From a.peacock at chime.ucl.ac.uk Tue May 1 08:11:34 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Tue May 1 08:12:12 2007 Subject: A lot of spam getting through In-Reply-To: <04D932B0071FE34FA63EBB1977B48D1502816DB1@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D1502816DB1@woodenex.woodmaclaw.local> Message-ID: <4636E826.1070104@chime.ucl.ac.uk> Billy A. Pumphrey wrote: > Hello everyone. I am having quite a few spam get through. I thought > that I had quite a few things installed and configured correctly. > Actually they used to work really well then when I had to rebuild bayes > as there were too many FP and turn off RBL's, then a lot of spam are > getting through. Somewhere around 50-100 per user are seemingly getting > through on a weekend. I have put down as much information as I thought > about for my configuration. I am looking for recommendations to > recrease my block rate. Please let me know if I left any information > out. jThank you. > > After looking at a few emails I can see that pyzor and DCC and bayes are > scoring: > Score Matching Rule Description > cached not > score=24.094 > 6 required > autolearn=spam > 2.17 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) > 0.33 FH_DATE_ISNT_2006 > 0.77 FH_DATE_ISNT_200X > 0.40 FH_LEADINGPREP > 0.71 FS_START_BUY > 3.70 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) > 0.61 SARE_SXLIFE Talks about your sex life > 3.81 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist > 4.09 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist > 3.01 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist > 4.50 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist Are these the scores that your system gives to one of the emails that are gettig through? If so that scored 24 points. So this email should have been filtered. This suggests to me that the problem isn't with SA but with something in your MailScanner settings. If these aren't the scores from one of the emails that are getting through can you save an email to a text file and send the output of the following command: spamassassin --test-mode < email.txt -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From glenn.steen at gmail.com Tue May 1 10:12:19 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 1 10:12:23 2007 Subject: Postfix milter with MailScanner , extra 0 problem In-Reply-To: <20070430193605.B02521224A1@mx-b.vdnet.lt> References: <1177340488.25796.153.camel@localhost.localdomain> <223f97700704230818t3ffae2e3u1f28b09aad5d454@mail.gmail.com> <1177343963.25796.159.camel@localhost.localdomain> <223f97700704240216u4cbd4cbey1df9503fa3a2c7f6@mail.gmail.com> <20070430193605.B02521224A1@mx-b.vdnet.lt> Message-ID: <223f97700705010212t3356ff62s4d7c93c10f2344f4@mail.gmail.com> On 30/04/07, Nerijus Baliunas wrote: > On Tue, 24 Apr 2007 11:16:23 +0200 Glenn Steen wrote: > > > These patches are for use with Postfix 2.3... Although PFDiskStore.pm > > will handle the body edits we need do some check to see that all the > > body is there by spinning through the p records in ReadQf (in > > Postfix.pm)... Or something smarter (I'm open to sugegstions:-). > > If you need that (and run PF 2.4) I can probably find my patch for > > that too ... somewhere...:-) > > BTW, can I use these patches with PF 2.4 if my milter modifies headers > only (not body)? Or should I need your patch for 2.4? > > Regards, > Nerijus They should work OK for milters only modifying headers using PF 2.4 ... There isn't much difference between the patches, just the verification part in ReadQf (IIRC:-)... So go ahead... Please report any problems directly to me and I'll try see if there's anything I can do;-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue May 1 10:16:02 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 1 10:16:05 2007 Subject: New Stable Release, Clamd and Postfix? In-Reply-To: References: <4635F88E.4040509@slackadelic.com> Message-ID: <223f97700705010216s6071bf87hd8a1a514ed72a4d1@mail.gmail.com> On 30/04/07, Scott Silva wrote: > Matt Hayes spake the following on 4/30/2007 7:09 AM: > > Paul Hutchings wrote: > >> My MailScanner box runs quite nicely running the previous stable version > >> 4.58.9. > >> > >> I'm suffering from the slow clamscan performance issue, and noticed the > >> new stable release supports clamd (which I'm running). > >> > >> Having looked at the manual it appears it should simply be a case of run > >> the installer script, then use upgrade_MailScanner_conf to update > >> MailScanner.conf with the new settings. > >> > >> Not having ever upgraded MailScanner before, I'd sooner ask the question > >> than get caught out - is this all there is to it (barring something > >> totally unforeseen happening)? > >> > >> Also as I run Postfix I have my MailScanner set to run as user "postfix" > >> as per the docs. Will this cause me a problem (or can someone point me > >> where to go to RTFM?) > >> > >> Cheers, > >> Paul > >> > > > > Paul, > > > > That is basically all there is to it. However, if you are like me, > > anything custom that you've added like %rules-dir% files will more than > > likely have to be re-entered in. If you use Mailwatch, some things with > > quarantine configuration to allow for released messages to bypass spam > > checks may have to be reconfigured. > > > > The great thing about the upgrade of mailscanner.. it leaves your old > > installation in place :) > > > > -Matt > > > > > The last statement isn't totally true. The rpm version will replace the > running files. I have a backup script I run that copies the running system > into a new directory and then I can upgrade or go back. > And this is actually well documented (sort of:) in the MAQ and wiki ... Go have a look, it's rather prominetly visible;-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From grpprod at gmail.com Tue May 1 10:58:19 2007 From: grpprod at gmail.com (G P) Date: Tue May 1 10:58:20 2007 Subject: Latest MS keeps restarting Message-ID: <773fecad0705010258k6a71712fmf85ec9638b766bb4@mail.gmail.com> Hi all, I just installed latest version, and it keeps restarting its children every 1 minute. This wasn't happening with the previous version. I have just switched back to 4.58.9, keeping the same configuration, and problem seems solved now. Any comments would be appreciated. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070501/443b739c/attachment.html From raymond at prolocation.net Tue May 1 11:00:59 2007 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Tue May 1 11:00:58 2007 Subject: Latest MS keeps restarting In-Reply-To: <773fecad0705010258k6a71712fmf85ec9638b766bb4@mail.gmail.com> References: <773fecad0705010258k6a71712fmf85ec9638b766bb4@mail.gmail.com> Message-ID: Hi! > I just installed latest version, and it keeps restarting its children every > 1 minute. This wasn't happening with the previous version. I have just > switched back to 4.58.9, keeping the same configuration, and problem seems > solved now. Run in debug mode pls, you most likely have a issue with the new one thats making it restart... Bye, Raymond. From martinh at solidstatelogic.com Tue May 1 11:06:23 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue May 1 11:06:39 2007 Subject: Latest MS keeps restarting In-Reply-To: <773fecad0705010258k6a71712fmf85ec9638b766bb4@mail.gmail.com> Message-ID: Hi What O/S and what virus scanners are being used...... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of G P > Sent: 01 May 2007 10:58 > To: mailscanner@lists.mailscanner.info > Subject: Latest MS keeps restarting > > Hi all, > I just installed latest version, and it keeps restarting its children > every 1 minute. This wasn't happening with the previous version. I have > just switched back to 4.58.9, keeping the same configuration, and problem > seems solved now. > > Any comments would be appreciated. ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From grpprod at gmail.com Tue May 1 11:32:59 2007 From: grpprod at gmail.com (G P) Date: Tue May 1 11:33:02 2007 Subject: Latest MS keeps restarting In-Reply-To: References: <773fecad0705010258k6a71712fmf85ec9638b766bb4@mail.gmail.com> Message-ID: <773fecad0705010332l15f21b31sf632839259b7bb9d@mail.gmail.com> > > What O/S and what virus scanners are being used...... > > It runs under CentOS 3.8, and clamavmodule is used. Haven't run it in debug mode yet, I will do and let the list of the results. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070501/101605c2/attachment.html From dave.list at pixelhammer.com Tue May 1 13:32:18 2007 From: dave.list at pixelhammer.com (DAve) Date: Tue May 1 13:33:40 2007 Subject: Slightly OT: How do you deal with domains you forward to who consider you a spammer based in user reports? In-Reply-To: <57573D714A832C43B9D80EAFBDA48D03057BDAC1@inex3.herffjones.hj-int> References: <57573D714A832C43B9D80EAFBDA48D03057BDAB2@inex3.herffjones.hj-int> <46365924.7000202@pixelhammer.com> <57573D714A832C43B9D80EAFBDA48D03057BDAC1@inex3.herffjones.hj-int> Message-ID: <46373352.3030904@pixelhammer.com> Furnish, Trever G wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of DAve >> Sent: Monday, April 30, 2007 5:01 PM >> To: MailScanner discussion >> Subject: Re: Slightly OT: How do you deal with domains you >> forward to who consider you a spammer based in user reports? > >> An exasperating situation. We have been dealing with the same >> issue for quite a awhile. Our current solution is to use >> verp, if AOL returns the message in a scomp report we remove >> the users email address and add it to a subscriber black >> list. That email address is never allowed to subscribe to >> another mail list we host. So far, no client has complained, >> AOL is happy, our scomp reports have plummeted. > > Are you using verp only in conjunction with mailing lists? > Unfortunately my forwards aren't going through any kind of mailing list > manager -- they're just coming in and getting forwarded immediately back > out, since each address goes to an individual. The forwards were set up > so that outside sales reps who don't pick up mail from out systems could > still have a "company" email address -- a practice I'm hoping to end, > but which I expect to continue. Yes, verp just for the mail lists for now. We haven't had to go chase down a forwarding solution, yet. I am hoping we don't have to, but that will be my solution if needed. > >> You might see if there is a way to inject something into the >> headers that AOL will no redact. Then, if the user reports >> their forwarded mail as spam, simply stop forwarding. > > That might actually make a big difference. Any ideas on how to > implement it, short of placing a footer in the body of the message? Not really ;^), but if it comes down to it I will have to find something. Likely I will look at removing the forward and letting the message deliver locally, then have a cron job read the mailbox, add the header, resend the mail. Ideally, we provide webmail over ssh, imap, pop, and smtp-auth. So if it comes up again I will suggest that forwarding is not needed and the possibility that business correspondence is subject to family review and accidental use. Social solutions are almost always the better choice, training the user is harder than programming, but infinitely better in the long run. >I've noted that aol "redacts" anything that looks like an email address > in the headers, but not the body, but if I could insert a header that > says, for example, "X-HJ-MailScanner-To: foo at foo dot com", they > probably wouldn't redact that. I suppose I could modify that bit of > code in mailscanner that adds that header...hmmm... Painful for > upgrades, but better than nothing... scomp reports are kinda funny, some are redacted some are not. We have even gotten scomp reports from a netblock we don't own. > >> Not the >> best solution business wise, but the safe option for certain. >> If the user wants the authority to declare spam/not spam, >> they should be responsible for the actions they set into motion. >> >> In the end we all want to make the client happy, but >> protecting your network must come first. You can't make a >> client happy if no one will accept your server's mail. > > Good points and it's nice to know I'm not the only one who feels that > way. > DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From bpumphrey at woodmclaw.com Tue May 1 14:36:52 2007 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Tue May 1 14:36:56 2007 Subject: A lot of spam getting through In-Reply-To: Message-ID: <04D932B0071FE34FA63EBB1977B48D1502816F72@woodenex.woodmaclaw.local> > > > 2) Install Fuzzyocr which works well at detecting the image spams > > > (http://www.gbnetwork.co.uk/mailscanner/ for the URL's) > > > > I got this installed and a lint shows OK. > > Have a look at http://www.freespamfilter.org/forum/viewforum.php?f=25 > That forum although quiet has some good tips for additional fuzzyocr > configuration such as additional words and scansets. Did you install gocr > and ocrad OCR plugins? I followed the instructions and then when I was double checking that I had what you mentioned, I realized that I downloaded and installed the 2.3b version. I will now have to go back and install the 3.5.1 version. I hope that this is as simple as running the install of the new version. I really don't know how to Uninstall the old version. From alex at nkpanama.com Tue May 1 14:46:18 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue May 1 14:47:03 2007 Subject: A lot of spam getting through In-Reply-To: <04D932B0071FE34FA63EBB1977B48D1502816E99@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D1502816E99@woodenex.woodmaclaw.local> Message-ID: <463744AA.40504@nkpanama.com> Billy A. Pumphrey wrote: > > Ok, I had edited this file but it points to my local domain windows dns > server. Does that mean that I should change it to something else? > Definitely. Feel free to install a more respectable operating system on it at any time. ;-) In regards to your actual problem, you may want to install a caching nameserver on your MailScanner box and point resolv.conf to 127.0.0.1 (and maybe something else, like your ISP's DNS servers as secondary, just in case). Unless your setup *requires* it, you shouldn't have to ask for DNS information from the *ugh* Windows machine ;-) From campbell at cnpapers.com Tue May 1 15:07:13 2007 From: campbell at cnpapers.com (Steve Campbell) Date: Tue May 1 15:07:29 2007 Subject: A lot of spam getting through References: <04D932B0071FE34FA63EBB1977B48D1502816E99@woodenex.woodmaclaw.local> <463744AA.40504@nkpanama.com> Message-ID: <002901c78bfa$045b5dd0$0705000a@ddf5dw71> ----- Original Message ----- From: "Alex Neuman van der Hans" To: "MailScanner discussion" Sent: Tuesday, May 01, 2007 9:46 AM Subject: Re: A lot of spam getting through > Billy A. Pumphrey wrote: >> >> Ok, I had edited this file but it points to my local domain windows dns >> server. Does that mean that I should change it to something else? >> > > Definitely. Feel free to install a more respectable operating system on it > at any time. ;-) > Just curious now. What OS are you running on this machine currently? What does your Windows DNS server manage? Steve From bpumphrey at woodmclaw.com Tue May 1 15:11:09 2007 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Tue May 1 15:11:12 2007 Subject: A lot of spam getting through In-Reply-To: Message-ID: <04D932B0071FE34FA63EBB1977B48D1502816FAA@woodenex.woodmaclaw.local> > Have a look at http://www.freespamfilter.org/forum/viewforum.php?f=25 > That forum although quiet has some good tips for additional fuzzyocr > configuration such as additional words and scansets. Did you install gocr > and ocrad OCR plugins? > Ok, after I downloaded it, I remembered and seen that they are just files to be put in the directories. As far as the installs, I installed: I had some of the things installed before I upgraded fuzzy, then I installed more. I went through the instructions seemingly thoroughly for the install of the 3.5.1 version. I installed a ton of stuff, well seems like it. The only thing that I did not install was the DBD::mysql module part. I install the optional MLDBM and other. I am now getting some errors in the lint test. I have not enabled the hashing yet. [8894] warn: FuzzyOcr: Cannot find executable for giftopnm 0.00013 [8894] warn: FuzzyOcr: Cannot find executable for jpegtopnm 0.00012 [8894] warn: FuzzyOcr: Cannot find executable for pngtopnm 0.00012 [8894] warn: FuzzyOcr: Cannot find executable for bmptopnm 0.00012 [8894] warn: FuzzyOcr: Cannot find executable for tifftopnm 0.00012 [8894] warn: FuzzyOcr: Cannot find executable for ppmhist 0.00012 [8894] warn: FuzzyOcr: Cannot find executable for pamfile 0.00012 [8894] info: FuzzyOcr: Using ocrad => /usr/local/bin/ocrad 0.00017 [8894] info: FuzzyOcr: Using gocr => /usr/local/bin/gocr 0.00012 [8894] warn: FuzzyOcr: Cannot find executable for pnmnorm 0.0001 [8894] warn: FuzzyOcr: Cannot find executable for pnminvert 0.0001 [8894] warn: FuzzyOcr: Cannot find executable for pamthreshold 0.00011 [8894] warn: FuzzyOcr: Cannot find executable for ppmtopgm 0.00012 [8894] warn: FuzzyOcr: Cannot find executable for pamtopnm 0.00012 [8894] warn: FuzzyOcr: Cannot find executable for tesseract Man, there are a lot of entries for the fuzzy in the lint. Do you have a quick answer on how to fix the above? From bpumphrey at woodmclaw.com Tue May 1 15:12:17 2007 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Tue May 1 15:12:20 2007 Subject: A lot of spam getting through In-Reply-To: <463744AA.40504@nkpanama.com> Message-ID: <04D932B0071FE34FA63EBB1977B48D1502816FAC@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans > Sent: Tuesday, May 01, 2007 9:46 AM > To: MailScanner discussion > Subject: Re: A lot of spam getting through > > Billy A. Pumphrey wrote: > > > > Ok, I had edited this file but it points to my local domain windows dns > > server. Does that mean that I should change it to something else? > > > > Definitely. Feel free to install a more respectable operating system on > it at any time. ;-) > And what would that be? :) From bpumphrey at woodmclaw.com Tue May 1 15:13:11 2007 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Tue May 1 15:13:14 2007 Subject: A lot of spam getting through In-Reply-To: <002901c78bfa$045b5dd0$0705000a@ddf5dw71> Message-ID: <04D932B0071FE34FA63EBB1977B48D1502816FAD@woodenex.woodmaclaw.local> > > What OS are you running on this machine currently? What does your Windows > DNS server manage? > > Steve > > > -- CentOS 4.4 From mogens at fumlersoft.dk Tue May 1 15:13:08 2007 From: mogens at fumlersoft.dk (Mogens Melander) Date: Tue May 1 15:14:01 2007 Subject: A lot of spam getting through In-Reply-To: <463744AA.40504@nkpanama.com> References: <04D932B0071FE34FA63EBB1977B48D1502816E99@woodenex.woodmaclaw.local> <463744AA.40504@nkpanama.com> Message-ID: <2465.90.184.17.152.1178028788.squirrel@mail.fumlersoft.dk> On Tue, May 1, 2007 15:46, Alex Neuman van der Hans wrote: > Billy A. Pumphrey wrote: >> >> Ok, I had edited this file but it points to my local domain windows dns >> server. Does that mean that I should change it to something else? >> > > Definitely. Feel free to install a more respectable operating system on > it at any time. ;-) > > In regards to your actual problem, you may want to install a caching > nameserver on your MailScanner box and point resolv.conf to 127.0.0.1 > (and maybe something else, like your ISP's DNS servers as secondary, > just in case). Unless your setup *requires* it, you shouldn't have to > ask for DNS information from the *ugh* Windows machine ;-) I think something like dnsmasq could be used for this. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. From bpumphrey at woodmclaw.com Tue May 1 15:17:58 2007 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Tue May 1 15:18:00 2007 Subject: A lot of spam getting through In-Reply-To: Message-ID: <04D932B0071FE34FA63EBB1977B48D1502816FBD@woodenex.woodmaclaw.local> > 4) Add this following custom rule to match those spams which just link to > a > picture. > uri GRB_Imagehost > /\.(?:|imageshack|2and2|afreeimagehost|imagehosting)\.(?:com|net|us)/i > score GRB_Imagehost 1.0 > describe GRB_Imagehost Linking to free image hosting service > Well I thought there were no error. Please excuse me for being dense. I am getting the below. Maybe I am seeing word wrap on your rule and it is messing me up. I put the rule in as I see it above. Each line starting with: Uri /\. Score Describe Is that correct? [8894] warn: config: SpamAssassin failed to parse line, no value provided for "uri", skipping: uri GRB_Imagehost 0.05375 [8894] warn: config: failed to parse line, skipping: /\.(?:|imageshack|2and2|afreeimagehost|imagehosting)\.(?:com|net|us)/i 0.00016 [8894] warn: config: warning: description exists for non-existent rule GRB_Imagehost 0.39171 [8894] warn: config: warning: score set for non-existent rule GRB_Imagehost From list-mailscanner at linguaphone.com Tue May 1 15:18:35 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue May 1 15:18:53 2007 Subject: A lot of spam getting through In-Reply-To: <04D932B0071FE34FA63EBB1977B48D1502816FAA@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D1502816FAA@woodenex.woodmaclaw.local> Message-ID: <1178029114.14746.28.camel@gblades-suse.linguaphone-intranet.co.uk> On Tue, 2007-05-01 at 15:11, Billy A. Pumphrey wrote: > > Have a look at http://www.freespamfilter.org/forum/viewforum.php?f=25 > > That forum although quiet has some good tips for additional fuzzyocr > > configuration such as additional words and scansets. Did you install > gocr > > and ocrad OCR plugins? > > > > Ok, after I downloaded it, I remembered and seen that they are just > files to be put in the directories. As far as the installs, I > installed: > > I had some of the things installed before I upgraded fuzzy, then I > installed more. I went through the instructions seemingly thoroughly > for the install of the 3.5.1 version. I installed a ton of stuff, well > seems like it. The only thing that I did not install was the DBD::mysql > module part. I install the optional MLDBM and other. I am now getting > some errors in the lint test. > > I have not enabled the hashing yet. > > [8894] warn: FuzzyOcr: Cannot find executable for giftopnm 0.00013 > [8894] warn: FuzzyOcr: Cannot find executable for jpegtopnm 0.00012 > [8894] warn: FuzzyOcr: Cannot find executable for pngtopnm 0.00012 > [8894] warn: FuzzyOcr: Cannot find executable for bmptopnm 0.00012 > [8894] warn: FuzzyOcr: Cannot find executable for tifftopnm 0.00012 > [8894] warn: FuzzyOcr: Cannot find executable for ppmhist 0.00012 > [8894] warn: FuzzyOcr: Cannot find executable for pamfile 0.00012 > [8894] info: FuzzyOcr: Using ocrad => /usr/local/bin/ocrad 0.00017 > [8894] info: FuzzyOcr: Using gocr => /usr/local/bin/gocr 0.00012 > [8894] warn: FuzzyOcr: Cannot find executable for pnmnorm 0.0001 > [8894] warn: FuzzyOcr: Cannot find executable for pnminvert 0.0001 > [8894] warn: FuzzyOcr: Cannot find executable for pamthreshold 0.00011 > [8894] warn: FuzzyOcr: Cannot find executable for ppmtopgm 0.00012 > [8894] warn: FuzzyOcr: Cannot find executable for pamtopnm 0.00012 > [8894] warn: FuzzyOcr: Cannot find executable for tesseract > > Man, there are a lot of entries for the fuzzy in the lint. Do you have > a quick answer on how to fix the above? It looks as though you dont have the netpbm package installed. You may have the netpbm rpm installed but that is only the libraries. Redhat for example also has netpbm-progs which you also need to install. From list-mailscanner at linguaphone.com Tue May 1 15:21:33 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue May 1 15:21:40 2007 Subject: A lot of spam getting through In-Reply-To: <04D932B0071FE34FA63EBB1977B48D1502816FBD@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D1502816FBD@woodenex.woodmaclaw.local> Message-ID: <1178029293.14744.31.camel@gblades-suse.linguaphone-intranet.co.uk> On Tue, 2007-05-01 at 15:17, Billy A. Pumphrey wrote: > > 4) Add this following custom rule to match those spams which just link > to > > a > > picture. > > uri GRB_Imagehost > > /\.(?:|imageshack|2and2|afreeimagehost|imagehosting)\.(?:com|net|us)/i > > score GRB_Imagehost 1.0 > > describe GRB_Imagehost Linking to free image hosting service > > > > Well I thought there were no error. Please excuse me for being dense. > I am getting the below. Maybe I am seeing word wrap on your rule and it > is messing me up. I put the rule in as I see it above. Each line > starting with: > Uri > /\. > Score > Describe > > Is that correct? > > [8894] warn: config: SpamAssassin failed to parse line, no value > provided for "uri", skipping: uri GRB_Imagehost 0.05375 > [8894] warn: config: failed to parse line, skipping: > /\.(?:|imageshack|2and2|afreeimagehost|imagehosting)\.(?:com|net|us)/i > 0.00016 > [8894] warn: config: warning: description exists for non-existent rule > GRB_Imagehost 0.39171 > [8894] warn: config: warning: score set for non-existent rule > GRB_Imagehost The line which appears to start with /\. is a continuation of the first line. Just join the lines and it should be ok. From bpumphrey at woodmclaw.com Tue May 1 15:30:49 2007 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Tue May 1 15:30:53 2007 Subject: A lot of spam getting through In-Reply-To: <002901c78bfa$045b5dd0$0705000a@ddf5dw71> Message-ID: <04D932B0071FE34FA63EBB1977B48D1502816FDA@woodenex.woodmaclaw.local> > > Billy A. Pumphrey wrote: > >> > >> Ok, I had edited this file but it points to my local domain windows dns > >> server. Does that mean that I should change it to something else? > >> > > > > Definitely. Feel free to install a more respectable operating system on > it > > at any time. ;-) > > > Just curious now. > > What OS are you running on this machine currently? CentOS 4.4 > What does your Windows DNS server manage? It is a domain controller, WINS, DNS, Active Directory, DHCP > Steve > > > -- From bpumphrey at woodmclaw.com Tue May 1 15:34:05 2007 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Tue May 1 15:34:07 2007 Subject: A lot of spam getting through In-Reply-To: <001701c78b6a$ddc5caf0$0705000a@ddf5dw71> Message-ID: <04D932B0071FE34FA63EBB1977B48D1502816FDC@woodenex.woodmaclaw.local> Results of the DNS server commands. I am pretty sure that I don't have a DNS server on this machine. > > -- > If you're running RH flavor OS, do one of the following as root: > > ps -ax | grep named 11957 pts/0 S+ 0:00 grep named > > chkconfig --list named error reading information on service named: No such file or directory > > ls /etc/rc.d/init.d/named ls: /etc/rc.d/init.d/named: No such file or directory > > netstat -an | grep 53 tcp 0 0 127.0.0.1:11553 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:11553 127.0.0.1:51545 CLOSE_WAIT tcp 0 116 10.1.1.24:25 81.217.42.147:35365 FIN_WAIT1 tcp 0 0 127.0.0.1:51525 127.0.0.1:11553 TIME_WAIT tcp 0 0 127.0.0.1:51527 127.0.0.1:11553 TIME_WAIT tcp 0 0 127.0.0.1:51523 127.0.0.1:11553 TIME_WAIT tcp 0 0 127.0.0.1:51532 127.0.0.1:11553 TIME_WAIT tcp 0 0 127.0.0.1:51535 127.0.0.1:11553 TIME_WAIT tcp 0 0 127.0.0.1:51534 127.0.0.1:11553 TIME_WAIT tcp 0 0 127.0.0.1:51528 127.0.0.1:11553 TIME_WAIT tcp 0 0 127.0.0.1:51531 127.0.0.1:11553 TIME_WAIT tcp 0 0 127.0.0.1:51530 127.0.0.1:11553 TIME_WAIT tcp 0 0 127.0.0.1:51540 127.0.0.1:11553 TIME_WAIT tcp 0 0 127.0.0.1:51542 127.0.0.1:11553 TIME_WAIT tcp 0 0 127.0.0.1:51536 127.0.0.1:11553 TIME_WAIT tcp 0 0 127.0.0.1:51538 127.0.0.1:11553 TIME_WAIT tcp 0 0 127.0.0.1:51545 127.0.0.1:11553 FIN_WAIT2 tcp 0 0 127.0.0.1:51544 127.0.0.1:11553 TIME_WAIT tcp 0 0 ::ffff:10.1.1.24:51537 ::ffff:10.1.1.22:25 TIME_WAIT tcp 0 0 ::ffff:10.1.1.24:51533 ::ffff:10.1.1.22:25 TIME_WAIT unix 2 [ ACC ] STREAM LISTENING 12953341 /var/lib/mysql/mysql.sock unix 2 [ ACC ] STREAM LISTENING 25378793 /var/run/dcc/dccm unix 3 [ ] STREAM CONNECTED 25538221 /var/lib/mysql/mysql.sock unix 3 [ ] STREAM CONNECTED 25538220 unix 2 [ ] DGRAM 25538209 unix 2 [ ] DGRAM 25537800 unix 2 [ ] DGRAM 25537373 unix 2 [ ] DGRAM 25536669 unix 2 [ ] DGRAM 25536086 unix 2 [ ] DGRAM 25378792 [root@WoodenMS2 spamassassin]# > One of these should maybe give you an idea about a DNS server. If you're > running some other OS, I can't really help. > > Steve > > From campbell at cnpapers.com Tue May 1 15:53:03 2007 From: campbell at cnpapers.com (Steve Campbell) Date: Tue May 1 15:54:10 2007 Subject: A lot of spam getting through References: <04D932B0071FE34FA63EBB1977B48D1502816FDC@woodenex.woodmaclaw.local> Message-ID: <002a01c78c00$6bd68ce0$0705000a@ddf5dw71> ----- Original Message ----- From: "Billy A. Pumphrey" To: "MailScanner discussion" Sent: Tuesday, May 01, 2007 10:34 AM Subject: RE: A lot of spam getting through > Results of the DNS server commands. I am pretty sure that I don't have > a DNS server on this machine. > >> > -- >> If you're running RH flavor OS, do one of the following as root: >> >> ps -ax | grep named > > 11957 pts/0 S+ 0:00 grep named > >> >> chkconfig --list named > > error reading information on service named: No such file or directory > >> >> ls /etc/rc.d/init.d/named > > ls: /etc/rc.d/init.d/named: No such file or directory > >> >> netstat -an | grep 53 > > tcp 0 0 127.0.0.1:11553 0.0.0.0:* > LISTEN > tcp 0 0 127.0.0.1:11553 127.0.0.1:51545 > CLOSE_WAIT > tcp 0 116 10.1.1.24:25 81.217.42.147:35365 > FIN_WAIT1 > tcp 0 0 127.0.0.1:51525 127.0.0.1:11553 > TIME_WAIT > tcp 0 0 127.0.0.1:51527 127.0.0.1:11553 > TIME_WAIT > tcp 0 0 127.0.0.1:51523 127.0.0.1:11553 > TIME_WAIT > tcp 0 0 127.0.0.1:51532 127.0.0.1:11553 > TIME_WAIT > tcp 0 0 127.0.0.1:51535 127.0.0.1:11553 > TIME_WAIT > tcp 0 0 127.0.0.1:51534 127.0.0.1:11553 > TIME_WAIT > tcp 0 0 127.0.0.1:51528 127.0.0.1:11553 > TIME_WAIT > tcp 0 0 127.0.0.1:51531 127.0.0.1:11553 > TIME_WAIT > tcp 0 0 127.0.0.1:51530 127.0.0.1:11553 > TIME_WAIT > tcp 0 0 127.0.0.1:51540 127.0.0.1:11553 > TIME_WAIT > tcp 0 0 127.0.0.1:51542 127.0.0.1:11553 > TIME_WAIT > tcp 0 0 127.0.0.1:51536 127.0.0.1:11553 > TIME_WAIT > tcp 0 0 127.0.0.1:51538 127.0.0.1:11553 > TIME_WAIT > tcp 0 0 127.0.0.1:51545 127.0.0.1:11553 > FIN_WAIT2 > tcp 0 0 127.0.0.1:51544 127.0.0.1:11553 > TIME_WAIT > tcp 0 0 ::ffff:10.1.1.24:51537 ::ffff:10.1.1.22:25 > TIME_WAIT > tcp 0 0 ::ffff:10.1.1.24:51533 ::ffff:10.1.1.22:25 > TIME_WAIT > unix 2 [ ACC ] STREAM LISTENING 12953341 > /var/lib/mysql/mysql.sock > unix 2 [ ACC ] STREAM LISTENING 25378793 > /var/run/dcc/dccm > unix 3 [ ] STREAM CONNECTED 25538221 > /var/lib/mysql/mysql.sock > unix 3 [ ] STREAM CONNECTED 25538220 > unix 2 [ ] DGRAM 25538209 > unix 2 [ ] DGRAM 25537800 > unix 2 [ ] DGRAM 25537373 > unix 2 [ ] DGRAM 25536669 > unix 2 [ ] DGRAM 25536086 > unix 2 [ ] DGRAM 25378792 > [root@WoodenMS2 spamassassin]# > >> One of these should maybe give you an idea about a DNS server. If > you're >> running some other OS, I can't really help. >> >> Steve >> >> > -- OK, it looks pretty certain that you aren't running a DNS server on the box. Don't change your resolv.conf, then, until you install Bind or, as Mogens Melander suggested, one of the other DNS servers. But that's a project for another day, it sounds like. Steve From gmane at tippingmar.com Tue May 1 17:46:58 2007 From: gmane at tippingmar.com (Mark Nienberg) Date: Tue May 1 17:47:24 2007 Subject: how to block mail where From and To are the same? In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D204CD3925@UBIMAIL1.ubisoft.org> References: <1E293D3FF63A3740B10AD5AAD88535D204CD3925@UBIMAIL1.ubisoft.org> Message-ID: Daniel Maher wrote: > net result is that many of my users appear to be receiving spam /from > themselves/, which is causing some distress amongst the user base. If you can publish a SPF record for your domain, then the SPF checking in SA would catch this. Personally, I increase the score for SPF Fail, but see recent discussion about this for other points of view. Mark Nienberg From alex at nkpanama.com Tue May 1 17:54:54 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue May 1 17:55:38 2007 Subject: A lot of spam getting through In-Reply-To: <04D932B0071FE34FA63EBB1977B48D1502816FAC@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D1502816FAC@woodenex.woodmaclaw.local> Message-ID: <463770DE.40307@nkpanama.com> Billy A. Pumphrey wrote: > And what would that be? :) > Anything after CP/M, I'd think, but I would look to the download page for a list of highly respectable operating systems: * Version 4.59.4-2 for RedHat, Fedora and Mandrake Linux (and other RPM-based Linux distributions) (PGP signature) * Version 4.59.4-2 for SuSE (PGP signature) * Version 4.59.4-2 for Solaris / BSD / Other Linux / Other Unix (PGP signature) So your safest bet would be, RedHat (or CentOS), Fedora, Mandrake, SuSE, Solaris, BSD, Other Linux, or Other Unix, probably in that order... Anything else and MailScanner could cause swapping! ;-) From e.bloodaxe at gold.ac.uk Tue May 1 18:58:37 2007 From: e.bloodaxe at gold.ac.uk (e.bloodaxe@gold.ac.uk) Date: Tue May 1 18:58:50 2007 Subject: SophosAVI Message-ID: <46377FCD.2080608@gold.ac.uk> Can someone point me to or tell me why I might want to use SophosAVI over plain Sophos. although there is documenatation about how to install SophosAVI there is nothing telling me why I would want to do this. Eric From bpumphrey at woodmclaw.com Tue May 1 20:18:51 2007 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Tue May 1 20:18:55 2007 Subject: A lot of spam getting through In-Reply-To: <4636E826.1070104@chime.ucl.ac.uk> Message-ID: <04D932B0071FE34FA63EBB1977B48D15028171C9@woodenex.woodmaclaw.local> > > After looking at a few emails I can see that pyzor and DCC and bayes are > > scoring: > > Score Matching Rule Description > > cached not > > score=24.094 > > 6 required > > autolearn=spam > > 2.17 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) > > 0.33 FH_DATE_ISNT_2006 > > 0.77 FH_DATE_ISNT_200X > > 0.40 FH_LEADINGPREP > > 0.71 FS_START_BUY > > 3.70 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) > > 0.61 SARE_SXLIFE Talks about your sex life > > 3.81 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist > > 4.09 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist > > 3.01 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist > > 4.50 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist > > Are these the scores that your system gives to one of the emails that > are gettig through? If so that scored 24 points. So this email should > have been filtered. This suggests to me that the problem isn't with SA > but with something in your MailScanner settings. > This email was tagged as spam so good to go there. > If these aren't the scores from one of the emails that are getting > through can you save an email to a text file and send the output of the > following command: > > spamassassin --test-mode < email.txt > > > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "If you have an apple and I have an apple and we exchange apples > then you and I will still each have one apple. But if you have an > idea and I have an idea and we exchange these ideas, then each of us > will have two ideas." -- George Bernard Shaw > -- From drew at technologytiger.net Tue May 1 21:56:54 2007 From: drew at technologytiger.net (Drew Marshall) Date: Tue May 1 21:57:13 2007 Subject: ClamAV Module Core Dump Message-ID: <8264588D-CE5E-443D-AC9A-20BCB16F3C24@technologytiger.net> Hi all Ok another challenge that I hope you can help with. I am running a FreeBSD 6 box that I have just upgraded to ClamAV 0.90.2 which was upgraded from the ports tree. Knowing there can be issues, I also forced an update (Which in effect recompiles) of the Clam perl module. Restarted MailScanner and ever since MS core dumps. I can run MS using ClamAV only but it makes quite a performance hit so I want to get t reinstalled ASAP. Running in debug mode, I helpfully get: root@mx1 /usr/local/etc/MailScanner # mailscanner --debug In Debugging mode, not forking... Segmentation fault /var/log/messages gets: May 1 20:34:14 mx1 kernel: pid 43095 (perl5.8.8), uid 0: exited on signal 11 (core dumped) Again no clues that I can see. Can any one give me some ideas where to start with this? For the record: This is MailScanner version 4.58.9 Module versions are: 1.00 AnyDBM_File 1.18 Archive::Zip 1.04 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.18 File::Temp 0.92 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.22 IO 1.13 IO::File 1.13 IO::Pipe 1.74 Mail::Header 3.07 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.07 MIME::QuotedPrint 5.420 MIME::Tools 0.11 Net::CIDR 1.09 POSIX 1.78 Socket 1.4 Sys::Hostname::Long 0.13 Sys::Syslog 1.9707 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.814 DB_File 1.13 DBD::SQLite 1.54 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 0.44 Inline Segmentation fault (core dumped) #(It really doesn't like the ClamAV module, which I have uninstalled and reinstalled to no effect.) TIA Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by the Technology Tiger MailScanner. Further information can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From r.berber at computer.org Tue May 1 22:23:47 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Tue May 1 22:24:09 2007 Subject: ClamAV Module Core Dump In-Reply-To: <8264588D-CE5E-443D-AC9A-20BCB16F3C24@technologytiger.net> References: <8264588D-CE5E-443D-AC9A-20BCB16F3C24@technologytiger.net> Message-ID: Drew Marshall wrote: > Ok another challenge that I hope you can help with. I am running a > FreeBSD 6 box that I have just upgraded to ClamAV 0.90.2 which was > upgraded from the ports tree. Knowing there can be issues, I also forced > an update (Which in effect recompiles) of the Clam perl module. Which version of Mail::ClamAV? your long list below doesn't include it, version 0.20 is required. Did you also run ldconfig? (required when installing clamav-0.90.2) > Restarted MailScanner and ever since MS core dumps. I can run MS using > ClamAV only but it makes quite a performance hit so I want to get t > reinstalled ASAP. You can also use clamd/clamdscan with the new beta version of MS or with a few changes to the version you have. > Running in debug mode, I helpfully get: > > root@mx1 /usr/local/etc/MailScanner # mailscanner --debug > In Debugging mode, not forking... > Segmentation fault Do you have a core file? can you run the debugger on it? > /var/log/messages gets: > > May 1 20:34:14 mx1 kernel: pid 43095 (perl5.8.8), uid 0: exited on > signal 11 (core dumped) > > Again no clues that I can see. Can any one give me some ideas where to > start with this? > > For the record: > > This is MailScanner version 4.58.9 ... -- Ren? Berber From drew at technologytiger.net Tue May 1 22:35:07 2007 From: drew at technologytiger.net (Drew Marshall) Date: Tue May 1 22:35:25 2007 Subject: ClamAV Module Core Dump In-Reply-To: References: <8264588D-CE5E-443D-AC9A-20BCB16F3C24@technologytiger.net> Message-ID: <089CB271-EBCE-4738-9AF2-7F7867567CB3@technologytiger.net> On 1 May 2007, at 22:23, Ren? Berber wrote: > Drew Marshall wrote: > >> Ok another challenge that I hope you can help with. I am running a >> FreeBSD 6 box that I have just upgraded to ClamAV 0.90.2 which was >> upgraded from the ports tree. Knowing there can be issues, I also >> forced an update (Which in effect recompiles) of the Clam perl >> module. > > Which version of Mail::ClamAV? your long list below doesn't > include it, version 0.20 is required. It is version 0.20, I forgot that it core dumped while trying to even list it. > > Did you also run ldconfig? (required when installing clamav-0.90.2) As part of the ports build process, I believe so. I normally just portupgrade and sit back and wait. > >> Restarted MailScanner and ever since MS core dumps. I can run MS >> using ClamAV only but it makes quite a performance hit so I want >> to get t reinstalled ASAP. > > You can also use clamd/clamdscan with the new beta version of MS or > with a few changes to the version you have. True. > >> Running in debug mode, I helpfully get: >> root@mx1 /usr/local/etc/MailScanner # mailscanner --debug >> In Debugging mode, not forking... >> Segmentation fault > > Do you have a core file? can you run the debugger on it? No, I can't find the damn thing. I would have expected it to drop into the directory that either I was in or MS was running in and neither (Unless MS is cleaning it up when starting/ failing). Thanks for your help. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by the Technology Tiger MailScanner. Further information can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From ssilva at sgvwater.com Tue May 1 22:41:20 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue May 1 22:41:35 2007 Subject: ClamAV Module Core Dump In-Reply-To: <8264588D-CE5E-443D-AC9A-20BCB16F3C24@technologytiger.net> References: <8264588D-CE5E-443D-AC9A-20BCB16F3C24@technologytiger.net> Message-ID: Drew Marshall spake the following on 5/1/2007 1:56 PM: > Hi all > > Ok another challenge that I hope you can help with. I am running a > FreeBSD 6 box that I have just upgraded to ClamAV 0.90.2 which was > upgraded from the ports tree. Knowing there can be issues, I also forced > an update (Which in effect recompiles) of the Clam perl module. > Restarted MailScanner and ever since MS core dumps. I can run MS using > ClamAV only but it makes quite a performance hit so I want to get t > reinstalled ASAP. > > Running in debug mode, I helpfully get: > > root@mx1 /usr/local/etc/MailScanner # mailscanner --debug > In Debugging mode, not forking... > Segmentation fault > > /var/log/messages gets: > > May 1 20:34:14 mx1 kernel: pid 43095 (perl5.8.8), uid 0: exited on > signal 11 (core dumped) > > Again no clues that I can see. Can any one give me some ideas where to > start with this? I have a similar issue in Centos 4. While I am not getting cores, MailScanner will not run with the 0.20 module and 0.90.2 on one of my servers. It runs fine with the commandline scanner, and I haven't had the time to upgrade to the new version of MailScanner to test the clamd functionality. I get nothing in debug, either. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From z at ziff.net Tue May 1 23:01:42 2007 From: z at ziff.net (Zivago Lee) Date: Tue May 1 23:01:50 2007 Subject: ClamAV Module Core Dump In-Reply-To: References: <8264588D-CE5E-443D-AC9A-20BCB16F3C24@technologytiger.net> Message-ID: <63170.209.104.55.7.1178056902.squirrel@mail.ziff.net> > Drew Marshall spake the following on 5/1/2007 1:56 PM: >> Hi all >> >> Ok another challenge that I hope you can help with. I am running a >> FreeBSD 6 box that I have just upgraded to ClamAV 0.90.2 which was >> upgraded from the ports tree. Knowing there can be issues, I also forced >> an update (Which in effect recompiles) of the Clam perl module. >> Restarted MailScanner and ever since MS core dumps. I can run MS using >> ClamAV only but it makes quite a performance hit so I want to get t >> reinstalled ASAP. >> >> Running in debug mode, I helpfully get: >> >> root@mx1 /usr/local/etc/MailScanner # mailscanner --debug >> In Debugging mode, not forking... >> Segmentation fault >> >> /var/log/messages gets: >> >> May 1 20:34:14 mx1 kernel: pid 43095 (perl5.8.8), uid 0: exited on >> signal 11 (core dumped) >> >> Again no clues that I can see. Can any one give me some ideas where to >> start with this? > I have a similar issue in Centos 4. While I am not getting cores, > MailScanner > will not run with the 0.20 module and 0.90.2 on one of my servers. It runs > fine with the commandline scanner, and I haven't had the time to upgrade > to > the new version of MailScanner to test the clamd functionality. I get > nothing > in debug, either. Wow.. I thought it was just my server and/or config on why the clamavmodule was not working. It would just keep restarting the MailScanner processes and -debug would not display any issues. clamd works just fine, however, and works really well! -- Zivago Lee z@ziff.net From ssilva at sgvwater.com Tue May 1 23:15:03 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue May 1 23:15:16 2007 Subject: ClamAV Module Core Dump In-Reply-To: <63170.209.104.55.7.1178056902.squirrel@mail.ziff.net> References: <8264588D-CE5E-443D-AC9A-20BCB16F3C24@technologytiger.net> <63170.209.104.55.7.1178056902.squirrel@mail.ziff.net> Message-ID: Zivago Lee spake the following on 5/1/2007 3:01 PM: >> Drew Marshall spake the following on 5/1/2007 1:56 PM: >>> Hi all >>> >>> Ok another challenge that I hope you can help with. I am running a >>> FreeBSD 6 box that I have just upgraded to ClamAV 0.90.2 which was >>> upgraded from the ports tree. Knowing there can be issues, I also forced >>> an update (Which in effect recompiles) of the Clam perl module. >>> Restarted MailScanner and ever since MS core dumps. I can run MS using >>> ClamAV only but it makes quite a performance hit so I want to get t >>> reinstalled ASAP. >>> >>> Running in debug mode, I helpfully get: >>> >>> root@mx1 /usr/local/etc/MailScanner # mailscanner --debug >>> In Debugging mode, not forking... >>> Segmentation fault >>> >>> /var/log/messages gets: >>> >>> May 1 20:34:14 mx1 kernel: pid 43095 (perl5.8.8), uid 0: exited on >>> signal 11 (core dumped) >>> >>> Again no clues that I can see. Can any one give me some ideas where to >>> start with this? >> I have a similar issue in Centos 4. While I am not getting cores, >> MailScanner >> will not run with the 0.20 module and 0.90.2 on one of my servers. It runs >> fine with the commandline scanner, and I haven't had the time to upgrade >> to >> the new version of MailScanner to test the clamd functionality. I get >> nothing >> in debug, either. > > Wow.. I thought it was just my server and/or config on why the > clamavmodule was not working. It would just keep restarting the > MailScanner processes and -debug would not display any issues. clamd > works just fine, however, and works really well! > I have tried installing more than once, and I am near to wiping out the clam library and installing again. I might try clamd first, as anything has to be better than the commandline scanner. I am already running a few scanners, and every bit of load adds up. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mbneto at gmail.com Wed May 2 00:20:15 2007 From: mbneto at gmail.com (mbneto) Date: Wed May 2 00:20:16 2007 Subject: Switching to clamd in new MailScanner Message-ID: <5cf776b80705011620h7eeba9a9k170132219527bff3@mail.gmail.com> Hi, I am currently using clamav (rpm) with my MailScanner setup. I've noticed that it calls a clamav-wrapper so I am assuming that every email that the server receives invokes this wrapper. Some posts in this list mentioned that using clamd would give faster results so how can I make MailScanner use clamav such way? thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070501/0366eb41/attachment.html From z at ziff.net Wed May 2 00:26:26 2007 From: z at ziff.net (Zivago Lee) Date: Wed May 2 00:26:30 2007 Subject: Switching to clamd in new MailScanner In-Reply-To: <5cf776b80705011620h7eeba9a9k170132219527bff3@mail.gmail.com> References: <5cf776b80705011620h7eeba9a9k170132219527bff3@mail.gmail.com> Message-ID: <55632.209.104.55.7.1178061986.squirrel@mail.ziff.net> > I am currently using clamav (rpm) with my MailScanner setup. I've > noticed > that it calls a clamav-wrapper so I am assuming that every email that > the > server receives invokes this wrapper. > > Some posts in this list mentioned that using clamd would give faster > results > so how can I make MailScanner use clamav such way? Upgrade to the latest version of MS and the use the clamd virus scanner instead of clamav. -- Zivago Lee z@ziff.net From simon.walter at hp-factory.de Wed May 2 00:42:42 2007 From: simon.walter at hp-factory.de (Simon Walter) Date: Wed May 2 00:42:47 2007 Subject: ANNOUNCE: MailScanner stable 4.59 In-Reply-To: <4635D8B9.1010202@ecs.soton.ac.uk> (Julian Field's message of "Mon, 30 Apr 2007 12:53:29 +0100") References: <804d04538f794f46b267ddf96294c135@solidstatelogic.com> <4635D8B9.1010202@ecs.soton.ac.uk> Message-ID: <87ejm0t8jx.fsf@hp-factory.de> Hello Julian Field writes: > Please can you try 4.49.4-2 and see if this still works for you. It > still includes the patch but is wrapped up so the truncation only > happens if his regexp matches. Duh! I found this problem shortly after I send you the patch and fixed it in the debian package. If anyone would have asked me I would have sworn I informed you about the buggy patch, but I can't find any mail. So I probably thought about sending you a mail but never did it. Sorry for that. -- Regards Simon From markee at bandwidthco.com Wed May 2 03:34:03 2007 From: markee at bandwidthco.com (markee) Date: Wed May 2 03:36:57 2007 Subject: ClamAV Module Core Dump In-Reply-To: Message-ID: <004601c78c62$5973bf70$0300a8c0@bandwidthco.com> I have tried installing more than once, and I am near to wiping out the clam library and installing again. I might try clamd first, as anything has to be better than the commandline scanner. I am already running a few scanners, and every bit of load adds up. -- I'm thinking perhaps we need some of Julian's expert help here. The clamavmodule does not seem to be working period for me on my two gateway boxes. It did start once I upgraded to 0.90.2. ######################################################## This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. postmaster@bandwidthco.com MailScanner at Bandwidthco Computer Security is for your absolute protection. ######################################################## ######################################################## This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. postmaster@bandwidthco.com MailScanner at Bandwidthco Computer Security is for your absolute protection. ######################################################## From goetz.reinicke at filmakademie.de Wed May 2 07:04:30 2007 From: goetz.reinicke at filmakademie.de (=?ISO-8859-15?Q?G=F6tz_Reinicke?=) Date: Wed May 2 07:04:38 2007 Subject: log message MailScanner: waiting for children to die Message-ID: <463829EE.7080009@filmakademie.de> Hi, we recently upgraded our mailserver from Red Hat Enterprise Linux 4 to RHEL 5. We use the latest release of mailscanner and sendmail-8.13.8. Everything is up and running very good, beside I do get the following message lots of time: MailScanner: waiting for children to die: Process did not exit cleanly, returned 255 with signal 0 I'm using our "old" configuration from RHEL4 which worked without the message for a couple off years. Any ideas or tips? Best regards G?tz Reinicke -- G?tz Reinicke IT Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke@filmakademie.de Filmakademie Baden-W?rttemberg GmbH Mathildenstr. 20 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: Dr. Christoph Palmer, MdL, Minister a.D. Gesch?ftsf?hrer: Prof. Thomas Schadt From stork at openenterprise.ca Wed May 2 07:50:57 2007 From: stork at openenterprise.ca (Johnny Stork) Date: Wed May 2 07:51:04 2007 Subject: Mailscanner 4.59.4 and Mailwatch with clamd? Message-ID: <463834D1.8050602@openenterprise.ca> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: stork.vcf Type: text/x-vcard Size: 330 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070501/e04cf7fd/stork-0001.vcf From stork at openenterprise.ca Wed May 2 07:52:32 2007 From: stork at openenterprise.ca (Johnny Stork) Date: Wed May 2 07:52:39 2007 Subject: Mailscanner 4.59.4 and Mailwatch with clamd? In-Reply-To: <463834D1.8050602@openenterprise.ca> References: <463834D1.8050602@openenterprise.ca> Message-ID: <46383530.5000008@openenterprise.ca> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: stork.vcf Type: text/x-vcard Size: 330 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070501/16bd86b1/stork.vcf From benedict at kmun.gov.kw Wed May 2 07:31:23 2007 From: benedict at kmun.gov.kw (benedict@kmun.gov.kw) Date: Wed May 2 08:31:04 2007 Subject: query regading quarintine items Message-ID: <2487.62.150.152.42.1178087483.squirrel@webmail.baladia.gov.kw> dear All I have been recently using mailSacnner and its workin beautifully but i do have a query suppose i get an zip attachment which contains an exe file the mailscanner put the attachment in my quarantine directory which is perfect now the user says he recived it from trusted source and want the attachement how could i get the attachement back in his inbox so he could download it to his computer thnks and regards simon From bilias at edu.physics.uoc.gr Wed May 2 08:52:33 2007 From: bilias at edu.physics.uoc.gr (Kapetanakis Giannis) Date: Wed May 2 08:52:46 2007 Subject: Mailscanner 4.59.4 and Mailwatch with clamd? In-Reply-To: <463834D1.8050602@openenterprise.ca> References: <463834D1.8050602@openenterprise.ca> Message-ID: On Tue, 1 May 2007, Johnny Stork wrote: > Just upgraded to MS 4.59.4 and switched to clamd, but when I try to > get to the mailwatch interface I get > > *Error:* > Unable to select a regular expression for your primary virus scanner > (clamd) - please see the examples in functions.php to create one. > > but there does not appear to be any settings for using clamd? > > Any suggestions? That is not MailScanner's problem. It is mailwatch. anyway... edit functions.php and and add the above under the clamav definition case 'clamd': define(VIRUS_REGEX, '/(.+) contains (\S+)/'); break; Giannis From list-mailscanner at linguaphone.com Wed May 2 08:55:28 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed May 2 08:55:43 2007 Subject: query regading quarintine items In-Reply-To: <2487.62.150.152.42.1178087483.squirrel@webmail.baladia.gov.kw> References: <2487.62.150.152.42.1178087483.squirrel@webmail.baladia.gov.kw> Message-ID: <1178092528.17439.5.camel@gblades-suse.linguaphone-intranet.co.uk> On Wed, 2007-05-02 at 07:31, benedict@kmun.gov.kw wrote: > dear All > > > I have been recently using mailSacnner and its workin beautifully > > but i do have a query > > suppose i get an zip attachment which contains an exe file the mailscanner > put the attachment in my quarantine directory which is perfect > > now the user says he recived it from trusted source and want the attachement > > how could i get the attachement back in his inbox so he could download it > to his computer I would install Mailwatch and then you can release it from the quaranteen. You could even give the user an account and they can release their own messages if you wish. Note that mailwatch wont allow you to release a message if it contains a virus. From martinh at solidstatelogic.com Wed May 2 09:23:16 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed May 2 09:23:50 2007 Subject: SophosAVI In-Reply-To: <46377FCD.2080608@gold.ac.uk> Message-ID: <9edf4c5b34771e4b9445252efd4055fe@solidstatelogic.com> Eric 1) its cheaper - about 33% discount for the server last time I renewed (but that was about 3 years ago so I'm just about to find out by how much this time!) 2) It's faster - you don't have to start a new process to scan the email. