From nwp at nz.lemon-computing.com Mon Oct 1 02:31:59 2007 From: nwp at nz.lemon-computing.com (Nick Phillips) Date: Mon Oct 1 02:30:45 2007 Subject: GPL v3 In-Reply-To: <46FAD045.3080705@ecs.soton.ac.uk> References: <46FAD045.3080705@ecs.soton.ac.uk> Message-ID: <4190A7A3-566A-47B8-B8E9-B2DDF925D4FC@nz.lemon-computing.com> On 27/09/2007, at 9:33 AM, Julian Field wrote: > I'm sure there are several of you who understand the new GPL v3 > better than I do. > What would be the consequences of me moving MailScanner to the GPL v3? > > Are there any other licences that might be a better choice than any > of the GPLs? (Please state your standpoint if answering any of this > lot!). Inclined to think that the status quo is best, until demonstrated otherwise. GPLv3 is supposed to be introducing some anti-software-patent bits, which might be useful, but IIRC it also has a chunk about making you provide source even if you wouldn't be distributing code e.g. for people like web app providers. How's things in Sunny Southampton? Cheers, Nick From nwp at nz.lemon-computing.com Mon Oct 1 02:40:12 2007 From: nwp at nz.lemon-computing.com (Nick Phillips) Date: Mon Oct 1 02:38:55 2007 Subject: GPL v3 In-Reply-To: <4190A7A3-566A-47B8-B8E9-B2DDF925D4FC@nz.lemon-computing.com> References: <46FAD045.3080705@ecs.soton.ac.uk> <4190A7A3-566A-47B8-B8E9-B2DDF925D4FC@nz.lemon-computing.com> Message-ID: <6D2C4308-52CE-4213-A543-9DBA6BA6B0F8@nz.lemon-computing.com> On 1/10/2007, at 1:31 PM, Nick Phillips wrote: > On 27/09/2007, at 9:33 AM, Julian Field wrote: > >> I'm sure there are several of you who understand the new GPL v3 >> better than I do. >> What would be the consequences of me moving MailScanner to the GPL >> v3? >> >> Are there any other licences that might be a better choice than >> any of the GPLs? (Please state your standpoint if answering any of >> this lot!). > > Inclined to think that the status quo is best, until demonstrated > otherwise. > > GPLv3 is supposed to be introducing some anti-software-patent bits, > which might be useful, but IIRC it also has a chunk about making > you provide source even if you wouldn't be distributing code e.g. > for people like web app providers. > > > How's things in Sunny Southampton? Interesting. I could swear that when I've tried to post stuff from this address in the past, it's been rejected for being a non- subscriber. Has the list config changed or do I need to upgrade my memory? And btw, for anyone who hadn't worked it out, that was intended as a private reply :-/ Cheers, Nick From tobias.axelsson at vxu.se Mon Oct 1 09:11:41 2007 From: tobias.axelsson at vxu.se (Tobias Axelsson) Date: Mon Oct 1 09:12:28 2007 Subject: Known Web Bug Servers Message-ID: <003e01c80402$b3413560$0a422fc2@taxbrbr> Hi Do someone have a collection of "Known Web Bug Servers"? If so, please send them to me, and I will put them together and repost them to the mailinglist. Thanks, Tobias -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071001/03de9422/attachment.html From MailScanner at ecs.soton.ac.uk Mon Oct 1 09:53:42 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Oct 1 09:53:57 2007 Subject: MailScanner ANNOUNCE: 4.64.3 released Message-ID: <4700B596.204@ecs.soton.ac.uk> Hi folks! I have just released stable version 4.64.3. The major changes this month are: -- MailScanner book now also available from the EU with much lower shipping charges and no tax charges to EU countries. -- "Treat Invalid Watermarks With No Sender As Spam" can now be set to a number. This will be added to the spam score. -- Changed default "ClamAV Full Message Scan" to yes. Slight speed impact is worth it for the extra spam-spotting ability it gives, particularly if you use the signature databases from sanesecurity.co.uk. Download as usual from www.mailscanner.info. The full Change Log is this: * New Features and Improvements * 1 The MailScanner book is now also available for purchase from the EU with much lower shipping costs. Go to www.lulu.com/mailscanner. 1 Solaris check_mailscanner code now uses pgrep. 1 "MailScanner -v" now lists version of Date::Parse which was missing. 1 Added "$datenumber" to the inline spam warning report. 1 "MailScanner --lint" now checks your %org-name% to ensure it only contains safe characters (i.e. a-z, A-Z, 0-9 and -). 1 Added "allow" rule to filename.rules.conf for the XML filenames inside Microsoft Office 2007 (e.g. *.docx) files which are actually archives. 1 F-Prot-6 autoupdater improved to tell you whether it actually downloaded a new virus signatures file or not. 1 Tar distro now includes ChangeLog. 1 "Treat Invalid Watermarks With No Sender as Spam" can now be set to a number greater than zero. This value will be added to the spam score. 1 Watermark spam header reports refer to them as "watermarks" and not "null headers" as that is easier to understand. 2 Changed the default value "ClamAV Full Message Scan = yes". It has a slight speed impact, but is worth it for the extra spam-spotting ability, especially if you are using any extra ClamAV additional databases of spam signatures. 3 Changes required for MailWatch v2. Provided for Steve Freegard. * Fixes * 1 Now set the umask of the directory into which the TNEF attachments are unpacked by the external TNEF expander. Thanks to derek@csolve.net. 1 Fixed bug which caused crash when using a ruleset on "Filename Rules" setting when the file listed in the ruleset does not exist. Thanks to Ugo Bellevance. 1 Added line to stop EOCD Format errors being output in UnpackZip. Thanks to Rick Cooper. 2 Added fix to reported spam scores in some messages sent to multiple recipients. Provided by Derek Buttineau. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From a.peacock at chime.ucl.ac.uk Mon Oct 1 10:38:54 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Mon Oct 1 10:38:58 2007 Subject: sa-update question In-Reply-To: <46FC139A.2090006@sequestered.net> References: <46FAD61C.3000402@sequestered.net> <46FB8D8A.9090906@chime.ucl.ac.uk> <46FC139A.2090006@sequestered.net> Message-ID: <4700C02E.9020104@chime.ucl.ac.uk> Jay Chandler wrote: > Anthony Peacock wrote: >> Hi, >> > >> >> "# The rules created by the "sa-update" tool are searched for here. >> # This directory contains the 3.001001/updates_spamassassin_org >> # directory structure beneath it. >> # Only un-comment this setting once you have proved that the sa-update >> # cron job has run successfully and has created a directory structure >> under >> # the spamassassin directory within this one and has put some *.cf >> files in >> # there. Otherwise it will ignore all your current rules! >> # The default location may be /var/opt on Solaris systems. >> SpamAssassin Local State Dir = # /var/lib/spamassassin" >> >> Basically, SA on its own knows to use the newer rules in the >> /var/lib... hierachy over and above any others. This initially caused >> problems in MailScanner, but Julian very quickly made MailScanner work >> by default in this setup. Can't remember the version that this >> changed in, but it was a while ago. > > Fantastic! > > And even though there are several "version" directories underneath it, > it knows where to go? Yup! It goes to the one related to the version of SA running. And as Scott said, it doesn't do any housekeeping, so you may want to delete older versions. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "A CAT scan should take less time than a PET scan. For a CAT scan, they're only looking for one thing, whereas a PET scan could result in a lot of things." - Carl Princi, 2002/07/19 From MailScanner at ecs.soton.ac.uk Mon Oct 1 11:50:18 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Oct 1 11:50:34 2007 Subject: MailScanner & Zenoss In-Reply-To: <29796287.4721191161698493.JavaMail.root@office.splatnix.net> References: <29796287.4721191161698493.JavaMail.root@office.splatnix.net> Message-ID: <4700D0EA.9020909@ecs.soton.ac.uk> But can't it handle the situation in the same way it handles sendmail? Surely they have exactly the same problem there, as it changes its $0 too. UxBoD wrote: > Hi Jules, > > The problem is that it sees each description as a seperate process. Zenoss automatically adds each one to the process list, and when it changes description it thinks that MailScanner has crashed/stopped :( > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > From: "Julian Field" > To: "MailScanner discussion" > Sent: Saturday, September 29, 2007 2:04:11 PM (GMT) Africa/Casablanca > Subject: Re: MailScanner & Zenoss > > Just seen your posting on the zenoss forums about this. All the > MailScanner process names start with > MailScanner: > so can't you just look for that instead of a complete line? > Zenoss must have the same problem with sendmail, as that does the same > thing I do, change the ps listing depending on what it's doing. Any > monitoring package that can't monitor something as common as sendmail is > surely pretty broken :-( > > Jules. > > UxBoD wrote: > >> Steve, >> >> The problem is that even though Zenoss can use regex and detect all instances of MailScanner running, but even with the parent process changing its description line it can sometimes see it as a failure. Basically what it is doing is grabbing the process list from the SNMP tree. >> >> May have to write a zenoss script to do it, which is a pain, as clamd, postfix etc are all okay. Perhaps if MailScanner kept its parent process static with respect to the name ie. MailScanner and the child processes can report their own state. >> >> I would imagine that this could also occur on other monitoring systems IMHO. >> >> Regards, >> >> --[ UxBoD ]-- >> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" >> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B >> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B >> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net >> >> ----- Original Message ----- >> From: "Steve Freegard" >> To: "MailScanner discussion" >> Sent: Monday, September 24, 2007 3:23:03 PM (GMT) Europe/London >> Subject: Re: MailScanner & Zenoss >> >> UxBoD wrote: >> >> >>> Hi, >>> >>> Is anybody using Zenoss to monitor MailScanner ? The issue I am having is that due to MailScanner showing its current state on the process line ie. Checking with SpamAssassin, Waiting for Messages there is no one process line to check and ensure MailScanner is running. >>> >>> Any ideas ? >>> >>> >> How about: >> >> [root@mail soaplite]# ps axf | grep `cat /var/run/MailScanner.pid` | >> grep -v grep >> 889 ? Ss 0:00 MailScanner: master waiting for children, >> sleeping >> >> Cheers, >> Steve. >> >> > > Jules > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From shuttlebox at gmail.com Mon Oct 1 12:22:27 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Oct 1 12:22:32 2007 Subject: MailScanner ANNOUNCE: 4.64.3 released In-Reply-To: <4700B596.204@ecs.soton.ac.uk> References: <4700B596.204@ecs.soton.ac.uk> Message-ID: <625385e30710010422u50c47120sac85da417099de4d@mail.gmail.com> On 10/1/07, Julian Field wrote: > Hi folks! > > I have just released stable version 4.64.3. I have submitted a new Solaris package. Might take a day or so to find its way to all mirrors though. http://www.blastwave.org/packages/CSWmailscanner -- /peter From uxbod at splatnix.net Mon Oct 1 12:37:18 2007 From: uxbod at splatnix.net (UxBoD) Date: Mon Oct 1 12:37:56 2007 Subject: MailScanner & Zenoss In-Reply-To: <4700D0EA.9020909@ecs.soton.ac.uk> Message-ID: <6722572.4901191238638508.JavaMail.root@office.splatnix.net> Hi Jules, Still working on it, but no answer as of yet :( Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Monday, October 1, 2007 11:50:18 AM (GMT) Europe/London Subject: Re: MailScanner & Zenoss But can't it handle the situation in the same way it handles sendmail? Surely they have exactly the same problem there, as it changes its $0 too. UxBoD wrote: > Hi Jules, > > The problem is that it sees each description as a seperate process. Zenoss automatically adds each one to the process list, and when it changes description it thinks that MailScanner has crashed/stopped :( > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > From: "Julian Field" > To: "MailScanner discussion" > Sent: Saturday, September 29, 2007 2:04:11 PM (GMT) Africa/Casablanca > Subject: Re: MailScanner & Zenoss > > Just seen your posting on the zenoss forums about this. All the > MailScanner process names start with > MailScanner: > so can't you just look for that instead of a complete line? > Zenoss must have the same problem with sendmail, as that does the same > thing I do, change the ps listing depending on what it's doing. Any > monitoring package that can't monitor something as common as sendmail is > surely pretty broken :-( > > Jules. > > UxBoD wrote: > >> Steve, >> >> The problem is that even though Zenoss can use regex and detect all instances of MailScanner running, but even with the parent process changing its description line it can sometimes see it as a failure. Basically what it is doing is grabbing the process list from the SNMP tree. >> >> May have to write a zenoss script to do it, which is a pain, as clamd, postfix etc are all okay. Perhaps if MailScanner kept its parent process static with respect to the name ie. MailScanner and the child processes can report their own state. >> >> I would imagine that this could also occur on other monitoring systems IMHO. >> >> Regards, >> >> --[ UxBoD ]-- >> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" >> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B >> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B >> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net >> >> ----- Original Message ----- >> From: "Steve Freegard" >> To: "MailScanner discussion" >> Sent: Monday, September 24, 2007 3:23:03 PM (GMT) Europe/London >> Subject: Re: MailScanner & Zenoss >> >> UxBoD wrote: >> >> >>> Hi, >>> >>> Is anybody using Zenoss to monitor MailScanner ? The issue I am having is that due to MailScanner showing its current state on the process line ie. Checking with SpamAssassin, Waiting for Messages there is no one process line to check and ensure MailScanner is running. >>> >>> Any ideas ? >>> >>> >> How about: >> >> [root@mail soaplite]# ps axf | grep `cat /var/run/MailScanner.pid` | >> grep -v grep >> 889 ? Ss 0:00 MailScanner: master waiting for children, >> sleeping >> >> Cheers, >> Steve. >> >> > > Jules > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gmatt at nerc.ac.uk Mon Oct 1 13:41:18 2007 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Mon Oct 1 13:41:28 2007 Subject: GPL v3 In-Reply-To: <9035493.4181190969549275.JavaMail.root@office.splatnix.net> References: <9035493.4181190969549275.JavaMail.root@office.splatnix.net> Message-ID: <4700EAEE.6050400@nerc.ac.uk> UxBoD wrote: > IIRC Linus was not that happy about GPLv3. but Tridge is: http://news.samba.org/announcements/samba_gplv3/ I also hear that Linus is much warmer to the GPLv3 as it stands now than he was with initial drafts. I think there might be a reason to go to v3 just to show solidarity on the issue of software patents. GREG > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > From: "Julian Field" > To: "MailScanner discussion" > Sent: Wednesday, September 26, 2007 10:33:57 PM (GMT) Europe/London > Subject: GPL v3 > > I'm sure there are several of you who understand the new GPL v3 better > than I do. > What would be the consequences of me moving MailScanner to the GPL v3? > > Are there any other licences that might be a better choice than any of > the GPLs? (Please state your standpoint if answering any of this lot!). > > Thanks, > > Jules > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From gmatt at nerc.ac.uk Mon Oct 1 13:44:43 2007 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Mon Oct 1 13:45:00 2007 Subject: MailScanner ANNOUNCE: 4.64.3 released In-Reply-To: <4700B596.204@ecs.soton.ac.uk> References: <4700B596.204@ecs.soton.ac.uk> Message-ID: <4700EBBB.4080100@nerc.ac.uk> Julian Field wrote: > 3 Changes required for MailWatch v2. Provided for Steve Freegard. anyone else excited by this one? G -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From martinh at solidstatelogic.com Mon Oct 1 13:51:33 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Oct 1 13:52:07 2007 Subject: MailScanner ANNOUNCE: 4.64.3 released In-Reply-To: <4700EBBB.4080100@nerc.ac.uk> Message-ID: <52a5b11c8b684745901d4985ddb6b626@solidstatelogic.com> Greg Keep seeing the odd update like this. I'm not holding my breath, but what Steve's shown so far does look nice.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Greg Matthews > Sent: 01 October 2007 13:45 > To: MailScanner discussion > Subject: Re: MailScanner ANNOUNCE: 4.64.3 released > > Julian Field wrote: > > 3 Changes required for MailWatch v2. Provided for Steve Freegard. > > anyone else excited by this one? > > G > -- > Greg Matthews 01491 692445 > Head of UNIX/Linux, iTSS Wallingford > > -- > This message (and any attachments) is for the recipient only. NERC > is subject to the Freedom of Information Act 2000 and the contents > of this email and any reply you make may be disclosed by NERC unless > it is exempt from release under the Act. Any material supplied to > NERC may be stored in an electronic records management system. