay now or pay later, everyone pays the piper. James From Denis.Beauchemin at USherbrooke.ca Thu Jun 21 18:37:26 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jun 21 18:37:45 2007 Subject: Bug in 4.58.9 ? In-Reply-To: References: <467A7BC5.2000704@USherbrooke.ca> Message-ID: <467AB756.2060207@USherbrooke.ca> Res a ?crit : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > NotDashEscaped: You need GnuPG to verify this message > > Bug reports of ancient MailScanner (or *any* software) version is > really pointless. Please upgrade to the current stable version. Res, I don't install every new release because most of the time I don't really need the new features they provide. I don't have the time to install everything new just because there is a new version available either. This is just plain stupid to tell someone to upgrade to the latest release when they run a quite recent one. I am not running a one year old version! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070621/b677300f/smime.bin From mkettler at evi-inc.com Thu Jun 21 19:11:15 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Jun 21 19:11:39 2007 Subject: Bayes will not run auto/manual expiry In-Reply-To: References: Message-ID: <467ABF43.9080105@evi-inc.com> Douglas Ward wrote: > I found an abort message in spamassassin (bayes related). Does this > look bad? no. > Has my bayes db grown too large to expire? There is no such thing as too large to expire. My own bayes database won't even consider trying expiry until it is larger than yours is currently. (I've intentionally over-ridden the size, mostly for my own purposes.) > Should I clear it and start over? Probably not unless this becomes a persistent problem. Any thoughts would be most helpful. Thanks! Looking at the results, the data in your bayes database is all "too close together" in age. SA does expiry based on how long it's been since a token was seen in a message. Right now, if SA were to pick a cutoff such that it discarded the oldest 12 hours of tokens, your bayes DB would plummet to 73,442 tokens in size, discarding 242,955 tokens in one blow. >From the looks of it, you did a large "mass training" session about 71 days ago, probably when you first set SA up. There's been some learning since, but not much, or at least, not enough to act as a sufficient bayes DB of its own. That initial burst still represents 76% of what's in your bayes DB. I'd give it some fresh training if you have a chance, and try expiring again in a few more days. From sysadmin at DMS.UMontreal.CA Thu Jun 21 19:39:34 2007 From: sysadmin at DMS.UMontreal.CA (Administrateur de systemes) Date: Thu Jun 21 19:40:04 2007 Subject: problem having using french support Message-ID: <467AC5E6.2040305@DMS.UMontreal.CA> Hello I have been using mailscanner since 2003 . I just found out a problem using french support Look at the mail penguin [~] >mail forget Subject: ??????????????????????? . Cc: sent ! Here is the mailscanner log Jun 21 14:34:35 localhost MailScanner[4553]: New Batch: Scanning 1 messages, 1103 bytes Jun 21 14:34:35 localhost MailScanner[4553]: MCP Checks completed at 6570 bytes per second Jun 21 14:34:35 localhost MailScanner[4553]: Spam Checks: Starting Jun 21 14:34:35 localhost MailScanner[4553]: Message l5LIYYtu005033 from 132.204.53.116 (faouzi@umontreal.ca) is whitelisted Jun 21 14:34:35 localhost MailScanner[4553]: Spam Checks completed at 272697 bytes per second Jun 21 14:34:35 localhost MailScanner[4553]: Virus and Content Scanning: Starting Jun 21 14:34:35 localhost MailScanner[4553]: Filename Checks: Allowing l5LIYYtu005033 msg-4553-8.txt Jun 21 14:34:35 localhost MailScanner[4553]: Filetype Checks: No executables (l5LIYYtu005033 msg-4553-8.txt) Jun 21 14:34:35 localhost MailScanner[4553]: Other Checks: Found 1 problems Jun 21 14:34:35 localhost MailScanner[4553]: Virus Scanning completed at 13681 bytes per second Jun 21 14:34:35 localhost MailScanner[4553]: Saved infected "msg-4553-8.txt" to /opt/MailScanner/var/quarantine/20070621/l5LIYYtu005033 Jun 21 14:34:35 localhost MailScanner[4553]: Cleaned: Delivered 1 cleaned messages It is stopping the email ! In my spamassassin i have put in local.cf ok_locales fr and in my /opt/MailScanner/etc/spam.assassin.prefs.conf ok_locales fr What is wrong ? -- -------------------------------------------------------------------- Faouzi GASSEMI Responsable des ressources informatiques D?partement de math?matiques et de statistique Universit? de Montr?al bureau 6188, Pavillon Andr?-Aisenstadt Tel: (514) 343-2281 Fax: (514) 343-5700 -------------------------------------------------------------------- From cparker at swatgear.com Thu Jun 21 19:47:43 2007 From: cparker at swatgear.com (Chris W. Parker) Date: Thu Jun 21 19:47:46 2007 Subject: Planning to upgrade from 4.50.15 to latest stable (4.60.8-1) Message-ID: <97FD54B5E57A1842AA1A4B232E47611773E46D@ati-ex-02.ati.local> Hello, I'm planning to do an upgrade but I have a few questions before I do it. I'm using the following document as a guide: http://wiki.mailscanner.info/doku.php?id=maq:index#upgrade_rpm 1. Do I need to upgrade the 3rd party apps before I do the MailScanner upgrade or after? 1b. Or does the MailScanner RPM update the apps during install on its own? 2. Will 4.60.8-1 work with my installed 3rd party apps so that I can test the upgrade (in case I need to do a rollback)? Here is the output of 'MailScanner -V'. [root@filter ~]# MailScanner -V Running on Linux filter.swatgear.com 2.6.9-22.0.1.EL #1 Thu Oct 27 12:26:11 CDT 2005 i686 i686 i386 GNU/Linux This is CentOS release 4.2 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.50.15 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.32 HTML::Entities 3.48 HTML::Parser 2.35 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.03 MIME::QuotedPrint 5.419 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.08 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.809 DB_File 1.11 DBD::SQLite 1.50 DBI 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.001000 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS 0.31 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI Thanks! Chris. From martinh at solidstatelogic.com Thu Jun 21 19:53:25 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Jun 21 19:53:32 2007 Subject: Planning to upgrade from 4.50.15 to latest stable (4.60.8-1) In-Reply-To: <97FD54B5E57A1842AA1A4B232E47611773E46D@ati-ex-02.ati.local> Message-ID: <1ad86fa300ddfe4a8b814f54eda07d21@solidstatelogic.com> Chris I usually update MailScanner (it's easy to rollback), then the 3rd party apps once I'm happy with MS... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Chris W. Parker > Sent: 21 June 2007 19:48 > To: MailScanner discussion > Subject: Planning to upgrade from 4.50.15 to latest stable (4.60.8-1) > > Hello, > > I'm planning to do an upgrade but I have a few questions before I do it. > > I'm using the following document as a guide: > http://wiki.mailscanner.info/doku.php?id=maq:index#upgrade_rpm > > 1. Do I need to upgrade the 3rd party apps before I do the MailScanner > upgrade or after? > > 1b. Or does the MailScanner RPM update the apps during install on its > own? > > 2. Will 4.60.8-1 work with my installed 3rd party apps so that I can > test the upgrade (in case I need to do a rollback)? > > Here is the output of 'MailScanner -V'. > > [root@filter ~]# MailScanner -V > Running on > Linux filter.swatgear.com 2.6.9-22.0.1.EL #1 Thu Oct 27 12:26:11 CDT > 2005 i686 i686 i386 GNU/Linux > This is CentOS release 4.2 (Final) > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.50.15 > Module versions are: > 1.00 AnyDBM_File > 1.14 Archive::Zip > 1.03 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.14 File::Temp > 1.32 HTML::Entities > 3.48 HTML::Parser > 2.35 HTML::TokeParser > 1.21 IO > 1.10 IO::File > 1.123 IO::Pipe > 1.71 Mail::Header > 3.05 MIME::Base64 > 5.419 MIME::Decoder > 5.419 MIME::Decoder::UU > 5.419 MIME::Head > 5.419 MIME::Parser > 3.03 MIME::QuotedPrint > 5.419 MIME::Tools > 0.10 Net::CIDR > 1.08 POSIX > 1.77 Socket > 0.08 Sys::Syslog > 1.86 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 0.17 Convert::TNEF > 1.809 DB_File > 1.11 DBD::SQLite > 1.50 DBI > 1.08 Digest > 1.01 Digest::HMAC > 2.33 Digest::MD5 > 2.10 Digest::SHA1 > 0.44 Inline > 0.17 Mail::ClamAV > 3.001000 Mail::SpamAssassin > 1.997 Mail::SPF::Query > 0.15 Net::CIDR::Lite > 0.48 Net::DNS > 0.31 Net::LDAP > 1.94 Parse::RecDescent > missing SAVI > 1.4 Sys::Hostname::Long > 2.42 Test::Harness > 0.47 Test::Simple > 1.95 Text::Balanced > 1.35 URI > > > > Thanks! > Chris. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From mailscanner at yeticomputers.com Thu Jun 21 19:56:31 2007 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Thu Jun 21 19:56:43 2007 Subject: problem having using french support In-Reply-To: <467AC5E6.2040305@DMS.UMontreal.CA> References: <467AC5E6.2040305@DMS.UMontreal.CA> Message-ID: <467AC9DF.5080903@yeticomputers.com> It looks as if the file command is picking up something in that message that matches the magic for one of the many types of executable files. Run file against the quarantined text file and see what it comes up with. You will occasionally get this kind of false positive with the content of certain messages. It should be fairly rare, and shouldn't need you to do anything to compensate other than explain to your user what the problem was. It this is unacceptable, you might want to edit your magic file to make it less picky about certain kinds of files. Rick Administrateur de systemes wrote: > Hello > > I have been using mailscanner since 2003 . I just found out a problem > using french support > > Look at the mail > > penguin [~] >mail forget > Subject: ??????????????????????? > > . > Cc: > > sent ! > > Here is the mailscanner log > > Jun 21 14:34:35 localhost MailScanner[4553]: New Batch: Scanning 1 > messages, 1103 bytes > Jun 21 14:34:35 localhost MailScanner[4553]: MCP Checks completed at > 6570 bytes per second > Jun 21 14:34:35 localhost MailScanner[4553]: Spam Checks: Starting > Jun 21 14:34:35 localhost MailScanner[4553]: Message l5LIYYtu005033 > from 132.204.53.116 (faouzi@umontreal.ca) is whitelisted > Jun 21 14:34:35 localhost MailScanner[4553]: Spam Checks completed at > 272697 bytes per second > Jun 21 14:34:35 localhost MailScanner[4553]: Virus and Content > Scanning: Starting > Jun 21 14:34:35 localhost MailScanner[4553]: Filename Checks: Allowing > l5LIYYtu005033 msg-4553-8.txt > Jun 21 14:34:35 localhost MailScanner[4553]: Filetype Checks: No > executables (l5LIYYtu005033 msg-4553-8.txt) > Jun 21 14:34:35 localhost MailScanner[4553]: Other Checks: Found 1 > problems > Jun 21 14:34:35 localhost MailScanner[4553]: Virus Scanning completed > at 13681 bytes per second > Jun 21 14:34:35 localhost MailScanner[4553]: Saved infected > "msg-4553-8.txt" to > /opt/MailScanner/var/quarantine/20070621/l5LIYYtu005033 > Jun 21 14:34:35 localhost MailScanner[4553]: Cleaned: Delivered 1 > cleaned messages > > > It is stopping the email ! > > In my spamassassin i have put in local.cf ok_locales fr > and in my /opt/MailScanner/etc/spam.assassin.prefs.conf ok_locales fr > > What is wrong ? > From sysadmin at DMS.UMontreal.CA Thu Jun 21 20:32:06 2007 From: sysadmin at DMS.UMontreal.CA (Administrateur de systemes) Date: Thu Jun 21 20:32:23 2007 Subject: problem having using french support In-Reply-To: <467AC9DF.5080903@yeticomputers.com> References: <467AC5E6.2040305@DMS.UMontreal.CA> <467AC9DF.5080903@yeticomputers.com> Message-ID: <467AD236.9010509@DMS.UMontreal.CA> That was the problem When do a file on the msg i get penguin [/tmp] >file msg-4551-7.txt msg-4551-7.txt: DOS executable (COM) Is there a way to find a solution ? other languauges have the same problem ? Rick Chadderdon wrote: > It looks as if the file command is picking up something in that message > that matches the magic for one of the many types of executable files. > Run file against the quarantined text file and see what it comes up > with. You will occasionally get this kind of false positive with the > content of certain messages. It should be fairly rare, and shouldn't > need you to do anything to compensate other than explain to your user > what the problem was. It this is unacceptable, you might want to edit > your magic file to make it less picky about certain kinds of files. > > Rick > > Administrateur de systemes wrote: > >> Hello >> >> I have been using mailscanner since 2003 . I just found out a problem >> using french support >> >> Look at the mail >> >> penguin [~] >mail forget >> Subject: ??????????????????????? >> >> . >> Cc: >> >> sent ! >> >> Here is the mailscanner log >> >> Jun 21 14:34:35 localhost MailScanner[4553]: New Batch: Scanning 1 >> messages, 1103 bytes >> Jun 21 14:34:35 localhost MailScanner[4553]: MCP Checks completed at >> 6570 bytes per second >> Jun 21 14:34:35 localhost MailScanner[4553]: Spam Checks: Starting >> Jun 21 14:34:35 localhost MailScanner[4553]: Message l5LIYYtu005033 >> from 132.204.53.116 (faouzi@umontreal.ca) is whitelisted >> Jun 21 14:34:35 localhost MailScanner[4553]: Spam Checks completed at >> 272697 bytes per second >> Jun 21 14:34:35 localhost MailScanner[4553]: Virus and Content >> Scanning: Starting >> Jun 21 14:34:35 localhost MailScanner[4553]: Filename Checks: Allowing >> l5LIYYtu005033 msg-4553-8.txt >> Jun 21 14:34:35 localhost MailScanner[4553]: Filetype Checks: No >> executables (l5LIYYtu005033 msg-4553-8.txt) >> Jun 21 14:34:35 localhost MailScanner[4553]: Other Checks: Found 1 >> problems >> Jun 21 14:34:35 localhost MailScanner[4553]: Virus Scanning completed >> at 13681 bytes per second >> Jun 21 14:34:35 localhost MailScanner[4553]: Saved infected >> "msg-4553-8.txt" to >> /opt/MailScanner/var/quarantine/20070621/l5LIYYtu005033 >> Jun 21 14:34:35 localhost MailScanner[4553]: Cleaned: Delivered 1 >> cleaned messages >> >> >> It is stopping the email ! >> >> In my spamassassin i have put in local.cf ok_locales fr >> and in my /opt/MailScanner/etc/spam.assassin.prefs.conf ok_locales fr >> >> What is wrong ? >> >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070621/71220059/attachment.html From jaearick at colby.edu Thu Jun 21 20:44:28 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Jun 21 20:44:38 2007 Subject: Spam list In-Reply-To: <49047.194.70.180.170.1182443655.squirrel@www.technologytiger.net> References: <196A8818B3B5D611AC8D0008024505DB01294567@PDCWEXOE> <7EF0EE5CB3B263488C8C18823239BEBAF79638@HC-MBX02.herefordshire.gov.uk> <49047.194.70.180.170.1182443655.squirrel@www.technologytiger.net> Message-ID: On Thu, 21 Jun 2007, Drew Marshall wrote: > Date: Thu, 21 Jun 2007 17:34:15 +0100 (BST) > From: Drew Marshall > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: RE: Spam list > > On Thu, June 21, 2007 15:46, Randal, Phil wrote: >> "Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL mirrors >> is free for low-traffic mail servers serving less than 100 users. Use of >> the Spamhaus DNSBLs by commercial or corporate networks, ISPs and ESPs, >> requires a subscription to Spamhaus's Data Feed service." > > So what do people here do? Do they pay up or use something else? > > Drew I've been using spamhaus RBLs for a while with no issues for my 3K users. I'm using zen these days with no problems (and no money). Jeff Earickson Colby College From mailscanner at yeticomputers.com Thu Jun 21 20:57:12 2007 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Thu Jun 21 20:57:22 2007 Subject: problem having using french support In-Reply-To: <467AD236.9010509@DMS.UMontreal.CA> References: <467AC5E6.2040305@DMS.UMontreal.CA> <467AC9DF.5080903@yeticomputers.com> <467AD236.9010509@DMS.UMontreal.CA> Message-ID: <467AD818.8090102@yeticomputers.com> Administrateur de systemes wrote: > That was the problem > > When do a file on the msg i get > > penguin [/tmp] >file msg-4551-7.txt > msg-4551-7.txt: DOS executable (COM) > > Is there a way to find a solution ? other languauges have the same > problem ? All languages have a problem when a file contains a character sequence that is used as "magic" to identify a format. Unfortunately, many file formats are "magic unfriendly" in that the only thing that is easily used to identify them can also appear in other file types. There is no universal solution. When I run into it, I explain the problem to the user and ask them not to use that particular subject line, salutation or whatever. It is also possible to modify the magic file by commenting (or improving, if you can figure out what might work in a particular case) the line that's causing you problems. You can also disable the filetype check in MailScanner, but I don't recommend that for isolated problems. Looking at the man page for "file" and "magic" might help you figure out what's best in your case. Rick From MailScanner at ecs.soton.ac.uk Thu Jun 21 20:56:25 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 21 20:59:19 2007 Subject: Planning to upgrade from 4.50.15 to latest stable (4.60.8-1) In-Reply-To: <1ad86fa300ddfe4a8b814f54eda07d21@solidstatelogic.com> References: <1ad86fa300ddfe4a8b814f54eda07d21@solidstatelogic.com> Message-ID: <467AD7E9.9060001@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070621/f897d178/PGP-0001.bin From cparker at swatgear.com Thu Jun 21 21:23:29 2007 From: cparker at swatgear.com (Chris W. Parker) Date: Thu Jun 21 21:23:31 2007 Subject: Planning to upgrade from 4.50.15 to latest stable (4.60.8-1) References: <1ad86fa300ddfe4a8b814f54eda07d21@solidstatelogic.com> <467AD7E9.9060001@ecs.soton.ac.uk> Message-ID: <97FD54B5E57A1842AA1A4B232E47611773EBCC@ati-ex-02.ati.local> OK thanks guys. I'm currently in the process of installing MailScanner (~30 minutes so far). Julian, Regarding upgrading Spamassassin, is the best way to do that to download the ClamAV/Spamassassin package on http://www.mailscanner.info/downloads.html (http://www.mailscanner.info/files/4/install-Clam-0.90.3-SA-3.2.1.tar.gz )? Thanks. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, June 21, 2007 12:56 PM To: MailScanner discussion Subject: Re: Planning to upgrade from 4.50.15 to latest stable (4.60.8-1) That's what I would advise too. Do MailScanner first, then SpamAssassin, then everything else. Martin.Hepworth wrote: Chris I usually update MailScanner (it's easy to rollback), then the 3rd party apps once I'm happy with MS... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- bounces@lists.mailscanner.info] On Behalf Of Chris W. Parker Sent: 21 June 2007 19:48 To: MailScanner discussion Subject: Planning to upgrade from 4.50.15 to latest stable (4.60.8-1) Hello, I'm planning to do an upgrade but I have a few questions before I do it. I'm using the following document as a guide: http://wiki.mailscanner.info/doku.php?id=maq:index#upgrade_rpm 1. Do I need to upgrade the 3rd party apps before I do the MailScanner upgrade or after? 1b. Or does the MailScanner RPM update the apps during install on its own? 2. Will 4.60.8-1 work with my installed 3rd party apps so that I can test the upgrade (in case I need to do a rollback)? Here is the output of 'MailScanner -V'. [root@filter ~]# MailScanner -V Running on Linux filter.swatgear.com 2.6.9-22.0.1.EL #1 Thu Oct 27 12:26:11 CDT 2005 i686 i686 i386 GNU/Linux This is CentOS release 4.2 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.50.15 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.32 HTML::Entities 3.48 HTML::Parser 2.35 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.71 Mail::Header 3.05 MIME::Base64 5.419 MIME::Decoder 5.419 MIME::Decoder::UU 5.419 MIME::Head 5.419 MIME::Parser 3.03 MIME::QuotedPrint 5.419 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.08 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.809 DB_File 1.11 DBD::SQLite 1.50 DBI 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.001000 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS 0.31 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI Thanks! Chris. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk From Phil.Udel at SalemCorp.com Thu Jun 21 21:42:25 2007 From: Phil.Udel at SalemCorp.com (Phil Udel) Date: Thu Jun 21 21:42:47 2007 Subject: Problem with BAYES not running In-Reply-To: <02cc01c7b40d$7b15a8a0$6102a8c0@salemcorp.com> References: <02cc01c7b40d$7b15a8a0$6102a8c0@salemcorp.com> Message-ID: <034001c7b444$acdcb630$6102a8c0@salemcorp.com> Is this Happening to anyone else. On Jun 18 07:21:26 EST All of the following items have stopped scoring, I can't find any problems. any ideas? -1.80 ALL_TRUSTED Passed through trusted hosts only via SMTP -2.60 BAYES_00 Bayesian spam probability is 0 to 1% 0.11 HTML_90_100 Message is 90% to 100% HTML 0.00 HTML_MESSAGE HTML included in message 1.10 MIME_HTML_MOSTLY Multipart message mostly text/html MIME _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Phil Udel Sent: Thursday, June 21, 2007 10:07 AM To: mailscanner@lists.mailscanner.info Subject: Problem with BAYES not running Running the Following SpamAssassin version 3.1.9 MailScanner-4.55.10-3 Fo some unaperant reason I am not getting Bayes scores anymore I normaly would get at lease a BAYES_00 like this Jun 10 04:03:21 mail MailScanner[9467]: Message l5A83ACo017882 from 127.0.0.1 ( root@mail.X.com) to mail.X.com is not spam (whitelisted), ,SpamAssassin (not cached, score=-2.601, required 5, autolearn=not spam, BAYES_00 -2.60,SPF_HELO_PASS -0.00, SPF_PASS -0.00) But Now I get no BAYES Reporting at all even with spam like this Jun 19 17:09:09 mail MailScanner[19863]: Message l5JL8xIA031013 from 201.15.66.40 (xdshipley@crewstart.com) to X.com is spam, SBL+XBL, SpamAssassin (not cached, score=20.355, required 5, autolearn=spam, PYZOR_CHECK 3.70, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CF_RANGE_E8_51_100 1.50 , RAZOR2_CHECK 0.50, SARE_SXLIFE 1.07, URIBL_BLACK 3.00, URIBL_JP_SURBL 4.09, UR IBL_SC_SURBL 4.50) Other than SARE Updates that has been the only change that gets made. ALl has been working fine since I install 4.55 some time ago. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070621/40abdb0e/attachment.html From MailScanner at ecs.soton.ac.uk Thu Jun 21 21:44:47 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 21 21:47:00 2007 Subject: Planning to upgrade from 4.50.15 to latest stable (4.60.8-1) In-Reply-To: <97FD54B5E57A1842AA1A4B232E47611773EBCC@ati-ex-02.ati.local> References: <1ad86fa300ddfe4a8b814f54eda07d21@solidstatelogic.com> <467AD7E9.9060001@ecs.soton.ac.uk> <97FD54B5E57A1842AA1A4B232E47611773EBCC@ati-ex-02.ati.local> Message-ID: <467AE33F.3090701@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chris W. Parker wrote: > OK thanks guys. > > I'm currently in the process of installing MailScanner (~30 minutes so > far). > > Julian, > > Regarding upgrading Spamassassin, is the best way to do that to download > the ClamAV/Spamassassin package on > http://www.mailscanner.info/downloads.html > (http://www.mailscanner.info/files/4/install-Clam-0.90.3-SA-3.2.1.tar.gz > )? > Yes. But make sure of 2 things: Install ClamAV the same way you did last time (i.e. don't let my package install ClamAV if clamscan is not in /usr/local/bin). Make sure you don't have any spamassassin RPM's installed. > > Thanks. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Thursday, June 21, 2007 12:56 PM > To: MailScanner discussion > Subject: Re: Planning to upgrade from 4.50.15 to latest stable > (4.60.8-1) > > That's what I would advise too. Do MailScanner first, then SpamAssassin, > then everything else. > > Martin.Hepworth wrote: > > Chris > > I usually update MailScanner (it's easy to rollback), then the > 3rd party > apps once I'm happy with MS... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Chris W. > Parker > Sent: 21 June 2007 19:48 > To: MailScanner discussion > Subject: Planning to upgrade from 4.50.15 to latest > stable (4.60.8-1) > > Hello, > > I'm planning to do an upgrade but I have a few questions > before I do > > > it. > > > I'm using the following document as a guide: > > http://wiki.mailscanner.info/doku.php?id=maq:index#upgrade_rpm > > 1. Do I need to upgrade the 3rd party apps before I do > the MailScanner > upgrade or after? > > 1b. Or does the MailScanner RPM update the apps during > install on its > own? > > 2. Will 4.60.8-1 work with my installed 3rd party apps > so that I can > test the upgrade (in case I need to do a rollback)? > > Here is the output of 'MailScanner -V'. > > [root@filter ~]# MailScanner -V > Running on > Linux filter.swatgear.com 2.6.9-22.0.1.EL #1 Thu Oct 27 > 12:26:11 CDT > 2005 i686 i686 i386 GNU/Linux > This is CentOS release 4.2 (Final) > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.50.15 > Module versions are: > 1.00 AnyDBM_File > 1.14 Archive::Zip > 1.03 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.14 File::Temp > 1.32 HTML::Entities > 3.48 HTML::Parser > 2.35 HTML::TokeParser > 1.21 IO > 1.10 IO::File > 1.123 IO::Pipe > 1.71 Mail::Header > 3.05 MIME::Base64 > 5.419 MIME::Decoder > 5.419 MIME::Decoder::UU > 5.419 MIME::Head > 5.419 MIME::Parser > 3.03 MIME::QuotedPrint > 5.419 MIME::Tools > 0.10 Net::CIDR > 1.08 POSIX > 1.77 Socket > 0.08 Sys::Syslog > 1.86 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 0.17 Convert::TNEF > 1.809 DB_File > 1.11 DBD::SQLite > 1.50 DBI > 1.08 Digest > 1.01 Digest::HMAC > 2.33 Digest::MD5 > 2.10 Digest::SHA1 > 0.44 Inline > 0.17 Mail::ClamAV > 3.001000 Mail::SpamAssassin > 1.997 Mail::SPF::Query > 0.15 Net::CIDR::Lite > 0.48 Net::DNS > 0.31 Net::LDAP > 1.94 Parse::RecDescent > missing SAVI > 1.4 Sys::Hostname::Long > 2.42 Test::Harness > 0.47 Test::Simple > 1.95 Text::Balanced > 1.35 URI > > > > Thanks! > Chris. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read > http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > > > > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended > for the > addressee only and may be confidential. If they come to you in > error > you must take no action based on them, nor must you copy or show > them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely > those of > the author and unless specifically stated to the contrary, are > not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We > advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 > 1RU, > United Kingdom > > ********************************************************************** > > > > > Jules > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGeuNLEfZZRxQVtlQRAifRAKCQ+pR4hpNU77/eOlNWCQ75aUmW6QCdFfpc T1EozgREXO3D+isJjRFLzfI= =NpOF -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Thu Jun 21 20:41:28 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 21 22:02:45 2007 Subject: Planning to upgrade from 4.50.15 to latest stable (4.60.8-1) In-Reply-To: <97FD54B5E57A1842AA1A4B232E47611773E46D@ati-ex-02.ati.local> References: <97FD54B5E57A1842AA1A4B232E47611773E46D@ati-ex-02.ati.local> Message-ID: Chris W. Parker spake the following on 6/21/2007 11:47 AM: > Hello, > > I'm planning to do an upgrade but I have a few questions before I do it. > > I'm using the following document as a guide: > http://wiki.mailscanner.info/doku.php?id=maq:index#upgrade_rpm > > 1. Do I need to upgrade the 3rd party apps before I do the MailScanner > upgrade or after? > > 1b. Or does the MailScanner RPM update the apps during install on its > own? > > 2. Will 4.60.8-1 work with my installed 3rd party apps so that I can > test the upgrade (in case I need to do a rollback)? > > Here is the output of 'MailScanner -V'. > I run the following script before an upgrade. It gives me a quick recovery if I need to. It is modified from the script in the maq. You can just run the restorems(date) script to go back, and the delms(date) to kill the backup when you don't want it anymore. I hardcoded the paths just to be quick and dirty, and never went back to clean it up. #!/bin/bash cp -a /etc/MailScanner /etc/MailScanner.$(date +%Y%m%d) cp -a /usr/lib/MailScanner /usr/lib/MailScanner.$(date +%Y%m%d) cp -a /usr/sbin/MailScanner /usr/sbin/MailScanner.$(date +%Y%m%d) echo cp -a --remove-destination /etc/MailScanner.$(date +%Y%m%d) /etc/MailScanner > /root/restorems-$(date +%Y%m%d).sh echo cp -a --remove-destination /usr/lib/MailScanner.$(date +%Y%m%d) /usr/lib/MailScanner >> /root/restorems-$(date +%Y%m%d).sh echo cp -a --remove-destination /usr/sbin/MailScanner.$(date +%Y%m%d) /usr/sbin/MailScanner>> /root/restorems-$(date +%Y%m%d).sh chmod +x /root/restorems-$(date +%Y%m%d).sh echo rm -fr /etc/MailScanner.$(date +%Y%m%d) > /root/delmsback-$(date +%Y%m%d).sh echo rm -fr /usr/lib/MailScanner.$(date +%Y%m%d) >> /root/delmsback-$(date +%Y%m%d).sh echo rm -fr /usr/sbin/MailScanner.$(date +%Y%m%d) >> /root/delmsback-$(date +%Y%m%d).sh echo rm -fr /root/restorems-$(date +%Y%m%d).sh >> /root/delmsback-$(date +%Y%m%d).sh echo rm -fr /root/delmsback-$(date +%Y%m%d).sh >> /root/delmsback-$(date +%Y%m%d).sh chmod +x /root/delmsback-$(date +%Y%m%d).sh -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Thu Jun 21 22:12:52 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 21 22:14:52 2007 Subject: Planning to upgrade from 4.50.15 to latest stable (4.60.8-1) In-Reply-To: <467AE33F.3090701@ecs.soton.ac.uk> References: <1ad86fa300ddfe4a8b814f54eda07d21@solidstatelogic.com> <467AD7E9.9060001@ecs.soton.ac.uk> <97FD54B5E57A1842AA1A4B232E47611773EBCC@ati-ex-02.ati.local> <467AE33F.3090701@ecs.soton.ac.uk> Message-ID: <467AE9D4.9000101@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 One more thing. Note the bug-fixes in 4.61 to the auto-zip feature. I would not advise using the auto-zip feature with any version prior to 4.61. The bug-fixes were quite important. Julian Field wrote: > * PGP Signed: 06/21/07 at 21:44:59 > > > > Chris W. Parker wrote: >> OK thanks guys. >> >> I'm currently in the process of installing MailScanner (~30 minutes so >> far). >> >> Julian, >> >> Regarding upgrading Spamassassin, is the best way to do that to download >> the ClamAV/Spamassassin package on >> http://www.mailscanner.info/downloads.html >> (http://www.mailscanner.info/files/4/install-Clam-0.90.3-SA-3.2.1.tar.gz >> )? >> > Yes. But make sure of 2 things: > Install ClamAV the same way you did last time (i.e. don't let my > package install ClamAV if clamscan is not in /usr/local/bin). > Make sure you don't have any spamassassin RPM's installed. >> >> Thanks. >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian >> Field >> Sent: Thursday, June 21, 2007 12:56 PM >> To: MailScanner discussion >> Subject: Re: Planning to upgrade from 4.50.15 to latest stable >> (4.60.8-1) >> >> That's what I would advise too. Do MailScanner first, then SpamAssassin, >> then everything else. >> >> Martin.Hepworth wrote: >> Chris >> >> I usually update MailScanner (it's easy to rollback), then the >> 3rd party >> apps once I'm happy with MS... >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Chris W. >> Parker >> Sent: 21 June 2007 19:48 >> To: MailScanner discussion >> Subject: Planning to upgrade from 4.50.15 to latest >> stable (4.60.8-1) >> >> Hello, >> >> I'm planning to do an upgrade but I have a few questions >> before I do >> >> it. >> >> I'm using the following document as a guide: >> >> http://wiki.mailscanner.info/doku.php?id=maq:index#upgrade_rpm >> >> 1. Do I need to upgrade the 3rd party apps before I do >> the MailScanner >> upgrade or after? >> >> 1b. Or does the MailScanner RPM update the apps during >> install on its >> own? >> >> 2. Will 4.60.8-1 work with my installed 3rd party apps >> so that I can >> test the upgrade (in case I need to do a rollback)? >> >> Here is the output of 'MailScanner -V'. >> >> [root@filter ~]# MailScanner -V >> Running on >> Linux filter.swatgear.com 2.6.9-22.0.1.EL #1 Thu Oct 27 >> 12:26:11 CDT >> 2005 i686 i686 i386 GNU/Linux >> This is CentOS release 4.2 (Final) >> This is Perl version 5.008005 (5.8.5) >> >> This is MailScanner version 4.50.15 >> Module versions are: >> 1.00 AnyDBM_File >> 1.14 Archive::Zip >> 1.03 Carp >> 1.119 Convert::BinHex >> 1.00 DirHandle >> 1.05 Fcntl >> 2.73 File::Basename >> 2.08 File::Copy >> 2.01 FileHandle >> 1.06 File::Path >> 0.14 File::Temp >> 1.32 HTML::Entities >> 3.48 HTML::Parser >> 2.35 HTML::TokeParser >> 1.21 IO >> 1.10 IO::File >> 1.123 IO::Pipe >> 1.71 Mail::Header >> 3.05 MIME::Base64 >> 5.419 MIME::Decoder >> 5.419 MIME::Decoder::UU >> 5.419 MIME::Head >> 5.419 MIME::Parser >> 3.03 MIME::QuotedPrint >> 5.419 MIME::Tools >> 0.10 Net::CIDR >> 1.08 POSIX >> 1.77 Socket >> 0.08 Sys::Syslog >> 1.86 Time::HiRes >> 1.02 Time::localtime >> >> Optional module versions are: >> 0.17 Convert::TNEF >> 1.809 DB_File >> 1.11 DBD::SQLite >> 1.50 DBI >> 1.08 Digest >> 1.01 Digest::HMAC >> 2.33 Digest::MD5 >> 2.10 Digest::SHA1 >> 0.44 Inline >> 0.17 Mail::ClamAV >> 3.001000 Mail::SpamAssassin >> 1.997 Mail::SPF::Query >> 0.15 Net::CIDR::Lite >> 0.48 Net::DNS >> 0.31 Net::LDAP >> 1.94 Parse::RecDescent >> missing SAVI >> 1.4 Sys::Hostname::Long >> 2.42 Test::Harness >> 0.47 Test::Simple >> 1.95 Text::Balanced >> 1.35 URI >> >> >> >> Thanks! >> Chris. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read >> http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the >> website! >> >> >> >> >> >> >> ********************************************************************** >> Confidentiality : This e-mail and any attachments are intended >> for the addressee only and may be confidential. If they come to >> you in >> error you must take no action based on them, nor must you copy or >> show >> them to anyone. Please advise the sender by replying to this >> e-mail immediately and then delete the original from your computer. >> Opinion : Any opinions expressed in this e-mail are entirely >> those of the author and unless specifically stated to the >> contrary, are >> not necessarily those of the author's employer. >> Security Warning : Internet e-mail is not necessarily a secure >> communications medium and can be subject to data corruption. We >> advise that you consider this fact when e-mailing us. Viruses >> : We have taken steps to ensure that this e-mail and any >> >> attachments are free from known viruses but in keeping with good >> >> computing practice, you should ensure that they are virus free. >> >> Red Lion 49 Ltd T/A Solid State Logic >> Registered as a limited company in England and Wales (Company >> No:5362730) >> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 >> 1RU, United Kingdom >> >> ********************************************************************** >> >> >> >> Jules >> >> > > Jules > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGeunYEfZZRxQVtlQRAlVOAJoD9UqZT8Xkin4iqab3NNKjzgdtlgCg7sj/ 8ylFr1wkuBv+KVf4I3pUQmY= =uXa5 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Thu Jun 21 20:47:24 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 21 22:20:58 2007 Subject: problem having using french support In-Reply-To: <467AD236.9010509@DMS.UMontreal.CA> References: <467AC5E6.2040305@DMS.UMontreal.CA> <467AC9DF.5080903@yeticomputers.com> <467AD236.9010509@DMS.UMontreal.CA> Message-ID: Administrateur de systemes spake the following on 6/21/2007 12:32 PM: > That was the problem > > When do a file on the msg i get > > penguin [/tmp] >file msg-4551-7.txt > msg-4551-7.txt: DOS executable (COM) > > Is there a way to find a solution ? other languauges have the same problem ? > My magic file has all the Dos Executable (COM) entries disabled by default. I wonder if it is a risk? There couldn't be that many left floating around anymore. # .COM formats (Daniel Quinlan, quinlan@yggdrasil.com) # Uncommenting only the first two lines will cover about 2/3 of COM files, # but it isn't feasible to match all COM files since there must be at least # two dozen different one-byte "magics". #0 byte 0xe9 MS-DOS executable (COM) #>6 string SFX\ of\ LHarc (%s) #0 byte 0x8c MS-DOS executable (COM) # 0xeb conflicts with "sequent" magic #0 byte 0xeb MS-DOS executable (COM) #0 byte 0xb8 MS-DOS executable (COM) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From res at ausics.net Thu Jun 21 22:22:53 2007 From: res at ausics.net (Res) Date: Thu Jun 21 22:23:05 2007 Subject: Bug in 4.58.9 ? In-Reply-To: <467AB756.2060207@USherbrooke.ca> References: <467A7BC5.2000704@USherbrooke.ca> <467AB756.2060207@USherbrooke.ca> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NotDashEscaped: You need GnuPG to verify this message On Thu, 21 Jun 2007, Denis Beauchemin wrote: > > I don't install every new release because most of the time I don't really > need the new features they provide. I don't have the time to install Really so you dont need to impliment BUG FIXES either *sigh* if you took the time to read the changelogs you'd see they are not just new feature releases. Anyay if someone else wishes to waste their time on you with your attitude thats fine, it wont be me. > everything new just because there is a new version available either. This is > just plain stupid to tell someone to upgrade to the latest release when they > run a quite recent one. I am not running a one year old version! > Then dont expect help on say the bind list (and countlesss others) either because you will be told the same thing -- Cheers Res -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGeuwtsWhAmSIQh7MRAoysAKCdOf82bfI2jdR2eFG6TZJG/wFu/gCfUrGd GNDhlRtjpk3s3P9gUe9VnGc= =bCwo -----END PGP SIGNATURE----- From cparker at swatgear.com Thu Jun 21 23:14:39 2007 From: cparker at swatgear.com (Chris W. Parker) Date: Thu Jun 21 23:14:42 2007 Subject: Planning to upgrade from 4.50.15 to latest stable (4.60.8-1) References: <1ad86fa300ddfe4a8b814f54eda07d21@solidstatelogic.com> <467AD7E9.9060001@ecs.soton.ac.uk><97FD54B5E57A1842AA1A4B232E47611773EBCC@ati-ex-02.ati.local> <467AE33F.3090701@ecs.soton.ac.uk> Message-ID: <97FD54B5E57A1842AA1A4B232E47611773EBCD@ati-ex-02.ati.local> On Thursday, June 21, 2007 1:45 PM Julian Field said: > Yes. But make sure of 2 things: > Install ClamAV the same way you did last time (i.e. don't let my > package install ClamAV if clamscan is not in /usr/local/bin). > Make sure you don't have any spamassassin RPM's installed. For my final trick... I have no idea how I installed ClamAV last time. But I can say that I *do* have clamav in /usr/local/bin and I can't find any spamassassin RPMs. Does it sound safe to move ahead? Thanks, Chris. From febrianto at sioenasia.com Fri Jun 22 03:50:05 2007 From: febrianto at sioenasia.com (Budi Febrianto) Date: Fri Jun 22 03:44:45 2007 Subject: Spammers using pdf files Message-ID: According to http://www.networkworld.com/news/2007/062007-spam-outbreak-german-stock.html?fsrc=rss-spam Now spammer using pdf files? "The German stock spam message was cleverly designed, officials at IronPort say, using a professional looking PDF attached to the e-mail message that looks like an investment newsletter. This was the first time IronPort has seen spammers using PDFs to attempt to fool recipients, it says. " From Denis.Beauchemin at USherbrooke.ca Fri Jun 22 04:33:43 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Jun 22 04:33:51 2007 Subject: Bug in 4.58.9 ? In-Reply-To: References: <467A7BC5.2000704@USherbrooke.ca> <467AB756.2060207@USherbrooke.ca> Message-ID: <467B4317.40005@USherbrooke.ca> Res a ?crit : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > NotDashEscaped: You need GnuPG to verify this message > > On Thu, 21 Jun 2007, Denis Beauchemin wrote: > >> >> I don't install every new release because most of the time I don't >> really need the new features they provide. I don't have the time to >> install > > Really so you dont need to impliment BUG FIXES either *sigh* > if you took the time to read the changelogs you'd see they are not > just new feature releases. I didn't say I don't install bug fixes. My systems are fully patched (at least according to RH releases). I read this list every day and I know what's new and what's been fixed and there was nothing about such a bug! > > Anyay if someone else wishes to waste their time on you with your > attitude thats fine, it wont be me. > > >> everything new just because there is a new version available either. >> This is just plain stupid to tell someone to upgrade to the latest >> release when they run a quite recent one. I am not running a one >> year old version! >> > > Then dont expect help on say the bind list (and countlesss others) > either because you will be told the same thing > And they may be right to do so but this is not always required. I know that the MS release I run is quite close to the current one and it won't help me to install it just to tell you that I'm running the latest release. Anyhow this request was more targeted towards Julian than other users. Don't bother arguing with me as I am going on vacation for a couple of days and I won't read your mails on the beach. Denis From rcooper at dwford.com Fri Jun 22 04:56:03 2007 From: rcooper at dwford.com (Rick Cooper) Date: Fri Jun 22 04:56:09 2007 Subject: Spammers using pdf files In-Reply-To: References: Message-ID: <01b901c7b481$41773220$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Budi Febrianto > Sent: Thursday, June 21, 2007 10:50 PM > To: MailScanner discussion > Subject: Spammers using pdf files > > > According to > http://www.networkworld.com/news/2007/062007-spam-outbreak-ge > rman-stock.html?fsrc=rss-spam > > Now spammer using pdf files? > > "The German stock spam message was cleverly designed, > officials at IronPort > say, using a professional looking PDF attached to the e-mail > message that > looks like an investment newsletter. This was the first time > IronPort has > seen spammers using PDFs to attempt to fool recipients, it says. " > Speaking of this, I forgot to mention Steve Basford dropped me a note saying he has added a new sig to try and catch this spam to SaneSecurity's signatures. Should show up as Email.Stk.Gen522.Sanesecurity.07062102.pdf. If someone using SaneSecurity's sigs has one slip by email it to me and I will send it on to Steve. I haven't had any come through (caught or otherwise) as of yet. Rick Cooper -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Fri Jun 22 08:51:16 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 22 08:51:19 2007 Subject: MCP works, doesn't deliver In-Reply-To: <00be01c7b422$2bbf8d10$0301a8c0@SAHOMELT> References: <00be01c7b422$2bbf8d10$0301a8c0@SAHOMELT> Message-ID: <223f97700706220051o381c15d3v9534b176a8dd76b8@mail.gmail.com> And it works locally? How very odd. Did you submit via telnet? On 21/06/07, Rick Cooper wrote: > I have never used the MCP features of MailScanner before, after all the > traffic thought I would try it. My problem is a bit odd in that if I do a > test (with the sample rules) it hits fine, and if I sent it locally it > delivers the mail tagged correctly. However, if I send it from remote it > does exactly the same thing, logs the same way, says it delivered and then > the message is just gone. Not in any queue, not in the inbox, just gone. > > MCP Setup as follows: > > MCP Checks = yes > > MCP Required SpamAssassin Score = 5 > MCP High SpamAssassin Score = 14 > MCP Error Score = 1 > > MCP Header = X-%org-name%-MailScanner-MCPCheck: > Non MCP Actions = deliver > MCP Actions = deliver > High Scoring MCP Actions = deliver > Bounce MCP As Attachment = no > > MCP Modify Subject = yes > MCP Subject Text = [MCP Content Bad?] > High Scoring MCP Modify Subject = yes > High Scoring MCP Subject Text = [MCP Content BAD YES] > > Is Definitely MCP = no > Is Definitely Not MCP = no > Definite MCP Is High Scoring = no > Always Include MCP Report = yes > Detailed MCP Report = yes > Include Scores In MCP Report = yes > Log MCP = yes > > MCP Max SpamAssassin Timeouts = 20 > MCP Max SpamAssassin Size = 1000000 > MCP SpamAssassin Timeout = 60 > > MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf > MCP SpamAssassin User State Dir = > MCP SpamAssassin Local Rules Dir = %mcp-dir% > MCP SpamAssassin Default Rules Dir = %mcp-dir% > MCP SpamAssassin Install Prefix = %mcp-dir% > Recipient MCP Report = %report-dir%/recipient.mcp.report.txt > Sender MCP Report = %report-dir%/sender.mcp.report.txt > > > The etc/mcp/v320.pre is the default as is the prefs file > > The log says (on a message that never arrives) > > New Batch: Scanning 1 messages, 17233 bytes > MCP Checks: Starting > Message 1I1PHy-0008VY-I7 from 66.249.241.90 (rcooper@dwford.com) to > cooper-home.com is MCP, MCP-Checker (score=5, required 5, SAMPLE_RULE2 5.00) > MCP Checks: Found 1 MCP messages > MCP Actions: message 1I1PHy-0008VY-I7 actions are deliver > Spam Checks: Starting > Virus and Content Scanning: Starting > <----------- CLAMD SCAN BEGIN--------> > CLAMD VER : ClamAV 0.91rc1/3486/Thu Jun 21 01:56:11 2007 > CLAMD VERNO : 0911 > ----------------------------------------------------------------------- > CLAMD ELAPSED TIME : 0.025145 > ----------------------------------------------------------------------- > HTML Img tag found in message 1I1PHy-0008VY-I7 from rcooper@dwford.com > Uninfected: Delivered 1 messages > Logging message 1I1PHy-0008VY-I7 to SQL > > > I am stumped, anyone care to guess? > > Rick Cooper > > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From daniel at danielf.ch Fri Jun 22 09:43:56 2007 From: daniel at danielf.ch (Daniel Fuhrer) Date: Fri Jun 22 09:44:01 2007 Subject: Rules Message-ID: <96EF3FB3C374A64187CCB0D0DA716F2446ED@idefix.danielf.local> Hi all I have a question about rules. According to the documentation, I can rewrite the Subject of a message. Can I rewrite this per rule? Somthin like: header TEST_RULE1 /test subject/i rewrite_header Subject **Found Header** body TEST_RULE2 /test body/i rewrite_header Subject **Found Body** According to the docs on http://mywebpages.comcast.net/mkettler/sa/SA-rules-howto.txt I should put the rules in the local.cf file. There is a sample file. But in there are not really rules. Can I create for each rule a .cf file and put my rules in? Thanks for your help Cheers Daniel -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070622/a9b3bcd9/attachment.html From prandal at herefordshire.gov.uk Fri Jun 22 10:06:42 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Jun 22 10:07:52 2007 Subject: Planning to upgrade from 4.50.15 to latest stable (4.60.8-1) In-Reply-To: <97FD54B5E57A1842AA1A4B232E47611773E46D@ati-ex-02.ati.local> References: <97FD54B5E57A1842AA1A4B232E47611773E46D@ati-ex-02.ati.local> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAF79688@HC-MBX02.herefordshire.gov.uk> CentOS 4.2? Time for a "yum update", methinks... Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Chris W. Parker > Sent: 21 June 2007 19:48 > To: MailScanner discussion > Subject: Planning to upgrade from 4.50.15 to latest stable (4.60.8-1) > > Hello, > > I'm planning to do an upgrade but I have a few questions > before I do it. > > I'm using the following document as a guide: > http://wiki.mailscanner.info/doku.php?id=maq:index#upgrade_rpm > > 1. Do I need to upgrade the 3rd party apps before I do the MailScanner > upgrade or after? > > 1b. Or does the MailScanner RPM update the apps during install on its > own? > > 2. Will 4.60.8-1 work with my installed 3rd party apps so that I can > test the upgrade (in case I need to do a rollback)? > > Here is the output of 'MailScanner -V'. > > [root@filter ~]# MailScanner -V > Running on > Linux filter.swatgear.com 2.6.9-22.0.1.EL #1 Thu Oct 27 12:26:11 CDT > 2005 i686 i686 i386 GNU/Linux > This is CentOS release 4.2 (Final) > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.50.15 > Module versions are: > 1.00 AnyDBM_File > 1.14 Archive::Zip > 1.03 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.14 File::Temp > 1.32 HTML::Entities > 3.48 HTML::Parser > 2.35 HTML::TokeParser > 1.21 IO > 1.10 IO::File > 1.123 IO::Pipe > 1.71 Mail::Header > 3.05 MIME::Base64 > 5.419 MIME::Decoder > 5.419 MIME::Decoder::UU > 5.419 MIME::Head > 5.419 MIME::Parser > 3.03 MIME::QuotedPrint > 5.419 MIME::Tools > 0.10 Net::CIDR > 1.08 POSIX > 1.77 Socket > 0.08 Sys::Syslog > 1.86 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 0.17 Convert::TNEF > 1.809 DB_File > 1.11 DBD::SQLite > 1.50 DBI > 1.08 Digest > 1.01 Digest::HMAC > 2.33 Digest::MD5 > 2.10 Digest::SHA1 > 0.44 Inline > 0.17 Mail::ClamAV > 3.001000 Mail::SpamAssassin > 1.997 Mail::SPF::Query > 0.15 Net::CIDR::Lite > 0.48 Net::DNS > 0.31 Net::LDAP > 1.94 Parse::RecDescent > missing SAVI > 1.4 Sys::Hostname::Long > 2.42 Test::Harness > 0.47 Test::Simple > 1.95 Text::Balanced > 1.35 URI > > > > Thanks! > Chris. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From shuttlebox at gmail.com Fri Jun 22 10:08:54 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Jun 22 10:08:57 2007 Subject: Rules In-Reply-To: <96EF3FB3C374A64187CCB0D0DA716F2446ED@idefix.danielf.local> References: <96EF3FB3C374A64187CCB0D0DA716F2446ED@idefix.danielf.local> Message-ID: <625385e30706220208x29e05bc3vfd44d71a39788b18@mail.gmail.com> On 6/22/07, Daniel Fuhrer wrote: > I have a question about rules. According to the documentation, I can rewrite > the Subject of a message. Can I rewrite this per rule? Somthin like: No, the rewrite is for mail considered spam. > According to the docs on > http://mywebpages.comcast.net/mkettler/sa/SA-rules-howto.txt > I should put the rules in the local.cf file. There is a sample file. But in > there are not really rules. Can I create for each rule a .cf file and put my > rules in? Yes, but there's no need for a separate file for each rule, use one file for all your rules. -- /peter From gtj at addicks.org Fri Jun 22 11:11:51 2007 From: gtj at addicks.org (Glynne Jones) Date: Fri Jun 22 11:13:34 2007 Subject: 4.61.3 In Production? Message-ID: <527E74CE-2DA5-4F2A-AE3B-43D63FD99CCB@addicks.org> I've not seen a lot of feedback on 4.61.3 - is anyone running it in a production environment? Any problems? Seems to be working well on my test system, but that doesn't handle large amounts of mail. I need the clamd functionality, hence testing this version. Thanks, Glynne From gerard at seibercom.net Fri Jun 22 11:21:07 2007 From: gerard at seibercom.net (Gerard) Date: Fri Jun 22 11:20:59 2007 Subject: Spammers using pdf files In-Reply-To: <01b901c7b481$41773220$0301a8c0@SAHOMELT> References: <01b901c7b481$41773220$0301a8c0@SAHOMELT> Message-ID: <20070622062008.6ACF.GERARD@seibercom.net> On June 21, 2007 at 11:56PM Rick Cooper wrote: [snip] > Speaking of this, I forgot to mention Steve Basford dropped me a note saying > he has added a new sig to try and catch this spam to SaneSecurity's > signatures. Should show up as Email.Stk.Gen522.Sanesecurity.07062102.pdf. If > someone using SaneSecurity's sigs has one slip by email it to me and I will > send it on to Steve. I haven't had any come through (caught or otherwise) as > of yet. Conversely, they could just send it to him directly: steveb@webtribe.net -- Gerard From nerijusb at dtiltas.lt Fri Jun 22 11:23:25 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Fri Jun 22 11:30:05 2007 Subject: Beta release 4.61.3 In-Reply-To: <4673FED5.6030306@ecs.soton.ac.uk> References: <4671129F.80201@ecs.soton.ac.uk><20070614112002.C2A4EFF0F@mx-a.vdnet.lt> <4673FED5.6030306@ecs.soton.ac.uk> Message-ID: <20070622102921.3D7BD1224A2@mx-b.vdnet.lt> On Sat, 16 Jun 2007 16:16:37 +0100 Julian Field wrote: > > Could you please rename /etc/cron.daily/sa-update to update_spamassassin > > as per discussion in "/etc/cron.daily/sa-update rpm conflict" thread? > > Because it clashes now with atrpms spamassassin package and will > > probably clash with Fedora package in the future. And it will be consistent > > with update_phishing_sites and update_virus_scanners :) > > No problem. This will be in the next release. Thanks. Also could you please add Disabled=no; if [ "x$Disabled" = "xyes" ]; then exit; fi section to update_virus_scanners script? It will be enabled by default so it will not cause problems upgrading, but it will give me a chance to easily disable it (the need arose when I started using clamd - clamav init script starts freshclam daemon too, so I want to disable either it or MailScanner's update_virus_scanners). Regards, Nerijus From uxbod at splatnix.net Fri Jun 22 11:20:46 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Fri Jun 22 11:35:48 2007 Subject: 4.61.3 In Production? In-Reply-To: <527E74CE-2DA5-4F2A-AE3B-43D63FD99CCB@addicks.org> References: <527E74CE-2DA5-4F2A-AE3B-43D63FD99CCB@addicks.org> Message-ID: <82dbe44d37e86dfd21a38fcd498b03a2@62.49.223.244> Running at work okay on secondary MX. Processing about 60k emails a day. On Fri, 22 Jun 2007 11:11:51 +0100, Glynne Jones wrote: > I've not seen a lot of feedback on 4.61.3 - is anyone running it in a > production environment? Any problems? > > Seems to be working well on my test system, but that doesn't handle > large amounts of mail. I need the clamd functionality, hence testing > this version. > > Thanks, > > Glynne > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is > believed to be clean. -- --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Jun 22 11:42:41 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 22 11:45:28 2007 Subject: Planning to upgrade from 4.50.15 to latest stable (4.60.8-1) In-Reply-To: <97FD54B5E57A1842AA1A4B232E47611773EBCD@ati-ex-02.ati.local> References: <1ad86fa300ddfe4a8b814f54eda07d21@solidstatelogic.com> <467AD7E9.9060001@ecs.soton.ac.uk><97FD54B5E57A1842AA1A4B232E47611773EBCC@ati-ex-02.ati.local> <467AE33F.3090701@ecs.soton.ac.uk> <97FD54B5E57A1842AA1A4B232E47611773EBCD@ati-ex-02.ati.local> Message-ID: <467BA7A1.3070902@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070622/81664530/PGP.bin From MailScanner at ecs.soton.ac.uk Fri Jun 22 11:47:22 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 22 11:49:31 2007 Subject: Beta release 4.61.3 In-Reply-To: <20070622102921.3D7BD1224A2@mx-b.vdnet.lt> References: <4671129F.80201@ecs.soton.ac.uk><20070614112002.C2A4EFF0F@mx-a.vdnet.lt> <4673FED5.6030306@ecs.soton.ac.uk> <20070622102921.3D7BD1224A2@mx-b.vdnet.lt> Message-ID: <467BA8BA.4060104@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070622/0bd633e9/PGP-0001.bin From jlcostinha at halla.pt Fri Jun 22 11:50:53 2007 From: jlcostinha at halla.pt (Jorge Costinha) Date: Fri Jun 22 11:51:11 2007 Subject: =?iso-8859-1?q?invalid_filename_when_sending_email_when_first_ch?= =?iso-8859-1?q?aracter_is_=22=E9=22?= Message-ID: <467BA98D.7040406@halla.pt> a simple text email with no attachments at all, just with *?* character results in the following error: "Warning: This message has had one or more attachments removed Warning: (the entire message). Warning: Please read the "HCC-mx-Attachment-Warning.txt" attachment(s) for more information. This is a message from the MailScanner E-Mail Virus Protection Service ---------------------------------------------------------------------- The original e-mail attachment "the entire message" is on the list of unacceptable attachments for this site and has been replaced by this warning message. If you wish to receive a copy of the original attachment, please e-mail helpdesk and include the whole of this message in your request. Alternatively, you can call them, with the contents of this message to hand when you call. At Fri Jun 22 11:43:32 2007 the virus scanner said: MailScanner: No programs allowed (msg-18164-12.txt) Note to Help Desk: Look on the HCC-mx (mx.halla.pt) MailScanner in /var/spool/MailScanner/quarantine/20070622 (message l5MAhVa5021067). " there is no attachment, how can this mail match the attachment rule? sounds like a bug... im using Mailscanner version : 4.60.8-1 and OS : Fedora core 6 and RH AS3 thanks. Jorge From rcooper at dwford.com Fri Jun 22 12:05:21 2007 From: rcooper at dwford.com (Rick Cooper) Date: Fri Jun 22 12:05:27 2007 Subject: MCP works, doesn't deliver In-Reply-To: <223f97700706220051o381c15d3v9534b176a8dd76b8@mail.gmail.com> References: <00be01c7b422$2bbf8d10$0301a8c0@SAHOMELT> <223f97700706220051o381c15d3v9534b176a8dd76b8@mail.gmail.com> Message-ID: <025401c7b4bd$3a45a590$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Glenn Steen > Sent: Friday, June 22, 2007 3:51 AM > To: MailScanner discussion > Subject: Re: MCP works, doesn't deliver > > And it works locally? How very odd. Did you submit via telnet? What I should have said is local domain. If a@b.com sends to b@b.com it processes exactly the same but is delivered where as a@c.com sends to b@b.com it says it delivered it but it just disappears. I hope I get some more time today to look at it but it's really odd. Rick > > On 21/06/07, Rick Cooper wrote: > > I have never used the MCP features of MailScanner before, > after all the > > traffic thought I would try it. My problem is a bit odd in > that if I do a > > test (with the sample rules) it hits fine, and if I sent > it locally it > > delivers the mail tagged correctly. However, if I send it > from remote it > > does exactly the same thing, logs the same way, says it > delivered and then > > the message is just gone. Not in any queue, not in the > inbox, just gone. > > > > MCP Setup as follows: > > > > MCP Checks = yes > > > > MCP Required SpamAssassin Score = 5 > > MCP High SpamAssassin Score = 14 > > MCP Error Score = 1 > > > > MCP Header = X-%org-name%-MailScanner-MCPCheck: > > Non MCP Actions = deliver > > MCP Actions = deliver > > High Scoring MCP Actions = deliver > > Bounce MCP As Attachment = no > > > > MCP Modify Subject = yes > > MCP Subject Text = [MCP Content Bad?] > > High Scoring MCP Modify Subject = yes > > High Scoring MCP Subject Text = [MCP Content BAD YES] > > > > Is Definitely MCP = no > > Is Definitely Not MCP = no > > Definite MCP Is High Scoring = no > > Always Include MCP Report = yes > > Detailed MCP Report = yes > > Include Scores In MCP Report = yes > > Log MCP = yes > > > > MCP Max SpamAssassin Timeouts = 20 > > MCP Max SpamAssassin Size = 1000000 > > MCP SpamAssassin Timeout = 60 > > > > MCP SpamAssassin Prefs File = > %mcp-dir%/mcp.spam.assassin.prefs.conf > > MCP SpamAssassin User State Dir = > > MCP SpamAssassin Local Rules Dir = %mcp-dir% > > MCP SpamAssassin Default Rules Dir = %mcp-dir% > > MCP SpamAssassin Install Prefix = %mcp-dir% > > Recipient MCP Report = %report-dir%/recipient.mcp.report.txt > > Sender MCP Report = %report-dir%/sender.mcp.report.txt > > > > > > The etc/mcp/v320.pre is the default as is the prefs file > > > > The log says (on a message that never arrives) > > > > New Batch: Scanning 1 messages, 17233 bytes > > MCP Checks: Starting > > Message 1I1PHy-0008VY-I7 from 66.249.241.90 > (rcooper@dwford.com) to > > cooper-home.com is MCP, MCP-Checker (score=5, required 5, > SAMPLE_RULE2 5.00) > > MCP Checks: Found 1 MCP messages > > MCP Actions: message 1I1PHy-0008VY-I7 actions are deliver > > Spam Checks: Starting > > Virus and Content Scanning: Starting > > <----------- CLAMD SCAN BEGIN--------> > > CLAMD VER : ClamAV 0.91rc1/3486/Thu Jun 21 01:56:11 2007 > > CLAMD VERNO : 0911 > > > ------------------------------------------------------------- > ---------- > > CLAMD ELAPSED TIME : 0.025145 > > > ------------------------------------------------------------- > ---------- > > HTML Img tag found in message 1I1PHy-0008VY-I7 from > rcooper@dwford.com > > Uninfected: Delivered 1 messages > > Logging message 1I1PHy-0008VY-I7 to SQL > > > > > > I am stumped, anyone care to guess? > > > > Rick Cooper > > > > > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Fri Jun 22 12:07:57 2007 From: rcooper at dwford.com (Rick Cooper) Date: Fri Jun 22 12:08:03 2007 Subject: Spammers using pdf files In-Reply-To: <20070622062008.6ACF.GERARD@seibercom.net> References: <01b901c7b481$41773220$0301a8c0@SAHOMELT> <20070622062008.6ACF.GERARD@seibercom.net> Message-ID: <025501c7b4bd$97e5d8f0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Gerard > Sent: Friday, June 22, 2007 6:21 AM > To: mailscanner@lists.mailscanner.info > Subject: Re[2]: Spammers using pdf files > > On June 21, 2007 at 11:56PM Rick Cooper wrote: > > [snip] > > > Speaking of this, I forgot to mention Steve Basford > dropped me a note saying > > he has added a new sig to try and catch this spam to SaneSecurity's > > signatures. Should show up as > Email.Stk.Gen522.Sanesecurity.07062102.pdf. If > > someone using SaneSecurity's sigs has one slip by email it > to me and I will > > send it on to Steve. I haven't had any come through > (caught or otherwise) as > > of yet. > > Conversely, they could just send it to him directly: > > steveb@webtribe.net > > -- I would think that would be alright, but the email was personal and I didn't want to make assumptions as to someone else's wishes. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From john at tradoc.fr Fri Jun 22 12:15:10 2007 From: john at tradoc.fr (John Wilcock) Date: Fri Jun 22 12:15:19 2007 Subject: Beta release 4.61.3 In-Reply-To: <4673FED5.6030306@ecs.soton.ac.uk> References: <4671129F.80201@ecs.soton.ac.uk> <20070614112002.C2A4EFF0F@mx-a.vdnet.lt> <4673FED5.6030306@ecs.soton.ac.uk> Message-ID: <467BAF3E.1000600@tradoc.fr> Julian Field wrote: > Nerijus Baliunas wrote: >> Could you please rename /etc/cron.daily/sa-update to update_spamassassin >> > No problem. This will be in the next release. While you're updating that, Julian, you might like to add in sa-compile functionality for SA 3.2.x It could be as simple as /usr/bin/sa-update && /usr/bin/sa-compile &> /dev/null \ && /etc/init.d/MailScanner reload though I suppose you'd have to test for the existence of sa-compile to allow for those still using 3.1.x. Ideally the script would also allow for an alternative sa-update channel file for those of us who use sa-update rather than rulesdujour for SARE rules, for example, though it could be argued that this is up to individual admins to customise. John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From nerijusb at dtiltas.lt Fri Jun 22 12:28:29 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Fri Jun 22 12:30:08 2007 Subject: milters with postfix Message-ID: <20070622112921.DADFF1224A2@mx-b.vdnet.lt> Hello, I updated to postfix 2.4.3 and mailscanner 4.61.3 and the old problem with corrupted headers is back again. But the " 0" is added not after the last header as before, but in the middle of the headers: From: Nerijus Baliunas Subject: 2 0 To: postmaster@example.lt Any ideas? Should I provide email samples and queue files again? Regards, Nerijus From prandal at herefordshire.gov.uk Fri Jun 22 12:58:55 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Jun 22 12:59:14 2007 Subject: Beta release 4.61.3 In-Reply-To: <467BAF3E.1000600@tradoc.fr> References: <4671129F.80201@ecs.soton.ac.uk> <20070614112002.C2A4EFF0F@mx-a.vdnet.lt><4673FED5.6030306@ecs.soton.ac.uk> <467BAF3E.1000600@tradoc.fr> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAF796FF@HC-MBX02.herefordshire.gov.uk> You'd have to configure use of sa-compile, not just do it on the basis of the existence of the sa-compile executable. I'm sure there are lots of SA 3.x.x users who don't use sa-compile. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of John Wilcock > Sent: 22 June 2007 12:15 > To: MailScanner discussion > Subject: Re: Beta release 4.61.3 > > Julian Field wrote: > > Nerijus Baliunas wrote: > >> Could you please rename /etc/cron.daily/sa-update to > update_spamassassin > >> > > No problem. This will be in the next release. > > While you're updating that, Julian, you might like to add in > sa-compile > functionality for SA 3.2.x > > It could be as simple as > /usr/bin/sa-update && /usr/bin/sa-compile &> /dev/null \ > && /etc/init.d/MailScanner reload > > though I suppose you'd have to test for the existence of > sa-compile to > allow for those still using 3.1.x. > > Ideally the script would also allow for an alternative > sa-update channel > file for those of us who use sa-update rather than > rulesdujour for SARE > rules, for example, though it could be argued that this is up to > individual admins to customise. > > John. > > -- > -- Over 3000 webcams from ski resorts around the world - > www.snoweye.com > -- Translate your technical documents and web pages - www.tradoc.fr > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From john at tradoc.fr Fri Jun 22 13:15:23 2007 From: john at tradoc.fr (John Wilcock) Date: Fri Jun 22 13:15:29 2007 Subject: Beta release 4.61.3 In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBAF796FF@HC-MBX02.herefordshire.gov.uk> References: <4671129F.80201@ecs.soton.ac.uk> <20070614112002.C2A4EFF0F@mx-a.vdnet.lt><4673FED5.6030306@ecs.soton.ac.uk> <467BAF3E.1000600@tradoc.fr> <7EF0EE5CB3B263488C8C18823239BEBAF796FF@HC-MBX02.herefordshire.gov.uk> Message-ID: <467BBD5B.4050902@tradoc.fr> Randal, Phil wrote: > You'd have to configure use of sa-compile, not just do it on the basis > of the existence of the sa-compile executable. > > I'm sure there are lots of SA 3.x.x users who don't use sa-compile. This could be a configuration option, I suppose, yes, or else you could simply check whether the spamassassin *.pre files include a (non-commented) loadplugin line for Rule2XSBody. John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From glenn.steen at gmail.com Fri Jun 22 13:21:08 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 22 13:21:10 2007 Subject: milters with postfix In-Reply-To: <20070622112921.DADFF1224A2@mx-b.vdnet.lt> References: <20070622112921.DADFF1224A2@mx-b.vdnet.lt> Message-ID: <223f97700706220521i55e82a18v9c6d8e8fa5dad0dd@mail.gmail.com> Could you get of a sample queue file? Both before and after? On 22/06/07, Nerijus Baliunas wrote: > Hello, > > I updated to postfix 2.4.3 and mailscanner 4.61.3 and the old problem > with corrupted headers is back again. But the " 0" is added not after > the last header as before, but in the middle of the headers: > > From: Nerijus Baliunas > Subject: 2 > 0 > To: postmaster@example.lt > > Any ideas? Should I provide email samples and queue files again? > > Regards, > Nerijus > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Jun 22 13:38:20 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 22 13:38:22 2007 Subject: milters with postfix In-Reply-To: <223f97700706220521i55e82a18v9c6d8e8fa5dad0dd@mail.gmail.com> References: <20070622112921.DADFF1224A2@mx-b.vdnet.lt> <223f97700706220521i55e82a18v9c6d8e8fa5dad0dd@mail.gmail.com> Message-ID: <223f97700706220538y68264b9dw840d46317d92e5f9@mail.gmail.com> Get me a sample. . . T9 playing tricks on me:) On 22/06/07, Glenn Steen wrote: > Could you get of a sample queue file? Both before and after? > > On 22/06/07, Nerijus Baliunas wrote: > > Hello, > > > > I updated to postfix 2.4.3 and mailscanner 4.61.3 and the old problem > > with corrupted headers is back again. But the " 0" is added not after > > the last header as before, but in the middle of the headers: > > > > From: Nerijus Baliunas > > Subject: 2 > > 0 > > To: postmaster@example.lt > > > > Any ideas? Should I provide email samples and queue files again? > > > > Regards, > > Nerijus > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ms-list at alexb.ch Fri Jun 22 13:50:07 2007 From: ms-list at alexb.ch (Alex Broens) Date: Fri Jun 22 13:50:13 2007 Subject: File command "whitelist" Message-ID: <467BC57F.3010709@alexb.ch> Guys I need to "whitelist" a few filetypes which "file" considers executable probably using -f, --files-from namefile (Read the names of the files to be examined from namefile (one per line) before the argument list. Either namefile or at least one filename argument must be present; to test the stan- dard input, use ``-'' as a filename argument.) Havent' been able to figure out how to implement this with MailScanner. Any pointer or cluebat hits would be very appreciated. Thanks Alex From MailScanner at ecs.soton.ac.uk Fri Jun 22 13:51:20 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 22 13:56:38 2007 Subject: Beta release 4.61.3 In-Reply-To: <467BAF3E.1000600@tradoc.fr> References: <4671129F.80201@ecs.soton.ac.uk> <20070614112002.C2A4EFF0F@mx-a.vdnet.lt> <4673FED5.6030306@ecs.soton.ac.uk> <467BAF3E.1000600@tradoc.fr> Message-ID: <467BC5C8.70308@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Wilcock wrote: > Julian Field wrote: >> Nerijus Baliunas wrote: >>> Could you please rename /etc/cron.daily/sa-update to >>> update_spamassassin >>> >> No problem. This will be in the next release. > > While you're updating that, Julian, you might like to add in > sa-compile functionality for SA 3.2.x > > It could be as simple as > /usr/bin/sa-update && /usr/bin/sa-compile &> /dev/null \ > && /etc/init.d/MailScanner reload > > though I suppose you'd have to test for the existence of sa-compile to > allow for those still using 3.1.x. Done. > > Ideally the script would also allow for an alternative sa-update > channel file for those of us who use sa-update rather than rulesdujour > for SARE rules, for example, though it could be argued that this is up > to individual admins to customise. > > John. > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGe8ZyEfZZRxQVtlQRAkqoAJ4/K9jWVNHABJWeG6yozZdNbkh8qACg1d/m xRJ3fAbYDMwH4ljbBiPq1Rk= =C7qx -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Fri Jun 22 13:58:37 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 22 14:00:06 2007 Subject: Beta release 4.61.3 In-Reply-To: <467BBD5B.4050902@tradoc.fr> References: <4671129F.80201@ecs.soton.ac.uk> <20070614112002.C2A4EFF0F@mx-a.vdnet.lt><4673FED5.6030306@ecs.soton.ac.uk> <467BAF3E.1000600@tradoc.fr> <7EF0EE5CB3B263488C8C18823239BEBAF796FF@HC-MBX02.herefordshire.gov.uk> <467BBD5B.4050902@tradoc.fr> Message-ID: <467BC77D.4000108@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Wilcock wrote: > Randal, Phil wrote: >> You'd have to configure use of sa-compile, not just do it on the basis >> of the existence of the sa-compile executable. >> >> I'm sure there are lots of SA 3.x.x users who don't use sa-compile. > > This could be a configuration option, I suppose, yes, or else you > could simply check whether the spamassassin *.pre files include a > (non-commented) loadplugin line for Rule2XSBody. Good idea. It now looks for an uncommented loadplugin line in /etc/mail/spamassassin/*.pre. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGe8eeEfZZRxQVtlQRAggIAKCKjTteSzrnzx/KAV8Bcp7qgov35ACgiDrG mOX1ucX8JG097AGk551YVtg= =Wb4D -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From rcooper at dwford.com Fri Jun 22 14:33:18 2007 From: rcooper at dwford.com (Rick Cooper) Date: Fri Jun 22 14:33:23 2007 Subject: MCP works, doesn't deliver In-Reply-To: <223f97700706220051o381c15d3v9534b176a8dd76b8@mail.gmail.com> References: <00be01c7b422$2bbf8d10$0301a8c0@SAHOMELT> <223f97700706220051o381c15d3v9534b176a8dd76b8@mail.gmail.com> Message-ID: <026e01c7b4d1$e5840eb0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Glenn Steen > Sent: Friday, June 22, 2007 3:51 AM > To: MailScanner discussion > Subject: Re: MCP works, doesn't deliver > > And it works locally? How very odd. Did you submit via telnet? > > On 21/06/07, Rick Cooper wrote: > > I have never used the MCP features of MailScanner before, > after all the > > traffic thought I would try it. My problem is a bit odd in > that if I do a > > test (with the sample rules) it hits fine, and if I sent > it locally it > > delivers the mail tagged correctly. However, if I send it > from remote it > > does exactly the same thing, logs the same way, says it > delivered and then > > the message is just gone. Not in any queue, not in the > inbox, just gone. > > [...] Get's better. In MailScanner.conf my non spam action is to deliver and forward to a special account that archives the mail and each night another process goes through all the messagaes in the spam, and ham accounts and removes all the headers that we add to an email and then moves them to a corpus directory and depending on where they come from learns them as ham or spam. Well these mcp mails are going into the ham mail box but are not being delivered. Remember there is no such action associated with mcp, all mcp actions are simply deliver (no rules, no forward just deliver). So where on earth is MailScanner getting the forward address in the first place, and why is it only forwarding and not delivering? I guess it's time to look through the mcp code. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jlcostinha at halla.pt Fri Jun 22 15:23:29 2007 From: jlcostinha at halla.pt (Jorge Costinha) Date: Fri Jun 22 15:23:47 2007 Subject: bug in Mailscanner 4.60.8-1? Message-ID: <467BDB61.6020501@halla.pt> this is so bizarre! if i send the simplest mail there is with only 1 charater the character: _*?*_ , no attachsments at all. somehow it matches the filetype EXE/COM rules and i get the usual bounce back: "Warning: This message has had one or more attachments removed Warning: (the entire message). Warning: Please read the "HCC-mx-Attachment-Warning.txt" attachment(s) for more information. This is a message from the MailScanner E-Mail Virus Protection Service ---------------------------------------------------------------------- The original e-mail attachment "the entire message" is on the list of unacceptable attachments for this site and has been replaced by this warning message. If you wish to receive a copy of the original attachment, please e-mail helpdesk and include the whole of this message in your request. Alternatively, you can call them, with the contents of this message to hand when you call. At Fri Jun 22 11:43:32 2007 the virus scanner said: MailScanner: No programs allowed (msg-18164-12.txt) Note to Help Desk: Look on the HCC-mx (mx.halla.pt) MailScanner in /var/spool/MailScanner/quarantine/20070622 (message l5MAhVa5021067). " thank you, Jorge From rcooper at dwford.com Fri Jun 22 15:28:30 2007 From: rcooper at dwford.com (Rick Cooper) Date: Fri Jun 22 15:28:36 2007 Subject: MCP works, doesn't deliver In-Reply-To: <026e01c7b4d1$e5840eb0$0301a8c0@SAHOMELT> References: <00be01c7b422$2bbf8d10$0301a8c0@SAHOMELT><223f97700706220051o381c15d3v9534b176a8dd76b8@mail.gmail.com> <026e01c7b4d1$e5840eb0$0301a8c0@SAHOMELT> Message-ID: <02ba01c7b4d9$9b5ec250$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Rick Cooper > Sent: Friday, June 22, 2007 9:33 AM > To: 'MailScanner discussion' > Subject: RE: MCP works, doesn't deliver > > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Glenn Steen > > Sent: Friday, June 22, 2007 3:51 AM > > To: MailScanner discussion > > Subject: Re: MCP works, doesn't deliver > > > > And it works locally? How very odd. Did you submit via telnet? > > > > On 21/06/07, Rick Cooper wrote: > > > I have never used the MCP features of MailScanner before, > > after all the > > > traffic thought I would try it. My problem is a bit odd in > > that if I do a > > > test (with the sample rules) it hits fine, and if I sent > > it locally it > > > delivers the mail tagged correctly. However, if I send it > > from remote it > > > does exactly the same thing, logs the same way, says it > > delivered and then > > > the message is just gone. Not in any queue, not in the > > inbox, just gone. > > > > [...] > > Get's better. In MailScanner.conf my non spam action is to > deliver and > forward to a special account that archives the mail and each > night another > process goes through all the messagaes in the spam, and ham > accounts and > removes all the headers that we add to an email and then > moves them to a > corpus directory and depending on where they come from > learns them as ham or > spam. Well these mcp mails are going into the ham mail box > but are not being > delivered. Remember there is no such action associated with > mcp, all mcp > actions are simply deliver (no rules, no forward just > deliver). So where on > earth is MailScanner getting the forward address in the > first place, and why > is it only forwarding and not delivering? > Tried running in debug mode with debug SA yes as well and I get the following errors: [28618] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Check=HASH(0x81cb0f0), already registered [28618] info: config: failed to parse line, skipping, in "/opt/MailScanner/etc/mcp/mcp.spam.assassin.prefs.conf": use_dcc 0 [28618] info: config: failed to parse line, skipping, in "/opt/MailScanner/etc/mcp/mcp.spam.assassin.prefs.conf": use_pyzor 0 [28618] info: config: failed to parse line, skipping, in "/opt/MailScanner/etc/mcp/mcp.spam.assassin.prefs.conf": use_razor1 0 [28618] info: config: failed to parse line, skipping, in "/opt/MailScanner/etc/mcp/mcp.spam.assassin.prefs.conf": use_razor2 0 [28618] info: config: failed to parse line, skipping, in "/opt/MailScanner/etc/mcp/mcp.spam.assassin.prefs.conf": decode_attachments 1 Sa also complains about the missing trusted_networks stuff as well. Is this normal? The only patch I applied to SA was the new one Julian posted a couple days ago Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jlcostinha at halla.pt Fri Jun 22 15:34:53 2007 From: jlcostinha at halla.pt (Jorge Costinha) Date: Fri Jun 22 15:35:10 2007 Subject: bug in Mailscanner 4.60.8-1? In-Reply-To: <467BDB61.6020501@halla.pt> References: <467BDB61.6020501@halla.pt> Message-ID: <467BDE0D.9050008@halla.pt> i mean the character: ? Jorge Costinha wrote: > this is so bizarre! > > if i send the simplest mail there is with only 1 charater the > character: _*?*_ , no attachsments at all. somehow it matches the > filetype EXE/COM rules and i get the usual bounce back: > > > "Warning: This message has had one or more attachments removed > Warning: (the entire message). > Warning: Please read the "HCC-mx-Attachment-Warning.txt" attachment(s) > for more information. > > This is a message from the MailScanner E-Mail Virus Protection Service > ---------------------------------------------------------------------- > The original e-mail attachment "the entire message" > is on the list of unacceptable attachments for this site and has been > replaced by this warning message. > > If you wish to receive a copy of the original attachment, please > e-mail helpdesk and include the whole of this message > in your request. Alternatively, you can call them, with > the contents of this message to hand when you call. > > At Fri Jun 22 11:43:32 2007 the virus scanner said: > MailScanner: No programs allowed (msg-18164-12.txt) > > Note to Help Desk: Look on the HCC-mx (mx.halla.pt) MailScanner in > /var/spool/MailScanner/quarantine/20070622 (message l5MAhVa5021067). > " > > thank you, > Jorge > > > From ajs at vifilfell.is Fri Jun 22 15:46:44 2007 From: ajs at vifilfell.is (ajs@vifilfell.is) Date: Fri Jun 22 15:52:36 2007 Subject: bug in Mailscanner 4.60.8-1? In-Reply-To: <467BDE0D.9050008@halla.pt> Message-ID: this has actually nothing to do with mailscanner. this is related to the 'file' command. you have to locate and edit a file called 'magic' and then recompile it to 'magic.mgc'. cheers, asgeir. Jorge Costinha Sent by: mailscanner-bounces@lists.mailscanner.info 22.06.2007 14:34 Please respond to MailScanner discussion To MailScanner discussion cc Subject Re: bug in Mailscanner 4.60.8-1? i mean the character: ? Jorge Costinha wrote: > this is so bizarre! > > if i send the simplest mail there is with only 1 charater the > character: _*?*_ , no attachsments at all. somehow it matches the > filetype EXE/COM rules and i get the usual bounce back: > > > "Warning: This message has had one or more attachments removed > Warning: (the entire message). > Warning: Please read the "HCC-mx-Attachment-Warning.txt" attachment(s) > for more information. > > This is a message from the MailScanner E-Mail Virus Protection Service > ---------------------------------------------------------------------- > The original e-mail attachment "the entire message" > is on the list of unacceptable attachments for this site and has been > replaced by this warning message. > > If you wish to receive a copy of the original attachment, please > e-mail helpdesk and include the whole of this message > in your request. Alternatively, you can call them, with > the contents of this message to hand when you call. > > At Fri Jun 22 11:43:32 2007 the virus scanner said: > MailScanner: No programs allowed (msg-18164-12.txt) > > Note to Help Desk: Look on the HCC-mx (mx.halla.pt) MailScanner in > /var/spool/MailScanner/quarantine/20070622 (message l5MAhVa5021067). > " > > thank you, > Jorge > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jun 22 15:51:00 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 22 15:54:33 2007 Subject: bug in Mailscanner 4.60.8-1? In-Reply-To: <467BDB61.6020501@halla.pt> References: <467BDB61.6020501@halla.pt> Message-ID: <467BE1D4.4080307@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Unfortunately, I cannot skip the message body from filetype checking, as you can have mails which just have a file in them and no "message text" at all, so everything must be checked. The character followed by a new-line sequence, must happen to match the "magic" pattern that identifies an executable of some architecture or other. And you cannot rely on mime types to skip checking elements of the message, or it would be trivial for a nasty person to circumvent the filetype checking. Sorry about that. It's a fundamental problem with how you deduce a file format from its contents, there is no other way to do it. Jules. Jorge Costinha wrote: > this is so bizarre! > > if i send the simplest mail there is with only 1 charater the > character: _*?*_ , no attachsments at all. somehow it matches the > filetype EXE/COM rules and i get the usual bounce back: > > > "Warning: This message has had one or more attachments removed > Warning: (the entire message). > Warning: Please read the "HCC-mx-Attachment-Warning.txt" attachment(s) > for more information. > > This is a message from the MailScanner E-Mail Virus Protection Service > ---------------------------------------------------------------------- > The original e-mail attachment "the entire message" > is on the list of unacceptable attachments for this site and has been > replaced by this warning message. > > If you wish to receive a copy of the original attachment, please > e-mail helpdesk and include the whole of this message > in your request. Alternatively, you can call them, with > the contents of this message to hand when you call. > > At Fri Jun 22 11:43:32 2007 the virus scanner said: > MailScanner: No programs allowed (msg-18164-12.txt) > > Note to Help Desk: Look on the HCC-mx (mx.halla.pt) MailScanner in > /var/spool/MailScanner/quarantine/20070622 (message l5MAhVa5021067). > " > > thank you, > Jorge > > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGe+H+EfZZRxQVtlQRAsAEAKDN+/WWh/qNJVCGeJbXuUMS98dKiACgr8M/ my+d5QnHmuMlxih2YBNDt2g= =KcKd -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From jlcostinha at halla.pt Fri Jun 22 16:42:35 2007 From: jlcostinha at halla.pt (Jorge Costinha) Date: Fri Jun 22 16:42:54 2007 Subject: bug in Mailscanner 4.60.8-1? In-Reply-To: References: Message-ID: <467BEDEB.1040008@halla.pt> can you be a little more specific? thanks Jorge. ajs@vifilfell.is wrote: > this has actually nothing to do with mailscanner. > > this is related to the 'file' command. you have to locate and edit a file > called 'magic' and then recompile it to 'magic.mgc'. > > cheers, asgeir. > > > > > Jorge Costinha > Sent by: mailscanner-bounces@lists.mailscanner.info > 22.06.2007 14:34 > Please respond to > MailScanner discussion > > > To > MailScanner discussion > cc > > Subject > Re: bug in Mailscanner 4.60.8-1? > > > > > > > > > i mean the character: ? > > > > Jorge Costinha wrote: > >> this is so bizarre! >> >> if i send the simplest mail there is with only 1 charater the >> character: _*?*_ , no attachsments at all. somehow it matches the >> filetype EXE/COM rules and i get the usual bounce back: >> >> >> "Warning: This message has had one or more attachments removed >> Warning: (the entire message). >> Warning: Please read the "HCC-mx-Attachment-Warning.txt" attachment(s) >> for more information. >> >> This is a message from the MailScanner E-Mail Virus Protection Service >> ---------------------------------------------------------------------- >> The original e-mail attachment "the entire message" >> is on the list of unacceptable attachments for this site and has been >> replaced by this warning message. >> >> If you wish to receive a copy of the original attachment, please >> e-mail helpdesk and include the whole of this message >> in your request. Alternatively, you can call them, with >> the contents of this message to hand when you call. >> >> At Fri Jun 22 11:43:32 2007 the virus scanner said: >> MailScanner: No programs allowed (msg-18164-12.txt) >> >> Note to Help Desk: Look on the HCC-mx (mx.halla.pt) MailScanner in >> /var/spool/MailScanner/quarantine/20070622 (message l5MAhVa5021067). >> " >> >> thank you, >> Jorge >> >> >> >> > > > > From glenn.steen at gmail.com Fri Jun 22 17:08:44 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 22 17:08:46 2007 Subject: MCP works, doesn't deliver In-Reply-To: <02ba01c7b4d9$9b5ec250$0301a8c0@SAHOMELT> References: <00be01c7b422$2bbf8d10$0301a8c0@SAHOMELT> <223f97700706220051o381c15d3v9534b176a8dd76b8@mail.gmail.com> <026e01c7b4d1$e5840eb0$0301a8c0@SAHOMELT> <02ba01c7b4d9$9b5ec250$0301a8c0@SAHOMELT> Message-ID: <223f97700706220908lb3b7e9cr2c19312e5c74eb96@mail.gmail.com> On 22/06/07, Rick Cooper wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Rick Cooper > > Sent: Friday, June 22, 2007 9:33 AM > > To: 'MailScanner discussion' > > Subject: RE: MCP works, doesn't deliver > > > > > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > > Behalf Of Glenn Steen > > > Sent: Friday, June 22, 2007 3:51 AM > > > To: MailScanner discussion > > > Subject: Re: MCP works, doesn't deliver > > > > > > And it works locally? How very odd. Did you submit via telnet? > > > > > > On 21/06/07, Rick Cooper wrote: > > > > I have never used the MCP features of MailScanner before, > > > after all the > > > > traffic thought I would try it. My problem is a bit odd in > > > that if I do a > > > > test (with the sample rules) it hits fine, and if I sent > > > it locally it > > > > delivers the mail tagged correctly. However, if I send it > > > from remote it > > > > does exactly the same thing, logs the same way, says it > > > delivered and then > > > > the message is just gone. Not in any queue, not in the > > > inbox, just gone. > > > > > > [...] > > > > Get's better. In MailScanner.conf my non spam action is to > > deliver and > > forward to a special account that archives the mail and each > > night another > > process goes through all the messagaes in the spam, and ham > > accounts and > > removes all the headers that we add to an email and then > > moves them to a > > corpus directory and depending on where they come from > > learns them as ham or > > spam. Well these mcp mails are going into the ham mail box > > but are not being > > delivered. Remember there is no such action associated with > > mcp, all mcp > > actions are simply deliver (no rules, no forward just > > deliver). So where on > > earth is MailScanner getting the forward address in the > > first place, and why > > is it only forwarding and not delivering? > > > > Tried running in debug mode with debug SA yes as well and I get the > following errors: > > [28618] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::Check=HASH(0x81cb0f0), already registered > [28618] info: config: failed to parse line, skipping, in > "/opt/MailScanner/etc/mcp/mcp.spam.assassin.prefs.conf": use_dcc 0 > [28618] info: config: failed to parse line, skipping, in > "/opt/MailScanner/etc/mcp/mcp.spam.assassin.prefs.conf": use_pyzor 0 > [28618] info: config: failed to parse line, skipping, in > "/opt/MailScanner/etc/mcp/mcp.spam.assassin.prefs.conf": use_razor1 0 > [28618] info: config: failed to parse line, skipping, in > "/opt/MailScanner/etc/mcp/mcp.spam.assassin.prefs.conf": use_razor2 0 > [28618] info: config: failed to parse line, skipping, in > "/opt/MailScanner/etc/mcp/mcp.spam.assassin.prefs.conf": decode_attachments > 1 > > Sa also complains about the missing trusted_networks stuff as well. Is this > normal? The only patch I applied to SA was the new one Julian posted a > couple days ago > > Rick > Could perhaps be an order kind of thing... do you do mcp or SA first? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Jun 22 17:41:38 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 22 17:41:40 2007 Subject: milters with postfix In-Reply-To: <223f97700706220538y68264b9dw840d46317d92e5f9@mail.gmail.com> References: <20070622112921.DADFF1224A2@mx-b.vdnet.lt> <223f97700706220521i55e82a18v9c6d8e8fa5dad0dd@mail.gmail.com> <223f97700706220538y68264b9dw840d46317d92e5f9@mail.gmail.com> Message-ID: <223f97700706220941s32f08029o62f63ef508129f6@mail.gmail.com> On 22/06/07, Glenn Steen wrote: > Get me a sample. . . T9 playing tricks on me:) > > On 22/06/07, Glenn Steen wrote: > > Could you get of a sample queue file? Both before and after? > > > > On 22/06/07, Nerijus Baliunas wrote: > > > Hello, > > > > > > I updated to postfix 2.4.3 and mailscanner 4.61.3 and the old problem > > > with corrupted headers is back again. But the " 0" is added not after > > > the last header as before, but in the middle of the headers: > > > > > > From: Nerijus Baliunas > > > Subject: 2 > > > 0 > > > To: postmaster@example.lt > > > > > > Any ideas? Should I provide email samples and queue files again? > > > > > > Regards, > > > Nerijus Well, thanks to Nerijus, who sent a comprehensive set of queue files and the corresponding (mangled) results, I now see that something (in MailScanner) has botched the w (deleted) record in the problem case ... When I find them in the body, I simply ignore them, but in the header section(s) I fall back on Jules sane thing of simply copying them over as is ... This seems to be less than working though, so I'll either do a patch (next week) to simply skip them in the header(s) too, or try make sure they don't get mangled (if I can find out why). The first method is quite sane, since we really don't need them... And it just might be that we should (contraintuitively) do the "reintroduction of an empty p record" I talked about a while back, if postfix itself relies on the occurrence of p records to correctly handle w records (I haven't checked the PF code for this... Just might be something like that happening... Sigh). When I do something about this, I'll do the fix for Fred Stein too, to only do the body spin-through in ReadQf for queue files containing p records... Thinking like Linus.... "Don't sacrifice the common case performance for the odd case":-). Since I'm off celebrating a traditional midsummer's eve (with all that entails (see how restrained I am, Hugo:-)) I wouldn't trust any code leaving my fingers ... So it'll have to be sometime Monday or Tuesday ... at the earliest:-) BTW Jules, when you feel a bit better you really should come sample the pickled herring ... and ... assorted attributes...:-). Would be a shame if the world tour was on hold indefinitely;-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rcooper at dwford.com Fri Jun 22 18:22:43 2007 From: rcooper at dwford.com (Rick Cooper) Date: Fri Jun 22 18:22:52 2007 Subject: MCP works, doesn't deliver In-Reply-To: <223f97700706220908lb3b7e9cr2c19312e5c74eb96@mail.gmail.com> References: <00be01c7b422$2bbf8d10$0301a8c0@SAHOMELT><223f97700706220051o381c15d3v9534b176a8dd76b8@mail.gmail.com><026e01c7b4d1$e5840eb0$0301a8c0@SAHOMELT><02ba01c7b4d9$9b5ec250$0301a8c0@SAHOMELT> <223f97700706220908lb3b7e9cr2c19312e5c74eb96@mail.gmail.com> Message-ID: <02fe01c7b4f1$f3282180$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Glenn Steen > Sent: Friday, June 22, 2007 12:09 PM > To: MailScanner discussion > Subject: Re: MCP works, doesn't deliver > [...] > > Tried running in debug mode with debug SA yes as well and I get the > > following errors: > > > > [28618] dbg: plugin: did not register > > Mail::SpamAssassin::Plugin::Check=HASH(0x81cb0f0), already > registered > > [28618] info: config: failed to parse line, skipping, in > > "/opt/MailScanner/etc/mcp/mcp.spam.assassin.prefs.conf": use_dcc 0 > > [28618] info: config: failed to parse line, skipping, in > > "/opt/MailScanner/etc/mcp/mcp.spam.assassin.prefs.conf": > use_pyzor 0 > > [28618] info: config: failed to parse line, skipping, in > > "/opt/MailScanner/etc/mcp/mcp.spam.assassin.prefs.conf": > use_razor1 0 > > [28618] info: config: failed to parse line, skipping, in > > "/opt/MailScanner/etc/mcp/mcp.spam.assassin.prefs.conf": > use_razor2 0 > > [28618] info: config: failed to parse line, skipping, in > > "/opt/MailScanner/etc/mcp/mcp.spam.assassin.prefs.conf": > decode_attachments > > 1 > > > > Sa also complains about the missing trusted_networks stuff > as well. Is this > > normal? The only patch I applied to SA was the new one > Julian posted a > > couple days ago > > > > Rick > > > Could perhaps be an order kind of thing... do you do mcp or SA first? > Actually mcp first, could try doing it second and see, but it's still odd that it does the forward but not the deliver even though the log says the action is "deliver" Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From list-mailscanner at linguaphone.com Fri Jun 22 18:34:41 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Fri Jun 22 18:34:46 2007 Subject: what does /s mean at the end of spamassassin rules Message-ID: Probably a simple questioon but I cannot find any mention of it on the spamassassin rules writing wiki. Some rules end with /i and some others /is. I know the 'i' refers to a case insensitive match but what does the 's' refer to? Thanks From rcooper at dwford.com Fri Jun 22 19:27:38 2007 From: rcooper at dwford.com (Rick Cooper) Date: Fri Jun 22 19:27:44 2007 Subject: MCP works, doesn't deliver In-Reply-To: <223f97700706220908lb3b7e9cr2c19312e5c74eb96@mail.gmail.com> References: <00be01c7b422$2bbf8d10$0301a8c0@SAHOMELT><223f97700706220051o381c15d3v9534b176a8dd76b8@mail.gmail.com><026e01c7b4d1$e5840eb0$0301a8c0@SAHOMELT><02ba01c7b4d9$9b5ec250$0301a8c0@SAHOMELT> <223f97700706220908lb3b7e9cr2c19312e5c74eb96@mail.gmail.com> Message-ID: <032c01c7b4fb$03b234b0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Glenn Steen > Sent: Friday, June 22, 2007 12:09 PM > To: MailScanner discussion > Subject: Re: MCP works, doesn't deliver > [...] > > > > Rick > > > Could perhaps be an order kind of thing... do you do mcp or SA first? > I switched to checking spam first and now it both forwards and delivers. Odd... Julian any idea why? On the downside it doesn't detect "this text is banned" in pdf files anyway :-( Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Fri Jun 22 19:38:10 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Jun 22 19:38:46 2007 Subject: what does /s mean at the end of spamassassin rules In-Reply-To: References: Message-ID: <467C1712.9000102@evi-inc.com> Gareth wrote: > Probably a simple questioon but I cannot find any mention of it on the > spamassassin rules writing wiki. > > Some rules end with /i and some others /is. I know the 'i' refers to a case > insensitive match but what does the 's' refer to? The /s regex modifier allows the . wildcard to match newlines. /s would only make sense for rawbody rules, because there are no newlines in normal body rules. /s isn't mentioned in the wiki because its use is rather uncommon and the wiki is intended to cover "all the basics, plus a little more", but is far from all inclusive. If you encounter other advanced regex syntax, the wiki Writing Rules article does have links to several sites with more detailed information about Perl Regular expressions. Personally I use this quick reference sheet, which is linked from the google directory mentioned in the wiki: http://www.erudil.com/preqr.pdf > > Thanks > From naolson at gmail.com Fri Jun 22 19:53:44 2007 From: naolson at gmail.com (Nathan Olson) Date: Fri Jun 22 19:53:47 2007 Subject: what does /s mean at the end of spamassassin rules In-Reply-To: <467C1712.9000102@evi-inc.com> References: <467C1712.9000102@evi-inc.com> Message-ID: <8f54b4330706221153h3979fcedyb937c05414aedac@mail.gmail.com> In "Perl Best Practices", Damian Conway makes a good case for using /s all of the time. Nate From mkettler at evi-inc.com Fri Jun 22 20:19:34 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Jun 22 20:20:15 2007 Subject: what does /s mean at the end of spamassassin rules In-Reply-To: <8f54b4330706221153h3979fcedyb937c05414aedac@mail.gmail.com> References: <467C1712.9000102@evi-inc.com> <8f54b4330706221153h3979fcedyb937c05414aedac@mail.gmail.com> Message-ID: <467C20C6.3010106@evi-inc.com> Nathan Olson wrote: > In "Perl Best Practices", Damian Conway makes a good case for using /s all > of the time. I've not read that book, nor do I own a copy.. What was his rationale? Bear in mind that a spamassassin body rule has had the input pre-processed. You are 100% guaranteed there will never be a \n anywhere in the text scanned by a spamassassin body rule. Therefore, modifying the regex so . can match \n shouldn't matter, unless for some reason the regex runs faster with this enabled. However, if Damian's point is simply "be prepared for multi-line input".. well, that can't happen here. From konve at logout.cz Fri Jun 22 20:32:21 2007 From: konve at logout.cz (Dalimil Gala) Date: Fri Jun 22 20:32:37 2007 Subject: 4.61.3 In Production? In-Reply-To: <527E74CE-2DA5-4F2A-AE3B-43D63FD99CCB@addicks.org> References: <527E74CE-2DA5-4F2A-AE3B-43D63FD99CCB@addicks.org> Message-ID: <467C23C5.9030009@logout.cz> I've upgraded from 4.59.4 to 4.61.3 one day ago because of clamd and it is running OK. My config is Debian Sarge with 2.6.15 kernel, Sendmail + SA 3.2.0 + Nod32 2.04 + clamd 0.91rc1, filtering 5000 messages per day. Dalimil Glynne Jones wrote: > > I've not seen a lot of feedback on 4.61.3 - is anyone running it in a > production environment? Any problems? > > Seems to be working well on my test system, but that doesn't handle > large amounts of mail. I need the clamd functionality, hence testing > this version. > > Thanks, > > Glynne > From ssilva at sgvwater.com Fri Jun 22 23:05:57 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 22 23:51:22 2007 Subject: Beta release 4.61.3 In-Reply-To: <467BAF3E.1000600@tradoc.fr> References: <4671129F.80201@ecs.soton.ac.uk> <20070614112002.C2A4EFF0F@mx-a.vdnet.lt> <4673FED5.6030306@ecs.soton.ac.uk> <467BAF3E.1000600@tradoc.fr> Message-ID: John Wilcock spake the following on 6/22/2007 4:15 AM: > Julian Field wrote: >> Nerijus Baliunas wrote: >>> Could you please rename /etc/cron.daily/sa-update to update_spamassassin >>> >> No problem. This will be in the next release. > > While you're updating that, Julian, you might like to add in sa-compile > functionality for SA 3.2.x > > It could be as simple as > /usr/bin/sa-update && /usr/bin/sa-compile &> /dev/null \ > && /etc/init.d/MailScanner reload > > though I suppose you'd have to test for the existence of sa-compile to > allow for those still using 3.1.x. > > Ideally the script would also allow for an alternative sa-update channel > file for those of us who use sa-update rather than rulesdujour for SARE > rules, for example, though it could be argued that this is up to > individual admins to customise. > > John. > I have seen a lot of noise that compiled scripts can actually use more memory because spamassassin sometimes loads the original script and the compiled one. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From r.berber at computer.org Fri Jun 22 23:40:03 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Sat Jun 23 00:07:20 2007 Subject: Beta release 4.61.3 In-Reply-To: <467BC5C8.70308@ecs.soton.ac.uk> References: <4671129F.80201@ecs.soton.ac.uk> <20070614112002.C2A4EFF0F@mx-a.vdnet.lt> <4673FED5.6030306@ecs.soton.ac.uk> <467BAF3E.1000600@tradoc.fr> <467BC5C8.70308@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > John Wilcock wrote: >> Julian Field wrote: >>> Nerijus Baliunas wrote: >>>> Could you please rename /etc/cron.daily/sa-update to >>>> update_spamassassin >>>> >>> No problem. This will be in the next release. >> While you're updating that, Julian, you might like to add in >> sa-compile functionality for SA 3.2.x > >> It could be as simple as >> /usr/bin/sa-update && /usr/bin/sa-compile &> /dev/null \ >> && /etc/init.d/MailScanner reload > >> though I suppose you'd have to test for the existence of sa-compile to >> allow for those still using 3.1.x. > Done. But sa-compile depends on the existence of re2c, and to work it has to be re2c version 0.12 (perhaps it was 0.11 or later)... I'm not sure what happens if you have a buggy re2c. And then there are the problems with old SARE rules, which did not compile. Bottom line: is it safe to add that feature? Hey, I like it, I use it manually but it wasn't just add and go. -- Ren? Berber From gtj at addicks.org Sat Jun 23 00:56:31 2007 From: gtj at addicks.org (Glynne Jones) Date: Sat Jun 23 00:56:55 2007 Subject: 4.61.3 In Production? In-Reply-To: <467C23C5.9030009@logout.cz> References: <527E74CE-2DA5-4F2A-AE3B-43D63FD99CCB@addicks.org> <467C23C5.9030009@logout.cz> Message-ID: <779E8C8C-77A7-44C9-B757-A0A19F8E67BC@addicks.org> Thanks for the responses guys. I've taken the plunge and all seem to working well at the moment.... Glynne From mailscanner at wealdclose.co.uk Sat Jun 23 11:25:48 2007 From: mailscanner at wealdclose.co.uk (Kristian Shaw) Date: Sat Jun 23 11:26:39 2007 Subject: MCP works, doesn't deliver References: <00be01c7b422$2bbf8d10$0301a8c0@SAHOMELT><223f97700706220051o381c15d3v9534b176a8dd76b8@mail.gmail.com><026e01c7b4d1$e5840eb0$0301a8c0@SAHOMELT><02ba01c7b4d9$9b5ec250$0301a8c0@SAHOMELT><223f97700706220908lb3b7e9cr2c19312e5c74eb96@mail.gmail.com> <032c01c7b4fb$03b234b0$0301a8c0@SAHOMELT> Message-ID: <005c01c7b580$de2ed140$055112ac@defiant> Hello, I don't think this is a new problem as I used to get something similar until I set: First Check = spam In my case, we deliver all spam messages as attachments, but forward MCP messages to a bucket account. Without the spam check first, messages that were both spam and MCP would simply disappear. I used to patch the code to workaround the issue until I found the "First Check" option worked for me. Regards, Kris. ----- Original Message ----- From: "Rick Cooper" To: "'MailScanner discussion'" Sent: Friday, June 22, 2007 7:27 PM Subject: RE: MCP works, doesn't deliver > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Glenn Steen > > Sent: Friday, June 22, 2007 12:09 PM > > To: MailScanner discussion > > Subject: Re: MCP works, doesn't deliver > > > [...] > > > > > > Rick > > > > > Could perhaps be an order kind of thing... do you do mcp or SA first? > > > > I switched to checking spam first and now it both forwards and delivers. > Odd... Julian any idea why? > > On the downside it doesn't detect "this text is banned" in pdf files > anyway > :-( > > Rick > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From paul.hutchings at mira.co.uk Sat Jun 23 17:15:17 2007 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Sat Jun 23 17:15:26 2007 Subject: 4.61.3 Postfix with Clamd settings? Message-ID: I'm running 4.61.3 with Postfix. Run as user/groups are set to postfix/postfix and incoming work dirs are chown'd to postfix/postfix. Virus scanning using 'clamav' works perfectly. I have clamd installed and running (Suse rpm's) under the default user/group of vscan/vscan. I can't get virus scanning to work using clamd. All looks fine from the logs except it's letting through copies of the eicar test file that are caught by changing back to clamav. I'm sure it's a permissions thing, but if I'm honest I'm out of my depth/level of knowledge with what I need to change with regard to permissions or group memberships in conjunction with the mailscanner.conf settings. TIA, Paul Paul Hutchings Network Administrator, MIRA Ltd. Tel: 44 (0)24 7635 5378 Fax: 44 (0)24 7635 8378 mailto:paul.hutchings@mira.co.uk -- MIRA Ltd. Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From rcooper at dwford.com Sat Jun 23 18:13:00 2007 From: rcooper at dwford.com (Rick Cooper) Date: Sat Jun 23 18:13:07 2007 Subject: 4.61.3 Postfix with Clamd settings? In-Reply-To: References: Message-ID: <048a01c7b5b9$c0f9ebd0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Paul Hutchings > Sent: Saturday, June 23, 2007 12:15 PM > To: MailScanner discussion > Subject: 4.61.3 Postfix with Clamd settings? > > I'm running 4.61.3 with Postfix. > > Run as user/groups are set to postfix/postfix and incoming > work dirs are > chown'd to postfix/postfix. > > Virus scanning using 'clamav' works perfectly. > > I have clamd installed and running (Suse rpm's) under the default > user/group of vscan/vscan. > > I can't get virus scanning to work using clamd. All looks > fine from the > logs except it's letting through copies of the eicar test > file that are > caught by changing back to clamav. > > I'm sure it's a permissions thing, but if I'm honest I'm out of my > depth/level of knowledge with what I need to change with regard to > permissions or group memberships in conjunction with the > mailscanner.conf settings. > Either: 1. Run clamd as root and use Unix socket and/or only listen on 127.0.0.1 2. Change the "User" setting in clamd.conf to the mail user (must be started as root) 3. Change the AllowSupplementaryGroups setting in clamd.conf to yes and add the mail user group to the clamd user group (must be started by root) 4. Change the MailScanner.conf Incoming Work User and Group options Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Sat Jun 23 18:27:42 2007 From: rcooper at dwford.com (Rick Cooper) Date: Sat Jun 23 18:27:46 2007 Subject: 4.61.3 Postfix with Clamd settings? In-Reply-To: <048a01c7b5b9$c0f9ebd0$0301a8c0@SAHOMELT> References: <048a01c7b5b9$c0f9ebd0$0301a8c0@SAHOMELT> Message-ID: <048b01c7b5bb$ce215030$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Rick Cooper > Sent: Saturday, June 23, 2007 1:13 PM > To: 'MailScanner discussion' > Subject: RE: 4.61.3 Postfix with Clamd settings? > > > [...] > 3. Change the AllowSupplementaryGroups setting in > clamd.conf to yes > and add the mail user group to > the clamd user group (must be started by root) > > 4. Change the MailScanner.conf Incoming Work User and > Group options Forgot to mention if you use the AllowSupplementaryGroups method you will need to change the MailScanner.conf Incoming Work Permissions = from 600 to 640 (there is a note about that in the MailScanner.conf for that setting) Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From luciom3rd at email.com Sun Jun 24 16:13:18 2007 From: luciom3rd at email.com (Lucio Montenegro) Date: Sun Jun 24 16:13:21 2007 Subject: Mailscanner Taking to long to Process Incoming Email Message-ID: <4666cca90706240813lef293bfi80a206b66703e99b@mail.gmail.com> Hello Everyone, I currently have the current setup: Fedora Core 5 MailScanner Spamassassin ClamAV All Messages are forwarded to my internal exchange server. I noticed that all messages are taking at least 250 seconds or more to process: Jun 24 09:57:20 localhost MailScanner[9392]: Batch (1 message) processed in 277.04 seconds Jun 24 09:57:36 localhost MailScanner[9155]: Batch (1 message) processed in 273.49 seconds Jun 24 09:57:46 localhost MailScanner[9160]: Batch (1 message) processed in 269.35 seconds This all started after a couple of weeks when I created a cron job to learn spam every 8 hours: user --showdots --mbox --spam /var/mail/usermailbox I since then disabled the cron job and now I want to lower the process time. Your help is appreciated. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070624/0bbb293c/attachment.html From MailScanner at ecs.soton.ac.uk Sun Jun 24 16:41:35 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jun 24 16:44:45 2007 Subject: Mailscanner Taking to long to Process Incoming Email In-Reply-To: <4666cca90706240813lef293bfi80a206b66703e99b@mail.gmail.com> References: <4666cca90706240813lef293bfi80a206b66703e99b@mail.gmail.com> Message-ID: <467E90AF.6010806@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lucio Montenegro wrote: > Hello Everyone, > I currently have the current setup: > > Fedora Core 5 > MailScanner > Spamassassin > ClamAV > > All Messages are forwarded to my internal exchange server. I noticed > that all messages are taking at least 250 seconds or more to process: > > Jun 24 09:57:20 localhost MailScanner[9392]: Batch (1 message) > processed in 277.04 seconds > Jun 24 09:57:36 localhost MailScanner[9155]: Batch (1 message) > processed in 273.49 seconds > Jun 24 09:57:46 localhost MailScanner[9160]: Batch (1 message) > processed in 269.35 seconds > > This all started after a couple of weeks when I created a cron job to > learn spam every 8 hours: > > user --showdots --mbox --spam /var/mail/usermailbox > > I since then disabled the cron job and now I want to lower the process > time. Your help is appreciated. What timeouts do you have set in MailScanner.conf? What else does your maillog say for each of these batches? Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGfpCzEfZZRxQVtlQRAgLeAKD+vuoJBM1XC7k9N834Q+7zxoJ6aACdFllx SVyhU0BNd7lJ3RG/fkzLKLg= =Bloy -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From luciom3rd at email.com Sun Jun 24 17:20:41 2007 From: luciom3rd at email.com (Lucio Montenegro) Date: Sun Jun 24 17:20:44 2007 Subject: Mailscanner Taking to long to Process Incoming Email In-Reply-To: <467E90AF.6010806@ecs.soton.ac.uk> References: <4666cca90706240813lef293bfi80a206b66703e99b@mail.gmail.com> <467E90AF.6010806@ecs.soton.ac.uk> Message-ID: <4666cca90706240920s6e7f2282g6e0a921f0fcb6c19@mail.gmail.com> Found the culprit. It was the ClamAV slowing down the flow of email. It was spiking my cpu 100%. THis system has not been touched for about a month. I wonder why that would start? Any ideas? On 6/24/07, Julian Field wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Lucio Montenegro wrote: > > Hello Everyone, > > I currently have the current setup: > > > > Fedora Core 5 > > MailScanner > > Spamassassin > > ClamAV > > > > All Messages are forwarded to my internal exchange server. I noticed > > that all messages are taking at least 250 seconds or more to process: > > > > Jun 24 09:57:20 localhost MailScanner[9392]: Batch (1 message) > > processed in 277.04 seconds > > Jun 24 09:57:36 localhost MailScanner[9155]: Batch (1 message) > > processed in 273.49 seconds > > Jun 24 09:57:46 localhost MailScanner[9160]: Batch (1 message) > > processed in 269.35 seconds > > > > This all started after a couple of weeks when I created a cron job to > > learn spam every 8 hours: > > > > user --showdots --mbox --spam /var/mail/usermailbox > > > > I since then disabled the cron job and now I want to lower the process > > time. Your help is appreciated. > What timeouts do you have set in MailScanner.conf? > What else does your maillog say for each of these batches? > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.1 (Build 1012) > Charset: ISO-8859-1 > > wj8DBQFGfpCzEfZZRxQVtlQRAgLeAKD+vuoJBM1XC7k9N834Q+7zxoJ6aACdFllx > SVyhU0BNd7lJ3RG/fkzLKLg= > =Bloy > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070624/3ae5f324/attachment.html From mikael at syska.dk Sun Jun 24 17:24:52 2007 From: mikael at syska.dk (Mikael Syska) Date: Sun Jun 24 17:24:41 2007 Subject: Doubts about PF, what are the pros/cons about other MTAs? Message-ID: <467E9AD4.5080200@syska.dk> Hi, I'm going to replace a Post Fix/amavisd-new/spamassassin setup in the near future. My concers is about all the bad stuff that are with Post Fix and Main Scanner ( just a few days ago a message about corrupted headers was on the list, Glenn Steen would look at it next week ) ... and that Post Fix maintainers aint happy with the way MS handles mails from PF ... and so on .... Are any of the other MTA's better? I have used postfix for some time ... but maybe the other is better, dont know PF that well, so a changed would be accepted. Of what I have read on the internet ... Sendmail is old, odd config(some would say) but it works and performs great. qmail is like PF, settings are spread out into more config files. Exim, dont know squad about it ... But what works best with MS ? My needs: This is only going to be a mailgateway(so no local mail delivery), so transport is needed to external and internal ip's, witch must to placed in a database, cause some "Microsoft" people are going to handle that part of it ... It will be run on a Dell PowerEdge 860 with freebsd 6.2. handle about 20k mails per day. Any suggestions on MTA ? // ouT From itdept at fractalweb.com Sun Jun 24 19:42:31 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Sun Jun 24 19:42:42 2007 Subject: Doubts about PF, what are the pros/cons about other MTAs? In-Reply-To: <467E9AD4.5080200@syska.dk> References: <467E9AD4.5080200@syska.dk> Message-ID: <467EBB17.2040205@fractalweb.com> I went through exactly this a few months ago, and we ended up going with Sendmail, and I haven't regretted that decision for even a minute. It's very stable, the configuration file is not that hard, and it works with MailScanner flawlessly. :-) From mikael at syska.dk Sun Jun 24 20:29:44 2007 From: mikael at syska.dk (Mikael Syska) Date: Sun Jun 24 20:29:42 2007 Subject: Doubts about PF, what are the pros/cons about other MTAs? In-Reply-To: <467EBB17.2040205@fractalweb.com> References: <467E9AD4.5080200@syska.dk> <467EBB17.2040205@fractalweb.com> Message-ID: <467EC628.6010606@syska.dk> Hi, Chris Yuzik wrote: > I went through exactly this a few months ago, and we ended up going > with Sendmail, and I haven't regretted that decision for even a > minute. It's very stable, the configuration file is not that hard, and > it works with MailScanner flawlessly. :-) When you say "it's very stable" ... did you have any issues with PF or what ever MTA you were using before ? ... or have you have a few issues witch have been fixed ? When its a simple setup as only receive, scan, and then send the mail to the right destination ... the MTA config, can't be that hard I believe ... I just want to use what ever MTA that does the job best ... before PostFix what choosen cause we also needed to deliver to local virtual users ... but that have been migrated to a other server now, so thats the only thing that was holding me back from changing ... Exim seem to extend Sendmail or am I wrong here ? Does Sendmail have mysql support for the transport maps ? Any pros/cons between the MTA's are most welcome ... maybe there should be a page on the new http://wiki.mailscanner.info/doku.php ... cause I can't be the only one looking for an answer to this :-) btw, if Julian reads this: Writing /home/julianf0/domains/emailscanner.info/public_html/wiki/data/cache/7/7ecb21ce87eb5a10e8f03647ee6f7948.xhtml failed Error on: http://wiki.mailscanner.info/doku.php best regards Mikael Syska From glenn.steen at gmail.com Sun Jun 24 20:58:16 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Jun 24 20:58:18 2007 Subject: Doubts about PF, what are the pros/cons about other MTAs? In-Reply-To: <467E9AD4.5080200@syska.dk> References: <467E9AD4.5080200@syska.dk> Message-ID: <223f97700706241258w6fa31a60q42a775d302720b36@mail.gmail.com> On 24/06/07, Mikael Syska wrote: > Hi, > > I'm going to replace a Post Fix/amavisd-new/spamassassin setup in the > near future. > > My concers is about all the bad stuff that are with Post Fix and Main > Scanner ( just a few days ago a message about corrupted headers was on > the list, Glenn Steen would look at it next week ) That is only a relatively rare problem when using a milter with postfix (possibly only with Postfix 2.4), so isn't really a common problem... Hence I will do something about it tomorrow or Tuesday, not a few minutes ago;-) > ... and that Post Fix > maintainers aint happy with the way MS handles mails from PF ... and so > on .... Mostly "politics", that has very little bearing on anything. They've been unhappy with us for years, and it has mostly just been working (at least as well as any of the other supported MTAs) for the same period. The latest quirk from Wietse just need some fine tuning, and then all is back to normal;). > > Are any of the other MTA's better? Depending on your view of things you will get "yes, use my pet...", "no, postfix rulez...." and "not really.... and not any worse either... It all depends...":-). If you pressed me for a recommendation I'd give you number three;-) > I have used postfix for some time ... but maybe the other is better, > dont know PF that well, so a changed would be accepted. If you don't know your MTA, when it is so relatively easy to work with... Well, lets just say you need read up on any MTA you finally decide to use, including Postfix:-D. There is quite a lot of stuff written on the MailScanner wiki about tricks and tweaks and setup recommendations for most MTAs in general, but perhaps most specifically for Postfix... One could interpret that as postfix being difficult (if one were an Evil Bunny, like Res:), or as a testament on the configurability of the combination. > > Of what I have read on the internet ... > Sendmail is old, odd config(some would say) but it works and performs great. > qmail is like PF, settings are spread out into more config files. > Exim, dont know squad about it ... > > But what works best with MS ? Sendmail probably gets the most thorough rundown, since a) there are more sendmails out there, and b) Jules favours Sendmail. Exim and Postfix are pretty close in support (to sendmail), while Zmail and Qmail are less well covered (even though the Evil Bunny works on the Qmail port, and Leonardo Hellman seems to keep the Zmail one alive,from time to time). > > My needs: This is only going to be a mailgateway(so no local mail > delivery), so transport is needed to external and internal ip's, witch > must to placed in a database, cause some "Microsoft" people are going to > handle that part of it ... Although the solution will look different for all MTAs, they can all accommodate this. > It will be run on a Dell PowerEdge 860 with freebsd 6.2. handle about > 20k mails per day. No problem for any of them. > Any suggestions on MTA ? If you are at all familiar with the Postfix you use already, stick with it. If you want a slick package based on Sendmail, buy DefenderMX (commercial MailScanner+MailWatch and a tad more) from Fortress systems (http://www.fsl.com). > // ouT > > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Sun Jun 24 21:03:37 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jun 24 21:04:57 2007 Subject: Doubts about PF, what are the pros/cons about other MTAs? In-Reply-To: <467EC628.6010606@syska.dk> References: <467E9AD4.5080200@syska.dk> <467EBB17.2040205@fractalweb.com> <467EC628.6010606@syska.dk> Message-ID: <467ECE19.5040103@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mikael Syska wrote: > btw, if Julian reads this: > Writing > /home/julianf0/domains/emailscanner.info/public_html/wiki/data/cache/7/7ecb21ce87eb5a10e8f03647ee6f7948.xhtml > failed > Error on: http://wiki.mailscanner.info/doku.php Should be fixed now. Thanks for telling me. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFGfs4dEfZZRxQVtlQRApHNAKDJxBqH5nVKSFYCS5+XYxNlWoo/MACg0mYU numhKFRBEW1tbiFYUcnB9NU= =X1yo -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From k.joch at kmjeuro.com Sun Jun 24 23:30:01 2007 From: k.joch at kmjeuro.com (Karl M. Joch) Date: Sun Jun 24 23:30:15 2007 Subject: AW: Mailscanner Taking to long to Process Incoming Email In-Reply-To: <4666cca90706240920s6e7f2282g6e0a921f0fcb6c19@mail.gmail.com> Message-ID: <4f62944fb4688742bceb11ea064830da@kmjeuro.com> had the same on about 200 servers. changed a few ones for testing to clamdscan and cpu usage gone done to normal. looks like loading the clamav database over end over with each task was too much. but the original included clamav-wrapper is not really good for clamdscan. i have lot of errors in the syslog and looks like there are other changed needed too. anybody have a good script for clamdscan on freebsd and also a way to get the -r out of the call of the wrapper script? mayn thanks, karl > -----Urspr?ngliche Nachricht----- > Von: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] Im > Auftrag von Lucio Montenegro > Gesendet: Sonntag, 24. Juni 2007 18:21 > An: MailScanner discussion > Betreff: Re: Mailscanner Taking to long to Process Incoming Email > > Found the culprit. It was the ClamAV slowing down the flow of > email. It was spiking my cpu 100%. THis system has not been > touched for about a month. I wonder why that would start? Any ideas? > > > On 6/24/07, Julian Field wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Lucio Montenegro wrote: > > Hello Everyone, > > I currently have the current setup: > > > > Fedora Core 5 > > MailScanner > > Spamassassin > > ClamAV > > > > All Messages are forwarded to my internal exchange > server. I noticed > > that all messages are taking at least 250 seconds or > more to process: > > > > Jun 24 09:57:20 localhost MailScanner[9392]: Batch (1 message) > > processed in 277.04 seconds > > Jun 24 09:57:36 localhost MailScanner[9155]: Batch (1 message) > > processed in 273.49 seconds > > Jun 24 09:57:46 localhost MailScanner[9160]: Batch (1 message) > > processed in 269.35 seconds > > > > This all started after a couple of weeks when I > created a cron job to > > learn spam every 8 hours: > > > > user --showdots --mbox --spam /var/mail/usermailbox > > > > I since then disabled the cron job and now I want to > lower the process > > time. Your help is appreciated. > What timeouts do you have set in MailScanner.conf? > What else does your maillog say for each of these batches? > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system > administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.1 (Build 1012) > Charset: ISO-8859-1 > > wj8DBQFGfpCzEfZZRxQVtlQRAgLeAKD+vuoJBM1XC7k9N834Q+7zxoJ6aACdFllx > SVyhU0BNd7lJ3RG/fkzLKLg= > =Bloy > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read > http://wiki.mailscanner.info/posting > > > Support MailScanner development - buy the book off the website! > > > > From rich at mail.wvnet.edu Sun Jun 24 23:50:12 2007 From: rich at mail.wvnet.edu (Richard Lynch) Date: Sun Jun 24 23:50:18 2007 Subject: AW: Mailscanner Taking to long to Process Incoming Email In-Reply-To: <4f62944fb4688742bceb11ea064830da@kmjeuro.com> References: <4f62944fb4688742bceb11ea064830da@kmjeuro.com> Message-ID: <467EF524.80002@mail.wvnet.edu> Karl M. Joch wrote: > had the same on about 200 servers. changed a few ones for testing to > clamdscan and cpu usage gone done to normal. looks like loading the > clamav database over end over with each task was too much. but the > original included clamav-wrapper is not really good for clamdscan. i > have lot of errors in the syslog and looks like there are other changed > needed too. anybody have a good script for clamdscan on freebsd and also > a way to get the -r out of the call of the wrapper script? > > mayn thanks, > > karl > > > >> -----Urspr?ngliche Nachricht----- >> Von: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] Im >> Auftrag von Lucio Montenegro >> Gesendet: Sonntag, 24. Juni 2007 18:21 >> An: MailScanner discussion >> Betreff: Re: Mailscanner Taking to long to Process Incoming Email >> >> Found the culprit. It was the ClamAV slowing down the flow of >> email. It was spiking my cpu 100%. THis system has not been >> touched for about a month. I wonder why that would start? Any ideas? >> >> >> On 6/24/07, Julian Field wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Lucio Montenegro wrote: >> > Hello Everyone, >> > I currently have the current setup: >> > >> > Fedora Core 5 >> > MailScanner >> > Spamassassin >> > ClamAV >> > >> > All Messages are forwarded to my internal exchange >> server. I noticed >> > that all messages are taking at least 250 seconds or >> more to process: >> > >> > Jun 24 09:57:20 localhost MailScanner[9392]: Batch (1 message) >> > processed in 277.04 seconds >> > Jun 24 09:57:36 localhost MailScanner[9155]: Batch (1 message) >> > processed in 273.49 seconds >> > Jun 24 09:57:46 localhost MailScanner[9160]: Batch (1 message) >> > processed in 269.35 seconds >> > >> > This all started after a couple of weeks when I >> created a cron job to >> > learn spam every 8 hours: >> > >> > user --showdots --mbox --spam /var/mail/usermailbox >> > >> > I since then disabled the cron job and now I want to >> lower the process >> > time. Your help is appreciated. >> What timeouts do you have set in MailScanner.conf? >> What else does your maillog say for each of these batches? >> >> Jules >> >> - -- >> Julian Field MEng CITP >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system >> administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> For all your IT requirements visit www.transtec.co.uk >> >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.6.1 (Build 1012) >> Charset: ISO-8859-1 >> >> wj8DBQFGfpCzEfZZRxQVtlQRAgLeAKD+vuoJBM1XC7k9N834Q+7zxoJ6aACdFllx >> SVyhU0BNd7lJ3RG/fkzLKLg= >> =Bloy >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> For all your IT requirements visit www.transtec.co.uk >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read >> http://wiki.mailscanner.info/posting >> >> >> Support MailScanner development - buy the book off the website! >> >> >> >> >> > > > > Just a quick comment. ClamAV 0.91 will greatly improve the DB load time. RC2 was released today and DB load time is an order of magnitude faster. ~rich -- -------------- next part -------------- A non-text attachment was scrubbed... Name: rich.vcf Type: text/x-vcard Size: 299 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070624/30bde96e/rich.vcf From res at ausics.net Mon Jun 25 00:18:14 2007 From: res at ausics.net (Res) Date: Mon Jun 25 00:18:26 2007 Subject: AW: Mailscanner Taking to long to Process Incoming Email In-Reply-To: <467EF524.80002@mail.wvnet.edu> References: <4f62944fb4688742bceb11ea064830da@kmjeuro.com> <467EF524.80002@mail.wvnet.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NotDashEscaped: You need GnuPG to verify this message On Sun, 24 Jun 2007, Richard Lynch wrote: > Just a quick comment. ClamAV 0.91 will greatly improve the DB load time. RC2 > was released today and DB load time is an order of magnitude faster. I hope so, we are trying to move away from f-prot which has never given us any issues, it handles it way better, many many times more efficiently and faster then clamav which has given us loads well in excess of 15 on key servers, f-prot rarely if ever above 1. * Moving away from f-prot because of the stupid per mailbox licensing that would see us pay them 1/2 million dollars for our sec MX alone on the "off chance" it *might* have to handle all mail for every domain, they want to be greedy, so now they get bloody nothing and we'll keep clam on it and maybe try clam on key servers again to see if they keel over :) -- Cheers Res -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGfvu2sWhAmSIQh7MRAqPKAJ9n1n+klJdzW0JLu4EscjnOzQ+MiQCePHRi oZyQY/bR209Jxu1j+B0hybs= =stBA -----END PGP SIGNATURE----- From mikael at syska.dk Mon Jun 25 01:26:53 2007 From: mikael at syska.dk (Mikael Syska) Date: Mon Jun 25 01:26:53 2007 Subject: AW: Mailscanner Taking to long to Process Incoming Email In-Reply-To: References: <4f62944fb4688742bceb11ea064830da@kmjeuro.com> <467EF524.80002@mail.wvnet.edu> Message-ID: <467F0BCD.2030805@syska.dk> Hi, Res wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > NotDashEscaped: You need GnuPG to verify this message > > On Sun, 24 Jun 2007, Richard Lynch wrote: > >> Just a quick comment. ClamAV 0.91 will greatly improve the DB load >> time. RC2 was released today and DB load time is an order of >> magnitude faster. > > I hope so, we are trying to move away from f-prot which has never > given us any issues, it handles it way better, many many times more > efficiently > and faster then clamav which has given us loads well in excess of 15 > on key servers, f-prot rarely if ever above 1. > > > * Moving away from f-prot because of the stupid per mailbox licensing > that would see us pay them 1/2 million dollars for our sec MX alone on > the "off chance" it *might* have to handle all mail for every domain, > they want to be greedy, so now they get bloody nothing and we'll keep > clam on it and maybe try clam on key servers again to see if they keel > over :) > Just moved from clamav to clamavmodule for scanning mail ... in a few days I will see if it catches all the viruses ... Before the batch time was 100+ seconds, now its 6+ seconds ...... maybe also a restart of the server would have been a good idea before trying to make the change ... but because its so far away, I would not do that before i'm at the location again ... just a little personal testing server ... Running: FreeBSD 6.2 MailScanner-4.60.8_2 clamav-0.90.3 p5-Mail-ClamAV-0.20 // ouT From res at ausics.net Mon Jun 25 06:40:54 2007 From: res at ausics.net (Res) Date: Mon Jun 25 06:41:02 2007 Subject: AW: Mailscanner Taking to long to Process Incoming Email In-Reply-To: <467F0BCD.2030805@syska.dk> References: <4f62944fb4688742bceb11ea064830da@kmjeuro.com> <467EF524.80002@mail.wvnet.edu> <467F0BCD.2030805@syska.dk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NotDashEscaped: You need GnuPG to verify this message On Mon, 25 Jun 2007, Mikael Syska wrote: > Just moved from clamav to clamavmodule for scanning mail ... in a few days I > will see if it catches all the viruses ... Be careful, if you have a really really busy system, under peak uses where there was constantly hundreds and hundreds in the queue we found that clamavmodule bailed often, so we stopped using it (this was about 2 years ago) and moved to f-prot on those servers since other key servers that were already running f-prot for many years, and already proved most reliable and fast, but have no problems with clam on general use servers with lighter traffic. -- Cheers Res -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGf1VmsWhAmSIQh7MRAtBGAJ0XbpZv91DXedx2N3HZJYTipI1h/QCgpTEY 7ZLH+q4UXqk6xsfdO0IP8z8= =AHWq -----END PGP SIGNATURE----- From jan-peter at koopmann.eu Mon Jun 25 07:27:57 2007 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Mon Jun 25 07:27:40 2007 Subject: Mailscanner Taking to long to Process Incoming Email In-Reply-To: References: <4666cca90706240920s6e7f2282g6e0a921f0fcb6c19@mail.gmail.com> Message-ID: > had the same on about 200 servers. changed a few ones for testing to > clamdscan and cpu usage gone done to normal. looks like loading the > clamav database over end over with each task was too much. but the > original included clamav-wrapper is not really good for clamdscan. i > have lot of errors in the syslog and looks like there are other changed > needed too. anybody have a good script for clamdscan on freebsd and > also > a way to get the -r out of the call of the wrapper script? I am currently running clamd-wrapper without any issues. What are the problems you are seeing? Moreover if my understanding is correct, the newest MailScanner will talk to clamd directly so no more needs for clam*-wrapper. From jan-peter at koopmann.eu Mon Jun 25 07:31:06 2007 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Mon Jun 25 07:30:59 2007 Subject: Doubts about PF, what are the pros/cons about other MTAs? In-Reply-To: References: <467E9AD4.5080200@syska.dk> <467EBB17.2040205@fractalweb.com> Message-ID: > Exim seem to extend Sendmail or am I wrong here ? Yes you are. :-) Exim is totally different from Sendmail. Different setup, lots of more/extended functionality etc. Personally I like it a lot better than Sendmail but that does not make it "better". Postfix (and Sendmail I presume) are supposed to handle large (and I mean LARGE) e-mail volumes better than Exim though. From jan-peter at koopmann.eu Mon Jun 25 07:35:38 2007 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Mon Jun 25 07:35:19 2007 Subject: Beta release 4.61.3 In-Reply-To: References: <4671129F.80201@ecs.soton.ac.uk> <20070614112002.C2A4EFF0F@mx-a.vdnet.lt><4673FED5.6030306@ecs.soton.ac.uk> <467BAF3E.1000600@tradoc.fr> <7EF0EE5CB3B263488C8C18823239BEBAF796FF@HC-MBX02.herefordshire.gov.uk><467BBD5B.4050902@tradoc.fr> Message-ID: Hi Jules, > > This could be a configuration option, I suppose, yes, or else you > > could simply check whether the spamassassin *.pre files include a > > (non-commented) loadplugin line for Rule2XSBody. > Good idea. It now looks for an uncommented loadplugin line in > /etc/mail/spamassassin/*.pre. The FreeBSD default location is /usr/local/etc/mail/spamassassin and god knows what other locations exist/are valid. I do not think it is a good idea to try to detect it automatically via *.pre search. If you do, please tell me where so I can patch it in the FreeBSD port. From ajs at vifilfell.is Mon Jun 25 09:45:54 2007 From: ajs at vifilfell.is (ajs@vifilfell.is) Date: Mon Jun 25 09:52:30 2007 Subject: bug in Mailscanner 4.60.8-1? In-Reply-To: <467BEDEB.1040008@halla.pt> Message-ID: sure. on gentoo you'll find the 'magic' file in '/usr/share/misc/file/magic'. on red hat it's located at '/usr/share/file/magic'. change to the appropriate directory. open the file with an editor and look for this line : 0 byte 0xe9 MS-DOS executable (COM) 0xe9 is hex for '?'. just comment it out. then compile the file with the command : file -C cheers, asgeir. Jorge Costinha Sent by: mailscanner-bounces@lists.mailscanner.info 22.06.2007 15:42 Please respond to MailScanner discussion To MailScanner discussion cc Subject Re: bug in Mailscanner 4.60.8-1? can you be a little more specific? thanks Jorge. ajs@vifilfell.is wrote: > this has actually nothing to do with mailscanner. > > this is related to the 'file' command. you have to locate and edit a file > called 'magic' and then recompile it to 'magic.mgc'. > > cheers, asgeir. > > > > > Jorge Costinha > Sent by: mailscanner-bounces@lists.mailscanner.info > 22.06.2007 14:34 > Please respond to > MailScanner discussion > > > To > MailScanner discussion > cc > > Subject > Re: bug in Mailscanner 4.60.8-1? > > > > > > > > > i mean the character: ? > > > > Jorge Costinha wrote: > >> this is so bizarre! >> >> if i send the simplest mail there is with only 1 charater the >> character: _*?*_ , no attachsments at all. somehow it matches the >> filetype EXE/COM rules and i get the usual bounce back: >> >> >> "Warning: This message has had one or more attachments removed >> Warning: (the entire message). >> Warning: Please read the "HCC-mx-Attachment-Warning.txt" attachment(s) >> for more information. >> >> This is a message from the MailScanner E-Mail Virus Protection Service >> ---------------------------------------------------------------------- >> The original e-mail attachment "the entire message" >> is on the list of unacceptable attachments for this site and has been >> replaced by this warning message. >> >> If you wish to receive a copy of the original attachment, please >> e-mail helpdesk and include the whole of this message >> in your request. Alternatively, you can call them, with >> the contents of this message to hand when you call. >> >> At Fri Jun 22 11:43:32 2007 the virus scanner said: >> MailScanner: No programs allowed (msg-18164-12.txt) >> >> Note to Help Desk: Look on the HCC-mx (mx.halla.pt) MailScanner in >> /var/spool/MailScanner/quarantine/20070622 (message l5MAhVa5021067). >> " >> >> thank you, >> Jorge >> >> >> >> > > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From jlcostinha at halla.pt Mon Jun 25 10:20:05 2007 From: jlcostinha at halla.pt (Jorge Costinha) Date: Mon Jun 25 10:20:23 2007 Subject: bug in Mailscanner 4.60.8-1? In-Reply-To: References: Message-ID: <467F88C5.4020302@halla.pt> thanks a lot. allow me another question, is there any drawbacks of doing that? TIA Jorge. ajs@vifilfell.is wrote: > sure. > > on gentoo you'll find the 'magic' file in '/usr/share/misc/file/magic'. > on red hat it's located at '/usr/share/file/magic'. > change to the appropriate directory. open the file with an editor and look > for this line : > > 0 byte 0xe9 MS-DOS executable (COM) > > 0xe9 is hex for '?'. just comment it out. then compile the file with the > command : > > file -C > > cheers, asgeir. > > > > > > Jorge Costinha > Sent by: mailscanner-bounces@lists.mailscanner.info > 22.06.2007 15:42 > Please respond to > MailScanner discussion > > > To > MailScanner discussion > cc > > Subject > Re: bug in Mailscanner 4.60.8-1? > > > > > > > > > can you be a little more specific? > > thanks > Jorge. > > ajs@vifilfell.is wrote: > >> this has actually nothing to do with mailscanner. >> >> this is related to the 'file' command. you have to locate and edit a >> > file > >> called 'magic' and then recompile it to 'magic.mgc'. >> >> cheers, asgeir. >> >> >> >> >> Jorge Costinha >> Sent by: mailscanner-bounces@lists.mailscanner.info >> 22.06.2007 14:34 >> Please respond to >> MailScanner discussion >> >> >> To >> MailScanner discussion >> cc >> >> Subject >> Re: bug in Mailscanner 4.60.8-1? >> >> >> >> >> >> >> >> >> i mean the character: ? >> >> >> >> Jorge Costinha wrote: >> >> >>> this is so bizarre! >>> >>> if i send the simplest mail there is with only 1 charater the >>> character: _*?*_ , no attachsments at all. somehow it matches the >>> filetype EXE/COM rules and i get the usual bounce back: >>> >>> >>> "Warning: This message has had one or more attachments removed >>> Warning: (the entire message). >>> Warning: Please read the "HCC-mx-Attachment-Warning.txt" attachment(s) >>> for more information. >>> >>> This is a message from the MailScanner E-Mail Virus Protection Service >>> ---------------------------------------------------------------------- >>> The original e-mail attachment "the entire message" >>> is on the list of unacceptable attachments for this site and has been >>> replaced by this warning message. >>> >>> If you wish to receive a copy of the original attachment, please >>> e-mail helpdesk and include the whole of this message >>> in your request. Alternatively, you can call them, with >>> the contents of this message to hand when you call. >>> >>> At Fri Jun 22 11:43:32 2007 the virus scanner said: >>> MailScanner: No programs allowed (msg-18164-12.txt) >>> >>> Note to Help Desk: Look on the HCC-mx (mx.halla.pt) MailScanner in >>> /var/spool/MailScanner/quarantine/20070622 (message l5MAhVa5021067). >>> " >>> >>> thank you, >>> Jorge >>> >>> >>> >>> >>> >> >> >> > > > > From glenn.steen at gmail.com Mon Jun 25 10:29:13 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 25 10:29:15 2007 Subject: bug in Mailscanner 4.60.8-1? In-Reply-To: <467F88C5.4020302@halla.pt> References: <467F88C5.4020302@halla.pt> Message-ID: <223f97700706250229n38323d4dq113bab379d905e39@mail.gmail.com> On 25/06/07, Jorge Costinha wrote: > thanks a lot. > > allow me another question, is there any drawbacks of doing that? That is more philosophical than technical:-). One answer is: Not really. COM files are not that common, any more, most attack vectors are covered by your AV(s)... And they are a prime example of a really bad magic for detecting a file type... When interpreted by a human, that's not really a problem, it only becomes a problem when used in MS. Edit away...;-) > TIA > > Jorge. > > ajs@vifilfell.is wrote: > > sure. > > > > on gentoo you'll find the 'magic' file in '/usr/share/misc/file/magic'. > > on red hat it's located at '/usr/share/file/magic'. > > change to the appropriate directory. open the file with an editor and look > > for this line : > > > > 0 byte 0xe9 MS-DOS executable (COM) > > > > 0xe9 is hex for '?'. just comment it out. then compile the file with the > > command : > > > > file -C > > > > cheers, asgeir. > > > > > > > > > > > > Jorge Costinha > > Sent by: mailscanner-bounces@lists.mailscanner.info > > 22.06.2007 15:42 > > Please respond to > > MailScanner discussion > > > > > > To > > MailScanner discussion > > cc > > > > Subject > > Re: bug in Mailscanner 4.60.8-1? > > > > > > > > > > > > > > > > > > can you be a little more specific? > > > > thanks > > Jorge. > > > > ajs@vifilfell.is wrote: > > > >> this has actually nothing to do with mailscanner. > >> > >> this is related to the 'file' command. you have to locate and edit a > >> > > file > > > >> called 'magic' and then recompile it to 'magic.mgc'. > >> > >> cheers, asgeir. > >> > >> > >> > >> > >> Jorge Costinha > >> Sent by: mailscanner-bounces@lists.mailscanner.info > >> 22.06.2007 14:34 > >> Please respond to > >> MailScanner discussion > >> > >> > >> To > >> MailScanner discussion > >> cc > >> > >> Subject > >> Re: bug in Mailscanner 4.60.8-1? > >> > >> > >> > >> > >> > >> > >> > >> > >> i mean the character: ? > >> > >> > >> > >> Jorge Costinha wrote: > >> > >> > >>> this is so bizarre! > >>> > >>> if i send the simplest mail there is with only 1 charater the > >>> character: _*?*_ , no attachsments at all. somehow it matches the > >>> filetype EXE/COM rules and i get the usual bounce back: > >>> > >>> > >>> "Warning: This message has had one or more attachments removed > >>> Warning: (the entire message). > >>> Warning: Please read the "HCC-mx-Attachment-Warning.txt" attachment(s) > >>> for more information. > >>> > >>> This is a message from the MailScanner E-Mail Virus Protection Service > >>> ---------------------------------------------------------------------- > >>> The original e-mail attachment "the entire message" > >>> is on the list of unacceptable attachments for this site and has been > >>> replaced by this warning message. > >>> > >>> If you wish to receive a copy of the original attachment, please > >>> e-mail helpdesk and include the whole of this message > >>> in your request. Alternatively, you can call them, with > >>> the contents of this message to hand when you call. > >>> > >>> At Fri Jun 22 11:43:32 2007 the virus scanner said: > >>> MailScanner: No programs allowed (msg-18164-12.txt) > >>> > >>> Note to Help Desk: Look on the HCC-mx (mx.halla.pt) MailScanner in > >>> /var/spool/MailScanner/quarantine/20070622 (message l5MAhVa5021067). > >>> " > >>> > >>> thank you, > >>> Jorge > >>> > >>> > >>> > >>> > >>> > >> > >> > >> > > > > > > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ajs at vifilfell.is Mon Jun 25 10:23:26 2007 From: ajs at vifilfell.is (ajs@vifilfell.is) Date: Mon Jun 25 10:30:03 2007 Subject: bug in Mailscanner 4.60.8-1? In-Reply-To: <467F88C5.4020302@halla.pt> Message-ID: not that I'm aware of. some distributions have this line commented out by default. asgeir. Jorge Costinha Sent by: mailscanner-bounces@lists.mailscanner.info 25.06.2007 09:20 Please respond to MailScanner discussion To MailScanner discussion cc Subject Re: bug in Mailscanner 4.60.8-1? thanks a lot. allow me another question, is there any drawbacks of doing that? TIA Jorge. ajs@vifilfell.is wrote: > sure. > > on gentoo you'll find the 'magic' file in '/usr/share/misc/file/magic'. > on red hat it's located at '/usr/share/file/magic'. > change to the appropriate directory. open the file with an editor and look > for this line : > > 0 byte 0xe9 MS-DOS executable (COM) > > 0xe9 is hex for '?'. just comment it out. then compile the file with the > command : > > file -C > > cheers, asgeir. > > > > > > Jorge Costinha > Sent by: mailscanner-bounces@lists.mailscanner.info > 22.06.2007 15:42 > Please respond to > MailScanner discussion > > > To > MailScanner discussion > cc > > Subject > Re: bug in Mailscanner 4.60.8-1? > > > > > > > > > can you be a little more specific? > > thanks > Jorge. > > ajs@vifilfell.is wrote: > >> this has actually nothing to do with mailscanner. >> >> this is related to the 'file' command. you have to locate and edit a >> > file > >> called 'magic' and then recompile it to 'magic.mgc'. >> >> cheers, asgeir. >> >> >> >> >> Jorge Costinha >> Sent by: mailscanner-bounces@lists.mailscanner.info >> 22.06.2007 14:34 >> Please respond to >> MailScanner discussion >> >> >> To >> MailScanner discussion >> cc >> >> Subject >> Re: bug in Mailscanner 4.60.8-1? >> >> >> >> >> >> >> >> >> i mean the character: ? >> >> >> >> Jorge Costinha wrote: >> >> >>> this is so bizarre! >>> >>> if i send the simplest mail there is with only 1 charater the >>> character: _*?*_ , no attachsments at all. somehow it matches the >>> filetype EXE/COM rules and i get the usual bounce back: >>> >>> >>> "Warning: This message has had one or more attachments removed >>> Warning: (the entire message). >>> Warning: Please read the "HCC-mx-Attachment-Warning.txt" attachment(s) >>> for more information. >>> >>> This is a message from the MailScanner E-Mail Virus Protection Service >>> ---------------------------------------------------------------------- >>> The original e-mail attachment "the entire message" >>> is on the list of unacceptable attachments for this site and has been >>> replaced by this warning message. >>> >>> If you wish to receive a copy of the original attachment, please >>> e-mail helpdesk and include the whole of this message >>> in your request. Alternatively, you can call them, with >>> the contents of this message to hand when you call. >>> >>> At Fri Jun 22 11:43:32 2007 the virus scanner said: >>> MailScanner: No programs allowed (msg-18164-12.txt) >>> >>> Note to Help Desk: Look on the HCC-mx (mx.halla.pt) MailScanner in >>> /var/spool/MailScanner/quarantine/20070622 (message l5MAhVa5021067). >>> " >>> >>> thank you, >>> Jorge >>> >>> >>> >>> >>> >> >> >> > > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From cyprix at cyprix.com.au Mon Jun 25 12:58:56 2007 From: cyprix at cyprix.com.au (Sam Bailey) Date: Mon Jun 25 12:59:02 2007 Subject: Error with virus scanning Message-ID: <467FAE00.50601@cyprix.com.au> Hi Everyone, Installed MailScanner for the first time via Mandriva rpm, and got most things working except for this message in my logs: MailScanner[9019]: Virus and Content Scanning: Starting MailScanner[9019]: ERROR: Unable to open file or directory MailScanner[9019]: Requeue: XXXXXXXXXXXX.XXXXX to XXXXXXXXXXXX I'm using MailScanner 4.55.9 with SpamAssassin module and ClamAV 0.90 under Mandriva Linux 2007.1 Spring. I thought that maybe the permissions weren't right somewhere but I was unable to work out what I needed to change. It is definentally a real problem as I belive it may be allowing the infected mail to be tagged as safe. Any help would be much appreciated. Thanks in advance Sam Bailey -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Mon Jun 25 13:26:54 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jun 25 13:27:03 2007 Subject: Error with virus scanning In-Reply-To: <467FAE00.50601@cyprix.com.au> References: <467FAE00.50601@cyprix.com.au> Message-ID: <223f97700706250526wb7bf135scfb026421a60a5f4@mail.gmail.com> On 25/06/07, Sam Bailey wrote: > Hi Everyone, > > Installed MailScanner for the first time via Mandriva rpm, and got most > things working except for this message in my logs: > > MailScanner[9019]: Virus and Content Scanning: Starting > MailScanner[9019]: ERROR: Unable to open file or directory > MailScanner[9019]: Requeue: XXXXXXXXXXXX.XXXXX to XXXXXXXXXXXX > > I'm using MailScanner 4.55.9 with SpamAssassin module and ClamAV 0.90 under Mandriva Linux 2007.1 Spring. > > I thought that maybe the permissions weren't right somewhere but I was unable to work out what I needed to change. > It is definentally a real problem as I belive it may be allowing the infected mail to be tagged as safe. > > Any help would be much appreciated. > > Thanks in advance > > Sam Bailey > Hi Sam, I'm running essentially what you do (2007.0, newest MailScanner ....:-), with no problem... This mioght be a few things... Like a typo in the MailScanner.conf file. You could check that with "MailScanner --lint". Or perhaps you claim to have some tool, but in reality haven't installed it (like hardcoding to use clamav for Virus Scanners, while not having installed it, File Command = /usr/bin/file, but not installed the actual file command etc). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From chris at clh.org.uk Mon Jun 25 13:33:54 2007 From: chris at clh.org.uk (Chris Hardy) Date: Mon Jun 25 13:35:34 2007 Subject: mailscanner rules order? Message-ID: <467FB632.1020404@clh.org.uk> Can someone tell me / point me in the direction of the order that mailscanner's rules are implemented? The reason i ask is that we have an email address in the whitelist, but it still won't let us receive attachments from them. So is it something like: Anti-virus, dodgey filenames, anti-spam ? Where does the whitelist fit in? Thanks for help / advice. chris -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solidstatelogic.com Mon Jun 25 13:36:27 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Jun 25 13:36:26 2007 Subject: Error with virus scanning In-Reply-To: <223f97700706250526wb7bf135scfb026421a60a5f4@mail.gmail.com> Message-ID: <028727f37bbfbb4ba5f4c9ddcfb6c03b@solidstatelogic.com> I'd check the outgoing queue is OK. Stop MailScanner then run "MailScanner -debug" and it'll give you more clues. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Glenn Steen > Sent: 25 June 2007 13:27 > To: MailScanner discussion > Subject: Re: Error with virus scanning > > On 25/06/07, Sam Bailey wrote: > > Hi Everyone, > > > > Installed MailScanner for the first time via Mandriva rpm, and got most > > things working except for this message in my logs: > > > > MailScanner[9019]: Virus and Content Scanning: Starting > > MailScanner[9019]: ERROR: Unable to open file or directory > > MailScanner[9019]: Requeue: XXXXXXXXXXXX.XXXXX to XXXXXXXXXXXX > > > > I'm using MailScanner 4.55.9 with SpamAssassin module and ClamAV 0.90 > under Mandriva Linux 2007.1 Spring. > > > > I thought that maybe the permissions weren't right somewhere but I was > unable to work out what I needed to change. > > It is definentally a real problem as I belive it may be allowing the > infected mail to be tagged as safe. > > > > Any help would be much appreciated. > > > > Thanks in advance > > > > Sam Bailey > > > Hi Sam, > > I'm running essentially what you do (2007.0, newest MailScanner > ....:-), with no problem... > This mioght be a few things... Like a typo in the MailScanner.conf > file. You could check that with "MailScanner --lint". Or perhaps you > claim to have some tool, but in reality haven't installed it (like > hardcoding to use clamav for Virus Scanners, while not having > installed it, File Command = /usr/bin/file, but not installed the > actual file command etc). > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From martinh at solidstatelogic.com Mon Jun 25 13:44:08 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Jun 25 13:44:08 2007 Subject: mailscanner rules order? In-Reply-To: <467FB632.1020404@clh.org.uk> Message-ID: Which whitelist - there are several... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Chris Hardy > Sent: 25 June 2007 13:34 > To: mailscanner@lists.mailscanner.info > Subject: mailscanner rules order? > > Can someone tell me / point me in the direction of the order that > mailscanner's rules are implemented? > > The reason i ask is that we have an email address in the whitelist, but > it still won't let us receive attachments from them. > > So is it something like: Anti-virus, dodgey filenames, anti-spam ? Where > does the whitelist fit in? > > Thanks for help / advice. > > chris > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Mon Jun 25 14:24:32 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 25 14:29:45 2007 Subject: Beta release 4.61.3 In-Reply-To: References: <4671129F.80201@ecs.soton.ac.uk> <20070614112002.C2A4EFF0F@mx-a.vdnet.lt><4673FED5.6030306@ecs.soton.ac.uk> <467BAF3E.1000600@tradoc.fr> <7EF0EE5CB3B263488C8C18823239BEBAF796FF@HC-MBX02.herefordshire.gov.uk><467BBD5B.4050902@tradoc.fr> Message-ID: <467FC210.6020607@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070625/8f3a9daa/PGP.bin From MailScanner at ecs.soton.ac.uk Mon Jun 25 14:28:01 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 25 14:31:28 2007 Subject: mailscanner rules order? In-Reply-To: <467FB632.1020404@clh.org.uk> References: <467FB632.1020404@clh.org.uk> Message-ID: <467FC2E1.5080607@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Any whitelist I supply is just a normal ruleset, which is applied to some configuration option or other. Look for the filename of the "whitelist" file in your MailScanner.conf and you'll see where it is applied. You can add rulesets to virtually any configuration option, so you can create as many whitelists as you want. Chris Hardy wrote: > Can someone tell me / point me in the direction of the order that > mailscanner's rules are implemented? > > The reason i ask is that we have an email address in the whitelist, > but it still won't let us receive attachments from them. > > So is it something like: Anti-virus, dodgey filenames, anti-spam ? > Where does the whitelist fit in? > > Thanks for help / advice. > > chris > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFGf8LrEfZZRxQVtlQRApyCAKCn1zmWOHe9epovtNmm3W5udQIg+gCgpA4J Xg/naBkGVQTqFNLU8Bpdz5w= =yqDd -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From stinkybob at gmail.com Mon Jun 25 16:20:05 2007 From: stinkybob at gmail.com (Eugene MacDougal) Date: Mon Jun 25 16:20:09 2007 Subject: update_phishing_sites on solaris 10 Message-ID: <2579c6b20706250820s400cd621l539a4e83f436ddc4@mail.gmail.com> I'm running MS 4.60.8 on Solaris 10 and had the following problem with update_phishing_sites: # ./update_phishing_sites ./update_phishing_sites: wget: not found ./update_phishing_sites: curl: not found Cannot find wget or curl to do phishing sites update. I knew that I had wget installed so I checked the PATH in the update script. Solaris 9 and 10 have a "/usr/sfw/bin" where it puts software that was obtained through sunfreeware.com (mostly gnu type stuff). I went ahead and made a patch that can hopefully be included. ***begin patch --- update_phishing_sites Wed Jun 7 14:27:09 2006 +++ update_phishing_sites.new Mon Jun 25 10:15:04 2007 @@ -31,7 +31,7 @@ # United Kingdom # -PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/etc:/usr/local/bin +PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/etc:/usr/local/bin:/usr/sfw/bin export PATH if [ -d /opt/MailScanner/etc ]; then ***end patch Also, is there a more appropriate way for submitting patches? -Eugene -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070625/b3eb9d60/attachment.html From wendiw at itasoftware.com Mon Jun 25 16:22:25 2007 From: wendiw at itasoftware.com (Wendi Whitsett) Date: Mon Jun 25 16:22:29 2007 Subject: high spam score value Message-ID: <467FDDB1.1000109@itasoftware.com> What's a good value for 'high spamassassin score' ? The default is 10 but that may be a bit too high. Anyone have any experience with these scoring/actions... thks -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3257 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070625/6c27866c/smime.bin From mikael at syska.dk Mon Jun 25 16:56:30 2007 From: mikael at syska.dk (mikael@syska.dk) Date: Mon Jun 25 16:58:49 2007 Subject: Doubts about PF, what are the pros/cons about other MTAs? In-Reply-To: References: <467E9AD4.5080200@syska.dk> <467EBB17.2040205@fractalweb.com> Message-ID: <44287.130.225.184.24.1182786990.squirrel@mail.syska.dk> Hej, >> Exim seem to extend Sendmail or am I wrong here ? > > Yes you are. :-) Exim is totally different from Sendmail. Different > setup, lots of more/extended functionality etc. > > Personally I like it a lot better than Sendmail but that does not make > it "better". Postfix (and Sendmail I presume) are supposed to handle > large (and I mean LARGE) e-mail volumes better than Exim though. Large volumen is ... this setup is only going to handle about 20k messages per day ... and then spam is probebly 19k of theese messages. Dont know if that alot ... I just want to best system, as simple as it can be. So ... guess I will go for postfix, since that the one I know most about ... > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! // ouT From lists at jfworks.net Mon Jun 25 17:59:50 2007 From: lists at jfworks.net (James) Date: Mon Jun 25 18:00:28 2007 Subject: high spam score value In-Reply-To: <467FDDB1.1000109@itasoftware.com> References: <467FDDB1.1000109@itasoftware.com> Message-ID: <467FF486.4010005@jfworks.net> Wendi Whitsett wrote: > What's a good value for 'high spamassassin score' ? > The default is 10 but that may be a bit too high. Anyone have any > experience with these scoring/actions... > thks > We use the default value for "High SpamAssassin Score" and it works just fine, or should I say I haven't gotten any phone calls that ended up with me changing this score. We delete on "High SpamAssassin Score" From hvdkooij at vanderkooij.org Mon Jun 25 18:09:16 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Jun 25 18:10:44 2007 Subject: high spam score value In-Reply-To: <467FDDB1.1000109@itasoftware.com> References: <467FDDB1.1000109@itasoftware.com> Message-ID: On Mon, 25 Jun 2007, Wendi Whitsett wrote: > What's a good value for 'high spamassassin score' ? > The default is 10 but that may be a bit too high. Anyone have any experience > with these scoring/actions... Check your logs. Whatever I use is likely NOT what you can use. If you check the logs you should be able to tell if there is any likely hood of HAM passing with > N points. If you did not yet install MailWatch then do so now and use it to inspect the various ranges. See what sort of traffic you have with 1 < N < 2 points for example. Then 2 < N 3 point, and so on. That should tell you everything you need to know. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From MailScanner at ecs.soton.ac.uk Mon Jun 25 18:11:46 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 25 18:15:12 2007 Subject: Doubts about PF, what are the pros/cons about other MTAs? In-Reply-To: <44287.130.225.184.24.1182786990.squirrel@mail.syska.dk> References: <467E9AD4.5080200@syska.dk> <467EBB17.2040205@fractalweb.com> <44287.130.225.184.24.1182786990.squirrel@mail.syska.dk> Message-ID: <467FF752.2020104@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070625/5d913bc4/PGP.bin From k.joch at kmjeuro.com Mon Jun 25 19:26:51 2007 From: k.joch at kmjeuro.com (Karl M. Joch) Date: Mon Jun 25 19:26:57 2007 Subject: AW: Mailscanner Taking to long to Process Incoming Email In-Reply-To: Message-ID: <5cf40da2775ae047b29d7920efae9ec7@kmjeuro.com> > -----Urspr?ngliche Nachricht----- > Von: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] Im > Auftrag von Koopmann, Jan-Peter > Gesendet: Montag, 25. Juni 2007 08:28 > An: MailScanner discussion > Betreff: RE: Mailscanner Taking to long to Process Incoming Email > > > had the same on about 200 servers. changed a few ones for testing to > > clamdscan and cpu usage gone done to normal. looks like loading the > > clamav database over end over with each task was too much. but the > > original included clamav-wrapper is not really good for clamdscan. i > > have lot of errors in the syslog and looks like there are other > changed > > needed too. anybody have a good script for clamdscan on freebsd and > > also > > a way to get the -r out of the call of the wrapper script? > > I am currently running clamd-wrapper without any issues. What are the > problems you are seeing? Moreover if my understanding is correct, the > newest MailScanner will talk to clamd directly so no more needs for > clam*-wrapper. > > i get the following: Jun 25 20:20:27 sv07e MailScanner[60923]: Virus and Content Scanning: Starting Jun 25 20:20:27 sv07e MailScanner[60923]: WARNING: Ignoring option --tempdir Jun 25 20:20:27 sv07e MailScanner[60923]: WARNING: Ignoring option --recursive (-r) Jun 25 20:20:27 sv07e MailScanner[60923]: WARNING: Ignoring option --unrar where tempdir is set in clamav-wrapper and i think is to be removed for clamdscan. but the -r and --unrar i havnt found. but all other things is running smoothly with clamdscan. this one makes about 80000 mails a day and had not problems with scanning, using clamdscan since a few days. running 4.57.6 with sendmail and clamav on FreeBSD 5.5 and 6.2 karl From MailScanner at ecs.soton.ac.uk Mon Jun 25 21:16:08 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 25 21:18:29 2007 Subject: AW: Mailscanner Taking to long to Process Incoming Email In-Reply-To: <5cf40da2775ae047b29d7920efae9ec7@kmjeuro.com> References: <5cf40da2775ae047b29d7920efae9ec7@kmjeuro.com> Message-ID: <46802288.1050501@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070625/4ee451c5/PGP.bin From jase at sensis.com Mon Jun 25 22:08:23 2007 From: jase at sensis.com (Desai, Jason) Date: Mon Jun 25 22:08:40 2007 Subject: "unknown string noticesizeinfected" Message-ID: <1951DC816E1A9F469307B05FA183F4389DC625@corpatsmail1.corp.sensis.com> Julian, FYI - In my mail logs, I am getting MailScanner[20142]: Looked up unknown string noticesizeinfected in language translation file /opt/MailScanner/etc/reports/en/languages.conf This is with the tar.gz install (MailScanner-install-4.60.8-1.tar.gz). I have checked, and I don't see noticesizeinfected in the languages.conf file in the distribution. Jase From MailScanner at ecs.soton.ac.uk Mon Jun 25 22:16:52 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jun 25 22:18:45 2007 Subject: "unknown string noticesizeinfected" In-Reply-To: <1951DC816E1A9F469307B05FA183F4389DC625@corpatsmail1.corp.sensis.com> References: <1951DC816E1A9F469307B05FA183F4389DC625@corpatsmail1.corp.sensis.com> Message-ID: <468030C4.6010109@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just checked the master source tree, and the word noticesizeinfected doesn't appear anywhere. Can you do a hunt in /usr/lib/MailScanner/MailScanner/* to see where it appears please? Desai, Jason wrote: > Julian, > > FYI - In my mail logs, I am getting > > MailScanner[20142]: Looked up unknown string noticesizeinfected in > language translation file /opt/MailScanner/etc/reports/en/languages.conf > > This is with the tar.gz install (MailScanner-install-4.60.8-1.tar.gz). > I have checked, and I don't see noticesizeinfected in the languages.conf > file in the distribution. > > Jase > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFGgDDHEfZZRxQVtlQRAr7dAJsG3b6GBUrMxP21tAUaCB2CSmQBMwCffav2 BxiQvV331YI73hfY6MuFLmA= =vCyE -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From jase at sensis.com Mon Jun 25 23:04:08 2007 From: jase at sensis.com (Desai, Jason) Date: Mon Jun 25 23:04:26 2007 Subject: "unknown string noticesizeinfected" In-Reply-To: <468030C4.6010109@ecs.soton.ac.uk> Message-ID: <1951DC816E1A9F469307B05FA183F4389DC626@corpatsmail1.corp.sensis.com> Strangely enough, I don't see the string "noticesizeinfected" anywhere in the MailScanner code either. I do have a slightly different version of languages.conf - not sure if it matters or not, but here's the diff from the distributed version: # diff -u MailScanner-4.60.8.dist/etc/reports/en/languages.conf MailScanner/etc/reports/en/languages.conf --- MailScanner-4.60.8.dist/etc/reports/en/languages.conf 2006-10-10 08:56:27.000000000 -0400 +++ MailScanner/etc/reports/en/languages.conf 2007-06-12 10:38:34.000000000 -0400 @@ -56,8 +56,8 @@ Report = Report # Used in virus reports TooBig = Message is too large -AttachmentTooLarge = Attachment is too large -AttachmentTooSmall = Attachment is too small +AttachmentTooLarge = Attachment is too large (too-large) +AttachmentTooSmall = Attachment is too small (too-small) TooManyAttachments = Too many attachments in message # Used in filename/filetype/content reports MailScanner = MailScanner Jase > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have just checked the master source tree, and the word > noticesizeinfected doesn't appear anywhere. > Can you do a hunt in /usr/lib/MailScanner/MailScanner/* to > see where it > appears please? > > Desai, Jason wrote: > > Julian, > > > > FYI - In my mail logs, I am getting > > > > MailScanner[20142]: Looked up unknown string noticesizeinfected in > > language translation file > /opt/MailScanner/etc/reports/en/languages.conf > > > > This is with the tar.gz install > (MailScanner-install-4.60.8-1.tar.gz). > > I have checked, and I don't see noticesizeinfected in the > languages.conf > > file in the distribution. > > > > Jase > > > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.2 (Build 2014) > Charset: ISO-8859-1 > > wj8DBQFGgDDHEfZZRxQVtlQRAr7dAJsG3b6GBUrMxP21tAUaCB2CSmQBMwCffav2 > BxiQvV331YI73hfY6MuFLmA= > =vCyE > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From cleveland at winnefox.org Mon Jun 25 23:24:24 2007 From: cleveland at winnefox.org (Jody Cleveland) Date: Mon Jun 25 23:24:57 2007 Subject: Postfix Address Verification Message-ID: Hello, I've got a RedHat 5 server with Postfix and MailScanner. This server checks all incoming mail and then forwards it on to an Exchange server. I'm looking for a way to verify recipients without touching active directory. Will either of these work at all? smtpd_recipient_restrictions = reject_unauth_destination smtpd_recipient_restrictions = reject_unverified_recipient - jody From r.berber at computer.org Tue Jun 26 00:31:59 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Tue Jun 26 00:32:31 2007 Subject: update_phishing_sites on solaris 10 In-Reply-To: <2579c6b20706250820s400cd621l539a4e83f436ddc4@mail.gmail.com> References: <2579c6b20706250820s400cd621l539a4e83f436ddc4@mail.gmail.com> Message-ID: Eugene MacDougal wrote: > I'm running MS 4.60.8 on Solaris 10 and had the following problem with > update_phishing_sites: > > # ./update_phishing_sites > ./update_phishing_sites: wget: not found > ./update_phishing_sites: curl: not found > Cannot find wget or curl to do phishing sites update. > > I knew that I had wget installed so I checked the PATH in the update > script. Solaris 9 and 10 have a "/usr/sfw/bin" where it puts software > that was obtained through sunfreeware.com > (mostly gnu type stuff). Not true, /usr/sfw/bin is the standard Sun location for open source software included with Solaris. Anything you get from sunfreeware is installed under /usr/local. You only need to modify the PATH if you are using the programs installed by Solaris, usually old versions (very old in the case of Solaris 9). If you had newer ones from sunfreeware you wouldn't need to change the PATH. [snip] -- Ren? Berber From shuttlebox at gmail.com Tue Jun 26 08:22:37 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Jun 26 08:22:41 2007 Subject: update_phishing_sites on solaris 10 In-Reply-To: References: <2579c6b20706250820s400cd621l539a4e83f436ddc4@mail.gmail.com> Message-ID: <625385e30706260022y6ff403c9n30c1466188937522@mail.gmail.com> On 6/26/07, Ren? Berber wrote: > You only need to modify the PATH if you are using the programs installed by > Solaris, usually old versions (very old in the case of Solaris 9). If you had > newer ones from sunfreeware you wouldn't need to change the PATH. Suns version of wget is perfectly capable of downloading a file, changing the path in the MS source once is a much more simple solution than for everyone to get an unneeded extra package. -- /peter From list-mailscanner at linguaphone.com Tue Jun 26 08:57:00 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue Jun 26 08:57:22 2007 Subject: Postfix Address Verification In-Reply-To: References: Message-ID: <1182844619.26893.2.camel@gblades-suse.linguaphone-intranet.co.uk> See http://www.mailscanner.info/wiki/doku.php?id=documentation:configuration:mta:postfix:how_to:reject_non_existent_users Thats what I do and it works very well. Just make sure Exchange is configured to reject mail to unknown recipients. If you cant do that then there are other ways such as using LDAP to regularly pull out a list of valid addresses from exchange, On Mon, 2007-06-25 at 23:24, Jody Cleveland wrote: > Hello, > > I've got a RedHat 5 server with Postfix and MailScanner. This server checks > all incoming mail and then forwards it on to an Exchange server. I'm looking > for a way to verify recipients without touching active directory. Will > either of these work at all? > > smtpd_recipient_restrictions = reject_unauth_destination > smtpd_recipient_restrictions = reject_unverified_recipient > > - jody From Alistair.Carmichael at ntltravel.com Tue Jun 26 09:30:30 2007 From: Alistair.Carmichael at ntltravel.com (Alistair Carmichael) Date: Tue Jun 26 09:30:33 2007 Subject: Mailscanner message delays / load issue Message-ID: <6EEC6D949794754FB8D83A4D87DF7168B368A1@gh-redd-exch-01.redditch.ntltravel.local> Hi, Over the past few months we have noticed a steady increase in the load on our 2 mail scanner servers and in the last few days messages have been substantially delayed between being collected from the inbound mailqueue to the outbound mailqueue. We are running mailscanner version mailscanner-4.53.8-1 on centos running linux kernel 2.6.9-55 and using sendmail 8.13 as the MTA and clamav as the anti-virus software and spamassassin as the anti spam software. We receive approximately 30,000 messages each day which are handled by a cluster of 2 servers via DNS round robin, the load on both machines is steadily at about 5,5,5 with clamscan processes constantly being at the top of the process list in terms of cpu usage. We are also seeing log entries similar to this constantly appearing in the maillog. MailScanner[31171]: Commercial scanner clamav timed out! MailScanner[31171]: Virus Scanning: Denial Of Service attack is in message l5Q7bntD008994 Both servers are high powered machines only running the mailscanner software (xeon 2.8 cpu and 2gb ram in each machine) Is there a reason that the load would be so high as there's not a huge quantity of email going through the servers for what I would expect them to handle, or if there are any configuration tuning that can be done in mailscanner to resolve this (we've fine tuned the time out settings in sendmail to minimise message delays but this hasn't lowered the load or message delivery time) Thanks for any help Al This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070626/62d2b2cd/attachment-0001.html From a.peacock at chime.ucl.ac.uk Tue Jun 26 09:43:19 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Tue Jun 26 09:43:30 2007 Subject: Mailscanner message delays / load issue In-Reply-To: <6EEC6D949794754FB8D83A4D87DF7168B368A1@gh-redd-exch-01.redditch.ntltravel.local> References: <6EEC6D949794754FB8D83A4D87DF7168B368A1@gh-redd-exch-01.redditch.ntltravel.local> Message-ID: <4680D1A7.5090407@chime.ucl.ac.uk> Hi, Alistair Carmichael wrote: > Hi, > > > > Over the past few months we have noticed a steady increase in the load > on our 2 mail scanner servers and in the last few days messages have > been substantially delayed between being collected from the inbound > mailqueue to the outbound mailqueue. We are running mailscanner version > mailscanner-4.53.8-1 on centos running linux kernel 2.6.9-55 and using > sendmail 8.13 as the MTA and clamav as the anti-virus software and > spamassassin as the anti spam software. > > We receive approximately 30,000 messages each day which are handled by a > cluster of 2 servers via DNS round robin, the load on both machines is > steadily at about 5,5,5 with clamscan processes constantly being at the > top of the process list in terms of cpu usage. We are also seeing log > entries similar to this constantly appearing in the maillog. > > MailScanner[31171]: Commercial scanner clamav timed out! > > MailScanner[31171]: Virus Scanning: Denial Of Service attack is in > message l5Q7bntD008994 > > Both servers are high powered machines only running the mailscanner > software (xeon 2.8 cpu and 2gb ram in each machine) > > Is there a reason that the load would be so high as there?s not a huge > quantity of email going through the servers for what I would expect them > to handle, or if there are any configuration tuning that can be done in > mailscanner to resolve this (we?ve fine tuned the time out settings in > sendmail to minimise message delays but this hasn?t lowered the load or > message delivery time) How are you calling ClamAV? The last couple of versions of Clam have slowed things down greatly. I was getting similar problems to yours (as were others, look in the list archives), and changing to use the new clamd support completely fixed the slowdown for me. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "A CAT scan should take less time than a PET scan. For a CAT scan, they're only looking for one thing, whereas a PET scan could result in a lot of things." - Carl Princi, 2002/07/19 From j.ede at birchenallhowden.co.uk Tue Jun 26 09:44:09 2007 From: j.ede at birchenallhowden.co.uk (Jason Ede) Date: Tue Jun 26 09:45:12 2007 Subject: Mailscanner message delays / load issue In-Reply-To: <6EEC6D949794754FB8D83A4D87DF7168B368A1@gh-redd-exch-01.redditch.ntltravel.local> References: <6EEC6D949794754FB8D83A4D87DF7168B368A1@gh-redd-exch-01.redditch.ntltravel.local> Message-ID: Which version of clam are you using? Are you using clamavmodule or clam or clamd in your mailscanner.conf file? Jason ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alistair Carmichael [Alistair.Carmichael@ntltravel.com] Sent: 26 June 2007 09:30 To: mailscanner@lists.mailscanner.info Subject: Mailscanner message delays / load issue Hi, Over the past few months we have noticed a steady increase in the load on our 2 mail scanner servers and in the last few days messages have been substantially delayed between being collected from the inbound mailqueue to the outbound mailqueue. We are running mailscanner version mailscanner-4.53.8-1 on centos running linux kernel 2.6.9-55 and using sendmail 8.13 as the MTA and clamav as the anti-virus software and spamassassin as the anti spam software. We receive approximately 30,000 messages each day which are handled by a cluster of 2 servers via DNS round robin, the load on both machines is steadily at about 5,5,5 with clamscan processes constantly being at the top of the process list in terms of cpu usage. We are also seeing log entries similar to this constantly appearing in the maillog. MailScanner[31171]: Commercial scanner clamav timed out! MailScanner[31171]: Virus Scanning: Denial Of Service attack is in message l5Q7bntD008994 Both servers are high powered machines only running the mailscanner software (xeon 2.8 cpu and 2gb ram in each machine) Is there a reason that the load would be so high as there?s not a huge quantity of email going through the servers for what I would expect them to handle, or if there are any configuration tuning that can be done in mailscanner to resolve this (we?ve fine tuned the time out settings in sendmail to minimise message delays but this hasn?t lowered the load or message delivery time) Thanks for any help Al This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070626/5db7e3d9/attachment.html From martin.lyberg at gmail.com Tue Jun 26 09:58:20 2007 From: martin.lyberg at gmail.com (Martin) Date: Tue Jun 26 09:58:58 2007 Subject: What is causing this error? Message-ID: Hi, Testing centos on a test-machine using MS Version 4.60.8-1 and ClamAV 0.90.3 and SpamAssassin 3.2.1 easy installation package. I'm using the clamavmodule. Noticed the following error after every batch in the maillog: Jun 26 10:52:03 antispam2 MailScanner[9212]: unable to open database file(1) at dbdimp.c line 402 Full log below: Jun 26 10:51:53 antispam2 MailScanner[9212]: New Batch: Scanning 1 messages, 2413 bytes Jun 26 10:51:53 antispam2 MailScanner[9212]: Spam Checks: Starting Jun 26 10:52:01 antispam2 MailScanner[9212]: Spam Checks completed at 299 bytes per second Jun 26 10:52:01 antispam2 MailScanner[9212]: Virus and Content Scanning: Starting Jun 26 10:52:03 antispam2 MailScanner[9212]: Virus Scanning completed at 1325 bytes per second Jun 26 10:52:03 antispam2 MailScanner[9212]: unable to open database file(1) at dbdimp.c line 402 Jun 26 10:52:03 antispam2 MailScanner[9212]: Requeue: 17F07D4CAF8.66A9B to DDABDD4CB6B Jun 26 10:52:03 antispam2 postfix/qmgr[6048]: DDABDD4CB6B: from=, size=2165, nrcpt=1 (queue active) Jun 26 10:52:03 antispam2 MailScanner[9212]: Uninfected: Delivered 1 messages Jun 26 10:52:03 antispam2 MailScanner[9212]: Virus Processing completed at 69187 bytes per second Jun 26 10:52:03 antispam2 MailScanner[9212]: Batch completed at 243 bytes per second (2413 / 9) Jun 26 10:52:03 antispam2 MailScanner[9212]: Batch (1 message) processed in 9.92 seconds Jun 26 10:52:03 antispam2 MailScanner[9212]: Logging message 17F07D4CAF8.66A9B to SQL Jun 26 10:52:03 antispam2 MailScanner[7816]: 17F07D4CAF8.66A9B: Logged to MailWatch SQL Jun 26 10:52:03 antispam2 MailScanner[9212]: "Always Looked Up Last" took 0.01 seconds Jun 26 10:52:03 antispam2 postfix/smtp[13123]: DDABDD4CB6B: to=, relay=xxxxxxxx[xxxxxxxxxx]:25, delay=11, delays=11/0.02/0/0.17, dsn=2.6.0, status=sent (250 2.6.0 Queued mail for delivery) Jun 26 10:52:03 antispam2 postfix/qmgr[6048]: DDABDD4CB6B: removed Any idea? From MailScanner at ecs.soton.ac.uk Tue Jun 26 09:53:55 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 26 09:59:25 2007 Subject: "unknown string noticesizeinfected" In-Reply-To: <1951DC816E1A9F469307B05FA183F4389DC626@corpatsmail1.corp.sensis.com> References: <1951DC816E1A9F469307B05FA183F4389DC626@corpatsmail1.corp.sensis.com> Message-ID: <4680D423.1040002@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If it isn't there, how did you get the error message? :-) The changes to your file won't make a difference. Hmmm... Desai, Jason wrote: > Strangely enough, I don't see the string "noticesizeinfected" anywhere > in the MailScanner code either. I do have a slightly different version > of languages.conf - not sure if it matters or not, but here's the diff > from the distributed version: > > # diff -u MailScanner-4.60.8.dist/etc/reports/en/languages.conf > MailScanner/etc/reports/en/languages.conf > --- MailScanner-4.60.8.dist/etc/reports/en/languages.conf > 2006-10-10 08:56:27.000000000 -0400 > +++ MailScanner/etc/reports/en/languages.conf 2007-06-12 > 10:38:34.000000000 -0400 > @@ -56,8 +56,8 @@ > Report = Report > # Used in virus reports > TooBig = Message is too large > -AttachmentTooLarge = Attachment is too large > -AttachmentTooSmall = Attachment is too small > +AttachmentTooLarge = Attachment is too large (too-large) > +AttachmentTooSmall = Attachment is too small (too-small) > TooManyAttachments = Too many attachments in message > # Used in filename/filetype/content reports > MailScanner = MailScanner > > Jase > > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I have just checked the master source tree, and the word >> noticesizeinfected doesn't appear anywhere. >> Can you do a hunt in /usr/lib/MailScanner/MailScanner/* to >> see where it >> appears please? >> >> Desai, Jason wrote: >> >>> Julian, >>> >>> FYI - In my mail logs, I am getting >>> >>> MailScanner[20142]: Looked up unknown string noticesizeinfected in >>> language translation file >>> >> /opt/MailScanner/etc/reports/en/languages.conf >> >>> This is with the tar.gz install >>> >> (MailScanner-install-4.60.8-1.tar.gz). >> >>> I have checked, and I don't see noticesizeinfected in the >>> >> languages.conf >> >>> file in the distribution. >>> >>> Jase >>> >>> >> Jules >> >> - -- >> Julian Field MEng CITP >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> For all your IT requirements visit www.transtec.co.uk >> >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.6.2 (Build 2014) >> Charset: ISO-8859-1 >> >> wj8DBQFGgDDHEfZZRxQVtlQRAr7dAJsG3b6GBUrMxP21tAUaCB2CSmQBMwCffav2 >> BxiQvV331YI73hfY6MuFLmA= >> =vCyE >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> For all your IT requirements visit www.transtec.co.uk >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFGgNTjEfZZRxQVtlQRAhCpAJ4ryHu1l4IDYg++gsGhhPmYZcG26gCdHnZN kzcGPxxkF4Jtyh+j2Rd52/s= =GndT -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Tue Jun 26 09:57:03 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 26 09:59:28 2007 Subject: update_phishing_sites on solaris 10 In-Reply-To: References: <2579c6b20706250820s400cd621l539a4e83f436ddc4@mail.gmail.com> Message-ID: <4680D4DF.9020102@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070626/76bdb941/PGP.bin From MailScanner at ecs.soton.ac.uk Tue Jun 26 09:59:41 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 26 10:04:26 2007 Subject: Mailscanner message delays / load issue In-Reply-To: <6EEC6D949794754FB8D83A4D87DF7168B368A1@gh-redd-exch-01.redditch.ntltravel.local> References: <6EEC6D949794754FB8D83A4D87DF7168B368A1@gh-redd-exch-01.redditch.ntltravel.local> Message-ID: <4680D57D.1060600@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070626/55eb980b/PGP.bin From martin.lyberg at gmail.com Tue Jun 26 10:04:43 2007 From: martin.lyberg at gmail.com (Martin) Date: Tue Jun 26 10:05:06 2007 Subject: What is causing this error? In-Reply-To: References: Message-ID: Martin wrote: > Hi, > > Testing centos on a test-machine using MS Version 4.60.8-1 and ClamAV > 0.90.3 and SpamAssassin 3.2.1 easy installation package. I'm using the > clamavmodule. > > Noticed the following error after every batch in the maillog: > > Jun 26 10:52:03 antispam2 MailScanner[9212]: unable to open database > file(1) at dbdimp.c line 402 > > Full log below: > > Jun 26 10:51:53 antispam2 MailScanner[9212]: New Batch: Scanning 1 > messages, 2413 bytes > Jun 26 10:51:53 antispam2 MailScanner[9212]: Spam Checks: Starting > Jun 26 10:52:01 antispam2 MailScanner[9212]: Spam Checks completed at > 299 bytes per second > Jun 26 10:52:01 antispam2 MailScanner[9212]: Virus and Content Scanning: > Starting > Jun 26 10:52:03 antispam2 MailScanner[9212]: Virus Scanning completed at > 1325 bytes per second > Jun 26 10:52:03 antispam2 MailScanner[9212]: unable to open database > file(1) at dbdimp.c line 402 > Jun 26 10:52:03 antispam2 MailScanner[9212]: Requeue: 17F07D4CAF8.66A9B > to DDABDD4CB6B > Jun 26 10:52:03 antispam2 postfix/qmgr[6048]: DDABDD4CB6B: > from=, size=2165, nrcpt=1 (queue active) > Jun 26 10:52:03 antispam2 MailScanner[9212]: Uninfected: Delivered 1 > messages > Jun 26 10:52:03 antispam2 MailScanner[9212]: Virus Processing completed > at 69187 bytes per second > Jun 26 10:52:03 antispam2 MailScanner[9212]: Batch completed at 243 > bytes per second (2413 / 9) > Jun 26 10:52:03 antispam2 MailScanner[9212]: Batch (1 message) processed > in 9.92 seconds > Jun 26 10:52:03 antispam2 MailScanner[9212]: Logging message > 17F07D4CAF8.66A9B to SQL > Jun 26 10:52:03 antispam2 MailScanner[7816]: 17F07D4CAF8.66A9B: Logged > to MailWatch SQL > Jun 26 10:52:03 antispam2 MailScanner[9212]: "Always Looked Up Last" > took 0.01 seconds > Jun 26 10:52:03 antispam2 postfix/smtp[13123]: DDABDD4CB6B: > to=, relay=xxxxxxxx[xxxxxxxxxx]:25, delay=11, > delays=11/0.02/0/0.17, dsn=2.6.0, status=sent (250 2.6.0 > Queued mail for delivery) > Jun 26 10:52:03 antispam2 postfix/qmgr[6048]: DDABDD4CB6B: removed > > > Any idea? > Followup: Noticed that the permissions on /var/spool/Mailscanner/incoming was set to clamav:clamav and the quarantine was set to root:apache changed both to postfix:postfix and it was solved. I remember that i changed it to postfix:postfix before, what did this change suddenly? Am i missing anything? From Alistair.Carmichael at ntltravel.com Tue Jun 26 10:52:57 2007 From: Alistair.Carmichael at ntltravel.com (Alistair Carmichael) Date: Tue Jun 26 10:53:00 2007 Subject: Mailscanner message delays / load issue In-Reply-To: <4680D57D.1060600@ecs.soton.ac.uk> References: <6EEC6D949794754FB8D83A4D87DF7168B368A1@gh-redd-exch-01.redditch.ntltravel.local> <4680D57D.1060600@ecs.soton.ac.uk> Message-ID: <6EEC6D949794754FB8D83A4D87DF7168B368B9@gh-redd-exch-01.redditch.ntltravel.local> Hi, Thanks for all the fast responses, a bit of further testing using clamscan at the command line on very small files takes a very long time and we will look at changing either to clamd or the clamavmodule. Is it possible to use the clamavmodule without installing new packages other than the vendors distributions / new versions the reason I ask is that we manage all software packages centrally with a strict policy on what's installed. I guess that I would need to modify the virus.scanners.conf and create a wrapper as the path for clamavmodule is currently /bin/conf whilst all others are paths to the av wrapper file or does the clamavmodule when defined in the main config get called in a different way. Thanks again Al ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 26 June 2007 10:00 To: MailScanner discussion Subject: Re: Mailscanner message delays / load issue My best advice would be to upgrade to 4.61.3 and use the direct clamd support. If you don't want to upgrade then use clamavmodule. Download my clam+SA package and install it, just tell it not to install ClamAV when it asks you. This will install the support for clamavmodule. The current version of Clam is *very* slow at starting up, while it loads the virus database. Alistair Carmichael wrote: Hi, Over the past few months we have noticed a steady increase in the load on our 2 mail scanner servers and in the last few days messages have been substantially delayed between being collected from the inbound mailqueue to the outbound mailqueue. We are running mailscanner version mailscanner-4.53.8-1 on centos running linux kernel 2.6.9-55 and using sendmail 8.13 as the MTA and clamav as the anti-virus software and spamassassin as the anti spam software. We receive approximately 30,000 messages each day which are handled by a cluster of 2 servers via DNS round robin, the load on both machines is steadily at about 5,5,5 with clamscan processes constantly being at the top of the process list in terms of cpu usage. We are also seeing log entries similar to this constantly appearing in the maillog. MailScanner[31171]: Commercial scanner clamav timed out! MailScanner[31171]: Virus Scanning: Denial Of Service attack is in message l5Q7bntD008994 Both servers are high powered machines only running the mailscanner software (xeon 2.8 cpu and 2gb ram in each machine) Is there a reason that the load would be so high as there's not a huge quantity of email going through the servers for what I would expect them to handle, or if there are any configuration tuning that can be done in mailscanner to resolve this (we've fine tuned the time out settings in sendmail to minimise message delays but this hasn't lowered the load or message delivery time) Thanks for any help Al This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070626/5dc61ba5/attachment.html From glenn.steen at gmail.com Tue Jun 26 10:59:22 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 26 10:59:23 2007 Subject: What is causing this error? In-Reply-To: References: Message-ID: <223f97700706260259s184043dfm994ab59ae14fe2d8@mail.gmail.com> On 26/06/07, Martin wrote: > Martin wrote: > > Hi, > > > > Testing centos on a test-machine using MS Version 4.60.8-1 and ClamAV > > 0.90.3 and SpamAssassin 3.2.1 easy installation package. I'm using the > > clamavmodule. > > > > Noticed the following error after every batch in the maillog: > > > > Jun 26 10:52:03 antispam2 MailScanner[9212]: unable to open database > > file(1) at dbdimp.c line 402 > > > > Full log below: > > > > Jun 26 10:51:53 antispam2 MailScanner[9212]: New Batch: Scanning 1 > > messages, 2413 bytes > > Jun 26 10:51:53 antispam2 MailScanner[9212]: Spam Checks: Starting > > Jun 26 10:52:01 antispam2 MailScanner[9212]: Spam Checks completed at > > 299 bytes per second > > Jun 26 10:52:01 antispam2 MailScanner[9212]: Virus and Content Scanning: > > Starting > > Jun 26 10:52:03 antispam2 MailScanner[9212]: Virus Scanning completed at > > 1325 bytes per second > > Jun 26 10:52:03 antispam2 MailScanner[9212]: unable to open database > > file(1) at dbdimp.c line 402 > > Jun 26 10:52:03 antispam2 MailScanner[9212]: Requeue: 17F07D4CAF8.66A9B > > to DDABDD4CB6B > > Jun 26 10:52:03 antispam2 postfix/qmgr[6048]: DDABDD4CB6B: > > from=, size=2165, nrcpt=1 (queue active) > > Jun 26 10:52:03 antispam2 MailScanner[9212]: Uninfected: Delivered 1 > > messages > > Jun 26 10:52:03 antispam2 MailScanner[9212]: Virus Processing completed > > at 69187 bytes per second > > Jun 26 10:52:03 antispam2 MailScanner[9212]: Batch completed at 243 > > bytes per second (2413 / 9) > > Jun 26 10:52:03 antispam2 MailScanner[9212]: Batch (1 message) processed > > in 9.92 seconds > > Jun 26 10:52:03 antispam2 MailScanner[9212]: Logging message > > 17F07D4CAF8.66A9B to SQL > > Jun 26 10:52:03 antispam2 MailScanner[7816]: 17F07D4CAF8.66A9B: Logged > > to MailWatch SQL > > Jun 26 10:52:03 antispam2 MailScanner[9212]: "Always Looked Up Last" > > took 0.01 seconds > > Jun 26 10:52:03 antispam2 postfix/smtp[13123]: DDABDD4CB6B: > > to=, relay=xxxxxxxx[xxxxxxxxxx]:25, delay=11, > > delays=11/0.02/0/0.17, dsn=2.6.0, status=sent (250 2.6.0 > > Queued mail for delivery) > > Jun 26 10:52:03 antispam2 postfix/qmgr[6048]: DDABDD4CB6B: removed > > > > > > Any idea? > > > > Followup: > > Noticed that the permissions on /var/spool/Mailscanner/incoming was set > to clamav:clamav and the quarantine was set to root:apache > > changed both to postfix:postfix and it was solved. > > I remember that i changed it to postfix:postfix before, what did this > change suddenly? Am i missing anything? > Did you perhaps try out the clamd direct support? That would need the "clamd user or group" (typically clamav for both) be able to read at least incoming. For the quarantine, provided you run MailWatch, you'd need postfix:apache (and correct permissions allowing the apache user (whatever that may be:) in MailScanner.conf) be able to read/write the quarantine. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From prandal at herefordshire.gov.uk Tue Jun 26 11:03:11 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jun 26 11:03:48 2007 Subject: Mailscanner message delays / load issue In-Reply-To: <6EEC6D949794754FB8D83A4D87DF7168B368B9@gh-redd-exch-01.redditch.ntltravel.local> References: <6EEC6D949794754FB8D83A4D87DF7168B368A1@gh-redd-exch-01.redditch.ntltravel.local><4680D57D.1060600@ecs.soton.ac.uk> <6EEC6D949794754FB8D83A4D87DF7168B368B9@gh-redd-exch-01.redditch.ntltravel.local> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAF79968@HC-MBX02.herefordshire.gov.uk> Another alternative is to try out ClamAV 0.91RC2. It's lightning-fast on startup. Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alistair Carmichael Sent: 26 June 2007 10:53 To: MailScanner discussion Subject: RE: Mailscanner message delays / load issue Hi, Thanks for all the fast responses, a bit of further testing using clamscan at the command line on very small files takes a very long time and we will look at changing either to clamd or the clamavmodule. Is it possible to use the clamavmodule without installing new packages other than the vendors distributions / new versions the reason I ask is that we manage all software packages centrally with a strict policy on what's installed. I guess that I would need to modify the virus.scanners.conf and create a wrapper as the path for clamavmodule is currently /bin/conf whilst all others are paths to the av wrapper file or does the clamavmodule when defined in the main config get called in a different way. Thanks again Al ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 26 June 2007 10:00 To: MailScanner discussion Subject: Re: Mailscanner message delays / load issue My best advice would be to upgrade to 4.61.3 and use the direct clamd support. If you don't want to upgrade then use clamavmodule. Download my clam+SA package and install it, just tell it not to install ClamAV when it asks you. This will install the support for clamavmodule. The current version of Clam is *very* slow at starting up, while it loads the virus database. Alistair Carmichael wrote: Hi, Over the past few months we have noticed a steady increase in the load on our 2 mail scanner servers and in the last few days messages have been substantially delayed between being collected from the inbound mailqueue to the outbound mailqueue. We are running mailscanner version mailscanner-4.53.8-1 on centos running linux kernel 2.6.9-55 and using sendmail 8.13 as the MTA and clamav as the anti-virus software and spamassassin as the anti spam software. We receive approximately 30,000 messages each day which are handled by a cluster of 2 servers via DNS round robin, the load on both machines is steadily at about 5,5,5 with clamscan processes constantly being at the top of the process list in terms of cpu usage. We are also seeing log entries similar to this constantly appearing in the maillog. MailScanner[31171]: Commercial scanner clamav timed out! MailScanner[31171]: Virus Scanning: Denial Of Service attack is in message l5Q7bntD008994 Both servers are high powered machines only running the mailscanner software (xeon 2.8 cpu and 2gb ram in each machine) Is there a reason that the load would be so high as there's not a huge quantity of email going through the servers for what I would expect them to handle, or if there are any configuration tuning that can be done in mailscanner to resolve this (we've fine tuned the time out settings in sendmail to minimise message delays but this hasn't lowered the load or message delivery time) Thanks for any help Al This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070626/b729ae30/attachment.html From a.peacock at chime.ucl.ac.uk Tue Jun 26 11:05:34 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Tue Jun 26 11:05:39 2007 Subject: Mailscanner message delays / load issue In-Reply-To: <6EEC6D949794754FB8D83A4D87DF7168B368B9@gh-redd-exch-01.redditch.ntltravel.local> References: <6EEC6D949794754FB8D83A4D87DF7168B368A1@gh-redd-exch-01.redditch.ntltravel.local> <4680D57D.1060600@ecs.soton.ac.uk> <6EEC6D949794754FB8D83A4D87DF7168B368B9@gh-redd-exch-01.redditch.ntltravel.local> Message-ID: <4680E4EE.7020901@chime.ucl.ac.uk> Hi, Alistair Carmichael wrote: > Hi, > > Thanks for all the fast responses, a bit of further testing using > clamscan at the command line on very small files takes a very long time > and we will look at changing either to clamd or the clamavmodule. Is it > possible to use the clamavmodule without installing new packages other > than the vendors distributions / new versions the reason I ask is that > we manage all software packages centrally with a strict policy on what?s > installed. I guess that I would need to modify the virus.scanners.conf > and create a wrapper as the path for clamavmodule is currently /bin/conf > whilst all others are paths to the av wrapper file or does the > clamavmodule when defined in the main config get called in a different way. Personally I wouldn't use clamavmodule, I would go for the clamd option provided in the latest version of MailScanner. Should work fine with your package management policys. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "A CAT scan should take less time than a PET scan. For a CAT scan, they're only looking for one thing, whereas a PET scan could result in a lot of things." - Carl Princi, 2002/07/19 From prandal at herefordshire.gov.uk Tue Jun 26 11:19:08 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jun 26 11:19:34 2007 Subject: Mailscanner message delays / load issue In-Reply-To: <4680E4EE.7020901@chime.ucl.ac.uk> References: <6EEC6D949794754FB8D83A4D87DF7168B368A1@gh-redd-exch-01.redditch.ntltravel.local> <4680D57D.1060600@ecs.soton.ac.uk><6EEC6D949794754FB8D83A4D87DF7168B368B9@gh-redd-exch-01.redditch.ntltravel.local> <4680E4EE.7020901@chime.ucl.ac.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAF79972@HC-MBX02.herefordshire.gov.uk> One huge advantage of ClamAVModule: no daemons to monitor and restart. There was a time when the ClamAV users' mailing list was full of reports of clamd dying. And the speed problem is cured in 0.91rc2, which I'm happily running on a production box. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Anthony Peacock > Sent: 26 June 2007 11:06 > To: MailScanner discussion > Subject: Re: Mailscanner message delays / load issue > > Hi, > > > Alistair Carmichael wrote: > > Hi, > > > > Thanks for all the fast responses, a bit of further testing using > > clamscan at the command line on very small files takes a > very long time > > and we will look at changing either to clamd or the > clamavmodule. Is it > > possible to use the clamavmodule without installing new > packages other > > than the vendors distributions / new versions the reason I > ask is that > > we manage all software packages centrally with a strict > policy on what's > > installed. I guess that I would need to modify the > virus.scanners.conf > > and create a wrapper as the path for clamavmodule is > currently /bin/conf > > whilst all others are paths to the av wrapper file or does the > > clamavmodule when defined in the main config get called in > a different way. > > Personally I wouldn't use clamavmodule, I would go for the > clamd option > provided in the latest version of MailScanner. Should work fine with > your package management policys. > > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "A CAT scan should take less time than a PET scan. For a CAT scan, > they're only looking for one thing, whereas a PET scan > could result in > a lot of things." - Carl Princi, 2002/07/19 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From martin.lyberg at gmail.com Tue Jun 26 11:17:36 2007 From: martin.lyberg at gmail.com (Martin) Date: Tue Jun 26 11:47:41 2007 Subject: What is causing this error? In-Reply-To: <223f97700706260259s184043dfm994ab59ae14fe2d8@mail.gmail.com> References: <223f97700706260259s184043dfm994ab59ae14fe2d8@mail.gmail.com> Message-ID: Glenn Steen wrote: > Did you perhaps try out the clamd direct support? That would need the > "clamd user or group" (typically clamav for both) be able to read at > least incoming. For the quarantine, provided you run MailWatch, you'd > need postfix:apache (and correct permissions allowing the apache user > (whatever that may be:) in MailScanner.conf) be able to read/write the > quarantine. Glenn, thanks once again. That is true, i tried clamd direct support and forgot that i changed Incoming Work User and Group to clamav. Removed now, and i will keep an eye on those permissions. :) Tack! :) From list-mailscanner at linguaphone.com Tue Jun 26 12:27:20 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue Jun 26 12:27:27 2007 Subject: OT: pdf spam In-Reply-To: <1182350139.12630.4.camel@gblades-suse.linguaphone-intranet.co.uk> References: <1182350139.12630.4.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <1182857240.26892.13.camel@gblades-suse.linguaphone-intranet.co.uk> On Wed, 2007-06-20 at 15:35, Gareth wrote: > On Wed, 2007-06-20 at 14:49, Sattler, Tim wrote: > > Hello, > > > > today we received a lot of penny stock spam with just dummy text and a > > pdf attachment "_report.pdf". All "spammy" key words are > > inside the pdf document, so these mails are not marked as spam in the > > majority of cases. If this becomes fashion, I guess it will require new > > techniques like regex filtering inside attachments or hash databases for > > "spammy" documents. > > I was just about to post about these myself. I have attached an example. > > I have found if I use 'less' to view the document it renders it to plain > text and is very readable. So would it be possible to convert a pdf to > plain text and append it to the email message for the purposes of the > spamassassin checks? > > Alternativly perhaps this is a job for MCP? > > Another possibility would be for the author of fuzzyocr to recognise > .pdf files and render them so they can be scanned for keywords. I can > think of a few keyword and load issues this could cause though. Here is another example of pdf spam. This time they have converted their normal gif/jpg spam image to a pdf file and sent it. I have also posted this example to the fuzzyocr mailing list. -------------- next part -------------- A non-text attachment was scrubbed... Name: invoice.pdf Type: application/pdf Size: 14258 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070626/63e3624b/invoice.pdf From dc at ftb-net.de Tue Jun 26 12:42:54 2007 From: dc at ftb-net.de (Dirk Clemens) Date: Tue Jun 26 12:42:59 2007 Subject: problem with the f-secure wrapper Message-ID: <4680FBBE.4050207@ftb-net.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I have a problem with the f-secure wrapper: System: Open Suse 10.2 MailScanner: MailScanner-4.59.4-2.suse F-Secure: F-Secure Linux Server Security version 5.52 build 6200 It seems that the f-secure wrapper does not work. Diagnostic: 1.) when sending the eicar.com test-virus it will not be marked as virus. When calling f-secure directly it does. 2.) When calling the rapper directly I get the following message: ===== # /usr/lib/MailScanner/f-secure-wrapper /opt/f-secure/fsav /tmp/test /usr/lib/MailScanner/f-secure-wrapper: line 86: /opt/f-secure/fsav/fsav: No such file or directory /usr/lib/MailScanner/f-secure-wrapper: line 86: exec: /opt/f-secure/fsav/fsav: cannot execute: No such file or directory ===== It seems that the wrappe doesn't find the fsav programm. 3.) When I insert the line line into the wrapper ... ===== Root=$1 shift # the new test line: exec $Root/bin/fsav "$@" ===== the direct calling of the wrapper and the scanning works. B but I get an error message in the mail-log: ===== Jun 26 12:49:30 dmz4 MailScanner[28059]: Either you've found a bug in MailScanner's F-Secure output parser, or F-Secure's output format has changed! Please mail the author of MailScanner! ===== Any ideas? - -- Dirk Clemens dc@ftb-volmarstein.de http://ftb-net.de FTB - Forschungsinstitut Technologie-Behindertenhilfe Grundsch?tteler Strasse 40, 58300 Wetter Telefon: 02335/9681-53 Telefax: 02335/9681-19 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iD8DBQFGgPu+lKzI4/keoa0RAo/iAJ4h1c+rH8MNim7mpXzY3+huK5bg2wCeMyHh Sxx5CB52D7/Z8fQqdXxg8RQ= =Hiyw -----END PGP SIGNATURE----- From drew at technologytiger.net Tue Jun 26 12:43:42 2007 From: drew at technologytiger.net (Drew Marshall) Date: Tue Jun 26 12:43:47 2007 Subject: Error with virus scanning In-Reply-To: <028727f37bbfbb4ba5f4c9ddcfb6c03b@solidstatelogic.com> References: <028727f37bbfbb4ba5f4c9ddcfb6c03b@solidstatelogic.com> Message-ID: <36543.194.70.180.170.1182858222.squirrel@www.technologytiger.net> On Mon, June 25, 2007 13:36, Martin.Hepworth wrote: > I'd check the outgoing queue is OK. > > Stop MailScanner then run "MailScanner -debug" and it'll give you more > clues. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Glenn Steen >> Sent: 25 June 2007 13:27 >> To: MailScanner discussion >> Subject: Re: Error with virus scanning >> >> On 25/06/07, Sam Bailey wrote: >> > Hi Everyone, >> > >> > Installed MailScanner for the first time via Mandriva rpm, and got > most >> > things working except for this message in my logs: >> > >> > MailScanner[9019]: Virus and Content Scanning: Starting >> > MailScanner[9019]: ERROR: Unable to open file or directory >> > MailScanner[9019]: Requeue: XXXXXXXXXXXX.XXXXX to XXXXXXXXXXXX >> > >> > I'm using MailScanner 4.55.9 with SpamAssassin module and ClamAV > 0.90 >> under Mandriva Linux 2007.1 Spring. >> > >> > I thought that maybe the permissions weren't right somewhere but I > was >> unable to work out what I needed to change. I would have said you are running Clamd as one of your AV engines. Check the ClamAV unpack directories have the right permissions as described in MailScanner.conf Don't forget that MailScanner will be running as postfix:postfix and will need to have group access to the clam directories. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by the Technology Tiger MailScanner. Further information can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From martinh at solidstatelogic.com Tue Jun 26 13:13:17 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jun 26 13:13:31 2007 Subject: OT: pdf spam In-Reply-To: <1182857240.26892.13.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: Seeing a few myself, BUT some are double filename extended so MS blocks them. I was just discussing the next stage being PDF-ed gif's earlier this morning with my colleague. So I therefore conclude he's a spammer and will deal with him appropriately ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Gareth > Sent: 26 June 2007 12:27 > To: MailScanner discussion > Subject: Re: OT: pdf spam > > On Wed, 2007-06-20 at 15:35, Gareth wrote: > > On Wed, 2007-06-20 at 14:49, Sattler, Tim wrote: > > > Hello, > > > > > > today we received a lot of penny stock spam with just dummy text and a > > > pdf attachment "_report.pdf". All "spammy" key words are > > > inside the pdf document, so these mails are not marked as spam in the > > > majority of cases. If this becomes fashion, I guess it will require > new > > > techniques like regex filtering inside attachments or hash databases > for > > > "spammy" documents. > > > > I was just about to post about these myself. I have attached an example. > > > > I have found if I use 'less' to view the document it renders it to plain > > text and is very readable. So would it be possible to convert a pdf to > > plain text and append it to the email message for the purposes of the > > spamassassin checks? > > > > Alternativly perhaps this is a job for MCP? > > > > Another possibility would be for the author of fuzzyocr to recognise > > .pdf files and render them so they can be scanned for keywords. I can > > think of a few keyword and load issues this could cause though. > > Here is another example of pdf spam. This time they have converted their > normal gif/jpg spam image to a pdf file and sent it. > > I have also posted this example to the fuzzyocr mailing list. ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From j.ede at birchenallhowden.co.uk Tue Jun 26 13:38:58 2007 From: j.ede at birchenallhowden.co.uk (Jason Ede) Date: Tue Jun 26 13:39:48 2007 Subject: OT: pdf spam In-Reply-To: References: <1182857240.26892.13.camel@gblades-suse.linguaphone-intranet.co.uk>, Message-ID: You have the prerequisite 'Big stick' V2.0 for this task then? ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth [martinh@solidstatelogic.com] Sent: 26 June 2007 13:13 To: MailScanner discussion Subject: RE: OT: pdf spam Seeing a few myself, BUT some are double filename extended so MS blocks them. I was just discussing the next stage being PDF-ed gif's earlier this morning with my colleague. So I therefore conclude he's a spammer and will deal with him appropriately ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Gareth > Sent: 26 June 2007 12:27 > To: MailScanner discussion > Subject: Re: OT: pdf spam > > On Wed, 2007-06-20 at 15:35, Gareth wrote: > > On Wed, 2007-06-20 at 14:49, Sattler, Tim wrote: > > > Hello, > > > > > > today we received a lot of penny stock spam with just dummy text and a > > > pdf attachment "_report.pdf". All "spammy" key words are > > > inside the pdf document, so these mails are not marked as spam in the > > > majority of cases. If this becomes fashion, I guess it will require > new > > > techniques like regex filtering inside attachments or hash databases > for > > > "spammy" documents. > > > > I was just about to post about these myself. I have attached an example. > > > > I have found if I use 'less' to view the document it renders it to plain > > text and is very readable. So would it be possible to convert a pdf to > > plain text and append it to the email message for the purposes of the > > spamassassin checks? > > > > Alternativly perhaps this is a job for MCP? > > > > Another possibility would be for the author of fuzzyocr to recognise > > .pdf files and render them so they can be scanned for keywords. I can > > think of a few keyword and load issues this could cause though. > > Here is another example of pdf spam. This time they have converted their > normal gif/jpg spam image to a pdf file and sent it. > > I have also posted this example to the fuzzyocr mailing list. ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From stinkybob at gmail.com Tue Jun 26 13:43:17 2007 From: stinkybob at gmail.com (Eugene MacDougal) Date: Tue Jun 26 13:43:20 2007 Subject: update_phishing_sites on solaris 10 Message-ID: <2579c6b20706260543x692efc53gb5a2b26d4ef8f909@mail.gmail.com> Thanks Julian. And for the record, "/usr/sfw" is where SUN puts software that they obtained from Sunfreeware.com and repackaged. Software obtained at sunfreeware.comby yourself does go into "/usr/local". the "sfw" stands for "Sun FreeWare" -Eugene -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto: mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Tuesday, June 26, 2007 3:57 AM To: MailScanner discussion Subject: Re: update_phishing_sites on solaris 10 I have added /usr/sfw/bin to the $PATH in that program. Solaris 10 has changed a lot of things! Ren? Berber wrote: Eugene MacDougal wrote: I'm running MS 4.60.8 on Solaris 10 and had the following problem with update_phishing_sites: # ./update_phishing_sites ./update_phishing_sites: wget: not found ./update_phishing_sites: curl: not found Cannot find wget or curl to do phishing sites update. I knew that I had wget installed so I checked the PATH in the update script. Solaris 9 and 10 have a "/usr/sfw/bin" where it puts software that was obtained through sunfreeware.com < http://sunfreeware.com> (mostly gnu type stuff). Not true, /usr/sfw/bin is the standard Sun location for open source software included with Solaris. Anything you get from sunfreeware is installed under /usr/local. You only need to modify the PATH if you are using the programs installed by Solaris, usually old versions (very old in the case of Solaris 9). If you had newer ones from sunfreeware you wouldn't need to change the PATH. [snip] Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070626/009634cd/attachment.html From jase at sensis.com Tue Jun 26 14:07:41 2007 From: jase at sensis.com (Desai, Jason) Date: Tue Jun 26 14:08:31 2007 Subject: "unknown string noticesizeinfected" In-Reply-To: <1951DC816E1A9F469307B05FA183F4389DC626@corpatsmail1.corp.sensis.com> Message-ID: <1951DC816E1A9F469307B05FA183F4389DC62D@corpatsmail1.corp.sensis.com> Julian, Doing some more digging - I think I found where this is being set: in MessageBatch.pm around line 930: $reasons .= MailScanner::Config::LanguageValue($message, "notice" . $thisreason); And $thisreason can get set to "sizeinfected" around line 926: $reasons{sizeinfected} = 1 if $message->{sizeinfected}; I think this happens when the postmaster gets notified of an email with an attachment which is too small or too large. Does this help? If not, no big deal - I can just ignore the warning or manually put something like: NoticeSizeInfected = Attachment too small or too large detected in my languages.conf file. Thanks! Jase > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Desai, Jason > Sent: Monday, June 25, 2007 6:04 PM > To: MailScanner discussion > Subject: RE: "unknown string noticesizeinfected" > > Strangely enough, I don't see the string "noticesizeinfected" anywhere > in the MailScanner code either. I do have a slightly > different version > of languages.conf - not sure if it matters or not, but here's the diff > from the distributed version: [snip] From dc at ftb-net.de Tue Jun 26 15:10:46 2007 From: dc at ftb-net.de (Dirk Clemens) Date: Tue Jun 26 15:10:54 2007 Subject: problem with the f-secure wrapper (resolved [quick+dirty]) In-Reply-To: <4680FBBE.4050207@ftb-net.de> References: <4680FBBE.4050207@ftb-net.de> Message-ID: <46811E66.7070308@ftb-net.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have resolved the problem: The new f-secure scanner prints the following header: ========== # fsav --dumb --archive --action1=none /tmp/test F-Secure Security Platform version 1.10 build 6192 Copyright (c) 1999-2007 F-Secure Corporation. All Rights Reserved. .... ========= MailScanner thinks, f-secure has the version 1.10 and uses the old style report. my quick and dirty workaround: the following patch: =================================================================== - --- SweepViruses.pm (revision 585) +++ SweepViruses.pm (working copy) @@ -207,7 +207,7 @@ Lock => 'FSecureBusy.lock', CommonOptions => '--dumb --archive', DisinfectOptions => '--auto --disinf', - - ScanOptions => '', + ScanOptions => '--action1=none', InitParser => \&InitFSecureParser, ProcessOutput => \&ProcessFSecureOutput, SupportScanning => $S_SUPPORTED, @@ -1900,7 +1900,8 @@ MailScanner::Log::InfoLog($logout); # If we are running the new version then there's a totally new parser here - - if ($fsecure_Version >= 4.50) { + #if ($fsecure_Version >= 4.50) { + if (1) { #./g4UFLJR23090/Keld Jrn Simonsen: Infected: EICAR_Test_File [F-Prot] #./g4UFLJR23090/Keld Jrn Simonsen: Infected: EICAR-Test-File [AVP] I need also the changes I have described in the mail before: > 3.) > When I insert the line line into the wrapper ... > > ===== > Root=$1 > shift > # the new test line: > exec $Root/bin/fsav "$@" > ===== > Dirk - -- Dirk Clemens dc@ftb-volmarstein.de http://ftb-net.de FTB - Forschungsinstitut Technologie-Behindertenhilfe Grundsch?tteler Strasse 40, 58300 Wetter Telefon: 02335/9681-53 Telefax: 02335/9681-19 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iD8DBQFGgR5QlKzI4/keoa0RAma9AJ0d4msjh/7aHq+2R22sgtEpxn8+/wCeIqWy K2gv7fybjWwyXpOFtNpWWOg= =hnJN -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Tue Jun 26 15:32:26 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 26 15:38:25 2007 Subject: problem with the f-secure wrapper (resolved [quick+dirty]) In-Reply-To: <46811E66.7070308@ftb-net.de> References: <4680FBBE.4050207@ftb-net.de> <46811E66.7070308@ftb-net.de> Message-ID: <4681237A.7080406@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070626/ed4c34c7/PGP.bin From MailScanner at ecs.soton.ac.uk Tue Jun 26 15:40:27 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 26 15:42:29 2007 Subject: "unknown string noticesizeinfected" In-Reply-To: <1951DC816E1A9F469307B05FA183F4389DC62D@corpatsmail1.corp.sensis.com> References: <1951DC816E1A9F469307B05FA183F4389DC62D@corpatsmail1.corp.sensis.com> Message-ID: <4681255B.7070601@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070626/3c3a4846/PGP.bin From martinh at solidstatelogic.com Tue Jun 26 15:48:25 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jun 26 16:00:02 2007 Subject: OT: pdf spam In-Reply-To: <1182857240.26892.13.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <88d633300a095141b6b1ff9e4c6f5692@solidstatelogic.com> Just had another one come in and DCC flagged that.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Gareth > Sent: 26 June 2007 12:27 > To: MailScanner discussion > Subject: Re: OT: pdf spam > > On Wed, 2007-06-20 at 15:35, Gareth wrote: > > On Wed, 2007-06-20 at 14:49, Sattler, Tim wrote: > > > Hello, > > > > > > today we received a lot of penny stock spam with just dummy text and a > > > pdf attachment "_report.pdf". All "spammy" key words are > > > inside the pdf document, so these mails are not marked as spam in the > > > majority of cases. If this becomes fashion, I guess it will require > new > > > techniques like regex filtering inside attachments or hash databases > for > > > "spammy" documents. > > > > I was just about to post about these myself. I have attached an example. > > > > I have found if I use 'less' to view the document it renders it to plain > > text and is very readable. So would it be possible to convert a pdf to > > plain text and append it to the email message for the purposes of the > > spamassassin checks? > > > > Alternativly perhaps this is a job for MCP? > > > > Another possibility would be for the author of fuzzyocr to recognise > > .pdf files and render them so they can be scanned for keywords. I can > > think of a few keyword and load issues this could cause though. > > Here is another example of pdf spam. This time they have converted their > normal gif/jpg spam image to a pdf file and sent it. > > I have also posted this example to the fuzzyocr mailing list. ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Tue Jun 26 16:07:14 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 26 16:11:14 2007 Subject: milters with postfix and news update In-Reply-To: <223f97700706220941s32f08029o62f63ef508129f6@mail.gmail.com> References: <20070622112921.DADFF1224A2@mx-b.vdnet.lt> <223f97700706220521i55e82a18v9c6d8e8fa5dad0dd@mail.gmail.com> <223f97700706220538y68264b9dw840d46317d92e5f9@mail.gmail.com> <223f97700706220941s32f08029o62f63ef508129f6@mail.gmail.com> Message-ID: <46812BA2.7050202@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn, Any updates on when you might be able to get this little bug fixed for me please? I would like to put out a new version at the start of July if possible, as there are some new features which you may find interesting (thanks to Matt Hampton!), plus of course the bug-fixes to the auto-zip functionality. The new feature is a system of watermarking outgoing messages in the Message-ID header. The contents of this header should be replicated in any incoming replies to the message. So if you get a matching watermark in the incoming reply, you can skip the spam checks as you know it's a reply to one of your own messages. The advantage of this is that you cannot accidentally lose replies to the spam checks. If you don't get a reply to a message, you can be sure it's because they didn't send one! (or else because their rubbish non-MailScanner-based system decided to throw away your original message, of course :-) My thanks go out to Matt Hampton for all his excellent work designing and implementing this new feature. The only thing I did was change the name from an acronym (something to do with EMEWs!) to "watermarking" to make it simpler to understand, bearing in mind that many of my users don't speak English as their first language and so need words they can easily look up and comprehend :-) I've just got to write the documentation for it, and get you guys to test it. P.S. I went to see my consultant yesterday. Basically my body is repairing my missing portal vein (the one that carries mucky blood into your liver for cleaning) by actually growing a new one. Cool or what! And he wants me to talk to the liver transplant team from Cambridge about the possibility of getting me a pre-loved one that works rather better than mine does. Cheers all, Jules. Glenn Steen wrote: > On 22/06/07, Glenn Steen wrote: >> Get me a sample. . . T9 playing tricks on me:) >> >> On 22/06/07, Glenn Steen wrote: >> > Could you get of a sample queue file? Both before and after? >> > >> > On 22/06/07, Nerijus Baliunas wrote: >> > > Hello, >> > > >> > > I updated to postfix 2.4.3 and mailscanner 4.61.3 and the old >> problem >> > > with corrupted headers is back again. But the " 0" is added not >> after >> > > the last header as before, but in the middle of the headers: >> > > >> > > From: Nerijus Baliunas >> > > Subject: 2 >> > > 0 >> > > To: postmaster@example.lt >> > > >> > > Any ideas? Should I provide email samples and queue files again? >> > > >> > > Regards, >> > > Nerijus > > Well, thanks to Nerijus, who sent a comprehensive set of queue files > and the corresponding (mangled) results, I now see that something (in > MailScanner) has botched the w (deleted) record in the problem case > ... > When I find them in the body, I simply ignore them, but in the header > section(s) I fall back on Jules sane thing of simply copying them over > as is ... This seems to be less than working though, so I'll either do > a patch (next week) to simply skip them in the header(s) too, or try > make sure they don't get mangled (if I can find out why). > The first method is quite sane, since we really don't need them... And > it just might be that we should (contraintuitively) do the > "reintroduction of an empty p record" I talked about a while back, if > postfix itself relies on the occurrence of p records to correctly > handle w records (I haven't checked the PF code for this... Just might > be something like that happening... Sigh). > When I do something about this, I'll do the fix for Fred Stein too, to > only do the body spin-through in ReadQf for queue files containing p > records... Thinking like Linus.... "Don't sacrifice the common case > performance for the odd case":-). > > Since I'm off celebrating a traditional midsummer's eve (with all that > entails (see how restrained I am, Hugo:-)) I wouldn't trust any code > leaving my fingers ... So it'll have to be sometime Monday or Tuesday > ... at the earliest:-) > > BTW Jules, when you feel a bit better you really should come sample > the pickled herring ... and ... assorted attributes...:-). Would be a > shame if the world tour was on hold indefinitely;-) > > Cheers Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFGgSvcEfZZRxQVtlQRAqiNAJ9U7FCy4KR6EvEO2PocHQQp1SgauACcCD0y a16Y141rp9Zw+Qd5SyIkT1w= =eqHM -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From glenn.steen at gmail.com Tue Jun 26 17:02:52 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 26 17:02:53 2007 Subject: milters with postfix In-Reply-To: <223f97700706220941s32f08029o62f63ef508129f6@mail.gmail.com> References: <20070622112921.DADFF1224A2@mx-b.vdnet.lt> <223f97700706220521i55e82a18v9c6d8e8fa5dad0dd@mail.gmail.com> <223f97700706220538y68264b9dw840d46317d92e5f9@mail.gmail.com> <223f97700706220941s32f08029o62f63ef508129f6@mail.gmail.com> Message-ID: <223f97700706260902h1c1ee9bcyc434b50a37d816a6@mail.gmail.com> On 22/06/07, Glenn Steen wrote: > On 22/06/07, Glenn Steen wrote: > > Get me a sample. . . T9 playing tricks on me:) > > > > On 22/06/07, Glenn Steen wrote: > > > Could you get of a sample queue file? Both before and after? > > > > > > On 22/06/07, Nerijus Baliunas wrote: > > > > Hello, > > > > > > > > I updated to postfix 2.4.3 and mailscanner 4.61.3 and the old problem > > > > with corrupted headers is back again. But the " 0" is added not after > > > > the last header as before, but in the middle of the headers: > > > > > > > > From: Nerijus Baliunas > > > > Subject: 2 > > > > 0 > > > > To: postmaster@example.lt > > > > > > > > Any ideas? Should I provide email samples and queue files again? > > > > > > > > Regards, > > > > Nerijus > > Well, thanks to Nerijus, who sent a comprehensive set of queue files > and the corresponding (mangled) results, I now see that something (in > MailScanner) has botched the w (deleted) record in the problem case > ... > When I find them in the body, I simply ignore them, but in the header > section(s) I fall back on Jules sane thing of simply copying them over > as is ... This seems to be less than working though, so I'll either do > a patch (next week) to simply skip them in the header(s) too, or try > make sure they don't get mangled (if I can find out why). > The first method is quite sane, since we really don't need them... And > it just might be that we should (contraintuitively) do the > "reintroduction of an empty p record" I talked about a while back, if > postfix itself relies on the occurrence of p records to correctly > handle w records (I haven't checked the PF code for this... Just might > be something like that happening... Sigh). > When I do something about this, I'll do the fix for Fred Stein too, to > only do the body spin-through in ReadQf for queue files containing p > records... Thinking like Linus.... "Don't sacrifice the common case > performance for the odd case":-). > > Since I'm off celebrating a traditional midsummer's eve (with all that > entails (see how restrained I am, Hugo:-)) I wouldn't trust any code > leaving my fingers ... So it'll have to be sometime Monday or Tuesday > ... at the earliest:-) > > BTW Jules, when you feel a bit better you really should come sample > the pickled herring ... and ... assorted attributes...:-). Would be a > shame if the world tour was on hold indefinitely;-) > > Cheers As promised, here's a patch to handle two of the things mentioned above: 1. ignore w record (stands for "deleted") if found in the header section of the body. It turns out that Jules actually treat all headers like N (for normal) records, so add that in later (not preserving the "p" or "w"), so we need do this... Just like in the body. The other place where p/w records can crop up is handled by copying the records over verbatim, just as before. I first thought this had to do with handling the Subject: (and Recieved:) headers specially, but realised it was a more common thing. Anyway, the fix is a one-liner. 2. Speedup for the normal, non-milter, case. If we haven't found any p records, skip the sometimes lengthy (depending on body size) spin through that we need when doing milters. Thus the normal case will become very close, in processing time, to how it was before the p record handling was introduced. This is actually a whooping 4 line thing:-). The thought about reintroducing "zero p records", to keep the queue files "ready for milters when locally resubmitted via semi-non-manual methods", will have to wait until another time. If ever. I don't envision that to be a big need, since you will either resubmit directly to the incoming queue (way after any "local milters"), or you'll likely not use any local milters at all (... someone will prove me wrong here, I'm sure:-). Anyway, I'm seriously swamped at work (colleagues dropping kids left, right and center... going of on paternity leave and vacation and whatnot. Sigh. Well, in a few days I'll go on vacation too:-), so that will just have to wait until I have the time to test that thoroughly (the changes should be minimal, but I have to get a handle on just _where_ to put the reintroduced "empty" p record, so that it doesn't get transformed into a N record, or somesuch:-) Jules (& everybody:-), I would be very glad if a few could test this out rather soon, and if there (pretty please) could be a beta with this in it... So that it can make it into the next stable release. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- A non-text attachment was scrubbed... Name: Postfix.pm.prec_wrec_speedup.patch Type: application/octet-stream Size: 2569 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070626/15e4619a/Postfix.pm.prec_wrec_speedup-0001.obj From daniel.maher at ubisoft.com Tue Jun 26 17:12:53 2007 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Tue Jun 26 17:12:57 2007 Subject: Doubts about PF, what are the pros/cons about other MTAs? In-Reply-To: Message-ID: <1E293D3FF63A3740B10AD5AAD88535D2052E8D9D@UBIMAIL1.ubisoft.org> > > Exim seem to extend Sendmail or am I wrong here ? > > Yes you are. :-) Exim is totally different from Sendmail. Different > setup, lots of more/extended functionality etc. > > Personally I like it a lot better than Sendmail but that does not make > it "better". Postfix (and Sendmail I presume) are supposed to handle > large (and I mean LARGE) e-mail volumes better than Exim though. In many ways, this is a moot argument. All of the major *nix MTAs (i.e. sendmail, postfix, qmail, exim, and so forth) do what they're supposed to do - namely deliver mail. Picking one over another based on perceived intrinsic benefits is a fool's errand, at best. Ultimately, the decision comes down to one of familiarity, existing competency, and community (i.e. support). If you feel confident that a particular MTA package meets a worthwhile level in those categories, then go with it. Personally, I've only /ever/ used qmail and postfix. Were I setting up a new mail system, I'd go with postfix, since I've been using it a lot lately, and I'm comfortable with it. That's that, really. -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator "The most incomprehensible thing about the world is that it is comprehensible." -- Albert Einstein. From daniel.maher at ubisoft.com Tue Jun 26 17:14:40 2007 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Tue Jun 26 17:14:43 2007 Subject: high spam score value In-Reply-To: <467FDDB1.1000109@itasoftware.com> Message-ID: <1E293D3FF63A3740B10AD5AAD88535D2052E8DA3@UBIMAIL1.ubisoft.org> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Wendi Whitsett > Sent: June 25, 2007 11:22 AM > To: MailScanner discussion > Subject: high spam score value > > What's a good value for 'high spamassassin score' ? > The default is 10 but that may be a bit too high. Anyone have any > experience with these scoring/actions... > thks I set "spam" (tag and deliver) as 6, and "high score" (discard) at 12. Works fine for my (large, multi-national) corporation, since we'd rather err on the side of letting spam through. If you're setting scores for personal use, I'd make them way lower... -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator "The most incomprehensible thing about the world is that it is comprehensible." -- Albert Einstein. From bryan.guest at bmts.com Tue Jun 26 17:39:28 2007 From: bryan.guest at bmts.com (Bryan Guest) Date: Tue Jun 26 17:39:35 2007 Subject: MailScanner startup/Sendmail Config question Message-ID: <004601c7b810$90d47a20$0b01010a@DGPTBH91> Hello: I have a question regarding the configuration of MailScanner, in the way it starts Sendmail. My Mail Gateway MTA's are configured like this: Redhat ES V4 MailScanner 4.56.8 ClamAv 0.90.1 After processing, local mail is delivered to a Mail Store machine and non-local mail is delivered to the destination MX by the MTA. As I understand it, MailScanner starts Sendmail twice. The first Sendmail accepts mail and queues it in the inbound queue. The second is the queue runner which delivers all mail passed through by MailScanner to the outbound queue. My issue is, that the first Sendmail blindly accepts mail no matter what the To: address says and queue's it. It is not doing any non-account processing. This isn't appropriate for a Gateway. I need to bounce invalid users with the first Sendmail, so that it doesn't get piled up in the outbound queue where the Mail Store machine rejects it during the delivery attempt by the outbound queue-runner. In other words, since my mail is not to be delivered locally on my MailScanner machines, how can I configure the first sendmail to reject based on invalid To: addresses? Has this problem not been encountered before? I should mention here that all our users are stored in LDAP. The Gateways and the Mail Store are LDAP aware, so that the machines know what is a valid user and what is not. But we are not using LDAP for mail routing at this time. Any information which anyone could share on this situation would be appreciated. And many thanks to Julien and everyone on this list for all the effort. Bryan Guest From glenn.steen at gmail.com Tue Jun 26 17:40:59 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 26 17:41:01 2007 Subject: milters with postfix In-Reply-To: <20070626162002.C361EFF05@mx-a.vdnet.lt> References: <20070622112921.DADFF1224A2@mx-b.vdnet.lt> <223f97700706220521i55e82a18v9c6d8e8fa5dad0dd@mail.gmail.com> <223f97700706220538y68264b9dw840d46317d92e5f9@mail.gmail.com> <223f97700706220941s32f08029o62f63ef508129f6@mail.gmail.com> <223f97700706260902h1c1ee9bcyc434b50a37d816a6@mail.gmail.com> <20070626162002.C361EFF05@mx-a.vdnet.lt> Message-ID: <223f97700706260940qa5aa5acmd0e2843d7eae3b3c@mail.gmail.com> On 26/06/07, Nerijus Baliunas wrote: > On Tue, 26 Jun 2007 18:02:52 +0200 Glenn Steen wrote: > > > 2. Speedup for the normal, non-milter, case. If we haven't found any p > > records, skip the sometimes lengthy (depending on body size) spin > > through that we need when doing milters. Thus the normal case will > > become very close, in processing time, to how it was before the p > > record handling was introduced. This is actually a whooping 4 line > > thing:-). > > It's the following change, yes? > > # Inelegant, but working. Instead of an efficient seek, we spinn through to > -# after X record. Unless we don't have a body to spin through. > - if (!$message->{nobody}) { > +# after X record. Unless we don't have a body to spin through. Also skip > +# the spin if we don't have any p records already (to not punish the normal > +# case). > + if (!$message->{nobody} || $pRecordsFound) { > > If I understand comment correctly, the last line should be > + if (!$message->{nobody} && !$pRecordsFound) { > or am I mistaken? > > Regards, > Nerijus > Argh! Yes, well... You are right that it should be and, not or... But you don't need invert the $pRecordFound... We need a body to spin through, and we need have found p records, so it should be + if (!$message->{nobody} && $pRecordsFound) { I really need that vacation:-). If my logic still is flawed, please somebody hit me over the head with it! Jules, will you need an amended patch for that? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martinh at solidstatelogic.com Tue Jun 26 17:46:17 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jun 26 17:53:10 2007 Subject: MailScanner startup/Sendmail Config question In-Reply-To: <004601c7b810$90d47a20$0b01010a@DGPTBH91> Message-ID: Brian See the wiki for a couple of milters that will do the job of checking for valid email addresses. http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta :sendmail:how_to:reject_non_existent_users -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Bryan Guest > Sent: 26 June 2007 17:39 > To: mailscanner@lists.mailscanner.info > Subject: MailScanner startup/Sendmail Config question > > Hello: > > I have a question regarding the configuration of MailScanner, in the way > it > starts Sendmail. > > My Mail Gateway MTA's are configured like this: > > Redhat ES V4 > MailScanner 4.56.8 > ClamAv 0.90.1 > > After processing, local mail is delivered to a Mail Store machine and > non-local mail is delivered to the destination MX by the MTA. > > As I understand it, MailScanner starts Sendmail twice. The first Sendmail > accepts mail and queues it in the inbound queue. The second is the queue > runner which delivers all mail passed through by MailScanner to the > outbound > queue. > > My issue is, that the first Sendmail blindly accepts mail no matter what > the > To: address says and queue's it. It is not doing any non-account > processing. This isn't appropriate for a Gateway. I need to bounce > invalid users with the first Sendmail, so that it doesn't get piled up in > the outbound queue where the Mail Store machine rejects it during the > delivery attempt by the outbound queue-runner. > > In other words, since my mail is not to be delivered locally on my > MailScanner machines, how can I configure the first sendmail to reject > based > on invalid To: addresses? Has this problem not been encountered before? > > I should mention here that all our users are stored in LDAP. The Gateways > and the Mail Store are LDAP aware, so that the machines know what is a > valid > user and what is not. But we are not using LDAP for mail routing at this > time. > > Any information which anyone could share on this situation would be > appreciated. > > And many thanks to Julien and everyone on this list for all the effort. > > Bryan Guest > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From glenn.steen at gmail.com Tue Jun 26 17:57:06 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jun 26 17:57:09 2007 Subject: milters with postfix In-Reply-To: <223f97700706260940qa5aa5acmd0e2843d7eae3b3c@mail.gmail.com> References: <20070622112921.DADFF1224A2@mx-b.vdnet.lt> <223f97700706220521i55e82a18v9c6d8e8fa5dad0dd@mail.gmail.com> <223f97700706220538y68264b9dw840d46317d92e5f9@mail.gmail.com> <223f97700706220941s32f08029o62f63ef508129f6@mail.gmail.com> <223f97700706260902h1c1ee9bcyc434b50a37d816a6@mail.gmail.com> <20070626162002.C361EFF05@mx-a.vdnet.lt> <223f97700706260940qa5aa5acmd0e2843d7eae3b3c@mail.gmail.com> Message-ID: <223f97700706260957y6275f883h2cd7a1bf8ed1c0b0@mail.gmail.com> On 26/06/07, Glenn Steen wrote: > On 26/06/07, Nerijus Baliunas wrote: > > On Tue, 26 Jun 2007 18:02:52 +0200 Glenn Steen wrote: > > > > > 2. Speedup for the normal, non-milter, case. If we haven't found any p > > > records, skip the sometimes lengthy (depending on body size) spin > > > through that we need when doing milters. Thus the normal case will > > > become very close, in processing time, to how it was before the p > > > record handling was introduced. This is actually a whooping 4 line > > > thing:-). > > > > It's the following change, yes? > > > > # Inelegant, but working. Instead of an efficient seek, we spinn through to > > -# after X record. Unless we don't have a body to spin through. > > - if (!$message->{nobody}) { > > +# after X record. Unless we don't have a body to spin through. Also skip > > +# the spin if we don't have any p records already (to not punish the normal > > +# case). > > + if (!$message->{nobody} || $pRecordsFound) { > > > > If I understand comment correctly, the last line should be > > + if (!$message->{nobody} && !$pRecordsFound) { > > or am I mistaken? > > > > Regards, > > Nerijus > > > Argh! > Yes, well... You are right that it should be and, not or... But you > don't need invert the $pRecordFound... We need a body to spin through, > and we need have found p records, so it should be > + if (!$message->{nobody} && $pRecordsFound) { > I really need that vacation:-). If my logic still is flawed, please > somebody hit me over the head with it! > > Jules, will you need an amended patch for that? > Here's the amended patch. Jeez, five lines of code and I still manage to mess it up. Sigh. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- A non-text attachment was scrubbed... Name: Postfix.pm.prec_wrec_speedup_fix.patch Type: application/octet-stream Size: 2569 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070626/ef832e3a/Postfix.pm.prec_wrec_speedup_fix.obj From Richard.Frovarp at sendit.nodak.edu Tue Jun 26 18:04:03 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Tue Jun 26 18:04:06 2007 Subject: MailScanner startup/Sendmail Config question In-Reply-To: <004601c7b810$90d47a20$0b01010a@DGPTBH91> References: <004601c7b810$90d47a20$0b01010a@DGPTBH91> Message-ID: <46814703.5090600@sendit.nodak.edu> Bryan Guest wrote: > Hello: > > I have a question regarding the configuration of MailScanner, in the > way it starts Sendmail. > > My Mail Gateway MTA's are configured like this: > > Redhat ES V4 > MailScanner 4.56.8 > ClamAv 0.90.1 > > After processing, local mail is delivered to a Mail Store machine and > non-local mail is delivered to the destination MX by the MTA. > > As I understand it, MailScanner starts Sendmail twice. The first > Sendmail accepts mail and queues it in the inbound queue. The second > is the queue runner which delivers all mail passed through by > MailScanner to the outbound queue. > > My issue is, that the first Sendmail blindly accepts mail no matter > what the To: address says and queue's it. It is not doing any > non-account processing. This isn't appropriate for a Gateway. I > need to bounce invalid users with the first Sendmail, so that it > doesn't get piled up in the outbound queue where the Mail Store > machine rejects it during the delivery attempt by the outbound > queue-runner. > > In other words, since my mail is not to be delivered locally on my > MailScanner machines, how can I configure the first sendmail to reject > based on invalid To: addresses? Has this problem not been encountered > before? > > I should mention here that all our users are stored in LDAP. The > Gateways and the Mail Store are LDAP aware, so that the machines know > what is a valid user and what is not. But we are not using LDAP for > mail routing at this time. > > Any information which anyone could share on this situation would be > appreciated. > > And many thanks to Julien and everyone on this list for all the effort. > > Bryan Guest > We have the same setup. However, we're using LDAP for mail routing. This is making it reject unknown users. You might need a milter to query LDAP if you aren't going to use it for routing. From ssilva at sgvwater.com Tue Jun 26 18:02:51 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jun 26 18:04:39 2007 Subject: MailScanner startup/Sendmail Config question In-Reply-To: <004601c7b810$90d47a20$0b01010a@DGPTBH91> References: <004601c7b810$90d47a20$0b01010a@DGPTBH91> Message-ID: Bryan Guest spake the following on 6/26/2007 9:39 AM: > Hello: > > I have a question regarding the configuration of MailScanner, in the way > it starts Sendmail. > > My Mail Gateway MTA's are configured like this: > > Redhat ES V4 > MailScanner 4.56.8 > ClamAv 0.90.1 > > After processing, local mail is delivered to a Mail Store machine and > non-local mail is delivered to the destination MX by the MTA. > > As I understand it, MailScanner starts Sendmail twice. The first > Sendmail accepts mail and queues it in the inbound queue. The second is > the queue runner which delivers all mail passed through by MailScanner > to the outbound queue. > > My issue is, that the first Sendmail blindly accepts mail no matter what > the To: address says and queue's it. It is not doing any non-account > processing. This isn't appropriate for a Gateway. I need to bounce > invalid users with the first Sendmail, so that it doesn't get piled up > in the outbound queue where the Mail Store machine rejects it during the > delivery attempt by the outbound queue-runner. > > In other words, since my mail is not to be delivered locally on my > MailScanner machines, how can I configure the first sendmail to reject > based on invalid To: addresses? Has this problem not been encountered > before? > > I should mention here that all our users are stored in LDAP. The > Gateways and the Mail Store are LDAP aware, so that the machines know > what is a valid user and what is not. But we are not using LDAP for > mail routing at this time. > > Any information which anyone could share on this situation would be > appreciated. > > And many thanks to Julien and everyone on this list for all the effort. > > Bryan Guest > > > > > > Sendmail by default should reject invalid users, but you have to let sendmail know how to determine valid users. http://logout.sh/computers/sendmail/ has some info on how to get sendmail talking to the ldap server. Or you can use a milter to check for valid users. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Tue Jun 26 18:28:44 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 26 18:33:39 2007 Subject: Beta release 4.61.4 Message-ID: <46814CCC.3000701@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just released the latest beta version, 4.61.4. *Please* test this new release if you use Postfix or if you are interested in the new watermarking feature. The main new points in this beta are: - - New feature: "watermarking" so that you can guarantee that replies to your email messages will not be caught by any of the spam traps. - - Bug fix: rare Postfix header milter support problem. - - Improvement: much easier to get binary attachment searching working with MCP. Download as usual from www.mailscanner.info. The full Change Log so far is this: * New Features and Improvements * 1 Direct support for the "clamd" virus scanner -- now talks directly to the clamd daemon without any overhead of calling clamd-wrapper or clamdscan. As a result, this should be faster than the previous clamd support. It also has a much smaller memory footprint than the "clamavmodule" scanner. This is all thanks to Rick Cooper who wrote the original code. New configuration options are - Clamd Port = 3310 - Clamd Socket = /tmp/clamd - Clamd Lock File = /var/lock/subsys/clamd - Clamd Use Threads = no The use of these settings is explained in the MailScanner.conf file. 2 Changed session handling in direct clamd virus scanner support. 3 'MailScanner --lint' now finds clamd virus scanner. 3 Made clamd subsys lock file blank by default, so it works on non-Linux systems. 3 Added another example to the Allowed Sophos Error Messages setting for password-protected files. 4 Renamed "sa-update" command and cron job to "update_spamassassin". 4 Added ability to easily disable update_virus_scanners script. 4 Added conditional call to sa-compile to update_spamassassin cron job. 4 Added to $PATH in update_phishing_sites for Solaris 10 locations. 4 Added new feature (thanks to Matt Hampton for this) to skip the spam checks on a message if it is a reply to one of your own messages. This is known as "watermarking" a message. There are 4 new configuration settings: Add Watermark = yes Skip Spam Checks If Watermark Valid = yes Watermark Secret = SOMETHING-SECRET! Watermark Lifetime = 2419200 # = 4 weeks * Fixes * 2 Fixed bug in auto-zip feature with a message containing 2 attachments with the same filename. 2 Fixed bug in auto-zip feature that would allow zipping of an attachment which had been cleaned out of the message. 3 Fixed "identified/found" bug in AVG parser. 3 Fixed bugs in Panda and AVG parsers courtesy of Rick Cooper. 3 Fixed bug in Postfix handler which caused a problem with empty messages. 4 Fixed bug in SuSE init.d script stopping MailScanner reload working properly. 4 Changed method for getting MCP to decode binary attachments (the interesting ones have "application" in their MIME type). New patch for SpamAssassin 3.2.1 Util.pm required now. No other SpamAssassin patches required at all. 4 Added definition of "noticesizeinfected" to languages.conf. 4 Added speedup (courtesy of Glenn Steen) to the new Postfix milter support. 4 Fixed rare bug in Postfix milter header support (from Glenn Steen). Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFGgU1ZEfZZRxQVtlQRAsekAKC69NleCF1go7JOyBlPzCXjz4DkNQCbBPfj OUeuAoC7cLCTgLyUUGa5FtM= =29IF -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From mailscanner at slackadelic.com Tue Jun 26 18:39:13 2007 From: mailscanner at slackadelic.com (Matt Hayes) Date: Tue Jun 26 18:39:21 2007 Subject: Beta release 4.61.4 In-Reply-To: <46814CCC.3000701@ecs.soton.ac.uk> References: <46814CCC.3000701@ecs.soton.ac.uk> Message-ID: <46814F41.1010200@slackadelic.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have just released the latest beta version, 4.61.4. I'll get this installed some time today when I find some free time. I llike the watermarking feature. -Matt From daniel.maher at ubisoft.com Tue Jun 26 18:44:47 2007 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Tue Jun 26 18:44:51 2007 Subject: Beta release 4.61.4 In-Reply-To: <46814CCC.3000701@ecs.soton.ac.uk> Message-ID: <1E293D3FF63A3740B10AD5AAD88535D2052E8E70@UBIMAIL1.ubisoft.org> > 4 Added new feature (thanks to Matt Hampton for this) to skip the spam > checks > on a message if it is a reply to one of your own messages. This is > known as > "watermarking" a message. There are 4 new configuration settings: > Add Watermark = yes > Skip Spam Checks If Watermark Valid = yes > Watermark Secret = SOMETHING-SECRET! > Watermark Lifetime = 2419200 # = 4 weeks Does this result in the addition of a header or something? Is there detailed technical documentation available for this new feature? -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator "The most incomprehensible thing about the world is that it is comprehensible." -- Albert Einstein. From nerijusb at dtiltas.lt Tue Jun 26 18:57:58 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Tue Jun 26 19:00:09 2007 Subject: milters with postfix In-Reply-To: <223f97700706260957y6275f883h2cd7a1bf8ed1c0b0@mail.gmail.com> References: <20070622112921.DADFF1224A2@mx-b.vdnet.lt><223f97700706220521i55e82a18v9c6d8e8fa5dad0dd@mail.gmail.com><223f97700706220538y68264b9dw840d46317d92e5f9@mail.gmail.com><223f97700706220941s32f08029o62f63ef508129f6@mail.gmail.com><223f97700706260902h1c1ee9bcyc434b50a37d816a6@mail.gmail.com><20070626162002.C361EFF05@mx-a.vdnet.lt><223f97700706260940qa5aa5acmd0e2843d7eae3b3c@mail.gmail.com> <223f97700706260957y6275f883h2cd7a1bf8ed1c0b0@mail.gmail.com> Message-ID: <20070626180003.DD8FAFF07@mx-a.vdnet.lt> On Tue, 26 Jun 2007 18:57:06 +0200 Glenn Steen wrote: > Here's the amended patch. Jeez, five lines of code and I still manage > to mess it up. Sigh. I tested with this patch, no more problems with corrupted headers. I see the same fix is in 4.61.4-2. Regards, Nerijus From dave.list at pixelhammer.com Tue Jun 26 19:06:48 2007 From: dave.list at pixelhammer.com (DAve) Date: Tue Jun 26 19:08:06 2007 Subject: Beta release 4.61.4 In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D2052E8E70@UBIMAIL1.ubisoft.org> References: <1E293D3FF63A3740B10AD5AAD88535D2052E8E70@UBIMAIL1.ubisoft.org> Message-ID: <468155B8.90308@pixelhammer.com> Daniel Maher wrote: >> 4 Added new feature (thanks to Matt Hampton for this) to skip the spam >> checks >> on a message if it is a reply to one of your own messages. This is >> known as >> "watermarking" a message. There are 4 new configuration settings: >> Add Watermark = yes >> Skip Spam Checks If Watermark Valid = yes >> Watermark Secret = SOMETHING-SECRET! >> Watermark Lifetime = 2419200 # = 4 weeks > > Does this result in the addition of a header or something? Is there detailed technical documentation available for this new feature? > The big question is the LifeTime. Is MailScanner caching the watermark? IF so can that cache be shared? We have multiple incoming MS servers, and multiple outgoing SMTP servers. If possible I am sure we can Ruby something up to add the watermark on the outbound servers and pass that information to the MXs. DAve > > -- > _ > ?v? Daniel Maher > /(_)\ Administrateur Syst?me Unix > ^ ^ Unix System Administrator > > "The most incomprehensible thing about the world is that it is comprehensible." -- Albert Einstein. -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From jan-peter at koopmann.eu Tue Jun 26 19:14:47 2007 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Tue Jun 26 19:14:32 2007 Subject: Beta release 4.61.4 In-Reply-To: References: <1E293D3FF63A3740B10AD5AAD88535D2052E8E70@UBIMAIL1.ubisoft.org> Message-ID: > The big question is the LifeTime. Is MailScanner caching the watermark? It is probably using a hash and/or timestamp and therefore does not need to cache anything. At least that's what other systems/recommendations use. Regards, JP From uxbod at splatnix.net Tue Jun 26 19:16:18 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Jun 26 19:16:28 2007 Subject: Beta release 4.61.4 In-Reply-To: <468155B8.90308@pixelhammer.com> References: <468155B8.90308@pixelhammer.com> Message-ID: <41df80bd69f8a360453f7eff1f6ae757@62.49.223.244> Another question :) If you were to send a email to a mailing list, like this one, could a spammer extract the watermark and spoof the to and from address to bypass MailScanner ? On Tue, 26 Jun 2007 14:06:48 -0400, DAve wrote: > Daniel Maher wrote: >>> 4 Added new feature (thanks to Matt Hampton for this) to skip the spam >>> checks >>> on a message if it is a reply to one of your own messages. This is >>> known as >>> "watermarking" a message. There are 4 new configuration settings: >>> Add Watermark = yes >>> Skip Spam Checks If Watermark Valid = yes >>> Watermark Secret = SOMETHING-SECRET! >>> Watermark Lifetime = 2419200 # = 4 weeks >> >> Does this result in the addition of a header or something? Is there > detailed technical documentation available for this new feature? >> > > The big question is the LifeTime. Is MailScanner caching the watermark? > IF so can that cache be shared? We have multiple incoming MS servers, > and multiple outgoing SMTP servers. > > If possible I am sure we can Ruby something up to add the watermark on > the outbound servers and pass that information to the MXs. > > DAve > >> >> -- >> _ >> ?v? Daniel Maher >> /(_)\ Administrateur Syst?me Unix >> ^ ^ Unix System Administrator >> >> "The most incomprehensible thing about the world is that it is > comprehensible." -- Albert Einstein. > > > -- > Three years now I've asked Google why they don't have a > logo change for Memorial Day. Why do they choose to do logos > for other non-international holidays, but nothing for > Veterans? > > Maybe they forgot who made that choice possible. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is > believed to be clean. -- --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ka at pacific.net Tue Jun 26 19:21:16 2007 From: ka at pacific.net (Ken A) Date: Tue Jun 26 19:21:19 2007 Subject: Beta release 4.61.4 In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D2052E8E70@UBIMAIL1.ubisoft.org> References: <1E293D3FF63A3740B10AD5AAD88535D2052E8E70@UBIMAIL1.ubisoft.org> Message-ID: <4681591C.7000605@pacific.net> Daniel Maher wrote: >> 4 Added new feature (thanks to Matt Hampton for this) to skip the spam >> checks >> on a message if it is a reply to one of your own messages. This is >> known as >> "watermarking" a message. There are 4 new configuration settings: >> Add Watermark = yes >> Skip Spam Checks If Watermark Valid = yes >> Watermark Secret = SOMETHING-SECRET! >> Watermark Lifetime = 2419200 # = 4 weeks > > Does this result in the addition of a header or something? Is there detailed technical documentation available for this new feature? Although it happens at the "MailScanner phase", later in the pipeline, can this take an envelope sender of <> with no watermark and tag, quarantine or delete? ... like milter-null? Thanks, Ken -- Ken Anderson Pacific.Net From MailScanner at ecs.soton.ac.uk Tue Jun 26 19:30:58 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 26 19:33:44 2007 Subject: Beta release 4.61.4 In-Reply-To: <468155B8.90308@pixelhammer.com> References: <1E293D3FF63A3740B10AD5AAD88535D2052E8E70@UBIMAIL1.ubisoft.org> <468155B8.90308@pixelhammer.com> Message-ID: <46815B62.5060805@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 DAve wrote: > Daniel Maher wrote: >>> 4 Added new feature (thanks to Matt Hampton for this) to skip the spam >>> checks >>> on a message if it is a reply to one of your own messages. This is >>> known as >>> "watermarking" a message. There are 4 new configuration settings: >>> Add Watermark = yes >>> Skip Spam Checks If Watermark Valid = yes >>> Watermark Secret = SOMETHING-SECRET! >>> Watermark Lifetime = 2419200 # = 4 weeks >> >> Does this result in the addition of a header or something? Is there >> detailed technical documentation available for this new feature? >> > > The big question is the LifeTime. Is MailScanner caching the > watermark? IF so can that cache be shared? We have multiple incoming > MS servers, and multiple outgoing SMTP servers. It doesn't need to cache anything. The timestamp of the watermark is embedded in itself. > > If possible I am sure we can Ruby something up to add the watermark on > the outbound servers and pass that information to the MXs. I just use MailScanner to add the watermark. Always worth checking your outbound mail for viruses anyway, saves any potential legal problems should you send a virus to someone. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFGgVtoEfZZRxQVtlQRAqePAKCZD1gRQDij0h6jU8BPB5Iq+nNgZQCg+D1y TX6hQQm7rXIU2fn0awyb2ik= =x2kz -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Tue Jun 26 19:28:50 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 26 19:33:45 2007 Subject: MailScanner startup/Sendmail Config question In-Reply-To: <004601c7b810$90d47a20$0b01010a@DGPTBH91> References: <004601c7b810$90d47a20$0b01010a@DGPTBH91> Message-ID: <46815AE2.5070104@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Look for milter-ahead, it will do what you want. Visit www.snertsoft.com for some very good milters. http://www.snertsoft.com/sendmail/milter-ahead/ This is what you need. It's very fast and efficient. Bryan Guest wrote: > Hello: > > I have a question regarding the configuration of MailScanner, in the > way it starts Sendmail. > > My Mail Gateway MTA's are configured like this: > > Redhat ES V4 > MailScanner 4.56.8 > ClamAv 0.90.1 > > After processing, local mail is delivered to a Mail Store machine and > non-local mail is delivered to the destination MX by the MTA. > > As I understand it, MailScanner starts Sendmail twice. The first > Sendmail accepts mail and queues it in the inbound queue. The second > is the queue runner which delivers all mail passed through by > MailScanner to the outbound queue. > > My issue is, that the first Sendmail blindly accepts mail no matter > what the To: address says and queue's it. It is not doing any > non-account processing. This isn't appropriate for a Gateway. I > need to bounce invalid users with the first Sendmail, so that it > doesn't get piled up in the outbound queue where the Mail Store > machine rejects it during the delivery attempt by the outbound > queue-runner. > > In other words, since my mail is not to be delivered locally on my > MailScanner machines, how can I configure the first sendmail to reject > based on invalid To: addresses? Has this problem not been encountered > before? > > I should mention here that all our users are stored in LDAP. The > Gateways and the Mail Store are LDAP aware, so that the machines know > what is a valid user and what is not. But we are not using LDAP for > mail routing at this time. > > Any information which anyone could share on this situation would be > appreciated. > > And many thanks to Julien and everyone on this list for all the effort. > > Bryan Guest > > > > > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFGgVtnEfZZRxQVtlQRArbTAJ4gbGLPxeSOILM8RVg/c4ywdSIR/wCdHbC6 sE4ARoP7Gpe6PJnshvThJsE= =8c5n -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From Denis.Beauchemin at USherbrooke.ca Tue Jun 26 19:47:26 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Jun 26 19:48:00 2007 Subject: Bug in 4.58.9 ? In-Reply-To: <467A7BC5.2000704@USherbrooke.ca> References: <467A7BC5.2000704@USherbrooke.ca> Message-ID: <46815F3E.5090502@USherbrooke.ca> Denis Beauchemin a ?crit : > Hello, > > Yesterday I got sendmail errors on 10 emails processed by MS. > Sendmail complained about invalid lines in the q* file. Turns out the > subject line had many returns (^M) while there was an unencoded > accented character on the subject line. > > Here is an example from a Q* file: > HX-Mailer: WhatCounts > HX-UdeS-MailScanner: Aucun code suspect =?ISO-8859-1?Q?d=E9tect=E9?= > HX-MailScanner-SpamCheck: n'est pas un polluriel, SpamAssassin (not > cached, > score=-1.103, requis 4.5, BASE64_LENGTH_79_INF 1.50, BAYES_00 > -2.60) > HSubject: > > Jean-Fran?ois, envoyez des messages qui en disent long > HX-Spam-Status: No > > The subject line has ^M that sendmail doesn't like. I just removed > them and renamed the Q* files to q* and then sendmail was happy to > send them. > > I'm not sure if the problem comes from the sender but I received over > 2000 emails from them yesterday and only 9 had this problem. This is a follow up on my problem: it didn't happen since so I figure it was not MS's fault! :-) Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070626/2f786428/smime.bin From MailScanner at ecs.soton.ac.uk Tue Jun 26 19:51:17 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 26 19:53:17 2007 Subject: Beta release 4.61.4 In-Reply-To: <41df80bd69f8a360453f7eff1f6ae757@62.49.223.244> References: <468155B8.90308@pixelhammer.com> <41df80bd69f8a360453f7eff1f6ae757@62.49.223.244> Message-ID: <46816025.6040004@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Quite possibly. Can you see any way around this problem? - --[ UxBoD ]-- wrote: > Another question :) If you were to send a email to a mailing list, like > this one, could a spammer extract the watermark and spoof the to and from > address to bypass MailScanner ? > > On Tue, 26 Jun 2007 14:06:48 -0400, DAve wrote: > >> Daniel Maher wrote: >> >>>> 4 Added new feature (thanks to Matt Hampton for this) to skip the spam >>>> checks >>>> on a message if it is a reply to one of your own messages. This is >>>> known as >>>> "watermarking" a message. There are 4 new configuration settings: >>>> Add Watermark = yes >>>> Skip Spam Checks If Watermark Valid = yes >>>> Watermark Secret = SOMETHING-SECRET! >>>> Watermark Lifetime = 2419200 # = 4 weeks >>>> >>> Does this result in the addition of a header or something? Is there >>> >> detailed technical documentation available for this new feature? >> >> The big question is the LifeTime. Is MailScanner caching the watermark? >> IF so can that cache be shared? We have multiple incoming MS servers, >> and multiple outgoing SMTP servers. >> >> If possible I am sure we can Ruby something up to add the watermark on >> the outbound servers and pass that information to the MXs. >> >> DAve >> >> >>> -- >>> _ >>> ?v? Daniel Maher >>> /(_)\ Administrateur Syst?me Unix >>> ^ ^ Unix System Administrator >>> >>> "The most incomprehensible thing about the world is that it is >>> >> comprehensible." -- Albert Einstein. >> >> >> -- >> Three years now I've asked Google why they don't have a >> logo change for Memorial Day. Why do they choose to do logos >> for other non-international holidays, but nothing for >> Veterans? >> >> Maybe they forgot who made that choice possible. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is >> believed to be clean. >> Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: UTF-8 wj8DBQFGgWAnEfZZRxQVtlQRAoaXAKCFJGH05XzWPOisIIJbzMDI93R+6wCfUKpZ MNsVDuaq7B4WvueOwWD2oD4= =79kM -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Tue Jun 26 19:50:13 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 26 19:53:33 2007 Subject: Beta release 4.61.4 In-Reply-To: <4681591C.7000605@pacific.net> References: <1E293D3FF63A3740B10AD5AAD88535D2052E8E70@UBIMAIL1.ubisoft.org> <4681591C.7000605@pacific.net> Message-ID: <46815FE5.90900@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ken A wrote: > Daniel Maher wrote: >>> 4 Added new feature (thanks to Matt Hampton for this) to skip the spam >>> checks >>> on a message if it is a reply to one of your own messages. This is >>> known as >>> "watermarking" a message. There are 4 new configuration settings: >>> Add Watermark = yes >>> Skip Spam Checks If Watermark Valid = yes >>> Watermark Secret = SOMETHING-SECRET! >>> Watermark Lifetime = 2419200 # = 4 weeks >> >> Does this result in the addition of a header or something? Is there > detailed technical documentation available for this new feature? > > Although it happens at the "MailScanner phase", later in the pipeline, > can this take an envelope sender of <> with no watermark and tag, > quarantine or delete? ... like milter-null? I don't think Matt thought of that one. I guess it could do that too. It could be treated as spam or high-scoring spam. That would be simple to add. Matt ---What do you think of this? Handle unmarked null senders as = not spam | spam | high-scoring spam Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFGgWAYEfZZRxQVtlQRArRdAJ9Rr1CLpal9jgNF1Iea21GSz/QtlwCcCAJT JIkjfY1D6mO1hUlvlLxZdYo= =l7su -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From hvdkooij at vanderkooij.org Tue Jun 26 19:54:03 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Jun 26 19:55:01 2007 Subject: Mailscanner message delays / load issue In-Reply-To: <6EEC6D949794754FB8D83A4D87DF7168B368A1@gh-redd-exch-01.redditch.ntltravel.local> References: <6EEC6D949794754FB8D83A4D87DF7168B368A1@gh-redd-exch-01.redditch.ntltravel.local> Message-ID: On Tue, 26 Jun 2007, Alistair Carmichael wrote: > We receive approximately 30,000 messages each day which are handled by a > cluster of 2 servers via DNS round robin, the load on both machines is > steadily at about 5,5,5 with clamscan processes constantly being at the > top of the process list in terms of cpu usage. We are also seeing log > entries similar to this constantly appearing in the maillog. > > MailScanner[31171]: Commercial scanner clamav timed out! clamscan is notorious for this. You will find loads of threads on ClamAV in the archives of this mailinglist. In fact clamscan is the worst way to call upon ClamAV. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From dave.list at pixelhammer.com Tue Jun 26 19:57:06 2007 From: dave.list at pixelhammer.com (DAve) Date: Tue Jun 26 19:58:31 2007 Subject: Beta release 4.61.4 In-Reply-To: <46815B62.5060805@ecs.soton.ac.uk> References: <1E293D3FF63A3740B10AD5AAD88535D2052E8E70@UBIMAIL1.ubisoft.org> <468155B8.90308@pixelhammer.com> <46815B62.5060805@ecs.soton.ac.uk> Message-ID: <46816182.3000906@pixelhammer.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > DAve wrote: >> Daniel Maher wrote: >>>> 4 Added new feature (thanks to Matt Hampton for this) to skip the spam >>>> checks >>>> on a message if it is a reply to one of your own messages. This is >>>> known as >>>> "watermarking" a message. There are 4 new configuration settings: >>>> Add Watermark = yes >>>> Skip Spam Checks If Watermark Valid = yes >>>> Watermark Secret = SOMETHING-SECRET! >>>> Watermark Lifetime = 2419200 # = 4 weeks >>> Does this result in the addition of a header or something? Is there >>> detailed technical documentation available for this new feature? >>> >> The big question is the LifeTime. Is MailScanner caching the >> watermark? IF so can that cache be shared? We have multiple incoming >> MS servers, and multiple outgoing SMTP servers. > It doesn't need to cache anything. The timestamp of the watermark is > embedded in itself. >> If possible I am sure we can Ruby something up to add the watermark on >> the outbound servers and pass that information to the MXs. > I just use MailScanner to add the watermark. Always worth checking your > outbound mail for viruses anyway, saves any potential legal problems > should you send a virus to someone. We do check our outbound mail for spam and virus, and rate, and max rcpts, so on and so on. But we do not use MS on those servers. DAve > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.2 (Build 2014) > Charset: ISO-8859-1 > > wj8DBQFGgVtoEfZZRxQVtlQRAqePAKCZD1gRQDij0h6jU8BPB5Iq+nNgZQCg+D1y > TX6hQQm7rXIU2fn0awyb2ik= > =x2kz > -----END PGP SIGNATURE----- > -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From matt at coders.co.uk Tue Jun 26 20:12:27 2007 From: matt at coders.co.uk (Matt Hampton) Date: Tue Jun 26 20:10:03 2007 Subject: Beta release 4.61.4 In-Reply-To: References: <1E293D3FF63A3740B10AD5AAD88535D2052E8E70@UBIMAIL1.ubisoft.org> <4681591C.7000605@pacific.net> Message-ID: <4681651B.7000000@coders.co.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > > > Matt ---What do you think of this? > Handle unmarked null senders as = not spam | spam | high-scoring spam Hadn't thought of that - yes that should be possible - I'll look at it after dinner. Should be relatively simple. Would suggest that the option is: Handle unmarked null senders as = ignore | spam | high-scoring spam matt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGgWUbAA2I10nBC+YRAhFXAJ9MzJLXJLANDCCe/j/dFNLx5xQKZACgrTKL WwGQi2ruvTyF0AydYp5Ft/8= =aEG5 -----END PGP SIGNATURE----- From uxbod at splatnix.net Tue Jun 26 20:15:12 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Jun 26 20:15:15 2007 Subject: Beta release 4.61.4 In-Reply-To: <46816025.6040004@ecs.soton.ac.uk> References: <46816025.6040004@ecs.soton.ac.uk> Message-ID: It is a difficult one Jules. More constants have to be included in the hash, that are also very difficult to spoof. I have having a look at the RFC to see what I can come up with. On Tue, 26 Jun 2007 19:51:17 +0100, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Quite possibly. Can you see any way around this problem? > > - --[ UxBoD ]-- wrote: >> Another question :) If you were to send a email to a mailing list, like >> this one, could a spammer extract the watermark and spoof the to and > from >> address to bypass MailScanner ? >> >> On Tue, 26 Jun 2007 14:06:48 -0400, DAve > wrote: >> >>> Daniel Maher wrote: >>> >>>>> 4 Added new feature (thanks to Matt Hampton for this) to skip the > spam >>>>> checks >>>>> on a message if it is a reply to one of your own messages. This is >>>>> known as >>>>> "watermarking" a message. There are 4 new configuration settings: >>>>> Add Watermark = yes >>>>> Skip Spam Checks If Watermark Valid = yes >>>>> Watermark Secret = SOMETHING-SECRET! >>>>> Watermark Lifetime = 2419200 # = 4 weeks >>>>> >>>> Does this result in the addition of a header or something? Is there >>>> >>> detailed technical documentation available for this new feature? >>> >>> The big question is the LifeTime. Is MailScanner caching the watermark? >>> IF so can that cache be shared? We have multiple incoming MS servers, >>> and multiple outgoing SMTP servers. >>> >>> If possible I am sure we can Ruby something up to add the watermark on >>> the outbound servers and pass that information to the MXs. >>> >>> DAve >>> >>> >>>> -- >>>> _ >>>> ?v? Daniel Maher >>>> /(_)\ Administrateur Syst?me Unix >>>> ^ ^ Unix System Administrator >>>> >>>> "The most incomprehensible thing about the world is that it is >>>> >>> comprehensible." -- Albert Einstein. >>> >>> >>> -- >>> Three years now I've asked Google why they don't have a >>> logo change for Memorial Day. Why do they choose to do logos >>> for other non-international holidays, but nothing for >>> Veterans? >>> >>> Maybe they forgot who made that choice possible. >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> -- >>> This message has been scanned for viruses and dangerous content by >>> MailScanner, and is >>> believed to be clean. >>> > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.2 (Build 2014) > Charset: UTF-8 > > wj8DBQFGgWAnEfZZRxQVtlQRAoaXAKCFJGH05XzWPOisIIJbzMDI93R+6wCfUKpZ > MNsVDuaq7B4WvueOwWD2oD4= > =79kM > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From matt at coders.co.uk Tue Jun 26 20:20:39 2007 From: matt at coders.co.uk (Matt Hampton) Date: Tue Jun 26 20:17:57 2007 Subject: Beta release 4.61.4 In-Reply-To: <1Ljp3dWYLQUMZgXftynhdQ!1182884092.5582@46816025.6040004@ecs.soton.ac.uk> References: <468155B8.90308@pixelhammer.com> <41df80bd69f8a360453f7eff1f6ae757@62.49.223.244> <1Ljp3dWYLQUMZgXftynhdQ!1182884092.5582@46816025.6040004@ecs.soton.ac.uk> Message-ID: <46816707.80300@coders.co.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > Quite possibly. Can you see any way around this problem? > > --[ UxBoD ]-- wrote: >> Another question :) If you were to send a email to a mailing list, like >> this one, could a spammer extract the watermark and spoof the to and from >> address to bypass MailScanner ? > Avoiding top-posting ;-) Yup they could. When I wrote this originally it was for two mutually trusted servers to be able to send messages to each other without having to scan the message - this avoided IP spoofing etc. My thoughts on this would be to a) shorten the validity period b) use a ruleset to stop the message being signed c) change the options so: Check Water Mark = Yes If Water Mark Is Valid = Skip | Is-Definately-Not-High-Spam Comments on this one??? matt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGgWcHAA2I10nBC+YRAqmWAJ9ap5dP5x1BKwMPgtkDaVLWoxZtZQCePH1l HLLD1ZOyvnHumceBOLIBr3Q= =Bg55 -----END PGP SIGNATURE----- From nerijusb at dtiltas.lt Tue Jun 26 20:28:25 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Tue Jun 26 20:30:08 2007 Subject: Beta release 4.61.4 In-Reply-To: <46814CCC.3000701@ecs.soton.ac.uk> References: <46814CCC.3000701@ecs.soton.ac.uk> Message-ID: <20070626192910.46A2B1224B5@mx-b.vdnet.lt> On Tue, 26 Jun 2007 18:28:44 +0100 Julian Field wrote: > - - Bug fix: rare Postfix header milter support problem. This is fixed. > 4 Renamed "sa-update" command and cron job to "update_spamassassin". I did a diff between these scripts in cron.daily and I see you call /usr/bin/update_spamassassin instead of /usr/bin/sa-update now, but there's no /usr/bin/update_spamassassin in rpm file, only in tar.gz. BTW, update_spamassassin should probably be in /usr/sbin, not /usr/bin, like all other update_* scripts. > 4 Added ability to easily disable update_virus_scanners script. I see you added it to /usr/sbin/update_virus_scanners, but I'd like it to be added to /etc/cron.hourly/update_virus_scanners too. And this file should be marked as config file in rpm, so that updates don't overwrite it. The "Linux RPM spec file" download link in Downloads (http://www.mailscanner.info/files/4/MailScanner.spec) is for an old version 4.26.5, so the patch will probably not apply, but here it is: --- MailScanner.spec.orig 2004-01-23 14:26:14.000000000 +0200 +++ MailScanner.spec 2007-06-26 22:25:14.000000000 +0300 @@ -325,2 +325,3 @@ %attr(755,root,root) /usr/sbin/update_virus_scanners +%attr(755,root,root) /usr/sbin/update_spamassassin %attr(755,root,root) /usr/sbin/upgrade_MailScanner_conf @@ -328,3 +329,3 @@ %attr(755,root,root) /etc/cron.hourly/check_MailScanner -%attr(755,root,root) /etc/cron.hourly/update_virus_scanners +%config(noreplace) %attr(755,root,root) /etc/cron.hourly/update_virus_scanners %config(noreplace) %attr(755,root,root) /etc/cron.daily/clean.quarantine Regards, Nerijus From stinkybob at gmail.com Tue Jun 26 20:47:58 2007 From: stinkybob at gmail.com (Eugene MacDougal) Date: Tue Jun 26 20:48:03 2007 Subject: Multiple MailScanner servers Message-ID: <2579c6b20706261247j10ed98cdx68d93c49cd4a1a4b@mail.gmail.com> Are there any recommended methods for pushing changes from one MailScanner to another in a multiple server environment? I am about to deploy three MS servers and am curious what everyone else does. I'm planning on scp'ing the files to my other servers and using sudo to install them in the appropriate places. Am I doing the best thing already, or is there some "super-cool" admin tool that I've not read about. -Eugene -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070626/2b788b0e/attachment.html From Denis.Beauchemin at USherbrooke.ca Tue Jun 26 20:59:29 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Jun 26 21:00:08 2007 Subject: Multiple MailScanner servers In-Reply-To: <2579c6b20706261247j10ed98cdx68d93c49cd4a1a4b@mail.gmail.com> References: <2579c6b20706261247j10ed98cdx68d93c49cd4a1a4b@mail.gmail.com> Message-ID: <46817021.8040506@USherbrooke.ca> Eugene MacDougal a ?crit : > Are there any recommended methods for pushing changes from one > MailScanner to another in a multiple server environment? I am about > to deploy three MS servers and am curious what everyone else does. > > I'm planning on scp'ing the files to my other servers and using sudo > to install them in the appropriate places. > > Am I doing the best thing already, or is there some "super-cool" admin > tool that I've not read about. > > -Eugene Eugene, I do the same thing as you are about to do but I scp through a "mailscanner" user for which I have the public keys on my remote MS servers. That way I push the files directly in the right directory and I finish with a "ssh server /usr/bin/sudo /sbin/service MailScanner reload". Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070626/0e4eb2a9/smime.bin From MailScanner at ecs.soton.ac.uk Tue Jun 26 21:06:29 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 26 21:08:53 2007 Subject: Beta release 4.61.4 In-Reply-To: <20070626192910.46A2B1224B5@mx-b.vdnet.lt> References: <46814CCC.3000701@ecs.soton.ac.uk> <20070626192910.46A2B1224B5@mx-b.vdnet.lt> Message-ID: <468171C5.9040603@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070626/f0a1cc56/PGP.bin From derek at csolve.net Tue Jun 26 21:12:57 2007 From: derek at csolve.net (Derek Buttineau) Date: Tue Jun 26 21:13:04 2007 Subject: Multiple MailScanner servers In-Reply-To: <2579c6b20706261247j10ed98cdx68d93c49cd4a1a4b@mail.gmail.com> References: <2579c6b20706261247j10ed98cdx68d93c49cd4a1a4b@mail.gmail.com> Message-ID: On 2007-Jun-26, at 3:47 PM, Eugene MacDougal wrote: > Are there any recommended methods for pushing changes from one > MailScanner to another in a multiple server environment? I am > about to deploy three MS servers and am curious what everyone else > does. > > I'm planning on scp'ing the files to my other servers and using > sudo to install them in the appropriate places. > > Am I doing the best thing already, or is there some "super-cool" > admin tool that I've not read about. I use rsync to synchronize the configuration files on my config server to the mailscanner servers. The servers run a small daemon that watches for changes to files in this synched directory and will move changed files to their proper directories and restart mailscanner. -- Regards, Derek Buttineau Internet Systems Developer Compu-SOLVE Internet Services Compu-SOLVE Technologies, Inc Phone: 705-725-1212 x255 E-Mail: derek@csolve.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070626/d6addc7c/attachment.html From carock at epconline.com Tue Jun 26 21:19:52 2007 From: carock at epconline.com (Chuck Rock) Date: Tue Jun 26 21:20:29 2007 Subject: Multiple MailScanner servers In-Reply-To: Message-ID: <03ef01c7b82f$5a9e3580$8c007f0a@epctech.com> You can also use rsync to restart the services instead of running a separate process to watch the files. /usr/local/bin/rsync -q -e ssh root@yourserver:'`/root/scripts/restart-sendmail.pl`' Chuck _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Derek Buttineau Sent: Tuesday, June 26, 2007 3:13 PM To: MailScanner discussion Subject: Re: Multiple MailScanner servers On 2007-Jun-26, at 3:47 PM, Eugene MacDougal wrote: Are there any recommended methods for pushing changes from one MailScanner to another in a multiple server environment? I am about to deploy three MS servers and am curious what everyone else does. I'm planning on scp'ing the files to my other servers and using sudo to install them in the appropriate places. Am I doing the best thing already, or is there some "super-cool" admin tool that I've not read about. I use rsync to synchronize the configuration files on my config server to the mailscanner servers. The servers run a small daemon that watches for changes to files in this synched directory and will move changed files to their proper directories and restart mailscanner. -- Regards, Derek Buttineau Internet Systems Developer Compu-SOLVE Internet Services Compu-SOLVE Technologies, Inc Phone: 705-725-1212 x255 E-Mail: derek@csolve.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070626/09da7999/attachment.html From holger at gebhardweb.de Tue Jun 26 21:56:11 2007 From: holger at gebhardweb.de (Holger Gebhard) Date: Tue Jun 26 21:56:18 2007 Subject: problem with the f-secure wrapper (resolved [quick+dirty]) In-Reply-To: <4681237A.7080406@ecs.soton.ac.uk> References: <4680FBBE.4050207@ftb-net.de> <46811E66.7070308@ftb-net.de> <4681237A.7080406@ecs.soton.ac.uk> Message-ID: <005101c7b834$6d30e6c0$4792b440$@de> Hi Dirk, what version of f-secure is running on your gateway? I use the latest f-secure anti-virus for linux gateways in Version 4.65 with no problems so far. I believe to remember that f-secure for linux gateways is the only legitimate version for emailscanning on gateway side. Here is a sample output from scanner: F-Secure Anti-Virus for Linux Gateways version 4.65 build 5446 Copyright (c) 1999-2004 F-Secure Corporation. All Rights Reserved. Scan started at Tue Jun 26 22:37:34 2007 Database version: 2007-06-26_12 Best regards, Holger Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Im Auftrag von Julian Field Gesendet: Dienstag, 26. Juni 2007 16:32 An: Dirk Clemens Cc: MailScanner discussion Betreff: Re: problem with the f-secure wrapper (resolved [quick+dirty]) Please can you send me (off-list) a fully licensed copy of the version of F-Secure you are using, with all necessary licence key files. I can guarantee you that it will be only used for development purposes, and that I will not give it to anyone else. Without it, I can't develop a proper fix. Best regards, Jules. Dirk Clemens wrote: * PGP Signed by an unknown key I have resolved the problem: The new f-secure scanner prints the following header: ========== # fsav --dumb --archive --action1=none /tmp/test F-Secure Security Platform version 1.10 build 6192 Copyright (c) 1999-2007 F-Secure Corporation. All Rights Reserved. .... ========= MailScanner thinks, f-secure has the version 1.10 and uses the old style report. my quick and dirty workaround: the following patch: =================================================================== --- SweepViruses.pm (revision 585) +++ SweepViruses.pm (working copy) @@ -207,7 +207,7 @@ Lock => 'FSecureBusy.lock', CommonOptions => '--dumb --archive', DisinfectOptions => '--auto --disinf', - ScanOptions => '', + ScanOptions => '--action1=none', InitParser => \&InitFSecureParser, ProcessOutput => \&ProcessFSecureOutput, SupportScanning => $S_SUPPORTED, @@ -1900,7 +1900,8 @@ MailScanner::Log::InfoLog($logout); # If we are running the new version then there's a totally new parser here - if ($fsecure_Version >= 4.50) { + #if ($fsecure_Version >= 4.50) { + if (1) { #./g4UFLJR23090/Keld Jrn Simonsen: Infected: EICAR_Test_File [F-Prot] #./g4UFLJR23090/Keld Jrn Simonsen: Infected: EICAR-Test-File [AVP] I need also the changes I have described in the mail before: 3.) When I insert the line line into the wrapper ... ===== Root=$1 shift # the new test line: exec $Root/bin/fsav "$@" ===== Dirk -- Dirk Clemens dc@ftb-volmarstein.de http://ftb-net.de FTB - Forschungsinstitut Technologie-Behindertenhilfe Grundsch?tteler Strasse 40, 58300 Wetter Telefon: 02335/9681-53 Telefax: 02335/9681-19 * Unknown Key * 0xF91EA1AD(L) Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070626/fe7046b4/attachment.html From MailScanner at ecs.soton.ac.uk Tue Jun 26 22:13:32 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jun 26 22:15:49 2007 Subject: Beta release 4.61.4 In-Reply-To: References: <46816025.6040004@ecs.soton.ac.uk> Message-ID: <4681817C.9080804@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This code has had to be removed, due to potential patent problems in the USA. I don't want to distribute different copies of MailScanner for US and non-US markets, and have no way of controlling who gets what version. So it's gone and it ain't coming back. Sorry guys. If you want to read about how it works, look up http://en.wikipedia.org/wiki/HMAC . - --[ UxBoD ]-- wrote: > It is a difficult one Jules. More constants have to be included in the > hash, that are also very difficult to spoof. I have having a look at the > RFC to see what I can come up with. > > On Tue, 26 Jun 2007 19:51:17 +0100, Julian Field > wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Quite possibly. Can you see any way around this problem? >> >> - --[ UxBoD ]-- wrote: >> >>> Another question :) If you were to send a email to a mailing list, like >>> this one, could a spammer extract the watermark and spoof the to and >>> >> from >> >>> address to bypass MailScanner ? >>> >>> On Tue, 26 Jun 2007 14:06:48 -0400, DAve >>> >> wrote: >> >>> >>> >>>> Daniel Maher wrote: >>>> >>>> >>>>>> 4 Added new feature (thanks to Matt Hampton for this) to skip the >>>>>> >> spam >> >>>>>> checks >>>>>> on a message if it is a reply to one of your own messages. This is >>>>>> known as >>>>>> "watermarking" a message. There are 4 new configuration settings: >>>>>> Add Watermark = yes >>>>>> Skip Spam Checks If Watermark Valid = yes >>>>>> Watermark Secret = SOMETHING-SECRET! >>>>>> Watermark Lifetime = 2419200 # = 4 weeks >>>>>> >>>>>> >>>>> Does this result in the addition of a header or something? Is there >>>>> >>>>> >>>> detailed technical documentation available for this new feature? >>>> >>>> The big question is the LifeTime. Is MailScanner caching the watermark? >>>> IF so can that cache be shared? We have multiple incoming MS servers, >>>> and multiple outgoing SMTP servers. >>>> >>>> If possible I am sure we can Ruby something up to add the watermark on >>>> the outbound servers and pass that information to the MXs. >>>> >>>> DAve >>>> >>>> >>>> >>>>> -- >>>>> _ >>>>> ?v? Daniel Maher >>>>> /(_)\ Administrateur Syst?me Unix >>>>> ^ ^ Unix System Administrator >>>>> >>>>> "The most incomprehensible thing about the world is that it is >>>>> >>>>> >>>> comprehensible." -- Albert Einstein. >>>> >>>> >>>> -- >>>> Three years now I've asked Google why they don't have a >>>> logo change for Memorial Day. Why do they choose to do logos >>>> for other non-international holidays, but nothing for >>>> Veterans? >>>> >>>> Maybe they forgot who made that choice possible. >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> -- >>>> This message has been scanned for viruses and dangerous content by >>>> MailScanner, and is >>>> believed to be clean. >>>> >>>> >> Jules >> >> - -- >> Julian Field MEng CITP >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> For all your IT requirements visit www.transtec.co.uk >> >> >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.6.2 (Build 2014) >> Charset: UTF-8 >> >> wj8DBQFGgWAnEfZZRxQVtlQRAoaXAKCFJGH05XzWPOisIIJbzMDI93R+6wCfUKpZ >> MNsVDuaq7B4WvueOwWD2oD4= >> =79kM >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> For all your IT requirements visit www.transtec.co.uk >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: UTF-8 wj8DBQFGgYF+EfZZRxQVtlQRAnpYAJ90tlBKw7gYO0zqNRWe+8fSPte/RACgvFQA pSj/HFbqMVAmAwMHeyn89Y0= =shnH -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From nerijusb at dtiltas.lt Tue Jun 26 22:34:21 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Tue Jun 26 22:40:04 2007 Subject: Beta release 4.61.4 In-Reply-To: <468171C5.9040603@ecs.soton.ac.uk> References: <46814CCC.3000701@ecs.soton.ac.uk><20070626192910.46A2B1224B5@mx-b.vdnet.lt> <468171C5.9040603@ecs.soton.ac.uk> Message-ID: <20070626213907.54E7C1224A6@mx-b.vdnet.lt> On Tue, 26 Jun 2007 21:06:29 +0100 Julian Field wrote: > > I did a diff between these scripts in cron.daily and I see you call /usr/bin/update_spamassassin > > instead of /usr/bin/sa-update now, but there's no /usr/bin/update_spamassassin > > in rpm file, only in tar.gz. BTW, update_spamassassin should probably be in > > /usr/sbin, not /usr/bin, like all other update_* scripts. > > > Fixed. You added /usr/sbin/update_spamassassin to rpm, thanks, but /etc/cron.daily/update_spamassassin contains /usr/bin/update_spamassassin inside (instead of /usr/sbin/...). Regards, Nerijus From sandrews at andrewscompanies.com Tue Jun 26 23:46:35 2007 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Tue Jun 26 23:46:38 2007 Subject: Beta release 4.61.4 In-Reply-To: <4681817C.9080804@ecs.soton.ac.uk> References: <46816025.6040004@ecs.soton.ac.uk> <4681817C.9080804@ecs.soton.ac.uk> Message-ID: <1964AAFBC212F742958F9275BF63DBB04B0D54@winchester.andrewscompanies.com> It's not the concept of the watermarking, but the hash method that's the issue here? If so, let's just come up with a better way to create the hash... -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Tuesday, June 26, 2007 5:14 PM To: MailScanner discussion Subject: Re: Beta release 4.61.4 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This code has had to be removed, due to potential patent problems in the USA. I don't want to distribute different copies of MailScanner for US and non-US markets, and have no way of controlling who gets what version. So it's gone and it ain't coming back. Sorry guys. If you want to read about how it works, look up http://en.wikipedia.org/wiki/HMAC . - --[ UxBoD ]-- wrote: > It is a difficult one Jules. More constants have to be included in > the hash, that are also very difficult to spoof. I have having a look > at the RFC to see what I can come up with. > > On Tue, 26 Jun 2007 19:51:17 +0100, Julian Field > wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Quite possibly. Can you see any way around this problem? >> >> - --[ UxBoD ]-- wrote: >> >>> Another question :) If you were to send a email to a mailing list, >>> like this one, could a spammer extract the watermark and spoof the >>> to and >>> >> from >> >>> address to bypass MailScanner ? >>> >>> On Tue, 26 Jun 2007 14:06:48 -0400, DAve >>> >> wrote: >> >>> >>> >>>> Daniel Maher wrote: >>>> >>>> >>>>>> 4 Added new feature (thanks to Matt Hampton for this) to skip the >>>>>> >> spam >> >>>>>> checks >>>>>> on a message if it is a reply to one of your own messages. This >>>>>> is known as >>>>>> "watermarking" a message. There are 4 new configuration settings: >>>>>> Add Watermark = yes >>>>>> Skip Spam Checks If Watermark Valid = yes >>>>>> Watermark Secret = SOMETHING-SECRET! >>>>>> Watermark Lifetime = 2419200 # = 4 weeks >>>>>> >>>>>> >>>>> Does this result in the addition of a header or something? Is >>>>> there >>>>> >>>>> >>>> detailed technical documentation available for this new feature? >>>> >>>> The big question is the LifeTime. Is MailScanner caching the watermark? >>>> IF so can that cache be shared? We have multiple incoming MS >>>> servers, and multiple outgoing SMTP servers. >>>> >>>> If possible I am sure we can Ruby something up to add the watermark >>>> on the outbound servers and pass that information to the MXs. >>>> >>>> DAve >>>> >>>> >>>> >>>>> -- >>>>> _ >>>>> ?v? Daniel Maher >>>>> /(_)\ Administrateur Syst?me Unix >>>>> ^ ^ Unix System Administrator >>>>> >>>>> "The most incomprehensible thing about the world is that it is >>>>> >>>>> >>>> comprehensible." -- Albert Einstein. >>>> >>>> >>>> -- >>>> Three years now I've asked Google why they don't have a logo change >>>> for Memorial Day. Why do they choose to do logos for other >>>> non-international holidays, but nothing for Veterans? >>>> >>>> Maybe they forgot who made that choice possible. >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> -- >>>> This message has been scanned for viruses and dangerous content by >>>> MailScanner, and is believed to be clean. >>>> >>>> >> Jules >> >> - -- >> Julian Field MEng CITP >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For >> all your IT requirements visit www.transtec.co.uk >> >> >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.6.2 (Build 2014) >> Charset: UTF-8 >> >> wj8DBQFGgWAnEfZZRxQVtlQRAoaXAKCFJGH05XzWPOisIIJbzMDI93R+6wCfUKpZ >> MNsVDuaq7B4WvueOwWD2oD4= >> =79kM >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is believed to be clean. >> For all your IT requirements visit www.transtec.co.uk >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: UTF-8 wj8DBQFGgYF+EfZZRxQVtlQRAnpYAJ90tlBKw7gYO0zqNRWe+8fSPte/RACgvFQA pSj/HFbqMVAmAwMHeyn89Y0= =shnH -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mailscanner at henryg.net Wed Jun 27 00:04:46 2007 From: mailscanner at henryg.net (mailscanner@henryg.net) Date: Wed Jun 27 00:01:19 2007 Subject: (no subject) Message-ID: Hello List I am new to mailscanner. I would like to use MS with CommunigatePro. I have found some past refference to ms2cgp/cgp2ms. Looks the author has stoped using/supporting these scripts. Is there another solution available or are these scripts still available? henryg From res at ausics.net Wed Jun 27 00:10:46 2007 From: res at ausics.net (Res) Date: Wed Jun 27 00:10:56 2007 Subject: MailScanner startup/Sendmail Config question In-Reply-To: <004601c7b810$90d47a20$0b01010a@DGPTBH91> References: <004601c7b810$90d47a20$0b01010a@DGPTBH91> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NotDashEscaped: You need GnuPG to verify this message On Tue, 26 Jun 2007, Bryan Guest wrote: > My issue is, that the first Sendmail blindly accepts mail no matter what the > To: address says and queue's it. It is not doing any non-account processing. > This isn't appropriate for a Gateway. I need to bounce invalid users with This certainly is not appropriate :) There is milter-ahead (commercial I think), also a free milter we use that works very well, smf-sav, it also does sender verification, you can disable sender verification if you want and just use recipient verification. It works well, several sendmail boxes protecting the backend qmail based mail stores with it here. -- Cheers Res -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGgZz2sWhAmSIQh7MRAn8oAJ9v+jbXWRLig/6Cn/Ja2Kw1sf9ZpgCghsE8 iaR6uHTJv93tMjmT5e2emh8= =Q+o0 -----END PGP SIGNATURE----- From ssilva at sgvwater.com Wed Jun 27 00:17:29 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 27 00:20:29 2007 Subject: (no subject) In-Reply-To: References: Message-ID: mailscanner@henryg.net spake the following on 6/26/2007 4:04 PM: > Hello List > I am new to mailscanner. I would like to use MS with CommunigatePro. I > have found some past refference to ms2cgp/cgp2ms. Looks the author has > stoped using/supporting these scripts. Is there another solution > available or are these scripts still available? > > henryg Why not just use a gateway device with mailscanner on it? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mailscanner at henryg.net Wed Jun 27 00:43:28 2007 From: mailscanner at henryg.net (mailscanner@henryg.net) Date: Wed Jun 27 00:40:03 2007 Subject: (no subject) In-Reply-To: References: Message-ID: On Tue, 26 Jun 2007 16:17:29 -0700 Scott Silva wrote: > mailscanner@henryg.net spake the following on 6/26/2007 4:04 PM: >> Hello List >> I am new to mailscanner. I would like to use MS with CommunigatePro. I >> have found some past refference to ms2cgp/cgp2ms. Looks the author has >> stoped using/supporting these scripts. Is there another solution >> available or are these scripts still available? >> >> henryg > Why not just use a gateway device with mailscanner on it? > That would be my second choice. This system is low volume 50-100 users. one system would would be less to maintain. Host is debian 4.0 etch CGP 5.1.9. From steve.freegard at fsl.com Wed Jun 27 00:44:10 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Wed Jun 27 00:44:14 2007 Subject: Beta release 4.61.4 In-Reply-To: <1964AAFBC212F742958F9275BF63DBB04B0D54@winchester.andrewscompanies.com> References: <46816025.6040004@ecs.soton.ac.uk> <4681817C.9080804@ecs.soton.ac.uk> <1964AAFBC212F742958F9275BF63DBB04B0D54@winchester.andrewscompanies.com> Message-ID: <4681A4CA.7080300@fsl.com> Steven Andrews wrote: > It's not the concept of the watermarking, but the hash method that's the issue here? If so, let's just come up with a better way to create the hash... No - I'm afraid it is the actual concept of e-mail watermarking and how it is implemented. There is a US patent pending on this currently. Kind regards, Steve. -- Steve Freegard Development Director Fort Systems Ltd. From nerijusb at dtiltas.lt Wed Jun 27 01:03:24 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Wed Jun 27 01:10:10 2007 Subject: Beta release 4.61.4 In-Reply-To: <4681A4CA.7080300@fsl.com> References: <46816025.6040004@ecs.soton.ac.uk> <4681817C.9080804@ecs.soton.ac.uk><1964AAFBC212F742958F9275BF63DBB04B0D54@winchester.andrewscompanies.com> <4681A4CA.7080300@fsl.com> Message-ID: <20070627000908.1FB151224A5@mx-b.vdnet.lt> On Wed, 27 Jun 2007 00:44:10 +0100 Steve Freegard wrote: > No - I'm afraid it is the actual concept of e-mail watermarking and how > it is implemented. There is a US patent pending on this currently. So until it is in a pending state is it possible to publish the code or not? Regards, Nerijus From seamus at rheelweb.co.nz Wed Jun 27 03:12:36 2007 From: seamus at rheelweb.co.nz (Seamus Allan) Date: Wed Jun 27 03:12:10 2007 Subject: Postfix Address Verification In-Reply-To: <1182844619.26893.2.camel@gblades-suse.linguaphone-intranet.co.uk> References: <1182844619.26893.2.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <4681C794.7000207@rheelweb.co.nz> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070627/9e10b7b6/attachment.html From wendiw at itasoftware.com Wed Jun 27 03:26:06 2007 From: wendiw at itasoftware.com (Wendi Whitsett) Date: Wed Jun 27 03:26:13 2007 Subject: Beta release 4.61.4 In-Reply-To: <46816025.6040004@ecs.soton.ac.uk> References: <468155B8.90308@pixelhammer.com> <41df80bd69f8a360453f7eff1f6ae757@62.49.223.244> <46816025.6040004@ecs.soton.ac.uk> Message-ID: <4681CABE.30904@itasoftware.com> Thanks list. excellent suggestions all... Wendi Whitsett Sr Systems Engineer ITA Software wendiw@itasoftware.com 617.714.2193 Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Quite possibly. Can you see any way around this problem? > > - --[ UxBoD ]-- wrote: > >> Another question :) If you were to send a email to a mailing list, like >> this one, could a spammer extract the watermark and spoof the to and from >> address to bypass MailScanner ? >> >> On Tue, 26 Jun 2007 14:06:48 -0400, DAve wrote: >> >> >>> Daniel Maher wrote: >>> >>> >>>>> 4 Added new feature (thanks to Matt Hampton for this) to skip the spam >>>>> checks >>>>> on a message if it is a reply to one of your own messages. This is >>>>> known as >>>>> "watermarking" a message. There are 4 new configuration settings: >>>>> Add Watermark = yes >>>>> Skip Spam Checks If Watermark Valid = yes >>>>> Watermark Secret = SOMETHING-SECRET! >>>>> Watermark Lifetime = 2419200 # = 4 weeks >>>>> >>>>> >>>> Does this result in the addition of a header or something? Is there >>>> >>>> >>> detailed technical documentation available for this new feature? >>> >>> The big question is the LifeTime. Is MailScanner caching the watermark? >>> IF so can that cache be shared? We have multiple incoming MS servers, >>> and multiple outgoing SMTP servers. >>> >>> If possible I am sure we can Ruby something up to add the watermark on >>> the outbound servers and pass that information to the MXs. >>> >>> DAve >>> >>> >>> >>>> -- >>>> _ >>>> ?v? Daniel Maher >>>> /(_)\ Administrateur Syst?me Unix >>>> ^ ^ Unix System Administrator >>>> >>>> "The most incomprehensible thing about the world is that it is >>>> >>>> >>> comprehensible." -- Albert Einstein. >>> >>> >>> -- >>> Three years now I've asked Google why they don't have a >>> logo change for Memorial Day. Why do they choose to do logos >>> for other non-international holidays, but nothing for >>> Veterans? >>> >>> Maybe they forgot who made that choice possible. >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> -- >>> This message has been scanned for viruses and dangerous content by >>> MailScanner, and is >>> believed to be clean. >>> >>> > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.2 (Build 2014) > Charset: UTF-8 > > wj8DBQFGgWAnEfZZRxQVtlQRAoaXAKCFJGH05XzWPOisIIJbzMDI93R+6wCfUKpZ > MNsVDuaq7B4WvueOwWD2oD4= > =79kM > -----END PGP SIGNATURE----- > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3257 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070626/fcb3c299/smime.bin From drew at technologytiger.net Wed Jun 27 08:03:39 2007 From: drew at technologytiger.net (Drew Marshall) Date: Wed Jun 27 08:03:47 2007 Subject: Postfix Address Verification In-Reply-To: <4681C794.7000207@rheelweb.co.nz> References: <1182844619.26893.2.camel@gblades-suse.linguaphone-intranet.co.uk> <4681C794.7000207@rheelweb.co.nz> Message-ID: <33B7C3D4-C7BB-4FE8-AD69-4802CA37F31B@technologytiger.net> On 27 Jun 2007, at 03:12, Seamus Allan wrote: > Gareth wrote: >> See >> http://www.mailscanner.info/wiki/doku.php? >> id=documentation:configuration:mta:postfix:how_to:reject_non_existent >> _users >> Thats what I do and it works very well. >> >> Just make sure Exchange is configured to reject mail to unknown >> recipients. If you cant do that then there are other ways such as >> using >> LDAP to regularly pull out a list of valid addresses from exchange, >> >> On Mon, 2007-06-25 at 23:24, Jody Cleveland wrote: >> >>> Hello, >>> >>> I've got a RedHat 5 server with Postfix and MailScanner. This >>> server checks >>> all incoming mail and then forwards it on to an Exchange server. >>> I'm looking >>> for a way to verify recipients without touching active directory. >>> Will >>> either of these work at all? >>> >>> smtpd_recipient_restrictions = reject_unauth_destination >>> smtpd_recipient_restrictions = reject_unverified_recipient >>> >>> - jody >>> >> > I am curious about this; it seems to make very good sense to do > this (and will in fact cut down the number of bounces created by my > mail gateway MailScanner machine), but I wonder how much more work > has to be done by Postfix to accomplish this. It's a lot less than trying to keep running the mail queue that's full of undeliverable bounce notifications. Reject unknown recipients at SMTP stage will mean that you don't have to use your bandwidth to download the full message, process it through MailScanner & SpamAssassin, deliver or attempt to deliver somewhere else, create the bounce notification and attempt to deliver this bounce using your bandwidth. If it's not deliverable then keep retrying for x number of days and re-examining the message in the queue to work out when it must keep trying. In comparison any form of db look up from hashed file to SQL or LDAP is really cheap. Couple that with one or two other tricks such at proxying for SQL for example (To retain connections) and you really have very little overhead at all. In fact there are other checks that are more work, such as RBL look ups that are much more work. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by the Technology Tiger MailScanner. Further information can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070627/d4cbc623/attachment.html From uxbod at splatnix.net Wed Jun 27 08:46:32 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Wed Jun 27 08:46:37 2007 Subject: Beta release 4.61.4 In-Reply-To: <4681A4CA.7080300@fsl.com> References: <4681A4CA.7080300@fsl.com> Message-ID: On Wed, 27 Jun 2007 00:44:10 +0100, Steve Freegard wrote: > Steven Andrews wrote: >> It's not the concept of the watermarking, but the hash method that's the > issue here? If so, let's just come up with a better way to create the > hash... > > No - I'm afraid it is the actual concept of e-mail watermarking and how > it is implemented. There is a US patent pending on this currently. > > Kind regards, > Steve. > > -- > Steve Freegard > Development Director > Fort Systems Ltd. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is > believed to be clean. -- Hi Steve, What is the patent number ? Regards. --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Wed Jun 27 09:01:58 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Jun 27 09:02:00 2007 Subject: Postfix Address Verification In-Reply-To: <33B7C3D4-C7BB-4FE8-AD69-4802CA37F31B@technologytiger.net> References: <1182844619.26893.2.camel@gblades-suse.linguaphone-intranet.co.uk> <4681C794.7000207@rheelweb.co.nz> <33B7C3D4-C7BB-4FE8-AD69-4802CA37F31B@technologytiger.net> Message-ID: <223f97700706270101q16e71ce1j834c06a6a442d934@mail.gmail.com> On 27/06/07, Drew Marshall wrote: > > On 27 Jun 2007, at 03:12, Seamus Allan wrote: > > Gareth wrote: > See > http://www.mailscanner.info/wiki/doku.php?id=documentation:configuration:mta:postfix:how_to:reject_non_existent_users > Thats what I do and it works very well. > > Just make sure Exchange is configured to reject mail to unknown > recipients. If you cant do that then there are other ways such as using > LDAP to regularly pull out a list of valid addresses from exchange, > > On Mon, 2007-06-25 at 23:24, Jody Cleveland wrote: > > > Hello, > > I've got a RedHat 5 server with Postfix and MailScanner. This server checks > all incoming mail and then forwards it on to an Exchange server. I'm looking > for a way to verify recipients without touching active directory. Will > either of these work at all? > > smtpd_recipient_restrictions = reject_unauth_destination > smtpd_recipient_restrictions = reject_unverified_recipient > > - jody > > > I am curious about this; it seems to make very good sense to do this (and > will in fact cut down the number of bounces created by my mail gateway > MailScanner machine), but I wonder how much more work has to be done by > Postfix to accomplish this. > > It's a lot less than trying to keep running the mail queue that's full of > undeliverable bounce notifications. Reject unknown recipients at SMTP stage > will mean that you don't have to use your bandwidth to download the full > message, process it through MailScanner & SpamAssassin, deliver or attempt > to deliver somewhere else, create the bounce notification and attempt to > deliver this bounce using your bandwidth. If it's not deliverable then keep > retrying for x number of days and re-examining the message in the queue to > work out when it must keep trying. > > In comparison any form of db look up from hashed file to SQL or LDAP is > really cheap. Couple that with one or two other tricks such at proxying for > SQL for example (To retain connections) and you really have very little > overhead at all. In fact there are other checks that are more work, such as > RBL look ups that are much more work. > > Drew (Chiming in with Drew here:) Not to mention that you will remove yourself from being a potential "spam reflector" (NDN-spam thing)... And cut down on the risk of being blacklisted (when one of your bounces hit a honeypot for one of the more agressive BLs)... Small downside with recipient verification is that your address-base might get mapped out, but... that is worth it, compared to the alternative. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martinh at solidstatelogic.com Wed Jun 27 09:34:25 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jun 27 09:34:40 2007 Subject: Beta release 4.61.4 In-Reply-To: <46814CCC.3000701@ecs.soton.ac.uk> Message-ID: <5767303852043c40b224d2804990113e@solidstatelogic.com> Jules WRT the watermarking feature....didn't some clever sod at some conference suggest malware/spam replies to existing emails in order to make it through whitelists etc? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 26 June 2007 18:29 > To: MailScanner discussion; MailScanner beta testers > Subject: Beta release 4.61.4 > 4 Added new feature (thanks to Matt Hampton for this) to skip the spam > checks > on a message if it is a reply to one of your own messages. This is > known as > "watermarking" a message. There are 4 new configuration settings: > Add Watermark = yes > Skip Spam Checks If Watermark Valid = yes > Watermark Secret = SOMETHING-SECRET! > Watermark Lifetime = 2419200 # = 4 weeks ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From uxbod at splatnix.net Wed Jun 27 10:20:00 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Wed Jun 27 10:20:53 2007 Subject: Beta release 4.61.4 In-Reply-To: <5767303852043c40b224d2804990113e@solidstatelogic.com> References: <5767303852043c40b224d2804990113e@solidstatelogic.com> Message-ID: <814c51f82cfe3e9047bd8c78cc5fa971@62.49.223.244> Martin, This is a similar theory to the one I posted last night about avoiding the watermark. Dependant on how the hash is constructed it would be fairly easy to construct a SPAM email using a current watermark. If spammers trawl through mailling lists then they could potentially harvest any emails using watermarks, and the more they get especially from the same source, could even look at reverse engineering the hash itself. I think the functionality is great and would be a great additional defence against the continued struggle again SPAM. I would be very interested to read pending patent once I know the number :) Cheers, On Wed, 27 Jun 2007 09:34:25 +0100, "Martin.Hepworth" wrote: > Jules > > WRT the watermarking feature....didn't some clever sod at some > conference suggest malware/spam replies to existing emails in order to > make it through whitelists etc? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Julian Field >> Sent: 26 June 2007 18:29 >> To: MailScanner discussion; MailScanner beta testers >> Subject: Beta release 4.61.4 >> > 4 Added new feature (thanks to Matt Hampton for this) to skip the > spam >> checks >> on a message if it is a reply to one of your own messages. This is >> known as >> "watermarking" a message. There are 4 new configuration settings: >> Add Watermark = yes >> Skip Spam Checks If Watermark Valid = yes >> Watermark Secret = SOMETHING-SECRET! >> Watermark Lifetime = 2419200 # = 4 weeks > > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From k.joch at kmjeuro.com Wed Jun 27 12:32:58 2007 From: k.joch at kmjeuro.com (Karl M. Joch) Date: Wed Jun 27 12:33:06 2007 Subject: AW: AW: Mailscanner Taking to long to Process Incoming Email In-Reply-To: <46802288.1050501@ecs.soton.ac.uk> Message-ID: Dear Jules, i was not awaiting support for that, just wanted to get rid of the error messages if possible. Already had a quick solution with renaming and changing some stuff to get the load down. Bad side was, that this hasnt happend during test of the CLamAV 0.90 version. It comes up later, when everything already was rolled out. At least it helps for a short time now. I tried 4.61.3 on 2 servers now and they handled about 25000 mails without any problems. Load with direct clamd support is down to normal and it looks like there are no more problems with ClamAV. Daemon hasnt died till now and I installed clamdmon to check/restart if that would happen. Rollout should be pretty easy, because there was no additional modules needed when updating from 4.57.6 to 4.61.3. Best regards, Karl > -----Urspr?ngliche Nachricht----- > Von: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] Im > Auftrag von Julian Field > Gesendet: Montag, 25. Juni 2007 22:16 > An: MailScanner discussion > Betreff: Re: AW: Mailscanner Taking to long to Process Incoming Email > > > > Karl M. Joch wrote: > > > > > > -----Urspr?ngliche Nachricht----- > Von: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] Im > Auftrag von Koopmann, Jan-Peter > Gesendet: Montag, 25. Juni 2007 08:28 > An: MailScanner discussion > Betreff: RE: Mailscanner Taking to long to > Process Incoming Email > > > > had the same on about 200 servers. > changed a few ones for testing to > clamdscan and cpu usage gone done to > normal. looks like loading the > clamav database over end over with each > task was too much. but the > original included clamav-wrapper is not > really good for clamdscan. i > have lot of errors in the syslog and > looks like there are other > > > changed > > > needed too. anybody have a good script > for clamdscan on freebsd and > also > a way to get the -r out of the call of > the wrapper script? > > > I am currently running clamd-wrapper without > any issues. What are the > problems you are seeing? Moreover if my > understanding is correct, the > newest MailScanner will talk to clamd directly > so no more needs for > clam*-wrapper. > > > > > > i get the following: > > Jun 25 20:20:27 sv07e MailScanner[60923]: Virus and > Content Scanning: > Starting > Jun 25 20:20:27 sv07e MailScanner[60923]: WARNING: > Ignoring option > --tempdir > Jun 25 20:20:27 sv07e MailScanner[60923]: WARNING: > Ignoring option > --recursive (-r) > Jun 25 20:20:27 sv07e MailScanner[60923]: WARNING: > Ignoring option > --unrar > > where tempdir is set in clamav-wrapper and i think is > to be removed for > clamdscan. but the -r and --unrar i havnt found. but > all other things is > running smoothly with clamdscan. this one makes about > 80000 mails a day > and had not problems with scanning, using clamdscan > since a few days. > > running 4.57.6 with sendmail and clamav on FreeBSD 5.5 and 6.2 > > > You can't just rename clamscan to clamdscan in clamav-wrapper > and think everything is going to work. It's a bit more > complicated than that. If you want clamd support then > download and install 4.61.3. > > I certainly do *NOT* support simply changing clamscan to > clamdscan, so don't expect any help from me. > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > From dyioulos at firstbhph.com Wed Jun 27 13:11:31 2007 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Wed Jun 27 13:11:46 2007 Subject: Clamd directives Message-ID: <200706270811.35184.dyioulos@firstbhph.com> Good day, all. I'm running MS 4.60.8 on a CentOS 3.8 box. I'm also running clamav-0.90.3, which I compile from source. Previously, I had been using clamavmodule with MS, but moved to using clamd. As per a previous post, I added the following directives to my MailScanner.conf file: Clamd Port = 3310 Clamd Socket = /tmp/clamd Clamd Lock File = /var/lock/subsys/clamd Clamd Use Threads = no However, now I'm getting the following errors: Syntax error(s) in configuration file: : 30 Time(s) syntax errors in /etc/MailScanner/MailScanner.conf. : 30 Time(s) Unrecognised keyword "clamdsocket" at line 698 : 30 Time(s) Unrecognised keyword "clamdlockfile" at line 699 : 30 Time(s) Unrecognised keyword "clamdport" at line 697 : 30 Time(s) Unrecognised keyword "clamdusethreads" at line 700 : 30 Time(s) I didn't find any explanation of these directives in the conf file. The use of clamd is supported in 4.60.8, right? If so, can anyone suggest how I can fix this, or perhaps some doc on the subject? As always, thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From sandrews at andrewscompanies.com Wed Jun 27 13:14:10 2007 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Wed Jun 27 13:14:19 2007 Subject: OT: Anyone using mailwatch and clamav latest? In-Reply-To: References: <46802288.1050501@ecs.soton.ac.uk> Message-ID: <1964AAFBC212F742958F9275BF63DBB04B0D5B@winchester.andrewscompanies.com> Under clamav 093, the check ClamAV status worked, now that I've loaded the latest beta clamav to get rid of the slow load times, that page is now blank. Before I had just used Jules' auto clam and sa installer and of course everything just worked. Anyone else seeing this? Steve From glenn.steen at gmail.com Wed Jun 27 13:23:33 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Jun 27 13:23:34 2007 Subject: OT: Anyone using mailwatch and clamav latest? In-Reply-To: <1964AAFBC212F742958F9275BF63DBB04B0D5B@winchester.andrewscompanies.com> References: <46802288.1050501@ecs.soton.ac.uk> <1964AAFBC212F742958F9275BF63DBB04B0D5B@winchester.andrewscompanies.com> Message-ID: <223f97700706270523m59df33d1v4ff84bba77c033c1@mail.gmail.com> On 27/06/07, Steven Andrews wrote: > Under clamav 093, the check ClamAV status worked, now that I've loaded > the latest beta clamav to get rid of the slow load times, that page is > now blank. Before I had just used Jules' auto clam and sa installer and > of course everything just worked. > > Anyone else seeing this? > > Steve Probably something rather cosmetic in nature... What does clamscan -V and (if that results in an error) clamscan --version yield? If the first generate an error, change the line to in clamav_status.php ... If that isn't it, well... did they change the result a bit, so that the awk scriptlet fails? (perhaps not using "/" as field separator anymore?)... In that case, one would have to ... accomodate that. BTW, why not post this to the mailwatch list instead? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mailscanner at slackadelic.com Wed Jun 27 13:45:40 2007 From: mailscanner at slackadelic.com (Matt Hayes) Date: Wed Jun 27 13:45:52 2007 Subject: OT: Anyone using mailwatch and clamav latest? In-Reply-To: <1964AAFBC212F742958F9275BF63DBB04B0D5B@winchester.andrewscompanies.com> References: <46802288.1050501@ecs.soton.ac.uk> <1964AAFBC212F742958F9275BF63DBB04B0D5B@winchester.andrewscompanies.com> Message-ID: <46825BF4.40504@slackadelic.com> Steven Andrews wrote: > Under clamav 093, the check ClamAV status worked, now that I've loaded > the latest beta clamav to get rid of the slow load times, that page is > now blank. Before I had just used Jules' auto clam and sa installer and > of course everything just worked. > > Anyone else seeing this? > > Steve Check your virus.scanners.conf specifically: clamav /opt/MailScanner/lib/clamav-wrapper /usr Make sure that the last line reflects the install $PREFIX of your clamav installation. -Matt From rcooper at dwford.com Wed Jun 27 13:59:35 2007 From: rcooper at dwford.com (Rick Cooper) Date: Wed Jun 27 13:59:39 2007 Subject: Clamd directives In-Reply-To: <200706270811.35184.dyioulos@firstbhph.com> References: <200706270811.35184.dyioulos@firstbhph.com> Message-ID: <053b01c7b8bb$039a2fa0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Dimitri Yioulos > Sent: Wednesday, June 27, 2007 8:12 AM > To: MailScanner discussion > Subject: Clamd directives > > Good day, all. > > I'm running MS 4.60.8 on a CentOS 3.8 box. I'm also running > clamav-0.90.3, > which I compile from source. Previously, I had been using > clamavmodule with > MS, but moved to using clamd. As per a previous post, I > added the following > directives to my MailScanner.conf file: > > Clamd Port = 3310 > Clamd Socket = /tmp/clamd > Clamd Lock File = /var/lock/subsys/clamd > Clamd Use Threads = no > > However, now I'm getting the following errors: > > Syntax error(s) in configuration file: : 30 Time(s) > syntax errors in /etc/MailScanner/MailScanner.conf. : 30 Time(s) > Unrecognised keyword "clamdsocket" at line 698 : 30 Time(s) > Unrecognised keyword "clamdlockfile" at line 699 : 30 Time(s) > Unrecognised keyword "clamdport" at line 697 : 30 Time(s) > Unrecognised keyword "clamdusethreads" at line 700 : 30 Time(s) > > I didn't find any explanation of these directives in the > conf file. The use > of clamd is supported in 4.60.8, right? If so, can anyone > suggest how I can > fix this, or perhaps some doc on the subject? > No, you need to move to the latest beta (or previous beta) or wait for next release. That is why those directives did not already exist within your new MailScanner.conf Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From nerijusb at dtiltas.lt Wed Jun 27 13:59:55 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Wed Jun 27 14:00:07 2007 Subject: Clamd directives In-Reply-To: <200706270811.35184.dyioulos@firstbhph.com> References: <200706270811.35184.dyioulos@firstbhph.com> Message-ID: <20070627125907.3ACB91224AD@mx-b.vdnet.lt> On Wed, 27 Jun 2007 08:11:31 -0400 Dimitri Yioulos wrote: > I didn't find any explanation of these directives in the conf file. The use > of clamd is supported in 4.60.8, right? No, it's for 4.61.x. Regards, Nerijus From carl at theholidayclub.com Wed Jun 27 14:03:57 2007 From: carl at theholidayclub.com (Carl Werner) Date: Wed Jun 27 14:04:51 2007 Subject: Clamd directives In-Reply-To: <200706270811.35184.dyioulos@firstbhph.com> References: <200706270811.35184.dyioulos@firstbhph.com> Message-ID: Hi, As far as I understand clamd support is only from 4.61-5 beta Regards Carl -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dimitri Yioulos Sent: 27 June 2007 02:12 PM To: MailScanner discussion Subject: Clamd directives Good day, all. I'm running MS 4.60.8 on a CentOS 3.8 box. I'm also running clamav-0.90.3, which I compile from source. Previously, I had been using clamavmodule with MS, but moved to using clamd. As per a previous post, I added the following directives to my MailScanner.conf file: Clamd Port = 3310 Clamd Socket = /tmp/clamd Clamd Lock File = /var/lock/subsys/clamd Clamd Use Threads = no However, now I'm getting the following errors: Syntax error(s) in configuration file: : 30 Time(s) syntax errors in /etc/MailScanner/MailScanner.conf. : 30 Time(s) Unrecognised keyword "clamdsocket" at line 698 : 30 Time(s) Unrecognised keyword "clamdlockfile" at line 699 : 30 Time(s) Unrecognised keyword "clamdport" at line 697 : 30 Time(s) Unrecognised keyword "clamdusethreads" at line 700 : 30 Time(s) I didn't find any explanation of these directives in the conf file. The use of clamd is supported in 4.60.8, right? If so, can anyone suggest how I can fix this, or perhaps some doc on the subject? As always, thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ka at pacific.net Wed Jun 27 14:31:48 2007 From: ka at pacific.net (Ken A) Date: Wed Jun 27 14:31:51 2007 Subject: Beta release 4.61.4 In-Reply-To: <4681A4CA.7080300@fsl.com> References: <46816025.6040004@ecs.soton.ac.uk> <4681817C.9080804@ecs.soton.ac.uk> <1964AAFBC212F742958F9275BF63DBB04B0D54@winchester.andrewscompanies.com> <4681A4CA.7080300@fsl.com> Message-ID: <468266C4.6050906@pacific.net> Steve Freegard wrote: > Steven Andrews wrote: >> It's not the concept of the watermarking, but the hash method that's >> the issue here? If so, let's just come up with a better way to create >> the hash... > > No - I'm afraid it is the actual concept of e-mail watermarking and how > it is implemented. There is a US patent pending on this currently. > > Kind regards, > Steve. > > -- > Steve Freegard > Development Director > Fort Systems Ltd. Might this affect similar schemes like milter-null? I was going to ask if Julian's watermark could be used to detect backscatter, but since it's gone from the code... :-( -- Ken Anderson Pacific.Net From beatinger at edenhosting.net Wed Jun 27 14:33:15 2007 From: beatinger at edenhosting.net (Bjorgen T. Eatinger) Date: Wed Jun 27 14:33:00 2007 Subject: Install Problems With Last 2 Versions Message-ID: Starting with version 4.60, I am seeing a lot of build errors during installation where I didn't use to, including exits due to too many errors here and there (couldn't catch those). Conflict errors are occurring where I didn't see that type of issue before (see the following): Do not worry too much about errors from the next command. It is quite likely that some of the Perl modules are already installed on your system. The important ones are HTML-Parser and MIME-tools. Preparing... ########################################### [100%] file /usr/lib/perl5/5.8.0/i386-linux-thread-multi/auto/List/Util/Util.so from install of perl-Scalar-List-Utils-1.19-1 conflicts with file from package perl-5.8.0-88.3 file /usr/share/man/man3/List::Util.3pm.gz from install of perl-Scalar-List-Utils-1.19-1 conflicts with file from package perl-5.8.0-88.3 file /usr/share/man/man3/Scalar::Util.3pm.gz from install of perl-Scalar-List-Utils-1.19-1 conflicts with file from package perl-5.8.0-88.3 Also, what does this mean: t/zvp_13taint.............skipped all skipped: Taint attributes not supported with DBI::PurePerl We have been using MailScanner for about 4 years and have never seen these issues before. Any ideas? Thank you, Bjorgen -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070627/ed00f30d/attachment.html From prandal at herefordshire.gov.uk Wed Jun 27 14:48:10 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Jun 27 14:48:22 2007 Subject: Anyone using mailwatch and clamav latest? In-Reply-To: <1964AAFBC212F742958F9275BF63DBB04B0D5B@winchester.andrewscompanies.com> References: <46802288.1050501@ecs.soton.ac.uk> <1964AAFBC212F742958F9275BF63DBB04B0D5B@winchester.andrewscompanies.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAF79B5C@HC-MBX02.herefordshire.gov.uk> Works for me: ClamAV Status Version: ClamAV 0.91rc2 Virus Identities: 3541 Database Timestamp: Wed Jun 27 13:44:24 2007 I installed ClamAV 0.91rc2 by dropping the ClamAV tarball into the perl-tar subdirectory of Julian's install-Clam-SA and editing install.sh to use the appropriate ClamAV version. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Steven Andrews > Sent: 27 June 2007 13:14 > To: MailScanner discussion > Subject: OT: Anyone using mailwatch and clamav latest? > > Under clamav 093, the check ClamAV status worked, now that I've loaded > the latest beta clamav to get rid of the slow load times, that page is > now blank. Before I had just used Jules' auto clam and sa > installer and > of course everything just worked. > > Anyone else seeing this? > > Steve > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From sandrews at andrewscompanies.com Wed Jun 27 15:21:23 2007 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Wed Jun 27 15:21:36 2007 Subject: Anyone using mailwatch and clamav latest? In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBAF79B5C@HC-MBX02.herefordshire.gov.uk> References: <46802288.1050501@ecs.soton.ac.uk><1964AAFBC212F742958F9275BF63DBB04B0D5B@winchester.andrewscompanies.com> <7EF0EE5CB3B263488C8C18823239BEBAF79B5C@HC-MBX02.herefordshire.gov.uk> Message-ID: <1964AAFBC212F742958F9275BF63DBB04B0D61@winchester.andrewscompanies.com> Thanks Phil. When you did this, and Julian asks if you was it to install clamav for you, what's the appropriate answer; assuming you want to use clamavmodule? Thanks, Steve -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal, Phil Sent: Wednesday, June 27, 2007 9:48 AM To: MailScanner discussion Subject: RE: Anyone using mailwatch and clamav latest? Works for me: ClamAV Status Version: ClamAV 0.91rc2 Virus Identities: 3541 Database Timestamp: Wed Jun 27 13:44:24 2007 I installed ClamAV 0.91rc2 by dropping the ClamAV tarball into the perl-tar subdirectory of Julian's install-Clam-SA and editing install.sh to use the appropriate ClamAV version. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Steven Andrews > Sent: 27 June 2007 13:14 > To: MailScanner discussion > Subject: OT: Anyone using mailwatch and clamav latest? > > Under clamav 093, the check ClamAV status worked, now that I've loaded > the latest beta clamav to get rid of the slow load times, that page is > now blank. Before I had just used Jules' auto clam and sa installer > and of course everything just worked. > > Anyone else seeing this? > > Steve > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From nerijusb at dtiltas.lt Wed Jun 27 15:23:08 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Wed Jun 27 15:23:25 2007 Subject: Clamd directives In-Reply-To: References: <200706270811.35184.dyioulos@firstbhph.com> Message-ID: <200706271423.l5RENNwg005057@safir.blacknight.ie> On Wed, 27 Jun 2007 15:03:57 +0200 Carl Werner wrote: > As far as I understand clamd support is only from 4.61-5 beta No, 4.60 supports clamd also, but differently and thus syntax is different. But I'd suggest to use 4.61. Regards, Nerijus From nerijusb at dtiltas.lt Wed Jun 27 15:25:31 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Wed Jun 27 15:25:41 2007 Subject: Install Problems With Last 2 Versions In-Reply-To: References: Message-ID: <200706271425.l5REPdOT005260@safir.blacknight.ie> On Wed, 27 Jun 2007 06:33:15 -0700 "Bjorgen T. Eatinger" wrote: > Starting with version 4.60, I am seeing a lot of build errors during > installation where I didn't use to, including exits due to too many > errors here and there (couldn't catch those). Conflict errors are > occurring where I didn't see that type of issue before (see the > following): > > Do not worry too much about errors from the next command. > It is quite likely that some of the Perl modules are > already installed on your system. > > The important ones are HTML-Parser and MIME-tools. > > Preparing... ########################################### > [100%] > file > /usr/lib/perl5/5.8.0/i386-linux-thread-multi/auto/List/Util/Util.so from > install of perl-Scalar-List-Utils-1.19-1 conflicts with file from > package perl-5.8.0-88.3 It just means that perl package already includes perl-Scalar-List-Utils. > We have been using MailScanner for about 4 years and have never seen > these issues before. > > Any ideas? Most probably you upgraded OS, or mailscanner version which has additional requirements. Regards, Nerijus From prandal at herefordshire.gov.uk Wed Jun 27 15:28:48 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Jun 27 15:29:00 2007 Subject: Anyone using mailwatch and clamav latest? In-Reply-To: <1964AAFBC212F742958F9275BF63DBB04B0D61@winchester.andrewscompanies.com> References: <46802288.1050501@ecs.soton.ac.uk><1964AAFBC212F742958F9275BF63DBB04B0D5B@winchester.andrewscompanies.com><7EF0EE5CB3B263488C8C18823239BEBAF79B5C@HC-MBX02.herefordshire.gov.uk> <1964AAFBC212F742958F9275BF63DBB04B0D61@winchester.andrewscompanies.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBAF79B83@HC-MBX02.herefordshire.gov.uk> I've always installed ClamAV from Julian's Clam-SA tarball, so it was easiest to drop in 0.91rc2 into that environment to install it. And yes, I use ClamavModule here. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Steven Andrews > Sent: 27 June 2007 15:21 > To: MailScanner discussion > Subject: RE: Anyone using mailwatch and clamav latest? > > Thanks Phil. When you did this, and Julian asks if you was it to > install clamav for you, what's the appropriate answer; > assuming you want > to use clamavmodule? > > Thanks, > > Steve > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Randal, > Phil > Sent: Wednesday, June 27, 2007 9:48 AM > To: MailScanner discussion > Subject: RE: Anyone using mailwatch and clamav latest? > > Works for me: > > ClamAV Status > Version: ClamAV 0.91rc2 > Virus Identities: 3541 > Database Timestamp: Wed Jun 27 13:44:24 2007 > > I installed ClamAV 0.91rc2 by dropping the ClamAV tarball into the > perl-tar subdirectory of Julian's install-Clam-SA and editing > install.sh > to use the appropriate ClamAV version. > > Cheers, > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > Steven Andrews > > Sent: 27 June 2007 13:14 > > To: MailScanner discussion > > Subject: OT: Anyone using mailwatch and clamav latest? > > > > Under clamav 093, the check ClamAV status worked, now that > I've loaded > > > the latest beta clamav to get rid of the slow load times, > that page is > > > now blank. Before I had just used Jules' auto clam and sa > installer > > and of course everything just worked. > > > > Anyone else seeing this? > > > > Steve > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From sandrews at andrewscompanies.com Wed Jun 27 15:30:47 2007 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Wed Jun 27 15:30:50 2007 Subject: Anyone using mailwatch and clamav latest? In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBAF79B83@HC-MBX02.herefordshire.gov.uk> References: <46802288.1050501@ecs.soton.ac.uk><1964AAFBC212F742958F9275BF63DBB04B0D5B@winchester.andrewscompanies.com><7EF0EE5CB3B263488C8C18823239BEBAF79B5C@HC-MBX02.herefordshire.gov.uk><1964AAFBC212F742958F9275BF63DBB04B0D61@winchester.andrewscompanies.com> <7EF0EE5CB3B263488C8C18823239BEBAF79B83@HC-MBX02.herefordshire.gov.uk> Message-ID: <1964AAFBC212F742958F9275BF63DBB04B0D62@winchester.andrewscompanies.com> Perfect. Thanks. Worked like a champ. I only ask because I saw a post recently by Julian where he mentioned answering no to that question and it would install support for clamavmodule... Steve -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal, Phil Sent: Wednesday, June 27, 2007 10:29 AM To: MailScanner discussion Subject: RE: Anyone using mailwatch and clamav latest? I've always installed ClamAV from Julian's Clam-SA tarball, so it was easiest to drop in 0.91rc2 into that environment to install it. And yes, I use ClamavModule here. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Steven Andrews > Sent: 27 June 2007 15:21 > To: MailScanner discussion > Subject: RE: Anyone using mailwatch and clamav latest? > > Thanks Phil. When you did this, and Julian asks if you was it to > install clamav for you, what's the appropriate answer; assuming you > want to use clamavmodule? > > Thanks, > > Steve > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Randal, Phil > Sent: Wednesday, June 27, 2007 9:48 AM > To: MailScanner discussion > Subject: RE: Anyone using mailwatch and clamav latest? > > Works for me: > > ClamAV Status > Version: ClamAV 0.91rc2 > Virus Identities: 3541 > Database Timestamp: Wed Jun 27 13:44:24 2007 > > I installed ClamAV 0.91rc2 by dropping the ClamAV tarball into the > perl-tar subdirectory of Julian's install-Clam-SA and editing > install.sh to use the appropriate ClamAV version. > > Cheers, > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > Steven Andrews > > Sent: 27 June 2007 13:14 > > To: MailScanner discussion > > Subject: OT: Anyone using mailwatch and clamav latest? > > > > Under clamav 093, the check ClamAV status worked, now that > I've loaded > > > the latest beta clamav to get rid of the slow load times, > that page is > > > now blank. Before I had just used Jules' auto clam and sa > installer > > and of course everything just worked. > > > > Anyone else seeing this? > > > > Steve > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From dyioulos at firstbhph.com Wed Jun 27 15:43:58 2007 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Wed Jun 27 15:44:06 2007 Subject: Clamd directives In-Reply-To: <053b01c7b8bb$039a2fa0$0301a8c0@SAHOMELT> References: <200706270811.35184.dyioulos@firstbhph.com> <053b01c7b8bb$039a2fa0$0301a8c0@SAHOMELT> Message-ID: <200706271043.59922.dyioulos@firstbhph.com> On Wednesday 27 June 2007 8:59 am, Rick Cooper wrote: > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Dimitri Yioulos > > Sent: Wednesday, June 27, 2007 8:12 AM > > To: MailScanner discussion > > Subject: Clamd directives > > > > Good day, all. > > > > I'm running MS 4.60.8 on a CentOS 3.8 box. I'm also running > > clamav-0.90.3, > > which I compile from source. Previously, I had been using > > clamavmodule with > > MS, but moved to using clamd. As per a previous post, I > > added the following > > directives to my MailScanner.conf file: > > > > Clamd Port = 3310 > > Clamd Socket = /tmp/clamd > > Clamd Lock File = /var/lock/subsys/clamd > > Clamd Use Threads = no > > > > However, now I'm getting the following errors: > > > > Syntax error(s) in configuration file: : 30 Time(s) > > syntax errors in /etc/MailScanner/MailScanner.conf. : 30 Time(s) > > Unrecognised keyword "clamdsocket" at line 698 : 30 Time(s) > > Unrecognised keyword "clamdlockfile" at line 699 : 30 Time(s) > > Unrecognised keyword "clamdport" at line 697 : 30 Time(s) > > Unrecognised keyword "clamdusethreads" at line 700 : 30 Time(s) > > > > I didn't find any explanation of these directives in the > > conf file. The use > > of clamd is supported in 4.60.8, right? If so, can anyone > > suggest how I can > > fix this, or perhaps some doc on the subject? > > No, you need to move to the latest beta (or previous beta) or wait for next > release. That is why those directives did not already exist within your new > MailScanner.conf > > Rick > > > -- Thank you all. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Jun 27 16:10:31 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 27 16:14:23 2007 Subject: Install Problems With Last 2 Versions In-Reply-To: <200706271425.l5REPdOT005260@safir.blacknight.ie> References: <200706271425.l5REPdOT005260@safir.blacknight.ie> Message-ID: <46827DE7.702@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070627/56154084/PGP.bin From cleveland at winnefox.org Wed Jun 27 17:42:32 2007 From: cleveland at winnefox.org (Jody Cleveland) Date: Wed Jun 27 17:43:11 2007 Subject: Postfix Address Verification In-Reply-To: <1182844619.26893.2.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: On 6/26/07 2:57 AM, "Gareth" wrote: > See > http://www.mailscanner.info/wiki/doku.php?id=documentation:configuration:mta:p > ostfix:how_to:reject_non_existent_users > Thats what I do and it works very well. > > Just make sure Exchange is configured to reject mail to unknown > recipients. If you cant do that then there are other ways such as using > LDAP to regularly pull out a list of valid addresses from exchange, So, just so I'm clear, (we're using Exchange 2003) it will work if I add this (taken from the link you sent): 1) Confirm that master.cf contains the following line and add it if not: verify unix - - n - 1 verify 2) Add the following to main.cf In smtpd_recipient_restrictions add the following options: reject_unknown_recipient_domain, reject_unverified_recipient Then add the following options: unverified_recipient_reject_code = 550 address_verify_map = btree:/etc/postfix/verify 3) Restart postfix and test functionality The problem is, I need to be able to do this without using ldap, and I can't change any settings on the exchange server itself. (it's under someone else's control) - jody From list-mailscanner at linguaphone.com Wed Jun 27 17:50:15 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Jun 27 17:50:22 2007 Subject: Postfix Address Verification In-Reply-To: Message-ID: Yes that will work on the condition that the exchange server itself rejects mail to unknown recipients. If the exchange server accepts all mail for its domain and then emails out a non delivery mail for addresses that dont exist then it wont help you. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Jody > Cleveland > Sent: 27 June 2007 17:43 > To: MailScanner discussion > Subject: Re: Postfix Address Verification > > > > > > On 6/26/07 2:57 AM, "Gareth" wrote: > > > See > > > http://www.mailscanner.info/wiki/doku.php?id=documentation:configu ration:mta:p > ostfix:how_to:reject_non_existent_users > Thats what I do and it works very well. > > Just make sure Exchange is configured to reject mail to unknown > recipients. If you cant do that then there are other ways such as using > LDAP to regularly pull out a list of valid addresses from exchange, So, just so I'm clear, (we're using Exchange 2003) it will work if I add this (taken from the link you sent): 1) Confirm that master.cf contains the following line and add it if not: verify unix - - n - 1 verify 2) Add the following to main.cf In smtpd_recipient_restrictions add the following options: reject_unknown_recipient_domain, reject_unverified_recipient Then add the following options: unverified_recipient_reject_code = 550 address_verify_map = btree:/etc/postfix/verify 3) Restart postfix and test functionality The problem is, I need to be able to do this without using ldap, and I can't change any settings on the exchange server itself. (it's under someone else's control) - jody -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Wed Jun 27 17:52:11 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 27 18:19:34 2007 Subject: Anyone using mailwatch and clamav latest? In-Reply-To: <1964AAFBC212F742958F9275BF63DBB04B0D61@winchester.andrewscompanies.com> References: <46802288.1050501@ecs.soton.ac.uk><1964AAFBC212F742958F9275BF63DBB04B0D5B@winchester.andrewscompanies.com> <7EF0EE5CB3B263488C8C18823239BEBAF79B5C@HC-MBX02.herefordshire.gov.uk> <1964AAFBC212F742958F9275BF63DBB04B0D61@winchester.andrewscompanies.com> Message-ID: Steven Andrews spake the following on 6/27/2007 7:21 AM: > Thanks Phil. When you did this, and Julian asks if you was it to > install clamav for you, what's the appropriate answer; assuming you want > to use clamavmodule? > Yes -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Jun 27 17:55:52 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 27 18:21:38 2007 Subject: Postfix Address Verification In-Reply-To: References: <1182844619.26893.2.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: Jody Cleveland spake the following on 6/27/2007 9:42 AM: > > > On 6/26/07 2:57 AM, "Gareth" wrote: > >> See >> http://www.mailscanner.info/wiki/doku.php?id=documentation:configuration:mta:p >> ostfix:how_to:reject_non_existent_users >> Thats what I do and it works very well. >> >> Just make sure Exchange is configured to reject mail to unknown >> recipients. If you cant do that then there are other ways such as using >> LDAP to regularly pull out a list of valid addresses from exchange, > > So, just so I'm clear, (we're using Exchange 2003) it will work if I add > this (taken from the link you sent): > > 1) Confirm that master.cf contains the following line and add it if not: > > verify unix - - n - 1 verify > > 2) Add the following to main.cf > > In smtpd_recipient_restrictions add the following options: > > reject_unknown_recipient_domain, reject_unverified_recipient > > Then add the following options: > > unverified_recipient_reject_code = 550 > address_verify_map = btree:/etc/postfix/verify > > 3) Restart postfix and test functionality > > The problem is, I need to be able to do this without using ldap, and I can't > change any settings on the exchange server itself. (it's under someone > else's control) > > - jody > The Exchange server has to be set to only accept valid e-mail. I am not sure if it is a default setting. Looking at Microsofts track record of backward compatibility, it probably is not the default. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Jun 27 18:00:30 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jun 27 18:33:51 2007 Subject: Beta release 4.61.4 In-Reply-To: <20070627000908.1FB151224A5@mx-b.vdnet.lt> References: <46816025.6040004@ecs.soton.ac.uk> <4681817C.9080804@ecs.soton.ac.uk><1964AAFBC212F742958F9275BF63DBB04B0D54@winchester.andrewscompanies.com> <4681A4CA.7080300@fsl.com> <20070627000908.1FB151224A5@mx-b.vdnet.lt> Message-ID: Nerijus Baliunas spake the following on 6/26/2007 5:03 PM: > On Wed, 27 Jun 2007 00:44:10 +0100 Steve Freegard wrote: > >> No - I'm afraid it is the actual concept of e-mail watermarking and how >> it is implemented. There is a US patent pending on this currently. > > So until it is in a pending state is it possible to publish the code or not? > > Regards, > Nerijus I think the patent is from Fortress, part of its BarricadeMX product, so Julian probably won't do anything to interfere with the "paying" jobs. If Matt Hampton would have came up with this a few months ago, it might have been different. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ka at pacific.net Wed Jun 27 18:37:08 2007 From: ka at pacific.net (Ken A) Date: Wed Jun 27 18:37:11 2007 Subject: Beta release 4.61.4 In-Reply-To: References: <46816025.6040004@ecs.soton.ac.uk> <4681817C.9080804@ecs.soton.ac.uk><1964AAFBC212F742958F9275BF63DBB04B0D54@winchester.andrewscompanies.com> <4681A4CA.7080300@fsl.com> <20070627000908.1FB151224A5@mx-b.vdnet.lt> Message-ID: <4682A044.3050803@pacific.net> Scott Silva wrote: > Nerijus Baliunas spake the following on 6/26/2007 5:03 PM: >> On Wed, 27 Jun 2007 00:44:10 +0100 Steve Freegard wrote: >> >>> No - I'm afraid it is the actual concept of e-mail watermarking and how >>> it is implemented. There is a US patent pending on this currently. >> So until it is in a pending state is it possible to publish the code or not? >> >> Regards, >> Nerijus > > I think the patent is from Fortress, part of its BarricadeMX product, so > Julian probably won't do anything to interfere with the "paying" jobs. > If Matt Hampton would have came up with this a few months ago, it might have > been different. ah, then disregard my question about milter-null as well. ;-) -- Ken Anderson Pacific.Net From Richard.Frovarp at sendit.nodak.edu Wed Jun 27 18:57:02 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Wed Jun 27 18:57:06 2007 Subject: Beta release 4.61.4 In-Reply-To: <20070627000908.1FB151224A5@mx-b.vdnet.lt> References: <46816025.6040004@ecs.soton.ac.uk> <4681817C.9080804@ecs.soton.ac.uk><1964AAFBC212F742958F9275BF63DBB04B0D54@winchester.andrewscompanies.com> <4681A4CA.7080300@fsl.com> <20070627000908.1FB151224A5@mx-b.vdnet.lt> Message-ID: <4682A4EE.7030007@sendit.nodak.edu> Nerijus Baliunas wrote: > On Wed, 27 Jun 2007 00:44:10 +0100 Steve Freegard wrote: > > >> No - I'm afraid it is the actual concept of e-mail watermarking and how >> it is implemented. There is a US patent pending on this currently. >> > > So until it is in a pending state is it possible to publish the code or not? > > Regards, > Nerijus > I believe that once a patent is in a pending state, it offers full protection. This is why you see physical objects with patent pending number on them in the market. Nothing would be out in market as patent pending if it didn't enjoy some sort of protection. Richard From FStein at thehill.org Wed Jun 27 18:55:03 2007 From: FStein at thehill.org (Stein, Mr. Fred) Date: Wed Jun 27 19:00:20 2007 Subject: Beta release 4.61.4 In-Reply-To: <46814CCC.3000701@ecs.soton.ac.uk> References: <46814CCC.3000701@ecs.soton.ac.uk> Message-ID: -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Tuesday, June 26, 2007 1:29 PM To: MailScanner discussion; MailScanner beta testers Subject: Beta release 4.61.4 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just released the latest beta version, 4.61.4. *Please* test this new release if you use Postfix or if you are interested in the new watermarking feature. The main new points in this beta are: - - New feature: "watermarking" so that you can guarantee that replies to your email messages will not be caught by any of the spam traps. - - Bug fix: rare Postfix header milter support problem. - - Improvement: much easier to get binary attachment searching working with MCP. Download as usual from www.mailscanner.info. The full Change Log so far is this: * New Features and Improvements * 1 Direct support for the "clamd" virus scanner -- now talks directly to the clamd daemon without any overhead of calling clamd-wrapper or clamdscan. As a result, this should be faster than the previous clamd support. It also has a much smaller memory footprint than the "clamavmodule" scanner. This is all thanks to Rick Cooper who wrote the original code. New configuration options are - Clamd Port = 3310 - Clamd Socket = /tmp/clamd - Clamd Lock File = /var/lock/subsys/clamd - Clamd Use Threads = no The use of these settings is explained in the MailScanner.conf file. 2 Changed session handling in direct clamd virus scanner support. 3 'MailScanner --lint' now finds clamd virus scanner. 3 Made clamd subsys lock file blank by default, so it works on non-Linux systems. 3 Added another example to the Allowed Sophos Error Messages setting for password-protected files. 4 Renamed "sa-update" command and cron job to "update_spamassassin". 4 Added ability to easily disable update_virus_scanners script. 4 Added conditional call to sa-compile to update_spamassassin cron job. 4 Added to $PATH in update_phishing_sites for Solaris 10 locations. 4 Added new feature (thanks to Matt Hampton for this) to skip the spam checks on a message if it is a reply to one of your own messages. This is known as "watermarking" a message. There are 4 new configuration settings: Add Watermark = yes Skip Spam Checks If Watermark Valid = yes Watermark Secret = SOMETHING-SECRET! Watermark Lifetime = 2419200 # = 4 weeks * Fixes * 2 Fixed bug in auto-zip feature with a message containing 2 attachments with the same filename. 2 Fixed bug in auto-zip feature that would allow zipping of an attachment which had been cleaned out of the message. 3 Fixed "identified/found" bug in AVG parser. 3 Fixed bugs in Panda and AVG parsers courtesy of Rick Cooper. 3 Fixed bug in Postfix handler which caused a problem with empty messages. 4 Fixed bug in SuSE init.d script stopping MailScanner reload working properly. 4 Changed method for getting MCP to decode binary attachments (the interesting ones have "application" in their MIME type). New patch for SpamAssassin 3.2.1 Util.pm required now. No other SpamAssassin patches required at all. 4 Added definition of "noticesizeinfected" to languages.conf. 4 Added speedup (courtesy of Glenn Steen) to the new Postfix milter support. 4 Fixed rare bug in Postfix milter header support (from Glenn Steen). Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFGgU1ZEfZZRxQVtlQRAsekAKC69NleCF1go7JOyBlPzCXjz4DkNQCbBPfj OUeuAoC7cLCTgLyUUGa5FtM= =29IF -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Postfix 2.43 Clamavmodule Bitdefender f-prot The speed of the batches in 4.61.5 appear to have gotten faster again. Fred From glenn.steen at gmail.com Wed Jun 27 19:43:46 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Jun 27 19:43:48 2007 Subject: Beta release 4.61.4 In-Reply-To: References: <46814CCC.3000701@ecs.soton.ac.uk> Message-ID: <223f97700706271143u2602c5a8r2c60097b5fba456f@mail.gmail.com> On 27/06/07, Stein, Mr. Fred wrote: (snip) > Postfix 2.43 > Clamavmodule > Bitdefender > f-prot > > The speed of the batches in 4.61.5 appear to have gotten faster again. > > Fred As intended. A thing to note though is that when/if one is to use milter support in Postfix, we cannot avoid the extra read-through. More's the pity. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at nkpanama.com Wed Jun 27 20:01:20 2007 From: alex at nkpanama.com (Alex Neuman) Date: Wed Jun 27 20:02:06 2007 Subject: Beta release 4.61.4 In-Reply-To: <4682A4EE.7030007@sendit.nodak.edu> References: <46816025.6040004@ecs.soton.ac.uk> <4681817C.9080804@ecs.soton.ac.uk><1964AAFBC212F742958F9275BF63DBB04B0D54@winchester.andrewscompanies.com> <4681A4CA.7080300@fsl.com> <20070627000908.1FB151224A5@mx-b.vdnet.lt> <4682A4EE.7030007@sendit.nodak.edu> Message-ID: <4682B400.6040208@nkpanama.com> Not that I'm against anyone or anything - but isn't there any prior art? The sole effort of digitally signing messages amounts to "watermarking", IMHO - sort of how DKIM works, except DKIM also provides a means to verify this against a DNS-based database, right? Richard Frovarp wrote: > Nerijus Baliunas wrote: >> On Wed, 27 Jun 2007 00:44:10 +0100 Steve Freegard >> wrote: >> >> >>> No - I'm afraid it is the actual concept of e-mail watermarking and >>> how it is implemented. There is a US patent pending on this currently. >>> >> >> So until it is in a pending state is it possible to publish the code >> or not? >> >> Regards, >> Nerijus >> > I believe that once a patent is in a pending state, it offers full > protection. This is why you see physical objects with patent pending > number on them in the market. Nothing would be out in market as patent > pending if it didn't enjoy some sort of protection. > > Richard From MailScanner at ecs.soton.ac.uk Wed Jun 27 20:06:29 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jun 27 20:08:30 2007 Subject: 4.61.6 - SpamAssassin Temporary Dir Message-ID: <4682B535.9040708@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This may well be the last beta before the next stable release at the start of July. There is one new minor feature. There is now a setting SpamAssassin Temporary Dir which sets the dir in which SpamAssassin creates all its temporary files. To speed up SpamAssassin, you can put the files on a filesystem mounted with tmpfs, thereby saving lots of disk i/o. By default, the directory is put inside /var/spool/MailScanner/incoming as most people who are concerned with speed do at least get as far as putting that on tmpfs. It will attempt to create the directory if necessary, so no need for any special steps to use it. If it can't write to the directory, it backs off to using /tmp instead. On some systems that is mounted on tmpfs anyway. Download it as usual from www.mailscanner.info. Please test this new feature for me, and continue to test the recent Postfix fixes. Thanks! Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFGgrVHEfZZRxQVtlQRAjDDAKDPN925ddN0DaqwrFoY9saJ4EKzoACdGPLQ qwtjN40uXa2FXWkoYt9gAAc= =Qomn -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From nerijusb at dtiltas.lt Wed Jun 27 22:18:01 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Wed Jun 27 22:20:05 2007 Subject: 4.61.6 - SpamAssassin Temporary Dir In-Reply-To: <4682B535.9040708@ecs.soton.ac.uk> References: <4682B535.9040708@ecs.soton.ac.uk> Message-ID: <20070627212002.0FFECFF06@mx-a.vdnet.lt> On Wed, 27 Jun 2007 20:06:29 +0100 Julian Field wrote: > There is one new minor feature. There is now a setting > SpamAssassin Temporary Dir > which sets the dir in which SpamAssassin creates all its temporary > files. ... It will attempt to create the directory if necessary, so no need > for any special steps to use it. One minor thing - when I start MailScanner for the first time, I see in logs: Jun 28 00:13:47 mail MailScanner[10351]: MailScanner E-Mail Virus Scanner version 4.61.6 starting... Jun 28 00:13:47 mail MailScanner[10351]: Could not read directory /var/spool/MailScanner/incoming/SpamAssassin-Temp Jun 28 00:13:47 mail MailScanner[10351]: Error in configuration file line 2067, directory /var/spool/MailScanner/incoming/SpamAssassin-Temp for spamassassintempdir does not exist (or is not readable) ... Jun 28 00:13:47 mail MailScanner[10351]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Regards, Nerijus From mailscanner at slackadelic.com Wed Jun 27 22:27:37 2007 From: mailscanner at slackadelic.com (Matt Hayes) Date: Wed Jun 27 22:27:43 2007 Subject: 4.61.6 - SpamAssassin Temporary Dir In-Reply-To: <20070627212002.0FFECFF06@mx-a.vdnet.lt> References: <4682B535.9040708@ecs.soton.ac.uk> <20070627212002.0FFECFF06@mx-a.vdnet.lt> Message-ID: <4682D649.5010507@slackadelic.com> Nerijus Baliunas wrote: > On Wed, 27 Jun 2007 20:06:29 +0100 Julian Field wrote: > >> There is one new minor feature. There is now a setting >> SpamAssassin Temporary Dir >> which sets the dir in which SpamAssassin creates all its temporary >> files. ... It will attempt to create the directory if necessary, so no need >> for any special steps to use it. > > One minor thing - when I start MailScanner for the first time, I see in logs: > > Jun 28 00:13:47 mail MailScanner[10351]: MailScanner E-Mail Virus Scanner version 4.61.6 starting... > Jun 28 00:13:47 mail MailScanner[10351]: Could not read directory /var/spool/MailScanner/incoming/SpamAssassin-Temp > Jun 28 00:13:47 mail MailScanner[10351]: Error in configuration file line 2067, directory /var/spool/MailScanner/incoming/SpamAssassin-Temp for spamassassintempdir does not exist (or is not readable) > ... > Jun 28 00:13:47 mail MailScanner[10351]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > > Regards, > Nerijus Does it create that directory after you see the error messages? I believe the way it works is that it tries to push to that.. if it doesn't exist.. it creates it and then uses it.. Double-check to be sure it exists. -Matt From nerijusb at dtiltas.lt Wed Jun 27 22:52:20 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Wed Jun 27 23:00:06 2007 Subject: 4.61.6 - SpamAssassin Temporary Dir In-Reply-To: <4682D649.5010507@slackadelic.com> References: <4682B535.9040708@ecs.soton.ac.uk><20070627212002.0FFECFF06@mx-a.vdnet.lt> <4682D649.5010507@slackadelic.com> Message-ID: <20070627220002.5679EFF07@mx-a.vdnet.lt> On Wed, 27 Jun 2007 17:27:37 -0400 Matt Hayes wrote: > > One minor thing - when I start MailScanner for the first time, I see in logs: > > > > Jun 28 00:13:47 mail MailScanner[10351]: MailScanner E-Mail Virus Scanner version 4.61.6 starting... > > Jun 28 00:13:47 mail MailScanner[10351]: Could not read directory /var/spool/MailScanner/incoming/SpamAssassin-Temp > > Jun 28 00:13:47 mail MailScanner[10351]: Error in configuration file line 2067, directory /var/spool/MailScanner/incoming/SpamAssassin-Temp for spamassassintempdir does not exist (or is not readable) > > ... > > Jun 28 00:13:47 mail MailScanner[10351]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > > Does it create that directory after you see the error messages? I > believe the way it works is that it tries to push to that.. if it > doesn't exist.. it creates it and then uses it.. Double-check to be sure > it exists. Yes, it does, thus I told it is minor. Regards, Nerijus From seamus at rheelweb.co.nz Wed Jun 27 23:46:39 2007 From: seamus at rheelweb.co.nz (Seamus Allan) Date: Wed Jun 27 23:47:01 2007 Subject: Postfix Address Verification In-Reply-To: <33B7C3D4-C7BB-4FE8-AD69-4802CA37F31B@technologytiger.net> References: <1182844619.26893.2.camel@gblades-suse.linguaphone-intranet.co.uk> <4681C794.7000207@rheelweb.co.nz> <33B7C3D4-C7BB-4FE8-AD69-4802CA37F31B@technologytiger.net> Message-ID: <4682E8CF.7010602@rheelweb.co.nz> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070628/54b49a6d/attachment.html From sandrews at andrewscompanies.com Thu Jun 28 01:41:41 2007 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Thu Jun 28 01:41:52 2007 Subject: Odd Clam/MS Problem In-Reply-To: <4682E8CF.7010602@rheelweb.co.nz> References: <1182844619.26893.2.camel@gblades-suse.linguaphone-intranet.co.uk> <4681C794.7000207@rheelweb.co.nz><33B7C3D4-C7BB-4FE8-AD69-4802CA37F31B@technologytiger.net> <4682E8CF.7010602@rheelweb.co.nz> Message-ID: <1964AAFBC212F742958F9275BF63DBB04B0D83@winchester.andrewscompanies.com> I've had probably 1/2 dozen mailscanners barf this week, all the same way. The inbound queue backs up for an unknown reason and then all mails that do come out of it are tagged as viruses and spam, when they most certainly are not. Granted, these are somewhat slim boxes, probably 700mhz, with 256-384 meg of ram, but they have minor loads as well. I've tried updating to the latest MS as well as the rc2 clamav; even tried running it as clamavmodule to save resources. Neither has any effect on the matter. Anyone see anything similar lately? Steve -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070627/d85757c9/attachment.html From doc at maddoc.net Thu Jun 28 03:17:34 2007 From: doc at maddoc.net (Doc Schneider) Date: Thu Jun 28 03:17:42 2007 Subject: Odd Clam/MS Problem In-Reply-To: <1964AAFBC212F742958F9275BF63DBB04B0D83@winchester.andrewscompanies.com> References: <1182844619.26893.2.camel@gblades-suse.linguaphone-intranet.co.uk> <4681C794.7000207@rheelweb.co.nz><33B7C3D4-C7BB-4FE8-AD69-4802CA37F31B@technologytiger.net> <4682E8CF.7010602@rheelweb.co.nz> <1964AAFBC212F742958F9275BF63DBB04B0D83@winchester.andrewscompanies.com> Message-ID: <46831A3E.5000207@maddoc.net> Steven Andrews wrote: > I've had probably 1/2 dozen mailscanners barf this week, all the same > way. The inbound queue backs up for an unknown reason and then all > mails that do come out of it are tagged as viruses and spam, when they > most certainly are not. > > Granted, these are somewhat slim boxes, probably 700mhz, with 256-384 > meg of ram, but they have minor loads as well. I've tried updating to > the latest MS as well as the rc2 clamav; even tried running it as > clamavmodule to save resources. Neither has any effect on the matter. > > Anyone see anything similar lately? > > Steve > Are you running any other virus scanners? I had something like this happen on a MS system that was using antivir, Removed the use of it in the conf file and away we went working fine. Of course YMMV. -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From sandrews at andrewscompanies.com Thu Jun 28 07:24:31 2007 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Thu Jun 28 07:24:36 2007 Subject: Odd Clam/MS Problem In-Reply-To: <46831A3E.5000207@maddoc.net> References: <1182844619.26893.2.camel@gblades-suse.linguaphone-intranet.co.uk> <4681C794.7000207@rheelweb.co.nz><33B7C3D4-C7BB-4FE8-AD69-4802CA37F31B@technologytiger.net> <4682E8CF.7010602@rheelweb.co.nz><1964AAFBC212F742958F9275BF63DBB04B0D83@winchester.andrewscompanies.com> <46831A3E.5000207@maddoc.net> Message-ID: <1964AAFBC212F742958F9275BF63DBB04B0D89@winchester.andrewscompanies.com> Nope, just Julian's default clam/sa install. It's happened with mailscanner.conf set to clam and clamavmodule. I'd guess it's a timeout issue, but I'm real concerned that if that's the case the default behavior is to start calling everything a virus since those are sumarily tossed. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc Schneider Sent: Wednesday, June 27, 2007 10:18 PM To: MailScanner discussion Subject: Re: Odd Clam/MS Problem Steven Andrews wrote: > I've had probably 1/2 dozen mailscanners barf this week, all the same > way. The inbound queue backs up for an unknown reason and then all > mails that do come out of it are tagged as viruses and spam, when they > most certainly are not. > > Granted, these are somewhat slim boxes, probably 700mhz, with 256-384 > meg of ram, but they have minor loads as well. I've tried updating to > the latest MS as well as the rc2 clamav; even tried running it as > clamavmodule to save resources. Neither has any effect on the matter. > > Anyone see anything similar lately? > > Steve > Are you running any other virus scanners? I had something like this happen on a MS system that was using antivir, Removed the use of it in the conf file and away we went working fine. Of course YMMV. -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From writetoashok at gmail.com Thu Jun 28 08:47:53 2007 From: writetoashok at gmail.com (Ashok Kumar) Date: Thu Jun 28 08:47:56 2007 Subject: bogofilter & MailScanner integration Message-ID: Hi Has anyone used bogofilter or any other spamfilter other than spamassassin with mailscanner? If yes, please share the experience. I found the Custom Spam Scanner Plugin option in mailscanner conf file. Is there any such plugins already available for bogofilter. Spamassassin is causing much delay in processing long queues. Also, if we are disabling bayes, by use_bayes 0, to reduce load, would spamassassin be ineffective in filtering spams or would it use an alternate engine? -- regards, Ashok. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070628/472b3b8c/attachment.html From uxbod at splatnix.net Thu Jun 28 09:03:21 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Jun 28 09:04:30 2007 Subject: Beta release 4.61.4 In-Reply-To: References: Message-ID: On Wed, 27 Jun 2007 10:00:30 -0700, Scott Silva wrote: > Nerijus Baliunas spake the following on 6/26/2007 5:03 PM: >> On Wed, 27 Jun 2007 00:44:10 +0100 Steve Freegard > wrote: >> >>> No - I'm afraid it is the actual concept of e-mail watermarking and how >>> it is implemented. There is a US patent pending on this currently. >> >> So until it is in a pending state is it possible to publish the code or > not? >> >> Regards, >> Nerijus > > I think the patent is from Fortress, part of its BarricadeMX product, so > Julian probably won't do anything to interfere with the "paying" jobs. > If Matt Hampton would have came up with this a few months ago, it might > have > been different. > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is > believed to be clean. -- No turn up on Google for the patent, anybody know the number ? Would be very interested to read. --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Thu Jun 28 09:09:53 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Jun 28 09:09:58 2007 Subject: OT: Beta release 4.61.4 In-Reply-To: <4682B400.6040208@nkpanama.com> References: <4682B400.6040208@nkpanama.com> Message-ID: If GPG keys were held on the server and a checksum was created and appended to the scannned by MailScanner line, then would this still breach the patent? In essence it is a extension of signing. Sorry, but am finding this subject quite interesting from a research perspective. --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solidstatelogic.com Thu Jun 28 09:15:26 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Jun 28 09:15:32 2007 Subject: Odd Clam/MS Problem In-Reply-To: <1964AAFBC212F742958F9275BF63DBB04B0D83@winchester.andrewscompanies.com> Message-ID: <0ff52448c4f2e64db5e6df90aff68dc2@solidstatelogic.com> Steve Latest beta's allow you to use clamd calls directly. There's been lots of reports about clamscan (and the module!) timing out etc for some reason due to the time it takes to load the virus defs. Try the latest beta and use clamd as the scanner. Other thing to check is looking for timeouts in the logs. If you're running any DNS level checks (RBLs etc), make sure the connections to these are OK as well. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Steven Andrews > Sent: 28 June 2007 01:42 > To: MailScanner discussion > Subject: Odd Clam/MS Problem > > I've had probably 1/2 dozen mailscanners barf this week, all the same way. > The inbound queue backs up for an unknown reason and then all mails that > do come out of it are tagged as viruses and spam, when they most certainly > are not. > > Granted, these are somewhat slim boxes, probably 700mhz, with 256-384 meg > of ram, but they have minor loads as well. I've tried updating to the > latest MS as well as the rc2 clamav; even tried running it as clamavmodule > to save resources. Neither has any effect on the matter. > > Anyone see anything similar lately? > > Steve ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From drew at technologytiger.net Thu Jun 28 09:46:55 2007 From: drew at technologytiger.net (Drew Marshall) Date: Thu Jun 28 09:47:03 2007 Subject: Postfix Address Verification In-Reply-To: <4682E8CF.7010602@rheelweb.co.nz> References: <1182844619.26893.2.camel@gblades-suse.linguaphone-intranet.co.uk> <4681C794.7000207@rheelweb.co.nz> <33B7C3D4-C7BB-4FE8-AD69-4802CA37F31B@technologytiger.net> <4682E8CF.7010602@rheelweb.co.nz> Message-ID: <59838.194.70.180.170.1183020415.squirrel@www.technologytiger.net> On Wed, June 27, 2007 23:46, Seamus Allan wrote: > It seems after implementing this that I am having a lot of spam stopped > at MTA level - this is very good.