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of e.bloodaxe@gold.ac.uk > Sent: 01 May 2007 18:59 > To: MailScanner discussion > Subject: SophosAVI > > Can someone point me to or tell me why I might want to use SophosAVI > over plain Sophos. although there is documenatation about how to > install SophosAVI > there is nothing telling me why I would want to do this. > > Eric > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From martinh at solidstatelogic.com Wed May 2 09:26:06 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed May 2 09:26:10 2007 Subject: ClamAV Module Core Dump In-Reply-To: <089CB271-EBCE-4738-9AF2-7F7867567CB3@technologytiger.net> Message-ID: <774368311c56f847880c7861fc0135b6@solidstatelogic.com> Drew I've never managed to get clammodule working with FreeBSD (well the 4.x version of FreeBSD). Just switched to the clamd version and it's working fine. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Drew Marshall > Sent: 01 May 2007 22:35 > To: MailScanner discussion > Subject: Re: ClamAV Module Core Dump > > On 1 May 2007, at 22:23, Ren? Berber wrote: > > > Drew Marshall wrote: > > > >> Ok another challenge that I hope you can help with. I am running a > >> FreeBSD 6 box that I have just upgraded to ClamAV 0.90.2 which was > >> upgraded from the ports tree. Knowing there can be issues, I also > >> forced an update (Which in effect recompiles) of the Clam perl > >> module. > > > > Which version of Mail::ClamAV? your long list below doesn't > > include it, version 0.20 is required. > > It is version 0.20, I forgot that it core dumped while trying to even > list it. > > > > > Did you also run ldconfig? (required when installing clamav-0.90.2) > > As part of the ports build process, I believe so. I normally just > portupgrade and sit back and wait. > > > > >> Restarted MailScanner and ever since MS core dumps. I can run MS > >> using ClamAV only but it makes quite a performance hit so I want > >> to get t reinstalled ASAP. > > > > You can also use clamd/clamdscan with the new beta version of MS or > > with a few changes to the version you have. > > True. > > > > >> Running in debug mode, I helpfully get: > >> root@mx1 /usr/local/etc/MailScanner # mailscanner --debug > >> In Debugging mode, not forking... > >> Segmentation fault > > > > Do you have a core file? can you run the debugger on it? > > No, I can't find the damn thing. I would have expected it to drop > into the directory that either I was in or MS was running in and > neither (Unless MS is cleaning it up when starting/ failing). > > Thanks for your help. > > Drew > -- > In line with our policy, this message has been scanned > for viruses and dangerous content by the Technology Tiger MailScanner. > Further information can be found at www.technologytiger.net/policy > > Technology Tiger Limited is registered in Scotland with registration > number: 310997 > Registered Office 55-57 West High Street Inverurie AB51 3QQ > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From martinh at solidstatelogic.com Wed May 2 09:27:38 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed May 2 09:27:43 2007 Subject: log message MailScanner: waiting for children to die In-Reply-To: <463829EE.7080009@filmakademie.de> Message-ID: <7749f34107be65419d7a566a3b67215f@solidstatelogic.com> Hi You say - 'old' configuration. Did you run the upgrade scripts to make sure new settings get inserted etc or just copy MailScanner.conf across? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of G?tz Reinicke > Sent: 02 May 2007 07:05 > To: mailscanner@lists.mailscanner.info > Subject: log message MailScanner: waiting for children to die > > Hi, > > we recently upgraded our mailserver from Red Hat Enterprise Linux 4 to > RHEL 5. We use the latest release of mailscanner and sendmail-8.13.8. > > Everything is up and running very good, beside I do get the following > message lots of time: > > MailScanner: waiting for children to die: Process did not exit cleanly, > returned 255 with signal 0 > > I'm using our "old" configuration from RHEL4 which worked without the > message for a couple off years. > > Any ideas or tips? > > > Best regards > > G?tz Reinicke > -- > G?tz Reinicke > IT Koordinator > > Tel. +49 7141 969 420 > Fax +49 7141 969 55 420 > E-Mail goetz.reinicke@filmakademie.de > > Filmakademie Baden-W?rttemberg GmbH > Mathildenstr. 20 > 71638 Ludwigsburg > www.filmakademie.de > > Eintragung Amtsgericht Stuttgart HRB 205016 > Vorsitzender des Aufsichtsrats: > Dr. Christoph Palmer, MdL, Minister a.D. > > Gesch?ftsf?hrer: > Prof. Thomas Schadt > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From a.peacock at chime.ucl.ac.uk Wed May 2 09:53:20 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Wed May 2 09:53:44 2007 Subject: A lot of spam getting through In-Reply-To: <04D932B0071FE34FA63EBB1977B48D15028171C9@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D15028171C9@woodenex.woodmaclaw.local> Message-ID: <46385180.5090601@chime.ucl.ac.uk> Hi, Billy A. Pumphrey wrote: >>> After looking at a few emails I can see that pyzor and DCC and bayes > are >>> scoring: >>> Score Matching Rule Description >>> cached not >>> score=24.094 >>> 6 required >>> autolearn=spam >>> 2.17 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) >>> 0.33 FH_DATE_ISNT_2006 >>> 0.77 FH_DATE_ISNT_200X >>> 0.40 FH_LEADINGPREP >>> 0.71 FS_START_BUY >>> 3.70 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) >>> 0.61 SARE_SXLIFE Talks about your sex life >>> 3.81 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist >>> 4.09 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist >>> 3.01 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist >>> 4.50 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist >> Are these the scores that your system gives to one of the emails that >> are gettig through? If so that scored 24 points. So this email > should >> have been filtered. This suggests to me that the problem isn't with > SA >> but with something in your MailScanner settings. >> > > This email was tagged as spam so good to go there. So, help us out and show us the scores and headers from one that does get through. We might be able to see where they are failing then. Even better... Save one of the misdiagnosed emails as a text file, post it to a web address and let us know. We can then run that email through our systems and tell you what scores we get and what rules helped. > >> If these aren't the scores from one of the emails that are getting >> through can you save an email to a text file and send the output of > the >> following command: >> >> spamassassin --test-mode < email.txt >> >> >> >> -- >> Anthony Peacock >> CHIME, Royal Free & University College Medical School >> WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ >> "If you have an apple and I have an apple and we exchange apples >> then you and I will still each have one apple. But if you have an >> idea and I have an idea and we exchange these ideas, then each of us >> will have two ideas." -- George Bernard Shaw >> -- > > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From goetz.reinicke at filmakademie.de Wed May 2 09:55:50 2007 From: goetz.reinicke at filmakademie.de (=?ISO-8859-1?Q?G=F6tz_Reinicke?=) Date: Wed May 2 09:56:03 2007 Subject: log message MailScanner: waiting for children to die In-Reply-To: <7749f34107be65419d7a566a3b67215f@solidstatelogic.com> References: <7749f34107be65419d7a566a3b67215f@solidstatelogic.com> Message-ID: <46385216.1070501@filmakademie.de> Hallo, yes, I run the upgrade scripts. Regards G?tz Martin.Hepworth schrieb: > Hi > > You say - 'old' configuration. Did you run the upgrade scripts to make > sure new settings get inserted etc or just copy MailScanner.conf across? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of G?tz Reinicke >> Sent: 02 May 2007 07:05 >> To: mailscanner@lists.mailscanner.info >> Subject: log message MailScanner: waiting for children to die >> >> Hi, >> >> we recently upgraded our mailserver from Red Hat Enterprise Linux 4 to >> RHEL 5. We use the latest release of mailscanner and sendmail-8.13.8. >> >> Everything is up and running very good, beside I do get the following >> message lots of time: >> >> MailScanner: waiting for children to die: Process did not exit > cleanly, >> returned 255 with signal 0 >> >> I'm using our "old" configuration from RHEL4 which worked without the >> message for a couple off years. -- G?tz Reinicke IT Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke@filmakademie.de Filmakademie Baden-W?rttemberg GmbH Mathildenstr. 20 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: Dr. Christoph Palmer, MdL, Minister a.D. Gesch?ftsf?hrer: Prof. Thomas Schadt From martinh at solidstatelogic.com Wed May 2 10:11:28 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed May 2 10:11:36 2007 Subject: log message MailScanner: waiting for children to die In-Reply-To: <46385216.1070501@filmakademie.de> Message-ID: OK, Can you do a MailScanner -v and post the output. I wonder if the upgrade to RHES5 broke something. Other thing to do is stop mailscanner then run, "MailScanner -debug" which will hopefully show you where things are breaking. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of G?tz Reinicke > Sent: 02 May 2007 09:56 > To: MailScanner discussion > Subject: Re: log message MailScanner: waiting for children to die > > Hallo, > > yes, I run the upgrade scripts. > > Regards > > G?tz > > Martin.Hepworth schrieb: > > Hi > > > > You say - 'old' configuration. Did you run the upgrade scripts to make > > sure new settings get inserted etc or just copy MailScanner.conf across? > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of G?tz Reinicke > >> Sent: 02 May 2007 07:05 > >> To: mailscanner@lists.mailscanner.info > >> Subject: log message MailScanner: waiting for children to die > >> > >> Hi, > >> > >> we recently upgraded our mailserver from Red Hat Enterprise Linux 4 to > >> RHEL 5. We use the latest release of mailscanner and sendmail-8.13.8. > >> > >> Everything is up and running very good, beside I do get the following > >> message lots of time: > >> > >> MailScanner: waiting for children to die: Process did not exit > > cleanly, > >> returned 255 with signal 0 > >> > >> I'm using our "old" configuration from RHEL4 which worked without the > >> message for a couple off years. > > > -- > G?tz Reinicke > IT Koordinator > > Tel. +49 7141 969 420 > Fax +49 7141 969 55 420 > E-Mail goetz.reinicke@filmakademie.de > > Filmakademie Baden-W?rttemberg GmbH > Mathildenstr. 20 > 71638 Ludwigsburg > www.filmakademie.de > > Eintragung Amtsgericht Stuttgart HRB 205016 > Vorsitzender des Aufsichtsrats: > Dr. Christoph Palmer, MdL, Minister a.D. > > Gesch?ftsf?hrer: > Prof. Thomas Schadt > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From fssilva at gmail.com Wed May 2 12:15:17 2007 From: fssilva at gmail.com (Fabio Silva) Date: Wed May 2 12:15:53 2007 Subject: Fwd: [shell-script] Oportunidade - TALENT FOUR/ Administrador de Redes e Sistemas - LINUX In-Reply-To: <6C590FEEFDEC05478512F3771363C6DB489830@tfcmail02.tfc.com.br> References: <6C590FEEFDEC05478512F3771363C6DB489830@tfcmail02.tfc.com.br> Message-ID: ---------- Forwarded message ---------- From: Renata Dardis de Souza Date: Apr 30, 2007 4:30 PM Subject: [shell-script] Oportunidade - TALENT FOUR/ Administrador de Redes e Sistemas - LINUX To: shell-script@yahoogrupos.com.br Ol? Grupo, Boa tarde!!!! A Talent Four Consulting ? uma empresa de consultoria em projetos de Tecnologia da Informa??o, especializada em servi?os e terceiriza??o de Profissionais. Atuamos em servi?os de Body Shop, Desenvolvimento de Sistemas, F?brica de Software e Documenta??o de Sistemas Legados, Help Desk e Recrutamento e Sele??o (exclusivamente para profissionais de T.I). Nosso quadro de consultores contempla mais de 300 Profissionais ativos com capilaridade nacional de atendimento. Acesse nosso site: www.talentfour.com.br e verifique todas as nossas oportunidades e servi?os. Favor encaminhar curr?culos para renata.souza@talentfour.com.br ADMINISTRADOR DE REDES E SISTEMAS Experi?ncia: Sistemas Operacionais: Linux (Dom?nio) Linguagens de programa??o, Shell Script, Perl Servi?os/Aplicativos de redes de computadores: SNMP, SMTP, POP, IMAP, Samba, HTTP, VPN Hardware: Conhecimentos Avan?ados Switches e Roteadores: Exigido Conhecimento em ITIL: Exigido P?s-graduado em Administra??o de Redes, Gest?o de TI e/ou Gerenciamento de Projetos em ?nfase em Ti Certifica??es (Exigido): CCNA, LPI, MCSE Gest?o de redes, sistemas operacionais e hardwares Gest?o de monitoramento do ambiente computacional Gera??o de relat?rios relacionados ao ambiente gerenciado Idiomas: Ingl?s - Fluente Espanhol - Intermedi?rio Contrata??o: CLT - diretamente pelo cliente. Hor?rio de Expediente: 08h00 as 17h00 - flexibilidade para trabalhos espor?dicos fora do hor?rio de expediente Local de trabalho: Vl Ol?mpia - S?o Paulo - SP Disponibilidade: Imediata. Caso houver indica??es de profissionais dentro deste perfil, ficarei aguardando. OS: C.Vs fora do perfil ser?o desconsiderados automaticamente. Att, Renata Dardis de Souza Talent Four - Analista de RH Avenida Dr. Cardoso de Melo, 1608 4o. Vila Ol?mpia 04548-005 S?o Paulo-SP Fone: 55 11 3848-4445 Celular: 55 11 9283-9093 E-mail: renata.souza@talentfour.com.br www.talentfour.com.br [As partes desta mensagem que n?o continham texto foram removidas] __._,_.___ Mensagens neste t?pico ( 1) Responder (atrav?s da web) | Adicionar um novo t?pico Mensagens| Arquivos| Fotos| Links --------------------------------------------------------------------- Esta lista n?o admite a abordagem de outras liguagens de programa??o, como perl, C etc. Quem insistir em n?o seguir esta regra ser? moderado sem pr?vio aviso. --------------------------------------------------------------------- Sair da lista: shell-script-unsubscribe@yahoogrupos.com.br --------------------------------------------------------------------- Esta lista ? moderada de acordo com o previsto em http://www.listas-discussao.cjb.net --------------------------------------------------------------------- Servidor Newsgroup da lista: news.gmane.org Grupo: gmane.org.user-groups.programming.shell.brazil [image: Yahoo! Grupos] Alterar configura??es via web(Requer Yahoo! ID) Alterar configura??es via e-mail: Alterar recebimento para lista di?ria de mensagens| Alterar formato para o tradicional Visite seu Grupo | Termos de uso do Yahoo! Grupos | Sair do grupo Atividade nos ?ltimos dias - 21 Novos usu?rios Visite seu Grupo Yahoo! Mail Conecte-se ao mundo Prote??o anti-spam Muito mais espa?o Yahoo! Barra Instale gr?tis Buscar sites na web Checar seus e-mails . Yahoo! Grupos Crie seu pr?prio grupo A melhor forma de comunica??o . __,_._,___ -- Fabio S. Silva -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070502/f8be7ff7/attachment.html From rcooper at dwford.com Wed May 2 12:43:55 2007 From: rcooper at dwford.com (Rick Cooper) Date: Wed May 2 12:44:01 2007 Subject: Mailscanner 4.59.4 and Mailwatch with clamd? In-Reply-To: <46383530.5000008@openenterprise.ca> References: <463834D1.8050602@openenterprise.ca> <46383530.5000008@openenterprise.ca> Message-ID: <032101c78caf$2a805f50$0301a8c0@SAHOMELT> ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Johnny Stork Sent: Wednesday, May 02, 2007 2:53 AM To: MailScanner discussion Subject: Re: Mailscanner 4.59.4 and Mailwatch with clamd? oops...meant to send this to the mailwatch list....sorry....but feel free to answer if someone has a solution. Johnny Stork wrote: Just upgraded to MS 4.59.4 and switched to clamd, but when I try to get to the mailwatch interface I get Error: Unable to select a regular expression for your primary virus scanner (clamd) - please see the examples in functions.php to create one. but there does not appear to be any settings for using clamd? Any suggestions? [..] Find functions.php in your MailWatch web directory (ie /var/www/html/mailscanner). Open functions.php in an editor and look for (about line 71) : case 'clamav': define(VIRUS_REGEX, '/(.+) contains (\S+)/'); break; Insert below the "break;" line: case 'clamd': define(VIRUS_REGEX, '/(.+) contains (\S+)/'); break; I don't remember if you need to restart MS, I would think not. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From goetz.reinicke at filmakademie.de Wed May 2 13:24:16 2007 From: goetz.reinicke at filmakademie.de (=?ISO-8859-1?Q?G=F6tz_Reinicke?=) Date: Wed May 2 13:24:23 2007 Subject: log message MailScanner: waiting for children to die In-Reply-To: References: Message-ID: <463882F0.3060207@filmakademie.de> Martin.Hepworth schrieb: > OK, > > Can you do a MailScanner -v and post the output. I wonder if the upgrade > to RHES5 broke something. [root@mail en]# MailScanner -v Running on Linux mail.filmakademie.de 2.6.18-8.1.1.el5 #1 SMP Mon Feb 26 20:38:02 EST 2007 i686 i686 i386 GNU/Linux This is Red Hat Enterprise Linux Server release 5 (Tikanga) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.59.4 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.04 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.16 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.55 HTML::Parser 2.37 HTML::TokeParser 1.22 IO 1.13 IO::File 1.13 IO::Pipe 1.76 Mail::Header 3.05 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.03 MIME::QuotedPrint 5.420 MIME::Tools 0.11 Net::CIDR 1.09 POSIX 1.78 Socket 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.814 DB_File 1.13 DBD::SQLite 1.52 DBI 1.14 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 0.44 Inline missing Mail::ClamAV 3.001008 Mail::SpamAssassin 1.999001 Mail::SPF::Query 0.20 Net::CIDR::Lite 1.25 Net::IP 0.59 Net::DNS 0.32 Net::LDAP missing Parse::RecDescent missing SAVI 2.56 Test::Harness 0.62 Test::Simple 1.95 Text::Balanced 1.35 URI > > Other thing to do is stop mailscanner then run, "MailScanner -debug" > which will hopefully show you where things are breaking. This didn't show anything yet ... Thanks and regards G?tz -- G?tz Reinicke IT Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke@filmakademie.de Filmakademie Baden-W?rttemberg GmbH Mathildenstr. 20 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: Dr. Christoph Palmer, MdL, Minister a.D. Gesch?ftsf?hrer: Prof. Thomas Schadt From list-mailscanner at linguaphone.com Wed May 2 13:25:48 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed May 2 13:26:08 2007 Subject: Spam detection rates Message-ID: <1178108748.17627.17.camel@gblades-suse.linguaphone-intranet.co.uk> I was wondering what sort of detection rates people are getting when using Mailscanner. Our old spamassassin 2.64 based system was only getting about 80% but with Mailscanner and the latest software we seem to be getting over 99.5% which is extremely good. False positives are very low aswell. We do tend to be very strict about pictures attached to emails as I think we have a few rules which do the same sort of checks. Some external people using the incredimail 'piece of cr**p' mail client get a continuous score about 4.3 which leaves the AWL little room to bring the occasional higher scoring mail back below the 5.0 threshold. It hasn't caused any people to complain though. From martinh at solidstatelogic.com Wed May 2 13:42:56 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed May 2 13:43:07 2007 Subject: Spam detection rates In-Reply-To: <1178108748.17627.17.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <4ba8efec2dc55e4fb46d4580263ece61@solidstatelogic.com> About the same - I've got lots of extra rules and also use dcc/pyzor etc so it's difficult to say there's been an improvement as I updated from 2.64 when 3.01 came along a few years ago. BTW - any just noticed 3.2.0 has been released ! -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Gareth > Sent: 02 May 2007 13:26 > To: mailscanner@lists.mailscanner.info > Subject: Spam detection rates > > I was wondering what sort of detection rates people are getting when > using Mailscanner. > Our old spamassassin 2.64 based system was only getting about 80% but > with Mailscanner and the latest software we seem to be getting over > 99.5% which is extremely good. False positives are very low aswell. > > We do tend to be very strict about pictures attached to emails as I > think we have a few rules which do the same sort of checks. Some > external people using the incredimail 'piece of cr**p' mail client get a > continuous score about 4.3 which leaves the AWL little room to bring the > occasional higher scoring mail back below the 5.0 threshold. It hasn't > caused any people to complain though. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From dominian at slackadelic.com Wed May 2 13:43:09 2007 From: dominian at slackadelic.com (Matt Hayes) Date: Wed May 2 13:43:21 2007 Subject: Mailscanner 4.59.4 and Mailwatch with clamd? In-Reply-To: <46383530.5000008@openenterprise.ca> References: <463834D1.8050602@openenterprise.ca> <46383530.5000008@openenterprise.ca> Message-ID: <4638875D.5090800@slackadelic.com> Johnny Stork wrote: > oops...meant to send this to the mailwatch list....sorry....but feel > free to answer if someone has a solution. > > Johnny Stork wrote: >> Just upgraded to MS 4.59.4 and switched to clamd, but when I try to >> get to the mailwatch interface I get >> >> *Error:* >> Unable to select a regular expression for your primary virus scanner >> (clamd) - please see the examples in functions.php to create one. >> >> but there does not appear to be any settings for using clamd? >> >> Any suggestions? >> What you need to do is add in another antivirus for mailwatch to use. In your mailwatch directory in the functions.php just under the clamavmodule definition I added: case 'clamd': define(VIRUS_REGEX, '/(.+) contains (\S+)/'); break; Then mailwatch works fine :) -Matt From prandal at herefordshire.gov.uk Wed May 2 13:42:57 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed May 2 13:43:22 2007 Subject: Spam detection rates In-Reply-To: <1178108748.17627.17.camel@gblades-suse.linguaphone-intranet.co.uk> References: <1178108748.17627.17.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA9222C4@HC-MBX02.herefordshire.gov.uk> We consistently get over 99.5% of spam too. Last month we blocked around 260,000 at the sendmail level (cbl.abuseat.org RBL and GreetPause), and 400,000 in MailScanner. Spam seems to be around 75% of total emails here. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Gareth > Sent: 02 May 2007 13:26 > To: mailscanner@lists.mailscanner.info > Subject: Spam detection rates > > I was wondering what sort of detection rates people are getting when > using Mailscanner. > Our old spamassassin 2.64 based system was only getting about 80% but > with Mailscanner and the latest software we seem to be getting over > 99.5% which is extremely good. False positives are very low aswell. > > We do tend to be very strict about pictures attached to emails as I > think we have a few rules which do the same sort of checks. Some > external people using the incredimail 'piece of cr**p' mail > client get a > continuous score about 4.3 which leaves the AWL little room > to bring the > occasional higher scoring mail back below the 5.0 threshold. It hasn't > caused any people to complain though. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From jonbjorn at mbl.is Wed May 2 14:39:33 2007 From: jonbjorn at mbl.is (Jon Bjorn Njalsson) Date: Wed May 2 14:39:50 2007 Subject: No Programs allowed Message-ID: <1178113173.14147.16.camel@viper.mbl.is> Why does MS think msg-26670-41.txt is a program ? MailScanner: No programs allowed (msg-26670-41.txt) regards Jon Bjorn From martinh at solidstatelogic.com Wed May 2 14:44:21 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed May 2 14:44:21 2007 Subject: No Programs allowed In-Reply-To: <1178113173.14147.16.camel@viper.mbl.is> Message-ID: Jon The file command is showing it as a program. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jon Bjorn Njalsson > Sent: 02 May 2007 14:40 > To: MailScanner discussion > Subject: No Programs allowed > > Why does MS think msg-26670-41.txt is a program ? > > MailScanner: No programs allowed (msg-26670-41.txt) > > regards > Jon Bjorn > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From jonbjorn at mbl.is Wed May 2 14:48:46 2007 From: jonbjorn at mbl.is (Jon Bjorn Njalsson) Date: Wed May 2 14:48:58 2007 Subject: No Programs allowed In-Reply-To: References: Message-ID: <1178113726.14147.20.camel@viper.mbl.is> so is it safe to disable File Command = /usr/bin/file ? On mi?, 2007-05-02 at 14:44 +0100, Martin.Hepworth wrote: > Jon > > The file command is showing it as a program. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Jon Bjorn Njalsson > > Sent: 02 May 2007 14:40 > > To: MailScanner discussion > > Subject: No Programs allowed > > > > Why does MS think msg-26670-41.txt is a program ? > > > > MailScanner: No programs allowed (msg-26670-41.txt) > > > > regards > > Jon Bjorn > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > From list-mailscanner at linguaphone.com Wed May 2 14:51:01 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed May 2 14:51:17 2007 Subject: No Programs allowed In-Reply-To: <1178113173.14147.16.camel@viper.mbl.is> References: <1178113173.14147.16.camel@viper.mbl.is> Message-ID: <1178113860.17628.21.camel@gblades-suse.linguaphone-intranet.co.uk> On Wed, 2007-05-02 at 14:39, Jon Bjorn Njalsson wrote: > Why does MS think msg-26670-41.txt is a program ? > > MailScanner: No programs allowed (msg-26670-41.txt) > > regards > Jon Bjorn One of the checks Mailscanner does is use the 'file' command to check the actual type of the file. I have seen it get confused sometimes when a TNEF is decoded and the body message in the form you describe. I assume the message is in a foreign character set or may even be corrupt. From martinh at solidstatelogic.com Wed May 2 14:52:02 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed May 2 14:52:14 2007 Subject: No Programs allowed In-Reply-To: <1178113726.14147.20.camel@viper.mbl.is> Message-ID: <7c1f6fd152c6644ba6e543b0384f6f4a@solidstatelogic.com> I wouldn't advise it - why is that file showing as a program when file runs against it.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jon Bjorn Njalsson > Sent: 02 May 2007 14:49 > To: MailScanner discussion > Subject: RE: No Programs allowed > > so is it safe to disable File Command = /usr/bin/file ? > > On mi?, 2007-05-02 at 14:44 +0100, Martin.Hepworth wrote: > > Jon > > > > The file command is showing it as a program. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Jon Bjorn Njalsson > > > Sent: 02 May 2007 14:40 > > > To: MailScanner discussion > > > Subject: No Programs allowed > > > > > > Why does MS think msg-26670-41.txt is a program ? > > > > > > MailScanner: No programs allowed (msg-26670-41.txt) > > > > > > regards > > > Jon Bjorn > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are intended for the > > addressee only and may be confidential. If they come to you in error > > you must take no action based on them, nor must you copy or show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > > > Opinion : Any opinions expressed in this e-mail are entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data corruption. We advise > > that you consider this fact when e-mailing us. > > > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales > > (Company No:5362730) > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > United Kingdom > > ********************************************************************** > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From pete at enitech.com.au Wed May 2 15:00:20 2007 From: pete at enitech.com.au (Pete Russell) Date: Wed May 2 15:00:32 2007 Subject: Spam detection rates In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA9222C4@HC-MBX02.herefordshire.gov.uk> References: <1178108748.17627.17.camel@gblades-suse.linguaphone-intranet.co.uk> <7EF0EE5CB3B263488C8C18823239BEBA9222C4@HC-MBX02.herefordshire.gov.uk> Message-ID: <46389974.9060000@enitech.com.au> I dont see how its possible to measure. Unless users report (and you count) every single spam they receive that they shouldnt have. I can tell you that my systems cathc more FPs and less spam than they did 6 months ago. Maybe its a sing i need fuzzy ocr and greylisting? Hope the new MS and SA this month will cure some of it. Randal, Phil wrote: > We consistently get over 99.5% of spam too. > > Last month we blocked around 260,000 at the sendmail level > (cbl.abuseat.org RBL and GreetPause), and 400,000 in MailScanner. > > Spam seems to be around 75% of total emails here. > > Cheers, > > Phil > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Gareth >> Sent: 02 May 2007 13:26 >> To: mailscanner@lists.mailscanner.info >> Subject: Spam detection rates >> >> I was wondering what sort of detection rates people are getting when >> using Mailscanner. >> Our old spamassassin 2.64 based system was only getting about 80% but >> with Mailscanner and the latest software we seem to be getting over >> 99.5% which is extremely good. False positives are very low aswell. >> >> We do tend to be very strict about pictures attached to emails as I >> think we have a few rules which do the same sort of checks. Some >> external people using the incredimail 'piece of cr**p' mail >> client get a >> continuous score about 4.3 which leaves the AWL little room >> to bring the >> occasional higher scoring mail back below the 5.0 threshold. It hasn't >> caused any people to complain though. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> From jon at radel.com Wed May 2 15:07:45 2007 From: jon at radel.com (Jon Radel) Date: Wed May 2 15:07:59 2007 Subject: No Programs allowed In-Reply-To: <1178113726.14147.20.camel@viper.mbl.is> References: <1178113726.14147.20.camel@viper.mbl.is> Message-ID: <46389B31.4040809@radel.com> Jon Bjorn Njalsson wrote: > so is it safe to disable File Command = /usr/bin/file ? That would be between you, your management (if any), and your security policy (should you have one). What I would consider not safe at all is expecting us to know the local factors that govern the trade offs between: * The low probability, but potentially extremely expensive, scenario where file turns out to have been capable of catching that brand new nasty that just reduced your LAN to a smoldering ruin, and * The much higher probability, but much lower cost, cases of false positives. --Jon Radel -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2890 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070502/9928ebbc/smime.bin From jonbjorn at mbl.is Wed May 2 15:14:47 2007 From: jonbjorn at mbl.is (Jon Bjorn Njalsson) Date: Wed May 2 15:15:04 2007 Subject: No Programs allowed In-Reply-To: <7c1f6fd152c6644ba6e543b0384f6f4a@solidstatelogic.com> References: <7c1f6fd152c6644ba6e543b0384f6f4a@solidstatelogic.com> Message-ID: <1178115287.14147.24.camel@viper.mbl.is> I have no idea, looking at the message in mailwatch I see at the bottom of the page File msg-26492-33.txt Type text/plain; charset=iso-8859-1 and the file command run against message body says ASCII HTML document text. On mi?, 2007-05-02 at 14:52 +0100, Martin.Hepworth wrote: > I wouldn't advise it - why is that file showing as a program when file > runs against it.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Jon Bjorn Njalsson > > Sent: 02 May 2007 14:49 > > To: MailScanner discussion > > Subject: RE: No Programs allowed > > > > so is it safe to disable File Command = /usr/bin/file ? > > > > On mi?, 2007-05-02 at 14:44 +0100, Martin.Hepworth wrote: > > > Jon > > > > > > The file command is showing it as a program. > > > > > > -- > > > Martin Hepworth > > > Snr Systems Administrator > > > Solid State Logic > > > Tel: +44 (0)1865 842300 > > > > > > > -----Original Message----- > > > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > > > bounces@lists.mailscanner.info] On Behalf Of Jon Bjorn Njalsson > > > > Sent: 02 May 2007 14:40 > > > > To: MailScanner discussion > > > > Subject: No Programs allowed > > > > > > > > Why does MS think msg-26670-41.txt is a program ? > > > > > > > > MailScanner: No programs allowed (msg-26670-41.txt) > > > > > > > > regards > > > > Jon Bjorn > > > > > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > > > > ********************************************************************** > > > Confidentiality : This e-mail and any attachments are intended for > the > > > addressee only and may be confidential. If they come to you in error > > > you must take no action based on them, nor must you copy or show > them > > > to anyone. Please advise the sender by replying to this e-mail > > > immediately and then delete the original from your computer. > > > > > > Opinion : Any opinions expressed in this e-mail are entirely those > of > > > the author and unless specifically stated to the contrary, are not > > > necessarily those of the author's employer. > > > > > > Security Warning : Internet e-mail is not necessarily a secure > > > communications medium and can be subject to data corruption. We > advise > > > that you consider this fact when e-mailing us. > > > > > > Viruses : We have taken steps to ensure that this e-mail and any > > > attachments are free from known viruses but in keeping with good > > > computing practice, you should ensure that they are virus free. > > > > > > Red Lion 49 Ltd T/A Solid State Logic > > > Registered as a limited company in England and Wales > > > (Company No:5362730) > > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > > United Kingdom > > > > ********************************************************************** > > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > From martinh at solidstatelogic.com Wed May 2 15:21:37 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed May 2 15:21:33 2007 Subject: No Programs allowed In-Reply-To: <1178115287.14147.24.camel@viper.mbl.is> Message-ID: <9fdae64d9cb45742839ee4b8c753c7c3@solidstatelogic.com> Jon Any attachments in the email? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jon Bjorn Njalsson > Sent: 02 May 2007 15:15 > To: MailScanner discussion > Subject: RE: No Programs allowed > > I have no idea, looking at the message in mailwatch I see at the bottom > of the page File msg-26492-33.txt Type text/plain; charset=iso-8859-1 > and the file command run against message body says ASCII HTML document > text. > > On mi?, 2007-05-02 at 14:52 +0100, Martin.Hepworth wrote: > > I wouldn't advise it - why is that file showing as a program when file > > runs against it.. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Jon Bjorn Njalsson > > > Sent: 02 May 2007 14:49 > > > To: MailScanner discussion > > > Subject: RE: No Programs allowed > > > > > > so is it safe to disable File Command = /usr/bin/file ? > > > > > > On mi?, 2007-05-02 at 14:44 +0100, Martin.Hepworth wrote: > > > > Jon > > > > > > > > The file command is showing it as a program. > > > > > > > > -- > > > > Martin Hepworth > > > > Snr Systems Administrator > > > > Solid State Logic > > > > Tel: +44 (0)1865 842300 > > > > > > > > > -----Original Message----- > > > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner- > > > > > bounces@lists.mailscanner.info] On Behalf Of Jon Bjorn Njalsson > > > > > Sent: 02 May 2007 14:40 > > > > > To: MailScanner discussion > > > > > Subject: No Programs allowed > > > > > > > > > > Why does MS think msg-26670-41.txt is a program ? > > > > > > > > > > MailScanner: No programs allowed (msg-26670-41.txt) > > > > > > > > > > regards > > > > > Jon Bjorn > > > > > > > > > > -- > > > > > MailScanner mailing list > > > > > mailscanner@lists.mailscanner.info > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > > > > > > > > > > ********************************************************************** > > > > Confidentiality : This e-mail and any attachments are intended for > > the > > > > addressee only and may be confidential. If they come to you in error > > > > you must take no action based on them, nor must you copy or show > > them > > > > to anyone. Please advise the sender by replying to this e-mail > > > > immediately and then delete the original from your computer. > > > > > > > > Opinion : Any opinions expressed in this e-mail are entirely those > > of > > > > the author and unless specifically stated to the contrary, are not > > > > necessarily those of the author's employer. > > > > > > > > Security Warning : Internet e-mail is not necessarily a secure > > > > communications medium and can be subject to data corruption. We > > advise > > > > that you consider this fact when e-mailing us. > > > > > > > > Viruses : We have taken steps to ensure that this e-mail and any > > > > attachments are free from known viruses but in keeping with good > > > > computing practice, you should ensure that they are virus free. > > > > > > > > Red Lion 49 Ltd T/A Solid State Logic > > > > Registered as a limited company in England and Wales > > > > (Company No:5362730) > > > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > > > United Kingdom > > > > > > ********************************************************************** > > > > > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are intended for the > > addressee only and may be confidential. If they come to you in error > > you must take no action based on them, nor must you copy or show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > > > Opinion : Any opinions expressed in this e-mail are entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data corruption. We advise > > that you consider this fact when e-mailing us. > > > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales > > (Company No:5362730) > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > United Kingdom > > ********************************************************************** > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From glenn.steen at gmail.com Wed May 2 15:27:08 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed May 2 15:27:11 2007 Subject: No Programs allowed In-Reply-To: <1178115287.14147.24.camel@viper.mbl.is> References: <7c1f6fd152c6644ba6e543b0384f6f4a@solidstatelogic.com> <1178115287.14147.24.camel@viper.mbl.is> Message-ID: <223f97700705020727i503181cdp1598aebd456a1c64@mail.gmail.com> On 02/05/07, Jon Bjorn Njalsson wrote: > I have no idea, looking at the message in mailwatch I see at the bottom > of the page File msg-26492-33.txt Type text/plain; charset=iso-8859-1 > and the file command run against message body says ASCII HTML document > text. So it is already decoded to its own file in the quarantine... If you run file on that file, what does it (literally) say? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ajs at vifilfell.is Wed May 2 15:30:40 2007 From: ajs at vifilfell.is (ajs@vifilfell.is) Date: Wed May 2 15:33:04 2007 Subject: No Programs allowed In-Reply-To: <223f97700705020727i503181cdp1598aebd456a1c64@mail.gmail.com> Message-ID: This is related to the letter '?'. If a mail or an attachment starts with this character (hex 0xC9), file flags the mail as a DOS executable. Regards, Asgeir. "Glenn Steen" Sent by: mailscanner-bounces@lists.mailscanner.info 02.05.2007 14:27 Please respond to MailScanner discussion To "MailScanner discussion" cc Subject Re: No Programs allowed On 02/05/07, Jon Bjorn Njalsson wrote: > I have no idea, looking at the message in mailwatch I see at the bottom > of the page File msg-26492-33.txt Type text/plain; charset=iso-8859-1 > and the file command run against message body says ASCII HTML document > text. So it is already decoded to its own file in the quarantine... If you run file on that file, what does it (literally) say? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070502/bf3a9b69/attachment-0001.html From ajs at vifilfell.is Wed May 2 15:34:41 2007 From: ajs at vifilfell.is (ajs@vifilfell.is) Date: Wed May 2 15:37:04 2007 Subject: No Programs allowed In-Reply-To: <223f97700705020727i503181cdp1598aebd456a1c64@mail.gmail.com> Message-ID: forgot to add, that it is possible to edit the file 'magic' so that emails starting with this letter will no longer get flagged as a DOS executable Asgeir. "Glenn Steen" Sent by: mailscanner-bounces@lists.mailscanner.info 02.05.2007 14:27 Please respond to MailScanner discussion To "MailScanner discussion" cc Subject Re: No Programs allowed On 02/05/07, Jon Bjorn Njalsson wrote: > I have no idea, looking at the message in mailwatch I see at the bottom > of the page File msg-26492-33.txt Type text/plain; charset=iso-8859-1 > and the file command run against message body says ASCII HTML document > text. So it is already decoded to its own file in the quarantine... If you run file on that file, what does it (literally) say? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070502/d81c2c16/attachment.html From glenn.steen at gmail.com Wed May 2 15:46:33 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed May 2 15:46:37 2007 Subject: No Programs allowed In-Reply-To: References: <223f97700705020727i503181cdp1598aebd456a1c64@mail.gmail.com> Message-ID: <223f97700705020746u3015ab59r3cdbe3c0dac2f7c5@mail.gmail.com> On 02/05/07, ajs@vifilfell.is wrote: > > forgot to add, that it is possible to edit the file 'magic' so that emails starting with this letter will no longer get flagged as a DOS executable > > Asgeir. > Yes Asgeir, this may very well be the case this time too... We're slowly moving in this direction:-). Personally I tend to want the complete picture, or do some "nudging" (by way of some well phrased (hopefully:) questions) before stating my pet guess as fact though...;) As I'm sure you've noted (while checking over your own magic file) there are a few other "possible misdetections" in there;-). BTW, could you refrain from HTML mails to the list? Please... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ajs at vifilfell.is Wed May 2 16:00:43 2007 From: ajs at vifilfell.is (ajs@vifilfell.is) Date: Wed May 2 16:03:06 2007 Subject: No Programs allowed In-Reply-To: <223f97700705020746u3015ab59r3cdbe3c0dac2f7c5@mail.gmail.com> Message-ID: this is the case, Jon has tried the solution I pm-ed him and it works. I use Lotus for email and sometimes forget to switch to plain text when sending email to mailing list, will try to remember it next time. cheers, asgeir, "Glenn Steen" Sent by: mailscanner-bounces@lists.mailscanner.info 02.05.2007 14:46 Please respond to MailScanner discussion To "MailScanner discussion" cc Subject Re: No Programs allowed On 02/05/07, ajs@vifilfell.is wrote: > > forgot to add, that it is possible to edit the file 'magic' so that emails starting with this letter will no longer get flagged as a DOS executable > > Asgeir. > Yes Asgeir, this may very well be the case this time too... We're slowly moving in this direction:-). Personally I tend to want the complete picture, or do some "nudging" (by way of some well phrased (hopefully:) questions) before stating my pet guess as fact though...;) As I'm sure you've noted (while checking over your own magic file) there are a few other "possible misdetections" in there;-). BTW, could you refrain from HTML mails to the list? Please... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From paul.hutchings at mira.co.uk Wed May 2 16:25:49 2007 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Wed May 2 16:26:58 2007 Subject: 32 bit distro or 64? Message-ID: Again probably not a MailScanner specific query but as this box is specifically to run MailScanner I'll ask here. I have a new DL360 G5 and I'm planning on installing OpenSuse 10.2. Should I be using the 32 bit or 64 bit with regards to MailScanner, basically are there any reasons to choose one over the other? The box has 2gb of RAM so there's no "large memory" type issues involved it's purely why I might choose one over the other for this application. Cheers, Paul Paul Hutchings Network Administrator, MIRA Ltd. Tel: 44 (0)24 7635 5378 Fax: 44 (0)24 7635 8378 mailto:paul.hutchings@mira.co.uk -- MIRA Ltd. Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070502/1d128d31/attachment.html From amaclach at yahoo.co.uk Wed May 2 16:33:55 2007 From: amaclach at yahoo.co.uk (Andrew MacLachlan) Date: Wed May 2 16:33:56 2007 Subject: Spam detection rates Message-ID: <20070502153355.21002.qmail@web26306.mail.ukl.yahoo.com> SQLgrey is very effective at the postfix level - and cheap in terms of system resources. You just need a mysql database you can attach to. I have used postgrey in the past but it's not nice to manage. Regards, Andrew MacLachlan ----- Original Message ---- From: Pete Russell To: MailScanner discussion Sent: Wednesday, 2 May, 2007 3:00:20 PM Subject: Re: Spam detection rates I dont see how its possible to measure. Unless users report (and you count) every single spam they receive that they shouldnt have. I can tell you that my systems cathc more FPs and less spam than they did 6 months ago. Maybe its a sing i need fuzzy ocr and greylisting? Hope the new MS and SA this month will cure some of it. Randal, Phil wrote: > We consistently get over 99.5% of spam too. > > Last month we blocked around 260,000 at the sendmail level > (cbl.abuseat.org RBL and GreetPause), and 400,000 in MailScanner. > > Spam seems to be around 75% of total emails here. > > Cheers, > > Phil > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Gareth >> Sent: 02 May 2007 13:26 >> To: mailscanner@lists.mailscanner.info >> Subject: Spam detection rates >> >> I was wondering what sort of detection rates people are getting when >> using Mailscanner. >> Our old spamassassin 2.64 based system was only getting about 80% but >> with Mailscanner and the latest software we seem to be getting over >> 99.5% which is extremely good. False positives are very low aswell. >> >> We do tend to be very strict about pictures attached to emails as I >> think we have a few rules which do the same sort of checks. Some >> external people using the incredimail 'piece of cr**p' mail >> client get a >> continuous score about 4.3 which leaves the AWL little room >> to bring the >> occasional higher scoring mail back below the 5.0 threshold. It hasn't >> caused any people to complain though. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From cleveland at winnefox.org Wed May 2 16:46:59 2007 From: cleveland at winnefox.org (Jody Cleveland) Date: Wed May 2 16:47:03 2007 Subject: Can't locate Convert/BinHex.pm in @INC Message-ID: Hello, I just tried to install the latest version of MailScanner on my RedHat 5 server, and I get this error when trying to start mailscanner: Starting MailScanner daemons: incoming postfix: [ OK ] outgoing postfix: [ OK ] MailScanner: Can't locate Convert/BinHex.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.8/i386-linux-thread-multi /usr/lib/perl5/5.8.8 . /usr/lib/MailScanner) at /usr/lib/perl5/site_perl/5.8.8/MIME/Decoder/BinHex.pm line 44. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/MIME/Decoder/BinHex.pm line 44. Compilation failed in require at /usr/lib/MailScanner/MailScanner/Message.pm line 43. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Message.pm line 43. Compilation failed in require at /usr/sbin/MailScanner line 79. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. I checked, and Convert::BinHex is installed. Any ideas what may be wrong? - jody From prandal at herefordshire.gov.uk Wed May 2 15:56:19 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed May 2 17:19:39 2007 Subject: Spam detection rates In-Reply-To: <46389974.9060000@enitech.com.au> References: <1178108748.17627.17.camel@gblades-suse.linguaphone-intranet.co.uk><7EF0EE5CB3B263488C8C18823239BEBA9222C4@HC-MBX02.herefordshire.gov.uk> <46389974.9060000@enitech.com.au> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA92230B@HC-MBX02.herefordshire.gov.uk> We have a zealous bunch of users who love reporting spam which gets through to their inboxes to me. And I do spot checks of our Mailwatch logs from time to time. About 3000 emails get flagged as low-scoring (possible) spam here, and delivered. Of those around 80% are spam, the rest are what I call "subscriber spam" - special offers mailing lists, etc. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Pete Russell > Sent: 02 May 2007 15:00 > To: MailScanner discussion > Subject: Re: Spam detection rates > > I dont see how its possible to measure. Unless users report (and you > count) every single spam they receive that they shouldnt have. > > I can tell you that my systems cathc more FPs and less spam than they > did 6 months ago. Maybe its a sing i need fuzzy ocr and greylisting? > > Hope the new MS and SA this month will cure some of it. > > > Randal, Phil wrote: > > We consistently get over 99.5% of spam too. > > > > Last month we blocked around 260,000 at the sendmail level > > (cbl.abuseat.org RBL and GreetPause), and 400,000 in MailScanner. > > > > Spam seems to be around 75% of total emails here. > > > > Cheers, > > > > Phil > > -- > > Phil Randal > > Network Engineer > > Herefordshire Council > > Hereford, UK > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > >> Of Gareth > >> Sent: 02 May 2007 13:26 > >> To: mailscanner@lists.mailscanner.info > >> Subject: Spam detection rates > >> > >> I was wondering what sort of detection rates people are > getting when > >> using Mailscanner. > >> Our old spamassassin 2.64 based system was only getting > about 80% but > >> with Mailscanner and the latest software we seem to be getting over > >> 99.5% which is extremely good. False positives are very low aswell. > >> > >> We do tend to be very strict about pictures attached to emails as I > >> think we have a few rules which do the same sort of checks. Some > >> external people using the incredimail 'piece of cr**p' mail > >> client get a > >> continuous score about 4.3 which leaves the AWL little room > >> to bring the > >> occasional higher scoring mail back below the 5.0 > threshold. It hasn't > >> caused any people to complain though. > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From bpumphrey at woodmclaw.com Wed May 2 17:24:07 2007 From: bpumphrey at woodmclaw.com (Billy A. Pumphrey) Date: Wed May 2 17:24:09 2007 Subject: A lot of spam getting through In-Reply-To: <46385180.5090601@chime.ucl.ac.uk> Message-ID: <04D932B0071FE34FA63EBB1977B48D150281747A@woodenex.woodmaclaw.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Anthony Peacock > Sent: Wednesday, May 02, 2007 4:53 AM > To: MailScanner discussion > Subject: Re: A lot of spam getting through > So, help us out and show us the scores and headers from one that does > get through. We might be able to see where they are failing then. > > Even better... Save one of the misdiagnosed emails as a text file, post > it to a web address and let us know. We can then run that email through > our systems and tell you what scores we get and what rules helped. > I am having trouble getting the testing to work, or knowing how to test it. I have saved some messages from Oulook with the extension of .msg. When I run a spamassassin -t message.msg it returns a bunch of junk and then the score: Content analysis details: (51.5 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 NO_RELAYS Informational: message was not relayed via SMTP 2.5 MISSING_HB_SEP Missing blank line between message header and body 2.3 MANGLED_DOSE BODY: mangled dose 2.3 MANGLED_OFF BODY: mangled off 2.3 MANGLED_YOUR BODY: mangled your 2.3 MANGLED_FORM BODY: mangled form 2.3 MANGLED_HERE BODY: mangled here 2.3 MANGLED_HALF BODY: mangled half 2.3 MANGLED_TIME BODY: mangled time 2.3 MANGLED_MEDS BODY: mangled med(s) 2.3 MANGLED_GIRL BODY: mangled girl(s) 2.3 MANGLED_FROM BODY: mangled from 2.3 MANGLED_LOVE BODY: mangled love 2.3 MANGLED_TEXT BODY: mangled text 2.3 MANGLED_LOOK BODY: mangled look(s) 2.3 MANGLED_SPAM BODY: mangled spam 2.3 MANGLED_PRIOR BODY: mangled prior 2.3 MANGLED_PLEASE BODY: mangled please 2.3 MANGLED_TRNFER BODY: mangled TRANSFER 2.3 MANGLED_TOOL BODY: mangled tool 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 2.2 NULL_IN_BODY FULL: Message has NUL (ASCII 0) byte in message 1.8 MISSING_SUBJECT Missing Subject: header 0.0 UPPERCASE_25_50 message body is 25-50% uppercase 0.1 TO_CC_NONE No To: or Cc: header -0.0 NO_RECEIVED Informational: message has no Received headers (then some more junk) [root@WoodenMS2 spamemail]# PuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPu TTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTT YPuTTYPuTTYPuTTYPuTTYPuTTYTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPu Does the testing support .msg files? Also what is the best way to convert the email to text and have it correct? From cleveland at winnefox.org Wed May 2 17:25:51 2007 From: cleveland at winnefox.org (Jody Cleveland) Date: Wed May 2 17:25:56 2007 Subject: Can't locate Convert/BinHex.pm in @INC In-Reply-To: Message-ID: Hello again, On 5/2/07 10:46 AM, "Jody Cleveland" wrote: > Hello, > > I just tried to install the latest version of MailScanner on my RedHat 5 > server, and I get this error when trying to start mailscanner: > > Starting MailScanner daemons: > incoming postfix: [ OK ] > outgoing postfix: [ OK ] > MailScanner: Can't locate Convert/BinHex.pm in @INC (@INC Ok, I did a force install, and that reinstalled the pm, and I was able to start MailScanner. BUT, now MailScanner isn't checking incoming mail. I can send a message from gmail, and the message never goes through. I looked in my maillog, and this is what shows up when I start mailscanner: May 2 11:22:44 destiny postfix/postfix-script: starting the Postfix mail system May 2 11:22:44 destiny postfix/master[5581]: daemon started -- version 2.3.3, configuration /etc/postfix May 2 11:22:44 destiny postfix/qmgr[5591]: warning: bounce_queue_lifetime is larger than maximal_queue_lifetime - adjusting bounce_queue_lifetime May 2 11:22:44 destiny postfix/qmgr[5591]: 19B3C3E4029: from=<>, size=4046, nrcpt=1 (queue active) May 2 11:22:44 destiny postfix/qmgr[5591]: 7B5D73E402A: from=<>, size=4102, nrcpt=1 (queue active) May 2 11:22:44 destiny postfix/qmgr[5591]: CEB1A3E402D: from=<>, size=4394, nrcpt=1 (queue active) May 2 11:22:44 destiny postfix/qmgr[5591]: 101313E4027: from=<>, size=4020, nrcpt=1 (queue active) May 2 11:22:44 destiny postfix/local[5598]: fatal: open database /etc/postfix/aliases.db: No such file or directory May 2 11:22:45 destiny postfix/master[5581]: warning: process /usr/libexec/postfix/local pid 5598 exit status 1 May 2 11:22:45 destiny postfix/master[5581]: warning: /usr/libexec/postfix/local: bad command startup -- throttling May 2 11:22:46 destiny MailScanner[5604]: MailScanner E-Mail Virus Scanner version 4.59.4 starting... May 2 11:22:46 destiny MailScanner[5604]: Skipping Custom Function file SQLBlackWhiteList.old as its name does not end in .pm or .pl May 2 11:22:46 destiny MailScanner[5604]: Skipping Custom Function file SQLBlackWhiteList.pm~ as its name does not end in .pm or .pl May 2 11:22:46 destiny MailScanner[5604]: Read 778 hostnames from the phishing whitelist May 2 11:22:46 destiny MailScanner[5604]: Config: calling custom init function SQLBlacklist May 2 11:22:46 destiny MailScanner[5604]: Starting up SQL Blacklist May 2 11:22:46 destiny MailScanner[5604]: Read 29 blacklist entries May 2 11:22:46 destiny MailScanner[5604]: Config: calling custom init function MailWatchLogging May 2 11:22:46 destiny MailScanner[5604]: Started SQL Logging child May 2 11:22:46 destiny MailScanner[5604]: Config: calling custom init function SQLWhitelist May 2 11:22:46 destiny MailScanner[5604]: Starting up SQL Whitelist May 2 11:22:46 destiny MailScanner[5604]: Read 59 whitelist entries May 2 11:22:46 destiny MailScanner[5604]: User's home directory /var/spool/postfix is not writable May 2 11:22:46 destiny MailScanner[5604]: You need to set the "SpamAssassin User State Dir" to a directory that the "Run As User" can write to May 2 11:22:46 destiny MailScanner[5604]: Using SpamAssassin results cache May 2 11:22:46 destiny MailScanner[5604]: Connected to SpamAssassin cache database May 2 11:22:49 destiny MailScanner[5604]: Expired 654 records from the SpamAssassin cache May 2 11:22:49 destiny MailScanner[5604]: Enabling SpamAssassin auto-whitelist functionality... May 2 11:22:49 destiny postfix/smtpd[5613]: fatal: open database /etc/postfix/aliases.db: No such file or directory May 2 11:22:50 destiny postfix/master[5581]: warning: process /usr/libexec/postfix/smtpd pid 5613 exit status 1 May 2 11:22:50 destiny postfix/master[5581]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling May 2 11:22:51 destiny MailScanner[5615]: MailScanner E-Mail Virus Scanner version 4.59.4 starting... May 2 11:22:51 destiny MailScanner[5615]: Skipping Custom Function file SQLBlackWhiteList.old as its name does not end in .pm or .pl May 2 11:22:51 destiny MailScanner[5615]: Skipping Custom Function file SQLBlackWhiteList.pm~ as its name does not end in .pm or .pl May 2 11:22:51 destiny MailScanner[5615]: Read 778 hostnames from the phishing whitelist May 2 11:22:51 destiny MailScanner[5615]: Config: calling custom init function SQLBlacklist May 2 11:22:51 destiny MailScanner[5615]: Starting up SQL Blacklist May 2 11:22:51 destiny MailScanner[5615]: Read 29 blacklist entries May 2 11:22:51 destiny MailScanner[5615]: Config: calling custom init function MailWatchLogging May 2 11:22:51 destiny MailScanner[5615]: Started SQL Logging child May 2 11:22:51 destiny MailScanner[5615]: Config: calling custom init function SQLWhitelist May 2 11:22:51 destiny MailScanner[5615]: Starting up SQL Whitelist May 2 11:22:51 destiny MailScanner[5615]: Read 59 whitelist entries May 2 11:22:51 destiny MailScanner[5615]: User's home directory /var/spool/postfix is not writable May 2 11:22:51 destiny MailScanner[5615]: You need to set the "SpamAssassin User State Dir" to a directory that the "Run As User" can write to May 2 11:22:52 destiny MailScanner[5615]: Using SpamAssassin results cache May 2 11:22:52 destiny MailScanner[5615]: Connected to SpamAssassin cache database May 2 11:22:52 destiny MailScanner[5615]: Enabling SpamAssassin auto-whitelist functionality... May 2 11:22:56 destiny MailScanner[5624]: MailScanner E-Mail Virus Scanner version 4.59.4 starting... May 2 11:22:56 destiny MailScanner[5624]: Skipping Custom Function file SQLBlackWhiteList.old as its name does not end in .pm or .pl May 2 11:22:56 destiny MailScanner[5624]: Skipping Custom Function file SQLBlackWhiteList.pm~ as its name does not end in .pm or .pl Is there anything in there that is a problem? If not, any ideas where I can look to find the problem? - jody From mikea at mikea.ath.cx Wed May 2 17:28:45 2007 From: mikea at mikea.ath.cx (mikea) Date: Wed May 2 17:28:54 2007 Subject: Can't locate Convert/BinHex.pm in @INC In-Reply-To: References: Message-ID: <20070502162845.GM20170@mikea.ath.cx> On Wed, May 02, 2007 at 10:46:59AM -0500, Jody Cleveland wrote: > Hello, > > I just tried to install the latest version of MailScanner on my RedHat 5 > server, and I get this error when trying to start mailscanner: > > Starting MailScanner daemons: > incoming postfix: [ OK ] > outgoing postfix: [ OK ] > MailScanner: Can't locate Convert/BinHex.pm in @INC (@INC > contains: /usr/lib/MailScanner > /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 > /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 > /usr/lib/perl5/site_perl > /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 > /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 > /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.8/i386-linux-thread-multi > /usr/lib/perl5/5.8.8 . /usr/lib/MailScanner) at > /usr/lib/perl5/site_perl/5.8.8/MIME/Decoder/BinHex.pm line 44. > BEGIN failed--compilation aborted at > /usr/lib/perl5/site_perl/5.8.8/MIME/Decoder/BinHex.pm line 44. > Compilation failed in require at /usr/lib/MailScanner/MailScanner/Message.pm > line 43. > BEGIN failed--compilation aborted at > /usr/lib/MailScanner/MailScanner/Message.pm line 43. > Compilation failed in require at /usr/sbin/MailScanner line 79. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. > > I checked, and Convert::BinHex is installed. Any ideas what may be wrong? Exactly where is Convert::BinHex installed? Is that directory in @INC? -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From grpprod at gmail.com Wed May 2 17:58:25 2007 From: grpprod at gmail.com (G P) Date: Wed May 2 17:58:28 2007 Subject: Latest MS keeps restarting In-Reply-To: References: <773fecad0705010258k6a71712fmf85ec9638b766bb4@mail.gmail.com> Message-ID: <773fecad0705020958h7ac092fcpaeced7e08a5375a7@mail.gmail.com> > > Run in debug mode pls, you most likely have a issue with the new one thats > making it restart... > > OK, here are the results of debug mode: In Debugging mode, not forking... > Ignore errors about failing to find EOCD signature > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > DisarmPhishingFound = 0 on message l42GsXJX012133 > DisarmPhishingFound = 0 on message l42GsUaU012126 > DisarmPhishingFound = 0 on message l42Gt6ML012174 > DisarmPhishingFound = 0 on message l42GskTX012165 > DisarmPhishingFound = 0 on message l42Gt6L6012193 > DisarmPhishingFound = 0 on message l42GsRkR012119 > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070502/a1b0a106/attachment.html From list-mailscanner at linguaphone.com Wed May 2 18:02:08 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed May 2 18:02:13 2007 Subject: Can't locate Convert/BinHex.pm in @INC In-Reply-To: Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Jody > Cleveland > Sent: 02 May 2007 17:26 > To: MailScanner discussion > Subject: Re: Can't locate Convert/BinHex.pm in @INC > > > May 2 11:22:49 destiny postfix/smtpd[5613]: fatal: open database > /etc/postfix/aliases.db: No such file or directory > May 2 11:22:50 destiny postfix/master[5581]: warning: process > /usr/libexec/postfix/smtpd pid 5613 exit status 1 > May 2 11:22:50 destiny postfix/master[5581]: warning: > /usr/libexec/postfix/smtpd: bad command startup -- throttling Looks like a permissions issue where postfix cant open its alias database. From list-mailscanner at linguaphone.com Wed May 2 18:03:47 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed May 2 18:03:50 2007 Subject: A lot of spam getting through In-Reply-To: <04D932B0071FE34FA63EBB1977B48D150281747A@woodenex.woodmaclaw.local> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Billy A. > Pumphrey > Sent: 02 May 2007 17:24 > To: MailScanner discussion > Subject: RE: A lot of spam getting through > > > I am having trouble getting the testing to work, or knowing how to test > it. I have saved some messages from Oulook with the extension of .msg. > When I run a spamassassin -t message.msg it returns a bunch of junk and > then the score: > > Content analysis details: (51.5 points, 5.0 required) snip > > Does the testing support .msg files? Also what is the best way to > convert the email to text and have it correct? I think msg files are encrypted in some way. I use IMAP as the mail store so I just query the message that is stored on the mail servers file system directly. From list-mailscanner at linguaphone.com Wed May 2 18:05:40 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed May 2 18:05:42 2007 Subject: Spam detection rates In-Reply-To: <46389974.9060000@enitech.com.au> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Pete > Russell > Sent: 02 May 2007 15:00 > To: MailScanner discussion > Subject: Re: Spam detection rates > > > I dont see how its possible to measure. Unless users report (and you > count) every single spam they receive that they shouldnt have. > > I can tell you that my systems cathc more FPs and less spam than they > did 6 months ago. Maybe its a sing i need fuzzy ocr and greylisting? > > Hope the new MS and SA this month will cure some of it. I have some addresses that have been receiving over 100 spams a day for a long time. They are no longer in use so I redirect them to a test account and have all identified spams deleted automatically. Thats makes it easy to see what gets through and if required write a custom rule to detect them. From ssilva at sgvwater.com Wed May 2 18:24:53 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 2 18:25:30 2007 Subject: ClamAV Module Core Dump In-Reply-To: <004601c78c62$5973bf70$0300a8c0@bandwidthco.com> References: <004601c78c62$5973bf70$0300a8c0@bandwidthco.com> Message-ID: markee spake the following on 5/1/2007 7:34 PM: > I have tried installing more than once, and I am near to wiping out the clam > library and installing again. I might try clamd first, as anything has to be > better than the commandline scanner. I am already running a few scanners, > and every bit of load adds up. > I have 2 as near identical as possible boxes running CentOS 4. One works with the module, and one doesn't. I am currently looking for an init script for clamd since I installed from Julian's tarball. I am just going to download the rpm and extract the init script and check it. I wish he had a version of his spamassassin-clamav tarball that did rpm like the mailscanner install can. Maybe I will give it a shot and see what I can do next week. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mikes at hartwellcorp.com Wed May 2 18:45:46 2007 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Wed May 2 18:46:11 2007 Subject: Spam detection rates Message-ID: <3BF93070B3D1B047BA7ABF612958950D018FB9D5@hcex.hartwellcorp.com> How long is your greet pause? > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Randal, Phil > Sent: Wednesday, May 02, 2007 5:43 AM > To: MailScanner discussion > Subject: RE: Spam detection rates > > We consistently get over 99.5% of spam too. > > Last month we blocked around 260,000 at the sendmail level > (cbl.abuseat.org RBL and GreetPause), and 400,000 in MailScanner. > > Spam seems to be around 75% of total emails here. > > Cheers, > > Phil > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Gareth > > Sent: 02 May 2007 13:26 > > To: mailscanner@lists.mailscanner.info > > Subject: Spam detection rates > > > > I was wondering what sort of detection rates people are getting when > > using Mailscanner. > > Our old spamassassin 2.64 based system was only getting > about 80% but > > with Mailscanner and the latest software we seem to be getting over > > 99.5% which is extremely good. False positives are very low aswell. > > > > We do tend to be very strict about pictures attached to emails as I > > think we have a few rules which do the same sort of checks. Some > > external people using the incredimail 'piece of cr**p' mail > > client get a > > continuous score about 4.3 which leaves the AWL little room > > to bring the > > occasional higher scoring mail back below the 5.0 > threshold. It hasn't > > caused any people to complain though. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ssilva at sgvwater.com Wed May 2 19:05:51 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 2 19:06:27 2007 Subject: No Programs allowed In-Reply-To: References: <223f97700705020727i503181cdp1598aebd456a1c64@mail.gmail.com> Message-ID: ajs@vifilfell.is spake the following on 5/2/2007 7:34 AM: > > forgot to add, that it is possible to edit the file 'magic' so that > emails starting with this letter will no longer get flagged as a DOS > executable > > Asgeir. I had to do this for one of the quicktime entries. Every time someone started a message with "I'm free ... " which seems to happen often here, it would get detected as a quicktime movie. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed May 2 19:08:41 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 2 19:10:11 2007 Subject: No Programs allowed In-Reply-To: References: <223f97700705020746u3015ab59r3cdbe3c0dac2f7c5@mail.gmail.com> Message-ID: ajs@vifilfell.is spake the following on 5/2/2007 8:00 AM: > this is the case, Jon has tried the solution I pm-ed him and it works. > > I use Lotus for email and sometimes forget to switch to plain text when > sending email to mailing list, will try to remember it next time. > > cheers, asgeir, The last time I used Notes, you could set certain addresses to only get text mail. But that was a long time ago. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed May 2 19:06:53 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 2 19:15:14 2007 Subject: Fwd: [shell-script] Oportunidade - TALENT FOUR/ Administrador de Redes e Sistemas - LINUX In-Reply-To: References: <6C590FEEFDEC05478512F3771363C6DB489830@tfcmail02.tfc.com.br> Message-ID: Fabio Silva spake the following on 5/2/2007 4:15 AM: > > > ---------- Forwarded message ---------- > From: *Renata Dardis de Souza* > > Date: Apr 30, 2007 4:30 PM > Subject: [shell-script] Oportunidade - TALENT FOUR/ Administrador de > Redes e Sistemas - LINUX > To: shell-script@yahoogrupos.com.br > > > Ol? Grupo, > > Boa tarde!!!! > > A Talent Four Consulting ? uma empresa de consultoria em projetos de > Tecnologia da Informa??o, especializada em servi?os e terceiriza??o de > Profissionais. Can't be too professional when you spam a spam-fighting mail list. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mikes at hartwellcorp.com Wed May 2 20:13:01 2007 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Wed May 2 20:13:33 2007 Subject: RPM for milter-null? Message-ID: <3BF93070B3D1B047BA7ABF612958950D018FB9D6@hcex.hartwellcorp.com> Does anyone know of an RPM or SRPM for the milter-null package? From jstevens at athensdistributing.com Wed May 2 20:18:01 2007 From: jstevens at athensdistributing.com (James R. Stevens) Date: Wed May 2 20:18:10 2007 Subject: RPM for milter-null? References: <3BF93070B3D1B047BA7ABF612958950D018FB9D6@hcex.hartwellcorp.com> Message-ID: <1A65E6BAEADF9B4F865314484A13ECF1608865@atlas.athensdistributing.com> I wish.. Been trying to get libsnert to compile on RH 9 with the sole purpose to install milter-null... no luck -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Michael St. Laurent Sent: Wednesday, May 02, 2007 2:13 PM To: MailScanner discussion Subject: RPM for milter-null? Does anyone know of an RPM or SRPM for the milter-null package? -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. From ka at pacific.net Wed May 2 20:21:21 2007 From: ka at pacific.net (Ken A) Date: Wed May 2 20:21:18 2007 Subject: RPM for milter-null? In-Reply-To: <3BF93070B3D1B047BA7ABF612958950D018FB9D6@hcex.hartwellcorp.com> References: <3BF93070B3D1B047BA7ABF612958950D018FB9D6@hcex.hartwellcorp.com> Message-ID: <4638E4B1.30809@pacific.net> Michael St. Laurent wrote: > Does anyone know of an RPM or SRPM for the milter-null package? It gets compiled against libsnert (on which you only do 'make', not 'make install') in com/snert/lib source tree, so there's no rpm. Just use the source for both from snertsoft.com. Both are free. -- Ken Anderson Pacific.Net From jstevens at athensdistributing.com Wed May 2 20:32:48 2007 From: jstevens at athensdistributing.com (James R. Stevens) Date: Wed May 2 20:32:58 2007 Subject: RPM for milter-null? References: <3BF93070B3D1B047BA7ABF612958950D018FB9D6@hcex.hartwellcorp.com> <4638E4B1.30809@pacific.net> Message-ID: <1A65E6BAEADF9B4F865314484A13ECF1608866@atlas.athensdistributing.com> Since this is already out there... Does this make sense to anyone? Trying to make libsnert bombs with error 2 I pass /configure with no arguments and all seems fine LibSnert/1.63.892 Copyright 1996, 2007 by Anthony Howe. All rights reserved. Platform............: Linux gcc Berkeley DB.........: 4.0 -ldb-4.0 POSIX Threads.......: yes yes SQLite3.............: yes Sendmail libmilter..: yes Semaphore API.......: SYSTEMV_API Shared Memory API...: SYSTEMV_API Time API............: BSD_API CFLAGS..............: -I/usr/include/db4 -I/usr/local/org/sqlite/include -D_REENTRANT -O2 -Wall -I${top_srcdir}/../../include LDFLAGS.............: -L/usr/local/org/sqlite/lib -L${top_srcdir}/../../lib LIBS................: -lpthread -ldl BUT after passing 'make clean build' it bombs.. *************************************************************** ==> /usr/local/com/snert/src/lib/../tools *************************************************************** gcc -I/usr/include/db4 -I/usr/local/org/sqlite/include -D_REENTRANT -O2 -Wall -I./../../include -L/usr/local/org/sqlite/lib -L./../../lib -o ansi ansi.c gcc -I/usr/include/db4 -I/usr/local/org/sqlite/include -D_REENTRANT -O2 -Wall -I./../../include -L/usr/local/org/sqlite/lib -L./../../lib -o flip flip.c -lsnert gcc -I/usr/include/db4 -I/usr/local/org/sqlite/include -D_REENTRANT -O2 -Wall -I./../../include -L/usr/local/org/sqlite/lib -L./../../lib -o smtpout smtpout.c -lsnert -lpthread -ldl ./../../lib/libsnert.a(socket2.o)(.text+0x3ee): In function `socketAddressCreate': : undefined reference to `VectorGet' [SNIP-IT] ./../../lib/libsnert.a(TextSplit.o)(.text+0x4e): In function `TextSplit': : undefined reference to `VectorAdd' collect2: ld returned 1 exit status make[1]: *** [smtpout] Error 1 make[1]: Leaving directory `/usr/local/com/snert/src/tools' make: *** [build] Error 2 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken A Sent: Wednesday, May 02, 2007 2:21 PM To: MailScanner discussion Subject: Re: RPM for milter-null? Michael St. Laurent wrote: > Does anyone know of an RPM or SRPM for the milter-null package? It gets compiled against libsnert (on which you only do 'make', not 'make install') in com/snert/lib source tree, so there's no rpm. Just use the source for both from snertsoft.com. Both are free. -- Ken Anderson Pacific.Net -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Athens Hyperion Scanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Wed May 2 20:43:06 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed May 2 20:43:31 2007 Subject: RPM for milter-null? In-Reply-To: <1A65E6BAEADF9B4F865314484A13ECF1608866@atlas.athensdistributing.com> References: <3BF93070B3D1B047BA7ABF612958950D018FB9D6@hcex.hartwellcorp.com> <4638E4B1.30809@pacific.net> <1A65E6BAEADF9B4F865314484A13ECF1608866@atlas.athensdistributing.com> Message-ID: <4638E9CA.1010908@USherbrooke.ca> James R. Stevens a ?crit : > Since this is already out there... Does this make sense to anyone? > > Trying to make libsnert bombs with error 2 > I think you need to install sendmail-devel under RH/CentOS for it to compile... Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070502/d9dd3123/smime-0001.bin From MailScanner at ecs.soton.ac.uk Wed May 2 20:40:16 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 2 20:43:36 2007 Subject: 32 bit distro or 64? In-Reply-To: References: Message-ID: <4638E920.6000706@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've never had the time recently to do 32-bit versus 64-bit speed tests on the same hardware, I tend to install 64-bit on 64-bit machines by default, though. One thing I can say: if you use Sophos, I believe they still don't have a 64-bit version of the SAVI library available. This will affect you if you are using the "sophossavi" Virus Scanners setting. Jules. Paul Hutchings wrote: > > Again probably not a MailScanner specific query but as this box is > specifically to run MailScanner I?ll ask here. > > I have a new DL360 G5 and I?m planning on installing OpenSuse 10.2. > Should I be using the 32 bit or 64 bit with regards to MailScanner, > basically are there any reasons to choose one over the other? > > The box has 2gb of RAM so there?s no ?large memory? type issues > involved it?s purely why I might choose one over the other for this > application. > > Cheers, > > Paul > > Paul Hutchings > > Network Administrator, MIRA Ltd. > > Tel: 44 (0)24 7635 5378 > > Fax: 44 (0)24 7635 8378 > > mailto:paul.hutchings@mira.co.uk > > > > ------------------------------------------------------------------------ > *MIRA Ltd.* > Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. > Registered in England No. 402570 > VAT Registration GB 114 5409 96 > > The contents of this e-mail are confidential and are solely for the > use of the intended recipient. > If you receive this e-mail in error, please delete it and notify us > either by e-mail, telephone or fax. > You should not copy, forward or otherwise disclose the content of the > e-mail as this is prohibited. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: windows-1252 wj8DBQFGOOnJEfZZRxQVtlQRAuYwAJ9vQgHcjG/HdrrLm4QKtrutBdWK5QCfXD+o EJPoQyOLMSzfsspnbiUcMeg= =f3SB -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Wed May 2 20:45:16 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 2 20:48:14 2007 Subject: Latest MS keeps restarting In-Reply-To: <773fecad0705020958h7ac092fcpaeced7e08a5375a7@mail.gmail.com> References: <773fecad0705010258k6a71712fmf85ec9638b766bb4@mail.gmail.com> <773fecad0705020958h7ac092fcpaeced7e08a5375a7@mail.gmail.com> Message-ID: <4638EA4C.7080307@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The EOCD messages can be safe ignored, just as it says. So that's not it. Was that the complete output of debug mode? It doesn't show any signs of errors, except I'm worried you haven't posted what would normally be the last line of output: Stopping now as you are debugging me. Jules. G P wrote: > > Run in debug mode pls, you most likely have a issue with the new > one thats > making it restart... > > OK, here are the results of debug mode: > > In Debugging mode, not forking... > Ignore errors about failing to find EOCD signature > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > format error: can't find EOCD signature > at /opt/MailScanner/bin/MailScanner line 832 > DisarmPhishingFound = 0 on message l42GsXJX012133 > DisarmPhishingFound = 0 on message l42GsUaU012126 > DisarmPhishingFound = 0 on message l42Gt6ML012174 > DisarmPhishingFound = 0 on message l42GskTX012165 > DisarmPhishingFound = 0 on message l42Gt6L6012193 > DisarmPhishingFound = 0 on message l42GsRkR012119 > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGOOrcEfZZRxQVtlQRAlE8AKDc1Hl8AYq5F2jHxsev+gy5bA3g0gCdET2S foMf9JQ6i6MjmovQ7L9K4b4= =9hQN -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From grpprod at gmail.com Wed May 2 21:12:39 2007 From: grpprod at gmail.com (G P) Date: Wed May 2 21:12:41 2007 Subject: Latest MS keeps restarting In-Reply-To: <4638EA4C.7080307@ecs.soton.ac.uk> References: <773fecad0705010258k6a71712fmf85ec9638b766bb4@mail.gmail.com> <773fecad0705020958h7ac092fcpaeced7e08a5375a7@mail.gmail.com> <4638EA4C.7080307@ecs.soton.ac.uk> Message-ID: <773fecad0705021312q4fad6f8fnc2976122321ed055@mail.gmail.com> > > The EOCD messages can be safe ignored, just as it says. So that's not it. > Was that the complete output of debug mode? > It doesn't show any signs of errors, except I'm worried you haven't > posted what would normally be the last line of output: > Stopping now as you are debugging me. You're right, yet I deliberately omitted the last line. I just double-checked, and I can confirm this is the total output. I will make one more attempt to switch to the latest version and post here the results. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070502/38518b0a/attachment.html From mkettler at evi-inc.com Wed May 2 21:51:34 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed May 2 21:51:45 2007 Subject: 32 bit distro or 64? In-Reply-To: References: Message-ID: <4638F9D6.1070003@evi-inc.com> Paul Hutchings wrote: > Again probably not a MailScanner specific query but as this box is > specifically to run MailScanner I?ll ask here. > > > > I have a new DL360 G5 and I?m planning on installing OpenSuse 10.2. > Should I be using the 32 bit or 64 bit with regards to MailScanner, > basically are there any reasons to choose one over the other? > I've not benchmarked it, but theoretically the difference should be insignificant. On the up-side the 64bit version will use native 64bit math instructions for 64-bit arithmetic (ie: file offsets), making common additions take 1 instruction cycle instead of 2. However, this isn't so common, particularly in a MailScanner/SA/AV setup, that it would make a big difference. The downside 64bit version will also use 64-bit pointers and code segments, increasing memory usage slightly. However, this isn't big enough to make a significant difference either. You've almost certainly increased memory usage by less than 5%, and probably less than 1%. However, if you ever expect to "scale up" the memory beyond 4gb, the 64-bit version would be helpful. Otherwise, it's a wash. You gain a small amount of performance for a small increase in memory use. From res at ausics.net Wed May 2 22:04:19 2007 From: res at ausics.net (Res) Date: Wed May 2 22:04:30 2007 Subject: RPM for milter-null? In-Reply-To: <4638E9CA.1010908@USherbrooke.ca> References: <3BF93070B3D1B047BA7ABF612958950D018FB9D6@hcex.hartwellcorp.com> <4638E4B1.30809@pacific.net> <1A65E6BAEADF9B4F865314484A13ECF1608866@atlas.athensdistributing.com> <4638E9CA.1010908@USherbrooke.ca> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 2 May 2007, Denis Beauchemin wrote: > James R. Stevens a �crit : >> Since this is already out there... Does this make sense to anyone? >> >> Trying to make libsnert bombs with error 2 >> > > I think you need to install sendmail-devel under RH/CentOS for it to > compile... > Since there has been no rpm update of RH9 sendmail (even from the now defunct legacy network) for several years I would HOPE he is not running any rpm version of sendmail and has the actual tarballs of at least more current stuff. - -- Cheers Res Vote for your favourite MTA at http://polls.ausics.net/v3.php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGOPzWsWhAmSIQh7MRAoh/AJ9PB/oIUGUM68mTYfcb1fKRgAcarwCeKQfA OFo6kvpserOfyDM0Go+CX/g= =1Xug -----END PGP SIGNATURE----- From mailscanner at yeticomputers.com Wed May 2 22:21:58 2007 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Wed May 2 22:15:32 2007 Subject: 32 bit distro or 64? In-Reply-To: References: Message-ID: <463900F6.1070103@yeticomputers.com> Paul Hutchings wrote: > > I have a new DL360 G5 and I?m planning on installing OpenSuse 10.2. > Should I be using the 32 bit or 64 bit with regards to MailScanner, > basically are there any reasons to choose one over the other? > It's probably worth some consideration that there is less software available in 64-bit versions. Julian touched on this with the Sophos information he offered, and my personal experience leads me to believe that Sophos is not likely to be the only vendor with this issue. Hence, a 64-bit distro likely limits your choices if you should need to look for a variety of antivirus vendors (or if the future need should arise to change vendors from ones you have already determined to be 64-bit ready), and it will do so while offering a very minimal increase in performance, if any. Be aware that I have no knowledge of any specific virus scanner that does/does not work in a 64-bit environment - I'm just cautious because this issue has bitten me before, and have come to think of 64-bit as "option limiting". I only use 64-bit OSes when I have absolute certainty that I will not need to rely on any closed-source vendor to provide 64-bit support. Rick From MailScanner at ecs.soton.ac.uk Wed May 2 22:20:49 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 2 22:23:42 2007 Subject: SpamAssassin 3.2.0 Message-ID: <463900B1.8080301@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well, as someone else has already said, it's been released. Its list of requirements has grown quite a lot. In addition to whatever else you already have from an existing SA install, you need to install this load of Perl modules, in this order: YAML -- requires y\n in perl Makefile.PL ExtUtils::CBuilder ExtUtils::ParseXS Module::Build version Net::DNS::Resolver::Programmable Error NetAddr::IP Net::DNS >=0.58 Data::Dump Encode::Detect Mail::SPF Mail::SpamAssassin -- requires \n in perl Makefile.PL It puts in a v320.pre into /etc/mail/spamassassin and comes with a load of new plugins. Some of them are loaded by the default supplied v320.pre file, but here are the ones that aren't: Hashcash.pm Rule2XSBody.pm ASN.pm SpamCop.pm AutoLearnThreshold.pm SPF.pm AWL.pm Test.pm TextCat.pm MIMEHeader.pm BodyRuleBaseExtractor.pm OneLineBodyRuleType.pm URIDNSBL.pm Pyzor.pm DCC.pm Razor2.pm RelayCountry.pm WhiteListSubject.pm ReplaceTags.pm My next step is to read the man pages for all of these, and work out which ones you probably want to load and which ones you don't, so that my install script can set you up with a sensible system. One thing I'm not installing is support for DKIM which, although available, requires so many pre-requisites that it's not feasible for me to do here. You have to start at the OpenSSL libraries and work your way up :-( Once I've got something working here, I'll write up an install script for it all and wrap it into a package for you. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGOQEwEfZZRxQVtlQRArCWAJ95n3Z0uHjg/25LaIHPFUauWsZ+vACfYdtP qjZF/RoldGlTZywtz3b9U/8= =yA8+ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Wed May 2 22:33:58 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 2 22:35:12 2007 Subject: SpamAssassin 3.2.0 In-Reply-To: <463900B1.8080301@ecs.soton.ac.uk> References: <463900B1.8080301@ecs.soton.ac.uk> Message-ID: Julian Field spake the following on 5/2/2007 2:20 PM: > Well, as someone else has already said, it's been released. > > Its list of requirements has grown quite a lot. In addition to whatever > else you already have from an existing SA install, you need to install > this load of Perl modules, in this order: > > YAML -- requires y\n in perl Makefile.PL > ExtUtils::CBuilder > ExtUtils::ParseXS > Module::Build > version > Net::DNS::Resolver::Programmable > Error > NetAddr::IP > Net::DNS >=0.58 > Data::Dump > Encode::Detect > Mail::SPF > Mail::SpamAssassin -- requires \n in perl Makefile.PL > > It puts in a v320.pre into /etc/mail/spamassassin and comes with a load > of new plugins. Some of them are loaded by the default supplied v320.pre > file, but here are the ones that aren't: > > Hashcash.pm Rule2XSBody.pm > ASN.pm SpamCop.pm > AutoLearnThreshold.pm SPF.pm > AWL.pm Test.pm > TextCat.pm > MIMEHeader.pm > BodyRuleBaseExtractor.pm OneLineBodyRuleType.pm URIDNSBL.pm > Pyzor.pm > DCC.pm Razor2.pm > RelayCountry.pm WhiteListSubject.pm > ReplaceTags.pm > > My next step is to read the man pages for all of these, and work out > which ones you probably want to load and which ones you don't, so that > my install script can set you up with a sensible system. One thing I'm > not installing is support for DKIM which, although available, requires > so many pre-requisites that it's not feasible for me to do here. You > have to start at the OpenSSL libraries and work your way up :-( > > Once I've got something working here, I'll write up an install script > for it all and wrap it into a package for you. > > Jules > Looking at your daily increased activity on the list, I am assuming (hopefully) that you are feeling somewhat better. Keep up the good healing, and rest as much as you can without driving yourself crazy. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From Richard.Frovarp at sendit.nodak.edu Wed May 2 22:38:02 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Wed May 2 22:38:07 2007 Subject: 32 bit distro or 64? In-Reply-To: <463900F6.1070103@yeticomputers.com> References: <463900F6.1070103@yeticomputers.com> Message-ID: <463904BA.4040402@sendit.nodak.edu> Rick Chadderdon wrote: > Paul Hutchings wrote: > >> I have a new DL360 G5 and I?m planning on installing OpenSuse 10.2. >> Should I be using the 32 bit or 64 bit with regards to MailScanner, >> basically are there any reasons to choose one over the other? >> >> > > It's probably worth some consideration that there is less software > available in 64-bit versions. Julian touched on this with the Sophos > information he offered, and my personal experience leads me to believe > that Sophos is not likely to be the only vendor with this issue. Hence, > a 64-bit distro likely limits your choices if you should need to look > for a variety of antivirus vendors (or if the future need should arise > to change vendors from ones you have already determined to be 64-bit > ready), and it will do so while offering a very minimal increase in > performance, if any. > > Be aware that I have no knowledge of any specific virus scanner that > does/does not work in a 64-bit environment - I'm just cautious because > this issue has bitten me before, and have come to think of 64-bit as > "option limiting". I only use 64-bit OSes when I have absolute > certainty that I will not need to rely on any closed-source vendor to > provide 64-bit support. > > Rick > Couldn't you just run the 32bit versions of the virus scanners? We're not talking about full 64 bit like Itaniums or any other number of other processors out there. We're just talking about 64 bit extended OSs. I run plenty of 32bit applications on my 64bit OS without any problems. Of course I have the 32bit and 64bit versions of all the libraries installed to do this. Richard From spamtrap71892316634 at anime.net Wed May 2 22:50:20 2007 From: spamtrap71892316634 at anime.net (Dan Hollis) Date: Wed May 2 22:50:23 2007 Subject: 32 bit distro or 64? In-Reply-To: <463900F6.1070103@yeticomputers.com> References: <463900F6.1070103@yeticomputers.com> Message-ID: On Wed, 2 May 2007, Rick Chadderdon wrote: > Be aware that I have no knowledge of any specific virus scanner that > does/does not work in a 64-bit environment - I'm just cautious because > this issue has bitten me before, and have come to think of 64-bit as > "option limiting". I only use 64-bit OSes when I have absolute > certainty that I will not need to rely on any closed-source vendor to > provide 64-bit support. I have never had any issues running 32bit apps on 64bit OS. -Dan From ms-list at alexb.ch Wed May 2 23:04:02 2007 From: ms-list at alexb.ch (Alex Broens) Date: Wed May 2 23:04:09 2007 Subject: SpamAssassin 3.2.0 In-Reply-To: <463900B1.8080301@ecs.soton.ac.uk> References: <463900B1.8080301@ecs.soton.ac.uk> Message-ID: <46390AD2.8010208@alexb.ch> On 5/2/2007 11:20 PM, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Well, as someone else has already said, it's been released. > > Its list of requirements has grown quite a lot. In addition to whatever > else you already have from an existing SA install, you need to install > this load of Perl modules, in this order: > > YAML -- requires y\n in perl Makefile.PL > ExtUtils::CBuilder > ExtUtils::ParseXS > Module::Build > version > Net::DNS::Resolver::Programmable > Error > NetAddr::IP > Net::DNS >=0.58 > Data::Dump > Encode::Detect > Mail::SPF > Mail::SpamAssassin -- requires \n in perl Makefile.PL > > It puts in a v320.pre into /etc/mail/spamassassin and comes with a load > of new plugins. Some of them are loaded by the default supplied v320.pre > file, but here are the ones that aren't: > > Hashcash.pm Rule2XSBody.pm > ASN.pm SpamCop.pm > AutoLearnThreshold.pm SPF.pm > AWL.pm Test.pm > TextCat.pm > MIMEHeader.pm > BodyRuleBaseExtractor.pm OneLineBodyRuleType.pm URIDNSBL.pm > Pyzor.pm > DCC.pm Razor2.pm > RelayCountry.pm WhiteListSubject.pm > ReplaceTags.pm > > My next step is to read the man pages for all of these, and work out > which ones you probably want to load and which ones you don't, so that > my install script can set you up with a sensible system. One thing I'm > not installing is support for DKIM which, although available, requires > so many pre-requisites that it's not feasible for me to do here. You > have to start at the OpenSSL libraries and work your way up :-( > > Once I've got something working here, I'll write up an install script > for it all and wrap it into a package for you. > > Jules Julian One of the nices features SA 3.2 has is the shortcicuiting of rules. This may be a big resource saver and you may have to adapt MailScanner quite a bit to play with the shortcircuiting concept. Alex From root at doctor.nl2k.ab.ca Wed May 2 23:07:58 2007 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Wed May 2 23:10:35 2007 Subject: Bogus IPs in hearder Message-ID: <20070502220757.GD1334@doctor.nl2k.ab.ca> HEADERS!! I cannot type today. Still, can we use mailscanner and/or Spam Assassin to block out mail using and octet > 255 or < 0? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From r.berber at computer.org Wed May 2 23:06:21 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Wed May 2 23:10:43 2007 Subject: SpamAssassin 3.2.0 In-Reply-To: <463900B1.8080301@ecs.soton.ac.uk> References: <463900B1.8080301@ecs.soton.ac.uk> Message-ID: Julian Field wrote: [snip] > Once I've got something working here, I'll write up an install script > for it all and wrap it into a package for you. SA 3.2.0 seems to have a nasty bug that leaves temporary files, it would be better to wait for a package until the dust settles. -- Ren? Berber From doc at maddoc.net Wed May 2 23:11:08 2007 From: doc at maddoc.net (Doc Schneider) Date: Wed May 2 23:11:14 2007 Subject: SpamAssassin 3.2.0 In-Reply-To: <463900B1.8080301@ecs.soton.ac.uk> References: <463900B1.8080301@ecs.soton.ac.uk> Message-ID: <46390C7C.70406@maddoc.net> Julian Field wrote: > Well, as someone else has already said, it's been released. > > Its list of requirements has grown quite a lot. In addition to whatever > else you already have from an existing SA install, you need to install > this load of Perl modules, in this order: > > YAML -- requires y\n in perl Makefile.PL > ExtUtils::CBuilder > ExtUtils::ParseXS > Module::Build > version > Net::DNS::Resolver::Programmable > Error > NetAddr::IP > Net::DNS >=0.58 > Data::Dump > Encode::Detect > Mail::SPF > Mail::SpamAssassin -- requires \n in perl Makefile.PL > > It puts in a v320.pre into /etc/mail/spamassassin and comes with a load > of new plugins. Some of them are loaded by the default supplied v320.pre > file, but here are the ones that aren't: > > Hashcash.pm Rule2XSBody.pm > ASN.pm SpamCop.pm > AutoLearnThreshold.pm SPF.pm > AWL.pm Test.pm > TextCat.pm > MIMEHeader.pm > BodyRuleBaseExtractor.pm OneLineBodyRuleType.pm URIDNSBL.pm > Pyzor.pm > DCC.pm Razor2.pm > RelayCountry.pm WhiteListSubject.pm > ReplaceTags.pm > > My next step is to read the man pages for all of these, and work out > which ones you probably want to load and which ones you don't, so that > my install script can set you up with a sensible system. One thing I'm > not installing is support for DKIM which, although available, requires > so many pre-requisites that it's not feasible for me to do here. You > have to start at the OpenSSL libraries and work your way up :-( > > Once I've got something working here, I'll write up an install script > for it all and wrap it into a package for you. > > Jules > Don't forget this new SA can compile the rules using sa-compile and needs re2c from http://re2c.sf.net/ sa-compile effectively speeds up spamassassin and while I didn't really write much about it when I did the "What's new" for SA, I think it is the best new feature! Good to see you getting back into the swing of things Jules. Take it from someone who knows, DO NOT over do it! -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From ms-list at alexb.ch Wed May 2 23:23:36 2007 From: ms-list at alexb.ch (Alex Broens) Date: Wed May 2 23:23:43 2007 Subject: SpamAssassin 3.2.0 In-Reply-To: References: <463900B1.8080301@ecs.soton.ac.uk> Message-ID: <46390F68.8000002@alexb.ch> On 5/3/2007 12:06 AM, Ren? Berber wrote: > Julian Field wrote: > [snip] >> Once I've got something working here, I'll write up an install script >> for it all and wrap it into a package for you. > > SA 3.2.0 seems to have a nasty bug that leaves temporary files, it would > be better to wait for a package until the dust settles. Do you really know if its a spamd/spamc issue or no? Where are these supposed to be? I've been testing SA 3.2trunk/RCs/whatever & MS for ages and haven't seen no such files anywhere. btw: The person who opened http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5444 hasn't made a point of specifying how to reproduce it. Alex From doc at maddoc.net Wed May 2 23:32:16 2007 From: doc at maddoc.net (Doc Schneider) Date: Wed May 2 23:32:22 2007 Subject: SpamAssassin 3.2.0 In-Reply-To: <46390F68.8000002@alexb.ch> References: <463900B1.8080301@ecs.soton.ac.uk> <46390F68.8000002@alexb.ch> Message-ID: <46391170.1070401@maddoc.net> Alex Broens wrote: > On 5/3/2007 12:06 AM, Ren? Berber wrote: >> Julian Field wrote: >> [snip] >>> Once I've got something working here, I'll write up an install script >>> for it all and wrap it into a package for you. >> >> SA 3.2.0 seems to have a nasty bug that leaves temporary files, it >> would be better to wait for a package until the dust settles. > > Do you really know if its a spamd/spamc issue or no? > Where are these supposed to be? > > > I've been testing SA 3.2trunk/RCs/whatever & MS for ages and haven't > seen no such files anywhere. > btw: > The person who opened > http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5444 hasn't made a > point of specifying how to reproduce it. > > > Alex > I followed this discussion on the sa-users list and it looks to me like it might be a MIMEDefang problem. I've also been testing MS and SA and never saw anything like this myself, either. -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From r.berber at computer.org Wed May 2 23:44:40 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Wed May 2 23:44:59 2007 Subject: SpamAssassin 3.2.0 In-Reply-To: <46390F68.8000002@alexb.ch> References: <463900B1.8080301@ecs.soton.ac.uk> <46390F68.8000002@alexb.ch> Message-ID: Alex Broens wrote: > Do you really know if its a spamd/spamc issue or no? Spamc so far, but as one message on SA list stated it may have been a last minute change so I'm not sure if the problem is wider. [snip] -- Ren? Berber From hvdkooij at vanderkooij.org Wed May 2 23:46:27 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed May 2 23:46:56 2007 Subject: Bogus IPs in hearder In-Reply-To: <20070502220757.GD1334@doctor.nl2k.ab.ca> References: <20070502220757.GD1334@doctor.nl2k.ab.ca> Message-ID: On Wed, 2 May 2007, Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > Still, can we use mailscanner and/or Spam Assassin to > block out mail using and octet > 255 or < 0? I think you will find these octets so rare they only hide out in a holy graal at the end of a rainbow but only on blue mondays. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From hvdkooij at vanderkooij.org Wed May 2 23:50:37 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed May 2 23:51:06 2007 Subject: RPM for milter-null? In-Reply-To: <4638E4B1.30809@pacific.net> References: <3BF93070B3D1B047BA7ABF612958950D018FB9D6@hcex.hartwellcorp.com> <4638E4B1.30809@pacific.net> Message-ID: On Wed, 2 May 2007, Ken A wrote: > Michael St. Laurent wrote: >> Does anyone know of an RPM or SRPM for the milter-null package? > > It gets compiled against libsnert (on which you only do 'make', not 'make > install') in com/snert/lib source tree, so there's no rpm. Just use the > source for both from snertsoft.com. Both are free. While it may suite some I found this a rather startling way in the onld sendmail days. It is among other things the reasons I abonded it. Being burnt too much with these package and do-it-yourself combinations I put in some effort to get a package supported into a repository to spare me the pain in the future. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From ryanw at falsehope.com Thu May 3 00:13:48 2007 From: ryanw at falsehope.com (Ryan Weaver) Date: Thu May 3 00:15:27 2007 Subject: RPM for milter-null? In-Reply-To: References: <3BF93070B3D1B047BA7ABF612958950D018FB9D6@hcex.hartwellcorp.com> <4638E4B1.30809@pacific.net> Message-ID: <002a01c78d0f$9616f020$c244d060$@com> In the archives of the list you will see that I got smacked down for simply providing a .spec for the building of a snertsoft program... However... if needed, contacting me offlist... Thanks, Ryan -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Hugo van der Kooij Sent: Wednesday, May 02, 2007 5:51 PM To: MailScanner discussion Subject: Re: RPM for milter-null? On Wed, 2 May 2007, Ken A wrote: > Michael St. Laurent wrote: >> Does anyone know of an RPM or SRPM for the milter-null package? > > It gets compiled against libsnert (on which you only do 'make', not 'make > install') in com/snert/lib source tree, so there's no rpm. Just use the > source for both from snertsoft.com. Both are free. While it may suite some I found this a rather startling way in the onld sendmail days. It is among other things the reasons I abonded it. Being burnt too much with these package and do-it-yourself combinations I put in some effort to get a package supported into a repository to spare me the pain in the future. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ajs at vifilfell.is Thu May 3 00:28:11 2007 From: ajs at vifilfell.is (ajs@vifilfell.is) Date: Thu May 3 00:30:45 2007 Subject: No Programs allowed In-Reply-To: Message-ID: thanks for the tip. so far I've only seen the option to select between html and plain text for all internet mail, but I'll check it out. Scott Silva Sent by: mailscanner-bounces@lists.mailscanner.info 02.05.2007 18:08 Please respond to MailScanner discussion To mailscanner@lists.mailscanner.info cc Subject Re: No Programs allowed ajs@vifilfell.is spake the following on 5/2/2007 8:00 AM: > this is the case, Jon has tried the solution I pm-ed him and it works. > > I use Lotus for email and sometimes forget to switch to plain text when > sending email to mailing list, will try to remember it next time. > > cheers, asgeir, The last time I used Notes, you could set certain addresses to only get text mail. But that was a long time ago. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Thu May 3 00:48:44 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu May 3 00:48:59 2007 Subject: No Programs allowed In-Reply-To: References:

Message-ID: ajs@vifilfell.is spake the following on 5/2/2007 4:28 PM: > thanks for the tip. so far I've only seen the option to select between > html and plain text for all internet mail, but I'll check it out. > As I said, it was a long time ago. It might have been in the attributes for the address. Or I might just be mistaken, and probably had everything as text only. That is how long ago it was. Probably Notes 4.1 or so. I think I still have the box somewhere. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From res at ausics.net Thu May 3 00:52:43 2007 From: res at ausics.net (Res) Date: Thu May 3 00:52:54 2007 Subject: RPM for milter-null? In-Reply-To: <002a01c78d0f$9616f020$c244d060$@com> References: <3BF93070B3D1B047BA7ABF612958950D018FB9D6@hcex.hartwellcorp.com> <4638E4B1.30809@pacific.net> <002a01c78d0f$9616f020$c244d060$@com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 2 May 2007, Ryan Weaver wrote: > In the archives of the list you will see that I got smacked down for simply > providing a .spec for the building of a snertsoft program... However... if > needed, contacting me offlist... Thats strange, most people who provide packages they dont charge for, are greatful of the provision of many different types of distributions, as it permits their software to be reached by those who otherwise would not touch it, or even be aware of it, be it for policy, or because of the desire to stick to RPM, like debian folk rather stick with DEB than sue sources. Their loss Ryan, you have provided many others for long time, and it's been welcomed and received by not only software programers, but the users, keep up the great work. - -- Cheers Res Vote for your favourite MTA at http://polls.ausics.net/v3.php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGOSRNsWhAmSIQh7MRAo45AJ9nF8WFlaGlNnDbpfX4DwVjszHHrACgoH3R zlikQHYQZO06N/LsfgRNpTQ= =kwli -----END PGP SIGNATURE----- From a.peacock at chime.ucl.ac.uk Thu May 3 09:09:00 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu May 3 09:09:37 2007 Subject: A lot of spam getting through In-Reply-To: <04D932B0071FE34FA63EBB1977B48D150281747A@woodenex.woodmaclaw.local> References: <04D932B0071FE34FA63EBB1977B48D150281747A@woodenex.woodmaclaw.local> Message-ID: <4639989C.9040204@chime.ucl.ac.uk> Billy A. Pumphrey wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Anthony Peacock >> Sent: Wednesday, May 02, 2007 4:53 AM >> To: MailScanner discussion >> Subject: Re: A lot of spam getting through >> So, help us out and show us the scores and headers from one that does >> get through. We might be able to see where they are failing then. >> >> Even better... Save one of the misdiagnosed emails as a text file, > post >> it to a web address and let us know. We can then run that email > through >> our systems and tell you what scores we get and what rules helped. >> > > I am having trouble getting the testing to work, or knowing how to test > it. I have saved some messages from Oulook with the extension of .msg. > When I run a spamassassin -t message.msg it returns a bunch of junk and > then the score: > > Content analysis details: (51.5 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > -0.0 NO_RELAYS Informational: message was not relayed via > SMTP > 2.5 MISSING_HB_SEP Missing blank line between message header > and body > 2.3 MANGLED_DOSE BODY: mangled dose > 2.3 MANGLED_OFF BODY: mangled off > 2.3 MANGLED_YOUR BODY: mangled your > 2.3 MANGLED_FORM BODY: mangled form > 2.3 MANGLED_HERE BODY: mangled here > 2.3 MANGLED_HALF BODY: mangled half > 2.3 MANGLED_TIME BODY: mangled time > 2.3 MANGLED_MEDS BODY: mangled med(s) > 2.3 MANGLED_GIRL BODY: mangled girl(s) > 2.3 MANGLED_FROM BODY: mangled from > 2.3 MANGLED_LOVE BODY: mangled love > 2.3 MANGLED_TEXT BODY: mangled text > 2.3 MANGLED_LOOK BODY: mangled look(s) > 2.3 MANGLED_SPAM BODY: mangled spam > 2.3 MANGLED_PRIOR BODY: mangled prior > 2.3 MANGLED_PLEASE BODY: mangled please > 2.3 MANGLED_TRNFER BODY: mangled TRANSFER > 2.3 MANGLED_TOOL BODY: mangled tool > 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to > 100% > [score: 1.0000] > 2.2 NULL_IN_BODY FULL: Message has NUL (ASCII 0) byte in > message > 1.8 MISSING_SUBJECT Missing Subject: header > 0.0 UPPERCASE_25_50 message body is 25-50% uppercase > 0.1 TO_CC_NONE No To: or Cc: header > -0.0 NO_RECEIVED Informational: message has no Received > headers > > (then some more junk) > [root@WoodenMS2 spamemail]# > PuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPu > TTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTT > YPuTTYPuTTYPuTTYPuTTYPuTTYTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPu > > > Does the testing support .msg files? Also what is the best way to > convert the email to text and have it correct? I think the msg file format is an Outlook specific file format. You need to find a way to save the messages as plain text files with all the headers intact. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw From prandal at herefordshire.gov.uk Thu May 3 10:47:22 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu May 3 11:16:20 2007 Subject: SpamAssassin 3.2.0 In-Reply-To: <463900B1.8080301@ecs.soton.ac.uk> References: <463900B1.8080301@ecs.soton.ac.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA9223AF@HC-MBX02.herefordshire.gov.uk> Thanks for that, Jules. Basically, what I did was install spamassassin 3.2.0 using your installer and then used CPAN to install Mail::DKIM and Mail::SPF (and a host of dependencies). One thing I found was problems with DNS resolution after installing Mail::SPF from CPAN (all URIBLs failed). I think it's to do with Net::DNS and Net::DNS::Resolver::Programmable, and is probably an issue (reported on the spamassassin-users mailing list) to do with Mail::SPF-2.004 and Net::DNS::Resolver::Programmable-2.002. Mail::SPF-2.005 is due imminently to fix this. In the end to get it to work I had to uninstall any old perl-Net-DNS RPMs and any dependencies, and then force install both Net::DNS::Resolver::Programmable and Net::DNS. It wasn't easy and I'm still not entirely sure of the magical incantations which made it work. All this on CentOS 4.4 and an ancient Fedora Core 1 box. sa-compile works fine after downloading re2c-0.12.0-1.src.rpm sourceforge.net/projects/re2c and rpmbuilding it. Any rules_du_jour scripts and /etc/cron.daily/sa-update will need updating to do a sa-compile if you use it. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: 02 May 2007 22:21 > To: MailScanner discussion > Subject: SpamAssassin 3.2.0 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Well, as someone else has already said, it's been released. > > Its list of requirements has grown quite a lot. In addition > to whatever > else you already have from an existing SA install, you need > to install > this load of Perl modules, in this order: > > YAML -- requires y\n in perl Makefile.PL > ExtUtils::CBuilder > ExtUtils::ParseXS > Module::Build > version > Net::DNS::Resolver::Programmable > Error > NetAddr::IP > Net::DNS >=0.58 > Data::Dump > Encode::Detect > Mail::SPF > Mail::SpamAssassin -- requires \n in perl Makefile.PL > > It puts in a v320.pre into /etc/mail/spamassassin and comes > with a load > of new plugins. Some of them are loaded by the default > supplied v320.pre > file, but here are the ones that aren't: > > Hashcash.pm Rule2XSBody.pm > ASN.pm SpamCop.pm > AutoLearnThreshold.pm SPF.pm > AWL.pm Test.pm > TextCat.pm > MIMEHeader.pm > BodyRuleBaseExtractor.pm OneLineBodyRuleType.pm URIDNSBL.pm > Pyzor.pm > DCC.pm Razor2.pm > RelayCountry.pm WhiteListSubject.pm > ReplaceTags.pm > > My next step is to read the man pages for all of these, and work out > which ones you probably want to load and which ones you > don't, so that > my install script can set you up with a sensible system. One > thing I'm > not installing is support for DKIM which, although available, > requires > so many pre-requisites that it's not feasible for me to do here. You > have to start at the OpenSSL libraries and work your way up :-( > > Once I've got something working here, I'll write up an install script > for it all and wrap it into a package for you. > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.1 (Build 1012) > Charset: ISO-8859-1 > > wj8DBQFGOQEwEfZZRxQVtlQRArCWAJ95n3Z0uHjg/25LaIHPFUauWsZ+vACfYdtP > qjZF/RoldGlTZywtz3b9U/8= > =yA8+ > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From declan.grady at nuvotem.com Thu May 3 12:15:26 2007 From: declan.grady at nuvotem.com (Declan Grady) Date: Thu May 3 12:16:43 2007 Subject: Very newbie relaying question Message-ID: <1DF321991CD3084EAD65737D82C6D07E145A86@sbs1.nuvotem.local> Hi folks, I've just rebuilt my mailscanner+sendmail box using debian etch, and after a lot of head-scratching got it up & running ok. (Old box suffered hardware failure, was a redhat 7 with a lot of patches & updates, etc, but was handy for upgrading mailscanner from rpms.) While watching the spam messages, I've noticed quite a few supposedly coming from my own domain name. I'm 99% sure I can restrict it so that if the sender is supposed to be in my own domain, it must be from a local IP address, otherwise reject it. I have googled, but get lost in all the authentication stuff. My mailscanner box is a gateway - just takes incoming mail, scans & passes on to a windows exchange box, using a sendmail mailertable. What do I need to do to my sendmail config to permit mail from my domain to be only accepted from internal IP's ? I'm guessing I need to change my /etc/mail/access file somehow ? Currently it has (among other things) mydomain.com RELAY localhost.mydomain.com RELAY mail.mydomain.com RELAY mailserver.mydomain.com RELAY mydomain.ie RELAY exchange_server_name RELAY Obviously some of these are not necessary, and are from my tweaking it trying to get it working. Or, is there some clever way to do it. Thinking out loud, all mail from mydomain will come from the exchange server, which has a single fixed IP address - Mabye that is a way to do it ? Thanks for suggestions. From cleveland at winnefox.org Thu May 3 12:52:59 2007 From: cleveland at winnefox.org (Jody Cleveland) Date: Thu May 3 12:53:06 2007 Subject: MailScanner no longer scanning mail Message-ID: Hello, I updated to the latest version of MailScanner on my redhat 5.0 enterprise server, and it's not working properly. Mail is coming into the server, I can see 1500 messages in the postfix queue. But, they just sit there. I'm not seeing any error messages in the maillog. But, it does appear that MS restarts every 5 seconds. Any ideas what may be wrong? - jody From raymond at prolocation.net Thu May 3 12:56:56 2007 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Thu May 3 12:56:56 2007 Subject: MailScanner no longer scanning mail In-Reply-To: References: Message-ID: Hi! > I updated to the latest version of MailScanner on my redhat 5.0 enterprise > server, and it's not working properly. > > Mail is coming into the server, I can see 1500 messages in the postfix > queue. But, they just sit there. I'm not seeing any error messages in the > maillog. But, it does appear that MS restarts every 5 seconds. > > Any ideas what may be wrong? Default answer... : change to debug mode and see what it outputs. Bye, Raymond. From cleveland at winnefox.org Thu May 3 13:16:43 2007 From: cleveland at winnefox.org (Jody Cleveland) Date: Thu May 3 13:16:49 2007 Subject: MailScanner no longer scanning mail In-Reply-To: Message-ID: Hello, > Default answer... : change to debug mode and see what it outputs. Ok, I switched to debug mode, and this is what I get: [root@destiny MailScanner]# service MailScanner start Starting MailScanner daemons: incoming postfix: [ OK ] outgoing postfix: [ OK ] MailScanner: In Debugging mode, not forking... And it just sits there. I sent a few messages to it, but after 10 minutes it still just sat there. So, I ctrl-z'd to get out of it and looked at the maillog. This is what it said: May 3 07:09:17 destiny postfix/postfix-script: starting the Postfix mail system May 3 07:09:17 destiny postfix/master[5525]: daemon started -- version 2.3.3, configuration /etc/postfix May 3 07:09:17 destiny postfix/qmgr[5535]: warning: bounce_queue_lifetime is larger than maximal_queue_lifetime - adjusting bounce_queue_lifetime May 3 07:09:19 destiny MailScanner[5543]: MailScanner E-Mail Virus Scanner version 4.59.4 starting... May 3 07:09:19 destiny MailScanner[5543]: Read 778 hostnames from the phishing whitelist May 3 07:09:19 destiny MailScanner[5543]: Config: calling custom init function SQLBlacklist May 3 07:09:19 destiny MailScanner[5543]: Starting up SQL Blacklist May 3 07:09:19 destiny MailScanner[5543]: Read 29 blacklist entries May 3 07:09:19 destiny MailScanner[5543]: Config: calling custom init function MailWatchLogging May 3 07:09:19 destiny MailScanner[5543]: Started SQL Logging child May 3 07:09:19 destiny MailScanner[5543]: Config: calling custom init function SQLWhitelist May 3 07:09:19 destiny MailScanner[5543]: Starting up SQL Whitelist May 3 07:09:19 destiny MailScanner[5543]: Read 59 whitelist entries May 3 07:09:19 destiny MailScanner[5543]: Using SpamAssassin results cache May 3 07:09:19 destiny MailScanner[5543]: Connected to SpamAssassin cache database May 3 07:09:19 destiny MailScanner[5543]: Enabling SpamAssassin auto-whitelist functionality... May 3 07:09:22 destiny MailScanner[5543]: lock.pl sees Config LockType = flock May 3 07:09:22 destiny MailScanner[5543]: lock.pl sees have_module = 0 May 3 07:09:22 destiny MailScanner[5543]: Using locktype = flock May 3 07:09:22 destiny MailScanner[5543]: New Batch: Found 1420 messages waiting May 3 07:09:22 destiny MailScanner[5543]: New Batch: Scanning 30 messages, 151181 bytes May 3 07:09:22 destiny MailScanner[5543]: Created attachment dirs for 30 messages May 3 07:09:43 destiny MailScanner[5543]: RBL Checks: returned 0 May 3 07:09:43 destiny MailScanner[5543]: SpamAssassin cache hit for message D20223E425E.0C4FB May 3 07:09:48 destiny postfix/smtpd[5556]: connect from unknown[203.188.225.208] May 3 07:09:50 destiny postfix/smtpd[5556]: 435F83E4380: client=unknown[203.188.225.208] May 3 07:09:50 destiny postfix/smtpd[5554]: connect from static-66-16-148-219.dsl.cavtel.net[66.16.148.219] May 3 07:09:50 destiny postfix/smtpd[5554]: E7C293E4382: client=static-66-16-148-219.dsl.cavtel.net[66.16.148.219] May 3 07:09:51 destiny postfix/cleanup[5571]: E7C293E4382: hold: header Received: from static-66-16-148-219.dsl.cavtel.net (static-66-16-148-219.dsl.cavtel.net [66.16.148.219])??by destiny.winnefox.org (Postfix) with SMTP id E7C293E4382??for to= proto=SMTP helo= May 3 07:09:51 destiny postfix/cleanup[5571]: E7C293E4382: message-id=<20070503120950.E7C293E4382@destiny.winnefox.org> May 3 07:09:51 destiny postfix/smtpd[5554]: disconnect from static-66-16-148-219.dsl.cavtel.net[66.16.148.219] Is that helpful at all? - jody From ms-list at alexb.ch Thu May 3 13:39:06 2007 From: ms-list at alexb.ch (Alex Broens) Date: Thu May 3 13:39:14 2007 Subject: MailScanner no longer scanning mail In-Reply-To: References: Message-ID: <4639D7EA.6090504@alexb.ch> On 5/3/2007 2:16 PM, Jody Cleveland wrote: > Hello, > >> Default answer... : change to debug mode and see what it outputs. > > Ok, I switched to debug mode, and this is what I get: > > [root@destiny MailScanner]# service MailScanner start > Starting MailScanner daemons: > incoming postfix: [ OK ] > outgoing postfix: [ OK ] > MailScanner: In Debugging mode, not forking... > > > And it just sits there. I sent a few messages to it, but after 10 minutes it > still just sat there. So, I ctrl-z'd to get out of it and looked at the > maillog. This is what it said: > > May 3 07:09:17 destiny postfix/postfix-script: starting the Postfix mail > system > May 3 07:09:17 destiny postfix/master[5525]: daemon started -- version > 2.3.3, configuration /etc/postfix > May 3 07:09:17 destiny postfix/qmgr[5535]: warning: bounce_queue_lifetime > is larger than maximal_queue_lifetime - adjusting bounce_queue_lifetime fix that and I'd bet it will work Alex From cleveland at winnefox.org Thu May 3 14:14:34 2007 From: cleveland at winnefox.org (Jody Cleveland) Date: Thu May 3 14:14:40 2007 Subject: MailScanner no longer scanning mail In-Reply-To: <4639D7EA.6090504@alexb.ch> Message-ID: On 5/3/07 7:39 AM, "Alex Broens" wrote: >> May 3 07:09:17 destiny postfix/postfix-script: starting the Postfix mail >> system >> May 3 07:09:17 destiny postfix/master[5525]: daemon started -- version >> 2.3.3, configuration /etc/postfix >> May 3 07:09:17 destiny postfix/qmgr[5535]: warning: bounce_queue_lifetime >> is larger than maximal_queue_lifetime - adjusting bounce_queue_lifetime > > fix that and I'd bet it will work Ok, I fixed that. If I tail the maillog, I can see mail come in and get processed. But, the queue just keeps filling, and nothing actually gets delivered. - jody From ms-list at alexb.ch Thu May 3 14:31:31 2007 From: ms-list at alexb.ch (Alex Broens) Date: Thu May 3 14:31:41 2007 Subject: MailScanner no longer scanning mail In-Reply-To: References: Message-ID: <4639E433.4020100@alexb.ch> On 5/3/2007 3:14 PM, Jody Cleveland wrote: > > > On 5/3/07 7:39 AM, "Alex Broens" wrote: > >>> May 3 07:09:17 destiny postfix/postfix-script: starting the Postfix mail >>> system >>> May 3 07:09:17 destiny postfix/master[5525]: daemon started -- version >>> 2.3.3, configuration /etc/postfix >>> May 3 07:09:17 destiny postfix/qmgr[5535]: warning: bounce_queue_lifetime >>> is larger than maximal_queue_lifetime - adjusting bounce_queue_lifetime >> fix that and I'd bet it will work > > Ok, I fixed that. If I tail the maillog, I can see mail come in and get > processed. But, the queue just keeps filling, and nothing actually gets > delivered. assuming postfixis correctly configured for postfix (permsisions wise)hot in the dark: From ms-list at alexb.ch Thu May 3 14:36:00 2007 From: ms-list at alexb.ch (Alex Broens) Date: Thu May 3 14:36:04 2007 Subject: MailScanner no longer scanning mail In-Reply-To: References: Message-ID: <4639E540.9070004@alexb.ch> On 5/3/2007 3:14 PM, Jody Cleveland wrote: > > > On 5/3/07 7:39 AM, "Alex Broens" wrote: > >>> May 3 07:09:17 destiny postfix/postfix-script: starting the Postfix mail >>> system >>> May 3 07:09:17 destiny postfix/master[5525]: daemon started -- version >>> 2.3.3, configuration /etc/postfix >>> May 3 07:09:17 destiny postfix/qmgr[5535]: warning: bounce_queue_lifetime >>> is larger than maximal_queue_lifetime - adjusting bounce_queue_lifetime >> fix that and I'd bet it will work > > Ok, I fixed that. If I tail the maillog, I can see mail come in and get > processed. But, the queue just keeps filling, and nothing actually gets > delivered. Opps - pressed wrong key - sent too fast! assuming postfix is correctly configured for MailScanner - queue path & permissions shot in the dark: try setting: MailScanner.conf # 5 for only one CPU Max Children = 10 # set to 10 if you have only one CPU Queue Scan Interval = 13 Max Unscanned Bytes Per Scan = 100m Max Unsafe Bytes Per Scan = 50m Max Unscanned Messages Per Scan = 5 Max Unsafe Messages Per Scan = 5 Alex From steinkel at pa.net Thu May 3 15:06:54 2007 From: steinkel at pa.net (Leland J. Steinke) Date: Thu May 3 15:08:12 2007 Subject: MailScanner no longer scanning mail In-Reply-To: <4639E540.9070004@alexb.ch> References: <4639E540.9070004@alexb.ch> Message-ID: <4639EC7E.5060108@pa.net> Another thing to try would be to kill the MailScanner processes running in the background and do "check_mailscanner" at the command line, so as to see all the helpful debug messages that will go whizzing by. Leland From support-lists at petdoctors.co.uk Thu May 3 15:04:58 2007 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu May 3 15:13:08 2007 Subject: A lot of spam getting through In-Reply-To: <4639989C.9040204@chime.ucl.ac.uk> Message-ID: <015701c78d8c$0893a4a0$0202fea9@support01> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Anthony Peacock Sent: Thursday, May 03, 2007 9:09 AM To: MailScanner discussion Subject: Re: A lot of spam getting through > > Does the testing support .msg files? Also what is the best way to > convert the email to text and have it correct? I think the msg file format is an Outlook specific file format. You need to find a way to save the messages as plain text files with all the headers intact. Our corporate standard is Outlook, but if I want to check a message, I forward it to my 'spam@...' account and then pick it up in Thunderbird. Life gets easier then! From cleveland at winnefox.org Thu May 3 15:23:16 2007 From: cleveland at winnefox.org (Jody Cleveland) Date: Thu May 3 15:23:18 2007 Subject: MailScanner no longer scanning mail In-Reply-To: <4639EC7E.5060108@pa.net> Message-ID: On 5/3/07 9:06 AM, "Leland J. Steinke" wrote: > Another thing to try would be to kill the MailScanner processes running > in the background and do "check_mailscanner" at the command line, so as > to see all the helpful debug messages that will go whizzing by. That gave me this: [root@destiny ~]# check_mailscanner Starting MailScanner... Done. - jody From adrian at senn.ch Thu May 3 15:37:58 2007 From: adrian at senn.ch (Adrian Senn) Date: Thu May 3 15:38:02 2007 Subject: Postfix analyzer to blocking ip addresses Message-ID: <4639F3C6.1070401@senn.ch> Hello all I'm searching a script which has the possibility to write some ip addresses, which are sending to much spam, into the postscript reject files. The actual spam run is breaking the greylisting and i see a lot of log entries in the log from mailscanner. It would be very nice if there is something around the world :-) Regards Adrian From cleveland at winnefox.org Thu May 3 15:47:33 2007 From: cleveland at winnefox.org (Jody Cleveland) Date: Thu May 3 15:47:36 2007 Subject: MailScanner no longer scanning mail In-Reply-To: <4639E540.9070004@alexb.ch> Message-ID: On 5/3/07 8:36 AM, "Alex Broens" wrote: > Opps - pressed wrong key - sent too fast! > > assuming postfix is correctly configured for MailScanner - queue path & > permissions > > shot in the dark: > > try setting: > > MailScanner.conf > > # 5 for only one CPU > Max Children = 10 > > # set to 10 if you have only one CPU > Queue Scan Interval = 13 > > Max Unscanned Bytes Per Scan = 100m > Max Unsafe Bytes Per Scan = 50m > Max Unscanned Messages Per Scan = 5 > Max Unsafe Messages Per Scan = 5 My, how the floodgates have opened! That took care of it. And, now, MS is whittling away at the queue. With that said, why would those changes fix it? Is there something with the new version that changed something with that? - jody From mogens at fumlersoft.dk Thu May 3 15:48:14 2007 From: mogens at fumlersoft.dk (Mogens Melander) Date: Thu May 3 15:48:56 2007 Subject: Postfix analyzer to blocking ip addresses In-Reply-To: <4639F3C6.1070401@senn.ch> References: <4639F3C6.1070401@senn.ch> Message-ID: <2928.90.184.17.152.1178203694.squirrel@mail.fumlersoft.dk> On Thu, May 3, 2007 16:37, Adrian Senn wrote: > Hello all > > I'm searching a script which has the possibility to write some ip > addresses, which are sending to much spam, into the postscript > reject files. > > The actual spam run is breaking the greylisting and i see a lot of > log entries in the log from mailscanner. > > It would be very nice if there is something around the world :-) > > Regards Adrian Well, i'm having a lot of fun getting sshblack daemon to block all kinds of unwanted trafic. I'm shure it can be modified to do exactly what you want. Have a look at: http://www.pettingers.org/code/sshblack.html -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu May 3 16:01:09 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 3 16:06:36 2007 Subject: A lot of spam getting through In-Reply-To: <015701c78d8c$0893a4a0$0202fea9@support01> References: <015701c78d8c$0893a4a0$0202fea9@support01> Message-ID: <4639F935.6080800@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nigel Kendrick wrote: > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Anthony > Peacock > Sent: Thursday, May 03, 2007 9:09 AM > To: MailScanner discussion > Subject: Re: A lot of spam getting through > >> Does the testing support .msg files? Also what is the best way to >> convert the email to text and have it correct? >> > > I think the msg file format is an Outlook specific file format. You > need to find a way to save the messages as plain text files with all the > headers intact. > In Outlook, in the View menu, there is a View Options... option (at the bottom I think?). In there you can view the "Internet Source" of the message which is the raw text of the message including all headers. You can copy to the clipboard from there. I think that's where it is :-) > > > > Our corporate standard is Outlook, but if I want to check a message, I > forward it to my 'spam@...' account and then pick it up in Thunderbird. Life > gets easier then! > > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGOfpdEfZZRxQVtlQRAjohAKD7hcbgDL29JdfgMMzp5j2SogFtagCfa8J1 eCDKxPslWB2lOUrioqjzO1E= =izJC -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ms-list at alexb.ch Thu May 3 16:07:11 2007 From: ms-list at alexb.ch (Alex Broens) Date: Thu May 3 16:07:19 2007 Subject: MailScanner no longer scanning mail In-Reply-To: References: Message-ID: <4639FA9F.6000808@alexb.ch> On 5/3/2007 4:47 PM, Jody Cleveland wrote: > On 5/3/07 8:36 AM, "Alex Broens" wrote: > >> Opps - pressed wrong key - sent too fast! >> >> assuming postfix is correctly configured for MailScanner - queue path & >> permissions >> >> shot in the dark: >> >> try setting: >> >> MailScanner.conf >> >> # 5 for only one CPU >> Max Children = 10 >> >> # set to 10 if you have only one CPU >> Queue Scan Interval = 13 >> >> Max Unscanned Bytes Per Scan = 100m >> Max Unsafe Bytes Per Scan = 50m >> Max Unscanned Messages Per Scan = 5 >> Max Unsafe Messages Per Scan = 5 > > My, how the floodgates have opened! > > That took care of it. And, now, MS is whittling away at the queue. > > With that said, why would those changes fix it? Is there something with the > new version that changed something with that? glad to hear your MS is purring again afaik, it comes to a point that if MS' threads doesn't get enough air between checking for msgs to process, they race to catch the same msg, and msgs get processed over and over again, till a msg has been processed a few hundred times and then finally delivered to the MTA. I've seen this happen with older versions, under a default config, as well so I don't think it has anything to do with th MS version - more a configuration/tuning thing. You'll need to play around with the threads and msgs per scan settings till you get the right balance for your hardware/traffic/bandwidth requirements. Alex From MailScanner at ecs.soton.ac.uk Thu May 3 16:06:11 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 3 16:12:34 2007 Subject: MailScanner no longer scanning mail In-Reply-To: References: Message-ID: <4639FA63.5000505@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jody Cleveland wrote: > Hello, > > >> Default answer... : change to debug mode and see what it outputs. >> > > Ok, I switched to debug mode, and this is what I get: > > [root@destiny MailScanner]# service MailScanner start > Starting MailScanner daemons: > incoming postfix: [ OK ] > outgoing postfix: [ OK ] > MailScanner: In Debugging mode, not forking... > > > And it just sits there. I sent a few messages to it, but after 10 minutes it > still just sat there. So, I ctrl-z'd to get out of it and looked at the > maillog. This is what it said: > > May 3 07:09:17 destiny postfix/postfix-script: starting the Postfix mail > system > May 3 07:09:17 destiny postfix/master[5525]: daemon started -- version > 2.3.3, configuration /etc/postfix > May 3 07:09:17 destiny postfix/qmgr[5535]: warning: bounce_queue_lifetime > is larger than maximal_queue_lifetime - adjusting bounce_queue_lifetime > May 3 07:09:19 destiny MailScanner[5543]: MailScanner E-Mail Virus Scanner > version 4.59.4 starting... > May 3 07:09:19 destiny MailScanner[5543]: Read 778 hostnames from the > phishing whitelist > May 3 07:09:19 destiny MailScanner[5543]: Config: calling custom init > function SQLBlacklist > May 3 07:09:19 destiny MailScanner[5543]: Starting up SQL Blacklist > May 3 07:09:19 destiny MailScanner[5543]: Read 29 blacklist entries > May 3 07:09:19 destiny MailScanner[5543]: Config: calling custom init > function MailWatchLogging > May 3 07:09:19 destiny MailScanner[5543]: Started SQL Logging child > May 3 07:09:19 destiny MailScanner[5543]: Config: calling custom init > function SQLWhitelist > May 3 07:09:19 destiny MailScanner[5543]: Starting up SQL Whitelist > May 3 07:09:19 destiny MailScanner[5543]: Read 59 whitelist entries > May 3 07:09:19 destiny MailScanner[5543]: Using SpamAssassin results cache > May 3 07:09:19 destiny MailScanner[5543]: Connected to SpamAssassin cache > database > May 3 07:09:19 destiny MailScanner[5543]: Enabling SpamAssassin > auto-whitelist functionality... > May 3 07:09:22 destiny MailScanner[5543]: lock.pl sees Config LockType = > flock > May 3 07:09:22 destiny MailScanner[5543]: lock.pl sees have_module = 0 > May 3 07:09:22 destiny MailScanner[5543]: Using locktype = flock > May 3 07:09:22 destiny MailScanner[5543]: New Batch: Found 1420 messages > waiting > May 3 07:09:22 destiny MailScanner[5543]: New Batch: Scanning 30 messages, > 151181 bytes > May 3 07:09:22 destiny MailScanner[5543]: Created attachment dirs for 30 > messages > May 3 07:09:43 destiny MailScanner[5543]: RBL Checks: returned 0 > May 3 07:09:43 destiny MailScanner[5543]: SpamAssassin cache hit for > message D20223E425E.0C4FB > May 3 07:09:48 destiny postfix/smtpd[5556]: connect from > unknown[203.188.225.208] > May 3 07:09:50 destiny postfix/smtpd[5556]: 435F83E4380: > client=unknown[203.188.225.208] > May 3 07:09:50 destiny postfix/smtpd[5554]: connect from > static-66-16-148-219.dsl.cavtel.net[66.16.148.219] > May 3 07:09:50 destiny postfix/smtpd[5554]: E7C293E4382: > client=static-66-16-148-219.dsl.cavtel.net[66.16.148.219] > May 3 07:09:51 destiny postfix/cleanup[5571]: E7C293E4382: hold: header > Received: from static-66-16-148-219.dsl.cavtel.net > (static-66-16-148-219.dsl.cavtel.net [66.16.148.219])??by > destiny.winnefox.org (Postfix) with SMTP id E7C293E4382??for > static-66-16-148-219.dsl.cavtel.net[66.16.148.219]; > from= > to= proto=SMTP > helo= > May 3 07:09:51 destiny postfix/cleanup[5571]: E7C293E4382: > message-id=<20070503120950.E7C293E4382@destiny.winnefox.org> > May 3 07:09:51 destiny postfix/smtpd[5554]: disconnect from > static-66-16-148-219.dsl.cavtel.net[66.16.148.219] > > Is that helpful at all? > Do service MailScanner stop then wait a few seconds, then service MailScaner startin and that should start incoming mail going into the queue that feeds MailScanner, without starting MailScanner itself at all. So then do MailScanner -debug and see what it says. It will sit and wait until it has at least 1 message to process, then it will process them completely, then gracefully die of old age. Post the entire output of that command. Then service MailScanner stop again so the incoming queue doesn't keep building up. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGOfuIEfZZRxQVtlQRAiCpAKDXOPT7WwMDyKHwAvnNyAEMsS/DdwCg0z/L Zgkbp+dB9G++9uqTfaqLQ+8= =IDs4 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From mailscanner at yeticomputers.com Thu May 3 16:39:15 2007 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Thu May 3 16:32:34 2007 Subject: 32 bit distro or 64? In-Reply-To: <463904BA.4040402@sendit.nodak.edu> References: <463900F6.1070103@yeticomputers.com> <463904BA.4040402@sendit.nodak.edu> Message-ID: <463A0223.3000803@yeticomputers.com> Richard Frovarp wrote: > Couldn't you just run the 32bit versions of the virus scanners? We're > not talking about full 64 bit like Itaniums or any other number of > other processors out there. We're just talking about 64 bit extended > OSs. I run plenty of 32bit applications on my 64bit OS without any > problems. Of course I have the 32bit and 64bit versions of all the > libraries installed to do this. > > Richard Yes. It is normally not a problem (although I would not say "never", since I have had issues with some apps simply not working in a 64-bit environment, 32-bit version or not) to run 32-bit apps. However, I don't really see the point of running a 64-bit OS if one is going to run a bunch of 32-bit apps for "compatibility". It's a personal call, of course. For mission critical apps, I prefer to run software than was designed specifically to work properly in the environment I'm using. But... I break that rule sometimes, so I guess I can't fault anyone else for doing so. :) Still, it is much easier to get support from a vendor if you're using their software the way that they intended. I can already hear, "Oh, I'm sorry, we don't support that product running on a 64-bit OS." Even if the problem you're having is not related to the OS at all. Just something to consider. Rick From carles at unlimitedmail.org Thu May 3 17:12:20 2007 From: carles at unlimitedmail.org (Carles Xavier Munyoz =?iso-8859-1?q?Bald=F3?=) Date: Thu May 3 17:12:38 2007 Subject: Very newbie relaying question In-Reply-To: <1DF321991CD3084EAD65737D82C6D07E145A86@sbs1.nuvotem.local> References: <1DF321991CD3084EAD65737D82C6D07E145A86@sbs1.nuvotem.local> Message-ID: <200705031812.20616.carles@unlimitedmail.org> Hi, You need to setup SPF in your domain's DNS database. More info in google ;-D Greetings. On Thursday 03 May 2007, Declan Grady wrote: > Hi folks, > I've just rebuilt my mailscanner+sendmail box using debian etch, and > after a lot of head-scratching got it up & running ok. > (Old box suffered hardware failure, was a redhat 7 with a lot of patches > & updates, etc, but was handy for upgrading mailscanner from rpms.) > > While watching the spam messages, I've noticed quite a few supposedly > coming from my own domain name. > > I'm 99% sure I can restrict it so that if the sender is supposed to be > in my own domain, it must be from a local IP address, otherwise reject > it. > > I have googled, but get lost in all the authentication stuff. > > My mailscanner box is a gateway - just takes incoming mail, scans & > passes on to a windows exchange box, using a sendmail mailertable. > > What do I need to do to my sendmail config to permit mail from my domain > to be only accepted from internal IP's ? > > I'm guessing I need to change my /etc/mail/access file somehow ? > Currently it has (among other things) > > mydomain.com RELAY > localhost.mydomain.com RELAY > mail.mydomain.com RELAY > mailserver.mydomain.com RELAY > mydomain.ie RELAY > exchange_server_name RELAY > > Obviously some of these are not necessary, and are from my tweaking it > trying to get it working. > > Or, is there some clever way to do it. > > > Thinking out loud, all mail from mydomain will come from the exchange > server, which has a single fixed IP address - Mabye that is a way to do > it ? > > Thanks for suggestions. -- --- Carles Xavier Munyoz Bald? cmunyoz@unlimitedmail.net http://www.unlimitedmail.net/ --- From r.berber at computer.org Thu May 3 18:19:01 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Thu May 3 18:19:20 2007 Subject: Very newbie relaying question In-Reply-To: <1DF321991CD3084EAD65737D82C6D07E145A86@sbs1.nuvotem.local> References: <1DF321991CD3084EAD65737D82C6D07E145A86@sbs1.nuvotem.local> Message-ID: Declan Grady wrote: [snip] > What do I need to do to my sendmail config to permit mail from my domain > to be only accepted from internal IP's ? > > I'm guessing I need to change my /etc/mail/access file somehow ? > Currently it has (among other things) > > mydomain.com RELAY > localhost.mydomain.com RELAY > mail.mydomain.com RELAY > mailserver.mydomain.com RELAY > mydomain.ie RELAY > exchange_server_name RELAY You are using the old syntax, which may not be what you want. If all your server IPs are public then you are on the right track, if your servers have internal/external addresses you are better off using the internal ones. An example of what you can do is access as: # Allow relying from LAN Connect:192.168.0 RELAY Connect:127.0.0.1 RELAY Connect:exchange_server_IP RELAY # Whitelist Connect:other_external_IP RELAY And don't forget to 'compile' access (i.e. makemap hash /etc/mail/access < /etc/mail/access). -- Ren? Berber From KGoods at AIAInsurance.com Thu May 3 18:18:25 2007 From: KGoods at AIAInsurance.com (Ken Goods) Date: Thu May 3 18:19:44 2007 Subject: Very newbie relaying question Message-ID: <13C0059880FDD3118DC600508B6D4A6D01C29372@aiainsurance.com> Declan Grady wrote: > Hi folks, > I've just rebuilt my mailscanner+sendmail box using debian etch, and > after a lot of head-scratching got it up & running ok. > (Old box suffered hardware failure, was a redhat 7 with a lot of > patches & updates, etc, but was handy for upgrading mailscanner from > rpms.) > > While watching the spam messages, I've noticed quite a few supposedly > coming from my own domain name. > Thanks for suggestions. If there really isn't any spam originating from your own domains, look into trusted networks, or even easier, just whitelist your domain(s). I've been running the same setup (e.g. MailScanner filter feeding an exchange box) for a couple years now so if you have any other questions feel free to contact me on list or directly. HTH Kind regards, Ken Ken Goods Network Administrator CropUSA Insurance, Inc. From lundin at fini.net Thu May 3 18:26:14 2007 From: lundin at fini.net (John Lundin) Date: Thu May 3 18:27:12 2007 Subject: SpamAssassin 3.2.0 In-Reply-To: <463900B1.8080301@ecs.soton.ac.uk> References: <463900B1.8080301@ecs.soton.ac.uk> Message-ID: <20070503172614.GA31837@fini.net> On Wed, May 02, 2007 at 10:20:49PM +0100, Julian Field wrote: > Its list of requirements has grown quite a lot. In addition to whatever > else you already have from an existing SA install, you need to install > this load of Perl modules, in this order: > > ... One thing I'm not installing is support for DKIM which, although > available, requires so many pre-requisites that it's not feasible > for me to do here. FWIW, DAG's repository now contains SA3.2.0 and Encode::Detect and Mail::SPF -and- Mail::DKIM ! :-) So if you're running RHEL4 or Centos4, that's a place to look. http://dag.wieers.com/rpm/packages/ Unfortunately, they don't appear to have propagated to Dries' repository or even DAG's master rpmforge listing yet. The perl-Mail-DKIM source rpm compiled and appears to run on Fedora. re2c is available from sourceforge as a src.rpm. As such, it builds and runs under Fedora and Centos. Not using it in production yet. From spamtrap71892316634 at anime.net Thu May 3 18:42:02 2007 From: spamtrap71892316634 at anime.net (Dan Hollis) Date: Thu May 3 18:42:07 2007 Subject: 32 bit distro or 64? In-Reply-To: <463A0223.3000803@yeticomputers.com> References: <463900F6.1070103@yeticomputers.com> <463904BA.4040402@sendit.nodak.edu> <463A0223.3000803@yeticomputers.com> Message-ID: On Thu, 3 May 2007, Rick Chadderdon wrote: > Still, it is much easier to get support from a vendor if you're using > their software the way that they intended. I can already hear, "Oh, I'm > sorry, we don't support that product running on a 64-bit OS." Even if > the problem you're having is not related to the OS at all. Just > something to consider. In this case you vote with your wallet and find another vendor. Works for me anyway :) -Dan From jan-peter at koopmann.eu Thu May 3 18:53:06 2007 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Thu May 3 18:53:15 2007 Subject: ANNOUNCE: MailScanner stable 4.59 In-Reply-To: <4635B2C4.50004@ecs.soton.ac.uk> References: <4635B2C4.50004@ecs.soton.ac.uk> Message-ID: On SHA1 wrote: > I have just released a new stable version, 4.59. The main new > features this month are > FreeBSD port has just been submitted. Thanks Julian! From amaclach at yahoo.co.uk Thu May 3 20:06:24 2007 From: amaclach at yahoo.co.uk (Andrew MacLachlan) Date: Thu May 3 20:06:28 2007 Subject: Testing the anti-virus stack Message-ID: <642167.17343.qm@web26301.mail.ukl.yahoo.com> OK - I'm pulling what's left of my hair out here trying to test Avast. What I think is happening is that MailScanner is blocking all the test files before they get to the virus scanner. How do I know when the virus scanner has picked up a virus (Nothing in the maillog)?? I also need to get the output strings so that I can configure MailWatch for avastd. I've already turned clam off. If anyone has something infected feel free to send it to andy.mac@global-domination.org Cheers,Andy ----- Original Message ---- From: Dan Hollis To: MailScanner discussion Sent: Thursday, 3 May, 2007 6:42:02 PM Subject: Re: 32 bit distro or 64? On Thu, 3 May 2007, Rick Chadderdon wrote: > Still, it is much easier to get support from a vendor if you're using > their software the way that they intended. I can already hear, "Oh, I'm > sorry, we don't support that product running on a 64-bit OS." Even if > the problem you're having is not related to the OS at all. Just > something to consider. In this case you vote with your wallet and find another vendor. Works for me anyway :) -Dan -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From uxbod at splatnix.net Thu May 3 20:21:14 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu May 3 20:21:24 2007 Subject: Testing the anti-virus stack In-Reply-To: <642167.17343.qm@web26301.mail.ukl.yahoo.com> References: <642167.17343.qm@web26301.mail.ukl.yahoo.com> Message-ID: <051aabc2a3a191af981ddf4e54b7d2de@62.49.223.244> Why not run in debug mode and test with eicar.com ? On Thu, 3 May 2007 19:06:24 +0000 (GMT), Andrew MacLachlan wrote: > OK - I'm pulling what's left of my hair out here trying to test Avast. > What I think is happening is that MailScanner is blocking all the test > files before they get to the virus scanner. > > How do I know when the virus scanner has picked up a virus (Nothing in the > maillog)?? > I also need to get the output strings so that I can configure MailWatch > for avastd. I've already turned clam off. > > If anyone has something infected feel free to send it to > andy.mac@global-domination.org > > Cheers,Andy > > > ----- Original Message ---- > From: Dan Hollis > To: MailScanner discussion > Sent: Thursday, 3 May, 2007 6:42:02 PM > Subject: Re: 32 bit distro or 64? > > On Thu, 3 May 2007, Rick Chadderdon wrote: >> Still, it is much easier to get support from a vendor if you're using >> their software the way that they intended. I can already hear, "Oh, I'm >> sorry, we don't support that product running on a 64-bit OS." Even if >> the problem you're having is not related to the OS at all. Just >> something to consider. > > In this case you vote with your wallet and find another vendor. Works for > me anyway :) > > -Dan > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is > believed to be clean. -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 // Phone: +44 (0) 845 869 2749 SIP: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dominian at slackadelic.com Thu May 3 21:44:29 2007 From: dominian at slackadelic.com (Matt Hayes) Date: Thu May 3 21:44:41 2007 Subject: Looks like permissions, but unsure where Message-ID: <463A49AD.9020203@slackadelic.com> Ok all, Just upgraded to the newest MailScanner, did everything like I normally do.. switched to clamd and I'm getting this: MailScanner[20004]: ./18D72272A.1574D.header: Unable to create temporary directory Now, at first I thought it was clamd, switched it to clamav and still getting the same thing. Any good ideas where to look? Thanks, Matt From dominian at slackadelic.com Thu May 3 22:16:59 2007 From: dominian at slackadelic.com (Matt Hayes) Date: Thu May 3 22:17:15 2007 Subject: [Solved] Looks like permissions, but unsure where In-Reply-To: <463A49AD.9020203@slackadelic.com> References: <463A49AD.9020203@slackadelic.com> Message-ID: <463A514B.1040909@slackadelic.com> Matt Hayes wrote: > Ok all, > > Just upgraded to the newest MailScanner, did everything like I normally > do.. switched to clamd and I'm getting this: > > MailScanner[20004]: ./18D72272A.1574D.header: Unable to create temporary > directory > > > Now, at first I thought it was clamd, switched it to clamav and still > getting the same thing. Any good ideas where to look? > > > > Thanks, > > Matt > Nevermind. If I had been a smart man and used DEBUGGING ... I would've found that it was looking to use /dev/shm to speed up the processing of the email. It seems with the new MailScanner it wants to use /dev/shm. What I found was that on whitelisted addresses I didn't get this error. On anything else, I did. So, once I mounted /dev/shm and all is well. Thanks, Matt From mailscanner at yeticomputers.com Thu May 3 22:17:38 2007 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Thu May 3 22:17:48 2007 Subject: 32 bit distro or 64? In-Reply-To: References: <463900F6.1070103@yeticomputers.com> <463904BA.4040402@sendit.nodak.edu> <463A0223.3000803@yeticomputers.com> Message-ID: <463A5172.8090704@yeticomputers.com> Dan Hollis wrote: > On Thu, 3 May 2007, Rick Chadderdon wrote: >> Still, it is much easier to get support from a vendor if you're using >> their software the way that they intended. I can already hear, "Oh, I'm >> sorry, we don't support that product running on a 64-bit OS." Even if >> the problem you're having is not related to the OS at all. Just >> something to consider. > > In this case you vote with your wallet and find another vendor. Works > for me anyway :) Oh, absolutely. But, it doesn't stop it from being a genuine issue. And, sometimes, you'll find that there is *not* a vendor that offers the service/product you want, the way you want it. I'm a very independent person, so I'll do things my own way regardless of what support I can get. I do recognize, however, that this is not the best solution for everyone. And, being self-employed, I can only shoot myself in the foot. If you work for someone else, it's important to understand how they feel about such issues. "Sir, we have to switch away from "Company A" because I chose solution X, and they won't support it," just might cause a bit of a ruckus if the company has a lot of money tied up in Company A's products. The old "Nobody ever got fired for buying IBM" argument. Sadly, due to the typical corporate mindset, it has some merit. Rick From dominian at slackadelic.com Thu May 3 22:23:12 2007 From: dominian at slackadelic.com (Matt Hayes) Date: Thu May 3 22:23:26 2007 Subject: [Solved] Looks like permissions, but unsure where In-Reply-To: <463A514B.1040909@slackadelic.com> References: <463A49AD.9020203@slackadelic.com> <463A514B.1040909@slackadelic.com> Message-ID: <463A52C0.3060207@slackadelic.com> Matt Hayes wrote: > Matt Hayes wrote: >> Ok all, >> >> Just upgraded to the newest MailScanner, did everything like I >> normally do.. switched to clamd and I'm getting this: >> >> MailScanner[20004]: ./18D72272A.1574D.header: Unable to create >> temporary directory >> >> >> Now, at first I thought it was clamd, switched it to clamav and still >> getting the same thing. Any good ideas where to look? >> >> >> >> Thanks, >> >> Matt >> > > > Nevermind. If I had been a smart man and used DEBUGGING ... I would've > found that it was looking to use /dev/shm to speed up the processing of > the email. > > > It seems with the new MailScanner it wants to use /dev/shm. What I > found was that on whitelisted addresses I didn't get this error. On > anything else, I did. So, once I mounted /dev/shm and all is well. > Check that; check_mailscanner looks to see if /dev/shm is available.. if it does.. it forces SpamAssassin to use that instead. Dunno why this wasn't being used on the other install I had. -Matt From drew at technologytiger.net Thu May 3 23:02:44 2007 From: drew at technologytiger.net (Drew Marshall) Date: Thu May 3 23:03:08 2007 Subject: ANNOUNCE: MailScanner stable 4.59 In-Reply-To: References: <4635B2C4.50004@ecs.soton.ac.uk> Message-ID: On 3 May 2007, at 18:53, Koopmann, Jan-Peter wrote: > On SHA1 wrote: > >> I have just released a new stable version, 4.59. The main new >> features this month are >> > > FreeBSD port has just been submitted. Thanks Julian! Thanks JP. Could really do with that clamd option as the clamscan perl module has gone and broken on my box for no apparent reason (As my thread of the same subject says). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by the Technology Tiger MailScanner. Further information can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From drew at technologytiger.net Thu May 3 23:06:52 2007 From: drew at technologytiger.net (Drew Marshall) Date: Thu May 3 23:07:17 2007 Subject: Looks like permissions, but unsure where In-Reply-To: <463A49AD.9020203@slackadelic.com> References: <463A49AD.9020203@slackadelic.com> Message-ID: <2F4FF868-1C27-4485-AF50-4EB5EB3D846C@technologytiger.net> On 3 May 2007, at 21:44, Matt Hayes wrote: > Ok all, > > Just upgraded to the newest MailScanner, did everything like I > normally do.. switched to clamd and I'm getting this: > > MailScanner[20004]: ./18D72272A.1574D.header: Unable to create > temporary directory > > > Now, at first I thought it was clamd, switched it to clamav and > still getting the same thing. Any good ideas where to look? Looks like a Postfix queue reference so I'll venture /var/spool/ MailScanner/incoming would be a good place to begin This is one of the complications of running Postfix. It's secure in so much as nothing has an elevated user status but it does make permissions a challenge particularly as Clam does the same thing and MailScanner needs to run a both. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by the Technology Tiger MailScanner. Further information can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From alex at nkpanama.com Thu May 3 23:15:24 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu May 3 23:16:17 2007 Subject: Very newbie relaying question In-Reply-To: References: <1DF321991CD3084EAD65737D82C6D07E145A86@sbs1.nuvotem.local> Message-ID: <463A5EFC.2020007@nkpanama.com> Ren? Berber wrote: > You are using the old syntax, which may not be what you want. > > If all your server IPs are public then you are on the right track, if > your servers have internal/external addresses you are better off using > the internal ones. > > An example of what you can do is access as: > > # Allow relying from LAN > Connect:192.168.0 RELAY > Connect:127.0.0.1 RELAY > Connect:exchange_server_IP RELAY > # Whitelist > Connect:other_external_IP RELAY > You're assuming there is a zero percent chance any of the machines on the internal network may be spam zombies. This isn't usually true. You might want to look into SMTP AUTHentication and/or allow relaying only from the (ugh) exchange box, which should be set to only allow relaying from AUTHenticated users. From amaclach at yahoo.co.uk Fri May 4 00:33:53 2007 From: amaclach at yahoo.co.uk (Andrew MacLachlan) Date: Fri May 4 00:33:55 2007 Subject: Testing the anti-virus stack Message-ID: <878270.64176.qm@web26304.mail.ukl.yahoo.com> OK - it's automagically started working. I got the output strings for avast by running an interactive cmdline scan against eicar.com. If anyone's interested they are: /tmp/eicar.com [infected by: EICAR Test-NOT virus!!] and the mailwatch mods (yes - I know - different list...) including the new clam strings in functions.php are: if(!defined(VIRUS_REGEX) || !DISTRIBUTED_SETUP) { switch($scanner=get_primary_scanner()) { case 'none': define(VIRUS_REGEX, '/^Dummy$/'); break; case 'sophos': define(VIRUS_REGEX, '/(>>>) Virus \'(\S+)\' found/'); break; case 'sophossavi': define(VIRUS_REGEX, '/(\S+) was infected by (\S+)/'); break; case 'clamav': define(VIRUS_REGEX, '/(.+) contains (\S+)/'); break; case 'clamd': define(VIRUS_REGEX, '/(.+) contains (\S+)/'); break; case 'clamavmodule': define(VIRUS_REGEX, '/(.+) was infected: (\S+)/'); break; case 'f-prot': define(VIRUS_REGEX, '/(.+) Infection: (\S+)/'); break; case 'mcafee': define(VIRUS_REGEX, '/(.+) Found the (\S+) virus !!!/'); break; case 'f-secure': define(VIRUS_REGEX, '/(.+) Infected: (\S+)/'); break; case 'trend': define(VIRUS_REGEX, '/(Found virus) (\S+) in file (\S+)/'); break; case 'bitdefender': define(VIRUS_REGEX, '/(\S+) Found virus (\S+)/'); break; case 'kaspersky-4.5': define(VIRUS_REGEX, '/(.+) INFECTED (\S+)/'); break; case 'etrust': define(VIRUS_REGEX, '/(\S+) is infected by virus: (\S+)/'); break; case 'avg': define(VIRUS_REGEX, '/(Found virus) (\S+) in file (\S+)/'); break; case 'avast': define(VIRUS_REGEX, '/(.+) [infected by: (\S+) virus!!]/'); break; case 'avastd': define(VIRUS_REGEX, '/(.+) [infected by: (\S+) virus!!]/'); break; default: die("Error:
\n Unable to select a regular expression for your primary virus scanner ($scanner) - please see the examples in functions.php to create one.\n"); break; } Hope this is of use to someone! Regards, Andy ----- Original Message ---- From: --[ UxBoD ]-- To: MailScanner discussion Sent: Thursday, 3 May, 2007 8:21:14 PM Subject: Re: Testing the anti-virus stack Why not run in debug mode and test with eicar.com ? On Thu, 3 May 2007 19:06:24 +0000 (GMT), Andrew MacLachlan wrote: > OK - I'm pulling what's left of my hair out here trying to test Avast. > What I think is happening is that MailScanner is blocking all the test > files before they get to the virus scanner. > > How do I know when the virus scanner has picked up a virus (Nothing in the > maillog)?? > I also need to get the output strings so that I can configure MailWatch > for avastd. I've already turned clam off. > > If anyone has something infected feel free to send it to > andy.mac@global-domination.org > > Cheers,Andy > > > ----- Original Message ---- > From: Dan Hollis > To: MailScanner discussion > Sent: Thursday, 3 May, 2007 6:42:02 PM > Subject: Re: 32 bit distro or 64? > > On Thu, 3 May 2007, Rick Chadderdon wrote: >> Still, it is much easier to get support from a vendor if you're using >> their software the way that they intended. I can already hear, "Oh, I'm >> sorry, we don't support that product running on a 64-bit OS." Even if >> the problem you're having is not related to the OS at all. Just >> something to consider. > > In this case you vote with your wallet and find another vendor. Works for > me anyway :) > > -Dan > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is > believed to be clean. -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 // Phone: +44 (0) 845 869 2749 SIP: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From alex at nkpanama.com Fri May 4 01:41:59 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri May 4 01:43:25 2007 Subject: Use of variables within archive rulesets Message-ID: <463A8157.2050209@nkpanama.com> I've got a few clients who choose to archive all their incoming and outgoing e-mail using the "Archive Mail =" function, using a ruleset such as: From: alice@domain.tld /home/archiveaccount/mail/outgoing/alice To: alice@domain.tld /home/archiveaccount/mail/incoming/alice FromOrTo: default /home/archiveaccount/mail/BCCs ... so that mail from alice and to alice goes to the "alice" IMAP-accessible "folder" on the "archiveaccount" user's account, and those that aren't covered by any of the rules (such as BCCs, users I've forgotten to add to the ruleset list, and funky NDRs and stuff) get archived to a separate "BCCs and such" account. I'd like to know if it would be possible to use some sort of variable (systemwide or generated) that would allow me to do something like: From: alice@domain.tld /home/archiveaccount/mail/%year%/%month%/outgoing/alice To: alice@domain.tld /home/archiveaccount/mail/%year%/%month%/incoming/alice How would one go about this? I believe I'd have to create the structure first and change the ownerships and permissions so that the user MailScanner runs under can write to it, and the "archiveaccount" user can read from it, but besides that I wouldn't know where to begin. Suggestions? From jcb at dream.com.ph Fri May 4 04:06:49 2007 From: jcb at dream.com.ph (jcb on dream) Date: Fri May 4 04:08:02 2007 Subject: whitelist mcp Message-ID: <000f01c78df9$41fdbe70$960bbdcb@jepoy> hi guys, i had mcp activated and since im managing a whitelist file for spamassassin, can i create the same config for mcp to point it on the same white list file for spamassassin? tnx. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070504/a11d9a14/attachment.html From mogens at fumlersoft.dk Fri May 4 09:27:53 2007 From: mogens at fumlersoft.dk (Mogens Melander) Date: Fri May 4 09:28:32 2007 Subject: Use of variables within archive rulesets In-Reply-To: <463A8157.2050209@nkpanama.com> References: <463A8157.2050209@nkpanama.com> Message-ID: <2252.90.184.17.152.1178267273.squirrel@mail.fumlersoft.dk> On Fri, May 4, 2007 02:41, Alex Neuman van der Hans wrote: > I've got a few clients who choose to archive all their incoming and > outgoing e-mail using the "Archive Mail =" function, using a ruleset > such as: > > From: alice@domain.tld /home/archiveaccount/mail/outgoing/alice > To: alice@domain.tld /home/archiveaccount/mail/incoming/alice > FromOrTo: default /home/archiveaccount/mail/BCCs > > ... so that mail from alice and to alice goes to the "alice" > IMAP-accessible "folder" on the "archiveaccount" user's account, and > those that aren't covered by any of the rules (such as BCCs, users I've > forgotten to add to the ruleset list, and funky NDRs and stuff) get > archived to a separate "BCCs and such" account. > > I'd like to know if it would be possible to use some sort of variable > (systemwide or generated) that would allow me to do something like: > > From: alice@domain.tld > /home/archiveaccount/mail/%year%/%month%/outgoing/alice > To: alice@domain.tld > /home/archiveaccount/mail/%year%/%month%/incoming/alice > > How would one go about this? I believe I'd have to create the structure > first and change the ownerships and permissions so that the user > MailScanner runs under can write to it, and the "archiveaccount" user > can read from it, but besides that I wouldn't know where to begin. > > Suggestions? How about a custom function ? Take a look at the MyExample.pm in CustomFinctions directory. Mine are located in: /usr/lib/MailScanner/MailScanner/CustomFunctions -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. From pedretti at eco.unibs.it Fri May 4 11:36:13 2007 From: pedretti at eco.unibs.it (Fabio Pedretti) Date: Fri May 4 11:35:20 2007 Subject: Clamav suggestions Message-ID: <20070504123613.hz8h28ltwkcko8o8@luna.eco.unibs.it> I have some suggestions on using clamav in MailScanner on which I have already sent a mail some time ago: http://lists.mailscanner.info/pipermail/mailscanner/2007-March/071330.html 1) clamscan is called with the option --disable-summary , which is deprecated (at least since clamav 0.70, released on 2004-04-16). --no-summary should be used instead in SweepViruses.pm. 2) I noticed (as well as others: http://lists.mailscanner.info/pipermail/mailscanner/2007-April/072504.html ) that some phishing mail are not blocked (I am also using the signatures of sanesecurity). If I do a clamscan on the full original mail with headers, clamscan find the virus (I can provide a sample if needed). Seems the problem is that MailScanner extracts the content of the mail (body + attachment) and scans it, but some phishing mail are only detected if the full headers are present (in the clamav DB in the extended signature format, option 4 is for mail files, look at signatures.pdf in clamav source, and are detected only if full mail with headers is scanned). MailScanner should be modified so that all the original mail (with headers and without extracting attachment) should be passed to clamscan/clamd, so all virus can be catched. 3) Support for clamd trough clamdscan is nice, however, best would be to connect to clamd directly to its socket (or network socket) from MailScanner, without call clamdscan, and fallback to clamscan if clamd is not working. 4) Would be nice to have the possibility to quarantine only the entire message and not also the attachments: worse is that if there are some compressed files, the original file as well as the content are quarantined, doubling (or more) the space on the disk. Thanks, Fabio From ssilva at sgvwater.com Fri May 4 17:19:00 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri May 4 17:19:36 2007 Subject: Clamav suggestions In-Reply-To: <20070504123613.hz8h28ltwkcko8o8@luna.eco.unibs.it> References: <20070504123613.hz8h28ltwkcko8o8@luna.eco.unibs.it> Message-ID: Fabio Pedretti spake the following on 5/4/2007 3:36 AM: > I have some suggestions on using clamav in MailScanner on which I have > already sent a mail some time ago: > http://lists.mailscanner.info/pipermail/mailscanner/2007-March/071330.html > > 1) clamscan is called with the option --disable-summary , which is > deprecated (at least since clamav 0.70, released on 2004-04-16). > --no-summary should be used instead in SweepViruses.pm. > 2) I noticed (as well as others: > http://lists.mailscanner.info/pipermail/mailscanner/2007-April/072504.html > ) that some phishing mail are not blocked (I am also using > the signatures of sanesecurity). If I do a clamscan on the full > original mail with headers, clamscan find the virus (I can provide a > sample if needed). Seems the problem is that MailScanner extracts the > content of the mail (body + attachment) and scans it, but some > phishing mail are only detected if the full headers are present (in > the clamav DB in the extended signature format, option 4 is for mail > files, look at signatures.pdf in clamav source, and are detected only > if full mail with headers is scanned). > MailScanner should be modified so that all the original mail (with > headers and without extracting attachment) should be passed to > clamscan/clamd, so all virus can be catched. > 3) Support for clamd trough clamdscan is nice, however, best would be to > connect to clamd directly to its socket (or network socket) from > MailScanner, without call clamdscan, and fallback to clamscan if clamd > is not working. > 4) Would be nice to have the possibility to quarantine only the entire > message and not also the attachments: worse is that if there are some > compressed files, the original file as well as the content are > quarantined, doubling (or more) the space on the disk. > I'm sure Julian would welcome some tested patches. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From Richard.Frovarp at sendit.nodak.edu Fri May 4 17:25:46 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Fri May 4 17:25:50 2007 Subject: Clamav suggestions In-Reply-To: <20070504123613.hz8h28ltwkcko8o8@luna.eco.unibs.it> References: <20070504123613.hz8h28ltwkcko8o8@luna.eco.unibs.it> Message-ID: <463B5E8A.2080400@sendit.nodak.edu> Fabio Pedretti wrote: > > 3) Support for clamd trough clamdscan is nice, however, best would be > to connect to clamd directly to its socket (or network socket) from > MailScanner, without call clamdscan, and fallback to clamscan if clamd > is not working. Why not just run clamavmodule? From my understanding, the support for clamd was added so that those that didn't want to keep up with the Perl module required for clamavmodule would have something faster than clamscan. Any direct call to clamd from MailScanner would require a Perl module, so at that point you're losing the requirements benefit of running clamd. From mkettler at evi-inc.com Fri May 4 19:31:40 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri May 4 19:31:53 2007 Subject: SpamAssassin 3.2.0 In-Reply-To: <463900B1.8080301@ecs.soton.ac.uk> References: <463900B1.8080301@ecs.soton.ac.uk> Message-ID: <463B7C0C.9000004@evi-inc.com> Julian Field wrote: > Well, as someone else has already said, it's been released. > > Its list of requirements has grown quite a lot. In addition to whatever > else you already have from an existing SA install, you need to install > this load of Perl modules, in this order: > > YAML -- requires y\n in perl Makefile.PL > ExtUtils::CBuilder > ExtUtils::ParseXS > Module::Build > version > Net::DNS::Resolver::Programmable > Error > NetAddr::IP > Net::DNS >=0.58 > Data::Dump > Encode::Detect > Mail::SPF > Mail::SpamAssassin -- requires \n in perl Makefile.PL > > It puts in a v320.pre into /etc/mail/spamassassin and comes with a load > of new plugins. Some of them are loaded by the default supplied v320.pre > file, but here are the ones that aren't: > > Hashcash.pm Rule2XSBody.pm > ASN.pm SpamCop.pm > AutoLearnThreshold.pm SPF.pm > AWL.pm Test.pm > TextCat.pm > MIMEHeader.pm > BodyRuleBaseExtractor.pm OneLineBodyRuleType.pm URIDNSBL.pm > Pyzor.pm > DCC.pm Razor2.pm > RelayCountry.pm WhiteListSubject.pm > ReplaceTags.pm Julian, Some of those plugins ARE loaded by default, but are loaded via older .pre files. And yes, SA does parse *ALL* of the .pre files, and you need to have ALL of them to work properly. The whole idea of the multiple .pre files is that as new plugins are added, SA doesn't have to do a config-merge. All it does is add the new .pre file that supports the new plugins. Your choices about what plugins from 3.1.0 or 3.0.0 to load won't be affected, and will remain in-place in your old .pre files. Of the above plugins: init.pre (SA 3.0.0) loads: URIDNSBL SPF v310.pre loads: Spamcop DCC (disabled by default) Pyzor Razor2 AWL AutoLearnThreshold TextCat (disabled by default) WhiteListSubject MimeHeader ReplaceTags DomainKeys (disabled by default) v312.pre loads: DKIM (disabled by default) V320.pre only handles the new plugins for 3.2.0, most of which are things that used to be hard-coded into EvalTests.pm. > > My next step is to read the man pages for all of these, and work out > which ones you probably want to load and which ones you don't, so that > my install script can set you up with a sensible system. You really shouldn't have to do that for all of them. Only look at the ones that aren't loaded by default. > One thing I'm > not installing is support for DKIM which, although available, requires > so many pre-requisites that it's not feasible for me to do here. You > have to start at the OpenSSL libraries and work your way up :-( Makes sense, that's a v312.pre thing. > > Once I've got something working here, I'll write up an install script > for it all and wrap it into a package for you. > > Jules > From jaearick at colby.edu Fri May 4 20:40:19 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri May 4 20:40:35 2007 Subject: SpamAssassin 3.2.0 In-Reply-To: <463900B1.8080301@ecs.soton.ac.uk> References: <463900B1.8080301@ecs.soton.ac.uk> Message-ID: On Wed, 2 May 2007, Julian Field wrote: > Date: Wed, 02 May 2007 22:20:49 +0100 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: SpamAssassin 3.2.0 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Well, as someone else has already said, it's been released. > > Its list of requirements has grown quite a lot. In addition to whatever > else you already have from an existing SA install, you need to install > this load of Perl modules, in this order: > > YAML -- requires y\n in perl Makefile.PL > ExtUtils::CBuilder > ExtUtils::ParseXS > Module::Build > version > Net::DNS::Resolver::Programmable > Error > NetAddr::IP > Net::DNS >=0.58 > Data::Dump > Encode::Detect > Mail::SPF > Mail::SpamAssassin -- requires \n in perl Makefile.PL I got it installed and running at my site. I had to install the perl modules above and then some (because I installed DKIM). I probably had to install or update 30+ perl modules. Wow. I also had to stare at the *.pre files. But it seems to work for me. (Solaris 10). Jeff Earickson Colby College From arto.saraniva at artio.net Fri May 4 21:16:23 2007 From: arto.saraniva at artio.net (Arto) Date: Fri May 4 21:16:20 2007 Subject: Clamav suggestions In-Reply-To: <463B5E8A.2080400@sendit.nodak.edu> References: <20070504123613.hz8h28ltwkcko8o8@luna.eco.unibs.it> <463B5E8A.2080400@sendit.nodak.edu> Message-ID: Richard Frovarp wrote: > Fabio Pedretti wrote: >> >> 3) Support for clamd trough clamdscan is nice, however, best would be >> to connect to clamd directly to its socket (or network socket) from >> MailScanner, without call clamdscan, and fallback to clamscan if clamd >> is not working. > > Why not just run clamavmodule? From my understanding, the support for > clamd was added so that those that didn't want to keep up with the Perl > module required for clamavmodule would have something faster than > clamscan. Any direct call to clamd from MailScanner would require a Perl > module, so at that point you're losing the requirements benefit of > running clamd. FYI, we have used all of those during last three weeks. First clamav (indeed about two year before this period), then clamavmodule and during this week clamd. Our MX server passes normally about 10k mails/day (MS, postgrey, postfix and SA) and clamd is IMHO the most comfortable as regards load, memory and swap. The server is a vmware client (CentOS4.4 ) with 2 x 2,4 GHz and 775 Mb memory reserved to client. After start the swap is with clamd under 40 Mb and it will remain there. With clamavmodule and clamav the swap varies from 40 to 400 Mb and the load can be even over 20 with clamav. More details from our Cacti stats: http://www.artio.fi/.component/imageGenerator.php?fileName=%2Fwebroot%2Fweb%2Ffocus%2Fwww%2Fimnetti%2Fmedia%2F0%2F10841.png&cache=1&cachePrefix=.cache The first week was runned with clamav till midday of thursday, after that with clamavmodule and this week with clamd. With numbers this week (four workdays because of free Monday, otherwise typical): received: 33307 spam: 836 rejected: 163033 virus: 5 bounced: 150 sent: 8331 -arto From Richard.Frovarp at sendit.nodak.edu Fri May 4 21:38:53 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Fri May 4 21:38:56 2007 Subject: Clamav suggestions In-Reply-To: References: <20070504123613.hz8h28ltwkcko8o8@luna.eco.unibs.it> <463B5E8A.2080400@sendit.nodak.edu> Message-ID: <463B99DD.4020900@sendit.nodak.edu> Arto wrote: > Richard Frovarp wrote: >> Fabio Pedretti wrote: >>> >>> 3) Support for clamd trough clamdscan is nice, however, best would >>> be to connect to clamd directly to its socket (or network socket) >>> from MailScanner, without call clamdscan, and fallback to clamscan >>> if clamd is not working. >> >> Why not just run clamavmodule? From my understanding, the support for >> clamd was added so that those that didn't want to keep up with the >> Perl module required for clamavmodule would have something faster >> than clamscan. Any direct call to clamd from MailScanner would >> require a Perl module, so at that point you're losing the >> requirements benefit of running clamd. > > FYI, we have used all of those during last three weeks. First clamav > (indeed about two year before this period), then clamavmodule and > during this week clamd. > > Our MX server passes normally about 10k mails/day (MS, postgrey, > postfix and SA) and clamd is IMHO the most comfortable as regards > load, memory and swap. The server is a vmware client (CentOS4.4 ) with > 2 x 2,4 GHz and 775 Mb memory reserved to client. After start the swap > is with clamd under 40 Mb and it will remain there. With clamavmodule > and clamav the swap varies from 40 to 400 Mb and the load can be even > over 20 with clamav. > > More details from our Cacti stats: > http://www.artio.fi/.component/imageGenerator.php?fileName=%2Fwebroot%2Fweb%2Ffocus%2Fwww%2Fimnetti%2Fmedia%2F0%2F10841.png&cache=1&cachePrefix=.cache > > The first week was runned with clamav till midday of thursday, after > that with clamavmodule and this week with clamd. > > With numbers this week (four workdays because of free Monday, > otherwise typical): > > received: 33307 > spam: 836 > rejected: 163033 > virus: 5 > bounced: 150 > sent: 8331 > > -arto > You may want to decrease the number of MailScanner processes running under Max Children. I've got a vmware guest with 1 GB of RAM. The host is a dual socket dual core 3.2 GHz Xeon. We're not see any swap at all running clamavmodule. However, I have Max Children set to 7. This particular scanner handles internal mail only and scan times are only a couple of seconds during the middle of the day with batch sizes of 1 or 2. From Monday to Thursday I see these numbers: Received: 202,866 Spam: 190 Virus: 456 From arto.saraniva at artio.net Fri May 4 21:45:04 2007 From: arto.saraniva at artio.net (Arto) Date: Fri May 4 21:45:04 2007 Subject: Clamav suggestions In-Reply-To: <463B99DD.4020900@sendit.nodak.edu> References: <20070504123613.hz8h28ltwkcko8o8@luna.eco.unibs.it> <463B5E8A.2080400@sendit.nodak.edu> <463B99DD.4020900@sendit.nodak.edu> Message-ID: Richard Frovarp wrote: > Arto wrote: >> Richard Frovarp wrote: >>> Fabio Pedretti wrote: >>>> >>>> 3) Support for clamd trough clamdscan is nice, however, best would >>>> be to connect to clamd directly to its socket (or network socket) >>>> from MailScanner, without call clamdscan, and fallback to clamscan >>>> if clamd is not working. >>> >>> Why not just run clamavmodule? From my understanding, the support for >>> clamd was added so that those that didn't want to keep up with the >>> Perl module required for clamavmodule would have something faster >>> than clamscan. Any direct call to clamd from MailScanner would >>> require a Perl module, so at that point you're losing the >>> requirements benefit of running clamd. >> >> FYI, we have used all of those during last three weeks. First clamav >> (indeed about two year before this period), then clamavmodule and >> during this week clamd. >> >> Our MX server passes normally about 10k mails/day (MS, postgrey, >> postfix and SA) and clamd is IMHO the most comfortable as regards >> load, memory and swap. The server is a vmware client (CentOS4.4 ) with >> 2 x 2,4 GHz and 775 Mb memory reserved to client. After start the swap >> is with clamd under 40 Mb and it will remain there. With clamavmodule >> and clamav the swap varies from 40 to 400 Mb and the load can be even >> over 20 with clamav. >> >> More details from our Cacti stats: >> http://www.artio.fi/.component/imageGenerator.php?fileName=%2Fwebroot%2Fweb%2Ffocus%2Fwww%2Fimnetti%2Fmedia%2F0%2F10841.png&cache=1&cachePrefix=.cache >> >> The first week was runned with clamav till midday of thursday, after >> that with clamavmodule and this week with clamd. >> >> With numbers this week (four workdays because of free Monday, >> otherwise typical): >> >> received: 33307 >> spam: 836 >> rejected: 163033 >> virus: 5 >> bounced: 150 >> sent: 8331 >> >> -arto >> > > You may want to decrease the number of MailScanner processes running > under Max Children. I've got a vmware guest with 1 GB of RAM. The host > is a dual socket dual core 3.2 GHz Xeon. We're not see any swap at all > running clamavmodule. However, I have Max Children set to 7. This > particular scanner handles internal mail only and scan times are only a > couple of seconds during the middle of the day with batch sizes of 1 or Max Children = 10 (which should be the recommended value with 2 processors.) -arto From Richard.Frovarp at sendit.nodak.edu Fri May 4 21:47:57 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Fri May 4 21:48:00 2007 Subject: Clamav suggestions In-Reply-To: References: <20070504123613.hz8h28ltwkcko8o8@luna.eco.unibs.it> <463B5E8A.2080400@sendit.nodak.edu> <463B99DD.4020900@sendit.nodak.edu> Message-ID: <463B9BFD.6020807@sendit.nodak.edu> Arto wrote: > Richard Frovarp wrote: >> Arto wrote: >>> Richard Frovarp wrote: >>>> Fabio Pedretti wrote: >>>>> >>>>> 3) Support for clamd trough clamdscan is nice, however, best would >>>>> be to connect to clamd directly to its socket (or network socket) >>>>> from MailScanner, without call clamdscan, and fallback to clamscan >>>>> if clamd is not working. >>>> >>>> Why not just run clamavmodule? From my understanding, the support >>>> for clamd was added so that those that didn't want to keep up with >>>> the Perl module required for clamavmodule would have something >>>> faster than clamscan. Any direct call to clamd from MailScanner >>>> would require a Perl module, so at that point you're losing the >>>> requirements benefit of running clamd. >>> >>> FYI, we have used all of those during last three weeks. First clamav >>> (indeed about two year before this period), then clamavmodule and >>> during this week clamd. >>> >>> Our MX server passes normally about 10k mails/day (MS, postgrey, >>> postfix and SA) and clamd is IMHO the most comfortable as regards >>> load, memory and swap. The server is a vmware client (CentOS4.4 ) >>> with 2 x 2,4 GHz and 775 Mb memory reserved to client. After start >>> the swap is with clamd under 40 Mb and it will remain there. With >>> clamavmodule and clamav the swap varies from 40 to 400 Mb and the >>> load can be even over 20 with clamav. >>> >>> More details from our Cacti stats: >>> http://www.artio.fi/.component/imageGenerator.php?fileName=%2Fwebroot%2Fweb%2Ffocus%2Fwww%2Fimnetti%2Fmedia%2F0%2F10841.png&cache=1&cachePrefix=.cache >>> >>> The first week was runned with clamav till midday of thursday, after >>> that with clamavmodule and this week with clamd. >>> >>> With numbers this week (four workdays because of free Monday, >>> otherwise typical): >>> >>> received: 33307 >>> spam: 836 >>> rejected: 163033 >>> virus: 5 >>> bounced: 150 >>> sent: 8331 >>> >>> -arto >>> >> >> You may want to decrease the number of MailScanner processes running >> under Max Children. I've got a vmware guest with 1 GB of RAM. The >> host is a dual socket dual core 3.2 GHz Xeon. We're not see any swap >> at all running clamavmodule. However, I have Max Children set to 7. >> This particular scanner handles internal mail only and scan times are >> only a couple of seconds during the middle of the day with batch >> sizes of 1 or > > Max Children = 10 (which should be the recommended value with 2 > processors.) > > -arto > That's assuming you have the RAM. Each of mine are about 80 MB in size, 10 of those would be 800 MB, which is more than you have allocated for RAM. From arto.saraniva at artio.net Fri May 4 21:50:12 2007 From: arto.saraniva at artio.net (Arto) Date: Fri May 4 21:50:09 2007 Subject: Clamav suggestions In-Reply-To: <463B9BFD.6020807@sendit.nodak.edu> References: <20070504123613.hz8h28ltwkcko8o8@luna.eco.unibs.it> <463B5E8A.2080400@sendit.nodak.edu> <463B99DD.4020900@sendit.nodak.edu> <463B9BFD.6020807@sendit.nodak.edu> Message-ID: Richard Frovarp wrote: > Arto wrote: >> Richard Frovarp wrote: >>> Arto wrote: >>>> Richard Frovarp wrote: >>>>> Fabio Pedretti wrote: >>>>>> >>>>>> 3) Support for clamd trough clamdscan is nice, however, best would >>>>>> be to connect to clamd directly to its socket (or network socket) >>>>>> from MailScanner, without call clamdscan, and fallback to clamscan >>>>>> if clamd is not working. >>>>> >>>>> Why not just run clamavmodule? From my understanding, the support >>>>> for clamd was added so that those that didn't want to keep up with >>>>> the Perl module required for clamavmodule would have something >>>>> faster than clamscan. Any direct call to clamd from MailScanner >>>>> would require a Perl module, so at that point you're losing the >>>>> requirements benefit of running clamd. >>>> >>>> FYI, we have used all of those during last three weeks. First clamav >>>> (indeed about two year before this period), then clamavmodule and >>>> during this week clamd. >>>> >>>> Our MX server passes normally about 10k mails/day (MS, postgrey, >>>> postfix and SA) and clamd is IMHO the most comfortable as regards >>>> load, memory and swap. The server is a vmware client (CentOS4.4 ) >>>> with 2 x 2,4 GHz and 775 Mb memory reserved to client. After start >>>> the swap is with clamd under 40 Mb and it will remain there. With >>>> clamavmodule and clamav the swap varies from 40 to 400 Mb and the >>>> load can be even over 20 with clamav. >>>> >>>> More details from our Cacti stats: >>>> http://www.artio.fi/.component/imageGenerator.php?fileName=%2Fwebroot%2Fweb%2Ffocus%2Fwww%2Fimnetti%2Fmedia%2F0%2F10841.png&cache=1&cachePrefix=.cache >>>> >>>> The first week was runned with clamav till midday of thursday, after >>>> that with clamavmodule and this week with clamd. >>>> >>>> With numbers this week (four workdays because of free Monday, >>>> otherwise typical): >>>> >>>> received: 33307 >>>> spam: 836 >>>> rejected: 163033 >>>> virus: 5 >>>> bounced: 150 >>>> sent: 8331 >>>> >>>> -arto >>>> >>> >>> You may want to decrease the number of MailScanner processes running >>> under Max Children. I've got a vmware guest with 1 GB of RAM. The >>> host is a dual socket dual core 3.2 GHz Xeon. We're not see any swap >>> at all running clamavmodule. However, I have Max Children set to 7. >>> This particular scanner handles internal mail only and scan times are >>> only a couple of seconds during the middle of the day with batch >>> sizes of 1 or >> >> Max Children = 10 (which should be the recommended value with 2 >> processors.) >> >> -arto >> > That's assuming you have the RAM. Each of mine are about 80 MB in size, > 10 of those would be 800 MB, which is more than you have allocated for RAM. Ours are 54388 Mb. From arto.saraniva at artio.net Fri May 4 21:57:56 2007 From: arto.saraniva at artio.net (Arto) Date: Fri May 4 21:57:51 2007 Subject: Clamav suggestions In-Reply-To: References: <20070504123613.hz8h28ltwkcko8o8@luna.eco.unibs.it> <463B5E8A.2080400@sendit.nodak.edu> <463B99DD.4020900@sendit.nodak.edu> <463B9BFD.6020807@sendit.nodak.edu> Message-ID: Arto wrote: > Richard Frovarp wrote: >> Arto wrote: >>> Richard Frovarp wrote: >>>> Arto wrote: >>>>> Richard Frovarp wrote: >>>>>> Fabio Pedretti wrote: >>>>>>> >>>>>>> 3) Support for clamd trough clamdscan is nice, however, best >>>>>>> would be to connect to clamd directly to its socket (or network >>>>>>> socket) from MailScanner, without call clamdscan, and fallback to >>>>>>> clamscan if clamd is not working. >>>>>> >>>>>> Why not just run clamavmodule? From my understanding, the support >>>>>> for clamd was added so that those that didn't want to keep up with >>>>>> the Perl module required for clamavmodule would have something >>>>>> faster than clamscan. Any direct call to clamd from MailScanner >>>>>> would require a Perl module, so at that point you're losing the >>>>>> requirements benefit of running clamd. >>>>> >>>>> FYI, we have used all of those during last three weeks. First >>>>> clamav (indeed about two year before this period), then >>>>> clamavmodule and during this week clamd. >>>>> >>>>> Our MX server passes normally about 10k mails/day (MS, postgrey, >>>>> postfix and SA) and clamd is IMHO the most comfortable as regards >>>>> load, memory and swap. The server is a vmware client (CentOS4.4 ) >>>>> with 2 x 2,4 GHz and 775 Mb memory reserved to client. After start >>>>> the swap is with clamd under 40 Mb and it will remain there. With >>>>> clamavmodule and clamav the swap varies from 40 to 400 Mb and the >>>>> load can be even over 20 with clamav. >>>>> >>>>> More details from our Cacti stats: >>>>> http://www.artio.fi/.component/imageGenerator.php?fileName=%2Fwebroot%2Fweb%2Ffocus%2Fwww%2Fimnetti%2Fmedia%2F0%2F10841.png&cache=1&cachePrefix=.cache >>>>> >>>>> The first week was runned with clamav till midday of thursday, >>>>> after that with clamavmodule and this week with clamd. >>>>> >>>>> With numbers this week (four workdays because of free Monday, >>>>> otherwise typical): >>>>> >>>>> received: 33307 >>>>> spam: 836 >>>>> rejected: 163033 >>>>> virus: 5 >>>>> bounced: 150 >>>>> sent: 8331 >>>>> >>>>> -arto >>>>> >>>> >>>> You may want to decrease the number of MailScanner processes running >>>> under Max Children. I've got a vmware guest with 1 GB of RAM. The >>>> host is a dual socket dual core 3.2 GHz Xeon. We're not see any swap >>>> at all running clamavmodule. However, I have Max Children set to 7. >>>> This particular scanner handles internal mail only and scan times >>>> are only a couple of seconds during the middle of the day with batch >>>> sizes of 1 or >>> >>> Max Children = 10 (which should be the recommended value with 2 >>> processors.) >>> >>> -arto >>> >> That's assuming you have the RAM. Each of mine are about 80 MB in >> size, 10 of those would be 800 MB, which is more than you have >> allocated for RAM. And sure I mean about 54 Mb. :-) From Richard.Frovarp at sendit.nodak.edu Fri May 4 22:07:01 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Fri May 4 22:07:04 2007 Subject: Clamav suggestions In-Reply-To: References: <20070504123613.hz8h28ltwkcko8o8@luna.eco.unibs.it> <463B5E8A.2080400@sendit.nodak.edu> <463B99DD.4020900@sendit.nodak.edu> <463B9BFD.6020807@sendit.nodak.edu> Message-ID: <463BA075.5040004@sendit.nodak.edu> Arto wrote: > Arto wrote: >> Richard Frovarp wrote: >>> Arto wrote: >>>> Richard Frovarp wrote: >>>>> Arto wrote: >>>>>> Richard Frovarp wrote: >>>>>>> Fabio Pedretti wrote: >>>>>>>> >>>>>>>> 3) Support for clamd trough clamdscan is nice, however, best >>>>>>>> would be to connect to clamd directly to its socket (or network >>>>>>>> socket) from MailScanner, without call clamdscan, and fallback >>>>>>>> to clamscan if clamd is not working. >>>>>>> >>>>>>> Why not just run clamavmodule? From my understanding, the >>>>>>> support for clamd was added so that those that didn't want to >>>>>>> keep up with the Perl module required for clamavmodule would >>>>>>> have something faster than clamscan. Any direct call to clamd >>>>>>> from MailScanner would require a Perl module, so at that point >>>>>>> you're losing the requirements benefit of running clamd. >>>>>> >>>>>> FYI, we have used all of those during last three weeks. First >>>>>> clamav (indeed about two year before this period), then >>>>>> clamavmodule and during this week clamd. >>>>>> >>>>>> Our MX server passes normally about 10k mails/day (MS, postgrey, >>>>>> postfix and SA) and clamd is IMHO the most comfortable as regards >>>>>> load, memory and swap. The server is a vmware client (CentOS4.4 ) >>>>>> with 2 x 2,4 GHz and 775 Mb memory reserved to client. After >>>>>> start the swap is with clamd under 40 Mb and it will remain >>>>>> there. With clamavmodule and clamav the swap varies from 40 to >>>>>> 400 Mb and the load can be even over 20 with clamav. >>>>>> >>>>>> More details from our Cacti stats: >>>>>> http://www.artio.fi/.component/imageGenerator.php?fileName=%2Fwebroot%2Fweb%2Ffocus%2Fwww%2Fimnetti%2Fmedia%2F0%2F10841.png&cache=1&cachePrefix=.cache >>>>>> >>>>>> The first week was runned with clamav till midday of thursday, >>>>>> after that with clamavmodule and this week with clamd. >>>>>> >>>>>> With numbers this week (four workdays because of free Monday, >>>>>> otherwise typical): >>>>>> >>>>>> received: 33307 >>>>>> spam: 836 >>>>>> rejected: 163033 >>>>>> virus: 5 >>>>>> bounced: 150 >>>>>> sent: 8331 >>>>>> >>>>>> -arto >>>>>> >>>>> >>>>> You may want to decrease the number of MailScanner processes >>>>> running under Max Children. I've got a vmware guest with 1 GB of >>>>> RAM. The host is a dual socket dual core 3.2 GHz Xeon. We're not >>>>> see any swap at all running clamavmodule. However, I have Max >>>>> Children set to 7. This particular scanner handles internal mail >>>>> only and scan times are only a couple of seconds during the middle >>>>> of the day with batch sizes of 1 or >>>> >>>> Max Children = 10 (which should be the recommended value with 2 >>>> processors.) >>>> >>>> -arto >>>> >>> That's assuming you have the RAM. Each of mine are about 80 MB in >>> size, 10 of those would be 800 MB, which is more than you have >>> allocated for RAM. > > And sure I mean about 54 Mb. :-) > If you aren't actively swapping (to check: vmstat 5) it probably isn't a big deal. If you are actively swapping, back it off some. Other processes on the box also need memory. You'll get greater performance from fewer children and no swapping than greater children and some swapping. From ssilva at sgvwater.com Fri May 4 23:17:32 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri May 4 23:17:55 2007 Subject: Clamav suggestions In-Reply-To: References: <20070504123613.hz8h28ltwkcko8o8@luna.eco.unibs.it> <463B5E8A.2080400@sendit.nodak.edu> <463B99DD.4020900@sendit.nodak.edu> Message-ID: <> >> You may want to decrease the number of MailScanner processes running >> under Max Children. I've got a vmware guest with 1 GB of RAM. The host >> is a dual socket dual core 3.2 GHz Xeon. We're not see any swap at all >> running clamavmodule. However, I have Max Children set to 7. This >> particular scanner handles internal mail only and scan times are only >> a couple of seconds during the middle of the day with batch sizes of 1 or > > Max Children = 10 (which should be the recommended value with 2 > processors.) > Don't forget the other recommendation: 1 GB ram per processor, especially with spamassassin. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From res at ausics.net Fri May 4 23:29:56 2007 From: res at ausics.net (Res) Date: Fri May 4 23:30:07 2007 Subject: SpamAssassin 3.2.0 In-Reply-To: <463B7C0C.9000004@evi-inc.com> References: <463900B1.8080301@ecs.soton.ac.uk> <463B7C0C.9000004@evi-inc.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 4 May 2007, Matt Kettler wrote: > URIDNSBL I used to have this disabled for performance, for several versions, but as 3.20 cries like a baby unless its enabled, RDJ and sa-update refuse to run because of found scores for non existant plugins, I must admit I only looked at it for 2 minutes, but decided it was not worth the effort and just enabled the plugin, until I have time to find what else now needs disabling to shut it up :) Might look at it again on monday morning. - -- Cheers Res Vote for your favourite MTA at http://polls.ausics.net/v3.php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGO7PmsWhAmSIQh7MRAhCoAJ9Wqn9SbNyLdarLnUUv/InE1T4K0wCdGYoM RDMoCPYan7wPupFNvfOAXGI= =/S4d -----END PGP SIGNATURE----- From wilson.galafassi at gmail.com Fri May 4 23:38:17 2007 From: wilson.galafassi at gmail.com (Wilson A. Galafassi Jr.) Date: Fri May 4 23:38:32 2007 Subject: use mailscanner only for reports Message-ID: <00a601c78e9c$eaa2f920$bfe8eb60$@com.br> Hello. It?s possible to use/configure mailscanner only for reporting mail traffic? Thanks Wilson From mkettler at evi-inc.com Fri May 4 23:39:07 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri May 4 23:39:17 2007 Subject: SpamAssassin 3.2.0 In-Reply-To: References: <463900B1.8080301@ecs.soton.ac.uk> <463B7C0C.9000004@evi-inc.com> Message-ID: <463BB60B.3060608@evi-inc.com> Res wrote: > On Fri, 4 May 2007, Matt Kettler wrote: > >> URIDNSBL > > I used to have this disabled for performance, for several versions, but > as 3.20 cries like a baby unless its enabled, RDJ and sa-update refuse > to run because of found scores for non existant plugins, I must admit I > only looked at it for 2 minutes, but decided it was not worth the effort > and just enabled the plugin, until I have time to find what else now > needs disabling to shut it up :) Might look at it again on monday morning. > > Sounds like a bug in the conditionals that disable parts of the ruleset.. I'll look at it this weekend, time permitting.. If I can replicate it, I'll open a bug with the SA dev team. If it's something I can make patches for, I'll do that too. From prandal at herefordshire.gov.uk Fri May 4 23:54:29 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri May 4 23:54:42 2007 Subject: SpamAssassin 3.2.0 In-Reply-To: <463B7C0C.9000004@evi-inc.com> References: <463900B1.8080301@ecs.soton.ac.uk> <463B7C0C.9000004@evi-inc.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03CECE@HC-MBX02.herefordshire.gov.uk> The only thing which needs updating for a minimal install is Net::DNS up a version or two from 0.57. SA 3.2.0 will fall back to using Mail::SPF::Query if Mail::SPF is not available. However, I've been testing it with high volumes on an old Fedora Core 1 box and it's not happy - average message scan time is twice that of 3.1.8, and there's other weirdness. One side effect is MailScanner-mrtg's CPU load graph showing as zero when SA 3.2.0 is struggling under load on this box (though the load averages aren't higher than SA 3.1.8's under similar pressure). I suspect something's blocking when it shouldn't. A mystery which I really don't have the time to investigate. Cheers, Phil -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Kettler Sent: 04 May 2007 19:32 To: MailScanner discussion Subject: Re: SpamAssassin 3.2.0 Julian Field wrote: > Well, as someone else has already said, it's been released. > > Its list of requirements has grown quite a lot. In addition to whatever > else you already have from an existing SA install, you need to install > this load of Perl modules, in this order: > > YAML -- requires y\n in perl Makefile.PL > ExtUtils::CBuilder > ExtUtils::ParseXS > Module::Build > version > Net::DNS::Resolver::Programmable > Error > NetAddr::IP > Net::DNS >=0.58 > Data::Dump > Encode::Detect > Mail::SPF > Mail::SpamAssassin -- requires \n in perl Makefile.PL > > It puts in a v320.pre into /etc/mail/spamassassin and comes with a load > of new plugins. Some of them are loaded by the default supplied v320.pre > file, but here are the ones that aren't: > > Hashcash.pm Rule2XSBody.pm > ASN.pm SpamCop.pm > AutoLearnThreshold.pm SPF.pm > AWL.pm Test.pm > TextCat.pm > MIMEHeader.pm > BodyRuleBaseExtractor.pm OneLineBodyRuleType.pm URIDNSBL.pm > Pyzor.pm > DCC.pm Razor2.pm > RelayCountry.pm WhiteListSubject.pm > ReplaceTags.pm Julian, Some of those plugins ARE loaded by default, but are loaded via older .pre files. And yes, SA does parse *ALL* of the .pre files, and you need to have ALL of them to work properly. The whole idea of the multiple .pre files is that as new plugins are added, SA doesn't have to do a config-merge. All it does is add the new .pre file that supports the new plugins. Your choices about what plugins from 3.1.0 or 3.0.0 to load won't be affected, and will remain in-place in your old .pre files. Of the above plugins: init.pre (SA 3.0.0) loads: URIDNSBL SPF v310.pre loads: Spamcop DCC (disabled by default) Pyzor Razor2 AWL AutoLearnThreshold TextCat (disabled by default) WhiteListSubject MimeHeader ReplaceTags DomainKeys (disabled by default) v312.pre loads: DKIM (disabled by default) V320.pre only handles the new plugins for 3.2.0, most of which are things that used to be hard-coded into EvalTests.pm. > > My next step is to read the man pages for all of these, and work out > which ones you probably want to load and which ones you don't, so that > my install script can set you up with a sensible system. You really shouldn't have to do that for all of them. Only look at the ones that aren't loaded by default. > One thing I'm > not installing is support for DKIM which, although available, requires > so many pre-requisites that it's not feasible for me to do here. You > have to start at the OpenSSL libraries and work your way up :-( Makes sense, that's a v312.pre thing. > > Once I've got something working here, I'll write up an install script > for it all and wrap it into a package for you. > > Jules > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From amaclach at yahoo.co.uk Sat May 5 00:03:48 2007 From: amaclach at yahoo.co.uk (Andrew MacLachlan) Date: Sat May 5 00:03:50 2007 Subject: Clamav suggestions Message-ID: <681587.85151.qm@web26302.mail.ukl.yahoo.com> This is all very well, but make sure your host has enough memory and you have vmware-tools installed and running otherwise ESX will page for you if it's short of memory - and that isn't pretty... CPU isn't that important with VMs - - I've never seen an ESX box max out it's processors unless it's already run out of physical memory. Regards, Andrew MacLachlan ----- Original Message ---- From: Scott Silva To: mailscanner@lists.mailscanner.info Sent: Friday, 4 May, 2007 11:17:32 PM Subject: Re: Clamav suggestions <> >> You may want to decrease the number of MailScanner processes running >> under Max Children. I've got a vmware guest with 1 GB of RAM. The host >> is a dual socket dual core 3.2 GHz Xeon. We're not see any swap at all >> running clamavmodule. However, I have Max Children set to 7. This >> particular scanner handles internal mail only and scan times are only >> a couple of seconds during the middle of the day with batch sizes of 1 or > > Max Children = 10 (which should be the recommended value with 2 > processors.) > Don't forget the other recommendation: 1 GB ram per processor, especially with spamassassin. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mkettler at evi-inc.com Sat May 5 00:14:57 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Sat May 5 00:15:10 2007 Subject: use mailscanner only for reports In-Reply-To: <00a601c78e9c$eaa2f920$bfe8eb60$@com.br> References: <00a601c78e9c$eaa2f920$bfe8eb60$@com.br> Message-ID: <463BBE71.9010505@evi-inc.com> Wilson A. Galafassi Jr. wrote: > Hello. > > It?s possible to use/configure mailscanner only for reporting mail traffic? I'm not entirely sure I understand the question. MailScanner doesn't make any reports of a broad statistical nature, so you couldn't use it to make "just" make them, since it doesn't do that at all. Or are you looking to run mailscanner in some kind of way that detects mail viruses and spam, but only reports this to the system admin and doesn't modify the message? Or something entirely different? From mikej at rogers.com Sat May 5 01:30:31 2007 From: mikej at rogers.com (Mike Jakubik) Date: Sat May 5 01:32:28 2007 Subject: ANNOUNCE: MailScanner stable 4.59 In-Reply-To: References: <4635B2C4.50004@ecs.soton.ac.uk> Message-ID: <463BD027.3070009@rogers.com> Koopmann, Jan-Peter wrote: > On SHA1 wrote: > > >> I have just released a new stable version, 4.59. The main new >> features this month are >> >> > > FreeBSD port has just been submitted. Thanks Julian! > Just in time before the ports freeze! Thanks! Speaking of the new version, has anyone tried Postfix 2.4 yet? From bilias at edu.physics.uoc.gr Sat May 5 01:52:48 2007 From: bilias at edu.physics.uoc.gr (Kapetanakis Giannis) Date: Sat May 5 01:53:04 2007 Subject: use mailscanner only for reports In-Reply-To: <00a601c78e9c$eaa2f920$bfe8eb60$@com.br> References: <00a601c78e9c$eaa2f920$bfe8eb60$@com.br> Message-ID: On Fri, 4 May 2007, Wilson A. Galafassi Jr. wrote: > Hello. > > It?s possible to use/configure mailscanner only for reporting mail traffic? > Thanks > Wilson > Yes if you set the spam actions to deliver and do not change the subject of the mail. It will forward all mails, but it will first scan them and report. Giannis From wilson.galafassi at gmail.com Sat May 5 04:48:10 2007 From: wilson.galafassi at gmail.com (Wilson A. Galafassi Jr.) Date: Sat May 5 04:48:28 2007 Subject: RES: use mailscanner only for reports In-Reply-To: <463BBE71.9010505@evi-inc.com> References: <00a601c78e9c$eaa2f920$bfe8eb60$@com.br> <463BBE71.9010505@evi-inc.com> Message-ID: <00b201c78ec8$34cf4230$9e6dc690$@com.br> Hello. In this case i want to use mailscanner + mailwatch only to generate reports using mailwatch. It?s possible? The messages are scanned for spam and viruses in other (external) server, so my utilization is only for reports. Thanks wilson -----Mensagem original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Em nome de Matt Kettler Enviada em: sexta-feira, 4 de maio de 2007 20:15 Para: MailScanner discussion Assunto: Re: use mailscanner only for reports Wilson A. Galafassi Jr. wrote: > Hello. > > It?s possible to use/configure mailscanner only for reporting mail traffic? I'm not entirely sure I understand the question. MailScanner doesn't make any reports of a broad statistical nature, so you couldn't use it to make "just" make them, since it doesn't do that at all. Or are you looking to run mailscanner in some kind of way that detects mail viruses and spam, but only reports this to the system admin and doesn't modify the message? Or something entirely different? -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From dcmwai at pl.jaring.my Sat May 5 08:26:27 2007 From: dcmwai at pl.jaring.my (Chan Min Wai) Date: Sat May 5 08:27:16 2007 Subject: No Programs allowed In-Reply-To: <1178113173.14147.16.camel@viper.mbl.is> References: <1178113173.14147.16.camel@viper.mbl.is> Message-ID: <463C31A3.6050102@pl.jaring.my> Jon Bjorn Njalsson wrote: > Why does MS think msg-26670-41.txt is a program ? > > MailScanner: No programs allowed (msg-26670-41.txt) > > regards > Jon Bjorn > > I've face this problem once. The solution was to change how files read it. On my situation the files is encoded using UTF-8 in an email. This is the solution suggested. Create a scrip of replace File Command = /usr/local/bin/file inside /usr/local/bin/file /usr/bin/file -i $1 That will help to solve the issue. Regards, Min Wai From res at ausics.net Sat May 5 09:45:17 2007 From: res at ausics.net (Res) Date: Sat May 5 09:45:30 2007 Subject: SpamAssassin 3.2.0 In-Reply-To: <463BB60B.3060608@evi-inc.com> References: <463900B1.8080301@ecs.soton.ac.uk> <463B7C0C.9000004@evi-inc.com> <463BB60B.3060608@evi-inc.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks Matt If you can't reproduce it let me know, it must point to something else I've enabled I suppose. On Fri, 4 May 2007, Matt Kettler wrote: > Res wrote: >> On Fri, 4 May 2007, Matt Kettler wrote: >> >>> URIDNSBL >> >> I used to have this disabled for performance, for several versions, but >> as 3.20 cries like a baby unless its enabled, RDJ and sa-update refuse >> to run because of found scores for non existant plugins, I must admit I >> only looked at it for 2 minutes, but decided it was not worth the effort >> and just enabled the plugin, until I have time to find what else now >> needs disabling to shut it up :) Might look at it again on monday morning. >> >> > > Sounds like a bug in the conditionals that disable parts of the ruleset.. I'll > look at it this weekend, time permitting.. If I can replicate it, I'll open a > bug with the SA dev team. If it's something I can make patches for, I'll do that > too. > > - -- Cheers Res Vote for your favourite MTA at http://polls.ausics.net/v3.php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGPEQfsWhAmSIQh7MRAqEBAJkB1hOne+klemVn33sHeLZe0FeShgCeJddM kvkigsKxFjkoNwAYsJWCzvM= =z2L8 -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Sat May 5 12:26:51 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 5 12:27:23 2007 Subject: Clamav suggestions In-Reply-To: References: <20070504123613.hz8h28ltwkcko8o8@luna.eco.unibs.it> <463B5E8A.2080400@sendit.nodak.edu> Message-ID: <463C69FB.7080301@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Arto wrote: > Richard Frovarp wrote: >> Fabio Pedretti wrote: >>> >>> 3) Support for clamd trough clamdscan is nice, however, best would >>> be to connect to clamd directly to its socket (or network socket) >>> from MailScanner, without call clamdscan, and fallback to clamscan >>> if clamd is not working. >> >> Why not just run clamavmodule? From my understanding, the support for >> clamd was added so that those that didn't want to keep up with the >> Perl module required for clamavmodule would have something faster >> than clamscan. Any direct call to clamd from MailScanner would >> require a Perl module, so at that point you're losing the >> requirements benefit of running clamd. > > FYI, we have used all of those during last three weeks. First clamav > (indeed about two year before this period), then clamavmodule and > during this week clamd. > > Our MX server passes normally about 10k mails/day (MS, postgrey, > postfix and SA) and clamd is IMHO the most comfortable as regards > load, memory and swap. The server is a vmware client (CentOS4.4 ) with > 2 x 2,4 GHz and 775 Mb memory reserved to client. After start the swap > is with clamd under 40 Mb and it will remain there. With clamavmodule > and clamav the swap varies from 40 to 400 Mb and the load can be even > over 20 with clamav. With 2 CPU's I would recommend 2Gb of RAM and not just 775Mb. With that little, it's bound to swap. And swapping in a VM is very slow. Either give your VM a lot more RAM or decrease Max Children by quite a bit. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGPGoAEfZZRxQVtlQRArjuAJ0TLXKwPWs13OpgD7ZjNc2ZSiIqMACeIK9m pR2Q7BOP/jy6kF/JJgDxpCY= =Ypaq -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Sat May 5 12:42:06 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 5 12:42:40 2007 Subject: SpamAssassin 3.2.0 package Message-ID: <463C6D8E.5040802@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My first version of a ClamAV + SpamAssassin 3.2.0 package is here: http://www.mailscanner.info/files/4/install-Clam-0.90.2-SA-3.2.0.tar.gz Please give it a try and tell me what you think. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGPG2SEfZZRxQVtlQRAp04AKDzcrpqjt9PQy1elmLrZ3brZ6n52QCg4XKf vKBeYc0ONuI/vrut9Eur8Yo= =fmSq -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From hvdkooij at vanderkooij.org Sat May 5 14:33:29 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat May 5 14:34:06 2007 Subject: RES: use mailscanner only for reports In-Reply-To: <00b201c78ec8$34cf4230$9e6dc690$@com.br> References: <00a601c78e9c$eaa2f920$bfe8eb60$@com.br> <463BBE71.9010505@evi-inc.com> <00b201c78ec8$34cf4230$9e6dc690$@com.br> Message-ID: On Sat, 5 May 2007, Wilson A. Galafassi Jr. wrote: > In this case i want to use mailscanner + mailwatch only to generate reports > using mailwatch. It?s possible? The messages are scanned for spam and > viruses in other (external) server, so my utilization is only for reports. Just select deliver for all classes and be done with it. But I fail to see the use of this. Are the other solutions soo poor they can not provide you with this information? Why not park them outside next to the dustbin and let MailScanner + MailWatch do the job for you? Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From hvdkooij at vanderkooij.org Sat May 5 14:45:46 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat May 5 14:46:22 2007 Subject: RES: use mailscanner only for reports In-Reply-To: <00b201c78ec8$34cf4230$9e6dc690$@com.br> References: <00a601c78e9c$eaa2f920$bfe8eb60$@com.br> <463BBE71.9010505@evi-inc.com> <00b201c78ec8$34cf4230$9e6dc690$@com.br> Message-ID: On Sat, 5 May 2007, Wilson A. Galafassi Jr. wrote: > In this case i want to use mailscanner + mailwatch only to generate reports > using mailwatch. It?s possible? The messages are scanned for spam and > viruses in other (external) server, so my utilization is only for reports. And here is an afterthought. What do you expect to learn if someone cleared out the wrong messages before they get to you? Then how can you tell the rate of SPAM vs HAM messages? Or how many three year old virus junk was taken from your SMTP stream. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From exp at protos.mine.nu Sat May 5 16:10:52 2007 From: exp at protos.mine.nu (Hans Bergman) Date: Sat May 5 16:11:29 2007 Subject: SpamAssassin 3.2.0 package In-Reply-To: <463C6D8E.5040802@ecs.soton.ac.uk> References: <463C6D8E.5040802@ecs.soton.ac.uk> Message-ID: <463C9E7C.7040600@protos.mine.nu> Julian Field skrev: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > My first version of a ClamAV + SpamAssassin 3.2.0 package is here: > http://www.mailscanner.info/files/4/install-Clam-0.90.2-SA-3.2.0.tar.gz > > Please give it a try and tell me what you think. > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.1 (Build 1012) > Charset: ISO-8859-1 > > wj8DBQFGPG2SEfZZRxQVtlQRAp04AKDzcrpqjt9PQy1elmLrZ3brZ6n52QCg4XKf > vKBeYc0ONuI/vrut9Eur8Yo= > =fmSq > -----END PGP SIGNATURE----- > > (1) Africa (2) Asia (3) Central America (4) Europe (5) North America (6) Oceania (7) South America Select your continent (or several nearby continents) [] Sorry! since you don't have any existing picks, you must make a geographic selection. (1) Africa (2) Asia (3) Central America (4) Europe (5) North America (6) Oceania (7) South America Select your continent (or several nearby continents) [] Sorry! since you don't have any existing picks, you must make a geographic selection. (1) Africa (2) Asia (3) Central America (4) Europe (5) North America (6) Oceania (7) South America Select your continent (or several nearby continents) [] Sorry! since you don't have any existing picks, you must make a geographic selection. Loops here!! -- Meddelandet har kontrollerats mot virus samt skadligt inneh?ll av MailScanner och f?rmodas vara s?kert. From rcooper at dwford.com Sat May 5 16:27:52 2007 From: rcooper at dwford.com (Rick Cooper) Date: Sat May 5 16:27:59 2007 Subject: Clamav suggestions In-Reply-To: <463B5E8A.2080400@sendit.nodak.edu> References: <20070504123613.hz8h28ltwkcko8o8@luna.eco.unibs.it> <463B5E8A.2080400@sendit.nodak.edu> Message-ID: <085b01c78f29$f30cc540$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Richard Frovarp > Sent: Friday, May 04, 2007 12:26 PM > To: MailScanner discussion > Subject: Re: Clamav suggestions > > Fabio Pedretti wrote: > > > > 3) Support for clamd trough clamdscan is nice, however, > best would be > > to connect to clamd directly to its socket (or network socket) from > > MailScanner, without call clamdscan, and fallback to > clamscan if clamd > > is not working. > > Why not just run clamavmodule? From my understanding, the support for > clamd was added so that those that didn't want to keep up > with the Perl > module required for clamavmodule would have something faster than > clamscan. Any direct call to clamd from MailScanner would > require a Perl > module, so at that point you're losing the requirements benefit of > running clamd. [..] That isn't really accurate. When I remove the clamavmodule scanner from MailScanner I gain about 78mg of ram (with 3 children) which is certainly a benefit. Unless the clam team completely revises their clamd protocol (which hasn't happened as long as I can remember) then there is no concern about core library changes that break clamavmodule, another benefit. Unless the team changed the output regarding viruses detected a direct call would just work. I am in the process of incorporating a direct call to ClamD via sockets into my own MailScanner installs and it wouldn't require additional modules beyond IO::Socket::UNIX (could be done with just Socket but I prefer the IO::Socket::UNIX wrapper). Also handles both Unix sockets as well as Inet sockets. The benefit for someone like me is I use clamd with exim, so it's already running and wouldn't require additional resources and it's very fast (faster than calling clamdscan). It wouldn't require MailScanner to watch the clam data files as the freshclam process already notifies clamd as to changes. Anyone who is using clamdscan would certainly benefit by calling clamd directly rather than via any of the wrappers. As far as fallback is concerned I am inclined to add an options for a restart script if clamd is found to be down, or doesn't respond (properly) to PING. I have been very busy the last few months so I haven't gotten past a stand alone proof of concept perl program, but I am hoping to have it integrated in the next week or so time permitting. If Julian is interested I would certainly send patches to the list when I am satisfied. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From wilson.galafassi at gmail.com Sat May 5 16:50:37 2007 From: wilson.galafassi at gmail.com (Wilson A. Galafassi Jr.) Date: Sat May 5 16:50:57 2007 Subject: RES: RES: use mailscanner only for reports In-Reply-To: References: <00a601c78e9c$eaa2f920$bfe8eb60$@com.br> <463BBE71.9010505@evi-inc.com> <00b201c78ec8$34cf4230$9e6dc690$@com.br> Message-ID: <001a01c78f2d$21b6d900$65248b00$@com.br> My external (valid) email Server Just use mailscanner to identify and block spam and viruses. I need to use the reports of mailwatch in the internal Server to catch all email traffic including local mail traffic. You understand me? Thanks Wilson -----Mensagem original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Em nome de Hugo van der Kooij Enviada em: s?bado, 5 de maio de 2007 10:46 Para: MailScanner discussion Assunto: Re: RES: use mailscanner only for reports On Sat, 5 May 2007, Wilson A. Galafassi Jr. wrote: > In this case i want to use mailscanner + mailwatch only to generate > reports using mailwatch. It?s possible? The messages are scanned for > spam and viruses in other (external) server, so my utilization is only for reports. And here is an afterthought. What do you expect to learn if someone cleared out the wrong messages before they get to you? Then how can you tell the rate of SPAM vs HAM messages? Or how many three year old virus junk was taken from your SMTP stream. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From MailScanner at ecs.soton.ac.uk Sat May 5 17:14:08 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 5 17:15:13 2007 Subject: SpamAssassin 3.2.0 package In-Reply-To: <463C9E7C.7040600@protos.mine.nu> References: <463C6D8E.5040802@ecs.soton.ac.uk> <463C9E7C.7040600@protos.mine.nu> Message-ID: <463CAD50.3050806@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have fixed this one. Module::Build was after Net::DNS::Resolver::Programmable instead of being before it. I have updated the package on the website. You should find this new one works just fine. Hans Bergman wrote: > Julian Field skrev: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> My first version of a ClamAV + SpamAssassin 3.2.0 package is here: >> http://www.mailscanner.info/files/4/install-Clam-0.90.2-SA-3.2.0.tar.gz >> >> Please give it a try and tell me what you think. >> >> Jules >> >> - -- Julian Field MEng CITP >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> For all your IT requirements visit www.transtec.co.uk >> >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.6.1 (Build 1012) >> Charset: ISO-8859-1 >> >> wj8DBQFGPG2SEfZZRxQVtlQRAp04AKDzcrpqjt9PQy1elmLrZ3brZ6n52QCg4XKf >> vKBeYc0ONuI/vrut9Eur8Yo= >> =fmSq >> -----END PGP SIGNATURE----- >> >> > > (1) Africa > (2) Asia > (3) Central America > (4) Europe > (5) North America > (6) Oceania > (7) South America > Select your continent (or several nearby continents) [] > Sorry! since you don't have any existing picks, you must make a > geographic selection. > > (1) Africa > (2) Asia > (3) Central America > (4) Europe > (5) North America > (6) Oceania > (7) South America > Select your continent (or several nearby continents) [] > Sorry! since you don't have any existing picks, you must make a > geographic selection. > > (1) Africa > (2) Asia > (3) Central America > (4) Europe > (5) North America > (6) Oceania > (7) South America > Select your continent (or several nearby continents) [] > Sorry! since you don't have any existing picks, you must make a > geographic selection. > > Loops here!! > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGPK10EfZZRxQVtlQRAkUsAJ4ouodrQgW3jMASSEy6w4da9jUZKACcDr0L LbPeS6xQws9UwvD8j42l/2Q= =9TZw -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Sat May 5 17:22:40 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 5 17:25:11 2007 Subject: Clamav suggestions In-Reply-To: <085b01c78f29$f30cc540$0301a8c0@SAHOMELT> References: <20070504123613.hz8h28ltwkcko8o8@luna.eco.unibs.it> <463B5E8A.2080400@sendit.nodak.edu> <085b01c78f29$f30cc540$0301a8c0@SAHOMELT> Message-ID: <463CAF50.8030305@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rick Cooper wrote: > > I am in the process of incorporating a direct call to ClamD via sockets into > my own MailScanner installs and it wouldn't require additional modules > beyond IO::Socket::UNIX (could be done with just Socket but I prefer the > IO::Socket::UNIX wrapper). Also handles both Unix sockets as well as Inet > sockets. > > The benefit for someone like me is I use clamd with exim, so it's already > running and wouldn't require additional resources and it's very fast (faster > than calling clamdscan). It wouldn't require MailScanner to watch the clam > data files as the freshclam process already notifies clamd as to changes. > Anyone who is using clamdscan would certainly benefit by calling clamd > directly rather than via any of the wrappers. > > As far as fallback is concerned I am inclined to add an options for a > restart script if clamd is found to be down, or doesn't respond (properly) > to PING. I have been very busy the last few months so I haven't gotten past > a stand alone proof of concept perl program, but I am hoping to have it > integrated in the next week or so time permitting. If Julian is interested I > would certainly send patches to the list when I am satisfied. > Yes, I welcome any contribution, so long as the patch isn't *too* big! :-) Please try to keep your patch as self-contained as possible, so you just, for example, rewrite the init code for the clamd parser and the output parser itself. Please just make it as clean and modular as you can. You can see from the rest of the code the type of Perl I write. I use the syntactical short-cut facilities in the language, I don't just write Java/C in Perl the way a lot of people do. And please don't feel upset if I take your code and appear to rewrite it :-) Thanks, Jules. > Rick > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGPK/MEfZZRxQVtlQRAlsXAKCFibv5MLP/+fZwto6JByw3nPt5JQCgyiBU 9TPh91uiEs2IfTSOU4Tf9dA= =DRtW -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Sat May 5 18:04:37 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 5 18:05:14 2007 Subject: SpamAssassin 3.2.0 package In-Reply-To: <463CAD50.3050806@ecs.soton.ac.uk> References: <463C6D8E.5040802@ecs.soton.ac.uk> <463C9E7C.7040600@protos.mine.nu> <463CAD50.3050806@ecs.soton.ac.uk> Message-ID: <463CB925.2050609@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have done some basic tests with my SpamAssassin 3.2.0 package and MailScanner 4.59 and it is working fine. I'll do some more tests of it and probably start using it on a production machine tomorrow if I feel so inclined (and there again I might well just put my feet up and watch TV). It's a public holiday this weekend (I think!) so by definition it should rain on Monday at least. :-) Jules. Julian Field wrote: > * PGP Signed: 05/05/07 at 17:14:44 > > I have fixed this one. Module::Build was after > Net::DNS::Resolver::Programmable instead of being before it. > I have updated the package on the website. You should find this new > one works just fine. > > > Hans Bergman wrote: >> Julian Field skrev: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> My first version of a ClamAV + SpamAssassin 3.2.0 package is here: >>> http://www.mailscanner.info/files/4/install-Clam-0.90.2-SA-3.2.0.tar.gz >>> >>> Please give it a try and tell me what you think. >>> >>> Jules >>> >>> - -- Julian Field MEng CITP >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> MailScanner customisation, or any advanced system administration help? >>> Contact me at Jules@Jules.FM >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> For all your IT requirements visit www.transtec.co.uk >>> >>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: PGP Desktop 9.6.1 (Build 1012) >>> Charset: ISO-8859-1 >>> >>> wj8DBQFGPG2SEfZZRxQVtlQRAp04AKDzcrpqjt9PQy1elmLrZ3brZ6n52QCg4XKf >>> vKBeYc0ONuI/vrut9Eur8Yo= >>> =fmSq >>> -----END PGP SIGNATURE----- >>> >>> >> >> (1) Africa >> (2) Asia >> (3) Central America >> (4) Europe >> (5) North America >> (6) Oceania >> (7) South America >> Select your continent (or several nearby continents) [] >> Sorry! since you don't have any existing picks, you must make a >> geographic selection. >> >> (1) Africa >> (2) Asia >> (3) Central America >> (4) Europe >> (5) North America >> (6) Oceania >> (7) South America >> Select your continent (or several nearby continents) [] >> Sorry! since you don't have any existing picks, you must make a >> geographic selection. >> >> (1) Africa >> (2) Asia >> (3) Central America >> (4) Europe >> (5) North America >> (6) Oceania >> (7) South America >> Select your continent (or several nearby continents) [] >> Sorry! since you don't have any existing picks, you must make a >> geographic selection. >> >> Loops here!! >> >> > > Jules > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGPLktEfZZRxQVtlQRAhbVAKChfm6CpXtG2gYYgOrV07TNCSORnwCgiuQU VONO85De2EEz10EOxYYkcNM= =d69x -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From rcooper at dwford.com Sat May 5 19:23:22 2007 From: rcooper at dwford.com (Rick Cooper) Date: Sat May 5 19:24:39 2007 Subject: Clamav suggestions In-Reply-To: <463CAF50.8030305@ecs.soton.ac.uk> References: <20070504123613.hz8h28ltwkcko8o8@luna.eco.unibs.it> <463B5E8A.2080400@sendit.nodak.edu><085b01c78f29$f30cc540$0301a8c0@SAHOMELT> <463CAF50.8030305@ecs.soton.ac.uk> Message-ID: <089801c78f42$78529500$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: Saturday, May 05, 2007 12:23 PM > To: MailScanner discussion > Subject: Re: Clamav suggestions > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > [...] > Yes, I welcome any contribution, so long as the patch isn't > *too* big! :-) > Please try to keep your patch as self-contained as possible, so you > just, for example, rewrite the init code for the clamd parser and the > output parser itself. Please just make it as clean and modular as you > can. You can see from the rest of the code the type of Perl I > write. I > use the syntactical short-cut facilities in the language, I > don't just > write Java/C in Perl the way a lot of people do. And please > don't feel > upset if I take your code and appear to rewrite it :-) > > Thanks, > Jules. > I will have to try and rememeber the program flow, and look at the clamavmodule code and how it's called because this would work pretty much the same. It would be easy enough to make the output the same as the clamavmodule output so the same parser could be used if the current parser had some minor changes such as MailScanner::Log::InfoLog("ClamAVModule:: to MailScanner::Log::InfoLog("$Name:: would it not? I have already tried to make the code more like yours (from my unrar experience) such as "last if time > $TimeOut;" or "LogIt("ClamD Timed Out!