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From hvdkooij at vanderkooij.org Mon Oct 1 16:51:54 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Oct 1 16:52:08 2007 Subject: MailScanner ANNOUNCE: 4.64.3 released In-Reply-To: <4700B596.204@ecs.soton.ac.uk> References: <4700B596.204@ecs.soton.ac.uk> Message-ID: On Mon, 1 Oct 2007, Julian Field wrote: > Hi folks! > > I have just released stable version 4.64.3. I just did an upgrade and now I get this on an hourly basis: /etc/cron.hourly/update_virus_scanners: /usr/sbin/update_virus_scanners: line 39: /usr/lib/MailScanner/clamd-wrapper: No such file or directory Is this a problem with the autodetection of ClamAV? Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From MailScanner at ecs.soton.ac.uk Mon Oct 1 17:07:53 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Oct 1 17:09:08 2007 Subject: MailScanner ANNOUNCE: 4.64.3 released In-Reply-To: References: <4700B596.204@ecs.soton.ac.uk> Message-ID: <47011B59.3090600@ecs.soton.ac.uk> Check your virus.scanners.conf file. It shouldn't mention clamd-wrapper at all. Should say /bin/false there instead. Hugo van der Kooij wrote: > On Mon, 1 Oct 2007, Julian Field wrote: > >> Hi folks! >> >> I have just released stable version 4.64.3. > > I just did an upgrade and now I get this on an hourly basis: > > > /etc/cron.hourly/update_virus_scanners: > > /usr/sbin/update_virus_scanners: line 39: > /usr/lib/MailScanner/clamd-wrapper: No such file or directory > > > Is this a problem with the autodetection of ClamAV? > > Hugo. > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From hvdkooij at vanderkooij.org Mon Oct 1 17:14:39 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Oct 1 17:14:51 2007 Subject: MailScanner ANNOUNCE: 4.64.3 released In-Reply-To: References: <4700B596.204@ecs.soton.ac.uk> Message-ID: On Mon, 1 Oct 2007, Hugo van der Kooij wrote: > On Mon, 1 Oct 2007, Julian Field wrote: > >> I have just released stable version 4.64.3. > > I just did an upgrade and now I get this on an hourly basis: > > > /etc/cron.hourly/update_virus_scanners: > > /usr/sbin/update_virus_scanners: line 39: /usr/lib/MailScanner/clamd-wrapper: > No such file or directory > > > Is this a problem with the autodetection of ClamAV? And I also noticed Avast! is used twice: I have found f-prot bitdefender avast clamavmodule antivir mcafee avastd drweb norman scanners installed, and will use them all by default. I know it is an absurd list but the system is intended to compare sample detection by different scanners as primary task. I hope to allow for people to send in samples by email and they get a detection report out of it. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From rpoe at plattesheriff.org Mon Oct 1 18:14:54 2007 From: rpoe at plattesheriff.org (Rob Poe) Date: Mon Oct 1 18:15:24 2007 Subject: GPL v3 In-Reply-To: <4700EAEE.6050400@nerc.ac.uk> References: <9035493.4181190969549275.JavaMail.root@office.splatnix.net> <4700EAEE.6050400@nerc.ac.uk> Message-ID: <4700E4C5.65ED.00A2.0@plattesheriff.org> The funny thing about Tridge is, he's making something that emulates patented processes. Of COURSE he's against software patents.. Not saying it's bad, but in all honesty - if he were smart, he'd have stayed at Novell, let Novell handle the work on Samba, and let THEM provide indemnity from patent lawsuits or possible licensing fees. >>> Greg Matthews 10/1/2007 7:41 AM >>> UxBoD wrote: > IIRC Linus was not that happy about GPLv3. but Tridge is: http://news.samba.org/announcements/samba_gplv3/ I also hear that Linus is much warmer to the GPLv3 as it stands now than he was with initial drafts. I think there might be a reason to go to v3 just to show solidarity on the issue of software patents. GREG > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > From: "Julian Field" > To: "MailScanner discussion" > Sent: Wednesday, September 26, 2007 10:33:57 PM (GMT) Europe/London > Subject: GPL v3 > > I'm sure there are several of you who understand the new GPL v3 better > than I do. > What would be the consequences of me moving MailScanner to the GPL v3? > > Are there any other licences that might be a better choice than any of > the GPLs? (Please state your standpoint if answering any of this lot!). > > Thanks, > > Jules > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mkettler at evi-inc.com Mon Oct 1 20:59:28 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Oct 1 20:59:40 2007 Subject: What causes this type of address in envelopes? In-Reply-To: <46FD4351.8090903@cnpapers.com> References: <46FD4351.8090903@cnpapers.com> Message-ID: <470151A0.7040800@evi-inc.com> Steve Campbell wrote: > I have a little problem with a from envelop address. All of the header > addresses are normal type somebody@somedomain.com, but the envelop from > address takes the form > > prvs=somebody=7848db996@somedomain.com. > > The recipient is a little mad, because I had the address whitelisted > using the normal type address and it used to work. They want me to > whitelist it again. I guess I could resave my file, but.... > > Is it a proxy, or one of those dang MS products? Any clues? It's the Simple Private Signature (prvs) part of a IETF draft Bounced Address Tag Validation (BATV). Essentially, it's a way of dealing with fake bounce messages by always using a mangled address when sending. Any bounce messages that come back which are sent to the regular user address are obviously caused by spam forgeries (or broken mailsystems) and can be dropped. The current draft spec can be found at: http://tools.ietf.org/html/draft-levine-mass-batv-02 From campbell at cnpapers.com Mon Oct 1 21:35:09 2007 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Oct 1 21:35:18 2007 Subject: What causes this type of address in envelopes? In-Reply-To: <470151A0.7040800@evi-inc.com> References: <46FD4351.8090903@cnpapers.com> <470151A0.7040800@evi-inc.com> Message-ID: <470159FD.9020206@cnpapers.com> Matt Kettler wrote: > Steve Campbell wrote: >> I have a little problem with a from envelop address. All of the >> header addresses are normal type somebody@somedomain.com, but the >> envelop from address takes the form >> >> prvs=somebody=7848db996@somedomain.com. >> >> The recipient is a little mad, because I had the address whitelisted >> using the normal type address and it used to work. They want me to >> whitelist it again. I guess I could resave my file, but.... >> >> Is it a proxy, or one of those dang MS products? Any clues? > > It's the Simple Private Signature (prvs) part of a IETF draft Bounced > Address Tag Validation (BATV). > > Essentially, it's a way of dealing with fake bounce messages by always > using a mangled address when sending. Any bounce messages that come > back which are sent to the regular user address are obviously caused > by spam forgeries (or broken mailsystems) and can be dropped. > > The current draft spec can be found at: > http://tools.ietf.org/html/draft-levine-mass-batv-02 > Wow, that's some thick reading. So, if this is what they are using, then a simple "reply" to one sent to one of my users should work, unless the sender has their expiry timeout way too short? It seems that whenever someone tries to reply to the original sender, on occasion, the message is not accepted due to an invalid user return. (I could be wrong on the memory part of that statement - they may be trying to send to the "real" email address of the sender, not that prvs thingy). I guess you can send to the real address if it's not a reply? Are these setups sometimes misconfigured? Thanks for the pointer and the help.Still a little confused, as you might discern. Steve From nwp at nz.lemon-computing.com Mon Oct 1 22:17:34 2007 From: nwp at nz.lemon-computing.com (Nick Phillips) Date: Mon Oct 1 22:16:17 2007 Subject: What causes this type of address in envelopes? In-Reply-To: <470159FD.9020206@cnpapers.com> References: <46FD4351.8090903@cnpapers.com> <470151A0.7040800@evi-inc.com> <470159FD.9020206@cnpapers.com> Message-ID: <8523A312-3CD1-4DE8-9ABC-C9DE03089873@nz.lemon-computing.com> On 2/10/2007, at 8:35 AM, Steve Campbell wrote: > Wow, that's some thick reading. > > So, if this is what they are using, then a simple "reply" to one > sent to one of my users should work, unless the sender has their > expiry timeout way too short? It seems that whenever someone tries > to reply to the original sender, on occasion, the message is not > accepted due to an invalid user return. > (I could be wrong on the memory part of that statement - they may > be trying to send to the "real" email address of the sender, not > that prvs thingy). > > I guess you can send to the real address if it's not a reply? Are > these setups sometimes misconfigured? If you have a non-empty envelope sender, you should be OK. It should only be bounces that have empty envelope senders. Cheers, Nick From mkettler at evi-inc.com Mon Oct 1 22:56:48 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Oct 1 22:57:02 2007 Subject: What causes this type of address in envelopes? In-Reply-To: <470159FD.9020206@cnpapers.com> References: <46FD4351.8090903@cnpapers.com> <470151A0.7040800@evi-inc.com> <470159FD.9020206@cnpapers.com> Message-ID: <47016D20.9090109@evi-inc.com> Steve Campbell wrote: > > > Matt Kettler wrote: >> Steve Campbell wrote: > Wow, that's some thick reading. > > So, if this is what they are using, then a simple "reply" to one sent to > one of my users should work, unless the sender has their expiry timeout > way too short? This has nothing to do with replies, only error messages like bounces that have a null return path (<>). Replies are sent To: the From: or Reply-To: of the original message and have your email address in the Envelope From. Errors, bounces, DSNs, etc are sent To: the Envelope From of the original message, but themselves have a null Envelope From (ie: email address <>). So, if a message comes in for the "plain" email address, if it's got a non-empty return path, it's accepted. It will only be dropped if it has a null Envelope From, as all such messages should be using the tagged address from the envelope, not the plain one in the From:. From shuttlebox at gmail.com Tue Oct 2 08:07:56 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Oct 2 08:07:58 2007 Subject: MailScanner ANNOUNCE: 4.64.3 released In-Reply-To: <625385e30710010422u50c47120sac85da417099de4d@mail.gmail.com> References: <4700B596.204@ecs.soton.ac.uk> <625385e30710010422u50c47120sac85da417099de4d@mail.gmail.com> Message-ID: <625385e30710020007q6ecc8e91t1776657672dbc8cf@mail.gmail.com> On 10/1/07, shuttlebox wrote: > On 10/1/07, Julian Field wrote: > > Hi folks! > > > > I have just released stable version 4.64.3. > > I have submitted a new Solaris package. Might take a day or so to find > its way to all mirrors though. > > http://www.blastwave.org/packages/CSWmailscanner Replying to myself...we're in some kind of freeze period to release a stable collection of packages and therefore can't release any new version to the unstable collection during that time which might be a few more days. Until then you can find the package here: http://www.blastwave.org/testing/mailscanner-4.64.3.1-SunOS5.8-all-CSW.pkg.gz If you had an older version of CSWmailscanner installed it's a simple pkgrm/pkgadd to replace it but if you're doing a new install you might be better off to wait for it to be added to the collection so you can benefit from the dependency handling of pkg-get. -- /peter From MailScanner at ecs.soton.ac.uk Tue Oct 2 08:53:22 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Oct 2 08:53:45 2007 Subject: MailScanner ANNOUNCE: 4.64.3 released In-Reply-To: <625385e30710020007q6ecc8e91t1776657672dbc8cf@mail.gmail.com> References: <4700B596.204@ecs.soton.ac.uk> <625385e30710010422u50c47120sac85da417099de4d@mail.gmail.com> <625385e30710020007q6ecc8e91t1776657672dbc8cf@mail.gmail.com> Message-ID: <4701F8F2.8090001@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 shuttlebox wrote: > On 10/1/07, shuttlebox wrote: > >> On 10/1/07, Julian Field wrote: >> >>> Hi folks! >>> >>> I have just released stable version 4.64.3. >>> >> I have submitted a new Solaris package. Might take a day or so to find >> its way to all mirrors though. >> >> http://www.blastwave.org/packages/CSWmailscanner >> > > Replying to myself...we're in some kind of freeze period to release a > stable collection of packages and therefore can't release any new > version to the unstable collection during that time which might be a > few more days. Until then you can find the package here: > > http://www.blastwave.org/testing/mailscanner-4.64.3.1-SunOS5.8-all-CSW.pkg.gz > > If you had an older version of CSWmailscanner installed it's a simple > pkgrm/pkgadd to replace it but if you're doing a new install you might > be better off to wait for it to be added to the collection so you can > benefit from the dependency handling of pkg-get. > > Peter, Many thanks for all your work on Blastwave. We are already using it here on some of our web servers, and it has proved to be very useful and timesaving. Thank you! Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHAfjyEfZZRxQVtlQRAv4fAJ9M2MnO792s5gMkJY17PwvdmPttzwCfb+OK f8A4tv/x9Mneqafgq0Q+EKc= =6SZb -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From shuttlebox at gmail.com Tue Oct 2 09:18:22 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Oct 2 09:18:24 2007 Subject: MailScanner ANNOUNCE: 4.64.3 released In-Reply-To: <4701F8F2.8090001@ecs.soton.ac.uk> References: <4700B596.204@ecs.soton.ac.uk> <625385e30710010422u50c47120sac85da417099de4d@mail.gmail.com> <625385e30710020007q6ecc8e91t1776657672dbc8cf@mail.gmail.com> <4701F8F2.8090001@ecs.soton.ac.uk> Message-ID: <625385e30710020118r60ce5c14h76f9cda9d70ac21c@mail.gmail.com> On 10/2/07, Julian Field wrote: > Peter, > > Many thanks for all your work on Blastwave. We are already using it here > on some of our web servers, and it has proved to be very useful and > timesaving. Thank you! > > Jules I'm just one of the grunts packaging other peoples software. You're the genius! :-) -- /peter From hvdkooij at vanderkooij.org Tue Oct 2 11:20:09 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Oct 2 11:20:17 2007 Subject: MailScanner ANNOUNCE: 4.64.3 released In-Reply-To: <4701F8F2.8090001@ecs.soton.ac.uk> References: <4700B596.204@ecs.soton.ac.uk> <625385e30710010422u50c47120sac85da417099de4d@mail.gmail.com> <625385e30710020007q6ecc8e91t1776657672dbc8cf@mail.gmail.com> <4701F8F2.8090001@ecs.soton.ac.uk> Message-ID: On Tue, 2 Oct 2007, Julian Field wrote: > Many thanks for all your work on Blastwave. We are already using it here > on some of our web servers, and it has proved to be very useful and > timesaving. Thank you! Jules, May I take from your praise that you are not against MailScanner being added to a repository? I think Dag Wiers will be glad to add MailScanner to rpmforge so you have no worries about setting up a YUM repositor. It will allow everyone to do what they do best. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From MailScanner at ecs.soton.ac.uk Tue Oct 2 12:30:22 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Oct 2 12:30:51 2007 Subject: MailScanner ANNOUNCE: 4.64.3 released In-Reply-To: References: <4700B596.204@ecs.soton.ac.uk> <625385e30710010422u50c47120sac85da417099de4d@mail.gmail.com> <625385e30710020007q6ecc8e91t1776657672dbc8cf@mail.gmail.com> <4701F8F2.8090001@ecs.soton.ac.uk> Message-ID: <47022BCE.6070704@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hugo van der Kooij wrote: > On Tue, 2 Oct 2007, Julian Field wrote: > >> Many thanks for all your work on Blastwave. We are already using it here >> on some of our web servers, and it has proved to be very useful and >> timesaving. Thank you! > > Jules, > > May I take from your praise that you are not against MailScanner being > added to a repository? > > I think Dag Wiers will be glad to add MailScanner to rpmforge so you > have no worries about setting up a YUM repositor. It will allow > everyone to do what they do best. I initially always said no to requests like this, as I liked to keep a close eye on download stats (hence my 1 million downloads figure). However, MailScanner is getting into more and more distros now, so the website download stats no longer represent the number of sites using MailScanner in any meaningful way. So there's not much point in saying no any more, I've lost control anyway. So I would be most pleased if Dag would like to add it to his repository. If there's anything reasonable that he needs me to do in return, I'll do what I can. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHAivOEfZZRxQVtlQRAv54AKDBnfg1DcpPMyuWw+e79JxtksasKACg1UkS 0C0gD1wVIlPMCfLsiTuekf4= =cDbb -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From Q.G.Campbell at newcastle.ac.uk Tue Oct 2 14:24:51 2007 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Tue Oct 2 14:24:55 2007 Subject: What causes this type of address in envelopes? - how to whitelist! In-Reply-To: <223f97700709290353m1ea80030gc08389868317b0c7@mail.gmail.com> References: <46FD4351.8090903@cnpapers.com> <46FD51B6.3020802@USherbrooke.ca><46FD5600.3070009@cnpapers.com> <223f97700709290353m1ea80030gc08389868317b0c7@mail.gmail.com> Message-ID: <4165CF7A7F12DE4B96622CCBB90586470BC12592@largo.campus.ncl.ac.uk> >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >bounces@lists.mailscanner.info] On Behalf Of Glenn Steen >Sent: 29 September 2007 11:53 >To: MailScanner discussion >Subject: Re: What causes this type of address in envelopes? > >On 28/09/2007, Steve Campbell wrote: >> OK, thanks to all. >> >> It's sort of a problem in that it's not that easy to whitelist with >>that type of address, I'm not sure it they only have one server or IP >>they send from. It's clunky in my opinion. > >Yes, it is..... So going for IP as whitelist criterion is probably >your only safe bet. Perhaps you should take it up _with the >sender_...? > [snip] You can reliably whitelist PRVS addresses using a regular expression. Using the address example from Steve's original message, prvs=somebody=7848db996@somedomain.com, your entry in the spam.whitelist.rules file for that address would be: From: /prvs=somebody=.