> However, the next morning I came in to discover that some of the > domains we host were not getting any email.
> I used telnet to pretend to have a fake session with the smtp server, > and interestingly, when trying to do a rcpt class="moz-txt-link-abbreviated" > href="mailto:to:user@brokendomain.com">to:user@brokendomain.com, I > get the following error message.
> 450 href="mailto:user@brokendomain.com"><user@brokendomain.com>: > Recipient address rejected: Domain > not found
> Why is this happening? How come that Postfix is able to look into the > transport map and check the next server in line to see whether the user > is valid for most of the domains, but not for some. Is there a > misconfiguration somewhere? Is the verify map full or something?
Firstly, please could you not use HTML mail. It does become something of a mess (As you can see above) when working in plain text. Anyway, check your maillog as I would expect the domain not found error to come from a Postfix client access restriction (Reject unknown sender domain for example) and nothing to do with your recipient maps. The logs will tell you more. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by the Technology Tiger MailScanner. Further information can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From MailScanner at ecs.soton.ac.uk Thu Jun 28 09:42:30 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 28 09:47:15 2007 Subject: 4.61.6 - SpamAssassin Temporary Dir In-Reply-To: <20070627212002.0FFECFF06@mx-a.vdnet.lt> References: <4682B535.9040708@ecs.soton.ac.uk> <20070627212002.0FFECFF06@mx-a.vdnet.lt> Message-ID: <46837476.1010309@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070628/112ea607/PGP.bin From uxbod at splatnix.net Thu Jun 28 09:59:02 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Jun 28 09:59:48 2007 Subject: Postfix Address Verification In-Reply-To: <59838.194.70.180.170.1183020415.squirrel@www.technologytiger.net> References: <59838.194.70.180.170.1183020415.squirrel@www.technologytiger.net> Message-ID: After creating the look up table I presume you ran postmap on it ? On Thu, 28 Jun 2007 09:46:55 +0100 (BST), "Drew Marshall" wrote: > On Wed, June 27, 2007 23:46, Seamus Allan wrote: >> It seems after implementing this that I am having a lot of spam stopped >> at MTA level - this is very good.
>> However, the next morning I came in to discover that some of the >> domains we host were not getting any email.
>> I used telnet to pretend to have a fake session with the smtp server, >> and interestingly, when trying to do a rcpt > class="moz-txt-link-abbreviated" >> href="mailto:to:user@brokendomain.com">to:user@brokendomain.com, I >> get the following error message.
>> 450 > href="mailto:user@brokendomain.com">: >> Recipient address rejected: Domain >> not found
>> Why is this happening? How come that Postfix is able to look into the >> transport map and check the next server in line to see whether the user >> is valid for most of the domains, but not for some. Is there a >> misconfiguration somewhere? Is the verify map full or something?
> > Firstly, please could you not use HTML mail. It does become something of a > mess (As you can see above) when working in plain text. > > Anyway, check your maillog as I would expect the domain not found error to > come from a Postfix client access restriction (Reject unknown sender > domain for example) and nothing to do with your recipient maps. The logs > will tell you more. > > Drew > > > -- > In line with our policy, this message has been scanned > for viruses and dangerous content by the Technology Tiger MailScanner. > Further information can be found at www.technologytiger.net/policy > > Technology Tiger Limited is registered in Scotland with registration > number: 310997 > Registered Office 55-57 West High Street Inverurie AB51 3QQ > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is > believed to be clean. -- --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solidstatelogic.com Thu Jun 28 10:00:29 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Jun 28 10:04:50 2007 Subject: 4.61.6 - SpamAssassin Temporary Dir In-Reply-To: <46837476.1010309@ecs.soton.ac.uk> Message-ID: <7f2e27cef5444346a8ec688eed7310e5@solidstatelogic.com> Jules Can't see that defined anywhere in the ConfigDefs.pl file.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 28 June 2007 09:43 > To: MailScanner discussion > Subject: Re: 4.61.6 - SpamAssassin Temporary Dir > > > > Nerijus Baliunas wrote: > > On Wed, 27 Jun 2007 20:06:29 +0100 Julian Field > wrote: > > > > There is one new minor feature. There is now a setting > SpamAssassin Temporary Dir > which sets the dir in which SpamAssassin creates all its > temporary > files. ... It will attempt to create the directory if > necessary, so no need > for any special steps to use it. > > > > One minor thing - when I start MailScanner for the first time, I see > in logs: > > Jun 28 00:13:47 mail MailScanner[10351]: MailScanner E-Mail Virus > Scanner version 4.61.6 starting... > Jun 28 00:13:47 mail MailScanner[10351]: Could not read directory > /var/spool/MailScanner/incoming/SpamAssassin-Temp > Jun 28 00:13:47 mail MailScanner[10351]: Error in configuration file > line 2067, directory /var/spool/MailScanner/incoming/SpamAssassin-Temp for > spamassassintempdir does not exist (or is not readable) > ... > Jun 28 00:13:47 mail MailScanner[10351]: SpamAssassin temporary > working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > > > Can you try one thing for me please? > Edit ConfigDefs.pl and you'll find a definition for SpamAssassinTempDir in > the "[Simple,Dir]" section. Please try moving it into the "[Simple,Other]" > section and run it again. > Hopefully that should fix it. > > Can you give that a go please? > > Thanks! > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From martinh at solidstatelogic.com Thu Jun 28 10:17:35 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Jun 28 10:17:38 2007 Subject: 4.61.6 - SpamAssassin Temporary Dir In-Reply-To: <46837476.1010309@ecs.soton.ac.uk> Message-ID: <6aae1bb263bdee4c8158ba5b442ea9d6@solidstatelogic.com> Jules Sorry, I goofed on the upgrade...yes it's there. Still get the complaint in the logs about it not being there... Jun 28 10:15:48 towers MailScanner[57552]: Error in line 2067, file "/var/spool/MailScanner/incoming/SpamAssassin-Temp" for spamassassintempdir does not exist (or can not be read) And it's still creates it anyhow.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 28 June 2007 09:43 > To: MailScanner discussion > Subject: Re: 4.61.6 - SpamAssassin Temporary Dir > > > > Nerijus Baliunas wrote: > > On Wed, 27 Jun 2007 20:06:29 +0100 Julian Field > wrote: > > > > There is one new minor feature. There is now a setting > SpamAssassin Temporary Dir > which sets the dir in which SpamAssassin creates all its > temporary > files. ... It will attempt to create the directory if > necessary, so no need > for any special steps to use it. > > > > One minor thing - when I start MailScanner for the first time, I see > in logs: > > Jun 28 00:13:47 mail MailScanner[10351]: MailScanner E-Mail Virus > Scanner version 4.61.6 starting... > Jun 28 00:13:47 mail MailScanner[10351]: Could not read directory > /var/spool/MailScanner/incoming/SpamAssassin-Temp > Jun 28 00:13:47 mail MailScanner[10351]: Error in configuration file > line 2067, directory /var/spool/MailScanner/incoming/SpamAssassin-Temp for > spamassassintempdir does not exist (or is not readable) > ... > Jun 28 00:13:47 mail MailScanner[10351]: SpamAssassin temporary > working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > > > Can you try one thing for me please? > Edit ConfigDefs.pl and you'll find a definition for SpamAssassinTempDir in > the "[Simple,Dir]" section. Please try moving it into the "[Simple,Other]" > section and run it again. > Hopefully that should fix it. > > Can you give that a go please? > > Thanks! > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Thu Jun 28 10:23:23 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 28 10:26:36 2007 Subject: 4.61.6 - SpamAssassin Temporary Dir In-Reply-To: <7f2e27cef5444346a8ec688eed7310e5@solidstatelogic.com> References: <7f2e27cef5444346a8ec688eed7310e5@solidstatelogic.com> Message-ID: <46837E0B.7060602@ecs.soton.ac.uk> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070628/fbbbfdb5/PGP-0001.bin From MailScanner at ecs.soton.ac.uk Thu Jun 28 16:52:01 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 28 16:54:32 2007 Subject: Ping Message-ID: <4683D921.6070304@ecs.soton.ac.uk> Pong. I just managed to delete my MailScanner-discussion mailing list archive. Oops. Time to dig out a tape, me thinks :-( Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From m.anderlini at database.it Thu Jun 28 16:57:42 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Thu Jun 28 16:57:56 2007 Subject: using tmpfs files system In-Reply-To: <46837E0B.7060602@ecs.soton.ac.uk> References: <7f2e27cef5444346a8ec688eed7310e5@solidstatelogic.com> <46837E0B.7060602@ecs.soton.ac.uk> Message-ID: <003401c7b99d$0f6379d0$3f01a8c0@dbdomain.database.it> Hi, I would like to use a tmpfs files sytste to try to speed up mailscanner process. I'm using a centos 4.5 distribution and I saw that tmpfs it's already mounted for /dev/shm. How can I achieve this without dismount this partition that I suppose it's used for other programs ? Does anyone have some suggestion ? thanks and sorry for my worst English. Marcello -- Messaggio verificato dal servizio antivirus di Database Informatica -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070628/aacd28ab/attachment.html From mkercher at nfsmith.com Thu Jun 28 17:11:05 2007 From: mkercher at nfsmith.com (Mike Kercher) Date: Thu Jun 28 17:11:08 2007 Subject: using tmpfs files system In-Reply-To: <003401c7b99d$0f6379d0$3f01a8c0@dbdomain.database.it> References: <7f2e27cef5444346a8ec688eed7310e5@solidstatelogic.com><46837E0B.7060602@ecs.soton.ac.uk> <003401c7b99d$0f6379d0$3f01a8c0@dbdomain.database.it> Message-ID: <441247027D4F274EB760A5F6E1ED9C7E7D27@houpex02.nfsmith.info> I put this in /etc/rc.d/rc.local /bin/mount -t tmpfs tmpfs /var/spool/MailScanner/incoming Mike ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Marcello Anderlini Sent: Thursday, June 28, 2007 10:58 AM To: 'MailScanner discussion' Subject: using tmpfs files system Hi, I would like to use a tmpfs files sytste to try to speed up mailscanner process. I'm using a centos 4.5 distribution and I saw that tmpfs it's already mounted for /dev/shm. How can I achieve this without dismount this partition that I suppose it's used for other programs ? Does anyone have some suggestion ? thanks and sorry for my worst English. Marcello -- Messaggio verificato dal servizio antivirus di Database Informatica . From MailScanner at ecs.soton.ac.uk Thu Jun 28 17:26:08 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 28 17:30:18 2007 Subject: using tmpfs files system In-Reply-To: <441247027D4F274EB760A5F6E1ED9C7E7D27@houpex02.nfsmith.info> References: <7f2e27cef5444346a8ec688eed7310e5@solidstatelogic.com><46837E0B.7060602@ecs.soton.ac.uk> <003401c7b99d$0f6379d0$3f01a8c0@dbdomain.database.it> <441247027D4F274EB760A5F6E1ED9C7E7D27@houpex02.nfsmith.info> Message-ID: <4683E120.5000106@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You should put mount instructions in /etc/fstab. Just follow the other mounts that are already there. You will probably find a line for /dev/shm. Just copy that line, and change /dev/shm to /var/spool/MailScanner/incoming. Don't comment out or delete the original line, you want both of them! You can mount as many places as you like with tmpfs. Then it will be automatically mounted every time you reboot. If you want to mount it immediately, after you have put it in /etc/fstab then just issue the command mount /var/spool/MailScanner/incoming with no other parameters. It will pull all the information it needs out of /etc/fstab. Putting lines in rc.local is not the standard way of doing this! :-) Mike Kercher wrote: > I put this in /etc/rc.d/rc.local > > /bin/mount -t tmpfs tmpfs /var/spool/MailScanner/incoming > > Mike > > > ________________________________ > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Marcello Anderlini > Sent: Thursday, June 28, 2007 10:58 AM > To: 'MailScanner discussion' > Subject: using tmpfs files system > > > Hi, I would like to use a tmpfs files sytste to try to speed up > mailscanner process. > > I'm using a centos 4.5 distribution and I saw that tmpfs it's already > mounted for /dev/shm. > > How can I achieve this without dismount this partition that I suppose > it's used for other programs ? > > Does anyone have some suggestion ? > > > thanks and sorry for my worst English. > > Marcello > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFGg+EiEfZZRxQVtlQRArLSAKDJq9pfJYr86LLYK9B0jkrBzjmqvACgrjyc Dm9xT58kZzC0IWK6hCYLots= =X/NO -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Thu Jun 28 17:36:33 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jun 28 18:10:09 2007 Subject: using tmpfs files system In-Reply-To: <003401c7b99d$0f6379d0$3f01a8c0@dbdomain.database.it> References: <7f2e27cef5444346a8ec688eed7310e5@solidstatelogic.com> <46837E0B.7060602@ecs.soton.ac.uk> <003401c7b99d$0f6379d0$3f01a8c0@dbdomain.database.it> Message-ID: Marcello Anderlini spake the following on 6/28/2007 8:57 AM: > Hi, I would like to use a tmpfs files sytste to try to speed up > mailscanner process. > > I'm using a centos 4.5 distribution and I saw that tmpfs it's already > mounted for /dev/shm. > > How can I achieve this without dismount this partition that I suppose > it's used for other programs ? > > Does anyone have some suggestion ? > > > thanks and sorry for my worst English. > > Marcello > In /etc/fstab just add the following line; none /var/spool/MailScanner/incoming tmpfs defaults 0 0 -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From hvdkooij at vanderkooij.org Thu Jun 28 18:47:25 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Jun 28 18:48:26 2007 Subject: using tmpfs files system In-Reply-To: <4683E120.5000106@ecs.soton.ac.uk> References: <7f2e27cef5444346a8ec688eed7310e5@solidstatelogic.com><46837E0B.7060602@ecs.soton.ac.uk> <003401c7b99d$0f6379d0$3f01a8c0@dbdomain.database.it> <441247027D4F274EB760A5F6E1ED9C7E7D27@houpex02.nfsmith.info> <4683E120.5000106@ecs.soton.ac.uk> Message-ID: On Thu, 28 Jun 2007, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > You should put mount instructions in /etc/fstab. Just follow the other > mounts that are already there. You will probably find a line for > /dev/shm. Just copy that line, and change /dev/shm to > /var/spool/MailScanner/incoming. Don't comment out or delete the > original line, you want both of them! > > You can mount as many places as you like with tmpfs. > > Then it will be automatically mounted every time you reboot. > If you want to mount it immediately, after you have put it in /etc/fstab > then just issue the command > mount /var/spool/MailScanner/incoming > with no other parameters. It will pull all the information it needs out > of /etc/fstab. > > Putting lines in rc.local is not the standard way of doing this! :-) The worst part is that you would mount a tmpfs AFTER starting MailScanner. And changing working areas while a process is using them might lead to failures. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From uxbod at splatnix.net Thu Jun 28 20:04:41 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Jun 28 20:04:46 2007 Subject: Ping In-Reply-To: <4683D921.6070304@ecs.soton.ac.uk> References: <4683D921.6070304@ecs.soton.ac.uk> Message-ID: Life of a admin Jules ;) at least rm -rf / ;) On Thu, 28 Jun 2007 16:52:01 +0100, Julian Field wrote: > Pong. I just managed to delete my MailScanner-discussion mailing list > archive. Oops. Time to dig out a tape, me thinks :-( > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is > believed to be clean. -- --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ajcartmell at fonant.com Thu Jun 28 21:34:43 2007 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Thu Jun 28 21:34:48 2007 Subject: Ping In-Reply-To: References: <4683D921.6070304@ecs.soton.ac.uk> Message-ID: > Life of a admin Jules ;) at least rm -rf / ;) Yeah, much disk activity until: rm: command not found :) Anthony -- www.fonant.com - Quality web sites From MailScanner at ecs.soton.ac.uk Thu Jun 28 21:58:54 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 28 22:01:33 2007 Subject: using tmpfs files system In-Reply-To: References: <7f2e27cef5444346a8ec688eed7310e5@solidstatelogic.com><46837E0B.7060602@ecs.soton.ac.uk> <003401c7b99d$0f6379d0$3f01a8c0@dbdomain.database.it> <441247027D4F274EB760A5F6E1ED9C7E7D27@houpex02.nfsmith.info> <4683E120.5000106@ecs.soton.ac.uk> Message-ID: <4684210E.5020105@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hugo van der Kooij wrote: > On Thu, 28 Jun 2007, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> You should put mount instructions in /etc/fstab. Just follow the other >> mounts that are already there. You will probably find a line for >> /dev/shm. Just copy that line, and change /dev/shm to >> /var/spool/MailScanner/incoming. Don't comment out or delete the >> original line, you want both of them! >> >> You can mount as many places as you like with tmpfs. >> >> Then it will be automatically mounted every time you reboot. >> If you want to mount it immediately, after you have put it in /etc/fstab >> then just issue the command >> mount /var/spool/MailScanner/incoming >> with no other parameters. It will pull all the information it needs out >> of /etc/fstab. >> >> Putting lines in rc.local is not the standard way of doing this! :-) > > The worst part is that you would mount a tmpfs AFTER starting > MailScanner. > > And changing working areas while a process is using them might lead to > failures. Very true. Best to stop MailScanner before you do the mount command, and then start it again afterwards. I don't think I could guarantee its behaviour if you mount a new filesystem over the top of its working directories while it's running :-) > > Hugo. > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFGhCEPEfZZRxQVtlQRApINAJ4muWDw7G91tHeactTfAtkNApIZ8ACgqFc2 UdtEwAG4zMEr6Fuv5+UewZI= =Wjl+ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Thu Jun 28 22:01:39 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jun 28 22:04:12 2007 Subject: Ping In-Reply-To: References: <4683D921.6070304@ecs.soton.ac.uk> Message-ID: <468421B3.9060607@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anthony Cartmell wrote: >> Life of a admin Jules ;) at least rm -rf / ;) > > Yeah, much disk activity until: > rm: command not found My worst mistake ever went like this: for F in long-list-of-hostnames-here do ssh $F mv /etc/passwd /etc/passwd.old scp newpasswdfile $F:/etc/passwd done Now getting out of that took me the rest of the morning :-( Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: UTF-8 wj8DBQFGhCGzEfZZRxQVtlQRAopYAJ0TQXFHW59GzffPEhPzkINaQo72mQCZAepB TthpaHOrheXcopLjO3dd7CY= =2eoH -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From mgage at geshosting.com Thu Jun 28 22:07:27 2007 From: mgage at geshosting.com (Matt Gage) Date: Thu Jun 28 22:07:22 2007 Subject: Today's Totals Stops Working Message-ID: <007301c7b9c8$5745abd0$05d10370$@com> On one of my 4 servers the Today's Totals in mailwatch stopped showing numbers a few days ago, all filters and programs seem fine and it is blocking traffic. I just cant see how much any more, does any one have a fix? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070628/6854d095/attachment.html From ka at pacific.net Thu Jun 28 23:05:05 2007 From: ka at pacific.net (Ken A) Date: Thu Jun 28 23:05:07 2007 Subject: Ping In-Reply-To: <468421B3.9060607@ecs.soton.ac.uk> References: <4683D921.6070304@ecs.soton.ac.uk> <468421B3.9060607@ecs.soton.ac.uk> Message-ID: <46843091.6060308@pacific.net> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Anthony Cartmell wrote: >>> Life of a admin Jules ;) at least rm -rf / ;) >> Yeah, much disk activity until: >> rm: command not found > My worst mistake ever went like this: > > for F in long-list-of-hostnames-here > do > ssh $F mv /etc/passwd /etc/passwd.old > scp newpasswdfile $F:/etc/passwd > done > > Now getting out of that took me the rest of the morning :-( > That's nice. Looks like something you might find in a book. It is sooo easy to take authentication for granted when you are root. Ken > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.2 (Build 2014) > Charset: UTF-8 > > wj8DBQFGhCGzEfZZRxQVtlQRAopYAJ0TQXFHW59GzffPEhPzkINaQo72mQCZAepB > TthpaHOrheXcopLjO3dd7CY= > =2eoH > -----END PGP SIGNATURE----- > -- Ken Anderson Pacific.Net From nerijusb at dtiltas.lt Thu Jun 28 23:34:30 2007 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Thu Jun 28 23:40:07 2007 Subject: Today's Totals Stops Working In-Reply-To: <007301c7b9c8$5745abd0$05d10370$@com> References: <007301c7b9c8$5745abd0$05d10370$@com> Message-ID: <20070628224003.32269FF0F@mx-a.vdnet.lt> On Thu, 28 Jun 2007 16:07:27 -0500 Matt Gage wrote: > On one of my 4 servers the Today's Totals in mailwatch stopped showing > numbers a few days ago, all filters and programs seem fine and it is > blocking traffic. I just cant see how much any more, does any one have a > fix? Please ask in mailwatch list in the future. I would check and fix mysql tables. Regards, Nerijus From alex at nkpanama.com Fri Jun 29 02:53:11 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Jun 29 02:54:13 2007 Subject: Ping In-Reply-To: <46843091.6060308@pacific.net> References: <4683D921.6070304@ecs.soton.ac.uk> <468421B3.9060607@ecs.soton.ac.uk> <46843091.6060308@pacific.net> Message-ID: <46846607.40903@nkpanama.com> Ken A wrote: > That's nice. Looks like something you might find in a book. It is sooo > easy to take authentication for granted when you are root. > Ken Happened to me once. I've since moved to using ssh keys for authentication, but keys wouldn't work in that situation, right? I mean, since the passwd file got renamed... From seamus at rheelweb.co.nz Fri Jun 29 04:57:31 2007 From: seamus at rheelweb.co.nz (Seamus Allan) Date: Fri Jun 29 04:57:55 2007 Subject: Postfix Address Verification In-Reply-To: <59838.194.70.180.170.1183020415.squirrel@www.technologytiger.net> References: <1182844619.26893.2.camel@gblades-suse.linguaphone-intranet.co.uk> <4681C794.7000207@rheelweb.co.nz> <33B7C3D4-C7BB-4FE8-AD69-4802CA37F31B@technologytiger.net> <4682E8CF.7010602@rheelweb.co.nz> <59838.194.70.180.170.1183020415.squirrel@www.technologytiger.net> Message-ID: <4684832B.90709@rheelweb.co.nz> Drew Marshall wrote: > On Wed, June 27, 2007 23:46, Seamus Allan wrote: > >> It seems after implementing this that I am having a lot of spam stopped >> at MTA level - this is very good.
>> However, the next morning I came in to discover that some of the >> domains we host were not getting any email.
>> I used telnet to pretend to have a fake session with the smtp server, >> and interestingly, when trying to do a rcpt > class="moz-txt-link-abbreviated" >> href="mailto:to:user@brokendomain.com">to:user@brokendomain.com, I >> get the following error message.
>> 450 > href="mailto:user@brokendomain.com"><user@brokendomain.com>: >> Recipient address rejected: Domain >> not found
>> Why is this happening? How come that Postfix is able to look into the >> transport map and check the next server in line to see whether the user >> is valid for most of the domains, but not for some. Is there a >> misconfiguration somewhere? Is the verify map full or something?
>> > > Firstly, please could you not use HTML mail. It does become something of a > mess (As you can see above) when working in plain text. > > I even made a point of not top posting. Guess I can't make *everyone* happy. > Anyway, check your maillog as I would expect the domain not found error to > come from a Postfix client access restriction (Reject unknown sender > domain for example) and nothing to do with your recipient maps. The logs > will tell you more. > > Drew > > > I spent the good part of a day investigating logs and found almost nothing useful. I was expecting to see a point where the main (hub) mailserver started rejecting the (Mailscanner) Gateways probes to check whether a mailbox existed, as the probes are only Helo, Mail from, rcpt to, then a disconnect. Anywho, here are some log snippets for you to gander at. This is for a domain where is worked: Jun 28 02:49:24 gatekeeper2 postfix/smtpd[8702]: NOQUEUE: reject: RCPT from c175-80.icpnet.pl[85.221.175.80]: 550 : Recipient address rejected: undeliverable address: host 192.168.1.225[192.168.1.225] said: 550 Requested action not taken: mailbox unavailable or not local (in reply to RCPT TO command); from= to= proto=SMTP helo=<144209448> And this is for one where is didn't: Jun 28 02:49:28 gatekeeper2 postfix/smtpd[8700]: NOQUEUE: reject: RCPT from unknown[80.99.7.4]: 450 : Recipient address rejected: Domain not found; from= to= proto=ESMTP helo= After scouring the logs on both the gateway machine and the mail hub and can't seem to find anything useful. Any ideas? Cheers. -- *Seamus Allan* Network Engineer Rheel Electronics Ltd Phone +64-3-386 3070 Fax +64-3-386-3071 Mobile +64-21-178-2980 seamus@rheelweb.co.nz www.rheel.co.nz This e-mail together with any attachments is confidential, may be subject to legal privilege and may contain proprietary information, including information protected by copyright. If you are not the intended recipient, please do not copy, use or disclose this e-mail; please notify us immediately by return e-mail and then delete this e-mail. From mkellermann at net-com.de Fri Jun 29 07:31:47 2007 From: mkellermann at net-com.de (Matthias Kellermann) Date: Fri Jun 29 07:30:10 2007 Subject: MailScanner, sa-learn and bayes_path troubles Message-ID: <4684A753.1080901@net-com.de> Hello MailScanner list, I've some trouble using sa-learn to train my SpamAssassin installation with MailScanner. If I use sa-learn to train the filter with ham and spam messages, it doesn't seem to have any effect on the scoring done by MailScanner. I also don't see where sa-learn puts its Bayes data. I thought the path should be the same as bayes_path in /etc/MailScanner/spam.assassin.prefs.conf but there are no files present. It doesn't change anything if I run sa-learn with root or postfix user (MailScanner runs as postfix user). So, what could be the problem? Where can I tell sa-learn which path to save it's ham/spam information? As which user I have to run sa-learn? Do I have to add another special bayes path somewhere in the MailScanner config files? Thanks for your answers. Regards, Matthias From Q.G.Campbell at newcastle.ac.uk Fri Jun 29 08:22:25 2007 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Fri Jun 29 08:23:53 2007 Subject: MailScanner-4.61.3-1 running OK in production Message-ID: <4165CF7A7F12DE4B96622CCBB90586470AA7F537@largo.campus.ncl.ac.uk> Julian I have been successfully running MS-4.61.3-1, SA-3.2.1 (with Util.pm patch) and ClamAV-0.90.3 on four production gateways for some days now. Only concerns are the number of "RPM build errors" I get with the MailScanner install.sh script when upgrading existing systems which have had many previous MailScanner installs done in the past. It does not appear to be a problem when installing MailScanner for the first time on a newly built RH/AS4 system. Quentin --- PHONE: +44 191 222 8209??? Information Systems and Services (ISS), ?????????????????????????? Newcastle University, ?????????????????????????? Newcastle upon Tyne, FAX:?? +44 191 222 8765??? United Kingdom, NE1 7RU. ------------------------------------------------------------------------ From glenn.steen at gmail.com Fri Jun 29 08:55:48 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 29 08:55:50 2007 Subject: MailScanner, sa-learn and bayes_path troubles In-Reply-To: <4684A753.1080901@net-com.de> References: <4684A753.1080901@net-com.de> Message-ID: <223f97700706290055w1ad088bdtbeb16d34bd4af2d3@mail.gmail.com> On 29/06/07, Matthias Kellermann wrote: > Hello MailScanner list, > > I've some trouble using sa-learn to train my SpamAssassin installation > with MailScanner. > > If I use sa-learn to train the filter with ham and spam messages, it > doesn't seem to have any effect on the scoring done by MailScanner. I > also don't see where sa-learn puts its Bayes data. I thought the path > should be the same as bayes_path in > /etc/MailScanner/spam.assassin.prefs.conf but there are no files > present. It doesn't change anything if I run sa-learn with root or > postfix user (MailScanner runs as postfix user). > > So, what could be the problem? Where can I tell sa-learn which path to > save it's ham/spam information? As which user I have to run sa-learn? Do > I have to add another special bayes path somewhere in the MailScanner > config files? > > Thanks for your answers. > > Regards, > Matthias Check that you have a symbolic link /etc/mail/spamassassin/mailscanner.cf that points to /etc/MailScanner/spam.assassin.prefs.conf (if you have the bayes_path setting in that one), or set it in your /etc/mail/spamassassin/local.cf (either, not both;-). Also, check that the permissions for your bayes db (as specified in that SA cf) is "enough" for all users you plan to use (perhaps rw-rw- for postfix.apache, if you use MailWatch ... etc). The plan with such a setup is that you will use the same config irrespective of what user you might use to do the training. A bit of care (perhaps setting the directory rws) can go a long way toward avoiding problems (like root stomping on your permissions;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From m.anderlini at database.it Fri Jun 29 09:36:49 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Fri Jun 29 09:37:01 2007 Subject: R: using tmpfs files system In-Reply-To: References: <7f2e27cef5444346a8ec688eed7310e5@solidstatelogic.com> <46837E0B.7060602@ecs.soton.ac.uk><003401c7b99d$0f6379d0$3f01a8c0@dbdomain.database.it> Message-ID: <004d01c7ba28$a2e9d4c0$3f01a8c0@dbdomain.database.it> Thanks to all for the answers. At the moment my df -m show this ============= none 1004 1 1004 1% /dev/shm ============= I suppose that I can use 1gb memory, at the moment my system process about 25k email (average) for day. This ammount of ram is it enough to support this load ? Thanks again Bye -----Messaggio originale----- Da: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Per conto di Scott Silva Inviato: gioved? 28 giugno 2007 18.37 A: mailscanner@lists.mailscanner.info Oggetto: Re: using tmpfs files system Marcello Anderlini spake the following on 6/28/2007 8:57 AM: > Hi, I would like to use a tmpfs files sytste to try to speed up > mailscanner process. > > I'm using a centos 4.5 distribution and I saw that tmpfs it's already > mounted for /dev/shm. > > How can I achieve this without dismount this partition that I suppose > it's used for other programs ? > > Does anyone have some suggestion ? > > > thanks and sorry for my worst English. > > Marcello > In /etc/fstab just add the following line; none /var/spool/MailScanner/incoming tmpfs defaults 0 0 -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Messaggio verificato dal servizio antivirus di Database Informatica -- Messaggio verificato dal servizio antivirus di Database Informatica From mkellermann at net-com.de Fri Jun 29 10:06:18 2007 From: mkellermann at net-com.de (Matthias Kellermann) Date: Fri Jun 29 10:04:51 2007 Subject: MailScanner, sa-learn and bayes_path troubles In-Reply-To: <223f97700706290055w1ad088bdtbeb16d34bd4af2d3@mail.gmail.com> References: <4684A753.1080901@net-com.de> <223f97700706290055w1ad088bdtbeb16d34bd4af2d3@mail.gmail.com> Message-ID: <4684CB8A.2030106@net-com.de> Glenn Steen schrieb: > Check that you have a symbolic link > /etc/mail/spamassassin/mailscanner.cf that points to > /etc/MailScanner/spam.assassin.prefs.conf (if you have the bayes_path > setting in that one), or set it in your > /etc/mail/spamassassin/local.cf (either, not both;-). This was the problem. Fixed that. > Also, check that the permissions for your bayes db (as specified in > that SA cf) is "enough" for all users you plan to use (perhaps rw-rw- > for postfix.apache, if you use MailWatch ... etc). > The plan with such a setup is that you will use the same config > irrespective of what user you might use to do the training. A bit of > care (perhaps setting the directory rws) can go a long way toward > avoiding problems (like root stomping on your permissions;-). After adjusting the permissions it works like a charme - Thanks! Regards, Matthias From drew at technologytiger.net Fri Jun 29 10:26:49 2007 From: drew at technologytiger.net (Drew Marshall) Date: Fri Jun 29 10:27:00 2007 Subject: Postfix Address Verification In-Reply-To: <4684832B.90709@rheelweb.co.nz> References: <1182844619.26893.2.camel@gblades-suse.linguaphone-intranet.co.uk> <4681C794.7000207@rheelweb.co.nz> <33B7C3D4-C7BB-4FE8-AD69-4802CA37F31B@technologytiger.net> <4682E8CF.7010602@rheelweb.co.nz> <59838.194.70.180.170.1183020415.squirrel@www.technologytiger.net> <4684832B.90709@rheelweb.co.nz> Message-ID: <39526.194.70.180.170.1183109209.squirrel@www.technologytiger.net> On Fri, June 29, 2007 04:57, Seamus Allan wrote: > I even made a point of not top posting. Guess I can't make *everyone* > happy. You are so right :-) The only reason I asked was that my quotes of yours were so mangled by my web mail client they were almost not woth including. No biggie really (To me!) > I spent the good part of a day investigating logs and found almost > nothing useful. I was expecting to see a point where the main (hub) > mailserver started rejecting the (Mailscanner) Gateways probes to check > whether a mailbox existed, as the probes are only Helo, Mail from, rcpt > to, then a disconnect. > > Anywho, here are some log snippets for you to gander at. > > This is for a domain where is worked: > Jun 28 02:49:24 gatekeeper2 postfix/smtpd[8702]: NOQUEUE: reject: RCPT > from c175-80.icpnet.pl[85.221.175.80]: 550 : > Recipient address rejected: undeliverable address: host > 192.168.1.225[192.168.1.225] said: 550 Requested action not taken: > mailbox unavailable or not local (in reply to RCPT TO command); > from= to= proto=SMTP > helo=<144209448> That looks fine > > And this is for one where is didn't: > Jun 28 02:49:28 gatekeeper2 postfix/smtpd[8700]: NOQUEUE: reject: RCPT > from unknown[80.99.7.4]: 450 : Recipient address > rejected: Domain not found; from= > to= proto=ESMTP helo= This looks like a DNS problem. Are you running a cacheing DNS server on this box? Postfix is rejecting with a temporary failure (450) as it is having what it thinks could be a short term problem. I assume you have set the next hop in the transport map file, have you done this using a name record or IP address? i.e. in the file does it say: validdomain relay:internal.host or validdomain relay:[192.168.1.225] Just to make sure this isn't Postfix logging a slight red herring, can you also let me know what you have under: smtpd_client_restrictions smtpd_sender_restrictions in main.cf The other thing to check is the logs of the internal machine (Exchange?), just in case there is anything obvious there. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by the Technology Tiger MailScanner. Further information can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From res at ausics.net Fri Jun 29 10:35:55 2007 From: res at ausics.net (Res) Date: Fri Jun 29 10:36:08 2007 Subject: R: using tmpfs files system In-Reply-To: <004d01c7ba28$a2e9d4c0$3f01a8c0@dbdomain.database.it> References: <7f2e27cef5444346a8ec688eed7310e5@solidstatelogic.com> <46837E0B.7060602@ecs.soton.ac.uk><003401c7b99d$0f6379d0$3f01a8c0@dbdomain.database.it> <004d01c7ba28$a2e9d4c0$3f01a8c0@dbdomain.database.it> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NotDashEscaped: You need GnuPG to verify this message On Fri, 29 Jun 2007, Marcello Anderlini wrote: > I suppose that I can use 1gb memory, at the moment my system process about > 25k email (average) for day. > This ammount of ram is it enough to support this load ? Easily enough -- Cheers Res -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGhNJ7sWhAmSIQh7MRAgF3AJ9Ob2VO0oHmLFE8OMhrORSMaQ1VRQCghCCy r1dRWiR2PVWK8bvK8S2vMkU= =igfW -----END PGP SIGNATURE----- From glenn.steen at gmail.com Fri Jun 29 11:17:38 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 29 11:17:40 2007 Subject: Postfix Address Verification In-Reply-To: <39526.194.70.180.170.1183109209.squirrel@www.technologytiger.net> References: <1182844619.26893.2.camel@gblades-suse.linguaphone-intranet.co.uk> <4681C794.7000207@rheelweb.co.nz> <33B7C3D4-C7BB-4FE8-AD69-4802CA37F31B@technologytiger.net> <4682E8CF.7010602@rheelweb.co.nz> <59838.194.70.180.170.1183020415.squirrel@www.technologytiger.net> <4684832B.90709@rheelweb.co.nz> <39526.194.70.180.170.1183109209.squirrel@www.technologytiger.net> Message-ID: <223f97700706290317y540611bg1021d52c7aa5a7f6@mail.gmail.com> On 29/06/07, Drew Marshall wrote: (snip) > > > > And this is for one where is didn't: > > Jun 28 02:49:28 gatekeeper2 postfix/smtpd[8700]: NOQUEUE: reject: RCPT > > from unknown[80.99.7.4]: 450 : Recipient address > > rejected: Domain not found; from= > > to= proto=ESMTP helo= > > This looks like a DNS problem. Are you running a cacheing DNS server on > this box? Postfix is rejecting with a temporary failure (450) as it is > having what it thinks could be a short term problem. I assume you have set > the next hop in the transport map file, have you done this using a name > record or IP address? i.e. in the file does it say: > > validdomain relay:internal.host > > or > > validdomain relay:[192.168.1.225] True ... assuming Seamus uses the transport map to do the routing... And not some kind of split-view-DNS with internal MX records for the respective domains... In which case this'd perhaps point to an DNS/MX problem for that domain. ... Then again, with the serious lack of sleep I'm labouring under, I might completely misstaken:-). > Just to make sure this isn't Postfix logging a slight red herring, can you > also let me know what you have under: > > smtpd_client_restrictions > smtpd_sender_restrictions > > in main.cf > > The other thing to check is the logs of the internal machine (Exchange?), > just in case there is anything obvious there. > > Drew > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From KGoods at AIAInsurance.com Fri Jun 29 16:18:29 2007 From: KGoods at AIAInsurance.com (Ken Goods) Date: Fri Jun 29 16:20:28 2007 Subject: Very long filenames? Message-ID: <13C0059880FDD3118DC600508B6D4A6D01C29470@aiainsurance.com> I received this notification this morning. Subject: Re: MessageID: l5TDre77020228 Quarantine: /var/spool/MailScanner/quarantine/20070629/l5TDre77020228 Report: MailScanner: Very long filenames are good signs of attacks against Microsoft e-mail packages (TCA2AR759CAY3E.jpg) I was just wondering how long is a *long* filename? This doesn't appear to be excessive as we commonly get Word documents that are much longer. I looked around but couldn't find the upper limit that triggers this rule. Thanks, Ken Ken Goods Network Administrator CropUSA Insurance, Inc. From a.peacock at chime.ucl.ac.uk Fri Jun 29 16:27:53 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Jun 29 16:27:57 2007 Subject: Very long filenames? In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D01C29470@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D01C29470@aiainsurance.com> Message-ID: <468524F9.6070704@chime.ucl.ac.uk> Ken Goods wrote: > I received this notification this morning. > > Subject: Re: > MessageID: l5TDre77020228 > Quarantine: /var/spool/MailScanner/quarantine/20070629/l5TDre77020228 > Report: MailScanner: Very long filenames are good signs of attacks against > Microsoft e-mail packages (TCA2AR759CAY3E.jpg) > > I was just wondering how long is a *long* filename? This doesn't appear to > be excessive as we commonly get Word documents that are much longer. I > looked around but couldn't find the upper limit that triggers this rule. In my config (filename.rules.conf) this is set as anything over 150 characters. MailScanner does some sanity editing of the filename before inserting it into the report, so the filename reported may not be exactly the same as the original filename. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "A CAT scan should take less time than a PET scan. For a CAT scan, they're only looking for one thing, whereas a PET scan could result in a lot of things." - Carl Princi, 2002/07/19 From glenn.steen at gmail.com Fri Jun 29 16:30:50 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 29 16:30:52 2007 Subject: Very long filenames? In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D01C29470@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D01C29470@aiainsurance.com> Message-ID: <223f97700706290830i3a07a4d0l581f45632d2b19ae@mail.gmail.com> On 29/06/07, Ken Goods wrote: > I received this notification this morning. > > Subject: Re: > MessageID: l5TDre77020228 > Quarantine: /var/spool/MailScanner/quarantine/20070629/l5TDre77020228 > Report: MailScanner: Very long filenames are good signs of attacks against > Microsoft e-mail packages (TCA2AR759CAY3E.jpg) > > I was just wondering how long is a *long* filename? This doesn't appear to > be excessive as we commonly get Word documents that are much longer. I > looked around but couldn't find the upper limit that triggers this rule. > > Thanks, > Ken You can see this in you filename.rules.conf file: deny .{150,} Very long filename, possible OE attack Very long filenames are good signs of attacks against Microsoft e-mail packages ... Which means 150 characters or more. The filename as displayed in the report has been "sanitised", for security reasons, so might look a bit ... confusing:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Fri Jun 29 16:30:49 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 29 16:33:27 2007 Subject: Very long filenames? In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D01C29470@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D01C29470@aiainsurance.com> Message-ID: <468525A9.8040600@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ken Goods wrote: > I received this notification this morning. > > Subject: Re: > MessageID: l5TDre77020228 > Quarantine: /var/spool/MailScanner/quarantine/20070629/l5TDre77020228 > Report: MailScanner: Very long filenames are good signs of attacks against > Microsoft e-mail packages (TCA2AR759CAY3E.jpg) > > I was just wondering how long is a *long* filename? This doesn't appear to > be excessive as we commonly get Word documents that are much longer. I > looked around but couldn't find the upper limit that triggers this rule. > The version you see in reports is the sanitised version of the filename. I don't ever output the original filename without sanitising it first. The original filename would have been a lot longer than this. The original filename could be used to attack either MailScanner or your email client. Imagine what happened if you had a long filename that contained MIME boundaries and headers in it? You could embed an entire virus in the filename of an attachment if you got it just right. That would be Very Bad. > Thanks, > Ken > > Ken Goods > Network Administrator > CropUSA Insurance, Inc. > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFGhSWqEfZZRxQVtlQRAnjuAKDjMj6/2Mi82Eo91q3lUaq5OfWEQQCgxlgq QHbvQ6+AyInFCLxlVsCV5sc= =xVco -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From tr at riq.qc.ca Fri Jun 29 16:39:06 2007 From: tr at riq.qc.ca (Thierry Robitaille) Date: Fri Jun 29 16:39:14 2007 Subject: virus not scan Message-ID: <4685279A.4090102@riq.qc.ca> Hi, We use MS 4.57.6 with sendmail 8.13.8 "clamav" not the "clamavmodule" 0.91rc2(+sanesecurity DB) + f-secure and SA 3.2.1 on a fedora core6. Everything up to date except MS. The emails contains the trojan hk url(agent.af or whatever it is call by others AV) are not always scanned (passthru by MS). The emails are tagged spam and are forward in a special mbox but not been pass to clamav. I can't use mailscanner in debug mode for now, I must let the server in prod. If I scan the mbox contain, clamav detect it like a charm with the use of sanesecurity DB with no particular option: shell>clamscan test (test is the mbox) ### test: Email.Spam.Gen635.Sanesecurity.07053007 FOUND ----------- SCAN SUMMARY ----------- Known viruses: 139610 Engine version: 0.91rc2 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 MB Time: 1.469 sec (0 m 1 s) ### I have in my mind that every emails are scan by the AV, are they? If not, how can I force it? He're a sample email that is not scan has virus but scan, tag and forward a spam. Thanks Troy -------------- next part -------------- A non-text attachment was scrubbed... Name: test.zip Type: application/octet-stream Size: 1019 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070629/0a2b8112/test.obj From richard.siddall at elirion.net Fri Jun 29 16:46:25 2007 From: richard.siddall at elirion.net (Richard Siddall) Date: Fri Jun 29 16:47:44 2007 Subject: Very long filenames? In-Reply-To: <468525A9.8040600@ecs.soton.ac.uk> References: <13C0059880FDD3118DC600508B6D4A6D01C29470@aiainsurance.com> <468525A9.8040600@ecs.soton.ac.uk> Message-ID: <46852951.20905@elirion.net> Julian Field wrote: > The version you see in reports is the sanitised version of the filename. > I don't ever output the original filename without sanitising it first. > The original filename would have been a lot longer than this. Julian, Could you change the report so that it tells people the file name displayed is not the full file name? Maybe instead of: > Very long filenames are good signs of attacks against Microsoft e-mail packages (~~~~~) something like: > Very long filenames are good signs of attacks against Microsoft e-mail packages (sanitized file name: ~~~~~~) This might make it easier for people to realize they're not looking at the full file name. Regards, Richard Siddall From coleman at boulder.nist.gov Fri Jun 29 19:50:13 2007 From: coleman at boulder.nist.gov (Sean Coleman) Date: Fri Jun 29 19:50:59 2007 Subject: Problems with install of ExtUtil::MakeMaker which comes with MailScanner Message-ID: I have been attempting to install MailScanner 4.59 on a RedHat AS 4 system running perl 5.8.5. I realize I can ignore all the errors produced by the compilation of MakeMaker and realize I don't need it since I have MakeMaker in my current perl but, I did figure out what caused the error. Setting PERL5LIB to perl -V | grep site_perl | tr -d ' ' | tr '\n' ':' causes the error. When I comment out the line, the build works fine. What was the intent to limit the perl library path using the PERL5LIB variable? When I ran the commands used to set PERL5LIB, I discovered that the variable included non path info such as: config_args='-des ....' /usr/lib I figured out that the definition of PERL5LIB needs one more grep added, grep -v config_args. If you define PERL5LIB as follows, all will compile PERL5LIB=`perl -V | grep site_perl | grep -v config_args | tr -d ' ' | tr '\n' ':' Thanks Sean Coleman From KGoods at AIAInsurance.com Fri Jun 29 19:58:42 2007 From: KGoods at AIAInsurance.com (Ken Goods) Date: Fri Jun 29 20:00:40 2007 Subject: Very long filenames? Message-ID: <13C0059880FDD3118DC600508B6D4A6D01C29474@aiainsurance.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Ken Goods wrote: >> I received this notification this morning. >> >> Subject: Re: >> MessageID: l5TDre77020228 >> Quarantine: /var/spool/MailScanner/quarantine/20070629/l5TDre77020228 >> Report: MailScanner: Very long filenames are good signs of attacks >> against Microsoft e-mail packages (TCA2AR759CAY3E.jpg) >> >> I was just wondering how long is a *long* filename? This doesn't >> appear to be excessive as we commonly get Word documents that are >> much longer. I looked around but couldn't find the upper limit that >> triggers this rule. >> > The version you see in reports is the sanitised version of the > filename. I don't ever output the original filename without > sanitising it first. The original filename would have been a lot > longer than this. > > The original filename could be used to attack either MailScanner or > your email client. Imagine what happened if you had a long filename > that contained MIME boundaries and headers in it? You could embed an > entire virus in the filename of an attachment if you got it just > right. That would be Very Bad. > >> Thanks, >> Ken >> >> Ken Goods >> Network Administrator >> CropUSA Insurance, Inc. >> > > Jules Thanks Anthony, Glenn, and Jules, I read this list religiously and once you guys answered I got the *whack* on the head that reminded me that this has been addressed before. I really appreciate the demeanor of this list... I should have been drawn and quartered... :) Been a tough week... :) Thanks again to all and kind regards, Ken Ken Goods Network Administrator CropUSA Insurance, Inc. From pablo at lacnic.net Fri Jun 29 20:54:48 2007 From: pablo at lacnic.net (Pablo Allietti) Date: Fri Jun 29 20:42:43 2007 Subject: Freebsd 6 and mailscanner port Message-ID: <20070629195448.GA52188@micron.lacnic.net.uy> Hi all i have a problem installing the freebsd 6 port of mailscanner. the error is that x MailScanner-4.60.8/www/ x MailScanner-4.60.8/www/README ===> Patching for MailScanner-4.60.8_2 ===> MailScanner-4.60.8_2 depends on file: /usr/local/bin/perl5.8.8 - found ===> Applying FreeBSD patches for MailScanner-4.60.8_2 2 out of 12 hunks failed--saving rejects to lib/MailScanner/Message.pm.rej => Patch patch-lib-MailScanner-Message.pm failed to apply cleanly. => Patch(es) patch-bin-cron-sa-update.cron patch-bin-cron-update_phishing_sites.cron patch-bin-cron-update_virus_scanners.cron applied cleanly. *** Error code 1 Stop in /usr/ports/mail/mailscanner. *** Error code 1 Stop in /usr/ports/mail/mailscanner. And in the file .rej i have *************** *** 2,8 **** # MailScanner - SMTP E-Mail Virus Scanner # Copyright (C) 2002 Julian Field # - # $Id: patch-lib-MailScanner-Message.pm,v 1.1 2007/06/04 20:52:13 miwi Exp $ # # This program is free software; you can redistribute it and/or # modify # it under the terms of the GNU General Public License as published # by --- 2,8 ---- # MailScanner - SMTP E-Mail Virus Scanner # Copyright (C) 2002 Julian Field # + # $Id: patch-lib-MailScanner-Message.pm,v 1.1 2007/06/04 20:52:13 miwi Exp $ # # This program is free software; you can redistribute it and/or # modify # it under the terms of the GNU General Public License as published # by *************** *** 57,63 **** use vars qw($VERSION); ### The package version, both in 1.23 style *and* usable by MakeMaker: - $VERSION = substr q$Revision: 1.1 $, 10; # Attributes are # --- 57,63 ---- use vars qw($VERSION); ### The package version, both in 1.23 style *and* usable by MakeMaker: + $VERSION = substr q$Revision: 1.1 $, 10; # Attributes are # any help??? thanks -- .