\n") if $TimeOut < time && $Debug;". In any event you know I don't care if you rewrite everything.. It's your program ;-) The size should be pretty fair, the current stand alone proof of concept code is only 144 lines including a Logging function, line comments, 18 lines of description comments, the various "use " statements and debug and blank lines. I would expect the finished MS ready code would be half that, maybe less (even with comments). There would, of course, be additional config lines. I would expect you should have: clamd socket (IpAddr or full path to socket file) clamd port default 3310 clamd lock file (to check if clamd is even running) clamd timeout And would you want to scan an entire batch at once, or one message/dir at a time? I can even send you the stand alone code I have an let you play with it at your leasure if you wish. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alden at engineno9inc.com Sat May 5 20:12:57 2007 From: alden at engineno9inc.com (Alden Levy) Date: Sat May 5 20:13:07 2007 Subject: SMPID vs. INPID Message-ID: <002101c78f49$651fdcc0$5a01a8c0@AldenLap> I had a problem a long time ago on my old server that never got solved; unfortunately, it's reared it's ugly head on the new server (I had to copy over a file from the old server), and I'd like to put it to bed for good. Basically, when I start MS, all works well, but when I check status, I get an error # service MailScanner status Checking MailScanner daemons: MailScanner: [ OK ] incoming sendmail: [ FAIL ] outgoing sendmail: [ OK ] However, it works fine as it is. In order to get rid of the fail, though, I've been updating sendmail.in.pid with the proper pid, and everything works. I finally had a few minutes to track down the issue, and it seems that something (I did something??) confused SMPID and INPID in MailScanner_app_init. The relevant code is: In StartInSendmail: elif [ $MTA = 'sendmail' ]; then /usr/bin/newaliases > /dev/null 2>&1 if test -x /usr/bin/make -a -f /etc/mail/Makefile ; then make -C /etc/mail -s else for i in virtusertable access domaintable mailertable ; do if [ -f /etc/mail/$i ] ; then makemap hash /etc/mail/$i < /etc/mail/$i fi done fi $SENDMAIL -bd -OPrivacyOptions=noetrn \ -ODeliveryMode=queueonly \ -OQueueDirectory=$INQDIR \ -OPidFile=$INPID touch /var/run/sm-client.pid chown $MSPUSER:$MSPGROUP /var/run/sm-client.pid 2>/dev/null $SENDMAIL -L sm-msp-queue -Ac -q15m -OPidFile=$SMPID 2>/dev/null success echo And in status: status) # Work out if all of MailScanner is running echo 'Checking MailScanner daemons:' echo -n ' MailScanner: ' pid=`pidofproc MailScanner` if [ -z "$pid" ] ; then failure; else success; fi echo if [ $MTA = "sendmail" ]; then # Now the incoming sendmail echo -n ' incoming sendmail: ' pid=`head -1 $INPID` alive=`ps ax | awk '{ print $1 }' | grep '^'$pid'$'` #pid=`ps ax | egrep '\[sendmail\]|sendmai[l]: accepting connections'` if [ -z "$alive" ] ; then failure; else success; fi echo Please note that both $INPID and $SMPID (as well as /var/run/sm-client.pid) are referenced in StartInSendmail and only $INPID is checked in status. Any help would be greatly appreciated. For the record, I am running MS 4.68.9-1 and SA 3.18 on CentOS 4.4. Thanks, Alden Alden Levy Engine No. 9, Inc. 130 W. 57th Street, Suite 2F New York, NY 10019 (212) 981-1122 (212) 504-9598 fax From amaclach at yahoo.co.uk Sun May 6 00:55:38 2007 From: amaclach at yahoo.co.uk (Andrew MacLachlan) Date: Sun May 6 00:55:40 2007 Subject: Strange clamd messages Message-ID: <711094.52154.qm@web26308.mail.ukl.yahoo.com> Has anyone experienced anything like this with clamd? It appears to be working but I'm concerned by the lstat() message... May 5 12:28:25 mail-gw MailScanner[1774]: Virus and Content Scanning: Starting May 5 12:28:25 mail-gw clamd[1543]: No stats for Database check - forcing reload May 5 12:28:25 mail-gw clamd[1543]: Reading databases from /var/lib/clamav May 5 12:28:27 mail-gw MailScanner[1774]: /var/spool/MailScanner/incoming/1774/.: lstat() failed. ERROR May 5 12:28:28 mail-gw MailScanner[1774]: Requeue: 5CE7527F11.91A87 to 9E60927F21 May 5 12:28:28 mail-gw MailScanner[1774]: Uninfected: Delivered 1 messages clamd is 0.90.2-1 on FC4 Cheers, Andy From r.berber at computer.org Sun May 6 01:47:46 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Sun May 6 01:46:53 2007 Subject: Strange clamd messages In-Reply-To: <711094.52154.qm@web26308.mail.ukl.yahoo.com> References: <711094.52154.qm@web26308.mail.ukl.yahoo.com> Message-ID: Andrew MacLachlan wrote: > Has anyone experienced anything like this with clamd? > It appears to be working but I'm concerned by the lstat() message... > > May 5 12:28:25 mail-gw MailScanner[1774]: Virus and Content Scanning: Starting > May 5 12:28:25 mail-gw clamd[1543]: No stats for Database check - forcing reload > May 5 12:28:25 mail-gw clamd[1543]: Reading databases from /var/lib/clamav > May 5 12:28:27 mail-gw MailScanner[1774]: /var/spool/MailScanner/incoming/1774/.: lstat() failed. ERROR > May 5 12:28:28 mail-gw MailScanner[1774]: Requeue: 5CE7527F11.91A87 to 9E60927F21 > May 5 12:28:28 mail-gw MailScanner[1774]: Uninfected: Delivered 1 messages Is not working, and the problem are permissions: clamd cannot see what's in the incomming directory, much less test it. -- Ren? Berber From jimc at laridian.com Sun May 6 02:56:38 2007 From: jimc at laridian.com (Jim Coates) Date: Sun May 6 03:01:08 2007 Subject: MailScanner failing to deliver In-Reply-To: Message-ID: <060701c78f81$c8fdae10$6501a8c0@zorak> Hey all... My host had to upgrade some things on our server and in the process upgraded MailScanner to the latest available from the ports tree (FreeBSD). The version is 4.50.15. Since the upgrade, its been having issues... it seems to receive email (I can tail the maillog and see stuff coming in), but it only delivers inbound and outbound for a short period of time. I then have to restart MailScanner, and it will once again deliver for just a short period of time. Another oddity... when tailing the maillog, I see MailScanne start multiple times... IE - it puts up the version info and the number of messages in queue etc... then a few seconds later I see the same thing twice more. Any ideas? I wasn't having these issues at all with the older version of MailScanner that I was running. Thank you in advance, Jim Coates From jimc at laridian.com Sun May 6 05:04:12 2007 From: jimc at laridian.com (Jim Coates) Date: Sun May 6 05:09:56 2007 Subject: MailScanner failing to deliver Message-ID: <06a301c78f93$9cd5cbd0$6501a8c0@zorak> I'm reposting this simply because I accidentally tagged it onto another thread.. sorry: Hey all... My host had to upgrade some things on our server and in the process upgraded MailScanner to the latest available from the ports tree (FreeBSD). The version is 4.50.15. Since the upgrade, its been having issues... it seems to receive email (I can tail the maillog and see stuff coming in), but it only delivers inbound and outbound for a short period of time. I then have to restart MailScanner, and it will once again deliver for just a short period of time. When it restarts (and seemingly before it fails too) there are a group of messages that get processed over and over. Another oddity... when tailing the maillog, I see MailScanner start multiple times... IE - it puts up the version info and the number of messages in queue etc... then a few seconds later I see the same thing twice more. Any ideas? I wasn't having these issues at all with the older version of MailScanner that I was running. NEW INFORMATION: when I do a "mailscanner --lint" it tells me the following: mail2# mailscanner --lint Read 701 hostnames from the phishing whitelist Config: calling custom init function MailWatchLogging Cannot write pid file , No such file or directory at /usr/local/sbin/mailscanner line 1238 Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamavmodule mail2# I also had MailWatch installed, but the host recently upgraded MySQL and it has not worked since then. Not sure what the cause is or if its adding to this trouble. I do get a considerable amount of : May 5 22:56:57 mail2 MailScanner[98183]: Started SQL Logging child May 5 22:56:57 mail2 MailScanner[98106]: Started SQL Logging child May 5 22:56:58 mail2 MailScanner[58029]: Started SQL Logging child May 5 22:57:00 mail2 MailScanner[96343]: Started SQL Logging child May 5 22:57:08 mail2 MailScanner[98200]: Started SQL Logging child Basically I am having to restart it about every 30 minutes right now, so I'd love any help you can give me. Thank you in advance, Jim Coates -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070505/91d2265c/attachment.html From hvdkooij at vanderkooij.org Sun May 6 09:05:17 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun May 6 09:05:49 2007 Subject: MailScanner failing to deliver In-Reply-To: <06a301c78f93$9cd5cbd0$6501a8c0@zorak> References: <06a301c78f93$9cd5cbd0$6501a8c0@zorak> Message-ID: On Sat, 5 May 2007, Jim Coates wrote: > My host had to upgrade some things on our server and in the process upgraded > MailScanner to the latest available from the ports tree (FreeBSD). The > version is 4.50.15. > > Since the upgrade, its been having issues... it seems to receive email (I > can tail the maillog and see stuff coming in), but it only delivers inbound > and outbound for a short period of time. I then have to restart MailScanner, > and it will once again deliver for just a short period of time. > > When it restarts (and seemingly before it fails too) there are a group of > messages that get processed over and over. > > Another oddity... when tailing the maillog, I see MailScanner start multiple > times... IE - it puts up the version info and the number of messages in > queue etc... then a few seconds later I see the same thing twice more. > > Any ideas? I wasn't having these issues at all with the older version of > MailScanner that I was running. > > NEW INFORMATION: when I do a "mailscanner --lint" it tells me the following: > > mail2# mailscanner --lint > Read 701 hostnames from the phishing whitelist > Config: calling custom init function MailWatchLogging > Cannot write pid file , No such file or directory at > /usr/local/sbin/mailscanner line 1238 I suggest you check this out and fix what is required to be fixed. > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > MailScanner.conf says "Virus Scanners = clamav" > Found these virus scanners installed: clamavmodule > mail2# > > I also had MailWatch installed, but the host recently upgraded MySQL and it > has not worked since then. Not sure what the cause is or if its adding to > this trouble. I do get a considerable amount of : > > May 5 22:56:57 mail2 MailScanner[98183]: Started SQL Logging child > May 5 22:56:57 mail2 MailScanner[98106]: Started SQL Logging child > May 5 22:56:58 mail2 MailScanner[58029]: Started SQL Logging child > May 5 22:57:00 mail2 MailScanner[96343]: Started SQL Logging child > May 5 22:57:08 mail2 MailScanner[98200]: Started SQL Logging child > > Basically I am having to restart it about every 30 minutes right now, so I'd > love any help you can give me. If MailWatch is not working there is nothing to be lost from removing the MailWatch line(s) from your config now. See if it is degrading your MailScanner functionality. Did you go over the changelog to see if things changed from your old version to your current one? Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From amaclach at yahoo.co.uk Sun May 6 11:13:59 2007 From: amaclach at yahoo.co.uk (Andrew MacLachlan) Date: Sun May 6 11:14:02 2007 Subject: Strange clamd messages Message-ID: <524616.6557.qm@web26315.mail.ukl.yahoo.com> Working properly now - Thanks for the pointer! Cheers, Andy ----- Original Message ---- From: Ren? Berber To: mailscanner@lists.mailscanner.info Sent: Sunday, 6 May, 2007 1:47:46 AM Subject: Re: Strange clamd messages Andrew MacLachlan wrote: > Has anyone experienced anything like this with clamd? > It appears to be working but I'm concerned by the lstat() message... > > May 5 12:28:25 mail-gw MailScanner[1774]: Virus and Content Scanning: Starting > May 5 12:28:25 mail-gw clamd[1543]: No stats for Database check - forcing reload > May 5 12:28:25 mail-gw clamd[1543]: Reading databases from /var/lib/clamav > May 5 12:28:27 mail-gw MailScanner[1774]: /var/spool/MailScanner/incoming/1774/.: lstat() failed. ERROR > May 5 12:28:28 mail-gw MailScanner[1774]: Requeue: 5CE7527F11.91A87 to 9E60927F21 > May 5 12:28:28 mail-gw MailScanner[1774]: Uninfected: Delivered 1 messages Is not working, and the problem are permissions: clamd cannot see what's in the incomming directory, much less test it. -- Ren? Berber -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun May 6 11:51:26 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun May 6 11:56:16 2007 Subject: HOWTO: Use re2c and compiled SpamAssassin rules Message-ID: <463DB32E.5070702@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is intended as a brief guide to using the program "re2c" to generate compiled rules which speeds up SpamAssassin quite a bit. Please can someone (who understands the wiki's text formatting system) upload this to the wiki for me! 1) Download the program "re2c" from "http://sourceforge.net/projects/re2c". If you are running an RPM-based system then download the .src.rpm file, else download the .tar.gz file. 2) Build "re2c". 2a) If you downloaded the .src.rpm file, then rpmbuild --rebuild re2c*.src.rpm cd /usr/src/redhat/RPMS/i386 (swap "redhat" for "packages" if that dir doesn't exist) rpm -Uvh re2c-0.12.0-1.i386.rpm (i.e. not the "debuginfo" version of the file) 2b) If you downloaded the .tar.gz file, then tar xzf re2c*tar*gz cd re2c* ./configure make make test make install 3) Compile the current set of SpamAssassin rules sa-compile 4) Tell SpamAssassin to use the compiled rules. Edit /etc/mail/spamassassin/v320.pre and uncomment the line loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody by removing the "# " from the start of the line. 5) If you are using Rules-Du-Jour then tell it to recompile the rules after it downloads them. Edit the file /usr/bin/rules_du_jour and look for the line that contains SA_RESTART=" Change this line to say SA_RESTART="sa-compile && /etc/init.d/spamassassin restart"; 6) Restart MailScanner. If you have any problems, let the mailing list know. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGPbQxEfZZRxQVtlQRAiIDAJ96MwjVldiCLcqhPghe+iHdKdq+4wCdE94p J5dKYLH+ldoVOIqTR74s8Mo= =Z068 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From asakawa at quickd.net Sun May 6 13:08:11 2007 From: asakawa at quickd.net (asakawa) Date: Sun May 6 13:08:37 2007 Subject: can't detect avast Message-ID: <20070506210337.62F3.ASAKAWA@quickd.net> can't detect avast MailScanner --lint Creating hardcoded struct_flock subroutine for linux (Linux-type) MailScanner.conf says "Virus Scanners = antivir clamd bitdefender f-prot avg f-secure avast" Found these virus scanners installed: bitdefender, f-prot, clamav, f-secure, clamd, avg, antivir virus.scanners.conf avast /usr/lib/MailScanner/avast-wrapper /usr/bin/avast avastd /usr/lib/MailScanner/avastd-wrapper /usr/bin/avast [root@ns ~]# /usr/bin/avast -V avast: avast v1.0.8 VPS: 000714-0 (date: 15.02.2007) Copyright(C) 2003-2007. ALWIL Software. All rights reserved. Asakawa From ms-list at alexb.ch Sun May 6 13:47:49 2007 From: ms-list at alexb.ch (Alex Broens) Date: Sun May 6 13:47:52 2007 Subject: HOWTO: Use re2c and compiled SpamAssassin rules In-Reply-To: <463DB32E.5070702@ecs.soton.ac.uk> References: <463DB32E.5070702@ecs.soton.ac.uk> Message-ID: <463DCE75.7090905@alexb.ch> On 5/6/2007 12:51 PM, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > This is intended as a brief guide to using the program "re2c" to > generate compiled rules which speeds up SpamAssassin quite a bit. > > Please can someone (who understands the wiki's text formatting system) > upload this to the wiki for me! > > 1) Download the program "re2c" from > "http://sourceforge.net/projects/re2c". If you are running an RPM-based > system then download the .src.rpm file, else download the .tar.gz file. > 2) Build "re2c". > 2a) If you downloaded the .src.rpm file, then > rpmbuild --rebuild re2c*.src.rpm > cd /usr/src/redhat/RPMS/i386 (swap "redhat" for "packages" if > that dir doesn't exist) > rpm -Uvh re2c-0.12.0-1.i386.rpm (i.e. not the "debuginfo" version > of the file) > 2b) If you downloaded the .tar.gz file, then > tar xzf re2c*tar*gz > cd re2c* > ./configure > make > make test > make install > 3) Compile the current set of SpamAssassin rules > sa-compile > 4) Tell SpamAssassin to use the compiled rules. Edit > /etc/mail/spamassassin/v320.pre and uncomment the line > loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody > by removing the "# " from the start of the line. > 5) If you are using Rules-Du-Jour then tell it to recompile the rules > after it downloads them. Edit the file /usr/bin/rules_du_jour and look > for the line that contains > SA_RESTART=" > Change this line to say > SA_RESTART="sa-compile && /etc/init.d/spamassassin restart"; > 6) Restart MailScanner. > > If you have any problems, let the mailing list know. Jules I'd say that if you use MS and RDJ the restart command should be SA_RESTART="sa-compile && /etc/init.d/MailScanner reload"; Alex From MailScanner at ecs.soton.ac.uk Sun May 6 13:50:40 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun May 6 13:51:08 2007 Subject: can't detect avast In-Reply-To: <20070506210337.62F3.ASAKAWA@quickd.net> References: <20070506210337.62F3.ASAKAWA@quickd.net> Message-ID: <463DCF20.8080706@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Your virus.scanners.conf is wrong. For the avast lines it should just be /usr. asakawa wrote: > can't detect avast > > MailScanner --lint > > Creating hardcoded struct_flock subroutine for linux (Linux-type) > MailScanner.conf says "Virus Scanners = antivir clamd bitdefender f-prot avg f-secure avast" > Found these virus scanners installed: bitdefender, f-prot, clamav, f-secure, clamd, avg, antivir > > virus.scanners.conf > > > avast /usr/lib/MailScanner/avast-wrapper /usr/bin/avast > avastd /usr/lib/MailScanner/avastd-wrapper /usr/bin/avast > > [root@ns ~]# /usr/bin/avast -V > avast: avast v1.0.8 > VPS: 000714-0 (date: 15.02.2007) > Copyright(C) 2003-2007. ALWIL Software. All rights reserved. > > > > Asakawa > > > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGPc8jEfZZRxQVtlQRAo74AJ42Fegygf0xhnKx+LHuQWoy9qEcWQCg2PDP 0TGhQPJMr816K5pjxeNJ2GA= =U3OV -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From smlists at shaw.ca Sun May 6 14:40:37 2007 From: smlists at shaw.ca (Steve Mason) Date: Sun May 6 14:40:41 2007 Subject: MailScanner and Centos 5 In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA921765@HC-MBX02.herefordshire.gov.uk> References: <462BE389.7060802@shaw.ca> <7EF0EE5CB3B263488C8C18823239BEBA921765@HC-MBX02.herefordshire.gov.uk> Message-ID: <463DDAD5.5030405@shaw.ca> Thanks. I decided to go with 4.4, and it's up and running (except for FuzzyOCR which I'm leaving for another day) Steve From smlists at shaw.ca Sun May 6 14:42:50 2007 From: smlists at shaw.ca (Steve Mason) Date: Sun May 6 14:44:53 2007 Subject: Multi (split) image spam In-Reply-To: <462BE389.7060802@shaw.ca> References: <462BE389.7060802@shaw.ca> Message-ID: <463DDB5A.3050405@shaw.ca> Is anyone else seeing drug image spam with the .gif images split into 4 vertical strip files? Nice new tactic by the spammers.... any new methods to handle this yet? Thanks, Steve From uxbod at splatnix.net Sun May 6 14:57:52 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Sun May 6 14:55:47 2007 Subject: Multi (split) image spam In-Reply-To: <463DDB5A.3050405@shaw.ca> References: <462BE389.7060802@shaw.ca> <463DDB5A.3050405@shaw.ca> Message-ID: <20070506145752.5fa3f497@uxbod.splatnix.net> I haven't seen any of those yet Steve. Could you make one available for analysis ? All, FuzzyOCR is broke with SA 3.2.0 at the moment. Cheers, On Sun, 06 May 2007 07:42:50 -0600 Steve Mason wrote: > Is anyone else seeing drug image spam with the .gif images split > into 4 vertical strip files? > > Nice new tactic by the spammers.... any new methods to handle this > yet? > > Thanks, > > Steve -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 // Phone: +44 845 869 2749 // SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Sun May 6 14:59:32 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Sun May 6 14:57:27 2007 Subject: nod32-1.99 Message-ID: <20070506145932.1be9c82b@uxbod.splatnix.net> Julian, I am running this AV here and have had to add -b to the nod32-wrapper so that it performs a silent operation. ie. no licensing details being slapped into /var/log/messages, and MailScanner trying to scan that :) Maybe worth adding as a default too the wrapper ? Cheers, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 // Phone: +44 845 869 2749 // SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From smlists at shaw.ca Sun May 6 15:10:23 2007 From: smlists at shaw.ca (Steve Mason) Date: Sun May 6 15:10:29 2007 Subject: Multi (split) image spam In-Reply-To: <20070506145752.5fa3f497@uxbod.splatnix.net> References: <462BE389.7060802@shaw.ca> <463DDB5A.3050405@shaw.ca> <20070506145752.5fa3f497@uxbod.splatnix.net> Message-ID: <463DE1CF.3050804@shaw.ca> --[ UxBoD ]-- wrote: > I haven't seen any of those yet Steve. Could you make one available > for analysis ? > > All, FuzzyOCR is broke with SA 3.2.0 at the moment. > > Cheers, > No problem.. wget http://www.masoncomputing.com/spamsamples/spam1.tar Steve From mkettler at evi-inc.com Sun May 6 18:39:24 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Sun May 6 18:39:34 2007 Subject: SpamAssassin 3.2.0 In-Reply-To: References: <463900B1.8080301@ecs.soton.ac.uk> <463B7C0C.9000004@evi-inc.com> <463BB60B.3060608@evi-inc.com> Message-ID: <463E12CC.7080806@evi-inc.com> Yes, it's a genuine bug. I reproduced it at home and produced a patch, which I tried to send you a link to, but unfortunately you don't seem to accept mail from my home ISP (verizon). I don't have the link handy, so you'll have to dig around the SA bugzilla. It shouldn't be hard to find. Search for open bugs involving uridnsbl. Res wrote: > Thanks Matt > If you can't reproduce it let me know, it must point to something else > I've enabled I suppose. > > On Fri, 4 May 2007, Matt Kettler wrote: > >> Res wrote: >>> On Fri, 4 May 2007, Matt Kettler wrote: >>> >>>> URIDNSBL >>> >>> I used to have this disabled for performance, for several versions, but >>> as 3.20 cries like a baby unless its enabled, RDJ and sa-update refuse >>> to run because of found scores for non existant plugins, I must admit I >>> only looked at it for 2 minutes, but decided it was not worth the effort >>> and just enabled the plugin, until I have time to find what else now >>> needs disabling to shut it up :) Might look at it again on monday >>> morning. >>> >>> > >> Sounds like a bug in the conditionals that disable parts of the >> ruleset.. I'll >> look at it this weekend, time permitting.. If I can replicate it, I'll >> open a >> bug with the SA dev team. If it's something I can make patches for, >> I'll do that >> too. > > > From hvdkooij at vanderkooij.org Sun May 6 19:39:08 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun May 6 19:39:44 2007 Subject: Multi (split) image spam In-Reply-To: <463DDB5A.3050405@shaw.ca> References: <462BE389.7060802@shaw.ca> <463DDB5A.3050405@shaw.ca> Message-ID: On Sun, 6 May 2007, Steve Mason wrote: > Is anyone else seeing drug image spam with the .gif images split into 4 > vertical strip files? > > Nice new tactic by the spammers.... any new methods to handle this yet? Perhaps the fact that they are in strip files? Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From hvdkooij at vanderkooij.org Sun May 6 19:42:18 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun May 6 19:42:57 2007 Subject: Multi (split) image spam In-Reply-To: <463DE1CF.3050804@shaw.ca> References: <462BE389.7060802@shaw.ca> <463DDB5A.3050405@shaw.ca> <20070506145752.5fa3f497@uxbod.splatnix.net> <463DE1CF.3050804@shaw.ca> Message-ID: On Sun, 6 May 2007, Steve Mason wrote: > --[ UxBoD ]-- wrote: >> I haven't seen any of those yet Steve. Could you make one available >> for analysis ? >> >> All, FuzzyOCR is broke with SA 3.2.0 at the moment. >> >> Cheers, >> > No problem.. > wget http://www.masoncomputing.com/spamsamples/spam1.tar Great shooting Tex. ;-) I think we got a genuine logwatch report here. I think you need to check it. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From MailScanner at ecs.soton.ac.uk Sun May 6 20:24:37 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun May 6 20:26:44 2007 Subject: nod32-1.99 In-Reply-To: <20070506145932.1be9c82b@uxbod.splatnix.net> References: <20070506145932.1be9c82b@uxbod.splatnix.net> Message-ID: <463E2B75.7050102@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks for that. I have added it to SweepViruses.pm. It will be in the next release. Cheers, Jules. - --[ UxBoD ]-- wrote: > Julian, > > I am running this AV here and have had to add -b to the nod32-wrapper > so that it performs a silent operation. ie. no licensing details being > slapped into /var/log/messages, and MailScanner trying to scan that :) > > Maybe worth adding as a default too the wrapper ? > > Cheers, > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGPivWEfZZRxQVtlQRAkxiAJ9+9OHQeqV1sHVBpFqsU1by6OVxOQCfUI39 dIvb3Fw1ZhpS3qsvJGvrhhE= =O4Sz -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From amaclach at yahoo.co.uk Sun May 6 22:16:43 2007 From: amaclach at yahoo.co.uk (Andrew MacLachlan) Date: Sun May 6 22:16:46 2007 Subject: MailScanner and Centos 5 Message-ID: <802996.33232.qm@web26302.mail.ukl.yahoo.com> Fuzzy's a complete sh... to get right, but it's great once it's working properly and you have all the components installed (oh why can't someone put it all into a nice easy rpm...) I found Tesseract the worst... It just wouldn't build... Regards, Andrew MacLachlan H: +44 20 84677939 M: +44 7900 980314 E: amaclach@yahoo.co.uk ----- Original Message ---- From: Steve Mason To: MailScanner discussion Sent: Sunday, 6 May, 2007 2:40:37 PM Subject: Re: MailScanner and Centos 5 Thanks. I decided to go with 4.4, and it's up and running (except for FuzzyOCR which I'm leaving for another day) Steve -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From amaclach at yahoo.co.uk Sun May 6 22:22:20 2007 From: amaclach at yahoo.co.uk (Andrew MacLachlan) Date: Sun May 6 22:22:22 2007 Subject: Multi (split) image spam Message-ID: <727373.44781.qm@web26307.mail.ukl.yahoo.com> Nope, but I've seen some quite cool wobbly lines just today - didn't fool Fuzzy though - an instant 6 points for that effort plus incidental scores giving it a total of 16 or so. Some of the spammers are doing resends though to get around greylisting - this is a worrying trend, however it also means that they can only send half as many from each bot... Maybe time to re-tune the greylisting software so it does a second 450 before it finally accepts a sender? Regards, Andrew MacLachlan H: +44 20 84677939 M: +44 7900 980314 E: amaclach@yahoo.co.uk ----- Original Message ---- From: Steve Mason To: MailScanner discussion Sent: Sunday, 6 May, 2007 2:42:50 PM Subject: Multi (split) image spam Is anyone else seeing drug image spam with the .gif images split into 4 vertical strip files? Nice new tactic by the spammers.... any new methods to handle this yet? Thanks, Steve -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From amaclach at yahoo.co.uk Sun May 6 22:24:17 2007 From: amaclach at yahoo.co.uk (Andrew MacLachlan) Date: Sun May 6 22:24:19 2007 Subject: SpamAssassin 3.2.0 Message-ID: <963369.66510.qm@web26310.mail.ukl.yahoo.com> I can host that patch if you want. Andy ----- Original Message ---- From: Matt Kettler To: MailScanner discussion Sent: Sunday, 6 May, 2007 6:39:24 PM Subject: Re: SpamAssassin 3.2.0 Yes, it's a genuine bug. I reproduced it at home and produced a patch, which I tried to send you a link to, but unfortunately you don't seem to accept mail from my home ISP (verizon). I don't have the link handy, so you'll have to dig around the SA bugzilla. It shouldn't be hard to find. Search for open bugs involving uridnsbl. Res wrote: > Thanks Matt > If you can't reproduce it let me know, it must point to something else > I've enabled I suppose. > > On Fri, 4 May 2007, Matt Kettler wrote: > >> Res wrote: >>> On Fri, 4 May 2007, Matt Kettler wrote: >>> >>>> URIDNSBL >>> >>> I used to have this disabled for performance, for several versions, but >>> as 3.20 cries like a baby unless its enabled, RDJ and sa-update refuse >>> to run because of found scores for non existant plugins, I must admit I >>> only looked at it for 2 minutes, but decided it was not worth the effort >>> and just enabled the plugin, until I have time to find what else now >>> needs disabling to shut it up :) Might look at it again on monday >>> morning. >>> >>> > >> Sounds like a bug in the conditionals that disable parts of the >> ruleset.. I'll >> look at it this weekend, time permitting.. If I can replicate it, I'll >> open a >> bug with the SA dev team. If it's something I can make patches for, >> I'll do that >> too. > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From hvdkooij at vanderkooij.org Sun May 6 23:07:18 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun May 6 23:07:54 2007 Subject: Multi (split) image spam In-Reply-To: <727373.44781.qm@web26307.mail.ukl.yahoo.com> References: <727373.44781.qm@web26307.mail.ukl.yahoo.com> Message-ID: On Sun, 6 May 2007, Andrew MacLachlan wrote: > Some of the spammers are doing resends though to get around greylisting - this is a worrying trend, however it also means that they can only send half as many from each bot... > > Maybe time to re-tune the greylisting software so it does a second 450 before it finally accepts a sender? Most greylisting solutions I have seen use a time window. So you need to resend it after the timewindow or you will still hit the greylist. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From res at ausics.net Sun May 6 23:25:20 2007 From: res at ausics.net (Res) Date: Sun May 6 23:25:38 2007 Subject: Multi (split) image spam In-Reply-To: <727373.44781.qm@web26307.mail.ukl.yahoo.com> References: <727373.44781.qm@web26307.mail.ukl.yahoo.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 6 May 2007, Andrew MacLachlan wrote: > Some of the spammers are doing resends though to get around greylisting This is one of the reasons I consider greylisting useless :) I've seen this from this part of the world (oceania/asia area) for about as long as greylisting came about. It's the same ol same ol, we do something to stop em, they circumvent it, we counter it and they will try counter it again, and so on and as grey listing is the most simplest thing to get around, i've always regarded it as a joke, and all it does it build up your own outgoing queues, this might be fine for those who do 1K messages a day but when you do millions, thats just not on, anyhow you might as well firewall off your primary MX making mail fail and force resend via secondary MX's. - -- Cheers Res Vote for your favourite MTA at http://polls.ausics.net/v3.php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGPlXSsWhAmSIQh7MRAriLAKC1gppSuVoeUKFUBlkcft2Uza6OqQCfWQTM JvxRuyNv2n7IlyXHAPPulAM= =lBlX -----END PGP SIGNATURE----- From amaclach at yahoo.co.uk Sun May 6 23:31:23 2007 From: amaclach at yahoo.co.uk (Andrew MacLachlan) Date: Sun May 6 23:31:25 2007 Subject: Clever bots - was Re: Multi (split) image spam Message-ID: <123569.36742.qm@web26303.mail.ukl.yahoo.com> That's right - most are 5 mins, which is about right for most MTAs first retry. Any decent greylister will tell an early retry to go away again, but either more spammers are using MTAs or the bots are getting cleverer. I'd say the latter is more likely. A cursory glance at a couple of spams from today gives me headers like this: X-Greylist: delayed 00:10:01 by SQLgrey-1.7.5 Received: from 89-172-120-92.adsl.net.t-com.hr (89-172-120-92.adsl.net.t-com.hr [89.172.120.92]) X-Greylist: delayed 00:10:02 by SQLgrey-1.7.5 Received: from 236.Red-81-36-176.dynamicIP.rima-tde.net (236.red-81-36-176.dynamicip.rima-tde.net [81.36.176.236]) Interestingly the delay was over 10 mins by a second or 2 - so this means that grey needs to extend to 11 mins... Not sure what the effect of this will be - is the bot smart enough to retry again if rejected at 10 mins? Andy ----- Original Message ---- From: Hugo van der Kooij To: MailScanner discussion Sent: Sunday, 6 May, 2007 11:07:18 PM Subject: Re: Multi (split) image spam On Sun, 6 May 2007, Andrew MacLachlan wrote: > Some of the spammers are doing resends though to get around greylisting - this is a worrying trend, however it also means that they can only send half as many from each bot... > > Maybe time to re-tune the greylisting software so it does a second 450 before it finally accepts a sender? Most greylisting solutions I have seen use a time window. So you need to resend it after the timewindow or you will still hit the greylist. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From res at ausics.net Sun May 6 23:32:09 2007 From: res at ausics.net (Res) Date: Sun May 6 23:32:25 2007 Subject: SpamAssassin 3.2.0 In-Reply-To: <463E12CC.7080806@evi-inc.com> References: <463900B1.8080301@ecs.soton.ac.uk> <463B7C0C.9000004@evi-inc.com> <463BB60B.3060608@evi-inc.com> <463E12CC.7080806@evi-inc.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 6 May 2007, Matt Kettler wrote: > Yes, it's a genuine bug. > > I reproduced it at home and produced a patch, which I tried to send you a link > to, but unfortunately you don't seem to accept mail from my home ISP (verizon). Thanks Matt, I'll have a look later this morning. BTW I wouldn't have got the mail anyway if you had got in as res@ is a list/newsgroup only account unless your mail is sorted into a list folder its /dev/null'd primarily because I've used this a/c on usenet for along time so would have to be in every spam list, sendmail/MS get rid of 99% of the junk, my pine filtering rules eliminate the remaining :) - -- Cheers Res Vote for your favourite MTA at http://polls.ausics.net/v3.php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGPldrsWhAmSIQh7MRAgNtAJ9NsY9wb0MB1LjuojOGUj5PVxZ6VACdF/ON kFxrQGYHjp6Hy/pBJ6Go7Zk= =r1J5 -----END PGP SIGNATURE----- From amaclach at yahoo.co.uk Sun May 6 23:49:11 2007 From: amaclach at yahoo.co.uk (Andrew MacLachlan) Date: Sun May 6 23:49:14 2007 Subject: Multi (split) image spam Message-ID: <694855.76046.qm@web26301.mail.ukl.yahoo.com> Not useless - just less effective - and no-one said it was the perfect solution - but it does effectively cut the number of spams a bot can send in half, which is always a good thing. Most spam is stopped dead in its tracks by greylisting and is a very effective (also efficient) method of cutting down on the amount of spam that MS has to process. > and all it does it build up your own outgoing queues Not sure how the logic on that one works... > you might as well firewall off your primary MX > making mail fail and force resend via secondary MX's. A bit extreme - and anyway spammers have been sending directly to secondaries for years as a lot of organisations don't have spam defences on them so the messages just sail on thru... As the old saying goes - defence in depth... -Andy ----- Original Message ---- From: Res To: MailScanner discussion Sent: Sunday, 6 May, 2007 11:25:20 PM Subject: Re: Multi (split) image spam -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 6 May 2007, Andrew MacLachlan wrote: > Some of the spammers are doing resends though to get around greylisting This is one of the reasons I consider greylisting useless :) I've seen this from this part of the world (oceania/asia area) for about as long as greylisting came about. It's the same ol same ol, we do something to stop em, they circumvent it, we counter it and they will try counter it again, and so on and as grey listing is the most simplest thing to get around, i've always regarded it as a joke, and all it does it build up your own outgoing queues, this might be fine for those who do 1K messages a day but when you do millions, thats just not on, anyhow you might as well firewall off your primary MX making mail fail and force resend via secondary MX's. - -- Cheers Res Vote for your favourite MTA at http://polls.ausics.net/v3.php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGPlXSsWhAmSIQh7MRAriLAKC1gppSuVoeUKFUBlkcft2Uza6OqQCfWQTM JvxRuyNv2n7IlyXHAPPulAM= =lBlX -----END PGP SIGNATURE----- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From jaearick at colby.edu Mon May 7 03:09:36 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon May 7 03:09:47 2007 Subject: Multi (split) image spam In-Reply-To: <694855.76046.qm@web26301.mail.ukl.yahoo.com> References: <694855.76046.qm@web26301.mail.ukl.yahoo.com> Message-ID: On Sun, 6 May 2007, Andrew MacLachlan wrote: > Subject: Re: Multi (split) image spam > > Not useless - just less effective - and no-one said it was the perfect solution - but it does effectively cut the number of spams a bot can send in half, which is always a good thing. > Most spam is stopped dead in its tracks by greylisting and is a very effective (also efficient) method of cutting down on the amount of spam that MS has to process. > >> and all it does it build up your own outgoing queues > Not sure how the logic on that one works... > >> you might as well firewall off your primary MX >> making mail fail and force resend via secondary MX's. > A bit extreme - and anyway spammers have been sending directly to secondaries for years as a lot of organisations don't have spam defences on them so the messages just sail on thru... I run smtptrapd (see http://smtptrapd.inodes.org/) on another box which is a secondary MX. It keeps the spammers busy and helps keep them away from my primary MX. If my primary is down, so what? The legit stuff will retry later. Jeff Earickson Colby College From hvdkooij at vanderkooij.org Mon May 7 06:41:03 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon May 7 06:41:38 2007 Subject: Clever bots - was Re: Multi (split) image spam In-Reply-To: <123569.36742.qm@web26303.mail.ukl.yahoo.com> References: <123569.36742.qm@web26303.mail.ukl.yahoo.com> Message-ID: On Sun, 6 May 2007, Andrew MacLachlan wrote: > That's right - most are 5 mins, which is about right for most MTAs first retry. > Any decent greylister will tell an early retry to go away again, but either more spammers are using MTAs or the bots are getting cleverer. I'd say the latter is more likely. > A cursory glance at a couple of spams from today gives me headers like this: > > X-Greylist: delayed 00:10:01 by SQLgrey-1.7.5 > > Received: from 89-172-120-92.adsl.net.t-com.hr (89-172-120-92.adsl.net.t-com.hr [89.172.120.92]) > > X-Greylist: delayed 00:10:02 by SQLgrey-1.7.5 > > Received: from 236.Red-81-36-176.dynamicIP.rima-tde.net (236.red-81-36-176.dynamicip.rima-tde.net [81.36.176.236]) > > Interestingly the delay was over 10 mins by a second or 2 - so this means that grey needs to extend to 11 mins... Not sure what the effect of this will be - is the bot smart enough to retry again if rejected at 10 mins? Given that disabling greylisting still results in a significant rise of traffic for MailScanner I would say it is a usefull addition to the bag of tricks at this time. At irregular intervals I play with some of them to see if disabling a restriction is having an effect. At this point I wrote a small script to report on greylisted entries daily and have added all the noisy entries to a static blacklist. The first way I added was abo.wanadoo.fr and it had an immediate impact. Wanadoo users will need to send through their ISP mailserver to get a message delivered. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? From res at ausics.net Mon May 7 10:10:11 2007 From: res at ausics.net (Res) Date: Mon May 7 10:10:22 2007 Subject: Multi (split) image spam In-Reply-To: <694855.76046.qm@web26301.mail.ukl.yahoo.com> References: <694855.76046.qm@web26301.mail.ukl.yahoo.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 6 May 2007, Andrew MacLachlan wrote: >> and all it does it build up your own outgoing queues > Not sure how the logic on that one works... errr logic? WTF? if the queue cant send it right away it stays in the queue so lamelisted_mail+current_submissions=building_up_queue like I said it might be fine if you run a small office 1K emails p/day, but not when you do millions p/day, however I have tuned sendmail queue running so that new stuff goes first, I'm not going to allow new stuff to be delayed in oversized queue runners because some lamers server wont accept it on first attempt. - -- Cheers Res Vote for your favourite MTA at http://polls.ausics.net/v3.php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGPuz2sWhAmSIQh7MRAhUsAJ0ZANXqiiOnAFGLv3e5mvUyUK3ZagCfeaJX koKex5fcZnwvDfx+GSV3wSM= =Byf/ -----END PGP SIGNATURE----- From uxbod at splatnix.net Mon May 7 12:59:47 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Mon May 7 12:57:43 2007 Subject: SA 3.2.0 Woes Message-ID: <20070507125947.05ede1ea@uxbod.splatnix.net> Hi, Not sure whether this is a issue or not, but since upgrading SA and MailScanner I never seem to get any hits via RBLs. I am using MailWatch and that just says "SpamAssassin Listed in RBL". Bayes never seems to trigger aswell now. Have others experienced anything like this ? TIA -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 // Phone: +44 845 869 2749 // SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From daniel.maher at ubisoft.com Mon May 7 13:46:29 2007 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Mon May 7 13:46:33 2007 Subject: Multi (split) image spam In-Reply-To: <20070506145752.5fa3f497@uxbod.splatnix.net> Message-ID: <1E293D3FF63A3740B10AD5AAD88535D204D6D68B@UBIMAIL1.ubisoft.org> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of --[ UxBoD ]-- > Sent: May 6, 2007 9:58 AM > To: mailscanner@lists.mailscanner.info > Subject: Re: Multi (split) image spam > > I haven't seen any of those yet Steve. Could you make one available > for analysis ? > > All, FuzzyOCR is broke with SA 3.2.0 at the moment. > > Cheers, As I understand it, FuzzyOCR still works in 3.2.0, in that it detects and analyses images; what is broken is the output in the spam report. In fact, as I recall, Ren? Berber submitted a patch for it... I could be wrong, though. :P -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator "How can a man choose between Fresh and Fly? And believe me, there IS a difference." - Crack Stuntman, 2007. From daniel.maher at ubisoft.com Mon May 7 15:18:34 2007 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Mon May 7 15:18:37 2007 Subject: MailScanner and postfix 2.4 Message-ID: <1E293D3FF63A3740B10AD5AAD88535D204D6D84F@UBIMAIL1.ubisoft.org> Hello all, I would love to hear some first-hand accounts of people who are using MailScanner with Postfix 2.4. Does it work well? Are there any particular nuances which need to be addressed in specific? Does anybody have any horror stories? Thank you, all. -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator "How can a man choose between Fresh and Fly? And believe me, there IS a difference." - Crack Stuntman, 2007. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070507/e4374a5d/attachment.html From mikael at syska.dk Mon May 7 15:28:40 2007 From: mikael at syska.dk (Mikael Syska) Date: Mon May 7 15:29:16 2007 Subject: MailScanner and postfix 2.4 In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D204D6D84F@UBIMAIL1.ubisoft.org> References: <1E293D3FF63A3740B10AD5AAD88535D204D6D84F@UBIMAIL1.ubisoft.org> Message-ID: <463F3798.4070809@syska.dk> Hey, Running with that setup soon ... Postfix 2.3.x for now ... but I will be upgrading to 2.4.x soon ... should there be anything since you ask ? or are you just worried about upgrading ? // ouT Daniel Maher wrote: > > Hello all, > > I would love to hear some first-hand accounts of people who are using > MailScanner with Postfix 2.4. Does it work well? Are there any > particular nuances which need to be addressed in specific? Does > anybody have any horror stories? > > Thank you, all. > > -- > > _ > ?v? Daniel Maher > /(_)\ Administrateur Syst?me Unix > ^ ^ Unix System Administrator > > //?How can a man choose between Fresh and Fly? And believe me, there > IS a difference.? ? Crack Stuntman, 2007.//// > From claude.gagne at multitech.qc.ca Mon May 7 15:31:32 2007 From: claude.gagne at multitech.qc.ca (=?windows-1252?Q?Claude_Gagn=E9?=) Date: Mon May 7 15:29:36 2007 Subject: MailScanner and postfix 2.4 In-Reply-To: <1E293D3FF63A3740B10AD5AAD88535D204D6D84F@UBIMAIL1.ubisoft.org> References: <1E293D3FF63A3740B10AD5AAD88535D204D6D84F@UBIMAIL1.ubisoft.org> Message-ID: <463F3844.5090101@multitech.qc.ca> Daniel Maher a ?crit : > > Hello all, > > I would love to hear some first-hand accounts of people who are using > MailScanner with Postfix 2.4. Does it work well? Are there any > particular nuances which need to be addressed in specific? Does > anybody have any horror stories? > > Thank you, all. > > -- > > _ > ?v? Daniel Maher > /(_)\ Administrateur Syst?me Unix > ^ ^ Unix System Administrator > > //?How can a man choose between Fresh and Fly? And believe me, there > IS a difference.? ? Crack Stuntman, 2007.//// > Works good for me so far. From dominian at slackadelic.com Mon May 7 15:37:19 2007 From: dominian at slackadelic.com (Matt Hayes) Date: Mon May 7 15:37:28 2007 Subject: MailScanner and postfix 2.4 In-Reply-To: <463F3844.5090101@multitech.qc.ca> References: <1E293D3FF63A3740B10AD5AAD88535D204D6D84F@UBIMAIL1.ubisoft.org> <463F3844.5090101@multitech.qc.ca> Message-ID: <463F399F.3010708@slackadelic.com> Claude Gagn? wrote: > Daniel Maher a ?crit : >> >> Hello all, >> >> I would love to hear some first-hand accounts of people who are using >> MailScanner with Postfix 2.4. Does it work well? Are there any >> particular nuances which need to be addressed in specific? Does >> anybody have any horror stories? >> >> Thank you, all. >> >> -- >> >> _ >> ?v? Daniel Maher >> /(_)\ Administrateur Syst?me Unix >> ^ ^ Unix System Administrator >> >> //?How can a man choose between Fresh and Fly? And believe me, there >> IS a difference.? ? Crack Stuntman, 2007.//// >> > Works good for me so far. Works fine for me as well. -Matt From glenn.steen at gmail.com Mon May 7 15:39:12 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon May 7 15:39:15 2007 Subject: MailScanner and postfix 2.4 In-Reply-To: <463F3844.5090101@multitech.qc.ca> References: <1E293D3FF63A3740B10AD5AAD88535D204D6D84F@UBIMAIL1.ubisoft.org> <463F3844.5090101@multitech.qc.ca> Message-ID: <223f97700705070739n3f1f319fo5a4c7fa27a93f933@mail.gmail.com> On 07/05/07, Claude Gagn? wrote: > Daniel Maher a ?crit : > > > > Hello all, > > > > I would love to hear some first-hand accounts of people who are using > > MailScanner with Postfix 2.4. Does it work well? Are there any > > particular nuances which need to be addressed in specific? Does > > anybody have any horror stories? > > > > Thank you, all. > > > > -- > > > > _ > > ?v? Daniel Maher > > /(_)\ Administrateur Syst?me Unix > > ^ ^ Unix System Administrator > > > > //"How can a man choose between Fresh and Fly? And believe me, there > > IS a difference." ? Crack Stuntman, 2007.//// > > > Works good for me so far. As it should... It is only if you a) use milters and b) those milters do full body edits... Then you can, and will, run into problems. If a) but not b) (that is: only header edits) then I've supplied some patches that should take care of this ... and a+b patches is in the works:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon May 7 15:43:44 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon May 7 15:43:47 2007 Subject: Clamav suggestions In-Reply-To: <089801c78f42$78529500$0301a8c0@SAHOMELT> References: <20070504123613.hz8h28ltwkcko8o8@luna.eco.unibs.it> <463B5E8A.2080400@sendit.nodak.edu> <085b01c78f29$f30cc540$0301a8c0@SAHOMELT> <463CAF50.8030305@ecs.soton.ac.uk> <089801c78f42$78529500$0301a8c0@SAHOMELT> Message-ID: <223f97700705070743l47a131cayc53ff788c9642f37@mail.gmail.com> On 05/05/07, Rick Cooper wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Julian Field > > Sent: Saturday, May 05, 2007 12:23 PM > > To: MailScanner discussion > > Subject: Re: Clamav suggestions > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > [...] > > > Yes, I welcome any contribution, so long as the patch isn't > > *too* big! :-) > > Please try to keep your patch as self-contained as possible, so you > > just, for example, rewrite the init code for the clamd parser and the > > output parser itself. Please just make it as clean and modular as you > > can. You can see from the rest of the code the type of Perl I > > write. I > > use the syntactical short-cut facilities in the language, I > > don't just > > write Java/C in Perl the way a lot of people do. And please > > don't feel > > upset if I take your code and appear to rewrite it :-) > > > > Thanks, > > Jules. > > > > I will have to try and rememeber the program flow, and look at the > clamavmodule code and how it's called because this would work pretty much > the same. It would be easy enough to make the output the same as the > clamavmodule output so the same parser could be used if the current parser > had some minor changes such as MailScanner::Log::InfoLog("ClamAVModule:: to > MailScanner::Log::InfoLog("$Name:: would it not? I have already tried to > make the code more like yours (from my unrar experience) such as "last if > time > $TimeOut;" or "LogIt("ClamD Timed Out!\n") if $TimeOut < time && > $Debug;". In any event you know I don't care if you rewrite everything.. > It's your program ;-) The size should be pretty fair, the current stand > alone proof of concept code is only 144 lines including a Logging function, > line comments, 18 lines of description comments, the various "use " > statements and debug and blank lines. I would expect the finished MS ready > code would be half that, maybe less (even with comments). There would, of > course, be additional config lines. I would expect you should have: > clamd socket (IpAddr or full path to socket file) > clamd port default 3310 > clamd lock file (to check if clamd is even running) > clamd timeout > > And would you want to scan an entire batch at once, or one message/dir at a > time? I can even send you the stand alone code I have an let you play with > it at your leasure if you wish. > > Rick Hey Rick, I'm pretty certain Jules isn't needling you about style.... Rather me and my "p record patches":-):-). Oh well, there is a reason I don't write "Programmer" on my cards anymore:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From tmartins at gmail.com Mon May 7 16:18:17 2007 From: tmartins at gmail.com (Thiago Martins) Date: Mon May 7 16:18:20 2007 Subject: MailScanner and postfix 2.4 In-Reply-To: <223f97700705070739n3f1f319fo5a4c7fa27a93f933@mail.gmail.com> References: <1E293D3FF63A3740B10AD5AAD88535D204D6D84F@UBIMAIL1.ubisoft.org> <463F3844.5090101@multitech.qc.ca> <223f97700705070739n3f1f319fo5a4c7fa27a93f933@mail.gmail.com> Message-ID: I have MS + Postfix 2.4 + Postgrey working fine here. []?s Thiago On 5/7/07, Glenn Steen wrote: > > On 07/05/07, Claude Gagn? wrote: > > Daniel Maher a ?crit : > > > > > > Hello all, > > > > > > I would love to hear some first-hand accounts of people who are using > > > MailScanner with Postfix 2.4. Does it work well? Are there any > > > particular nuances which need to be addressed in specific? Does > > > anybody have any horror stories? > > > > > > Thank you, all. > > > > > > -- > > > > > > _ > > > ?v? Daniel Maher > > > /(_)\ Administrateur Syst?me Unix > > > ^ ^ Unix System Administrator > > > > > > //"How can a man choose between Fresh and Fly? And believe me, there > > > IS a difference." ? Crack Stuntman, 2007.