*\@somedomain\.com$/ yes Quentin From glenn.steen at gmail.com Tue Oct 2 14:33:18 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Oct 2 14:33:20 2007 Subject: What causes this type of address in envelopes? - how to whitelist! In-Reply-To: <4165CF7A7F12DE4B96622CCBB90586470BC12592@largo.campus.ncl.ac.uk> References: <46FD4351.8090903@cnpapers.com> <46FD51B6.3020802@USherbrooke.ca> <46FD5600.3070009@cnpapers.com> <223f97700709290353m1ea80030gc08389868317b0c7@mail.gmail.com> <4165CF7A7F12DE4B96622CCBB90586470BC12592@largo.campus.ncl.ac.uk> Message-ID: <223f97700710020633w2a367d8if4a75098291223d2@mail.gmail.com> On 02/10/2007, Quentin Campbell wrote: > >-----Original Message----- > >From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >bounces@lists.mailscanner.info] On Behalf Of Glenn Steen > >Sent: 29 September 2007 11:53 > >To: MailScanner discussion > >Subject: Re: What causes this type of address in envelopes? > > > >On 28/09/2007, Steve Campbell wrote: > >> OK, thanks to all. > >> > >> It's sort of a problem in that it's not that easy to whitelist with > >>that type of address, I'm not sure it they only have one server or IP > >>they send from. It's clunky in my opinion. > > > >Yes, it is..... So going for IP as whitelist criterion is probably > >your only safe bet. Perhaps you should take it up _with the > >sender_...? > > > [snip] > > You can reliably whitelist PRVS addresses using a regular expression. > Using the address example from Steve's original message, > prvs=somebody=7848db996@somedomain.com, your entry in the > spam.whitelist.rules file for that address would be: > > From: /prvs=somebody=.*\@somedomain\.com$/ yes > Except that this still is very spoofable...:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From davejones70 at gmail.com Tue Oct 2 15:22:50 2007 From: davejones70 at gmail.com (Dave Jones) Date: Tue Oct 2 15:22:53 2007 Subject: Error using F-Secure 5.52 Message-ID: <67a55ed50710020722p21405e59v3162d8d4cdfd70a5@mail.gmail.com> Downloaded eval version of F-Secure AV Linux Server Security from http://www.f-secure.com/small_businesses/evaluations/fsavssl.html and installed the command line only version with "./f- secure-linux-server-security-5.52.6200 --command-line-only". [root@smtp1 bin]# MailScanner --lint Checking version numbers... Version number in MailScanner.conf (4.64.3) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp MailScanner.conf says "Virus Scanners = clamd f-secure" Found these virus scanners installed: clamd, f-secure =========================================================================== Commercial virus checker failed with real error: Either you've found a bug in MailScanner's F-Secure output parser, or F-Secure's output format has changed! Please mail the author of MailScanner! at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2040 at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 1019 [root@smtp1 bin]# Did I install the wrong version or is this a new version that MailScanner needs to be tweaked to work with? -- Dave Jones -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071002/ac4272ee/attachment.html From Q.G.Campbell at newcastle.ac.uk Tue Oct 2 16:26:52 2007 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Tue Oct 2 16:26:55 2007 Subject: What causes this type of address in envelopes? - how towhitelist! In-Reply-To: <223f97700710020633w2a367d8if4a75098291223d2@mail.gmail.com> References: <46FD4351.8090903@cnpapers.com> <46FD51B6.3020802@USherbrooke.ca><46FD5600.3070009@cnpapers.com><223f97700709290353m1ea80030gc08389868317b0c7@mail.gmail.com><4165CF7A7F12DE4B96622CCBB90586470BC12592@largo.campus.ncl.ac.uk> <223f97700710020633w2a367d8if4a75098291223d2@mail.gmail.com> Message-ID: <4165CF7A7F12DE4B96622CCBB90586470BC12614@largo.campus.ncl.ac.uk> >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >bounces@lists.mailscanner.info] On Behalf Of Glenn Steen >Sent: 02 October 2007 14:33 >To: MailScanner discussion >Subject: Re: What causes this type of address in envelopes? - how >towhitelist! > [snip] >> You can reliably whitelist PRVS addresses using a regular expression. >> Using the address example from Steve's original message, >> prvs=somebody=7848db996@somedomain.com, your entry in the >> spam.whitelist.rules file for that address would be: >> >> From: /prvs=somebody=.*\@somedomain\.com$/ yes >> >Except that this still is very spoofable...:-). Glen True, but that has always been a problem with whitelisting non PRVS-type addresses so Steve is no worse off (with the above) than he was before the sender introduced PRVS. Quentin From ssilva at sgvwater.com Tue Oct 2 16:28:44 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Oct 2 16:42:07 2007 Subject: MailScanner ANNOUNCE: 4.64.3 released In-Reply-To: <47022BCE.6070704@ecs.soton.ac.uk> References: <4700B596.204@ecs.soton.ac.uk> <625385e30710010422u50c47120sac85da417099de4d@mail.gmail.com> <625385e30710020007q6ecc8e91t1776657672dbc8cf@mail.gmail.com> <4701F8F2.8090001@ecs.soton.ac.uk> <47022BCE.6070704@ecs.soton.ac.uk> Message-ID: on 10/2/2007 4:30 AM Julian Field spake the following: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Hugo van der Kooij wrote: >> On Tue, 2 Oct 2007, Julian Field wrote: >> >>> Many thanks for all your work on Blastwave. We are already using it here >>> on some of our web servers, and it has proved to be very useful and >>> timesaving. Thank you! >> Jules, >> >> May I take from your praise that you are not against MailScanner being >> added to a repository? >> >> I think Dag Wiers will be glad to add MailScanner to rpmforge so you >> have no worries about setting up a YUM repositor. It will allow >> everyone to do what they do best. > I initially always said no to requests like this, as I liked to keep a > close eye on download stats (hence my 1 million downloads figure). > However, MailScanner is getting into more and more distros now, so the > website download stats no longer represent the number of sites using > MailScanner in any meaningful way. > > So there's not much point in saying no any more, I've lost control > anyway. So I would be most pleased if Dag would like to add it to his > repository. If there's anything reasonable that he needs me to do in > return, I'll do what I can. > > Jules You can always add some sort of "phone home with permission" type of thing to keep track of the installed base. Maybe something that sends back OS and maybe a randomly generated and locally stored signature. That way you would get a better idea of how many mailscanners are out there. Any body who is very paranoid could opt out. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From housey at sme-ecom.co.uk Tue Oct 2 17:55:23 2007 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Tue Oct 2 17:55:38 2007 Subject: Spamassassin Time outs Message-ID: Hi For about 2 hours now ive been getting spamassasin time outs on pretty much every mail im processing and I cant track down what the problem is. Ive ran spamassasin -D --lint which shows no probs and ive ran spamassasin -t < message (a known spam message) and it didnt time out, ive also ran MailScanner (and spamassasin) in debug mode and again it didnt timeout, however if I start MailScanner normally pretty much every message is timing out. Ive stopped incoming email for the moment and the load on the box is right down but still pretty much every message times out. Ive deleted my bayes database as well but made no difference. Any other ideals on where I can look? Paul From dgottsc at emory.edu Tue Oct 2 18:01:04 2007 From: dgottsc at emory.edu (Gottschalk, David) Date: Tue Oct 2 18:01:13 2007 Subject: Spamassassin Time outs In-Reply-To: References: Message-ID: <8D2EFA3D9FD29C45BCEC3B532F0E23084135D42F3C@RDPEXCH2.Eu.Emory.Edu> DNS is working properly? David Gottschalk UTS Infrastructure Technology Services david.gottschalk@emory.edu -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Houselander Sent: Tuesday, October 02, 2007 12:55 PM To: mailscanner@lists.mailscanner.info Subject: Spamassassin Time outs Hi For about 2 hours now ive been getting spamassasin time outs on pretty much every mail im processing and I cant track down what the problem is. Ive ran spamassasin -D --lint which shows no probs and ive ran spamassasin -t < message (a known spam message) and it didnt time out, ive also ran MailScanner (and spamassasin) in debug mode and again it didnt timeout, however if I start MailScanner normally pretty much every message is timing out. Ive stopped incoming email for the moment and the load on the box is right down but still pretty much every message times out. Ive deleted my bayes database as well but made no difference. Any other ideals on where I can look? Paul -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From prandal at herefordshire.gov.uk Tue Oct 2 18:10:30 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Oct 2 18:10:36 2007 Subject: Spamassassin Time outs In-Reply-To: References: Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA01BEAD8C@HC-MBX02.herefordshire.gov.uk> Are you using any RBLs in MailScanner? Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Paul Houselander > Sent: 02 October 2007 17:55 > To: mailscanner@lists.mailscanner.info > Subject: Spamassassin Time outs > > Hi > > For about 2 hours now ive been getting spamassasin time outs > on pretty much > every mail im processing and I cant track down what the problem is. > > Ive ran spamassasin -D --lint which shows no probs and ive ran > spamassasin -t < message (a known spam message) and it didnt > time out, ive > also ran MailScanner (and spamassasin) in debug mode and > again it didnt > timeout, however if I start MailScanner normally pretty much > every message > is timing out. > > Ive stopped incoming email for the moment and the load on the > box is right > down but still pretty much every message times out. > > Ive deleted my bayes database as well but made no difference. > > Any other ideals on where I can look? > > Paul > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From housey at sme-ecom.co.uk Tue Oct 2 18:28:21 2007 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Tue Oct 2 18:28:34 2007 Subject: Spamassassin Time outs {Scanned by Allteks Mailsafe} In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA01BEAD8C@HC-MBX02.herefordshire.gov.uk> Message-ID: Hi Nope I use one in sendmail and then leave the rest to spamassasin but not within MailScanner itself. I was kind of hoping some RBL was causing a problem, and everyone else was seeing a problem to!! the funny thing is the last 20 mins or so things have started to work normally again. The first thing I checked was DNS which was resolving without a problem. Strange but seems to be processing mail normally now. Paul > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Randal, > Phil > Sent: 02 October 2007 18:11 > To: MailScanner discussion > Subject: RE: Spamassassin Time outs {Scanned by Allteks Mailsafe} > > > Are you using any RBLs in MailScanner? > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Paul Houselander > > Sent: 02 October 2007 17:55 > > To: mailscanner@lists.mailscanner.info > > Subject: Spamassassin Time outs > > > > Hi > > > > For about 2 hours now ive been getting spamassasin time outs > > on pretty much > > every mail im processing and I cant track down what the problem is. > > > > Ive ran spamassasin -D --lint which shows no probs and ive ran > > spamassasin -t < message (a known spam message) and it didnt > > time out, ive > > also ran MailScanner (and spamassasin) in debug mode and > > again it didnt > > timeout, however if I start MailScanner normally pretty much > > every message > > is timing out. > > > > Ive stopped incoming email for the moment and the load on the > > box is right > > down but still pretty much every message times out. > > > > Ive deleted my bayes database as well but made no difference. > > > > Any other ideals on where I can look? > > > > Paul > > > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > This message has been scanned by the Allteks Mailsafe Service > > > From housey at sme-ecom.co.uk Tue Oct 2 18:29:40 2007 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Tue Oct 2 18:29:51 2007 Subject: Spamassassin Time outs {Scanned by Allteks Mailsafe} In-Reply-To: <8D2EFA3D9FD29C45BCEC3B532F0E23084135D42F3C@RDPEXCH2.Eu.Emory.Edu> Message-ID: Hi Thanks for replying, yep DNS is ok was one of the 1st things I checked. The last 20 mins or so mail seems to be processing normally and im not getting any timeouts. Strange! Paul > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of > Gottschalk, David > Sent: 02 October 2007 18:01 > To: MailScanner discussion > Subject: RE: Spamassassin Time outs {Scanned by Allteks Mailsafe} > > > DNS is working properly? > > David Gottschalk > UTS Infrastructure Technology Services > david.gottschalk@emory.edu > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Paul Houselander > Sent: Tuesday, October 02, 2007 12:55 PM > To: mailscanner@lists.mailscanner.info > Subject: Spamassassin Time outs > > Hi > > For about 2 hours now ive been getting spamassasin time outs on > pretty much > every mail im processing and I cant track down what the problem is. > > Ive ran spamassasin -D --lint which shows no probs and ive ran > spamassasin -t < message (a known spam message) and it didnt time out, ive > also ran MailScanner (and spamassasin) in debug mode and again it didnt > timeout, however if I start MailScanner normally pretty much every message > is timing out. > > Ive stopped incoming email for the moment and the load on the box is right > down but still pretty much every message times out. > > Ive deleted my bayes database as well but made no difference. > > Any other ideals on where I can look? > > Paul > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > This message has been scanned by the Allteks Mailsafe Service > > > From MailScanner at ecs.soton.ac.uk Tue Oct 2 18:58:19 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Oct 2 18:58:50 2007 Subject: Error using F-Secure 5.52 In-Reply-To: <67a55ed50710020722p21405e59v3162d8d4cdfd70a5@mail.gmail.com> References: <67a55ed50710020722p21405e59v3162d8d4cdfd70a5@mail.gmail.com> Message-ID: <470286BB.9080601@ecs.soton.ac.uk> I have just release version 4.65.1 with support for F-Secure 5.50 and above. Download it as usual from www.mailscanner.info. Dave Jones wrote: > Downloaded eval version of F-Secure AV Linux Server Security from > http://www.f-secure.com/small_businesses/evaluations/fsavssl.html and > installed the command line only version with > "./f-secure-linux-server-security-5.52.6200 --command-line-only". > > [root@smtp1 bin]# MailScanner --lint > Checking version numbers... > Version number in MailScanner.conf (4.64.3) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > > MailScanner.conf says "Virus Scanners = clamd f-secure" > Found these virus scanners installed: clamd, f-secure > =========================================================================== > Commercial virus checker failed with real error: Either you've found a > bug in MailScanner's F-Secure output parser, or F-Secure's output > format has changed! Please mail the author of MailScanner! > at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2040 > at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 1019 > [root@smtp1 bin]# > > > Did I install the wrong version or is this a new version that > MailScanner needs to be tweaked to work with? > -- > Dave Jones Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Tue Oct 2 19:01:29 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Oct 2 19:02:09 2007 Subject: Spamassassin Time outs {Scanned by Allteks Mailsafe} In-Reply-To: References: Message-ID: <47028779.9040702@ecs.soton.ac.uk> I have been seeing Razor timeouts in the first half of today. Whatever the speed problem was, got rectified later in the day as the timeouts stopped happening. You may well have been seeing the same thing. Repeated "MailScanner --debug" eventually caught it red-handed. Paul Houselander wrote: > Hi > > Thanks for replying, yep DNS is ok was one of the 1st things I checked. The > last 20 mins or so mail seems to be processing normally and im not getting > any timeouts. > > Strange! > > Paul > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of >> Gottschalk, David >> Sent: 02 October 2007 18:01 >> To: MailScanner discussion >> Subject: RE: Spamassassin Time outs {Scanned by Allteks Mailsafe} >> >> >> DNS is working properly? >> >> David Gottschalk >> UTS Infrastructure Technology Services >> david.gottschalk@emory.edu >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> Paul Houselander >> Sent: Tuesday, October 02, 2007 12:55 PM >> To: mailscanner@lists.mailscanner.info >> Subject: Spamassassin Time outs >> >> Hi >> >> For about 2 hours now ive been getting spamassasin time outs on >> pretty much >> every mail im processing and I cant track down what the problem is. >> >> Ive ran spamassasin -D --lint