- Pablo Allietti E-mail: pablo@lacnic.net | LACNIC Phone : +598 2 6042222 | http://LACNIC.NET From MailScanner at ecs.soton.ac.uk Fri Jun 29 20:47:46 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 29 20:50:18 2007 Subject: Problems with install of ExtUtil::MakeMaker which comes with MailScanner In-Reply-To: References: Message-ID: <468561E2.4080405@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well spotted. I have added it and it will be in the next release. Sean Coleman wrote: > I have been attempting to install MailScanner 4.59 on a RedHat AS 4 > system running perl 5.8.5. I realize I can ignore all the errors > produced by the compilation of MakeMaker and realize I don't need it > since I have MakeMaker in my current perl but, I did figure out what > caused the error. Setting PERL5LIB to perl -V | grep site_perl | tr -d > ' ' | tr '\n' ':' causes the error. When I comment out the line, the > build > works fine. What was the intent to limit the perl library path using > the PERL5LIB variable? When I ran the commands used to set PERL5LIB, I > discovered that the variable included non path info such as: > > config_args='-des ....' > /usr/lib > > I figured out that the definition of PERL5LIB needs one more grep > added, grep -v config_args. > > If you define PERL5LIB as follows, all will compile > > PERL5LIB=`perl -V | grep site_perl | grep -v config_args | tr -d ' ' | > tr '\n' ':' > > Thanks > > Sean Coleman > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFGhWHjEfZZRxQVtlQRAtgSAKCbZAJfhP4QiXqVzmD2NI+Vnyad2ACgxLRD w2m38YaoKAoa3d2okCiZTTg= =Xzkr -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Fri Jun 29 20:50:32 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 29 20:53:58 2007 Subject: Freebsd 6 and mailscanner port In-Reply-To: <20070629195448.GA52188@micron.lacnic.net.uy> References: <20070629195448.GA52188@micron.lacnic.net.uy> Message-ID: <46856288.4030409@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The bits that failed have no effect. So if you can get it to apply the patch and ignore the error, you will still have a working system. Pablo Allietti wrote: > Hi all i have a problem installing the freebsd 6 port of mailscanner. > the error is that > > > x MailScanner-4.60.8/www/ > x MailScanner-4.60.8/www/README > ===> Patching for MailScanner-4.60.8_2 > ===> MailScanner-4.60.8_2 depends on file: /usr/local/bin/perl5.8.8 - > found > ===> Applying FreeBSD patches for MailScanner-4.60.8_2 > 2 out of 12 hunks failed--saving rejects to > lib/MailScanner/Message.pm.rej > => Patch patch-lib-MailScanner-Message.pm failed to apply cleanly. > => Patch(es) patch-bin-cron-sa-update.cron > patch-bin-cron-update_phishing_sites.cron > patch-bin-cron-update_virus_scanners.cron applied cleanly. > *** Error code 1 > > Stop in /usr/ports/mail/mailscanner. > *** Error code 1 > > Stop in /usr/ports/mail/mailscanner. > > > > > And in the file .rej i have > > *************** > *** 2,8 **** > # MailScanner - SMTP E-Mail Virus Scanner > # Copyright (C) 2002 Julian Field > # > - # $Id: patch-lib-MailScanner-Message.pm,v 1.1 2007/06/04 20:52:13 > miwi Exp $ > # > # This program is free software; you can redistribute it and/or > # modify > # it under the terms of the GNU General Public License as published > # by > --- 2,8 ---- > # MailScanner - SMTP E-Mail Virus Scanner > # Copyright (C) 2002 Julian Field > # > + # $Id: patch-lib-MailScanner-Message.pm,v 1.1 2007/06/04 20:52:13 > miwi Exp $ > # > # This program is free software; you can redistribute it and/or > # modify > # it under the terms of the GNU General Public License as published > # by > *************** > *** 57,63 **** > use vars qw($VERSION); > > ### The package version, both in 1.23 style *and* usable by MakeMaker: > - $VERSION = substr q$Revision: 1.1 $, 10; > > # Attributes are > # > --- 57,63 ---- > use vars qw($VERSION); > > ### The package version, both in 1.23 style *and* usable by MakeMaker: > + $VERSION = substr q$Revision: 1.1 $, 10; > > # Attributes are > # > > > > any help??? thanks > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFGhWKJEfZZRxQVtlQRAuVoAKD0d/oJmcinL9ezraXBQrWp/XvdqwCfbB9/ aAcJtKQlvpKc9zAs1kLEYLE= =DUcD -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From tr at riq.qc.ca Fri Jun 29 20:54:49 2007 From: tr at riq.qc.ca (Thierry Robitaille) Date: Fri Jun 29 20:54:49 2007 Subject: R: virus not scan Message-ID: <46856389.6000400@riq.qc.ca> Hi, OK, sorry, I find the thread on this problem from May 2007 mailing list archive. Thanks Troy From cabrera at hyettemail.com Fri Jun 29 21:00:18 2007 From: cabrera at hyettemail.com (Manuel Cabrera Caballero) Date: Fri Jun 29 21:00:37 2007 Subject: mailscanner + mailwatch Message-ID: <468564D2.4030808@hyettemail.com> Hi people, I have any setup of MailScanner-4.61.6-1 + MailWatch 1.04 + Postfix. With Postfix + mailscanner I send and received emails ok but MailWatch not showing mails to me. My setup is: Centos 5 Postfix-2.2.10-1-mysql Spamassassin 3.2.1 MailScanner-4.61.6-1 Clamav-0-90-3 MailWatch 1.04 PHP 5.1.6 Mysql 5.0.22 DBD::mysql 4.005 I install according to howto of the site of mailwatch but even so nonprofit that works. Any help,excuse me my poor english. From hvdkooij at vanderkooij.org Fri Jun 29 21:16:34 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Jun 29 21:17:35 2007 Subject: mailscanner + mailwatch In-Reply-To: <468564D2.4030808@hyettemail.com> References: <468564D2.4030808@hyettemail.com> Message-ID: On Fri, 29 Jun 2007, Manuel Cabrera Caballero wrote: > I have any setup of MailScanner-4.61.6-1 + MailWatch 1.04 + Postfix. > With Postfix + mailscanner I send and received emails ok but MailWatch not > showing mails to me. If the syslog logging seems to be OK I suggest you check the MailWatch mailinglist archives for common causes. If you have checked and tested them and it still fails to log anything in mailwatch send a detailed description to the mailwatch mailinglist and include the exact syslog for a message, steps taken to check and remedy the situation, ..... Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From glenn.steen at gmail.com Fri Jun 29 21:20:30 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jun 29 21:20:32 2007 Subject: Problems with install of ExtUtil::MakeMaker which comes with MailScanner In-Reply-To: <468561E2.4080405@ecs.soton.ac.uk> References: <468561E2.4080405@ecs.soton.ac.uk> Message-ID: <223f97700706291320i271283f2s231fbd1b32f1cb44@mail.gmail.com> On 29/06/07, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Well spotted. I have added it and it will be in the next release. Might this be the case for the rest of the "no build" ones? there were a handful of those, mostly either things that didn't matter (already had a version that newer/new enough)... Yeah, had to do an emergency rebuild yesterday evening/night... didn't have time to take any notes, so can't really say which it was... Built on Mdv -07.0. Since I'm officially on vacation now,i can't be more precise than that for a few weeks;-). Cheers -- Glenn > Sean Coleman wrote: > > I have been attempting to install MailScanner 4.59 on a RedHat AS 4 > > system running perl 5.8.5. I realize I can ignore all the errors > > produced by the compilation of MakeMaker and realize I don't need it > > since I have MakeMaker in my current perl but, I did figure out what > > caused the error. Setting PERL5LIB to perl -V | grep site_perl | tr -d > > ' ' | tr '\n' ':' causes the error. When I comment out the line, the > > build > > works fine. What was the intent to limit the perl library path using > > the PERL5LIB variable? When I ran the commands used to set PERL5LIB, I > > discovered that the variable included non path info such as: > > > > config_args='-des ....' > > /usr/lib > > > > I figured out that the definition of PERL5LIB needs one more grep > > added, grep -v config_args. > > > > If you define PERL5LIB as follows, all will compile > > > > PERL5LIB=`perl -V | grep site_perl | grep -v config_args | tr -d ' ' | > > tr '\n' ':' > > > > Thanks > > > > Sean Coleman > > > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.2 (Build 2014) > Charset: ISO-8859-1 > > wj8DBQFGhWHjEfZZRxQVtlQRAtgSAKCbZAJfhP4QiXqVzmD2NI+Vnyad2ACgxLRD > w2m38YaoKAoa3d2okCiZTTg= > =Xzkr > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mailscanner at slackadelic.com Fri Jun 29 21:21:15 2007 From: mailscanner at slackadelic.com (Matt Hayes) Date: Fri Jun 29 21:21:23 2007 Subject: mailscanner + mailwatch In-Reply-To: References: <468564D2.4030808@hyettemail.com> Message-ID: <468569BB.9040101@slackadelic.com> Hugo van der Kooij wrote: > On Fri, 29 Jun 2007, Manuel Cabrera Caballero wrote: > >> I have any setup of MailScanner-4.61.6-1 + MailWatch 1.04 + Postfix. >> With Postfix + mailscanner I send and received emails ok but MailWatch >> not showing mails to me. > > If the syslog logging seems to be OK I suggest you check the MailWatch > mailinglist archives for common causes. > > If you have checked and tested them and it still fails to log anything > in mailwatch send a detailed description to the mailwatch mailinglist > and include the exact syslog for a message, steps taken to check and > remedy the situation, ..... > > Hugo. > On top of what Hugo suggested, I would highly recommended looking at your web server logs and mail logs closely. They do reveal quite a bit of information most of the time as to what the cause can be. -Matt From pablo at lacnic.net Fri Jun 29 21:34:54 2007 From: pablo at lacnic.net (Pablo Allietti) Date: Fri Jun 29 21:22:50 2007 Subject: Freebsd 6 and mailscanner port In-Reply-To: <46856288.4030409@ecs.soton.ac.uk> References: <20070629195448.GA52188@micron.lacnic.net.uy> <46856288.4030409@ecs.soton.ac.uk> Message-ID: <20070629203454.GB52188@micron.lacnic.net.uy> On Fri, Jun 29, 2007 at 08:50:32PM +0100, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > The bits that failed have no effect. So if you can get it to apply the > patch and ignore the error, you will still have a working system. mmmm, and a extra help to do that?? :) > > Pablo Allietti wrote: > > Hi all i have a problem installing the freebsd 6 port of mailscanner. > > the error is that > > > > > > x MailScanner-4.60.8/www/ > > x MailScanner-4.60.8/www/README > > ===> Patching for MailScanner-4.60.8_2 > > ===> MailScanner-4.60.8_2 depends on file: /usr/local/bin/perl5.8.8 - > > found > > ===> Applying FreeBSD patches for MailScanner-4.60.8_2 > > 2 out of 12 hunks failed--saving rejects to > > lib/MailScanner/Message.pm.rej > > => Patch patch-lib-MailScanner-Message.pm failed to apply cleanly. > > => Patch(es) patch-bin-cron-sa-update.cron > > patch-bin-cron-update_phishing_sites.cron > > patch-bin-cron-update_virus_scanners.cron applied cleanly. > > *** Error code 1 > > > > Stop in /usr/ports/mail/mailscanner. > > *** Error code 1 > > > > Stop in /usr/ports/mail/mailscanner. > > > > > > > > > > And in the file .rej i have > > > > *************** > > *** 2,8 **** > > # MailScanner - SMTP E-Mail Virus Scanner > > # Copyright (C) 2002 Julian Field > > # > > - # $Id: patch-lib-MailScanner-Message.pm,v 1.1 2007/06/04 20:52:13 > > miwi Exp $ > > # > > # This program is free software; you can redistribute it and/or > > # modify > > # it under the terms of the GNU General Public License as published > > # by > > --- 2,8 ---- > > # MailScanner - SMTP E-Mail Virus Scanner > > # Copyright (C) 2002 Julian Field > > # > > + # $Id: patch-lib-MailScanner-Message.pm,v 1.1 2007/06/04 20:52:13 > > miwi Exp $ > > # > > # This program is free software; you can redistribute it and/or > > # modify > > # it under the terms of the GNU General Public License as published > > # by > > *************** > > *** 57,63 **** > > use vars qw($VERSION); > > > > ### The package version, both in 1.23 style *and* usable by MakeMaker: > > - $VERSION = substr q$Revision: 1.1 $, 10; > > > > # Attributes are > > # > > --- 57,63 ---- > > use vars qw($VERSION); > > > > ### The package version, both in 1.23 style *and* usable by MakeMaker: > > + $VERSION = substr q$Revision: 1.1 $, 10; > > > > # Attributes are > > # > > > > > > > > any help??? thanks > > > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.2 (Build 2014) > Charset: ISO-8859-1 > > wj8DBQFGhWKJEfZZRxQVtlQRAuVoAKD0d/oJmcinL9ezraXBQrWp/XvdqwCfbB9/ > aAcJtKQlvpKc9zAs1kLEYLE= > =DUcD > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ---end quoted text--- -- .- Pablo Allietti E-mail: pablo@lacnic.net | LACNIC Phone : +598 2 6042222 | http://LACNIC.NET From MailScanner at ecs.soton.ac.uk Fri Jun 29 21:30:59 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jun 29 21:33:37 2007 Subject: Freebsd 6 and mailscanner port In-Reply-To: <20070629203454.GB52188@micron.lacnic.net.uy> References: <20070629195448.GA52188@micron.lacnic.net.uy> <46856288.4030409@ecs.soton.ac.uk> <20070629203454.GB52188@micron.lacnic.net.uy> Message-ID: <46856C03.7020704@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pablo Allietti wrote: > On Fri, Jun 29, 2007 at 08:50:32PM +0100, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> The bits that failed have no effect. So if you can get it to apply the >> patch and ignore the error, you will still have a working system. >> > > mmmm, and a extra help to do that?? :) > Sorry, I'm not a *BSD user. Maybe the ports system has some "force" option or something? > > >> Pablo Allietti wrote: >> >>> Hi all i have a problem installing the freebsd 6 port of mailscanner. >>> the error is that >>> >>> >>> x MailScanner-4.60.8/www/ >>> x MailScanner-4.60.8/www/README >>> ===> Patching for MailScanner-4.60.8_2 >>> ===> MailScanner-4.60.8_2 depends on file: /usr/local/bin/perl5.8.8 - >>> found >>> ===> Applying FreeBSD patches for MailScanner-4.60.8_2 >>> 2 out of 12 hunks failed--saving rejects to >>> lib/MailScanner/Message.pm.rej >>> => Patch patch-lib-MailScanner-Message.pm failed to apply cleanly. >>> => Patch(es) patch-bin-cron-sa-update.cron >>> patch-bin-cron-update_phishing_sites.cron >>> patch-bin-cron-update_virus_scanners.cron applied cleanly. >>> *** Error code 1 >>> >>> Stop in /usr/ports/mail/mailscanner. >>> *** Error code 1 >>> >>> Stop in /usr/ports/mail/mailscanner. >>> >>> >>> >>> >>> And in the file .rej i have >>> >>> *************** >>> *** 2,8 **** >>> # MailScanner - SMTP E-Mail Virus Scanner >>> # Copyright (C) 2002 Julian Field >>> # >>> - # $Id: patch-lib-MailScanner-Message.pm,v 1.1 2007/06/04 20:52:13 >>> miwi Exp $ >>> # >>> # This program is free software; you can redistribute it and/or >>> # modify >>> # it under the terms of the GNU General Public License as published >>> # by >>> --- 2,8 ---- >>> # MailScanner - SMTP E-Mail Virus Scanner >>> # Copyright (C) 2002 Julian Field >>> # >>> + # $Id: patch-lib-MailScanner-Message.pm,v 1.1 2007/06/04 20:52:13 >>> miwi Exp $ >>> # >>> # This program is free software; you can redistribute it and/or >>> # modify >>> # it under the terms of the GNU General Public License as published >>> # by >>> *************** >>> *** 57,63 **** >>> use vars qw($VERSION); >>> >>> ### The package version, both in 1.23 style *and* usable by MakeMaker: >>> - $VERSION = substr q$Revision: 1.1 $, 10; >>> >>> # Attributes are >>> # >>> --- 57,63 ---- >>> use vars qw($VERSION); >>> >>> ### The package version, both in 1.23 style *and* usable by MakeMaker: >>> + $VERSION = substr q$Revision: 1.1 $, 10; >>> >>> # Attributes are >>> # >>> >>> >>> >>> any help??? thanks >>> >>> >> Jules >> >> - -- >> Julian Field MEng CITP >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> For all your IT requirements visit www.transtec.co.uk >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.6.2 (Build 2014) >> Charset: ISO-8859-1 >> >> wj8DBQFGhWKJEfZZRxQVtlQRAuVoAKD0d/oJmcinL9ezraXBQrWp/XvdqwCfbB9/ >> aAcJtKQlvpKc9zAs1kLEYLE= >> =DUcD >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> For all your IT requirements visit www.transtec.co.uk >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > ---end quoted text--- > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFGhWwEEfZZRxQVtlQRAk8QAJwKKbNdf/n1vfGJCCRfdl+MaUy53wCg/c40 USCy2QyuL8CE4H0pXVPv1xU= =hKB4 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From derek at csolve.net Fri Jun 29 21:42:45 2007 From: derek at csolve.net (Derek Buttineau) Date: Fri Jun 29 21:43:07 2007 Subject: Freebsd 6 and mailscanner port In-Reply-To: <20070629195448.GA52188@micron.lacnic.net.uy> References: <20070629195448.GA52188@micron.lacnic.net.uy> Message-ID: <7A5B4051-E836-487A-8E5A-F42DD77820F9@csolve.net> On 2007-Jun-29, at 3:54 PM, Pablo Allietti wrote: > Hi all i have a problem installing the freebsd 6 port of mailscanner. > the error is that Have you tried doing a make clean and then trying the install again? I'm running the MailScanner-4.60.8_2 port on FreeBSD 6.2 without issue here. -- Regards, Derek Buttineau Internet Systems Developer Compu-SOLVE Internet Services Compu-SOLVE Technologies, Inc Phone: 705-725-1212 x255 E-Mail: derek@csolve.net From cabrera at hyettemail.com Fri Jun 29 23:01:25 2007 From: cabrera at hyettemail.com (Manuel Cabrera Caballero) Date: Fri Jun 29 23:01:45 2007 Subject: mailscanner + mailwatch In-Reply-To: <468569BB.9040101@slackadelic.com> References: <468564D2.4030808@hyettemail.com> <468569BB.9040101@slackadelic.com> Message-ID: <46858135.6020602@hyettemail.com> Ok, I am going to write to the mailwatch mailinglist by aid, there post from guys who say to have it working, but nobody says like. In my logs no find error. Thanks Matt Hayes wrote: > Hugo van der Kooij wrote: >> On Fri, 29 Jun 2007, Manuel Cabrera Caballero wrote: >> >>> I have any setup of MailScanner-4.61.6-1 + MailWatch 1.04 + Postfix. >>> With Postfix + mailscanner I send and received emails ok but >>> MailWatch not showing mails to me. >> >> If the syslog logging seems to be OK I suggest you check the MailWatch >> mailinglist archives for common causes. >> >> If you have checked and tested them and it still fails to log anything >> in mailwatch send a detailed description to the mailwatch mailinglist >> and include the exact syslog for a message, steps taken to check and >> remedy the situation, ..... >> >> Hugo. >> > > On top of what Hugo suggested, I would highly recommended looking at > your web server logs and mail logs closely. They do reveal quite a bit > of information most of the time as to what the cause can be. > > -Matt > > From cabrera at hyettemail.com Fri Jun 29 23:03:06 2007 From: cabrera at hyettemail.com (Manuel Cabrera Caballero) Date: Fri Jun 29 23:03:28 2007 Subject: mailscanner + mailwatch In-Reply-To: <468569BB.9040101@slackadelic.com> References: <468564D2.4030808@hyettemail.com> <468569BB.9040101@slackadelic.com> Message-ID: <4685819A.6050900@hyettemail.com> Hi, one forgot to me, I have a server with sendmail + mailscanner + mailwatch and if it works ok. Matt Hayes wrote: > Hugo van der Kooij wrote: >> On Fri, 29 Jun 2007, Manuel Cabrera Caballero wrote: >> >>> I have any setup of MailScanner-4.61.6-1 + MailWatch 1.04 + Postfix. >>> With Postfix + mailscanner I send and received emails ok but >>> MailWatch not showing mails to me. >> >> If the syslog logging seems to be OK I suggest you check the MailWatch >> mailinglist archives for common causes. >> >> If you have checked and tested them and it still fails to log anything >> in mailwatch send a detailed description to the mailwatch mailinglist >> and include the exact syslog for a message, steps taken to check and >> remedy the situation, ..... >> >> Hugo. >> > > On top of what Hugo suggested, I would highly recommended looking at > your web server logs and mail logs closely. They do reveal quite a bit > of information most of the time as to what the cause can be. > > -Matt > > From ssilva at sgvwater.com Fri Jun 29 23:22:31 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 29 23:22:53 2007 Subject: virus not scan In-Reply-To: <4685279A.4090102@riq.qc.ca> References: <4685279A.4090102@riq.qc.ca> Message-ID: Thierry Robitaille spake the following on 6/29/2007 8:39 AM: > Hi, > > We use MS 4.57.6 with sendmail 8.13.8 "clamav" not the "clamavmodule" > 0.91rc2(+sanesecurity DB) + f-secure and SA 3.2.1 on a fedora core6. > > Everything up to date except MS. > > The emails contains the trojan hk url(agent.af or whatever it is call by > others AV) are not always scanned (passthru by MS). > The emails are tagged spam and are forward in a special mbox but not > been pass to clamav. > > I can't use mailscanner in debug mode for now, I must let the server in > prod. > > If I scan the mbox contain, clamav detect it like a charm with the use > of sanesecurity DB with no particular option: > shell>clamscan test (test is the mbox) > ### > test: Email.Spam.Gen635.Sanesecurity.07053007 FOUND > MailScanner does not scan spam for viruses unless you set the option "Keep Spam And MCP Archive Clean = yes" -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Fri Jun 29 23:31:51 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jun 29 23:32:04 2007 Subject: Problems with install of ExtUtil::MakeMaker which comes with MailScanner In-Reply-To: <223f97700706291320i271283f2s231fbd1b32f1cb44@mail.gmail.com> References: <468561E2.4080405@ecs.soton.ac.uk> <223f97700706291320i271283f2s231fbd1b32f1cb44@mail.gmail.com> Message-ID: Glenn Steen spake the following on 6/29/2007 1:20 PM: > On 29/06/07, Julian Field wrote: > Well spotted. I have added it and it will be in the next release. >> Might this be the case for the rest of the "no build" ones? there were >> a handful of those, mostly either things that didn't matter (already >> had a version that newer/new enough)... Yeah, had to do an emergency >> rebuild yesterday evening/night... didn't have time to take any notes, >> so can't really say which it was... Built on Mdv -07.0. >> Since I'm officially on vacation now,i can't be more precise than that >> for a few weeks;-). > >> Cheers >> -- Glenn > Sean Coleman wrote: >> I have been attempting to install MailScanner 4.59 on a RedHat AS 4 >> system running perl 5.8.5. I realize I can ignore all the errors >> produced by the compilation of MakeMaker and realize I don't need it >> since I have MakeMaker in my current perl but, I did figure out what >> caused the error. Setting PERL5LIB to perl -V | grep site_perl | tr -d >> ' ' | tr '\n' ':' causes the error. When I comment out the line, the >> build >> works fine. What was the intent to limit the perl library path using >> the PERL5LIB variable? When I ran the commands used to set PERL5LIB, I >> discovered that the variable included non path info such as: > >> config_args='-des ....' >> /usr/lib > >> I figured out that the definition of PERL5LIB needs one more grep >> added, grep -v config_args. > >> If you define PERL5LIB as follows, all will compile > >> PERL5LIB=`perl -V | grep site_perl | grep -v config_args | tr -d ' ' | >> tr '\n' ':' > >> Thanks > >> Sean Coleman > > > Jules > Happy vacation to you, Glenn! I am also off in an hour and a half, but only taking a week. I'll tip a few in your general direction!! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From jpenix at binarytribe.com Sat Jun 30 00:02:57 2007 From: jpenix at binarytribe.com (Joshua Penix) Date: Sat Jun 30 00:05:20 2007 Subject: List of Perl required/optional for MailScanner? Message-ID: <4D97FA17-C997-4D31-A046-E9179512F65D@binarytribe.com> Is there a list anywhere of the Perl modules (and versions?) of Perl modules actually *required* for MailScanner, and then secondarily ones that are optional but enable extra functionality? I couldn't find anything on the wiki. I'm trying to do some work on documenting a clean but complete installation of MailScanner on RedHat Enterprise, as I'm not satisfied with the installer's method of bashing RPMs into place. I saw the recent thread on yum installation where Julian made a meta- package, but I noticed that the dependency list in that meta-package didn't line up with the RPMs included in the regular installer. In detail, the meta-package lists the following as dependencies (in addition to the core Perl and Mailscanner): tnef >= 1.1.1 perl-MIME-tools >= 5.412, perl-MIME-Base64 perl-Archive-Zip perl-Compress-Zlib perl-Convert-BinHex perl-Convert-TNEF perl-DBD-SQLite perl-DBI perl-Filesys-Df perl-File-Temp perl-Getopt-Long perl-IO-stringy perl-HTML-Parser perl-HTML-Tagset perl-MailTools perl-Net-CIDR perl-Net-IP perl-Sys-Hostname-Long perl-Sys-Syslog perl-TimeDate perl-Time-HiRes Only MIME-tools has a version number attached, and comparing to the list of RPMs included in the full install package it's missing: ExtUtils::MakeMaker File::Spec Scalar::Util Storable Test::Harness Test::Simple Math::BigInt Math::BigRat Without poring over the actual MailScanner code, I really am in the dark about which modules and versions are necessary and why. If people could help shed light on this, I'd be more than happy to put together a page for the wiki showing the info I collect. I'm picturing something similar to what the SpamAssassin build process outputs, where it detects availability of modules and then explains why you might want (or need) a particular module. We don't necessarily need that info in the installer itself, but having it on the wiki would help clear things up for people anal about their Perl setups. -- Joshua Penix http://www.binarytribe.com Binary Tribe Linux Integration Services & Network Consulting From pablo at lacnic.net Sat Jun 30 00:50:20 2007 From: pablo at lacnic.net (Pablo Allietti) Date: Sat Jun 30 00:38:12 2007 Subject: Freebsd 6 and mailscanner port In-Reply-To: <7A5B4051-E836-487A-8E5A-F42DD77820F9@csolve.net> References: <20070629195448.GA52188@micron.lacnic.net.uy> <7A5B4051-E836-487A-8E5A-F42DD77820F9@csolve.net> Message-ID: <20070629235020.GA69756@micron.lacnic.net.uy> On Fri, Jun 29, 2007 at 04:42:45PM -0400, Derek Buttineau wrote: > On 2007-Jun-29, at 3:54 PM, Pablo Allietti wrote: > > >Hi all i have a problem installing the freebsd 6 port of mailscanner. > >the error is that > > Have you tried doing a make clean and then trying the install again? > > I'm running the MailScanner-4.60.8_2 port on FreeBSD 6.2 without > issue here. yep, i made a make clean without results... my system is a freebsd 6.2 too .. i have install spamassassin before mailscanner and clamav maybe that is the problem? i dont know... im really lost with this.. if you have any advise please help me ... > > -- > Regards, > > Derek Buttineau > Internet Systems Developer > Compu-SOLVE Internet Services > Compu-SOLVE Technologies, Inc > > Phone: 705-725-1212 x255 > E-Mail: derek@csolve.net > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ---end quoted text--- -- .- Pablo Allietti E-mail: pablo@lacnic.net | LACNIC Phone : +598 2 6042222 | http://LACNIC.NET From jan-peter at koopmann.eu Sat Jun 30 09:17:38 2007 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Sat Jun 30 09:17:09 2007 Subject: Freebsd 6 and mailscanner port In-Reply-To: References: <20070629195448.GA52188@micron.lacnic.net.uy><7A5B4051-E836-487A-8E5A-F42DD77820F9@csolve.net> Message-ID: > yep, i made a make clean without results... > my system is a freebsd 6.2 too .. And you are sure you have the current port version? Because those patches failing is impossible (theoretically)... From glenn.steen at gmail.com Sat Jun 30 09:21:27 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Jun 30 09:21:29 2007 Subject: virus not scan In-Reply-To: References: <4685279A.4090102@riq.qc.ca> Message-ID: <223f97700706300121w3d58848ci2cd763dfa9fee614@mail.gmail.com> On 30/06/07, Scott Silva wrote: > Thierry Robitaille spake the following on 6/29/2007 8:39 AM: > > Hi, > > > > We use MS 4.57.6 with sendmail 8.13.8 "clamav" not the "clamavmodule" > > 0.91rc2(+sanesecurity DB) + f-secure and SA 3.2.1 on a fedora core6. > > > > Everything up to date except MS. > > > > The emails contains the trojan hk url(agent.af or whatever it is call by > > others AV) are not always scanned (passthru by MS). > > The emails are tagged spam and are forward in a special mbox but not > > been pass to clamav. > > > > I can't use mailscanner in debug mode for now, I must let the server in > > prod. > > > > If I scan the mbox contain, clamav detect it like a charm with the use > > of sanesecurity DB with no particular option: > > shell>clamscan test (test is the mbox) > > ### > > test: Email.Spam.Gen635.Sanesecurity.07053007 FOUND > > > MailScanner does not scan spam for viruses unless you set the option > "Keep Spam And MCP Archive Clean = yes" Other way around Scott.... But you know that;-)... Easy on the friday beverages....:-D -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sat Jun 30 09:25:36 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Jun 30 09:25:38 2007 Subject: Problems with install of ExtUtil::MakeMaker which comes with MailScanner In-Reply-To: References: <468561E2.4080405@ecs.soton.ac.uk> <223f97700706291320i271283f2s231fbd1b32f1cb44@mail.gmail.com> Message-ID: <223f97700706300125j14f63b9bu7f2e3dab39ad91ec@mail.gmail.com> On 30/06/07, Scott Silva wrote: > Glenn Steen spake the following on 6/29/2007 1:20 PM: > > On 29/06/07, Julian Field wrote: > > Well spotted. I have added it and it will be in the next release. > >> Might this be the case for the rest of the "no build" ones? there were > >> a handful of those, mostly either things that didn't matter (already > >> had a version that newer/new enough)... Yeah, had to do an emergency > >> rebuild yesterday evening/night... didn't have time to take any notes, > >> so can't really say which it was... Built on Mdv -07.0. > >> Since I'm officially on vacation now,i can't be more precise than that > >> for a few weeks;-). > > > >> Cheers > >> -- Glenn > > Sean Coleman wrote: > >> I have been attempting to install MailScanner 4.59 on a RedHat AS 4 > >> system running perl 5.8.5. I realize I can ignore all the errors > >> produced by the compilation of MakeMaker and realize I don't need it > >> since I have MakeMaker in my current perl but, I did figure out what > >> caused the error. Setting PERL5LIB to perl -V | grep site_perl | tr -d > >> ' ' | tr '\n' ':' causes the error. When I comment out the line, the > >> build > >> works fine. What was the intent to limit the perl library path using > >> the PERL5LIB variable? When I ran the commands used to set PERL5LIB, I > >> discovered that the variable included non path info such as: > > > >> config_args='-des ....' > >> /usr/lib > > > >> I figured out that the definition of PERL5LIB needs one more grep > >> added, grep -v config_args. > > > >> If you define PERL5LIB as follows, all will compile > > > >> PERL5LIB=`perl -V | grep site_perl | grep -v config_args | tr -d ' ' | > >> tr '\n' ':' > > > >> Thanks > > > >> Sean Coleman > > > > > > Jules > > > Happy vacation to you, Glenn! I am also off in an hour and a half, but only > taking a week. I'll tip a few in your general direction!! Have a fabulous one, you too! Don't bring the lappy and phone;-) (Tempting censorship-by-Hugo, I'll likewise tip a few in your general direction:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mikael at syska.dk Sat Jun 30 13:21:09 2007 From: mikael at syska.dk (Mikael Syska) Date: Sat Jun 30 13:20:56 2007 Subject: Freebsd 6 and mailscanner port In-Reply-To: <20070629235020.GA69756@micron.lacnic.net.uy> References: <20070629195448.GA52188@micron.lacnic.net.uy> <7A5B4051-E836-487A-8E5A-F42DD77820F9@csolve.net> <20070629235020.GA69756@micron.lacnic.net.uy> Message-ID: <46864AB5.80005@syska.dk> Pablo Allietti wrote: > On Fri, Jun 29, 2007 at 04:42:45PM -0400, Derek Buttineau wrote: > >> On 2007-Jun-29, at 3:54 PM, Pablo Allietti wrote: >> >> >>> Hi all i have a problem installing the freebsd 6 port of mailscanner. >>> the error is that >>> >> Have you tried doing a make clean and then trying the install again? >> >> I'm running the MailScanner-4.60.8_2 port on FreeBSD 6.2 without >> issue here. >> > > yep, i made a make clean without results... > my system is a freebsd 6.2 too .. > > i have install spamassassin before mailscanner and clamav maybe that is > the problem? i dont know... im really lost with this.. > if you have any advise please help me ... > You must be missing something ... also running 4.60.8 with FreeBSD 6.2 ... with no problems ... and I havent found a problem yet with the port in freebsd. In a few days I will setup a new system, and hopefully I wont have that problem ... // Mikael Syska From hvdkooij at vanderkooij.org Sat Jun 30 14:00:42 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Jun 30 14:01:38 2007 Subject: Fake User-Agent on PDF Message-ID: Hi, So far all SPAM PDF files that did not get killed on other issues seem to use a fake User-Agent header: User-Agent: Thunderbird 1.5.0.12 (Windows/20070509) According to http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.12.html the release date is impossible however. I have not written a SA rule (yet). I wrote a detectline in my header checks of postfix: /^User-Agent: Thunderbird 1.5.0.12 \(Windows/20070509\)/ REJECT This is a fake version of Thunderbird Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From hvdkooij at vanderkooij.org Sat Jun 30 14:07:37 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Jun 30 14:08:33 2007 Subject: Kaspersky 5.0 hangup on Packed PE_Patch.NSAnti Message-ID: Hi, I have over a dozen samples that can make Kaspersky v5.0 on Linux hang up on itself. You get the log line reporting it is packed like: Packed PE_Patch.NSAnti But then kavscanner will keep consuming CPU cycles and never finish the job. Wether or not other versions have any difficulty has not yet been determined. As these samples seem to work mostly webbased it is less likely you get one by email. But users of this version may want to keep an eye out on their logs and MailScanner installation. Hugo. PS: I am still not finished parsing through the collection to get all of them. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From dudi at kolcore.com Sat Jun 30 14:14:40 2007 From: dudi at kolcore.com (Dudi Goldenberg) Date: Sat Jun 30 14:15:09 2007 Subject: Kaspersky 5.0 hangup on Packed PE_Patch.NSAnti Message-ID: <858B5F3269A8F147AD4A615A91327FEA1222B9@prince.kolcore.local> >I have over a dozen samples that can make Kaspersky v5.0 on Linux hang up >on itself. You get the log line reporting it is packed like: Packed >PE_Patch.NSAnti I'm running several Debian etch/postfix/cyrus combos, all running KAV 5.5.10 (for mail servers, not fileserver versions). Never had an issue with it. Can you zip the sample & send it over? I'll see if it passes my system. Regards, Dudi From dudi at kolcore.com Sat Jun 30 14:18:53 2007 From: dudi at kolcore.com (Dudi Goldenberg) Date: Sat Jun 30 14:19:13 2007 Subject: MS logging Message-ID: <858B5F3269A8F147AD4A615A91327FEA1222BA@prince.kolcore.local> Hello list, I wonder if MS logging can be tweaked in such a way that "spam" and "high spam" will have distinct logs. like: Jun 30 16:07:00 cat MailScanner[18458]: Spam Checks: Found 1 spam messages And hopefully: Jun 30 16:07:00 cat MailScanner[18458]: Spam Checks: Found 1 high spam messages This may help in tracking and log analyze. TIA Dudi Goldenberg Kolcore Ltd. From lars+lister.mailscanner at adventuras.no Sat Jun 30 15:19:21 2007 From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen) Date: Sat Jun 30 15:19:45 2007 Subject: Freebsd 6 and mailscanner port In-Reply-To: <46864AB5.80005@syska.dk> References: <20070629195448.GA52188@micron.lacnic.net.uy> <7A5B4051-E836-487A-8E5A-F42DD77820F9@csolve.net> <20070629235020.GA69756@micron.lacnic.net.uy> <46864AB5.80005@syska.dk> Message-ID: <46866669.4070401@adventuras.no> Mikael Syska skrev: > Pablo Allietti wrote: >> the problem? i dont know... im really lost with this.. if you have any >> advise please help me ... > You must be missing something ... also running 4.60.8 with FreeBSD 6.2 > ... with no problems ... and I havent found a problem yet with the port > in freebsd. > > In a few days I will setup a new system, and hopefully I wont have that > problem ... This might or might not be related to the original post, hope I am not hijacking. But if any of you are putting up a new system on FreeBSD anyway, maybe you can watch out for the following and report the specifics to the maintainer of the port. Last time I setup an all new mailscanner system was under pressure late in the night during days of chaos, but if I remember correctly: 1. The port patched some files to get freebsd-specific paths. 2. I think "make initial-config" overwrote some of those files with unpatched files from the distribution. Or maybe I was just tired. It should be tried on a fresh computer during daylight hours to be more specific. Thank you, Lars > > // Mikael Syska From MailScanner at ecs.soton.ac.uk Sat Jun 30 17:58:06 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 30 17:59:01 2007 Subject: Fake User-Agent on PDF In-Reply-To: References: Message-ID: <46868B9E.2050409@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hugo van der Kooij wrote: > Hi, > > So far all SPAM PDF files that did not get killed on other issues seem > to use a fake User-Agent header: User-Agent: Thunderbird 1.5.0.12 > (Windows/20070509) > > According to > http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.12.html the > release date is impossible however. > > I have not written a SA rule (yet). I wrote a detectline in my header > checks of postfix: > /^User-Agent: Thunderbird 1.5.0.12 \(Windows/20070509\)/ REJECT > This is a fake version of Thunderbird Here's a SA rule that will do the same thing: header JKF_FAKE_TBIRD User-Agent =~ /Thunderbird 1.5.0.12 \(Windows\/20070509\)/ describe JKF_FAKE_TBIRD Fake version of Thunderbird score JKF_FAKE_TBIRD 1.5 Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFGhoufEfZZRxQVtlQRAj60AKCUkI80DcGHsT1AwZ06XwpWMOeXGACghST9 PoG5L+bPCn6qNJt8BKT57pE= =NuSY -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ms-list at alexb.ch Sat Jun 30 19:10:24 2007 From: ms-list at alexb.ch (Alex Broens) Date: Sat Jun 30 19:10:32 2007 Subject: Fake User-Agent on PDF In-Reply-To: <46868B9E.2050409@ecs.soton.ac.uk> References: <46868B9E.2050409@ecs.soton.ac.uk> Message-ID: <46869C90.3010308@alexb.ch> On 6/30/2007 6:58 PM, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Hugo van der Kooij wrote: >> Hi, >> >> So far all SPAM PDF files that did not get killed on other issues seem >> to use a fake User-Agent header: User-Agent: Thunderbird 1.5.0.12 >> (Windows/20070509) >> >> According to >> http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.12.html the >> release date is impossible however. >> >> I have not written a SA rule (yet). I wrote a detectline in my header >> checks of postfix: >> /^User-Agent: Thunderbird 1.5.0.12 \(Windows/20070509\)/ REJECT >> This is a fake version of Thunderbird > Here's a SA rule that will do the same thing: > header JKF_FAKE_TBIRD User-Agent =~ /Thunderbird 1.5.0.12 > \(Windows\/20070509\)/ > describe JKF_FAKE_TBIRD Fake version of Thunderbird > score JKF_FAKE_TBIRD 1.5 > Jules, /Thunderbird 1\.5\.0\.12\(Windows\/20070509\)/ forgot to escape periods? Alex From mikej at rogers.com Sat Jun 30 19:57:46 2007 From: mikej at rogers.com (Mike Jakubik) Date: Sat Jun 30 19:57:49 2007 Subject: Doubts about PF, what are the pros/cons about other MTAs? In-Reply-To: <467E9AD4.5080200@syska.dk> References: <467E9AD4.5080200@syska.dk> Message-ID: <4686A7AA.4060008@rogers.com> Mikael Syska wrote: > Hi, > > I'm going to replace a Post Fix/amavisd-new/spamassassin setup in the > near future. > > My concers is about all the bad stuff that are with Post Fix and Main > Scanner ( just a few days ago a message about corrupted headers was on > the list, Glenn Steen would look at it next week ) ... and that Post > Fix maintainers aint happy with the way MS handles mails from PF ... > and so on .... > I've been using the combination for almost 2 years now and I've yet to have an issue. From MailScanner at ecs.soton.ac.uk Sat Jun 30 21:10:57 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 30 21:14:00 2007 Subject: Fake User-Agent on PDF In-Reply-To: <46869C90.3010308@alexb.ch> References: <46868B9E.2050409@ecs.soton.ac.uk> <46869C90.3010308@alexb.ch> Message-ID: <4686B8D1.7090005@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Broens wrote: > On 6/30/2007 6:58 PM, Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Hugo van der Kooij wrote: >>> Hi, >>> >>> So far all SPAM PDF files that did not get killed on other issues >>> seem to use a fake User-Agent header: User-Agent: Thunderbird >>> 1.5.0.12 (Windows/20070509) >>> >>> According to >>> http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.12.html the >>> release date is impossible however. >>> >>> I have not written a SA rule (yet). I wrote a detectline in my >>> header checks of postfix: >>> /^User-Agent: Thunderbird 1.5.0.12 \(Windows/20070509\)/ >>> REJECT This is a fake version of Thunderbird >> Here's a SA rule that will do the same thing: >> header JKF_FAKE_TBIRD User-Agent =~ /Thunderbird 1.5.0.12 >> \(Windows\/20070509\)/ >> describe JKF_FAKE_TBIRD Fake version of Thunderbird >> score JKF_FAKE_TBIRD 1.5 >> > > Jules, > > /Thunderbird 1\.5\.0\.12\(Windows\/20070509\)/ > > forgot to escape periods? Yes, agreed. But it's not very important. A version of the rule that accepts 1-5-0-12 is fine too, that's certainly a fake Thunderbird version number! :-) Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFGhrjSEfZZRxQVtlQRAu2EAJ4igl0/TOETgNqILIWWqerSAay5SACfZR/P EWRfPaZ8ae4+/Ev/3Iyy6Qs= =ckQ6 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From mikael at syska.dk Sat Jun 30 22:04:40 2007 From: mikael at syska.dk (Mikael Syska) Date: Sat Jun 30 22:04:21 2007 Subject: Doubts about PF, what are the pros/cons about other MTAs? In-Reply-To: <4686A7AA.4060008@rogers.com> References: <467E9AD4.5080200@syska.dk> <4686A7AA.4060008@rogers.com> Message-ID: <4686C568.9070307@syska.dk> Hi, Mike Jakubik wrote: > Mikael Syska wrote: >> Hi, >> >> I'm going to replace a Post Fix/amavisd-new/spamassassin setup in the >> near future. >> >> My concers is about all the bad stuff that are with Post Fix and Main >> Scanner ( just a few days ago a message about corrupted headers was >> on the list, Glenn Steen would look at it next week ) ... and that >> Post Fix maintainers aint happy with the way MS handles mails from PF >> ... and so on .... >> > I've been using the combination for almost 2 years now and I've yet to > have an issue. > I think I'm convinced now ... I'm going to use postfix, since no real arguments againts it have been made. Thanks for the time guys. // ouT From MailScanner at ecs.soton.ac.uk Sat Jun 30 22:16:49 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 30 22:19:23 2007 Subject: Doubts about PF, what are the pros/cons about other MTAs? In-Reply-To: <4686C568.9070307@syska.dk> References: <467E9AD4.5080200@syska.dk> <4686A7AA.4060008@rogers.com> <4686C568.9070307@syska.dk> Message-ID: <4686C841.7030109@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mikael Syska wrote: > Hi, > > Mike Jakubik wrote: >> Mikael Syska wrote: >>> Hi, >>> >>> I'm going to replace a Post Fix/amavisd-new/spamassassin setup in >>> the near future. >>> >>> My concers is about all the bad stuff that are with Post Fix and >>> Main Scanner ( just a few days ago a message about corrupted headers >>> was on the list, Glenn Steen would look at it next week ) ... and >>> that Post Fix maintainers aint happy with the way MS handles mails >>> from PF ... and so on .... >>> >> I've been using the combination for almost 2 years now and I've yet >> to have an issue. >> > I think I'm convinced now ... I'm going to use postfix, since no real > arguments againts it have been made. > > Thanks for the time guys. I'm going to release a new stable version tomorrow which includes the recent Postfix bugfix to do with its milter support. If you can't wait till tomorrow, then it's already on the website, you'll just have to guess the URL for 4.61.7-1 :-) Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFGhshBEfZZRxQVtlQRAh73AJ9sE4OZcfq4PiwNweNrIWpLonpOqACbBbxQ hS53cCou6PXVH2/5MVW3q7E= =nriF -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Sat Jun 30 22:17:46 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jun 30 22:21:02 2007 Subject: Fake User-Agent on PDF -- WARNING! In-Reply-To: <4686B8D1.7090005@ecs.soton.ac.uk> References: <46868B9E.2050409@ecs.soton.ac.uk> <46869C90.3010308@alexb.ch> <4686B8D1.7090005@ecs.soton.ac.uk> Message-ID: <4686C87A.1060800@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Turns out this is not an illegal version number at all, it's perfectly valid. So I strongly advise against using any rule based on this version number :-( bother :( Jules. Julian Field wrote: > * PGP Signed: 06/30/07 at 21:10:58 > > > > Alex Broens wrote: >> On 6/30/2007 6:58 PM, Julian Field wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> >>> >>> Hugo van der Kooij wrote: >>>> Hi, >>>> >>>> So far all SPAM PDF files that did not get killed on other issues >>>> seem to use a fake User-Agent header: User-Agent: Thunderbird >>>> 1.5.0.12 (Windows/20070509) >>>> >>>> According to >>>> http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.12.html the >>>> release date is impossible however. >>>> >>>> I have not written a SA rule (yet). I wrote a detectline in my >>>> header checks of postfix: >>>> /^User-Agent: Thunderbird 1.5.0.12 \(Windows/20070509\)/ >>>> REJECT This is a fake version of Thunderbird >>> Here's a SA rule that will do the same thing: >>> header JKF_FAKE_TBIRD User-Agent =~ /Thunderbird 1.5.0.12 >>> \(Windows\/20070509\)/ >>> describe JKF_FAKE_TBIRD Fake version of Thunderbird >>> score JKF_FAKE_TBIRD 1.5 >>> >> >> Jules, >> >> /Thunderbird 1\.5\.0\.12\(Windows\/20070509\)/ >> >> forgot to escape periods? > Yes, agreed. But it's not very important. A version of the rule that > accepts 1-5-0-12 is fine too, that's certainly a fake Thunderbird > version number! :-) > > Jules > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFGhsh7EfZZRxQVtlQRApDXAKCBXXaMud5aMvC5l6iiT6bj5JZc8ACgks5S rMGjfeZFOyLwjmauVhOpqYc= =kdEn -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From hvdkooij at vanderkooij.org Sat Jun 30 23:16:25 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Jun 30 23:17:25 2007 Subject: Fake User-Agent on PDF -- WARNING! In-Reply-To: <4686C87A.1060800@ecs.soton.ac.uk> References: <46868B9E.2050409@ecs.soton.ac.uk> <46869C90.3010308@alexb.ch> <4686B8D1.7090005@ecs.soton.ac.uk> <4686C87A.1060800@ecs.soton.ac.uk> Message-ID: On Sat, 30 Jun 2007, Julian Field wrote: > Turns out this is not an illegal version number at all, it's perfectly > valid. > So I strongly advise against using any rule based on this version number :-( > > bother :( It just is an odd combination of a version with a timestamp 20070509 and a release date online of 2007-05-30. It is a sure thing to put someone off like that. Common guys. No messing with my birthday. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From mikael at syska.dk Sat Jun 30 23:44:21 2007 From: mikael at syska.dk (Mikael Syska) Date: Sat Jun 30 23:44:06 2007 Subject: Doubts about PF, what are the pros/cons about other MTAs? In-Reply-To: <4686C841.7030109@ecs.soton.ac.uk> References: <467E9AD4.5080200@syska.dk> <4686A7AA.4060008@rogers.com> <4686C568.9070307@syska.dk> <4686C841.7030109@ecs.soton.ac.uk> Message-ID: <4686DCC5.9050208@syska.dk> Hey, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Mikael Syska wrote: > >> [snip] >> I think I'm convinced now ... I'm going to use postfix, since no real >> arguments againts it have been made. >> >> Thanks for the time guys. >> > I'm going to release a new stable version tomorrow which includes the > recent Postfix bugfix to do with its milter support. > If you can't wait till tomorrow, then it's already on the website, > you'll just have to guess the URL for 4.61.7-1 :-) > I can wait ... I wont begin on the server until tuesday ... So no problems there. Can't wait to get my hands dirty converting the old amavisd-new setup ... some other dude had setup it up, and its a real pain to figure out ... Btw, read on a page on the internet where a person said that MS did not use the resources very good cause its spawning a new process for every mail and afterwards closing it. amavisd-new also did that in the start but changed over to daemon style ... so its not spawning a new proces every time ... Is there something about this, or did the guy just not like MS ? and if there are something about it ... will MS be changed to spawn daemons ? what are the pros/cons agints it ? > Jules > > // Mikael Syska From glenn.steen at gmail.com Sat Jun 30 23:47:39 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Jun 30 23:47:41 2007 Subject: Fake User-Agent on PDF -- WARNING! In-Reply-To: References: <46868B9E.2050409@ecs.soton.ac.uk> <46869C90.3010308@alexb.ch> <4686B8D1.7090005@ecs.soton.ac.uk> <4686C87A.1060800@ecs.soton.ac.uk> Message-ID: <223f97700706301547x4466d99diad9fc8d648d8811@mail.gmail.com> On 01/07/07, Hugo van der Kooij wrote: > On Sat, 30 Jun 2007, Julian Field wrote: > > > Turns out this is not an illegal version number at all, it's perfectly > > valid. > > So I strongly advise against using any rule based on this version number :-( > > > > bother :( > > It just is an odd combination of a version with a timestamp 20070509 and a > release date online of 2007-05-30. It is a sure thing to put someone off > like that. > > Common guys. No messing with my birthday. You're quite an advanced admin/user for a newborn....:-D. Have you done any form of count on the occurance of this suspect combo? You mentioned not having counted/checked them all IIRC. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From jgouveia at gmail.com Sat Jun 30 23:53:25 2007 From: jgouveia at gmail.com (=?ISO-8859-1?Q?Jo=E3o_Gouveia?=) Date: Sat Jun 30 23:53:28 2007 Subject: Fake User-Agent on PDF -- WARNING! In-Reply-To: <223f97700706301547x4466d99diad9fc8d648d8811@mail.gmail.com> References: <46868B9E.2050409@ecs.soton.ac.uk> <46869C90.3010308@alexb.ch> <4686B8D1.7090005@ecs.soton.ac.uk> <4686C87A.1060800@ecs.soton.ac.uk> <223f97700706301547x4466d99diad9fc8d648d8811@mail.gmail.com> Message-ID: <39ee73db0706301553p51641b50u4bfe9ac1fc5f2874@mail.gmail.com> On 6/30/07, Glenn Steen wrote: > On 01/07/07, Hugo van der Kooij wrote: > > On Sat, 30 Jun 2007, Julian Field wrote: > > > > > Turns out this is not an illegal version number at all, it's perfectly > > > valid. > > > So I strongly advise against using any rule based on this version number :-( > > > > > > bother :( > > > > It just is an odd combination of a version with a timestamp 20070509 and a > > release date online of 2007-05-30. It is a sure thing to put someone off > > like that. > > > > Common guys. No messing with my birthday. > You're quite an advanced admin/user for a newborn....:-D. > > Have you done any form of count on the occurance of this suspect > combo? You mentioned not having counted/checked them all IIRC. Carefull with that rule, doesn't look that fake. Just search in google (or googlegroups) for "Thunderbird 1.5.0.12 (Windows/20070509)". There's a lot of ham mail there.. > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! >