//// > > > > > Works good for me so far. > > As it should... It is only if you a) use milters and b) those milters > do full body edits... Then you can, and will, run into problems. If a) > but not b) (that is: only header edits) then I've supplied some > patches that should take care of this ... and a+b patches is in the > works:-). > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070507/0687997a/attachment.html From ssilva at sgvwater.com Mon May 7 16:20:37 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon May 7 16:20:58 2007 Subject: SpamAssassin 3.2.0 package In-Reply-To: <463CB925.2050609@ecs.soton.ac.uk> References: <463C6D8E.5040802@ecs.soton.ac.uk> <463C9E7C.7040600@protos.mine.nu> <463CAD50.3050806@ecs.soton.ac.uk> <463CB925.2050609@ecs.soton.ac.uk> Message-ID: Julian Field spake the following on 5/5/2007 10:04 AM: > I have done some basic tests with my SpamAssassin 3.2.0 package and > MailScanner 4.59 and it is working fine. > > I'll do some more tests of it and probably start using it on a > production machine tomorrow if I feel so inclined (and there again I > might well just put my feet up and watch TV). It's a public holiday this > weekend (I think!) so by definition it should rain on Monday at least. :-) > > Jules. Julian, I haven't had an opportunity to look at it yet, but are you or did you add an init script for clamd? I was going to throw one together if it didn't have one. But if it is already there, I won't bother. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From painethom at gmail.com Mon May 7 16:33:53 2007 From: painethom at gmail.com (Thom Paine) Date: Mon May 7 16:33:54 2007 Subject: New SA and Clam and MS 4.59.4-2 Message-ID: <9e1340d20705070833o682a3c08j2feadc9c3d4e2d51@mail.gmail.com> I am trying to update a server to all the latest patches, and I'm having trouble getting some stuff working. I have debug enabled in my mailscanner.conf file and when I try the clamavmodule I get libclamav warning, virus definitions are older than 7 days. I just successfully ran freshclam and I have defined my freshclam.conf and my clamd.conf to both point to /var/lib/clamav. The definitions downloaded no problem and are in that directory now. I tried testing the wrapper script for it but it is giving me an error as well. [root@mail MailScanner]# /usr/lib/MailScanner/clamav-wrapper /tmp /usr/lib/MailScanner/clamav-wrapper: line 162: /usr/bin/clamscan: No such file or directory however my clamscan is in /usr/local/bin. For some reason it's not looking there properly I guess. I haven't tested the SA stuff yet, as I seem to be held up with my clamav issues. Thanks. -- -=/>Thom From mkercher at nfsmith.com Mon May 7 16:34:32 2007 From: mkercher at nfsmith.com (Mike Kercher) Date: Mon May 7 16:38:12 2007 Subject: New SA and Clam and MS 4.59.4-2 References: <9e1340d20705070833o682a3c08j2feadc9c3d4e2d51@mail.gmail.com> Message-ID: <6DEF8ABC1767C045B91F42066D36358E3AEB@HOUPEX01.nfsmith.info> Thom Paine <> wrote on Monday, May 07, 2007 10:34 AM: : I am trying to update a server to all the latest patches, and I'm : having trouble getting some stuff working. : : I have debug enabled in my mailscanner.conf file and when I try the : clamavmodule I get libclamav warning, virus definitions are older : than 7 days. : I just successfully ran freshclam and I have defined my : freshclam.conf and my clamd.conf to both point to /var/lib/clamav. : The definitions downloaded no problem and are in that directory now. : : I tried testing the wrapper script for it but it is giving me an : error as well. : : [root@mail MailScanner]# /usr/lib/MailScanner/clamav-wrapper /tmp : /usr/lib/MailScanner/clamav-wrapper: line 162: /usr/bin/clamscan: No : such file or directory : : however my clamscan is in /usr/local/bin. For some reason it's not : looking there properly I guess. : : I haven't tested the SA stuff yet, as I seem to be held up with my : clamav issues. : : Thanks. : -- : -=/>Thom Do you have /usr/local/lib in /etc/ld.so.conf ? If not, add it and run ldconfig and try again. -Mike From painethom at gmail.com Mon May 7 16:43:33 2007 From: painethom at gmail.com (Thom Paine) Date: Mon May 7 16:43:36 2007 Subject: New SA and Clam and MS 4.59.4-2 In-Reply-To: <6DEF8ABC1767C045B91F42066D36358E3AEB@HOUPEX01.nfsmith.info> References: <9e1340d20705070833o682a3c08j2feadc9c3d4e2d51@mail.gmail.com> <6DEF8ABC1767C045B91F42066D36358E3AEB@HOUPEX01.nfsmith.info> Message-ID: <9e1340d20705070843h5e1a4b24l4e09b9dd91aca29c@mail.gmail.com> > Do you have /usr/local/lib in /etc/ld.so.conf ? > Yes, it is there. I forgot to say that I have RHEL 3 U8. Thanks. -- -=/>Thom From ssilva at sgvwater.com Mon May 7 16:43:58 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon May 7 16:44:12 2007 Subject: Multi (split) image spam In-Reply-To: References: <727373.44781.qm@web26307.mail.ukl.yahoo.com> Message-ID: Res spake the following on 5/6/2007 3:25 PM: > On Sun, 6 May 2007, Andrew MacLachlan wrote: > >> Some of the spammers are doing resends though to get around greylisting > > This is one of the reasons I consider greylisting useless :) > I've seen this from this part of the world (oceania/asia area) for about > as long as greylisting came about. > > It's the same ol same ol, we do something to stop em, they circumvent > it, we counter it and they will try counter it again, and so on and as > grey listing is the most simplest thing to get around, i've always > regarded it as a joke, and all it does it build up your own outgoing > queues, this might be fine for those who do 1K messages a day but when > you do millions, > thats just not on, anyhow you might as well firewall off your primary MX > making mail fail and force resend via secondary MX's. > > That won't even help, as most of my spam goes straight for the secondaries anyway. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From edwardbruce at sbcglobal.net Mon May 7 16:47:04 2007 From: edwardbruce at sbcglobal.net (Ed Bruce) Date: Mon May 7 16:47:10 2007 Subject: Multi (split) image spam In-Reply-To: References: <694855.76046.qm@web26301.mail.ukl.yahoo.com> Message-ID: <463F49F8.6080304@sbcglobal.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Res wrote: > On Sun, 6 May 2007, Andrew MacLachlan wrote: > >>> and all it does it build up your own outgoing queues >> Not sure how the logic on that one works... > > errr logic? WTF? if the queue cant send it right away it stays in the > queue so lamelisted_mail+current_submissions=building_up_queue > like I said it might be fine if you run a small office 1K emails p/day, > but not when you do millions p/day, however I have tuned sendmail queue > running so that new stuff goes first, I'm not going to allow new stuff > to be delayed in oversized queue runners because some lamers server wont > accept it on first attempt. > > Res I didn't understand what you meant at first. Well I may still not understand, but I'm guessing you are saying that if my MTA is running some sort of gray listing and your MTA attempts a connection it will cause your queues to back up??? I took your original message to mean that if I run gray listing then my queues would back up. That didn't seem to make much sense to me as I wouldn't gray list myself. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGP0n4pdNaP9x3McgRArgZAKCRGB0GISE0JH2n0PF5lKidri3+OQCfXw9y KsDBaz/j6cFRsvK9ABgXEYk= =V5KN -----END PGP SIGNATURE----- From rpoe at plattesheriff.org Mon May 7 16:53:07 2007 From: rpoe at plattesheriff.org (Rob Poe) Date: Mon May 7 16:53:44 2007 Subject: Interesting need Message-ID: <463F0518.65ED.00A2.0@plattesheriff.org> This might not be so much a MailScanner function ... but I have a Linux / Sendmail / MailScanner box set up in front of a corporate mail system. It's doing the domain as relay-domains and mailertable. One of their users wants all of his EXTERNAL incoming mail to go to both HIM and his assistant. I tried with the aliases and virtusertable ... didn't work (just forwarded on to the corp mail system as if nothing was in there). Is this something I can do with a MailScanner rule? From mkettler at evi-inc.com Mon May 7 17:13:28 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon May 7 17:13:47 2007 Subject: SpamAssassin 3.2.0 In-Reply-To: References: <463900B1.8080301@ecs.soton.ac.uk> <463B7C0C.9000004@evi-inc.com> <463BB60B.3060608@evi-inc.com> <463E12CC.7080806@evi-inc.com> Message-ID: <463F5028.9060201@evi-inc.com> Res wrote: > > On Sun, 6 May 2007, Matt Kettler wrote: > >> Yes, it's a genuine bug. > >> I reproduced it at home and produced a patch, which I tried to send >> you a link >> to, but unfortunately you don't seem to accept mail from my home ISP >> (verizon). > > Thanks Matt, I'll have a look later this morning. BTW I wouldn't have got > the mail anyway if you had got in as res@ is a list/newsgroup only > account unless your mail is sorted into a list folder its /dev/null'd > primarily because I've used this a/c on usenet for along time so would > have to be in every spam list, sendmail/MS get rid of 99% of the junk, > my pine filtering rules eliminate the remaining :) > Fair enough.. At home I don't use MailScanner, its a little bit of overkill for a single-user vpopmail setup, so I'm not subscribed to this list there, hence the off-list message. For reference, the bug is this one: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5436 From MailScanner at ecs.soton.ac.uk Mon May 7 17:37:17 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 7 17:37:53 2007 Subject: SpamAssassin 3.2.0 package In-Reply-To: References: <463C6D8E.5040802@ecs.soton.ac.uk> <463C9E7C.7040600@protos.mine.nu> <463CAD50.3050806@ecs.soton.ac.uk> <463CB925.2050609@ecs.soton.ac.uk> Message-ID: <463F55BD.7080209@ecs.soton.ac.uk> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070507/b1c5ec58/PGP.bin From ssilva at sgvwater.com Mon May 7 17:42:44 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon May 7 17:43:01 2007 Subject: SpamAssassin 3.2.0 package In-Reply-To: <463F55BD.7080209@ecs.soton.ac.uk> References: <463C6D8E.5040802@ecs.soton.ac.uk> <463C9E7C.7040600@protos.mine.nu> <463CAD50.3050806@ecs.soton.ac.uk> <463CB925.2050609@ecs.soton.ac.uk> <463F55BD.7080209@ecs.soton.ac.uk> Message-ID: Julian Field spake the following on 5/7/2007 9:37 AM: > > > Scott Silva wrote: >> Julian Field spake the following on 5/5/2007 10:04 AM: >> >>> I have done some basic tests with my SpamAssassin 3.2.0 package and >>> MailScanner 4.59 and it is working fine. >>> >>> I'll do some more tests of it and probably start using it on a >>> production machine tomorrow if I feel so inclined (and there again I >>> might well just put my feet up and watch TV). It's a public holiday >>> this weekend (I think!) so by definition it should rain on Monday at >>> least. :-) >>> >>> Jules. >>> >> Julian, >> I haven't had an opportunity to look at it yet, but are you or did you >> add an >> init script for clamd? I was going to throw one together if it didn't >> have >> one. But if it is already there, I won't bother. >> > No, I haven't done an init script for clamd. It should be easy enough to > knock one up based on the MailScanner ones. The SuSE and RedHat-based > ones need to be different, so if you fancy writing both based on the > MailScanner ones that would be great. > > Attached are the RedHat and SuSE init.d scripts for MailScanner itself > so you can see the differences needed. > > Obviously the clamd ones will be a lot shorter :-) > > Jules > I will get a Redhat script together asap. I will install SUSE in a VM to have something to test on for it. It might be a few days for that one. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Mon May 7 17:40:33 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 7 17:43:12 2007 Subject: New SA and Clam and MS 4.59.4-2 In-Reply-To: <9e1340d20705070833o682a3c08j2feadc9c3d4e2d51@mail.gmail.com> References: <9e1340d20705070833o682a3c08j2feadc9c3d4e2d51@mail.gmail.com> Message-ID: <463F5681.3030301@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thom Paine wrote: > I am trying to update a server to all the latest patches, and I'm > having trouble getting some stuff working. > > I have debug enabled in my mailscanner.conf file and when I try the > clamavmodule I get libclamav warning, virus definitions are older than > 7 days. > I just successfully ran freshclam and I have defined my freshclam.conf > and my clamd.conf to both point to /var/lib/clamav. The definitions > downloaded no problem and are in that directory now. > > I tried testing the wrapper script for it but it is giving me an error > as well. > > [root@mail MailScanner]# /usr/lib/MailScanner/clamav-wrapper /tmp > /usr/lib/MailScanner/clamav-wrapper: line 162: /usr/bin/clamscan: No > such file or directory The first command-line argument to all the -wrapper and -autoupdate scripts is the installation path for that scanner. MailScanner itself reads this from virus.scanners.conf. So if you want to run the wrapper by hand, then you need /usr/lib/MailScanner/clamav-wrapper /usr/local /tmp in order to scan /tmp, with ClamAV installed under /usr/local (which is where my ClamAV+SA package puts it, as that is the default installation location built into the ClamAV source code). Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGP1buEfZZRxQVtlQRArAlAKD8mEIJckSh7dGN09kXjbE+JsRyEACePad5 2xizdcIZAkPTcybj7L3gvCo= =YiUI -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From Richard.Frovarp at sendit.nodak.edu Mon May 7 17:53:15 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Mon May 7 17:53:19 2007 Subject: Multi (split) image spam In-Reply-To: References: <727373.44781.qm@web26307.mail.ukl.yahoo.com> Message-ID: <463F597B.6060608@sendit.nodak.edu> Scott Silva wrote: > Res spake the following on 5/6/2007 3:25 PM: > >> On Sun, 6 May 2007, Andrew MacLachlan wrote: >> >> >>> Some of the spammers are doing resends though to get around greylisting >>> >> This is one of the reasons I consider greylisting useless :) >> I've seen this from this part of the world (oceania/asia area) for about >> as long as greylisting came about. >> >> It's the same ol same ol, we do something to stop em, they circumvent >> it, we counter it and they will try counter it again, and so on and as >> grey listing is the most simplest thing to get around, i've always >> regarded it as a joke, and all it does it build up your own outgoing >> queues, this might be fine for those who do 1K messages a day but when >> you do millions, >> thats just not on, anyhow you might as well firewall off your primary MX >> making mail fail and force resend via secondary MX's. >> >> >> > That won't even help, as most of my spam goes straight for the secondaries anyway. > > Our primary is firewalled off. I have no clue as to how much spam it blocks. However, we have allowed the three large internal networks to go through the firewall. We did this because we were getting too much spam and our incoming queues were building up. People kind of expect that mail from the person sitting next to them to come through pretty quickly, and we were having trouble making that happen. Since our primary only processes mail from the networks my organization is associated with (the state, k12, and higher ed networks in the state), it can fire mail through very quickly. It might not be effective for stopping spam, but it certainly can help with processing delays of local mail. A subsequent upgrade to milter-greylist 3.0 resulted in massive speed improvements on the other machines to pretty much remove the queue build up. From Richard.Frovarp at sendit.nodak.edu Mon May 7 17:56:03 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Mon May 7 17:56:05 2007 Subject: New SA and Clam and MS 4.59.4-2 In-Reply-To: <9e1340d20705070833o682a3c08j2feadc9c3d4e2d51@mail.gmail.com> References: <9e1340d20705070833o682a3c08j2feadc9c3d4e2d51@mail.gmail.com> Message-ID: <463F5A23.7010204@sendit.nodak.edu> Thom Paine wrote: > I am trying to update a server to all the latest patches, and I'm > having trouble getting some stuff working. > > I have debug enabled in my mailscanner.conf file and when I try the > clamavmodule I get libclamav warning, virus definitions are older than > 7 days. > I just successfully ran freshclam and I have defined my freshclam.conf > and my clamd.conf to both point to /var/lib/clamav. The definitions > downloaded no problem and are in that directory now. > > I tried testing the wrapper script for it but it is giving me an error > as well. > > [root@mail MailScanner]# /usr/lib/MailScanner/clamav-wrapper /tmp > /usr/lib/MailScanner/clamav-wrapper: line 162: /usr/bin/clamscan: No > such file or directory > > however my clamscan is in /usr/local/bin. For some reason it's not > looking there properly I guess. > > I haven't tested the SA stuff yet, as I seem to be held up with my > clamav issues. > > Thanks. In MailScanner.conf: Monitors for ClamAV Updates = /usr/local/share/clamav/*.inc/* /usr/local/share/clamav/*.cvd From MailScanner at ecs.soton.ac.uk Mon May 7 18:04:16 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 7 18:07:52 2007 Subject: Interesting need In-Reply-To: <463F0518.65ED.00A2.0@plattesheriff.org> References: <463F0518.65ED.00A2.0@plattesheriff.org> Message-ID: <463F5C10.7080307@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dead easy. Put a ruleset on "Archive Mail =". For example, say "theboss@yourdomain.com" wants all his incoming external mail to go to himself and "assistant@yourdomain.com". In MailScanner.conf, set Archive Mail = %rules-dir%/archive.mail.rules Put the ruleset in /etc/MailScanner/rules/archive.mail.rules. In this file, put: FromOrTo: default To: theboss@yourdomain.com assistant@yourdomain.com Then just force a MailScanner configuration reload with service MailScanner reload Rob Poe wrote: > This might not be so much a MailScanner function ... but > > I have a Linux / Sendmail / MailScanner box set up in front of a corporate mail system. It's doing the domain as relay-domains and mailertable. One of their users wants all of his EXTERNAL incoming mail to go to both HIM and his assistant. > > I tried with the aliases and virtusertable ... didn't work (just forwarded on to the corp mail system as if nothing was in there). > > Is this something I can do with a MailScanner rule? > > > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGP1zKEfZZRxQVtlQRAjv8AJ9aKslrMJC6Od0vG1XaNRmQw1JboACbBZ+Z qWfLcoajUFGC5li684N5+2Q= =cwWu -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Mon May 7 19:17:00 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon May 7 19:17:39 2007 Subject: SpamAssassin 3.2.0 package In-Reply-To: <463F55BD.7080209@ecs.soton.ac.uk> References: <463C6D8E.5040802@ecs.soton.ac.uk> <463C9E7C.7040600@protos.mine.nu> <463CAD50.3050806@ecs.soton.ac.uk> <463CB925.2050609@ecs.soton.ac.uk> <463F55BD.7080209@ecs.soton.ac.uk> Message-ID: Julian Field spake the following on 5/7/2007 9:37 AM: > > > Scott Silva wrote: >> Julian Field spake the following on 5/5/2007 10:04 AM: >> >>> I have done some basic tests with my SpamAssassin 3.2.0 package and >>> MailScanner 4.59 and it is working fine. >>> >>> I'll do some more tests of it and probably start using it on a >>> production machine tomorrow if I feel so inclined (and there again I >>> might well just put my feet up and watch TV). It's a public holiday >>> this weekend (I think!) so by definition it should rain on Monday at >>> least. :-) >>> >>> Jules. >>> >> Julian, >> I haven't had an opportunity to look at it yet, but are you or did you >> add an >> init script for clamd? I was going to throw one together if it didn't >> have >> one. But if it is already there, I won't bother. >> > No, I haven't done an init script for clamd. It should be easy enough to > knock one up based on the MailScanner ones. The SuSE and RedHat-based > ones need to be different, so if you fancy writing both based on the > MailScanner ones that would be great. > > Attached are the RedHat and SuSE init.d scripts for MailScanner itself > so you can see the differences needed. > > Obviously the clamd ones will be a lot shorter :-) > > Jules > In looking at this, there will need to be more than just an init script. There will need to be a clamd.conf file, and probably a logrotate script. I don't know how much extra stuff you want to add, but I'm game if you dont mind the extra fluff. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From rcooper at dwford.com Mon May 7 19:24:08 2007 From: rcooper at dwford.com (Rick Cooper) Date: Mon May 7 19:24:12 2007 Subject: Clamav suggestions In-Reply-To: <223f97700705070743l47a131cayc53ff788c9642f37@mail.gmail.com> References: <20070504123613.hz8h28ltwkcko8o8@luna.eco.unibs.it><463B5E8A.2080400@sendit.nodak.edu><085b01c78f29$f30cc540$0301a8c0@SAHOMELT><463CAF50.8030305@ecs.soton.ac.uk><089801c78f42$78529500$0301a8c0@SAHOMELT> <223f97700705070743l47a131cayc53ff788c9642f37@mail.gmail.com> Message-ID: <0ba101c790d4$e72226b0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Glenn Steen > Sent: Monday, May 07, 2007 10:44 AM > To: MailScanner discussion > Subject: Re: Clamav suggestions > [..] > > Hey Rick, I'm pretty certain Jules isn't needling you about style.... > Rather me and my "p record patches":-):-). Oh well, there is a reason > I don't write "Programmer" on my cards anymore:-) > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- Yeah, actually he is (good naturedly of course). Perl isn't my first choice for languages and most don't have the short circuiting that perl does so I have a tendency to write if (! $blather){ dothis; } Instead of unless $blather do this; A lot of the rewriting I did on the unrar stuff was done so the code flowed better with Julian's style, and since I could fall off the planet tomorrow I think it best to try and code things for his ease of reading not mine. I try and get close and he can change anything he likes from there, it's his program after all. I think I will be pretty close this time around because I am cheating. I decided I would take the core out of the clamavmodule core and wrap the socket programming around that so it's about the same except sending the "$dirname/$childname/$filename" to the clamavmodule instance it's sent to the clam socket, 45/50 lines of code are Julian's own so that should be pretty close to his style ;-) Besides that will allow reusing the clamavmodule parser code to keep the bloat down, if Julian approves, that is. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Mon May 7 19:54:08 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon May 7 19:54:28 2007 Subject: Updates Script to fetch Steve Basford's Phihing Sigs for ClamAV In-Reply-To: <86144ED6CE5B004DA23E1EAC0B569B580CC0B081@isabella.herefordshire.gov.uk> References: <86144ED6CE5B004DA23E1EAC0B569B580CC0B081@isabella.herefordshire.gov.uk> Message-ID: <463F75D0.40007@USherbrooke.ca> Randal, Phil a ?crit : > Folks, > > Steve Basford has a ClamAV phishing database over at > > http://www.sanesecurity.com/clamav/ > > and has recently updated his site to provide a gzipped version of the > file. > > The attached script is a modified version of the one I posted to this > list back in March. This version uses curl to fetch newer versions of > the gzipped database. > > Phil, Your script stopped working during lunchtime and when I got back there was a huge backlog on my servers. I found the following error message in my logs: ClamAV Module ERROR:: Could not load databases from /usr/local/share/clamav Turns out there was an empty definition file in Clam's directory: # cd /usr/local/share/clamav/ # ls -l total 16 drwxr-xr-x 2 clamav clamav 4096 May 7 14:09 daily.inc/ drwxr-xr-x 2 clamav clamav 4096 May 7 13:49 main.inc/ -rw------- 1 clamav clamav 208 May 7 14:09 mirrors.dat -rw-r--r-- 1 clamav clamav 0 May 7 12:25 phish.ndb -rw-r--r-- 1 root root 316 May 7 12:25 phish.ndb.gz I changed your script to get the definitions from a mirror (the recommended way nowadays). Take a look at http://sanesecurity.co.uk/clamav/downloads.htm I decided to use : phish_file=http://mirrors.dotsrc.org/clamav-sanesigs/$phish_gz There are other download scripts on this page: http://sanesecurity.co.uk/clamav/usage.htm Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070507/eb496a07/smime-0001.bin From alex at nkpanama.com Mon May 7 20:01:23 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon May 7 20:02:20 2007 Subject: Interesting need In-Reply-To: <463F5C10.7080307@ecs.soton.ac.uk> References: <463F0518.65ED.00A2.0@plattesheriff.org> <463F5C10.7080307@ecs.soton.ac.uk> Message-ID: <463F7783.7070608@nkpanama.com> Archive mail "forwards" email? I thought it only "archived" it... I would have used an "actions =" statement with "forward blabla@blablah.com" where blablah@blablah.com is an alias for both addresses. Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Dead easy. Put a ruleset on "Archive Mail =". > > For example, say "theboss@yourdomain.com" wants all his incoming > external mail to go to himself and "assistant@yourdomain.com". > > In MailScanner.conf, set > > Archive Mail = %rules-dir%/archive.mail.rules > > Put the ruleset in /etc/MailScanner/rules/archive.mail.rules. In this > file, put: > > FromOrTo: default > To: theboss@yourdomain.com assistant@yourdomain.com > > Then just force a MailScanner configuration reload with > > service MailScanner reload > > > Rob Poe wrote: > >> This might not be so much a MailScanner function ... but >> >> I have a Linux / Sendmail / MailScanner box set up in front of a corporate mail system. It's doing the domain as relay-domains and mailertable. One of their users wants all of his EXTERNAL incoming mail to go to both HIM and his assistant. >> >> I tried with the aliases and virtusertable ... didn't work (just forwarded on to the corp mail system as if nothing was in there). >> >> Is this something I can do with a MailScanner rule? >> >> >> >> >> > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.1 (Build 1012) > Charset: ISO-8859-1 > > wj8DBQFGP1zKEfZZRxQVtlQRAjv8AJ9aKslrMJC6Od0vG1XaNRmQw1JboACbBZ+Z > qWfLcoajUFGC5li684N5+2Q= > =cwWu > -----END PGP SIGNATURE----- > > From jimc at laridian.com Mon May 7 20:25:22 2007 From: jimc at laridian.com (Jim Coates) Date: Mon May 7 20:28:12 2007 Subject: MailScanner failing to deliver In-Reply-To: Message-ID: <00b901c790dd$76066050$6501a8c0@zorak> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Hugo van der Kooij > Sent: Sunday, May 06, 2007 3:05 AM > To: MailScanner discussion > Subject: Re: MailScanner failing to deliver > > > On Sat, 5 May 2007, Jim Coates wrote: > > > My host had to upgrade some things on our server and in the process > > upgraded MailScanner to the latest available from the ports tree > > (FreeBSD). The version is 4.50.15. > > > > Since the upgrade, its been having issues... it seems to > receive email > > (I can tail the maillog and see stuff coming in), but it > only delivers > > inbound and outbound for a short period of time. I then have to > > restart MailScanner, and it will once again deliver for > just a short > > period of time. > > > > When it restarts (and seemingly before it fails too) there > are a group > > of messages that get processed over and over. > > > > Another oddity... when tailing the maillog, I see MailScanner start > > multiple times... IE - it puts up the version info and the > number of > > messages in queue etc... then a few seconds later I see the > same thing > > twice more. > > > > Any ideas? I wasn't having these issues at all with the > older version > > of MailScanner that I was running. > > > > NEW INFORMATION: when I do a "mailscanner --lint" it tells me the > > following: > > > > mail2# mailscanner --lint > > Read 701 hostnames from the phishing whitelist > > Config: calling custom init function MailWatchLogging > > Cannot write pid file , No such file or directory at > > /usr/local/sbin/mailscanner line 1238 > > I suggest you check this out and fix what is required to be fixed. > > > Checking for SpamAssassin errors (if you use it)... > > Using SpamAssassin results cache > > Connected to SpamAssassin cache database > > SpamAssassin reported no errors. > > MailScanner.conf says "Virus Scanners = clamav" > > Found these virus scanners installed: clamavmodule > > mail2# > > > > I also had MailWatch installed, but the host recently > upgraded MySQL > > and it has not worked since then. Not sure what the cause is or if > > its adding to this trouble. I do get a considerable amount of : > > > > May 5 22:56:57 mail2 MailScanner[98183]: Started SQL Logging child > > May 5 22:56:57 mail2 MailScanner[98106]: Started SQL Logging child > > May 5 22:56:58 mail2 MailScanner[58029]: Started SQL Logging child > > May 5 22:57:00 mail2 MailScanner[96343]: Started SQL Logging child > > May 5 22:57:08 mail2 MailScanner[98200]: Started SQL Logging child > > > > Basically I am having to restart it about every 30 minutes > right now, > > so I'd love any help you can give me. > > If MailWatch is not working there is nothing to be lost from > removing the > MailWatch line(s) from your config now. See if it is degrading your > MailScanner functionality. > > Did you go over the changelog to see if things changed from your old > version to your current one? > > Hugo. Turns out it was MailWatch that was hanging up MailScanner. Haven't figured out why, but removing the MailWatchLogging line fixed it for now. Jim From MailScanner at ecs.soton.ac.uk Mon May 7 20:39:33 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 7 20:42:56 2007 Subject: SpamAssassin 3.2.0 package In-Reply-To: References: <463C6D8E.5040802@ecs.soton.ac.uk> <463C9E7C.7040600@protos.mine.nu> <463CAD50.3050806@ecs.soton.ac.uk> <463CB925.2050609@ecs.soton.ac.uk> <463F55BD.7080209@ecs.soton.ac.uk> Message-ID: <463F8075.60900@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > Julian Field spake the following on 5/7/2007 9:37 AM: > >> Scott Silva wrote: >> >>> Julian Field spake the following on 5/5/2007 10:04 AM: >>> >>> >>>> I have done some basic tests with my SpamAssassin 3.2.0 package and >>>> MailScanner 4.59 and it is working fine. >>>> >>>> I'll do some more tests of it and probably start using it on a >>>> production machine tomorrow if I feel so inclined (and there again I >>>> might well just put my feet up and watch TV). It's a public holiday >>>> this weekend (I think!) so by definition it should rain on Monday at >>>> least. :-) >>>> >>>> Jules. >>>> >>>> >>> Julian, >>> I haven't had an opportunity to look at it yet, but are you or did you >>> add an >>> init script for clamd? I was going to throw one together if it didn't >>> have >>> one. But if it is already there, I won't bother. >>> >>> >> No, I haven't done an init script for clamd. It should be easy enough to >> knock one up based on the MailScanner ones. The SuSE and RedHat-based >> ones need to be different, so if you fancy writing both based on the >> MailScanner ones that would be great. >> >> Attached are the RedHat and SuSE init.d scripts for MailScanner itself >> so you can see the differences needed. >> >> Obviously the clamd ones will be a lot shorter :-) >> >> Jules >> >> > In looking at this, there will need to be more than just an init script. There > will need to be a clamd.conf file, and probably a logrotate script. I don't > know how much extra stuff you want to add, but I'm game if you dont mind the > extra fluff. > Is it really true that no-one else has done a decent RPM of clamd yet? I would be surprised if Dag Wieers hasn't done one already, for starters. If there is one, why are we duplicating the effort? Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: UTF-8 wj8DBQFGP4EeEfZZRxQVtlQRAnIPAKCQnsIUEthWQbi2R6bbRiO7Q8DCnQCg6zXv y5RNQN2fTRygk4Xny1Opi64= =gz9L -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Mon May 7 20:46:54 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 7 20:47:47 2007 Subject: Interesting need In-Reply-To: <463F7783.7070608@nkpanama.com> References: <463F0518.65ED.00A2.0@plattesheriff.org> <463F5C10.7080307@ecs.soton.ac.uk> <463F7783.7070608@nkpanama.com> Message-ID: <463F822E.2010108@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Neuman van der Hans wrote: > Archive mail "forwards" email? I thought it only "archived" it... RTFM my friend :-) Best regards, Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGP4I8EfZZRxQVtlQRAukRAJ4/kR547/Yym2whwfTU2xPp4w/AMgCfcwcM LvwmIoikao6OZY+E6MvOp94= =+Jsy -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Mon May 7 20:44:48 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 7 20:48:04 2007 Subject: Clamav suggestions In-Reply-To: <0ba101c790d4$e72226b0$0301a8c0@SAHOMELT> References: <20070504123613.hz8h28ltwkcko8o8@luna.eco.unibs.it><463B5E8A.2080400@sendit.nodak.edu><085b01c78f29$f30cc540$0301a8c0@SAHOMELT><463CAF50.8030305@ecs.soton.ac.uk><089801c78f42$78529500$0301a8c0@SAHOMELT> <223f97700705070743l47a131cayc53ff788c9642f37@mail.gmail.com> <0ba101c790d4$e72226b0$0301a8c0@SAHOMELT> Message-ID: <463F81B0.9010002@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rick Cooper wrote: > > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Glenn Steen >> Sent: Monday, May 07, 2007 10:44 AM >> To: MailScanner discussion >> Subject: Re: Clamav suggestions >> >> > [..] > >> Hey Rick, I'm pretty certain Jules isn't needling you about style.... >> Rather me and my "p record patches":-):-). Oh well, there is a reason >> I don't write "Programmer" on my cards anymore:-) >> >> Cheers >> -- >> -- Glenn >> email: glenn < dot > steen < at > gmail < dot > com >> work: glenn < dot > steen < at > ap1 < dot > se >> -- >> > > Yeah, actually he is (good naturedly of course). Perl isn't my first choice > for languages and most don't have the short circuiting that perl does so I > have a tendency to write > > if (! $blather){ > dothis; > } > > Instead of > unless $blather do this; > Personally I would "dothis unless $blather;". > A lot of the rewriting I did on the unrar stuff was done so the code flowed > better with Julian's style, and since I could fall off the planet tomorrow I > think it best to try and code things for his ease of reading not mine. Personal history has shown that I am considerably more likely to fall off the planet tomorrow than you are. My friends and I have this theory that I'm actually a cat, and therefore have 9 lives. I've used up 6 so far... :-) > I try > and get close and he can change anything he likes from there, it's his > program after all. > > I think I will be pretty close this time around because I am cheating. I > decided I would take the core out of the clamavmodule core and wrap the > socket programming around that so it's about the same except sending the > "$dirname/$childname/$filename" to the clamavmodule instance it's sent to > the clam socket, 45/50 lines of code are Julian's own so that should be > pretty close to his style ;-) Besides that will allow reusing the > clamavmodule parser code to keep the bloat down, if Julian approves, that > is. > Reusing the clamavmodule parser code sounds like a very good idea. Best regards, Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGP4I7EfZZRxQVtlQRAm4vAKDapzek6R32CBMQEzGrD3KepZjgMACeOdsB Vy0f9Ga6unwwkRaYHmTfxtk= =tOQo -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From doc at maddoc.net Mon May 7 20:50:03 2007 From: doc at maddoc.net (Doc Schneider) Date: Mon May 7 20:50:14 2007 Subject: SpamAssassin 3.2.0 package In-Reply-To: <463F8075.60900@ecs.soton.ac.uk> References: <463C6D8E.5040802@ecs.soton.ac.uk> <463C9E7C.7040600@protos.mine.nu> <463CAD50.3050806@ecs.soton.ac.uk> <463CB925.2050609@ecs.soton.ac.uk> <463F55BD.7080209@ecs.soton.ac.uk> <463F8075.60900@ecs.soton.ac.uk> Message-ID: <463F82EB.9080404@maddoc.net> Julian Field wrote: > > > Scott Silva wrote: >> Julian Field spake the following on 5/7/2007 9:37 AM: > >>> Scott Silva wrote: >>> >>>> Julian Field spake the following on 5/5/2007 10:04 AM: >>>> >>>> >>>>> I have done some basic tests with my SpamAssassin 3.2.0 package and >>>>> MailScanner 4.59 and it is working fine. >>>>> >>>>> I'll do some more tests of it and probably start using it on a >>>>> production machine tomorrow if I feel so inclined (and there again I >>>>> might well just put my feet up and watch TV). It's a public holiday >>>>> this weekend (I think!) so by definition it should rain on Monday at >>>>> least. :-) >>>>> >>>>> Jules. >>>>> >>>>> >>>> Julian, >>>> I haven't had an opportunity to look at it yet, but are you or did you >>>> add an >>>> init script for clamd? I was going to throw one together if it didn't >>>> have >>>> one. But if it is already there, I won't bother. >>>> >>>> >>> No, I haven't done an init script for clamd. It should be easy enough to >>> knock one up based on the MailScanner ones. The SuSE and RedHat-based >>> ones need to be different, so if you fancy writing both based on the >>> MailScanner ones that would be great. >>> >>> Attached are the RedHat and SuSE init.d scripts for MailScanner itself >>> so you can see the differences needed. >>> >>> Obviously the clamd ones will be a lot shorter :-) >>> >>> Jules >>> >>> >> In looking at this, there will need to be more than just an init script. There >> will need to be a clamd.conf file, and probably a logrotate script. I don't >> know how much extra stuff you want to add, but I'm game if you dont mind the >> extra fluff. > > Is it really true that no-one else has done a decent RPM of clamd yet? I > would be surprised if Dag Wieers hasn't done one already, for starters. > If there is one, why are we duplicating the effort? > > Jules > Jules, Dag Wieers has a current rpm for clamav-0.90.2 was there less than 24 hours after it was released. -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From ssilva at sgvwater.com Mon May 7 21:02:17 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon May 7 21:07:42 2007 Subject: SpamAssassin 3.2.0 package In-Reply-To: <463F8075.60900@ecs.soton.ac.uk> References: <463C6D8E.5040802@ecs.soton.ac.uk> <463C9E7C.7040600@protos.mine.nu> <463CAD50.3050806@ecs.soton.ac.uk> <463CB925.2050609@ecs.soton.ac.uk> <463F55BD.7080209@ecs.soton.ac.uk> <463F8075.60900@ecs.soton.ac.uk> Message-ID: Julian Field spake the following on 5/7/2007 12:39 PM: > > > Scott Silva wrote: >> Julian Field spake the following on 5/7/2007 9:37 AM: > >>> Scott Silva wrote: >>> >>>> Julian Field spake the following on 5/5/2007 10:04 AM: >>>> >>>> >>>>> I have done some basic tests with my SpamAssassin 3.2.0 package and >>>>> MailScanner 4.59 and it is working fine. >>>>> >>>>> I'll do some more tests of it and probably start using it on a >>>>> production machine tomorrow if I feel so inclined (and there again I >>>>> might well just put my feet up and watch TV). It's a public holiday >>>>> this weekend (I think!) so by definition it should rain on Monday at >>>>> least. :-) >>>>> >>>>> Jules. >>>>> >>>>> >>>> Julian, >>>> I haven't had an opportunity to look at it yet, but are you or did you >>>> add an >>>> init script for clamd? I was going to throw one together if it didn't >>>> have >>>> one. But if it is already there, I won't bother. >>>> >>>> >>> No, I haven't done an init script for clamd. It should be easy enough to >>> knock one up based on the MailScanner ones. The SuSE and RedHat-based >>> ones need to be different, so if you fancy writing both based on the >>> MailScanner ones that would be great. >>> >>> Attached are the RedHat and SuSE init.d scripts for MailScanner itself >>> so you can see the differences needed. >>> >>> Obviously the clamd ones will be a lot shorter :-) >>> >>> Jules >>> >>> >> In looking at this, there will need to be more than just an init script. There >> will need to be a clamd.conf file, and probably a logrotate script. I don't >> know how much extra stuff you want to add, but I'm game if you dont mind the >> extra fluff. > > Is it really true that no-one else has done a decent RPM of clamd yet? I > would be surprised if Dag Wieers hasn't done one already, for starters. > If there is one, why are we duplicating the effort? > > Jules > I was thinking the same thing in the last hour or so. I am leaning to Dag's or Axel's rpm's. I just need to find all the old stuff and delete it so I don't get any duplication or problems later. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon May 7 22:07:40 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon May 7 22:08:09 2007 Subject: SpamAssassin 3.2.0 package In-Reply-To: <463F8075.60900@ecs.soton.ac.uk> References: <463C6D8E.5040802@ecs.soton.ac.uk> <463C9E7C.7040600@protos.mine.nu> <463CAD50.3050806@ecs.soton.ac.uk> <463CB925.2050609@ecs.soton.ac.uk> <463F55BD.7080209@ecs.soton.ac.uk> <463F8075.60900@ecs.soton.ac.uk> Message-ID: Julian Field spake the following on 5/7/2007 12:39 PM: > > > Scott Silva wrote: >> Julian Field spake the following on 5/7/2007 9:37 AM: > >>> Scott Silva wrote: >>> >>>> Julian Field spake the following on 5/5/2007 10:04 AM: >>>> >>>> >>>>> I have done some basic tests with my SpamAssassin 3.2.0 package and >>>>> MailScanner 4.59 and it is working fine. >>>>> >>>>> I'll do some more tests of it and probably start using it on a >>>>> production machine tomorrow if I feel so inclined (and there again I >>>>> might well just put my feet up and watch TV). It's a public holiday >>>>> this weekend (I think!) so by definition it should rain on Monday at >>>>> least. :-) >>>>> >>>>> Jules. >>>>> >>>>> >>>> Julian, >>>> I haven't had an opportunity to look at it yet, but are you or did you >>>> add an >>>> init script for clamd? I was going to throw one together if it didn't >>>> have >>>> one. But if it is already there, I won't bother. >>>> >>>> >>> No, I haven't done an init script for clamd. It should be easy enough to >>> knock one up based on the MailScanner ones. The SuSE and RedHat-based >>> ones need to be different, so if you fancy writing both based on the >>> MailScanner ones that would be great. >>> >>> Attached are the RedHat and SuSE init.d scripts for MailScanner itself >>> so you can see the differences needed. >>> >>> Obviously the clamd ones will be a lot shorter :-) >>> >>> Jules >>> >>> >> In looking at this, there will need to be more than just an init script. There >> will need to be a clamd.conf file, and probably a logrotate script. I don't >> know how much extra stuff you want to add, but I'm game if you dont mind the >> extra fluff. > > Is it really true that no-one else has done a decent RPM of clamd yet? I > would be surprised if Dag Wieers hasn't done one already, for starters. > If there is one, why are we duplicating the effort? > > Jules > I would be happy if I could just get the clamavmodule running on the system that seems hosed. I still haven't seen any kind of code to give me a better idea of where it is bombing. I will try another --debug run later tonite, but can't stop the server until after 17:00 hours local. Clamscan works OK, but when the upgrade first applied, the bad system couldn't even run clamscan. Maybe the module isn't pointing at the correct library? I will do a force install of the clamavmodule before the debug run, although I thought I did already. Never mind now -- force install from cpan would fail tests and not re-install, but compiling from the Mail::Clamav tarball finally kicked the POS into gear. And this is the busier of the 2 servers. The load is already dropping. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From amaclach at yahoo.co.uk Mon May 7 22:09:03 2007 From: amaclach at yahoo.co.uk (Andrew MacLachlan) Date: Mon May 7 22:09:06 2007 Subject: Multi (split) image spam Message-ID: <795384.84076.qm@web26315.mail.ukl.yahoo.com> Thanks Ed - That was my take as well. To be fair, I can see both sides of the argument, however I consider greylisting to still be an essential tool in the fight against spam. As always there are many different implementations and each has it's pros and cons. I have yet to see the perfect greylist implementation, but there has been some good work done by someone in Japan who modified postgrey so that it would only greylist dynamic addresses (determined by regex). Although this is nowhere near perfect it is certainly a step in the right direction (and should keep Res happy as well as his mailservers would be unlikely to be hit.) by adding some intelligence to the default postgrey implementation - which is a fairly blunt -yet effective instrument. No reply earlier to this to avoid a flame war which is never a good look! -Andy ----- Original Message ---- From: Ed Bruce To: MailScanner discussion Sent: Monday, 7 May, 2007 4:47:04 PM Subject: Re: Multi (split) image spam -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Res wrote: > On Sun, 6 May 2007, Andrew MacLachlan wrote: > >>> and all it does it build up your own outgoing queues >> Not sure how the logic on that one works... > > errr logic? WTF? if the queue cant send it right away it stays in the > queue so lamelisted_mail+current_submissions=building_up_queue > like I said it might be fine if you run a small office 1K emails p/day, > but not when you do millions p/day, however I have tuned sendmail queue > running so that new stuff goes first, I'm not going to allow new stuff > to be delayed in oversized queue runners because some lamers server wont > accept it on first attempt. > > Res I didn't understand what you meant at first. Well I may still not understand, but I'm guessing you are saying that if my MTA is running some sort of gray listing and your MTA attempts a connection it will cause your queues to back up??? I took your original message to mean that if I run gray listing then my queues would back up. That didn't seem to make much sense to me as I wouldn't gray list myself. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGP0n4pdNaP9x3McgRArgZAKCRGB0GISE0JH2n0PF5lKidri3+OQCfXw9y KsDBaz/j6cFRsvK9ABgXEYk= =V5KN -----END PGP SIGNATURE----- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From amaclach at yahoo.co.uk Mon May 7 22:14:26 2007 From: amaclach at yahoo.co.uk (Andrew MacLachlan) Date: Mon May 7 22:14:28 2007 Subject: Interesting need Message-ID: <589025.24756.qm@web26311.mail.ukl.yahoo.com> Or if you use Exchange internally - setup a rule, that way you can also forward all internal messages. (no anti exchange rants please - It's paid many of my bills...) ----- Original Message ---- From: Julian Field To: MailScanner discussion Sent: Monday, 7 May, 2007 8:46:54 PM Subject: Re: Interesting need -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Neuman van der Hans wrote: > Archive mail "forwards" email? I thought it only "archived" it... RTFM my friend :-) Best regards, Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGP4I8EfZZRxQVtlQRAukRAJ4/kR547/Yym2whwfTU2xPp4w/AMgCfcwcM LvwmIoikao6OZY+E6MvOp94= =+Jsy -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From amaclach at yahoo.co.uk Mon May 7 22:21:36 2007 From: amaclach at yahoo.co.uk (Andrew MacLachlan) Date: Mon May 7 22:21:38 2007 Subject: SpamAssassin 3.2.0 package Message-ID: <106296.50838.qm@web26314.mail.ukl.yahoo.com> Dag has one and it works just fine. ----- Original Message ---- From: Julian Field To: MailScanner discussion Sent: Monday, 7 May, 2007 8:39:33 PM Subject: Re: SpamAssassin 3.2.0 package -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > Julian Field spake the following on 5/7/2007 9:37 AM: > >> Scott Silva wrote: >> >>> Julian Field spake the following on 5/5/2007 10:04 AM: >>> >>> >>>> I have done some basic tests with my SpamAssassin 3.2.0 package and >>>> MailScanner 4.59 and it is working fine. >>>> >>>> I'll do some more tests of it and probably start using it on a >>>> production machine tomorrow if I feel so inclined (and there again I >>>> might well just put my feet up and watch TV). It's a public holiday >>>> this weekend (I think!) so by definition it should rain on Monday at >>>> least. :-) >>>> >>>> Jules. >>>> >>>> >>> Julian, >>> I haven't had an opportunity to look at it yet, but are you or did you >>> add an >>> init script for clamd? I was going to throw one together if it didn't >>> have >>> one. But if it is already there, I won't bother. >>> >>> >> No, I haven't done an init script for clamd. It should be easy enough to >> knock one up based on the MailScanner ones. The SuSE and RedHat-based >> ones need to be different, so if you fancy writing both based on the >> MailScanner ones that would be great. >> >> Attached are the RedHat and SuSE init.d scripts for MailScanner itself >> so you can see the differences needed. >> >> Obviously the clamd ones will be a lot shorter :-) >> >> Jules >> >> > In looking at this, there will need to be more than just an init script. There > will need to be a clamd.conf file, and probably a logrotate script. I don't > know how much extra stuff you want to add, but I'm game if you dont mind the > extra fluff. > Is it really true that no-one else has done a decent RPM of clamd yet? I would be surprised if Dag Wieers hasn't done one already, for starters. If there is one, why are we duplicating the effort? Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: UTF-8 wj8DBQFGP4EeEfZZRxQVtlQRAnIPAKCQnsIUEthWQbi2R6bbRiO7Q8DCnQCg6zXv y5RNQN2fTRygk4Xny1Opi64= =gz9L -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon May 7 22:21:36 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 7 22:22:44 2007 Subject: SpamAssassin 3.2.0 package In-Reply-To: <463F82EB.9080404@maddoc.net> References: <463C6D8E.5040802@ecs.soton.ac.uk> <463C9E7C.7040600@protos.mine.nu> <463CAD50.3050806@ecs.soton.ac.uk> <463CB925.2050609@ecs.soton.ac.uk> <463F55BD.7080209@ecs.soton.ac.uk> <463F8075.60900@ecs.soton.ac.uk> <463F82EB.9080404@maddoc.net> Message-ID: <463F9860.1060003@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Doc Schneider wrote: > Julian Field wrote: > >> Scott Silva wrote: >> >>> Julian Field spake the following on 5/7/2007 9:37 AM: >>> >>>> Scott Silva wrote: >>>> >>>> >>>>> Julian Field spake the following on 5/5/2007 10:04 AM: >>>>> >>>>> >>>>> >>>>>> I have done some basic tests with my SpamAssassin 3.2.0 package and >>>>>> MailScanner 4.59 and it is working fine. >>>>>> >>>>>> I'll do some more tests of it and probably start using it on a >>>>>> production machine tomorrow if I feel so inclined (and there again I >>>>>> might well just put my feet up and watch TV). It's a public holiday >>>>>> this weekend (I think!) so by definition it should rain on Monday at >>>>>> least. :-) >>>>>> >>>>>> Jules. >>>>>> >>>>>> >>>>>> >>>>> Julian, >>>>> I haven't had an opportunity to look at it yet, but are you or did you >>>>> add an >>>>> init script for clamd? I was going to throw one together if it didn't >>>>> have >>>>> one. But if it is already there, I won't bother. >>>>> >>>>> >>>>> >>>> No, I haven't done an init script for clamd. It should be easy enough to >>>> knock one up based on the MailScanner ones. The SuSE and RedHat-based >>>> ones need to be different, so if you fancy writing both based on the >>>> MailScanner ones that would be great. >>>> >>>> Attached are the RedHat and SuSE init.d scripts for MailScanner itself >>>> so you can see the differences needed. >>>> >>>> Obviously the clamd ones will be a lot shorter :-) >>>> >>>> Jules >>>> >>>> >>>> >>> In looking at this, there will need to be more than just an init script. There >>> will need to be a clamd.conf file, and probably a logrotate script. I don't >>> know how much extra stuff you want to add, but I'm game if you dont mind the >>> extra fluff. >>> >> Is it really true that no-one else has done a decent RPM of clamd yet? I >> would be surprised if Dag Wieers hasn't done one already, for starters. >> If there is one, why are we duplicating the effort? >> >> Jules >> >> > > Jules, > > Dag Wieers has a current rpm for clamav-0.90.2 was there less than 24 > hours after it was released. > > I have just added considerably to the Clam+SA install.sh script. It now asks you whether you want it to install ClamAV or not. If it doesn't install it for you, it asks you where ClamAV is installed. It has sensible defaults set, so you can just do what it suggests. I'll give it another test in the morning to check it all works (getting late now) and will post it on the website if it all goes okay. Then you can still use my package to install the ClamAV perl module and SpamAssassin without necessarily having to install another copy of ClamAV that you didn't want, if you want to use an RPM of it. That way no-one has to duplicate any effort writing yet another RPM of ClamAV. :-) Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGP5iHEfZZRxQVtlQRAsHrAKCftgE9qQRNdsr1zV4vQkO1EmJtGwCgsh0e sqTKuI8ts170Dv+LZi7/3eQ= =GKJC -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From glenn.steen at gmail.com Mon May 7 22:42:40 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon May 7 22:42:43 2007 Subject: Interesting need In-Reply-To: <463F822E.2010108@ecs.soton.ac.uk> References: <463F0518.65ED.00A2.0@plattesheriff.org> <463F5C10.7080307@ecs.soton.ac.uk> <463F7783.7070608@nkpanama.com> <463F822E.2010108@ecs.soton.ac.uk> Message-ID: <223f97700705071442w106785bu1a9a50405476f9cb@mail.gmail.com> On 07/05/07, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Alex Neuman van der Hans wrote: > > Archive mail "forwards" email? I thought it only "archived" it... > RTFM my friend :-) Yes I did, and I have a question...Wouldn't using Archive Mail forwarding include all the spam etc? Call me crazy (who knows, I might be:-) but in that sense I'd go for Alex suggestion...;) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mkettler at evi-inc.com Mon May 7 22:59:44 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon May 7 22:59:55 2007 Subject: SA 3.2.0 Woes In-Reply-To: <20070507125947.05ede1ea@uxbod.splatnix.net> References: <20070507125947.05ede1ea@uxbod.splatnix.net> Message-ID: <463FA150.5070909@evi-inc.com> --[ UxBoD ]-- wrote: > Hi, > > Not sure whether this is a issue or not, but since upgrading SA and > MailScanner I never seem to get any hits via RBLs. I am using MailWatch > and that just says "SpamAssassin Listed in RBL". Bayes never seems to > trigger aswell now. > > Have others experienced anything like this ? I've not tried 3.2.0 with MailScanner. However, this sounds like it might be a purely spamassassin issue. You might want to try running the following basic debugging steps: First, run "spamassassin --lint", and make sure it's got nothing to complain about in your config files. It should just exit quietly. I strongly recommend doing this first, as the version with debug below often spits out so much text it becomes easy to miss the important warning messages. Second, run "spamassassin --lint -D" and take a look if SA thinks network tests are enabled. It might be that your version of Net::DNS isn't new enough for 3.2's needs, and thus this feature is disabled. Ditto bayes and your version of DB_File and/or DBI. As a further check of bayes, try a "sa-learn --dump magic" and see if sa can make sense of the bayes DB at all. From ssilva at sgvwater.com Mon May 7 23:21:33 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon May 7 23:25:12 2007 Subject: SpamAssassin 3.2.0 package In-Reply-To: <463CB925.2050609@ecs.soton.ac.uk> References: <463C6D8E.5040802@ecs.soton.ac.uk> <463C9E7C.7040600@protos.mine.nu> <463CAD50.3050806@ecs.soton.ac.uk> <463CB925.2050609@ecs.soton.ac.uk> Message-ID: Julian Field spake the following on 5/5/2007 10:04 AM: > I have done some basic tests with my SpamAssassin 3.2.0 package and > MailScanner 4.59 and it is working fine. > > I'll do some more tests of it and probably start using it on a > production machine tomorrow if I feel so inclined (and there again I > might well just put my feet up and watch TV). It's a public holiday this > weekend (I think!) so by definition it should rain on Monday at least. :-) > > Jules. I hope you voted for putting your feet up and watching the TV!! ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon May 7 23:30:52 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon May 7 23:31:11 2007 Subject: Multi (split) image spam In-Reply-To: <795384.84076.qm@web26315.mail.ukl.yahoo.com> References: <795384.84076.qm@web26315.mail.ukl.yahoo.com> Message-ID: Andrew MacLachlan spake the following on 5/7/2007 2:09 PM: > Thanks Ed - That was my take as well. > To be fair, I can see both sides of the argument, however I consider greylisting to still be an essential tool in the fight against spam. As always there are many different implementations and each has it's pros and cons. > I have yet to see the perfect greylist implementation, but there has been some good work done by someone in Japan who modified postgrey so that it would only greylist dynamic addresses (determined by regex). Although this is nowhere near perfect it is certainly a step in the right direction (and should keep Res happy as well as his mailservers would be unlikely to be hit.) by adding some intelligence to the default postgrey implementation - which is a fairly blunt -yet effective instrument. > > No reply earlier to this to avoid a flame war which is never a good look! If you just reject mail from dynamic ip's unless it is authenticated roaming users, you will be better off. I still think that if you need a mail server, you need a static address or a smarthost that is on one. There is no good reason (IMHO) besides the costs to try and serve mail from a dynamic IP, unless your ISP will not sell or rent you a static address. When we upgraded from a SDSL circuit to a T1, we went from a /24 block to to a /19 block at each site. I didn't ask for the 64 addresses, they just didn't want to split the block any smaller. And they gave me the reverse mappings also, so I can't complain. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From gmane at tippingmar.com Mon May 7 23:34:48 2007 From: gmane at tippingmar.com (Mark Nienberg) Date: Mon May 7 23:35:11 2007 Subject: writing to /var/spool/MailScanner/incoming Message-ID: I have /var/spool/MailScanner/incoming mounted as tmpfs. I have a mail related script (duplicate msg remover) that could benefit from writing to tmpfs instead of physical disk. Is it OK for my script to use some space in MailScanner/incoming or does MailScanner only expect to see it's own stuff in there? Thanks, Mark From ssilva at sgvwater.com Mon May 7 23:36:56 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon May 7 23:40:17 2007 Subject: SA 3.2.0 Woes In-Reply-To: <463FA150.5070909@evi-inc.com> References: <20070507125947.05ede1ea@uxbod.splatnix.net> <463FA150.5070909@evi-inc.com> Message-ID: Matt Kettler spake the following on 5/7/2007 2:59 PM: > --[ UxBoD ]-- wrote: >> Hi, >> >> Not sure whether this is a issue or not, but since upgrading SA and >> MailScanner I never seem to get any hits via RBLs. I am using MailWatch >> and that just says "SpamAssassin Listed in RBL". Bayes never seems to >> trigger aswell now. >> >> Have others experienced anything like this ? > > I've not tried 3.2.0 with MailScanner. However, this sounds like it might be a > purely spamassassin issue. > > You might want to try running the following basic debugging steps: > > First, run "spamassassin --lint", and make sure it's got nothing to complain > about in your config files. It should just exit quietly. I strongly recommend > doing this first, as the version with debug below often spits out so much text > it becomes easy to miss the important warning messages. > > Second, run "spamassassin --lint -D" and take a look if SA thinks network tests > are enabled. It might be that your version of Net::DNS isn't new enough for > 3.2's needs, and thus this feature is disabled. Ditto bayes and your version of > DB_File and/or DBI. Does 3.2.0 do network tests in a lint? Because 3.1.8 didn't unless you piped a message through it. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon May 7 23:40:14 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon May 7 23:45:07 2007 Subject: Interesting need In-Reply-To: <223f97700705071442w106785bu1a9a50405476f9cb@mail.gmail.com> References: <463F0518.65ED.00A2.0@plattesheriff.org> <463F5C10.7080307@ecs.soton.ac.uk> <463F7783.7070608@nkpanama.com> <463F822E.2010108@ecs.soton.ac.uk> <223f97700705071442w106785bu1a9a50405476f9cb@mail.gmail.com> Message-ID: Glenn Steen spake the following on 5/7/2007 2:42 PM: > On 07/05/07, Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Alex Neuman van der Hans wrote: >> > Archive mail "forwards" email? I thought it only "archived" it... >> RTFM my friend :-) > > Yes I did, and I have a question...Wouldn't using Archive Mail > forwarding include all the spam etc? Call me crazy (who knows, I might > be:-) but in that sense I'd go for Alex suggestion...;) > > Cheers I think the archive mail option would be for those organizations that are required to keep "everything" that crosses their gateway. So unless you can stop it at the MTA, you would have to keep it. I would rather use a forward at the non-spam actions also if it were up to me, and I had no legal requirement to keep everything. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon May 7 23:43:37 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon May 7 23:50:04 2007 Subject: Interesting need In-Reply-To: <589025.24756.qm@web26311.mail.ukl.yahoo.com> References: <589025.24756.qm@web26311.mail.ukl.yahoo.com> Message-ID: Andrew MacLachlan spake the following on 5/7/2007 2:14 PM: > Or if you use Exchange internally - setup a rule, that way you can also forward all internal messages. (no anti exchange rants please - It's paid many of my bills...) > No anti-exchange rants here, you administer what the check signers want to run. I am fending off a possible move to Exchange or Notes. I am hoping that they will wince at the costs. They pay me anyway, and I have told them that they would need to add a warm body for either option. I don't have any time left in the day. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mkettler at evi-inc.com Mon May 7 23:58:57 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue May 8 00:18:19 2007 Subject: SA 3.2.0 Woes In-Reply-To: References: <20070507125947.05ede1ea@uxbod.splatnix.net> <463FA150.5070909@evi-inc.com> Message-ID: <463FAF31.7060800@evi-inc.com> Scott Silva wrote: > Matt Kettler spake the following on 5/7/2007 2:59 PM: >> --[ UxBoD ]-- wrote: >>> Hi, >>> >>> Not sure whether this is a issue or not, but since upgrading SA and >>> MailScanner I never seem to get any hits via RBLs. I am using MailWatch >>> and that just says "SpamAssassin Listed in RBL". Bayes never seems to >>> trigger aswell now. >>> >>> Have others experienced anything like this ? >> I've not tried 3.2.0 with MailScanner. However, this sounds like it might be a >> purely spamassassin issue. >> >> You might want to try running the following basic debugging steps: >> >> First, run "spamassassin --lint", and make sure it's got nothing to complain >> about in your config files. It should just exit quietly. I strongly recommend >> doing this first, as the version with debug below often spits out so much text >> it becomes easy to miss the important warning messages. >> >> Second, run "spamassassin --lint -D" and take a look if SA thinks network tests >> are enabled. It might be that your version of Net::DNS isn't new enough for >> 3.2's needs, and thus this feature is disabled. Ditto bayes and your version of >> DB_File and/or DBI. > > Does 3.2.0 do network tests in a lint? Because 3.1.8 didn't unless you piped a > message through it. > Gah! you're right, forgot about that. You'd have to do a "spamassassin -D < sample-spam.txt >/dev/null" From ssilva at sgvwater.com Tue May 8 00:18:43 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue May 8 00:18:54 2007 Subject: writing to /var/spool/MailScanner/incoming In-Reply-To: References: Message-ID: Mark Nienberg spake the following on 5/7/2007 3:34 PM: > I have /var/spool/MailScanner/incoming mounted as tmpfs. > > I have a mail related script (duplicate msg remover) that could benefit > from writing to tmpfs instead of physical disk. Is it OK for my script > to use some space in MailScanner/incoming or does MailScanner only > expect to see it's own stuff in there? > > Thanks, > Mark > You could have another mountpoint to tmpfs if you want. They would be separate filesystems to the OS, but would still only use the same total amount of ram. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From res at ausics.net Tue May 8 00:36:15 2007 From: res at ausics.net (Res) Date: Tue May 8 00:36:26 2007 Subject: Multi (split) image spam In-Reply-To: <463F49F8.6080304@sbcglobal.net> References: <694855.76046.qm@web26301.mail.ukl.yahoo.com> <463F49F8.6080304@sbcglobal.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 7 May 2007, Ed Bruce wrote: >> errr logic? WTF? if the queue cant send it right away it stays in the >> queue so lamelisted_mail+current_submissions=building_up_queue >> like I said it might be fine if you run a small office 1K emails p/day, >> but not when you do millions p/day, however I have tuned sendmail queue >> running so that new stuff goes first, I'm not going to allow new stuff >> to be delayed in oversized queue runners because some lamers server wont >> accept it on first attempt. >> >> > > Res I didn't understand what you meant at first. Well I may still not > understand, but I'm guessing you are saying that if my MTA is running > some sort of gray listing and your MTA attempts a connection it will > cause your queues to back up??? Correct, this affects the sending MTA, not the recipient server. > I took your original message to mean that if I run gray listing then my > queues would back up. That didn't seem to make much sense to me as I > wouldn't gray list myself. LOL no it wouldnt :) - -- Cheers Res Vote for your favourite MTA at http://polls.ausics.net/v3.php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD4DBQFGP7fxsWhAmSIQh7MRAv85AJdZBssbVh0cfXdri+cUzCpPcQO7AJ47E5mQ xo21w0V79ggqYrCTM2AO8g== =56s9 -----END PGP SIGNATURE----- From res at ausics.net Tue May 8 00:40:11 2007 From: res at ausics.net (Res) Date: Tue May 8 00:40:19 2007 Subject: SpamAssassin 3.2.0 In-Reply-To: <463F5028.9060201@evi-inc.com> References: <463900B1.8080301@ecs.soton.ac.uk> <463B7C0C.9000004@evi-inc.com> <463BB60B.3060608@evi-inc.com> <463E12CC.7080806@evi-inc.com> <463F5028.9060201@evi-inc.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 7 May 2007, Matt Kettler wrote: Thanks Matt. > For reference, the bug is this one: > > http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5436 - -- Cheers Res Vote for your favourite MTA at http://polls.ausics.net/v3.php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGP7jdsWhAmSIQh7MRAh8cAJ4o9u7LI6VJuKQazRYZ5lF34AhqwgCfUs1f dvD/trShOTp0NycaYOg6M3Q= =pynS -----END PGP SIGNATURE----- From res at ausics.net Tue May 8 00:52:30 2007 From: res at ausics.net (Res) Date: Tue May 8 00:52:40 2007 Subject: Interesting need In-Reply-To: References: <463F0518.65ED.00A2.0@plattesheriff.org> <463F5C10.7080307@ecs.soton.ac.uk> <463F7783.7070608@nkpanama.com> <463F822E.2010108@ecs.soton.ac.uk> <223f97700705071442w106785bu1a9a50405476f9cb@mail.gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 7 May 2007, Scott Silva wrote: > I think the archive mail option would be for those organizations that are > required to keep "everything" that crosses their gateway. So unless you can Not to mention for obtaining copies of mail sent from/to a norti user that the feds have an interest in :) and with the forwarding ability they get it all in real time. - -- Cheers Res Vote for your favourite MTA at http://polls.ausics.net/v3.php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGP7vAsWhAmSIQh7MRAqlgAJ9cq6M330IfKjOSgA4+B1DC0kfmigCfYTnO 1i7vLA+s2UB08lqxcOVQICQ= =hOg0 -----END PGP SIGNATURE----- From amaclach at yahoo.co.uk Tue May 8 00:58:41 2007 From: amaclach at yahoo.co.uk (Andrew MacLachlan) Date: Tue May 8 00:58:44 2007 Subject: Multi (split) image spam Message-ID: <38033.93041.qm@web26312.mail.ukl.yahoo.com> It is true that there is no good reason to use dynamic addresses (for obvious reasons), however some ISPs refuse to update the reverse mappings so that even though an address is static, it still appears to be dynamic because of the netblock and reverse mapping. While it could be argued that smarthosts are the correct way for small businesses to send mail, depending on the provider these can be worse than dynamic for RBLs etc! ----- Original Message ---- From: Scott Silva To: mailscanner@lists.mailscanner.info Sent: Monday, 7 May, 2007 11:30:52 PM Subject: Re: Multi (split) image spam Andrew MacLachlan spake the following on 5/7/2007 2:09 PM: > Thanks Ed - That was my take as well. > To be fair, I can see both sides of the argument, however I consider greylisting to still be an essential tool in the fight against spam. As always there are many different implementations and each has it's pros and cons. > I have yet to see the perfect greylist implementation, but there has been some good work done by someone in Japan who modified postgrey so that it would only greylist dynamic addresses (determined by regex). Although this is nowhere near perfect it is certainly a step in the right direction (and should keep Res happy as well as his mailservers would be unlikely to be hit.) by adding some intelligence to the default postgrey implementation - which is a fairly blunt -yet effective instrument. > > No reply earlier to this to avoid a flame war which is never a good look! If you just reject mail from dynamic ip's unless it is authenticated roaming users, you will be better off. I still think that if you need a mail server, you need a static address or a smarthost that is on one. There is no good reason (IMHO) besides the costs to try and serve mail from a dynamic IP, unless your ISP will not sell or rent you a static address. When we upgraded from a SDSL circuit to a T1, we went from a /24 block to to a /19 block at each site. I didn't ask for the 64 addresses, they just didn't want to split the block any smaller. And they gave me the reverse mappings also, so I can't complain. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From info at ittsl.com Tue May 8 05:03:31 2007 From: info at ittsl.com (=?ISO-8859-1?Q?ittsl01=20?=) Date: Tue May 8 01:03:40 2007 Subject: Automated Reply from ittsl01 Message-ID: <200705080403.l4843VtQ016175@server30055.uk2net.com> ITTSL is out of the office until 14th May on Business in Europe. If you require urgent assistance, please a problem ticket at http://www.ittsl.net and we will respond to as soon as possible. Many Thanks. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From amaclach at yahoo.co.uk Tue May 8 01:04:25 2007 From: amaclach at yahoo.co.uk (Andrew MacLachlan) Date: Tue May 8 01:04:27 2007 Subject: Interesting need Message-ID: <65028.16389.qm@web26307.mail.ukl.yahoo.com> lol - Exchange isn't too bad to run, but it needs a specialist - not just someone to do a next, next, next install and hope it's still working in a year. Maybe Zimbra? ----- Original Message ---- From: Scott Silva To: mailscanner@lists.mailscanner.info Sent: Monday, 7 May, 2007 11:43:37 PM Subject: Re: Interesting need Andrew MacLachlan spake the following on 5/7/2007 2:14 PM: > Or if you use Exchange internally - setup a rule, that way you can also forward all internal messages. (no anti exchange rants please - It's paid many of my bills...) > No anti-exchange rants here, you administer what the check signers want to run. I am fending off a possible move to Exchange or Notes. I am hoping that they will wince at the costs. They pay me anyway, and I have told them that they would need to add a warm body for either option. I don't have any time left in the day. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From alden at engineno9inc.com Tue May 8 01:11:09 2007 From: alden at engineno9inc.com (Alden Levy) Date: Tue May 8 01:11:19 2007 Subject: SMPID vs. INPID Message-ID: <005b01c79105$617db200$5e01a8c0@AldenLap> I'm still scratching my head over this one. Would someone with a Redhat install please post the relevant lines of their MailScanner_app_init, so I can compare it to mine? >Basically, when I start MS, all works well, but when I check status, I get >an error ># service MailScanner status >Checking MailScanner daemons: > MailScanner: [ OK ] > incoming sendmail: [ FAIL ] > outgoing sendmail: [ OK ] > >However, it works fine as it is. In order to get rid of the fail, though, >I've been updating sendmail.in.pid with the proper pid, and everything >works. > >I finally had a few minutes to track down the issue, and it seems that >something (I did something??) confused SMPID and INPID in >MailScanner_app_init. > >The relevant code is: >In StartInSendmail: > elif [ $MTA = 'sendmail' ]; then > /usr/bin/newaliases > /dev/null 2>&1 > if test -x /usr/bin/make -a -f /etc/mail/Makefile ; then > make -C /etc/mail -s > else > for i in virtusertable access domaintable mailertable ; do > if [ -f /etc/mail/$i ] ; then > makemap hash /etc/mail/$i < /etc/mail/$i > fi > done > fi > $SENDMAIL -bd -OPrivacyOptions=noetrn \ > -ODeliveryMode=queueonly \ > -OQueueDirectory=$INQDIR \ > -OPidFile=$INPID > touch /var/run/sm-client.pid > chown $MSPUSER:$MSPGROUP /var/run/sm-client.pid 2>/dev/null > $SENDMAIL -L sm-msp-queue -Ac -q15m -OPidFile=$SMPID 2>/dev/null > success > echo > >And in status: > status) > # Work out if all of MailScanner is running > echo 'Checking MailScanner daemons:' > echo -n ' MailScanner: ' > pid=`pidofproc MailScanner` > if [ -z "$pid" ] ; then failure; else success; fi > echo > if [ $MTA = "sendmail" ]; then > # Now the incoming sendmail > echo -n ' incoming sendmail: ' > pid=`head -1 $INPID` > alive=`ps ax | awk '{ print $1 }' | grep '^'$pid'$'` > #pid=`ps ax | egrep '\[sendmail\]|sendmai[l]: accepting >connections'` > if [ -z "$alive" ] ; then failure; else success; fi > echo > Thanks, Alden Alden Levy Engine No. 9, Inc. 130 W. 57th Street, Suite 2F New York, NY 10019 (212) 981-1122 (212) 504-9598 fax From mkettler at evi-inc.com Tue May 8 01:25:26 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue May 8 01:25:37 2007 Subject: Automated Reply from ittsl01 In-Reply-To: <200705080403.l4843VtQ016175@server30055.uk2net.com> References: <200705080403.l4843VtQ016175@server30055.uk2net.com> Message-ID: <463FC376.6020103@evi-inc.com> ittsl01 wrote: > ITTSL is out of the office until 14th May on Business in Europe. If you require urgent assistance, please a problem ticket at http://www.ittsl.net and we will respond to as soon as possible. Many Thanks. Hmm, should we ALL go and open tickets? :) From tenderby at mailwash.com.au Tue May 8 05:39:52 2007 From: tenderby at mailwash.com.au (Tony Enderby) Date: Tue May 8 05:40:26 2007 Subject: FuzzyOCR SA 3.20 Message-ID: <200705080440.l484eA1u014384@mail.mailwash.com.au> Hi All, Just wondering if anyone knows of a workaround for the FuzzyOCR prob with the latest version of SpamAssassin. Post upgrade I tried the test emails that ship with the latest FuzzyOCR distribution and am not getting any output in the returned spam report. Thanks in advance. Tony. ----------------------------------------------------------------------------------- Scanned by MailWash Australia - http://www.mailwash.com.au ----------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070508/ee7f7d6b/attachment.html From r.berber at computer.org Tue May 8 05:58:23 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Tue May 8 05:56:31 2007 Subject: FuzzyOCR SA 3.20 In-Reply-To: <200705080440.l484eA1u014384@mail.mailwash.com.au> References: <200705080440.l484eA1u014384@mail.mailwash.com.au> Message-ID: Tony Enderby wrote: > Just wondering if anyone knows of a workaround for the FuzzyOCR prob > with the latest version of SpamAssassin. > > Post upgrade I tried the test emails that ship with the latest FuzzyOCR > distribution and am not getting any output in the returned spam report. You mean no details in the report? That can be fixed by changing line 932 of FuzzyOcr.pm (version 3.5.1) : - $pms->_handle_hit( "FUZZY_OCR", $score, "BODY: ", + $pms->_handle_hit( "FUZZY_OCR", $score, "BODY: ", "rawbody", There are other problems brought by changes in SA, like formatting of the report being lost (since 3.1.8, thanks to Util::wrap()), and when the image is known to be spam there is no detail in the report. -- Ren? Berber From tenderby at mailwash.com.au Tue May 8 06:34:57 2007 From: tenderby at mailwash.com.au (Tony Enderby) Date: Tue May 8 06:35:33 2007 Subject: FuzzyOCR SA 3.20 In-Reply-To: Message-ID: <200705080535.l485ZFDe019297@mail.mailwash.com.au> Many thanks, working a treat again. Tony. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ren? Berber Sent: Tuesday, May 08, 2007 2:58 PM To: mailscanner@lists.mailscanner.info Subject: Re: FuzzyOCR SA 3.20 Tony Enderby wrote: > Just wondering if anyone knows of a workaround for the FuzzyOCR prob > with the latest version of SpamAssassin. > > Post upgrade I tried the test emails that ship with the latest FuzzyOCR > distribution and am not getting any output in the returned spam report. You mean no details in the report? That can be fixed by changing line 932 of FuzzyOcr.pm (version 3.5.1) : - $pms->_handle_hit( "FUZZY_OCR", $score, "BODY: ", + $pms->_handle_hit( "FUZZY_OCR", $score, "BODY: ", "rawbody", There are other problems brought by changes in SA, like formatting of the report being lost (since 3.1.8, thanks to Util::wrap()), and when the image is known to be spam there is no detail in the report. -- Ren? Berber -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ---------------------------------------------------------------------------- ------- Scanned by MailWash Australia - http://www.mailwash.com.au ---------------------------------------------------------------------------- ------- ----------------------------------------------------------------------------------- Scanned by MailWash Australia - http://www.mailwash.com.au ----------------------------------------------------------------------------------- From alvaro at hostalia.com Tue May 8 09:04:35 2007 From: alvaro at hostalia.com (=?ISO-8859-15?Q?Alvaro_Mar=EDn?=) Date: Tue May 8 09:04:40 2007 Subject: Error with SA 3.2.0 Message-ID: <46402F13.5090602@hostalia.com> Hello, I've upgraded SA to 3.2.0 version and MailScanner doesn't check/deliver messages. Running in debug mode, I get: ... [31624] dbg: config: score set 3 chosen. [31624] dbg: message: main message type: text/plain [31624] dbg: message: ---- MIME PARSER START ---- [31624] dbg: message: parsing normal part [31624] dbg: message: ---- MIME PARSER END ---- check: no loaded plugin implements 'check_main': cannot scan! at /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/PerMsgStatus.pm line 164. Failed. Any idea about this? If I downgrade to SA 3.1.8 all runs fine Thanks! Regards, -- Alvaro Mar?n Illera Hostalia Internet www.hostalia.com From drew at technologytiger.net Tue May 8 09:10:10 2007 From: drew at technologytiger.net (Drew Marshall) Date: Tue May 8 09:10:16 2007 Subject: Automated Reply from ittsl01 In-Reply-To: <463FC376.6020103@evi-inc.com> References: <200705080403.l4843VtQ016175@server30055.uk2net.com> <463FC376.6020103@evi-inc.com> Message-ID: On 8 May 2007, at 01:25, Matt Kettler wrote: > ittsl01 wrote: >> ITTSL is out of the office until 14th May on Business in Europe. >> If you require urgent assistance, please a problem ticket at >> http://www.ittsl.net and we will respond to as soon as possible. >> Many Thanks. > > Hmm, should we ALL go and open tickets? :) It IS tempting... Dear problem dept How do I set my out of office up? Regards ... :-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by the Technology Tiger MailScanner. Further information can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From glenn.steen at gmail.com Tue May 8 09:27:08 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 8 09:27:13 2007 Subject: SpamAssassin 3.2.0 package In-Reply-To: References: <463C6D8E.5040802@ecs.soton.ac.uk> <463C9E7C.7040600@protos.mine.nu> <463CAD50.3050806@ecs.soton.ac.uk> <463CB925.2050609@ecs.soton.ac.uk> Message-ID: <223f97700705080127t2b5436e9m8fd50d8bbf481eb4@mail.gmail.com> On 08/05/07, Scott Silva wrote: > Julian Field spake the following on 5/5/2007 10:04 AM: > > I have done some basic tests with my SpamAssassin 3.2.0 package and > > MailScanner 4.59 and it is working fine. > > > > I'll do some more tests of it and probably start using it on a > > production machine tomorrow if I feel so inclined (and there again I > > might well just put my feet up and watch TV). It's a public holiday this > > weekend (I think!) so by definition it should rain on Monday at least. :-) > > > > Jules. > I hope you voted for putting your feet up and watching the TV!! ;-P You are not alone in hoping that Scott! It's not that we want you to be bored Jules, nor that we don't appreciate the effort you make... We kind of want you to stick around for the long run, more than giving the immediate fix... Essentially see us as your virtual mother hens;-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From list-mailscanner at linguaphone.com Tue May 8 09:32:51 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue May 8 09:33:22 2007 Subject: Multi (split) image spam In-Reply-To: <38033.93041.qm@web26312.mail.ukl.yahoo.com> References: <38033.93041.qm@web26312.mail.ukl.yahoo.com> Message-ID: <1178613171.30898.3.camel@gblades-suse.linguaphone-intranet.co.uk> Does anyone have an example of one of these spams? I was thinking it should be possible to write a rule to detect these as there is no real reason why two images should be directly next to each other. From glenn.steen at gmail.com Tue May 8 09:47:02 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 8 09:47:06 2007 Subject: Multi (split) image spam In-Reply-To: <1178613171.30898.3.camel@gblades-suse.linguaphone-intranet.co.uk> References: <38033.93041.qm@web26312.mail.ukl.yahoo.com> <1178613171.30898.3.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <223f97700705080147s448b9553p856f0f02984d1584@mail.gmail.com> On 08/05/07, Gareth wrote: > Does anyone have an example of one of these spams? > > I was thinking it should be possible to write a rule to detect these as > there is no real reason why two images should be directly next to each > other. ... Apart from (decidedly crappy, but still) tabulated "layouting" in HTML mails? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From jim.barber at ddihealth.com Tue May 8 09:51:54 2007 From: jim.barber at ddihealth.com (Jim Barber) Date: Tue May 8 09:52:29 2007 Subject: Multi (split) image spam In-Reply-To: <1178613171.30898.3.camel@gblades-suse.linguaphone-intranet.co.uk> References: <38033.93041.qm@web26312.mail.ukl.yahoo.com> <1178613171.30898.3.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <46403A2A.5010407@ddihealth.com> I don't know if it's possible or not, but perhaps these images could be stitched together into one large image before they are presented to FuzzyOCR. That would probably take a bit of work as you'd need to know from the layout how to stitch the images together (side-by-side? top-to-bottom? 2x2, etc). But once stitched and passed to FuzzyOCR it should then be able to extract complete words from the final image. ---------- Jim Barber DDI Health Gareth wrote: > Does anyone have an example of one of these spams? > > I was thinking it should be possible to write a rule to detect these as > there is no real reason why two images should be directly next to each > other. > From alvaro at hostalia.com Tue May 8 09:53:57 2007 From: alvaro at hostalia.com (=?ISO-8859-15?Q?Alvaro_Mar=EDn?=) Date: Tue May 8 09:54:02 2007 Subject: Error with SA 3.2.0 In-Reply-To: <46402F13.5090602@hostalia.com> References: <46402F13.5090602@hostalia.com> Message-ID: <46403AA5.10709@hostalia.com> Hello again, > check: no loaded plugin implements 'check_main': cannot scan! at > /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/PerMsgStatus.pm line 164. > Failed. Copying v320.pre to /usr/share/spamassassin solves the problem but I've changed SpamAssassin Local Rules Dir and know runs fine. Regards, -- Alvaro Mar?n Illera Hostalia Internet www.hostalia.com From martinh at solidstatelogic.com Tue May 8 09:54:52 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue May 8 09:54:54 2007 Subject: Interesting need In-Reply-To: <463F0518.65ED.00A2.0@plattesheriff.org> Message-ID: Rob As others have said, surely this is down to the 'corporate email server' to handle? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rob Poe > Sent: 07 May 2007 16:53 > To: MailScanner discussion > Subject: Interesting need > > This might not be so much a MailScanner function ... but > > I have a Linux / Sendmail / MailScanner box set up in front of a corporate > mail system. It's doing the domain as relay-domains and mailertable. One > of their users wants all of his EXTERNAL incoming mail to go to both HIM > and his assistant. > > I tried with the aliases and virtusertable ... didn't work (just forwarded > on to the corp mail system as if nothing was in there). > > Is this something I can do with a MailScanner rule? > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Tue May 8 11:15:06 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 8 11:16:44 2007 Subject: writing to /var/spool/MailScanner/incoming In-Reply-To: References: Message-ID: <46404DAA.9040900@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Why not just do another tmpfs mount somewhere else as well? It's quite reasonable in most circumstances to mount /tmp on tmpfs and then use a subdirectory of that. Mark Nienberg wrote: > I have /var/spool/MailScanner/incoming mounted as tmpfs. > > I have a mail related script (duplicate msg remover) that could > benefit from writing to tmpfs instead of physical disk. Is it OK for > my script to use some space in MailScanner/incoming or does > MailScanner only expect to see it's own stuff in there? > > Thanks, > Mark > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGQE3oEfZZRxQVtlQRAiRGAJ0dNjZyHdVEk98CQpBc6ttdXgui8wCfX3L8 8JEO9/ba0pBGIpFZ3BnUzG8= =+inB -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From hvdkooij at vanderkooij.org Tue May 8 13:19:08 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue May 8 13:19:39 2007 Subject: Error with SA 3.2.0 In-Reply-To: <46402F13.5090602@hostalia.com> References: <46402F13.5090602@hostalia.com> Message-ID: On Tue, 8 May 2007, Alvaro Mar?n wrote: > I've upgraded SA to 3.2.0 version and MailScanner doesn't check/deliver > messages. Running in debug mode, I get: > > ... > [31624] dbg: config: score set 3 chosen. > [31624] dbg: message: main message type: text/plain > [31624] dbg: message: ---- MIME PARSER START ---- > [31624] dbg: message: parsing normal part > [31624] dbg: message: ---- MIME PARSER END ---- > check: no loaded plugin implements 'check_main': cannot scan! at > /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/PerMsgStatus.pm line 164. > Failed. > > Any idea about this? If I downgrade to SA 3.1.8 all runs fine I just did an update and noticed it did not work well. I then did run the -lint option through MailWatch. It showed 75 lines with scores no longer in use. Once I got rid of those I just needed to restart the proper service to get it all going. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From hvdkooij at vanderkooij.org Tue May 8 13:20:53 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue May 8 13:21:24 2007 Subject: SpamAssassin 3.2.0 package In-Reply-To: <223f97700705080127t2b5436e9m8fd50d8bbf481eb4@mail.gmail.com> References: <463C6D8E.5040802@ecs.soton.ac.uk> <463C9E7C.7040600@protos.mine.nu> <463CAD50.3050806@ecs.soton.ac.uk> <463CB925.2050609@ecs.soton.ac.uk> <223f97700705080127t2b5436e9m8fd50d8bbf481eb4@mail.gmail.com> Message-ID: On Tue, 8 May 2007, Glenn Steen wrote: > It's not that we want you to be bored Jules, nor that we don't > appreciate the effort you make... We kind of want you to stick around > for the long run, more than giving the immediate fix... Essentially > see us as your virtual mother hens;-) Somehow I have a problem picturing Jules as a chick ;-) Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.) From MailScanner at ecs.soton.ac.uk Tue May 8 13:34:11 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 8 13:34:59 2007 Subject: SpamAssassin 3.2.0 package In-Reply-To: References: <463C6D8E.5040802@ecs.soton.ac.uk> <463C9E7C.7040600@protos.mine.nu> <463CAD50.3050806@ecs.soton.ac.uk> <463CB925.2050609@ecs.soton.ac.uk> <223f97700705080127t2b5436e9m8fd50d8bbf481eb4@mail.gmail.com> Message-ID: <46406E43.6040609@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hugo van der Kooij wrote: > On Tue, 8 May 2007, Glenn Steen wrote: > >> It's not that we want you to be bored Jules, nor that we don't >> appreciate the effort you make... We kind of want you to stick around >> for the long run, more than giving the immediate fix... Essentially >> see us as your virtual mother hens;-) > > Somehow I have a problem picturing Jules as a chick ;-) Quack? Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) Charset: ISO-8859-1 wj8DBQFGQG5HEfZZRxQVtlQRApQqAKCs2RXY9MsliQFjSZnuUookEUq/fQCgh+wb szANL0FvwkGpcRuehWPwWos= =U17m -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From glenn.steen at gmail.com Tue May 8 13:48:47 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 8 13:48:51 2007 Subject: SpamAssassin 3.2.0 package In-Reply-To: References: <463C6D8E.5040802@ecs.soton.ac.uk> <463C9E7C.7040600@protos.mine.nu> <463CAD50.3050806@ecs.soton.ac.uk> <463CB925.2050609@ecs.soton.ac.uk> <223f97700705080127t2b5436e9m8fd50d8bbf481eb4@mail.gmail.com> Message-ID: <223f97700705080548w5738443fx175119f359a8766e@mail.gmail.com> On 08/05/07, Hugo van der Kooij wrote: > On Tue, 8 May 2007, Glenn Steen wrote: > > > It's not that we want you to be bored Jules, nor that we don't > > appreciate the effort you make... We kind of want you to stick around > > for the long run, more than giving the immediate fix... Essentially > > see us as your virtual mother hens;-) > > Somehow I have a problem picturing Jules as a chick ;-) > But not us others, Eh...? ... :-D Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue May 8 13:53:43 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue May 8 13:53:47 2007 Subject: SpamAssassin 3.2.0 package In-Reply-To: <46406E43.6040609@ecs.soton.ac.uk> References: <463C6D8E.5040802@ecs.soton.ac.uk> <463C9E7C.7040600@protos.mine.nu> <463CAD50.3050806@ecs.soton.ac.uk> <463CB925.2050609@ecs.soton.ac.uk> <223f97700705080127t2b5436e9m8fd50d8bbf481eb4@mail.gmail.com> <46406E43.6040609@ecs.soton.ac.uk> Message-ID: <223f97700705080553q79f19096v7b0f704032014b6f@mail.gmail.com> On 08/05/07, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Hugo van der Kooij wrote: > > On Tue, 8 May 2007, Glenn Steen wrote: > > > >> It's not that we want you to be bored Jules, nor that we don't > >> appreciate the effort you make... We kind of want you to stick around > >> for the long run, more than giving the immediate fix... Essentially > >> see us as your virtual mother hens;-) > > > > Somehow I have a problem picturing Jules as a chick ;-) > Quack? Straight from chick to duck....I'm not sure exactly how to treat that typing ailment... Perhaps you've overindulged in infomercials, perhaps an overdose of West Wing... Best take to more and call us in the morning...:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From root at doctor.nl2k.ab.ca Tue May 8 14:44:37 2007 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Tue May 8 14:51:21 2007 Subject: New 550s getting automagically placed into access file Message-ID: <20070508134436.GB29293@doctor.nl2k.ab.ca> I know there are 3 new packages out for MailScanner, spamd and clamd however I cannot determine with is adding to the /etc/mail/access file 550 We do not accept junk mail . I need to turn of this feature as it block transmission from secondary to primary. Also I am running Botnet 0.7 . -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From paul.hutchings at mira.co.uk Tue May 8 15:05:25 2007 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Tue May 8 15:05:32 2007 Subject: Permissions to use Clamd with Postfix? Message-ID: As subject really, I'm a little confused. I'm running MailScanner with Postfix and would like to be able to use ClamD simply as I presume it's going to be faster than Clamscan. My "run as" user/group is Postfix. The permissions on /var/incoming/mail are postfix.postfix. What do I need to do to make MailScanner work with Clamd as at the moment when I try it I simply get an "/var/spool/MailScanner/incoming/14276/.: lstat() failed. ERROR" or similar. TIA, Paul Paul Hutchings Network Administrator, MIRA Ltd. Tel: 44 (0)24 7635 5378 Fax: 44 (0)24 7635 8378 mailto:paul.hutchings@mira.co.uk -- MIRA Ltd. Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070508/cc997d31/attachment.html From uxbod at splatnix.net Tue May 8 15:10:39 2007 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue May 8 15:10:45 2007 Subject: Permissions to use Clamd with Postfix? In-Reply-To: References: Message-ID: <71fd9958f73f0cdb9bc160af3e176412@62.49.223.244> Personally I added clamav to the postfix group. and also set the following in MailScanner.conf :- Incoming Work User = clamav Incoming Work Permissions = 0660 Seems to be running okay. On Tue, 8 May 2007 15:05:25 +0100, "Paul Hutchings" wrote: > As subject really, I'm a little confused. I'm running MailScanner with > Postfix and would like to be able to use ClamD simply as I presume it's > going to be faster than Clamscan. > > > > My "run as" user/group is Postfix. The permissions on > /var/incoming/mail are postfix.postfix. > > > > What do I need to do to make MailScanner work with Clamd as at the > moment when I try it I simply get an > "/var/spool/MailScanner/incoming/14276/.: lstat() failed. ERROR" or > similar. > > > > TIA, > > Paul > > > > Paul Hutchings > > Network Administrator, MIRA Ltd. > > Tel: 44 (0)24 7635 5378 > > Fax: 44 (0)24 7635 8378 > > mailto:paul.hutchings@mira.co.uk > > > > > -- > MIRA Ltd. > > Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. > > Registered in England No. 402570 > VAT Registration GB 114 5409 96 > > The contents of this e-mail are confidential and are solely for the use of > the intended recipient. > If you receive this e-mail in error, please delete it and notify us either > by e-mail, telephone or fax. > You should not copy, forward or otherwise disclose the content of the > e-mail as this is prohibited. > > > > -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 // Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8 // Phone: +44 (0) 845 869 2749 SIP: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From daniel.maher at ubisoft.com Tue May 8 15:14:30 2007 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Tue May 8 15:14:33 2007 Subject: Permissions to use Clamd with Postfix? In-Reply-To: Message-ID: <1E293D3FF63A3740B10AD5AAD88535D204DC3453@UBIMAIL1.ubisoft.org> ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Hutchings Sent: May 8, 2007 10:05 AM To: MailScanner discussion Subject: Permissions to use Clamd with Postfix? As subject really, I'm a little confused.? I'm running MailScanner with Postfix and would like to be able to use ClamD simply as I presume it's going to be faster than Clamscan. My "run as" user/group is Postfix.? The permissions on /var/incoming/mail are postfix.postfix. What do I need to do to make MailScanner work with Clamd as at the moment when I try it I simply get an "/var/spool/MailScanner/incoming/14276/.: lstat() failed. ERROR" or similar. Clamd is likely running as user "clamav", which doesn't have read permissions for the incoming directory. ________________________________________ The solution is twofold: 1. Change your "run as" options to use to "postfix.clamav" 2. Change the ownership of incoming to postfix.clamav, and give it group read perms I had to setgid the incoming directory in order to make sure that the runtime dirs under incoming actually had their ownership set properly, but ymmv. Cheers! -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator "How can a man choose between Fresh and Fly? And believe me, there IS a difference." - Crack Stuntman, 2007. From Richard.Frovarp at sendit.nodak.edu Tue May 8 15:21:40 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Tue May 8 15:21:44 2007 Subject: writing to /var/spool/MailScanner/incoming In-Reply-To: References: Message-ID: <46408774.1060606@sendit.nodak.edu> Mark Nienberg wrote: > I have /var/spool/MailScanner/incoming mounted as tmpfs. > > I have a mail related script (duplicate msg remover) that could > benefit from writing to tmpfs instead of physical disk. Is it OK for > my script to use some space in MailScanner/incoming or does > MailScanner only expect to see it's own stuff in there? > > Thanks, > Mark > Isn't this really dangerous? If you lose power or reboot the machine without an empty incoming queue, you will lose messages. To reboot you would have to stop the incoming mail process, let MailScanner clean out the queue, then reboot. Or am I missing something that would prevent you from losing messages? From ugob at lubik.ca Tue May 8 15:35:24 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Tue May 8 15:36:01 2007 Subject: New 550s getting automagically placed into access file In-Reply-To: <20070508134436.GB29293@doctor.nl2k.ab.ca> References: <20070508134436.GB29293@doctor.nl2k.ab.ca> Message-ID: Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > I know there are 3 new packages out for MailScanner, spamd and clamd > however I cannot determine with is adding to the /etc/mail/access file > 550 We do not accept junk mail . > > I need to turn of this feature as it block transmission from secondary to primary. > > Also I am running Botnet 0.7 . > This is probably more a third-party program: Vispan. From lists at jfworks.net Tue May 8 15:41:48 2007 From: lists at jfworks.net (James) Date: Tue May 8 15:41:54 2007 Subject: New 550s getting automagically placed into access file In-Reply-To: <20070508134436.GB29293@doctor.nl2k.ab.ca> References: <20070508134436.GB29293@doctor.nl2k.ab.ca> Message-ID: <46408C2C.8070608@jfworks.net> Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > I know there are 3 new packages out for MailScanner, spamd and clamd > however I cannot determine with is adding to the /etc/mail/access file > 550 We do not accept junk mail . > > I need to turn of this feature as it block transmission from secondary to primary. > > Also I am running Botnet 0.7 . > > As far as I know MailScanner doesn't write to the access file or at least has never in my case. From ugob at lubik.ca Tue May 8 15:43:12 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Tue May 8 15:43:50 2007 Subject: writing to /var/spool/MailScanner/incoming In-Reply-To: <46408774.1060606@sendit.nodak.edu> References: <46408774.1060606@sendit.nodak.edu> Message-ID: Richard Frovarp wrote: > > Isn't this really dangerous? If you lose power or reboot the machine > without an empty incoming queue, you will lose messages. To reboot you > would have to stop the incoming mail process, let MailScanner clean out > the queue, then reboot. Or am I missing something that would prevent you > from losing messages? Messages stays in the MTA inbound queue until processed. They are copied to /var/spool/MailScanner/incoming, processed and it is copied to the outbound MTA queue once processed. Once copied in the outbount queue, it is deleted from the inbound queue. I think this is in the MAQ... ugo From Richard.Frovarp at sendit.nodak.edu Tue May 8 15:51:04 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Tue May 8 15:51:07 2007 Subject: writing to /var/spool/MailScanner/incoming In-Reply-To: References: <46408774.1060606@sendit.nodak.edu> Message-ID: <46408E58.2000800@sendit.nodak.edu> Ugo Bellavance wrote: > Richard Frovarp wrote: >> >> Isn't this really dangerous? If you lose power or reboot the machine >> without an empty incoming queue, you will lose messages. To reboot >> you would have to stop the incoming mail process, let MailScanner >> clean out the queue, then reboot. Or am I missing something that >> would prevent you from losing messages? > > Messages stays in the MTA inbound queue until processed. They are > copied to /var/spool/MailScanner/incoming, processed and it is copied > to the outbound MTA queue once processed. Once copied in the outbount > queue, it is deleted from the inbound queue. > > I think this is in the MAQ... > > ugo > Right and if /var/spool/MailScanner/incoming is in tempfs, the only place it exists is in RAM. The state of RAM goes away during reboot or power loss. Hence it is really dangerous to have incoming in tempfs. If that queue isn't empty when the state is lost, messages will be lost. From mkercher at nfsmith.com Tue May 8 15:52:01 2007 From: mkercher at nfsmith.com (Mike Kercher) Date: Tue May 8 15:55:44 2007 Subject: writing to /var/spool/MailScanner/incoming References: <46408774.1060606@sendit.nodak.edu> <46408E58.2000800@sendit.nodak.edu> Message-ID: <6DEF8ABC1767C045B91F42066D36358E3AF6@HOUPEX01.nfsmith.info> Richard Frovarp <> wrote on Tuesday, May 08, 2007 9:51 AM: : Ugo Bellavance wrote: :: Richard Frovarp wrote: ::: ::: Isn't this really dangerous? If you lose power or reboot the machine ::: without an empty incoming queue, you will lose messages. To reboot ::: you would have to stop the incoming mail process, let MailScanner ::: clean out the queue, then reboot. Or am I missing something that ::: would prevent you from losing messages? :: :: Messages stays in the MTA inbound queue until processed. They are :: copied to /var/spool/MailScanner/incoming, processed and it is copied :: to the outbound MTA queue once processed. Once copied in the :: outbount queue, it is deleted from the inbound queue. :: :: I think this is in the MAQ... :: :: ugo :: : Right and if /var/spool/MailScanner/incoming is in tempfs, the only : place it exists is in RAM. The state of RAM goes away during reboot : or power loss. Hence it is really dangerous to have incoming in : tempfs. If that queue isn't empty when the state is lost, messages : will be lost. I think he's talking about /var/spool/mqueue.in -Mike From paul.hutchings at mira.co.uk Tue May 8 16:00:46 2007 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Tue May 8 16:00:54 2007 Subject: Permissions to use Clamd with Postfix? References: <1E293D3FF63A3740B10AD5AAD88535D204DC3453@UBIMAIL1.ubisoft.org> Message-ID: Ok so two answers two methods. Who's right? :-) Paul Hutchings Network Administrator, MIRA Ltd. Tel: 44 (0)24 7635 5378 Fax: 44 (0)24 7635 8378 mailto:paul.hutchings@mira.co.uk -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Daniel Maher Sent: 08 May 2007 15:15 To: MailScanner discussion Subject: RE: Permissions to use Clamd with Postfix? ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Hutchings Sent: May 8, 2007 10:05 AM To: MailScanner discussion Subject: Permissions to use Clamd with Postfix? As subject really, I'm a little confused.? I'm running MailScanner with Postfix and would like to be able to use ClamD simply as I presume it's going to be faster than Clamscan. My "run as" user/group is Postfix.? The permissions on /var/incoming/mail are postfix.postfix. What do I need to do to make MailScanner work with Clamd as at the moment when I try it I simply get an "/var/spool/MailScanner/incoming/14276/.: lstat() failed. ERROR" or similar. Clamd is likely running as user "clamav", which doesn't have read permissions for the incoming directory. ________________________________________ The solution is twofold: 1. Change your "run as" options to use to "postfix.clamav" 2. Change the ownership of incoming to postfix.clamav, and give it group read perms I had to setgid the incoming directory in order to make sure that the runtime dirs under incoming actually had their ownership set properly, but ymmv. Cheers! -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator "How can a man choose between Fresh and Fly? And believe me, there IS a difference." - Crack Stuntman, 2007. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MIRA Ltd. Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From rcooper at dwford.com Tue May 8 16:01:16 2007 From: rcooper at dwford.com (Rick Cooper) Date: Tue May 8 16:01:21 2007 Subject: writing to /var/spool/MailScanner/incoming In-Reply-To: <46408E58.2000800@sendit.nodak.edu> References: <46408774.1060606@sendit.nodak.edu> <46408E58.2000800@sendit.nodak.edu> Message-ID: <0ced01c79181$babd3800$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Richard Frovarp > Sent: Tuesday, May 08, 2007 10:51 AM > To: MailScanner discussion > Subject: Re: writing to /var/spool/MailScanner/incoming > > Ugo Bellavance wrote: > > Richard Frovarp wrote: > >> > >> Isn't this really dangerous? If you lose power or reboot > the machine > >> without an empty incoming queue, you will lose messages. To reboot > >> you would have to stop the incoming mail process, let MailScanner > >> clean out the queue, then reboot. Or am I missing something that > >> would prevent you from losing messages? > > > > Messages stays in the MTA inbound queue until processed. They are > > copied to /var/spool/MailScanner/incoming, processed and it > is copied > > to the outbound MTA queue once processed. Once copied in > the outbount > > queue, it is deleted from the inbound queue. > > > > I think this is in the MAQ... > > > > ugo > > > Right and if /var/spool/MailScanner/incoming is in tempfs, the only > place it exists is in RAM. The state of RAM goes away during > reboot or > power loss. Hence it is really dangerous to have incoming in > tempfs. If > that queue isn't empty when the state is lost, messages will be lost. > -- Only half correct. The MailScanner queue is lost but the MTA queue is still intact. When MailScanner restarts it will process all the MTA's queue again so everything lost in the MailScanner working dir is rebuilt anyway. Nothing in the MTA queue is touched until it's in the MTA outbound queue. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From daniel.maher at ubisoft.com Tue May 8 16:06:26 2007 From: daniel.maher at ubisoft.com (Daniel Maher) Date: Tue May 8 16:06:28 2007 Subject: Permissions to use Clamd with Postfix? In-Reply-To: Message-ID: <1E293D3FF63A3740B10AD5AAD88535D204DC3577@UBIMAIL1.ubisoft.org> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Paul Hutchings > Sent: May 8, 2007 11:01 AM > To: MailScanner discussion > Subject: RE: Permissions to use Clamd with Postfix? > > Ok so two answers two methods. Who's right? :-) Thanks to the swiss-army-knife style of Linux, we're both correct. There are likely even other options. :P -- _ ?v? Daniel Maher /(_)\ Administrateur Syst?me Unix ^ ^ Unix System Administrator "How can a man choose between Fresh and Fly? And believe me, there IS a difference." - Crack Stuntman, 2007. From Richard.Frovarp at sendit.nodak.edu Tue May 8 16:06:54 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Tue May 8 16:06:57 2007 Subject: writing to /var/spool/MailScanner/incoming In-Reply-To: <6DEF8ABC1767C045B91F42066D36358E3AF6@HOUPEX01.nfsmith.info> References: <46408774.1060606@sendit.nodak.edu> <46408E58.2000800@sendit.nodak.edu> <6DEF8ABC1767C045B91F42066D36358E3AF6@HOUPEX01.nfsmith.info> Message-ID: <4640920E.5080801@sendit.nodak.edu> Mike Kercher wrote: > Richard Frovarp <> wrote on Tuesday, May 08, 2007 9:51 AM: > > : Ugo Bellavance wrote: > :: Richard Frovarp wrote: > ::: > ::: Isn't this really dangerous? If you lose power or reboot the machine > ::: without an empty incoming queue, you will lose messages. To reboot > ::: you would have to stop the incoming mail process, let MailScanner > ::: clean out the queue, then reboot. Or am I missing something that > ::: would prevent you from losing messages? > :: > :: Messages stays in the MTA inbound queue until processed. They are > :: copied to /var/spool/MailScanner/incoming, processed and it is copied > :: to the outbound MTA queue once processed. Once copied in the > :: outbount queue, it is deleted from the inbound queue. > :: > :: I think this is in the MAQ... > :: > :: ugo > :: > : Right and if /var/spool/MailScanner/incoming is in tempfs, the only > : place it exists is in RAM. The state of RAM goes away during reboot > : or power loss. Hence it is really dangerous to have incoming in > : tempfs. If that queue isn't empty when the state is lost, messages > : will be lost. > > I think he's talking about /var/spool/mqueue.in > > -Mike > Yeah, that's what I was thinking of. Sorry. More sleep would be good. Richard From root at doctor.nl2k.ab.ca Tue May 8 16:00:22 2007 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Tue May 8 16:07:13 2007 Subject: [root@doctor.nl2k.ab.ca: New 550s getting automagically placed into access file] Message-ID: <20070508150022.GA20343@doctor.nl2k.ab.ca> I have to resend this as I found in my logs the mailscanner.info mailserver got listed as below. ----- Forwarded message from "Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem" ----- Date: Tue, 8 May 2007 07:44:36 -0600 From: "Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem" To: mailscanner@lists.mailscanner.info Subject: New 550s getting automagically placed into access file User-Agent: Mutt/1.5.12-2006-07-14 I know there are 3 new packages out for MailScanner, spamd and clamd however I cannot determine with is adding to the /etc/mail/access file 550 We do not accept junk mail . I need to turn of this feature as it block transmission from secondary to primary. Also I am running Botnet 0.7 . ----- End forwarded message ----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solidstatelogic.com Tue May 8 16:27:29 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue May 8 16:27:43 2007 Subject: [root@doctor.nl2k.ab.ca: New 550s getting automagically placed into access file] In-Reply-To: <20070508150022.GA20343@doctor.nl2k.ab.ca> Message-ID: Dave There's a CustomFunction called IPBlock that will update this list based on number of messages received from an ip-address..... Normally it's attached to "Always Looked Up Last" in the following manner inside MailScanner.conf.. Always Looked Up Last = &IPBlock -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Dave Shariff Yadallee - > System Administrator a.k.a. The Root of the Problem > Sent: 08 May 2007 16:00 > To: mailscanner@lists.mailscanner.info > Subject: [root@doctor.nl2k.ab.ca: New 550s getting automagically placed > into access file] > > I have to resend this as I found in my logs the mailscanner.info > mailserver > got listed as below. > > ----- Forwarded message from "Dave Shariff Yadallee - System > Administrator a.k.a. The Root of the Problem"