which shows no probs and ive ran >> spamassasin -t < message (a known spam message) and it didnt time out, ive >> also ran MailScanner (and spamassasin) in debug mode and again it didnt >> timeout, however if I start MailScanner normally pretty much every message >> is timing out. >> >> Ive stopped incoming email for the moment and the load on the box is right >> down but still pretty much every message times out. >> >> Ive deleted my bayes database as well but made no difference. >> >> Any other ideals on where I can look? >> >> Paul >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> This message has been scanned by the Allteks Mailsafe Service >> >> >> >> > > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From steinkel at pa.net Tue Oct 2 19:45:48 2007 From: steinkel at pa.net (Leland J. Steinke) Date: Tue Oct 2 19:45:53 2007 Subject: IronMail experience? Message-ID: <470291DC.5040904@pa.net> [Insert the usual story of office FUD politics here.] Could anybody on the list with recent experience with IronMail [1] in an ISP setting give me their impressions? If there is interest, I will summarize to the list. Thanks, Leland -- [1] http://www.securecomputing.com/index.cfm?skey=1612 From sconway at wlnet.com Tue Oct 2 22:01:46 2007 From: sconway at wlnet.com (Stephen Conway) Date: Tue Oct 2 22:01:50 2007 Subject: Remove HTML From Messages In-Reply-To: <46F439B3.40302@ecs.soton.ac.uk> References: <0ab401c7f642$7c334e00$7499ea00$@com> <46E9A42E.8090206@ecs.soton.ac.uk> <10cf01c7f70c$c7bd2b00$57378100$@com> <46EBE421.1070400@ecs.soton.ac.uk> <18a501c7f93f$ef6d1db0$ce475910$@com> <46EEB161.4040105@ecs.soton.ac.uk> <1bb901c7fa22$e2149420$a63dbc60$@com> <46F02095.6040705@ecs.soton.ac.uk> <0a4a01c7fc73$b52fb630$1f8f2290$@com> <46F439B3.40302@ecs.soton.ac.uk> Message-ID: <02b901c80537$71865bb0$54931310$@com> Hello: We have a requirement to convert HTML for specific users into text only. I know there is a setting that converts HTML to plain text, but the resulting message is still a 'multi-part-alternative' with 2 text parts. Is there any method that will just remove the HTML parts altogether and leave only the text/plain part? Thanks, Steve -- ShipMail Now 30% Faster From fviero at gmail.com Tue Oct 2 23:19:20 2007 From: fviero at gmail.com (Fabio Viero) Date: Tue Oct 2 23:19:21 2007 Subject: Removing attachments but delivering the message Message-ID: Hi List Is there a way i can remove the attachment(s) from certain specific messages but still the delivering the message itself? Thanks is advance From Jeff.Mills at versacold.com.au Wed Oct 3 00:06:19 2007 From: Jeff.Mills at versacold.com.au (Jeff Mills) Date: Wed Oct 3 00:06:24 2007 Subject: Domain used for spam - NDR responses Message-ID: Hi all, Just wondering if anyone has some magic solution for what I'm sure is a common problem. A spammer generates thousands of random email addresses using your domain name and sends out a bazillion emails. All the NDR's come back to your server destined for non-existant mailboxes. Now my common sense tells me that if you want to stop these you can block all NDR's, for example by using MCP and blocking "Delivery Status Notification (Failure)" "Undeliverable" etc. However, that will also block legitimate NDR's. So do you all just grin and bear these or is there a magic solution I'm not thinking of? Rgs, Jeff From naolson at gmail.com Wed Oct 3 00:29:07 2007 From: naolson at gmail.com (Nathan Olson) Date: Wed Oct 3 00:29:09 2007 Subject: Domain used for spam - NDR responses In-Reply-To: References: Message-ID: <8f54b4330710021629n6dfb5525uec3ad13153c62d0a@mail.gmail.com> milter-null or MailScanner's new watermarking feature. Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071002/471c1be1/attachment.html From ssilva at sgvwater.com Wed Oct 3 00:28:12 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 3 00:33:28 2007 Subject: Domain used for spam - NDR responses In-Reply-To: References: Message-ID: on 10/2/2007 4:06 PM Jeff Mills spake the following: > Hi all, > Just wondering if anyone has some magic solution for what I'm sure is a > common problem. > > A spammer generates thousands of random email addresses using your > domain name and sends out a bazillion emails. > All the NDR's come back to your server destined for non-existant > mailboxes. > > Now my common sense tells me that if you want to stop these you can > block all NDR's, for example by using MCP and blocking "Delivery Status > Notification (Failure)" "Undeliverable" etc. > However, that will also block legitimate NDR's. > > So do you all just grin and bear these or is there a magic solution I'm > not thinking of? > > Rgs, > Jeff Milter null is supposed to help, but I haven't used it. But you should be dropping non-existent users at the first point of entry to your system, either the mail server, or the gateway if you use one. The connections get dropped as soon as they give a non-existent user address. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From Jeff.Mills at versacold.com.au Wed Oct 3 01:13:29 2007 From: Jeff.Mills at versacold.com.au (Jeff Mills) Date: Wed Oct 3 01:13:34 2007 Subject: Domain used for spam - NDR responses Message-ID: > Milter null is supposed to help, but I haven't used it. > But you should be dropping non-existent users at the first > point of entry to your system, either the mail server, or the > gateway if you use one. The connections get dropped as soon > as they give a non-existent user address. I'm aware of this, and I do it here on my work system using a script to pull valid email addresses from Active Directory. However, the other system I admin looks after multiple remote domains, so it is not an option to use recipient maps. Looks like milter/watermark won't help us either as it tags outgoing mail, and outgoing mail is sent direct from the backend servers. Not to worry.. Grinning and bearing it is. Thanks for the replies! > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From naolson at gmail.com Wed Oct 3 01:39:23 2007 From: naolson at gmail.com (Nathan Olson) Date: Wed Oct 3 01:39:25 2007 Subject: Domain used for spam - NDR responses In-Reply-To: References: Message-ID: <8f54b4330710021739y398af373u8948851425e57ec@mail.gmail.com> You have to run milter-null on the outgoing and incoming servers. That's the whole point. Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071002/b82d0142/attachment.html From Jeff.Mills at versacold.com.au Wed Oct 3 01:44:21 2007 From: Jeff.Mills at versacold.com.au (Jeff Mills) Date: Wed Oct 3 01:44:25 2007 Subject: Domain used for spam - NDR responses Message-ID: ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Nathan Olson Sent: Wednesday, 3 October 2007 10:39 AM To: MailScanner discussion Subject: Re: Domain used for spam - NDR responses You have to run milter-null on the outgoing and incoming servers. That's the whole point. Nate I realise that, which is why it is no good in the current environment. From R.Sterenborg at netsourcing.nl Wed Oct 3 06:26:44 2007 From: R.Sterenborg at netsourcing.nl (Rob Sterenborg) Date: Wed Oct 3 06:27:24 2007 Subject: Domain used for spam - NDR responses In-Reply-To: References: Message-ID: <74ACEB3E6A055643A89B8CEC74C7BF2488E177@WISENT.dcyb.net> >> Milter null is supposed to help, but I haven't used it. >> But you should be dropping non-existent users at the first >> point of entry to your system, either the mail server, or the >> gateway if you use one. The connections get dropped as soon >> as they give a non-existent user address. > > I'm aware of this, and I do it here on my work system using a > script to pull valid email addresses from Active Directory. > However, the other system I admin looks after multiple remote domains, > so it is not an option to use recipient maps. What MTA? I know that Postfix can do recipient address verification (just like sender address verification that some despise), if the final receiving MTA rejects non-existing recipients. Perhaps you can use this, in which case you don't need relay recipient maps. Of course you'll have the penalty of some extra network traffic between the relay and the final MTA's. Grts, Rob From Jeff.Mills at versacold.com.au Wed Oct 3 06:36:07 2007 From: Jeff.Mills at versacold.com.au (Jeff Mills) Date: Wed Oct 3 06:36:12 2007 Subject: Domain used for spam - NDR responses Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Rob Sterenborg > Sent: Wednesday, 3 October 2007 3:27 PM > To: MailScanner discussion > Subject: RE: Domain used for spam - NDR responses > > What MTA? > > I know that Postfix can do recipient address verification > (just like sender address verification that some despise), if > the final receiving MTA rejects non-existing recipients. > Perhaps you can use this, in which case you don't need relay > recipient maps. > Of course you'll have the penalty of some extra network > traffic between the relay and the final MTA's. > > > Grts, > Rob MTA is Postfix. Interesting.. So if I understand correctly, postfix will query the backend server to see if a user exists before it accepts the inbound mail? I will look into that now. Thanks Rob. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From R.Sterenborg at netsourcing.nl Wed Oct 3 06:47:43 2007 From: R.Sterenborg at netsourcing.nl (Rob Sterenborg) Date: Wed Oct 3 06:48:28 2007 Subject: Domain used for spam - NDR responses In-Reply-To: References: Message-ID: <74ACEB3E6A055643A89B8CEC74C7BF2488E178@WISENT.dcyb.net> >> What MTA? >> >> I know that Postfix can do recipient address verification >> (just like sender address verification that some despise), if >> the final receiving MTA rejects non-existing recipients. >> Perhaps you can use this, in which case you don't need relay >> recipient maps. Of course you'll have the penalty of some extra >> network traffic between the relay and the final MTA's. >> >> >> Grts, >> Rob > > MTA is Postfix. > Interesting.. So if I understand correctly, postfix will query the > backend server to see if a user exists before it accepts the inbound > mail? I will look into that now. http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient > Thanks Rob. You're welcome. Grts, Rob From Jeff.Mills at versacold.com.au Wed Oct 3 07:01:29 2007 From: Jeff.Mills at versacold.com.au (Jeff Mills) Date: Wed Oct 3 07:01:33 2007 Subject: Domain used for spam - NDR responses Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Rob Sterenborg > Sent: Wednesday, 3 October 2007 3:48 PM > To: MailScanner discussion > Subject: RE: Domain used for spam - NDR responses > >> Rob > > > > MTA is Postfix. > > Interesting.. So if I understand correctly, postfix will query the > > backend server to see if a user exists before it accepts > the inbound > > mail? I will look into that now. > > http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient > > > Thanks Rob. > > You're welcome. > Just reconfigured postfix now and reloaded. Looks like its working just fine. Great idea for Postfix users who can't do a recipient map. From Q.G.Campbell at newcastle.ac.uk Wed Oct 3 08:19:37 2007 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Wed Oct 3 08:19:41 2007 Subject: Domain used for spam - NDR responses In-Reply-To: References: Message-ID: <4165CF7A7F12DE4B96622CCBB90586470BC12650@largo.campus.ncl.ac.uk> >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >bounces@lists.mailscanner.info] On Behalf Of Scott Silva >Sent: 03 October 2007 00:28 >To: mailscanner@lists.mailscanner.info >Subject: Re: Domain used for spam - NDR responses > >on 10/2/2007 4:06 PM Jeff Mills spake the following: >> Hi all, >> Just wondering if anyone has some magic solution for what I'm sure is >> a common problem. [snip] >> Rgs, >> Jeff >Milter null is supposed to help, but I haven't used it. > >But you should be dropping non-existent users at the first point of >entry to your system, either the mail server, or the gateway if you >use one. The connections get dropped as soon as they give a non-existent >user address. That is the obvious and common solution. Do as Scott suggests for the domains over which you have control. If your MTA is Sendmail you can use milter-ahead (same vendor as for milter-null) for the domains to which you merely act as a gateway/relay. This latter approach of course assumes that the recipient MTAs to which you are relaying reject non-existent addresses as your own does. If they don't that is not your problem! The recipient MTA has accepted responsibility for the messages with invalid addresses in its domain(s) that you relayed to it. The messages are no longer in your queues! Quentin From rwahyudi at gmail.com Wed Oct 3 08:30:59 2007 From: rwahyudi at gmail.com (Rianto Wahyudi) Date: Wed Oct 3 08:29:27 2007 Subject: Domain used for spam - NDR responses In-Reply-To: References: Message-ID: <47034533.4060306@gmail.com> I use spamassassin's VBounce ruleset to stop these messages http://wiki.apache.org/spamassassin/VBounceRuleset. I whitelist all outgoing server and I amplify the scoring so bounce message that comes in will get categorized as Low Scoring Spam. Rianto Wahyudi --- adela putri tirta belek Jeff Mills wrote: > Hi all, > Just wondering if anyone has some magic solution for what I'm sure is a > common problem. > > A spammer generates thousands of random email addresses using your > domain name and sends out a bazillion emails. > All the NDR's come back to your server destined for non-existant > mailboxes. > > Now my common sense tells me that if you want to stop these you can > block all NDR's, for example by using MCP and blocking "Delivery Status > Notification (Failure)" "Undeliverable" etc. > However, that will also block legitimate NDR's. > > So do you all just grin and bear these or is there a magic solution I'm > not thinking of? > > Rgs, > Jeff > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071003/773f0c2e/attachment.html From Q.G.Campbell at newcastle.ac.uk Wed Oct 3 08:45:35 2007 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Wed Oct 3 08:45:40 2007 Subject: MailScanner- tracking downlaods - a cautionary note In-Reply-To: References: <4700B596.204@ecs.soton.ac.uk> <625385e30710010422u50c47120sac85da417099de4d@mail.gmail.com> <625385e30710020007q6ecc8e91t1776657672dbc8cf@mail.gmail.com> <4701F8F2.8090001@ecs.soton.ac.uk> <47022BCE.6070704@ecs.soton.ac.uk> Message-ID: <4165CF7A7F12DE4B96622CCBB90586470BC12656@largo.campus.ncl.ac.uk> >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >bounces@lists.mailscanner.info] On Behalf Of Scott Silva >Sent: 02 October 2007 16:29 >To: mailscanner@lists.mailscanner.info >Subject: Re: MailScanner ANNOUNCE: 4.64.3 released > [snip] Scott Silva said: >> Jules >You can always add some sort of "phone home with permission" type of >thing to keep track of the installed base. Maybe something that sends back OS and >maybe a randomly generated and locally stored signature. That way you would >get a better idea of how many mailscanners are out there. >Any body who is very paranoid could opt out. Julian If you chose to go down that route please be open and public about it and ensure every downloader is fully aware that MailScanner will send back info about usage to you. You will recall that Antony Howe of SnertSoft recently received some (mainly unfair) criticism for doing this in the many useful Sendmail milters that he offers. There is always a danger that such criticism, even when not justified, may have had an adverse impact on the reputation of your software. However what SnertSoft software does is both appropriate and proportionate but was open to the criticism that Anthony had not made it as obvious to purchasers/downloaders as he could have in the licencing conditions. He has since remedied that. We use some of the SnertSoft milters here and very useful they are too! Quentin From glenn.steen at gmail.com Wed Oct 3 09:00:00 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Oct 3 09:00:01 2007 Subject: What causes this type of address in envelopes? - how towhitelist! In-Reply-To: <4165CF7A7F12DE4B96622CCBB90586470BC12614@largo.campus.ncl.ac.uk> References: <46FD4351.8090903@cnpapers.com> <46FD51B6.3020802@USherbrooke.ca> <46FD5600.3070009@cnpapers.com> <223f97700709290353m1ea80030gc08389868317b0c7@mail.gmail.com> <4165CF7A7F12DE4B96622CCBB90586470BC12592@largo.campus.ncl.ac.uk> <223f97700710020633w2a367d8if4a75098291223d2@mail.gmail.com> <4165CF7A7F12DE4B96622CCBB90586470BC12614@largo.campus.ncl.ac.uk> Message-ID: <223f97700710030100s422868a1t97c4a8278fd78c1d@mail.gmail.com> On 02/10/2007, Quentin Campbell wrote: > >-----Original Message----- > >From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >bounces@lists.mailscanner.info] On Behalf Of Glenn Steen > >Sent: 02 October 2007 14:33 > >To: MailScanner discussion > >Subject: Re: What causes this type of address in envelopes? - how > >towhitelist! > > > [snip] > >> You can reliably whitelist PRVS addresses using a regular expression. > >> Using the address example from Steve's original message, > >> prvs=somebody=7848db996@somedomain.com, your entry in the > >> spam.whitelist.rules file for that address would be: > >> > >> From: /prvs=somebody=.*\@somedomain\.com$/ yes > >> > >Except that this still is very spoofable...:-). > > Glen > > True, but that has always been a problem with whitelisting non PRVS-type > addresses so Steve is no worse off (with the above) than he was before > the sender introduced PRVS. > > Quentin True. Just my regular carp:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From shuttlebox at gmail.com Wed Oct 3 09:19:35 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Oct 3 09:19:38 2007 Subject: MailScanner- tracking downlaods - a cautionary note In-Reply-To: <4165CF7A7F12DE4B96622CCBB90586470BC12656@largo.campus.ncl.ac.uk> References: <4700B596.204@ecs.soton.ac.uk> <625385e30710010422u50c47120sac85da417099de4d@mail.gmail.com> <625385e30710020007q6ecc8e91t1776657672dbc8cf@mail.gmail.com> <4701F8F2.8090001@ecs.soton.ac.uk> <47022BCE.6070704@ecs.soton.ac.uk> <4165CF7A7F12DE4B96622CCBB90586470BC12656@largo.campus.ncl.ac.uk> Message-ID: <625385e30710030119g7dce47ffv831215ea8e6a5e7@mail.gmail.com> On 10/3/07, Quentin Campbell wrote: > Scott Silva said: > > >> Jules > >You can always add some sort of "phone home with permission" type of > >thing to keep track of the installed base. Maybe something that sends > back OS and > >maybe a randomly generated and locally stored signature. That way you > would > >get a better idea of how many mailscanners are out there. > >Any body who is very paranoid could opt out. > > Julian > > If you chose to go down that route please be open and public about it > and ensure every downloader is fully aware that MailScanner will send > back info about usage to you. Wasn't this meant as a harmless way of tracking MS usage? It's very open and anyone can replace it to their liking. # When a web bug is found, what image do you want to replace it with? # By replacing it with a real image, the page layout still works properly, # so the formatting and layout of the message is correct. # The following is a harmless untracked 1x1 pixel transparent image. # If this is not specified, the the old value of "MailScannerWebBug" is used, # which of course is not an image and may well upset layout of the email. # This can also be the filename of a ruleset. Web Bug Replacement = http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1space r.gif -- /peter From glenn.steen at gmail.com Wed Oct 3 09:27:53 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Oct 3 09:27:56 2007 Subject: MailScanner- tracking downlaods - a cautionary note In-Reply-To: <625385e30710030119g7dce47ffv831215ea8e6a5e7@mail.gmail.com> References: <4700B596.204@ecs.soton.ac.uk> <625385e30710010422u50c47120sac85da417099de4d@mail.gmail.com> <625385e30710020007q6ecc8e91t1776657672dbc8cf@mail.gmail.com> <4701F8F2.8090001@ecs.soton.ac.uk> <47022BCE.6070704@ecs.soton.ac.uk> <4165CF7A7F12DE4B96622CCBB90586470BC12656@largo.campus.ncl.ac.uk> <625385e30710030119g7dce47ffv831215ea8e6a5e7@mail.gmail.com> Message-ID: <223f97700710030127n33b1f908yf425decc3a61a7c6@mail.gmail.com> On 03/10/2007, shuttlebox wrote: > On 10/3/07, Quentin Campbell wrote: > > Scott Silva said: > > > > >> Jules > > >You can always add some sort of "phone home with permission" type of > > >thing to keep track of the installed base. Maybe something that sends > > back OS and > > >maybe a randomly generated and locally stored signature. That way you > > would > > >get a better idea of how many mailscanners are out there. > > >Any body who is very paranoid could opt out. > > > > Julian > > > > If you chose to go down that route please be open and public about it > > and ensure every downloader is fully aware that MailScanner will send > > back info about usage to you. > > Wasn't this meant as a harmless way of tracking MS usage? It's very > open and anyone can replace it to their liking. > > # When a web bug is found, what image do you want to replace it with? > # By replacing it with a real image, the page layout still works properly, > # so the formatting and layout of the message is correct. > # The following is a harmless untracked 1x1 pixel transparent image. > # If this is not specified, the the old value of "MailScannerWebBug" is used, > # which of course is not an image and may well upset layout of the email. > # This can also be the filename of a ruleset. > Web Bug Replacement = http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1space > r.gif > Quite true. And then we haven't lo0oked at the possibilities of the Phishing updates etc... Or are those "distributed"? Anyway, Jules can have a fair ballpark figure of how many sites that use MS anytime he likes... Just som log analysis:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Wed Oct 3 09:39:55 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 3 09:40:16 2007 Subject: Removing attachments but delivering the message In-Reply-To: References: Message-ID: <4703555B.8080901@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Set the maximum attachment size to 1 byte and it will strip all attachments. Fabio Viero wrote: > Hi List > > Is there a way i can remove the attachment(s) from certain specific > messages but still the delivering the message itself? > > Thanks is advance > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHA1VcEfZZRxQVtlQRAosVAJ9LxgUEDE6uT8HxQ9Niqxx8xnfNlQCfRlRC SAbwrvsoCxDGTiPuay89RRY= =Vr9N -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From Q.G.Campbell at newcastle.ac.uk Wed Oct 3 09:51:53 2007 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Wed Oct 3 09:52:49 2007 Subject: MailScanner- tracking downlaods - a cautionary note In-Reply-To: <625385e30710030119g7dce47ffv831215ea8e6a5e7@mail.gmail.com> References: <4700B596.204@ecs.soton.ac.uk><625385e30710010422u50c47120sac85da417099de4d@mail.gmail.com><625385e30710020007q6ecc8e91t1776657672dbc8cf@mail.gmail.com><4701F8F2.8090001@ecs.soton.ac.uk><47022BCE.6070704@ecs.soton.ac.uk> <4165CF7A7F12DE4B96622CCBB90586470BC12656@largo.campus.ncl.ac.uk> <625385e30710030119g7dce47ffv831215ea8e6a5e7@mail.gmail.com> Message-ID: <4165CF7A7F12DE4B96622CCBB90586470BC126A0@largo.campus.ncl.ac.uk> >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >bounces@lists.mailscanner.info] On Behalf Of shuttlebox >Sent: 03 October 2007 09:20 >To: MailScanner discussion >Subject: Re: MailScanner- tracking downlaods - a cautionary note > >On 10/3/07, Quentin Campbell wrote: >> Scott Silva said: >> >> >> Jules >> >You can always add some sort of "phone home with permission" type of >> >thing to keep track of the installed base. Maybe something that sends >> back OS and >> >maybe a randomly generated and locally stored signature. That way you >> >would get a better idea of how many mailscanners are out there. >> >Any body who is very paranoid could opt out. >> >> Julian >> >> If you chose to go down that route please be open and public about it >> and ensure every downloader is fully aware that MailScanner will send >> back info about usage to you. > >Wasn't this meant as a harmless way of tracking MS usage? It's very >open and anyone can replace it to their liking. No, what Scott Silva was suggesting, as I understood it, is quite different to a web bug. The suggested facility might send info about the server name/address, OS type, product being run, date/time, etc to a remote server of Julian's. The facility used by Anthony Howe sends some of the above info back to a remote server every time his software is started on a host. In his case it simply provides enough info to enable the licencee to check that the use of the product is licenced and in this regard has a different purpose to that which was suggested by Scott. Quentin > ># When a web bug is found, what image do you want to replace it with? ># By replacing it with a real image, the page layout still works >properly, ># so the formatting and layout of the message is correct. ># The following is a harmless untracked 1x1 pixel transparent image. ># If this is not specified, the the old value of "MailScannerWebBug" is >used, ># which of course is not an image and may well upset layout of the >email. ># This can also be the filename of a ruleset. >Web Bug Replacement = >http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1space >r.gif > >-- >/peter >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From craig at csfs.co.za Wed Oct 3 09:58:27 2007 From: craig at csfs.co.za (Craig Retief) Date: Wed Oct 3 10:01:21 2007 Subject: OT: How You doing Jules? Message-ID: Hi Julian, This is a bit off topic but I just wanted to find out how you have been doing lately? Has your health been improving? Kind Regards, Craig -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071003/c395def1/attachment.html From hvdkooij at vanderkooij.org Wed Oct 3 10:54:20 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Oct 3 10:54:32 2007 Subject: Domain used for spam - NDR responses In-Reply-To: References: Message-ID: On Wed, 3 Oct 2007, Jeff Mills wrote: > I realise that, which is why it is no good in the current environment. Then do what humans always do. Adapt the environment. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From slacker.ar at gmail.com Wed Oct 3 14:08:27 2007 From: slacker.ar at gmail.com (Dario Hernan) Date: Wed Oct 3 14:08:31 2007 Subject: Error in mailscanner with ID's duplicated In-Reply-To: References: <9bc19ef30709271339s979e7d9k30a6466406efa4c1@mail.gmail.com> <7d9b3cf20709271917q284d69e8w69b82c1f12f876c5@mail.gmail.com> <9bc19ef30709280946p48ab5116vad1b217e78765a78@mail.gmail.com> Message-ID: <9bc19ef30710030608m7c853908ib035ee55859c3bb7@mail.gmail.com> Hi, I see a full progression of the mail at the log. I hope that two mailscanner's child take the same mail to process, and when the first one end his job, move the mail to another folder and the second one doesn't found it. Is that possible?? there is a solution for that? Thanks Dario On 9/28/07, Scott Silva wrote: > on 9/28/2007 9:46 AM Dario Hernan spake the following: > > I will give more info about the problem. > > this error appear in random form, three or four times per day, > > receiving between 10000 and 20000 emails per day, in at least 10 > > servers, all with mailscanner 4.55 or higher > > some advice about it?? > > > > thanks > > Dario > If you look at the log grepping the mail id that errors out, do you see a full > progression of the mail or does the message disappear? > Are you using any kind of milters or sendmail parameters that might disconnect > a remote server during the data phase like connection timeouts? > > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From davejones70 at gmail.com Wed Oct 3 16:11:07 2007 From: davejones70 at gmail.com (Dave Jones) Date: Wed Oct 3 16:11:08 2007 Subject: Error using F-Secure 5.52 Message-ID: <67a55ed50710030811o387d1866w6e4339eb608d6ad7@mail.gmail.com> Julian, you are awesome! That was a very fast response with a fix. One more issue: F-Secure has a daemon "fsavd" that would be better to use over the command line version as we start pumping tons of emails through these servers. Would it be possible to get MailScanner to utilize the F-Secure daemon? P.S. If our pilot goes well during October, I will be sending some financial compensation your direction. MailScanner with MailWatch will be replacing a commercial software package costing big bucks with less features. Dave Message: 12 Date: Tue, 02 Oct 2007 18:58:19 +0100 From: Julian Field Subject: Re: Error using F-Secure 5.52 To: MailScanner discussion Message-ID: <470286BB.9080601@ecs.soton.ac.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed I have just release version 4.65.1 with support for F-Secure 5.50 and above. Download it as usual from www.mailscanner.info. Dave Jones wrote: > Downloaded eval version of F-Secure AV Linux Server Security from > http://www.f-secure.com/small_businesses/evaluations/fsavssl.html and > installed the command line only version with > "./f-secure-linux-server-security-5.52.6200 --command-line-only". > > [root@smtp1 bin]# MailScanner --lint > Checking version numbers... > Version number in MailScanner.conf (4.64.3) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > > MailScanner.conf says "Virus Scanners = clamd f-secure" > Found these virus scanners installed: clamd, f-secure > =========================================================================== > Commercial virus checker failed with real error: Either you've found a > bug in MailScanner's F-Secure output parser, or F-Secure's output > format has changed! Please mail the author of MailScanner! > at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2040 > at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 1019 > [root@smtp1 bin]# > > > Did I install the wrong version or is this a new version that > MailScanner needs to be tweaked to work with? > -- > Dave Jones Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071003/f1b64e5c/attachment.html From fviero at gmail.com Wed Oct 3 16:31:37 2007 From: fviero at gmail.com (Fabio Viero) Date: Wed Oct 3 16:31:39 2007 Subject: Removing attachments but delivering the message In-Reply-To: <4703555B.8080901@ecs.soton.ac.uk> References: <4703555B.8080901@ecs.soton.ac.uk> Message-ID: Hi Julian Thanks for your reply. I?ll try to be more specific and i also did some testing on what i think is the correct approach for my problem. Unfortunatelly i ran into some dificulties here. We have a system that sends a huge number of messages to a huge number of distinct recipients on the internet and we receive a lot of bounces (mailbox overquota, recipient does not exist and the like). We would like to drop these messages altogether. In some cases these warnings are attachments and we also would like to drop these attachments. See that i have a distinct list for messages i want to delete and for messages i want to drop the attachment. Differences between one and the other are done by the Subject field. In common they have the To: field What i did already: 1. Setup some MCP rules for the Subject. But i soon realized i couldn?t do that because while i can tell MS to drop MCP?s i want to do that based on a specific To address. Should i do that by using a second body statement in the rule? 2. For the attachments, i followed your direction and created a ruleset that looks like the following: To: user@domain.com.br 1 FromOrTo: default -1 No problem arose here, but i checked Mailwatch and the status of the message told that the attachment was too large, that?s correct but i didn?t receive any message on the user mailbox. It seemed like the message was not delivered (although Mailwatch report told it was, i mean no spam, bad content or anything) and i have both the message and the attach stored in the quarantine. Maybe here i?ll have a hard issue. How can i tell MS to remove an attachment based on its message Subject field? Is it possible at all? Thanks a lot Julian On 10/3/07, Julian Field wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Set the maximum attachment size to 1 byte and it will strip all > attachments. > > Fabio Viero wrote: > > Hi List > > > > Is there a way i can remove the attachment(s) from certain specific > > messages but still the delivering the message itself? > > > > Thanks is advance > > > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.3 (Build 3017) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFHA1VcEfZZRxQVtlQRAosVAJ9LxgUEDE6uT8HxQ9Niqxx8xnfNlQCfRlRC > SAbwrvsoCxDGTiPuay89RRY= > =Vr9N > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071003/ca8939a5/attachment.html From jaearick at colby.edu Wed Oct 3 17:02:42 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Oct 3 17:02:53 2007 Subject: 4.64.3: raise spam score via watermark? Message-ID: Julian, I set: Treat Invalid Watermarks With No Sender as Spam = 2.0 in version 4.64.3. Is there any indication in the syslogs that watermarking raised a spam score? Or any indication on the mail headers? I have most spam logging settings turned on. I'm giving this feature a whirl here... Jeff Earickson Colby College From bbecken at aafp.org Wed Oct 3 17:09:07 2007 From: bbecken at aafp.org (Brad Beckenhauer) Date: Wed Oct 3 17:10:32 2007 Subject: MailScanner ANNOUNCE: 4.64.3 released In-Reply-To: References: <4700B596.204@ecs.soton.ac.uk> <625385e30710010422u50c47120sac85da417099de4d@mail.gmail.com> <625385e30710020007q6ecc8e91t1776657672dbc8cf@mail.gmail.com> <4701F8F2.8090001@ecs.soton.ac.uk> <47022BCE.6070704@ecs.soton.ac.uk><47022BCE.6070704@ecs.soton.ac.uk> Message-ID: <47037853.D87E.0068.3@aafp.org> >>> On 10/2/2007 at 10:28 AM, in message , Scott Silva wrote: > on 10/2/2007 4:30 AM Julian Field spake the following: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Hugo van der Kooij wrote: >>> On Tue, 2 Oct 2007, Julian Field wrote: >>> >>>> Many thanks for all your work on Blastwave. We are already using it here >>>> on some of our web servers, and it has proved to be very useful and >>>> timesaving. Thank you! >>> Jules, >>> >>> May I take from your praise that you are not against MailScanner being >>> added to a repository? >>> >>> I think Dag Wiers will be glad to add MailScanner to rpmforge so you >>> have no worries about setting up a YUM repositor. It will allow >>> everyone to do what they do best. >> I initially always said no to requests like this, as I liked to keep a >> close eye on download stats (hence my 1 million downloads figure). >> However, MailScanner is getting into more and more distros now, so the >> website download stats no longer represent the number of sites using >> MailScanner in any meaningful way. >> >> So there's not much point in saying no any more, I've lost control >> anyway. So I would be most pleased if Dag would like to add it to his >> repository. If there's anything reasonable that he needs me to do in >> return, I'll do what I can. >> >> Jules > You can always add some sort of "phone home with permission" type of thing > to > keep track of the installed base. Maybe something that sends back OS and > maybe > a randomly generated and locally stored signature. That way you would get a > better idea of how many mailscanners are out there. > Any body who is very paranoid could opt out. I used Arch Linux at home for a number of years and somebody wrote a neat package that uploaded generic/sanitized system information/stats that searchable on a website. I suggested it as option in June 2006. Below is the link to the website, source code and the stats it generated. I think having a configurable option in MailScanner to allow MailScanner to "phone home" periodically with some generic system stats (Running MailScanner version, OS, number of cpu's, RAM, would be incredibly interesting. http://archlinux.org/~simo/archstats/ Brad From pablo at lacnic.net Wed Oct 3 17:47:33 2007 From: pablo at lacnic.net (Pablo Allietti) Date: Wed Oct 3 17:48:30 2007 Subject: whitelist. Message-ID: <20071003164733.GA128@micron2.lacnic.net.uy> hi all is possible to configure a mailscanner to: from my server, dont do any check ? to other server, dont do any check ? for example to communicate 2 server server1 server2 make a whitelist from this 2 server]? -- From KGoods at AIAInsurance.com Wed Oct 3 18:14:41 2007 From: KGoods at AIAInsurance.com (Ken Goods) Date: Wed Oct 3 18:17:44 2007 Subject: whitelist. Message-ID: <13C0059880FDD3118DC600508B6D4A6D01C295FD@aiainsurance.com> Pablo Allietti wrote: > hi all is possible to configure a mailscanner to: > > > from my server, dont do any check ? > to other server, dont do any check ? > > > for example to communicate 2 server > > server1 server2 > > make a whitelist from this 2 server]? > > -- There are a couple ways but I just use a ruleset. In my spam.rules file in the /etc/MailScanner/rules directory I have From: XXX.XXX.XXX.XXX no FromOrTo: XXX.XXX.XXX.XXX no FromOrTo: default yes I use ip addresses since they don't change. Then in MailScanner.conf (under Spam Detection and Spam Lists) I have Spam Checks = %rules-dir%/spam.rules Works like a charm! Hope this helps. Kind regards, Ken Ken Goods Network Administrator CropUSA Insurance, Inc. From ssilva at sgvwater.com Wed Oct 3 18:20:20 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 3 18:27:00 2007 Subject: Error in mailscanner with ID's duplicated In-Reply-To: <9bc19ef30710030608m7c853908ib035ee55859c3bb7@mail.gmail.com> References: <9bc19ef30709271339s979e7d9k30a6466406efa4c1@mail.gmail.com> <7d9b3cf20709271917q284d69e8w69b82c1f12f876c5@mail.gmail.com> <9bc19ef30709280946p48ab5116vad1b217e78765a78@mail.gmail.com> <9bc19ef30710030608m7c853908ib035ee55859c3bb7@mail.gmail.com> Message-ID: on 10/3/2007 6:08 AM Dario Hernan spake the following: > Hi, I see a full progression of the mail at the log. > I hope that two mailscanner's child take the same mail to process, and > when the first one end his job, move the mail to another folder and > the second one doesn't found it. > Is that possible?? there is a solution for that? > I don't think MailScanner should be doing that unless your locktype is somehow wrong. I suppose it is possible with high mail volume and many children to have two processes hit the same message a few times a day, but Julian would be a better judge of that possibility. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Wed Oct 3 18:41:19 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 3 18:41:52 2007 Subject: Error in mailscanner with ID's duplicated In-Reply-To: References: <9bc19ef30709271339s979e7d9k30a6466406efa4c1@mail.gmail.com> <7d9b3cf20709271917q284d69e8w69b82c1f12f876c5@mail.gmail.com> <9bc19ef30709280946p48ab5116vad1b217e78765a78@mail.gmail.com> <9bc19ef30710030608m7c853908ib035ee55859c3bb7@mail.gmail.com> Message-ID: <4703D43F.5060709@ecs.soton.ac.uk> Scott Silva wrote: > on 10/3/2007 6:08 AM Dario Hernan spake the following: >> Hi, I see a full progression of the mail at the log. >> I hope that two mailscanner's child take the same mail to process, and >> when the first one end his job, move the mail to another folder and >> the second one doesn't found it. >> Is that possible?? there is a solution for that? >> > I don't think MailScanner should be doing that unless your locktype is > somehow wrong. I suppose it is possible with high mail volume and many > children to have two processes hit the same message a few times a day, > but Julian would be a better judge of that possibility. > No, that most definitely shouldn't happen. The file locking should take care of that. Only 1 child can have a message at once, and only then when the MTA has finished writing it. Something is wrong in your file locking. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Wed Oct 3 18:42:25 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 3 18:42:42 2007 Subject: Error using F-Secure 5.52 In-Reply-To: <67a55ed50710030811o387d1866w6e4339eb608d6ad7@mail.gmail.com> References: <67a55ed50710030811o387d1866w6e4339eb608d6ad7@mail.gmail.com> Message-ID: <4703D481.8040708@ecs.soton.ac.uk> Dave Jones wrote: > Julian, you are awesome! That was a very fast response with a fix. > > One more issue: F-Secure has a daemon "fsavd" that would be better to > use over > the command line version as we start pumping tons of emails through > these servers. > > Would it be possible to get MailScanner to utilize the F-Secure daemon? Agreed. But that will require documentation and more time. Can I leave you with the job of getting for fsavd documentation please? > > P.S. If our pilot goes well during October, I will be sending some > financial > compensation your direction. Thank you! > MailScanner with MailWatch will be replacing > a commercial software package costing big bucks with less features. Another convert :-) > > Dave > > Message: 12 > Date: Tue, 02 Oct 2007 18:58:19 +0100 > From: Julian Field < MailScanner@ecs.soton.ac.uk > > > Subject: Re: Error using F-Secure 5.52 > To: MailScanner discussion > > Message-ID: <470286BB.9080601@ecs.soton.ac.uk > > > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > I have just release version 4.65.1 with support for F-Secure 5.50 and > above. > Download it as usual from www.mailscanner.info > . > > Dave Jones wrote: > > Downloaded eval version of F-Secure AV Linux Server Security from > > http://www.f-secure.com/small_businesses/evaluations/fsavssl.html and > > installed the command line only version with > > "./f-secure-linux-server-security-5 > .52.6200 --command-line-only". > > > > [root@smtp1 bin]# MailScanner --lint > > Checking version numbers... > > Version number in MailScanner.conf (4.64.3) is correct. > > > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > > > Checking for SpamAssassin errors (if you use it)... > > SpamAssassin temp dir = > /var/spool/MailScanner/incoming/SpamAssassin-Temp > > > > MailScanner.conf says "Virus Scanners = clamd f-secure" > > Found these virus scanners installed: clamd, f-secure > > > =========================================================================== > > Commercial virus checker failed with real error: Either you've found a > > bug in MailScanner's F-Secure output parser, or F-Secure's output > > format has changed! Please mail the author of MailScanner! > > at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2040 > > at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 1019 > > [root@smtp1 bin]# > > > > > > Did I install the wrong version or is this a new version that > > MailScanner needs to be tweaked to work with? > > -- > > Dave Jones > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Wed Oct 3 18:45:50 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 3 18:46:14 2007 Subject: Removing attachments but delivering the message In-Reply-To: References: <4703555B.8080901@ecs.soton.ac.uk> Message-ID: <4703D54E.80902@ecs.soton.ac.uk> For the attachments, I'm not sure why you aren't still receiving the "got the message but the attachment was too large" message, I would have to take a look at your system setup to see that one. As to making it set the attachment size limit depending on the subject, that could be done with a very short Custom Function that looked at "$message->{subject}" to decide what value to return to the attachment limit configuration setting. Hope that helps a bit, Jules. Fabio Viero wrote: > Hi Julian > > Thanks for your reply. I?ll try to be more specific and i also did > some testing on what i think is the correct approach for my problem. > Unfortunatelly i ran into some dificulties here. > > We have a system that sends a huge number of messages to a huge number > of distinct recipients on the internet and we receive a lot of bounces > (mailbox overquota, recipient does not exist and the like). We would > like to drop these messages altogether. In some cases these warnings > are attachments and we also would like to drop these attachments. See > that i have a distinct list for messages i want to delete and for > messages i want to drop the attachment. Differences between one and > the other are done by the Subject field. In common they have the To: > field > > What i did already: > 1. Setup some MCP rules for the Subject. But i soon realized i > couldn?t do that because while i can tell MS to drop MCP?s i want to > do that based on a specific To address. Should i do that by using a > second body statement in the rule? > > 2. For the attachments, i followed your direction and created a > ruleset that looks like the following: > To: user@domain.com.br 1 > FromOrTo: default -1 > > No problem arose here, but i checked Mailwatch and the status of the > message told that the attachment was too large, that?s correct but i > didn?t receive any message on the user mailbox. It seemed like the > message was not delivered (although Mailwatch report told it was, i > mean no spam, bad content or anything) and i have both the message and > the attach stored in the quarantine. Maybe here i?ll have a hard > issue. How can i tell MS to remove an attachment based on its message > Subject field? Is it possible at all? > > Thanks a lot Julian > > > On 10/3/07, *Julian Field* > wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Set the maximum attachment size to 1 byte and it will strip all > attachments. > > Fabio Viero wrote: > > Hi List > > > > Is there a way i can remove the attachment(s) from certain specific > > messages but still the delivering the message itself? > > > > Thanks is advance > > > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.3 (Build 3017) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFHA1VcEfZZRxQVtlQRAosVAJ9LxgUEDE6uT8HxQ9Niqxx8xnfNlQCfRlRC > SAbwrvsoCxDGTiPuay89RRY= > =Vr9N > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Wed Oct 3 18:46:31 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 3 18:46:51 2007 Subject: 4.64.3: raise spam score via watermark? In-Reply-To: References: Message-ID: <4703D577.2060100@ecs.soton.ac.uk> I don't think I added any logging to this. I'll add a log entry for when this happens. Jeff A. Earickson wrote: > Julian, > > I set: > > Treat Invalid Watermarks With No Sender as Spam = 2.0 > > in version 4.64.3. Is there any indication in the syslogs > that watermarking raised a spam score? Or any indication > on the mail headers? I have most spam logging settings turned > on. I'm giving this feature a whirl here... > > Jeff Earickson > Colby College Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Wed Oct 3 18:50:35 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 3 18:50:50 2007 Subject: OT: How You doing Jules? In-Reply-To: References: Message-ID: <4703D66B.2000305@ecs.soton.ac.uk> I'm doing okay at the moment. I am back in the office full time, but I take at least an extra hour out of each day just to rest and recuperate. Fortunately I have a TV receiver, 2 reclining chairs, a sofa and a fridge in my office, so that's quite comfortable :-) I have my next planned hospital appointment on 11th December, when I will meet the liver transplant coordinators. Mail me or the list again then and I'll let you know what happened. Jules. Craig Retief wrote: > > Hi Julian, > > > > This is a bit off topic but I just wanted to find out how you have > been doing lately? > > > > Has your health been improving? > > Kind Regards, > > Craig > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Wed Oct 3 19:01:58 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 3 19:07:18 2007 Subject: MailScanner- tracking downlaods - a cautionary note In-Reply-To: <4165CF7A7F12DE4B96622CCBB90586470BC12656@largo.campus.ncl.ac.uk> References: <4700B596.204@ecs.soton.ac.uk> <625385e30710010422u50c47120sac85da417099de4d@mail.gmail.com> <625385e30710020007q6ecc8e91t1776657672dbc8cf@mail.gmail.com> <4701F8F2.8090001@ecs.soton.ac.uk> <47022BCE.6070704@ecs.soton.ac.uk> <4165CF7A7F12DE4B96622CCBB90586470BC12656@largo.campus.ncl.ac.uk> Message-ID: on 10/3/2007 12:45 AM Quentin Campbell spake the following: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Scott Silva >> Sent: 02 October 2007 16:29 >> To: mailscanner@lists.mailscanner.info >> Subject: Re: MailScanner ANNOUNCE: 4.64.3 released >> > [snip] > > Scott Silva said: > >>> Jules >> You can always add some sort of "phone home with permission" type of >> thing to keep track of the installed base. Maybe something that sends > back OS and >> maybe a randomly generated and locally stored signature. That way you > would >> get a better idea of how many mailscanners are out there. >> Any body who is very paranoid could opt out. > > Julian > > If you chose to go down that route please be open and public about it > and ensure every downloader is fully aware that MailScanner will send > back info about usage to you. > > You will recall that Antony Howe of SnertSoft recently received some > (mainly unfair) criticism for doing this in the many useful Sendmail > milters that he offers. There is always a danger that such criticism, > even when not justified, may have had an adverse impact on the > reputation of your software. > > However what SnertSoft software does is both appropriate and > proportionate but was open to the criticism that Anthony had not made it > as obvious to purchasers/downloaders as he could have in the licencing > conditions. He has since remedied that. > > We use some of the SnertSoft milters here and very useful they are too! > > Quentin That is why I put "with permission" in there. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Oct 3 19:11:01 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 3 19:12:43 2007 Subject: MailScanner- tracking downlaods - a cautionary note In-Reply-To: <4165CF7A7F12DE4B96622CCBB90586470BC126A0@largo.campus.ncl.ac.uk> References: <4700B596.204@ecs.soton.ac.uk><625385e30710010422u50c47120sac85da417099de4d@mail.gmail.com><625385e30710020007q6ecc8e91t1776657672dbc8cf@mail.gmail.com><4701F8F2.8090001@ecs.soton.ac.uk><47022BCE.6070704@ecs.soton.ac.uk> <4165CF7A7F12DE4B96622CCBB90586470BC12656@largo.campus.ncl.ac.uk> <625385e30710030119g7dce47ffv831215ea8e6a5e7@mail.gmail.com> <4165CF7A7F12DE4B96622CCBB90586470BC126A0@largo.campus.ncl.ac.uk> Message-ID: on 10/3/2007 1:51 AM Quentin Campbell spake the following: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of shuttlebox >> Sent: 03 October 2007 09:20 >> To: MailScanner discussion >> Subject: Re: MailScanner- tracking downlaods - a cautionary note >> >> On 10/3/07, Quentin Campbell wrote: >>> Scott Silva said: >>> >>>>> Jules >>>> You can always add some sort of "phone home with permission" type of >>>> thing to keep track of the installed base. Maybe something that > sends >>> back OS and >>>> maybe a randomly generated and locally stored signature. That way > you >>>> would get a better idea of how many mailscanners are out there. >>>> Any body who is very paranoid could opt out. >>> Julian >>> >>> If you chose to go down that route please be open and public about it >>> and ensure every downloader is fully aware that MailScanner will send >>> back info about usage to you. >> Wasn't this meant as a harmless way of tracking MS usage? It's very >> open and anyone can replace it to their liking. > > No, what Scott Silva was suggesting, as I understood it, is quite > different to a web bug. The suggested facility might send info about the > server name/address, OS type, product being run, date/time, etc to a > remote server of Julian's. > > The facility used by Anthony Howe sends some of the above info back to a > remote server every time his software is started on a host. In his case > it simply provides enough info to enable the licencee to check that the > use of the product is licenced and in this regard has a different > purpose to that which was suggested by Scott. > > Quentin I had more of a suggestion to only run once, on a fresh install, and ask permission first. Maybe even ask permission if it could run again after an upgrade. I don't have a problem if it basically sends the OS, and some type of hash against maybe MAC address just to make unique info. Then Julian could have a nice page showing X number of copies on FreeBSD, X number on Linux , and so on with solaris and the other BSD's. Maybe even more detail so people could see what OS choices are most popular with the MailScanner crowd. At a minimum, he could have "x million copies running worldwide!" with a better estimate than how many copies downloaded. I personally only download one copy and push it to all my servers so download statistics aren't real accurate. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From vernon at comp-wiz.com Wed Oct 3 19:14:51 2007 From: vernon at comp-wiz.com (Vernon Webb) Date: Wed Oct 3 19:15:08 2007 Subject: Error Starting MailScanner In-Reply-To: <4703D66B.2000305@ecs.soton.ac.uk> References: <4703D66B.2000305@ecs.soton.ac.uk> Message-ID: <20071003181214.M51366@comp-wiz.com> I just updated my server (Fedora Core 6) and the update seems to have broken MailScanner, so I re-intsalled and am now getting the following error message when starting: MailScanner:?????? Can't locate HTML/TokeParser.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread- multi /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread- multi /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread- multi /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread- multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site _perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl /usr/lib/perl5/vend or_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.7/i386-linux- thread-multi /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread- multi /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread- multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 /usr/lib/perl5/ vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl /usr/lib/ perl5/5.8.8/i386-linux-thread-multi /usr/lib/perl5/5.8.8 . /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 45. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 45. Compilation failed in require at /usr/sbin/MailScanner line 78. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 78. [? OK? ] Any ideas? From vernon at comp-wiz.com Wed Oct 3 19:29:40 2007 From: vernon at comp-wiz.com (Vernon Webb) Date: Wed Oct 3 19:29:57 2007 Subject: Fw: Error Starting MailScanner In-Reply-To: <20071003181214.M51366@comp-wiz.com> References: <4703D66B.2000305@ecs.soton.ac.uk> <20071003181214.M51366@comp-wiz.com> Message-ID: <20071003182719.M50945@comp-wiz.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071003/6d05967c/attachment.html From MailScanner at ecs.soton.ac.uk Wed Oct 3 19:31:15 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 3 19:31:41 2007 Subject: 4.64.3: raise spam score via watermark? In-Reply-To: <4703D577.2060100@ecs.soton.ac.uk> References: <4703D577.2060100@ecs.soton.ac.uk> Message-ID: <4703DFF3.8070301@ecs.soton.ac.uk> All done. It will be in the next release. If you really need this now, then I can send you a replacement Message.pm, but I'll do this off list. Jules. Julian Field wrote: > I don't think I added any logging to this. I'll add a log entry for > when this happens. > > Jeff A. Earickson wrote: >> Julian, >> >> I set: >> >> Treat Invalid Watermarks With No Sender as Spam = 2.0 >> >> in version 4.64.3. Is there any indication in the syslogs >> that watermarking raised a spam score? Or any indication >> on the mail headers? I have most spam logging settings turned >> on. I'm giving this feature a whirl here... >> >> Jeff Earickson >> Colby College > > Jules > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Wed Oct 3 19:44:35 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 3 19:44:59 2007 Subject: Fw: Error Starting MailScanner In-Reply-To: <20071003182719.M50945@comp-wiz.com> References: <4703D66B.2000305@ecs.soton.ac.uk> <20071003181214.M51366@comp-wiz.com> <20071003182719.M50945@comp-wiz.com> Message-ID: <4703E313.40207@ecs.soton.ac.uk> You need to decide which version of perl you want to keep. By default, MailScanner will use /usr/bin/perl. However, if the other one (/usr/local/bin/perl) is earlier in your $PATH, then some of the installation might have gone into that one and not /usr/bin/perl. I would advise scrapping /usr/local/bin/perl and /usr/local/lib/perl5 and anything else in /usr/local that looks like perl and re-installing MailScanner into your system, so that it will all go in /usr/bin/perl. You can find perly things in /usr/local like this: find /usr/local -name '*perl*' -print Vernon Webb wrote: > > OK, I have some more info. When I installed MailScanner it told me the > following: > > You appear to have 2 versions of Perl installed, > the normal one in /usr/bin and one in /usr/local. > This often happens if you have used CPAN to install modules. > I strongly advise you remove all traces of perl from > within /usr/local and then run this script again. > > If you do not want to do that, and really want to continue, > then you will need to run this script as > ./install.sh ignore-perl > > I had no idea what to do so I told it to ignore this. Any idea how I > locate this other Perl and remove it? > > Thanks > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From hvdkooij at vanderkooij.org Wed Oct 3 19:47:08 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Oct 3 19:47:28 2007 Subject: Fw: Error Starting MailScanner In-Reply-To: <20071003182719.M50945@comp-wiz.com> References: <4703D66B.2000305@ecs.soton.ac.uk> <20071003181214.M51366@comp-wiz.com> <20071003182719.M50945@comp-wiz.com> Message-ID: On Wed, 3 Oct 2007, Vernon Webb wrote: > OK, I have some more info. When I installed MailScanner it told?me the following:? > > You appear to have 2 versions of Perl installed, > the normal one in /usr/bin and one in /usr/local. > This often happens if you have used CPAN to install modules. > I strongly advise you remove all traces of perl from > within /usr/local and then run this script again. > > If you do not want to do that, and really want to continue, > then you will need to run this script as > ??????? ./install.sh ignore-perl > > I had no idea what to do so I told it to ignore this. Any idea how I locate this other Perl and remove it? Pardon me. But the answer is in the quote. Clear out your perl stuff from the /usr/local tree. If that is too hard to do then perhaps you should ask an administrator to do this for you. But in that case I also suggest you do not install software on the system but let an admin do this for you. Unfortunatly there is not a more nice way to say this but I recommend you do not excercise root priviliges untill you have learned to master them. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From hvdkooij at vanderkooij.org Wed Oct 3 19:47:50 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Oct 3 19:48:01 2007 Subject: Error Starting MailScanner In-Reply-To: <20071003181214.M51366@comp-wiz.com> References: <4703D66B.2000305@ecs.soton.ac.uk> <20071003181214.M51366@comp-wiz.com> Message-ID: On Wed, 3 Oct 2007, Vernon Webb wrote: > I just updated my server (Fedora Core 6) and the update seems to have broken > MailScanner, so I re-intsalled and am now getting the following error message when > starting: > > MailScanner:?????? Can't locate HTML/TokeParser.pm in @INC (@INC > contains: /usr/lib/MailScanner /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread- > multi /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread- > multi /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread- > multi /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread- > multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site > _perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl /usr/lib/perl5/vend > or_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.7/i386-linux- > thread-multi /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread- > multi /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread- > multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 /usr/lib/perl5/ > vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl /usr/lib/ > perl5/5.8.8/i386-linux-thread-multi /usr/lib/perl5/5.8.8 . /usr/lib/MailScanner) > at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 45. > BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/MCPMessage.pm > line 45. > Compilation failed in require at /usr/sbin/MailScanner line 78. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 78. > [? OK? ] > > > Any ideas? > -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From vernon at comp-wiz.com Wed Oct 3 19:49:46 2007 From: vernon at comp-wiz.com (Vernon Webb) Date: Wed Oct 3 19:50:05 2007 Subject: Fw: Error Starting MailScanner In-Reply-To: <4703E313.40207@ecs.soton.ac.uk> References: <4703D66B.2000305@ecs.soton.ac.uk> <20071003181214.M51366@comp-wiz.com> <20071003182719.M50945@comp-wiz.com> <4703E313.40207@ecs.soton.ac.uk> Message-ID: <20071003184929.M14935@comp-wiz.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071003/1d1eece9/attachment-0001.html From naolson at gmail.com Wed Oct 3 20:00:52 2007 From: naolson at gmail.com (Nathan Olson) Date: Wed Oct 3 20:00:56 2007 Subject: Virus Processing and Virus Scanning - the difference? Message-ID: <8f54b4330710031200q39052922j5f0eadde6deec2ac@mail.gmail.com> What is the difference between Virus Processing and Virus Scanning? What does one include that the other does not? from logfile: Oct x x:x:x vaccinex MailScanner[x]: Virus Processing completed at x bytes per second Oct x x:x:x vaccinex MailScanner[x]: Virus Scanning completed at x bytes per second Thanks, Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071003/22755c70/attachment.html From fviero at gmail.com Wed Oct 3 20:13:58 2007 From: fviero at gmail.com (Fabio Viero) Date: Wed Oct 3 20:14:00 2007 Subject: Removing attachments but delivering the message In-Reply-To: <4703D54E.80902@ecs.soton.ac.uk> References: <4703555B.8080901@ecs.soton.ac.uk> <4703D54E.80902@ecs.soton.ac.uk> Message-ID: Sure that helps...i?ll be sending my MailScanner.conf ASAP In the meantime could you please direct me to some sort of tutorial about writing Custom Functions? And by the way, i would by your book but i don?t have an international credit card. I tried to look for it at some of the best bookstores here in Brazil but couldn?t find your book in any of these :( Thanks in advance Julian On 10/3/07, Julian Field wrote: > > For the attachments, I'm not sure why you aren't still receiving the > "got the message but the attachment was too large" message, I would have > to take a look at your system setup to see that one. As to making it set > the attachment size limit depending on the subject, that could be done > with a very short Custom Function that looked at "$message->{subject}" > to decide what value to return to the attachment limit configuration > setting. > > Hope that helps a bit, > Jules. > > Fabio Viero wrote: > > Hi Julian > > > > Thanks for your reply. I?ll try to be more specific and i also did > > some testing on what i think is the correct approach for my problem. > > Unfortunatelly i ran into some dificulties here. > > > > We have a system that sends a huge number of messages to a huge number > > of distinct recipients on the internet and we receive a lot of bounces > > (mailbox overquota, recipient does not exist and the like). We would > > like to drop these messages altogether. In some cases these warnings > > are attachments and we also would like to drop these attachments. See > > that i have a distinct list for messages i want to delete and for > > messages i want to drop the attachment. Differences between one and > > the other are done by the Subject field. In common they have the To: > > field > > > > What i did already: > > 1. Setup some MCP rules for the Subject. But i soon realized i > > couldn?t do that because while i can tell MS to drop MCP?s i want to > > do that based on a specific To address. Should i do that by using a > > second body statement in the rule? > > > > 2. For the attachments, i followed your direction and created a > > ruleset that looks like the following: > > To: user@domain.com.br 1 > > FromOrTo: default -1 > > > > No problem arose here, but i checked Mailwatch and the status of the > > message told that the attachment was too large, that?s correct but i > > didn?t receive any message on the user mailbox. It seemed like the > > message was not delivered (although Mailwatch report told it was, i > > mean no spam, bad content or anything) and i have both the message and > > the attach stored in the quarantine. Maybe here i?ll have a hard > > issue. How can i tell MS to remove an attachment based on its message > > Subject field? Is it possible at all? > > > > Thanks a lot Julian > > > > > > On 10/3/07, *Julian Field* > > wrote: > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Set the maximum attachment size to 1 byte and it will strip all > > attachments. > > > > Fabio Viero wrote: > > > Hi List > > > > > > Is there a way i can remove the attachment(s) from certain > specific > > > messages but still the delivering the message itself? > > > > > > Thanks is advance > > > > > > > Jules > > > > - -- > > Julian Field MEng CITP > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > > > Need help customising MailScanner? > > Contact me! > > Need help fixing or optimising your systems? > > Contact me! > > Need help getting you started solving new requirements from your > boss? > > Contact me! > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP Desktop 9.6.3 (Build 3017) > > Comment: (pgp-secured) > > Charset: ISO-8859-1 > > > > wj8DBQFHA1VcEfZZRxQVtlQRAosVAJ9LxgUEDE6uT8HxQ9Niqxx8xnfNlQCfRlRC > > SAbwrvsoCxDGTiPuay89RRY= > > =Vr9N > > -----END PGP SIGNATURE----- > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > For all your IT requirements visit www.transtec.co.uk > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071003/17bda4ca/attachment.html From MailScanner at ecs.soton.ac.uk Wed Oct 3 20:14:06 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 3 20:14:31 2007 Subject: Fw: Error Starting MailScanner In-Reply-To: <20071003184929.M14935@comp-wiz.com> References: <4703D66B.2000305@ecs.soton.ac.uk> <20071003181214.M51366@comp-wiz.com> <20071003182719.M50945@comp-wiz.com> <4703E313.40207@ecs.soton.ac.uk> <20071003184929.M14935@comp-wiz.com> Message-ID: <4703E9FE.1060706@ecs.soton.ac.uk> Delete them with the "rm" command. Vernon Webb wrote: > How do I "scrap" them? > > ------------------------------------------------------------------------ > Vernon Webb > (201) 703-1232 > web designs & web hosting > by comp-wiz.com, inc. > Information in this transmission is privileged & confidential. It is > intended for the use of the individual or entity named above. Any > review, dissemination, disclosure, alteration, printing, circulation > or transmission of this email or it's attachments is prohibited and > unlawful. > > *---------- Original Message -----------* > From: Julian Field > To: MailScanner discussion > Sent: Wed, 03 Oct 2007 19:44:35 +0100 > Subject: Re: Fw: Error Starting MailScanner > > > You need to decide which version of perl you want to keep. > > By default, MailScanner will use /usr/bin/perl. > > However, if the other one (/usr/local/bin/perl) is earlier in your > > $PATH, then some of the installation might have gone into that one and > > not /usr/bin/perl. > > > > I would advise scrapping /usr/local/bin/perl and /usr/local/lib/perl5 > > and anything else in /usr/local that looks like perl and re-installing > > MailScanner into your system, so that it will all go in /usr/bin/perl. > > > > You can find perly things in /usr/local like this: > > find /usr/local -name '*perl*' -print > > > > Vernon Webb wrote: > > > > > > OK, I have some more info. When I installed MailScanner it told me > the > > > following: > > > > > > You appear to have 2 versions of Perl installed, > > > the normal one in /usr/bin and one in /usr/local. > > > This often happens if you have used CPAN to install modules. > > > I strongly advise you remove all traces of perl from > > > within /usr/local and then run this script again. > > > > > > If you do not want to do that, and really want to continue, > > > then you will need to run this script as > > > ./install.sh ignore-perl > > > > > > I had no idea what to do so I told it to ignore this. Any idea how I > > > locate this other Perl and remove it? > > > > > > Thanks > > > > > > > > > > Jules > > > > -- > > Julian Field MEng CITP > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info > /store > > > > MailScanner customisation, or any advanced system administration help? > > Contact me at Jules@Jules.FM > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > For all your IT requirements visit www.transtec.co.uk > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > For all your IT requirements visit www.transtec.co.uk > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > *------- End of Original Message -------* Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Wed Oct 3 20:27:13 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 3 20:27:49 2007 Subject: Error Starting MailScanner In-Reply-To: <20071003181214.M51366@comp-wiz.com> References: <4703D66B.2000305@ecs.soton.ac.uk> <20071003181214.M51366@comp-wiz.com> Message-ID: on 10/3/2007 11:14 AM Vernon Webb spake the following: > I just updated my server (Fedora Core 6) and the update seems to have broken > MailScanner, so I re-intsalled and am now getting the following error message when > starting: > > MailScanner: Can't locate HTML/TokeParser.pm in @INC (@INC > contains: /usr/lib/MailScanner /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread- > multi /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread- > multi /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread- > multi /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread- > multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site > _perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl /usr/lib/perl5/vend > or_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.7/i386-linux- > thread-multi /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread- > multi /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread- > multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 /usr/lib/perl5/ > vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl /usr/lib/ > perl5/5.8.8/i386-linux-thread-multi /usr/lib/perl5/5.8.8 . /usr/lib/MailScanner) > at /usr/lib/MailScanner/MailScanner/MCPMessage.pm line 45. > BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/MCPMessage.pm > line 45. > Compilation failed in require at /usr/sbin/MailScanner line 78. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 78. > [ OK ] > > > Any ideas? Another good reason to NOT use Fedora Core for servers unless you want to rebuild from scratch every upgrade. Use an enterprise class distro that doesn't change so often. There are many that are just as free. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From jon at radel.com Wed Oct 3 20:29:59 2007 From: jon at radel.com (Jon Radel) Date: Wed Oct 3 20:30:08 2007 Subject: Fw: Error Starting MailScanner In-Reply-To: <20071003184929.M14935@comp-wiz.com> References: <4703D66B.2000305@ecs.soton.ac.uk> <20071003181214.M51366@comp-wiz.com> <20071003182719.M50945@comp-wiz.com> <4703E313.40207@ecs.soton.ac.uk> <20071003184929.M14935@comp-wiz.com> Message-ID: <4703EDB7.2060101@radel.com> If your machine has a /usr/local, it almost certainly has a rm command, as in: rm /usr/local/bin/perl Needless to say, if you have other production software running on this machine which requires perl, it may be configured to require *this* copy of perl. It's up to you to analyze the implications and deal appropriately. Incidentally, if someone suggests that you run rm -fr /usr/local <-----DO NOT USE this command unless you really know what it does to scrap your files, you may take it as a suggestion to learn more about your OS. (Read the man page and figure it out.) --Jon Radel Vernon Webb wrote: > How do I "scrap" them? > > ------------------------------------------------------------------------ > Vernon Webb > (201) 703-1232 > web designs & web hosting > by comp-wiz.com, inc. > Information in this transmission is privileged & confidential. It is > intended for the use of the individual or entity named above. Any > review, dissemination, disclosure, alteration, printing, circulation or > transmission of this email or it's attachments is prohibited and unlawful. > > *---------- Original Message -----------* > From: Julian Field > To: MailScanner discussion > Sent: Wed, 03 Oct 2007 19:44:35 +0100 > Subject: Re: Fw: Error Starting MailScanner > >> You need to decide which version of perl you want to keep. >> By default, MailScanner will use /usr/bin/perl. >> However, if the other one (/usr/local/bin/perl) is earlier in your >> $PATH, then some of the installation might have gone into that one and >> not /usr/bin/perl. >> >> I would advise scrapping /usr/local/bin/perl and /usr/local/lib/perl5 >> and anything else in /usr/local that looks like perl and re-installing >> MailScanner into your system, so that it will all go in /usr/bin/perl. >> >> You can find perly things in /usr/local like this: >> find /usr/local -name '*perl*' -print >> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2890 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071003/bf92bda3/smime.bin From ssilva at sgvwater.com Wed Oct 3 20:28:56 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 3 20:30:31 2007 Subject: Fw: Error Starting MailScanner In-Reply-To: References: <4703D66B.2000305@ecs.soton.ac.uk> <20071003181214.M51366@comp-wiz.com> <20071003182719.M50945@comp-wiz.com> Message-ID: on 10/3/2007 11:47 AM Hugo van der Kooij spake the following: > On Wed, 3 Oct 2007, Vernon Webb wrote: > >> OK, I have some more info. When I installed MailScanner it told me the >> following: >> >> You appear to have 2 versions of Perl installed, >> the normal one in /usr/bin and one in /usr/local. >> This often happens if you have used CPAN to install modules. >> I strongly advise you remove all traces of perl from >> within /usr/local and then run this script again. >> >> If you do not want to do that, and really want to continue, >> then you will need to run this script as >> ./install.sh ignore-perl >> >> I had no idea what to do so I told it to ignore this. Any idea how I >> locate this other Perl and remove it? > > Pardon me. But the answer is in the quote. Clear out your perl stuff > from the /usr/local tree. If that is too hard to do then perhaps you > should ask an administrator to do this for you. But in that case I also > suggest you do not install software on the system but let an admin do > this for you. > > Unfortunately there is not a more nice way to say this but I recommend > you do not exercise root privileges until you have learned to master > them. > > Hugo. > OUCH! :-( -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From alex at nkpanama.com Wed Oct 3 20:32:22 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Oct 3 20:32:40 2007 Subject: OT: How You doing Jules? In-Reply-To: <4703D66B.2000305@ecs.soton.ac.uk> References: <4703D66B.2000305@ecs.soton.ac.uk> Message-ID: <4703EE46.40409@nkpanama.com> Be careful... you're just a bed and a portable closet away from living in the office! :-) Julian Field wrote: > I'm doing okay at the moment. I am back in the office full time, but I > take at least an extra hour out of each day just to rest and > recuperate. Fortunately I have a TV receiver, 2 reclining chairs, a > sofa and a fridge in my office, so that's quite comfortable :-) > > I have my next planned hospital appointment on 11th December, when I > will meet the liver transplant coordinators. Mail me or the list again > then and I'll let you know what happened. > > Jules. > > Craig Retief wrote: >> >> Hi Julian, >> >> >> >> This is a bit off topic but I just wanted to find out how you have >> been doing lately? >> >> >> >> Has your health been improving? >> >> Kind Regards, >> >> Craig >> > > Jules > From ssilva at sgvwater.com Wed Oct 3 20:38:40 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 3 20:39:27 2007 Subject: MailScanner ANNOUNCE: 4.64.3 released In-Reply-To: <47022BCE.6070704@ecs.soton.ac.uk> References: <4700B596.204@ecs.soton.ac.uk> <625385e30710010422u50c47120sac85da417099de4d@mail.gmail.com> <625385e30710020007q6ecc8e91t1776657672dbc8cf@mail.gmail.com> <4701F8F2.8090001@ecs.soton.ac.uk> <47022BCE.6070704@ecs.soton.ac.uk> Message-ID: on 10/2/2007 4:30 AM Julian Field spake the following: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Hugo van der Kooij wrote: >> On Tue, 2 Oct 2007, Julian Field wrote: >> >>> Many thanks for all your work on Blastwave. We are already using it here >>> on some of our web servers, and it has proved to be very useful and >>> timesaving. Thank you! >> Jules, >> >> May I take from your praise that you are not against MailScanner being >> added to a repository? >> >> I think Dag Wiers will be glad to add MailScanner to rpmforge so you >> have no worries about setting up a YUM repositor. It will allow >> everyone to do what they do best. > I initially always said no to requests like this, as I liked to keep a > close eye on download stats (hence my 1 million downloads figure). > However, MailScanner is getting into more and more distros now, so the > website download stats no longer represent the number of sites using > MailScanner in any meaningful way. > > So there's not much point in saying no any more, I've lost control > anyway. So I would be most pleased if Dag would like to add it to his > repository. If there's anything reasonable that he needs me to do in > return, I'll do what I can. > > Jules > You might need to sign your rpm to show validity, or Dag could sign it with his key. I just tried a yum localinstall with the mailscanner rpm and rpmforge enabled "just to see" and yum complains that the rpm is unsigned. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Wed Oct 3 20:52:02 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 3 20:52:39 2007 Subject: OT: How You doing Jules? In-Reply-To: <4703EE46.40409@nkpanama.com> References: <4703D66B.2000305@ecs.soton.ac.uk> <4703EE46.40409@nkpanama.com> Message-ID: <4703F2E2.5010801@ecs.soton.ac.uk> I figure that I spend about 8.5 waking hours in my office each of 5 days per week. At home, I spend (ignoring time spent getting up in the morning) 4 waking hours for each of 5 days per week, and 12 waking hours for each of 2 days per week. So office time = 8.5*5 = 42.5 hours per week And home time = 4*5 + 12*2 = 44 hours per week. So why shouldn't my office be about as comfortable as my house? Alex Neuman van der Hans wrote: > Be careful... you're just a bed and a portable closet away from living > in the office! :-) > > Julian Field wrote: >> I'm doing okay at the moment. I am back in the office full time, but >> I take at least an extra hour out of each day just to rest and >> recuperate. Fortunately I have a TV receiver, 2 reclining chairs, a >> sofa and a fridge in my office, so that's quite comfortable :-) >> >> I have my next planned hospital appointment on 11th December, when I >> will meet the liver transplant coordinators. Mail me or the list >> again then and I'll let you know what happened. >> >> Jules. >> >> Craig Retief wrote: >>> >>> Hi Julian, >>> >>> >>> >>> This is a bit off topic but I just wanted to find out how you have >>> been doing lately? >>> >>> >>> >>> Has your health been improving? >>> >>> Kind Regards, >>> >>> Craig >>> >> >> Jules >> > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Wed Oct 3 20:54:15 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 3 20:54:55 2007 Subject: MailScanner ANNOUNCE: 4.64.3 released In-Reply-To: References: <4700B596.204@ecs.soton.ac.uk> <625385e30710010422u50c47120sac85da417099de4d@mail.gmail.com> <625385e30710020007q6ecc8e91t1776657672dbc8cf@mail.gmail.com> <4701F8F2.8090001@ecs.soton.ac.uk> <47022BCE.6070704@ecs.soton.ac.uk> Message-ID: on 10/3/2007 12:38 PM Scott Silva spake the following: > on 10/2/2007 4:30 AM Julian Field spake the following: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Hugo van der Kooij wrote: >>> On Tue, 2 Oct 2007, Julian Field wrote: >>> >>>> Many thanks for all your work on Blastwave. We are already using it >>>> here >>>> on some of our web servers, and it has proved to be very useful and >>>> timesaving. Thank you! >>> Jules, >>> >>> May I take from your praise that you are not against MailScanner >>> being added to a repository? >>> >>> I think Dag Wiers will be glad to add MailScanner to rpmforge so you >>> have no worries about setting up a YUM repositor. It will allow >>> everyone to do what they do best. >> I initially always said no to requests like this, as I liked to keep a >> close eye on download stats (hence my 1 million downloads figure). >> However, MailScanner is getting into more and more distros now, so the >> website download stats no longer represent the number of sites using >> MailScanner in any meaningful way. >> >> So there's not much point in saying no any more, I've lost control >> anyway. So I would be most pleased if Dag would like to add it to his >> repository. If there's anything reasonable that he needs me to do in >> return, I'll do what I can. >> >> Jules >> > You might need to sign your rpm to show validity, or Dag could sign it > with his key. > I just tried a yum localinstall with the mailscanner rpm and rpmforge > enabled "just to see" and yum complains that the rpm is unsigned. > > And also make sure all the requires are in the spec. I wanted to install on this server with no build environment, but I have a deadline and gave in and ran install.sh... -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Wed Oct 3 21:10:24 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 3 21:10:46 2007 Subject: MailScanner ANNOUNCE: 4.64.3 released In-Reply-To: References: <4700B596.204@ecs.soton.ac.uk> <625385e30710010422u50c47120sac85da417099de4d@mail.gmail.com> <625385e30710020007q6ecc8e91t1776657672dbc8cf@mail.gmail.com> <4701F8F2.8090001@ecs.soton.ac.uk> <47022BCE.6070704@ecs.soton.ac.uk> Message-ID: <4703F730.3090902@ecs.soton.ac.uk> Scott Silva wrote: > on 10/3/2007 12:38 PM Scott Silva spake the following: >> on 10/2/2007 4:30 AM Julian Field spake the following: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> >>> >>> Hugo van der Kooij wrote: >>>> On Tue, 2 Oct 2007, Julian Field wrote: >>>> >>>>> Many thanks for all your work on Blastwave. We are already using >>>>> it here >>>>> on some of our web servers, and it has proved to be very useful and >>>>> timesaving. Thank you! >>>> Jules, >>>> >>>> May I take from your praise that you are not against MailScanner >>>> being added to a repository? >>>> >>>> I think Dag Wiers will be glad to add MailScanner to rpmforge so >>>> you have no worries about setting up a YUM repositor. It will allow >>>> everyone to do what they do best. >>> I initially always said no to requests like this, as I liked to keep >>> a close eye on download stats (hence my 1 million downloads figure). >>> However, MailScanner is getting into more and more distros now, so >>> the website download stats no longer represent the number of sites >>> using MailScanner in any meaningful way. >>> >>> So there's not much point in saying no any more, I've lost control >>> anyway. So I would be most pleased if Dag would like to add it to >>> his repository. If there's anything reasonable that he needs me to >>> do in return, I'll do what I can. >>> >>> Jules >>> >> You might need to sign your rpm to show validity, or Dag could sign >> it with his key. >> I just tried a yum localinstall with the mailscanner rpm and rpmforge >> enabled "just to see" and yum complains that the rpm is unsigned. >> >> > And also make sure all the requires are in the spec. I wanted to > install on this server with no build environment, but I have a > deadline and gave in and ran install.sh... That's where life gets awkward. MailScanner often has to put up with older versions of some Perl modules as some of the RPM installs will fail on many systems due to clashes with the perl RPM itself. So you can't match version numbers reliably at all. You can add the existence of the Perl modules okay, but no more than that. I'm sure Dag will have plenty to say on building the RPM so he may well want to build the RPM himself, so he would end up signing it. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From davejones70 at gmail.com Wed Oct 3 21:26:55 2007 From: davejones70 at gmail.com (Dave Jones) Date: Wed Oct 3 21:26:58 2007 Subject: Error using F-Secure 5.52 Message-ID: <67a55ed50710031326x1bae6831k749239cfe0e1982c@mail.gmail.com> >> Would it be possible to get MailScanner to utilize the F-Secure daemon? >Agreed. But that will require documentation and more time. Can I leave you with the job of getting for fsavd documentation please? After further research, it turns out that the "fsav" command line scanner will automatically utilize the fsavd daemon if it is already running. If it is not already running fsav will launch fsavd for that scanning session and then fsavd will shutdown until the next launch by MS. I will make sure that fsavd is running before starting MailScanner and we should be good to go. -- Dave Jones -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071003/da806691/attachment.html From MailScanner at ecs.soton.ac.uk Wed Oct 3 22:03:14 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 3 22:03:38 2007 Subject: Removing attachments but delivering the message In-Reply-To: References: <4703555B.8080901@ecs.soton.ac.uk> <4703D54E.80902@ecs.soton.ac.uk> Message-ID: <47040392.4000709@ecs.soton.ac.uk> If you want to learn about Custom Functions, then take a look in /usr/lib/MailScanner/MailScanner/CustomFunctions and read the code samples in there. As for credit cards, I didn't realise that non-international credit cards existed, sorry. Fabio Viero wrote: > Sure that helps...i?ll be sending my MailScanner.conf ASAP > > In the meantime could you please direct me to some sort of tutorial > about writing Custom Functions? And by the way, i would by your book > but i don?t have an international credit card. I tried to look for it > at some of the best bookstores here in Brazil but couldn?t find your > book in any of these :( > > Thanks in advance Julian > > On 10/3/07, *Julian Field* > wrote: > > For the attachments, I'm not sure why you aren't still receiving the > "got the message but the attachment was too large" message, I > would have > to take a look at your system setup to see that one. As to making > it set > the attachment size limit depending on the subject, that could be done > with a very short Custom Function that looked at > "$message->{subject}" > to decide what value to return to the attachment limit configuration > setting. > > Hope that helps a bit, > Jules. > > Fabio Viero wrote: > > Hi Julian > > > > Thanks for your reply. I?ll try to be more specific and i also did > > some testing on what i think is the correct approach for my problem. > > Unfortunatelly i ran into some dificulties here. > > > > We have a system that sends a huge number of messages to a huge > number > > of distinct recipients on the internet and we receive a lot of > bounces > > (mailbox overquota, recipient does not exist and the like). We would > > like to drop these messages altogether. In some cases these > warnings > > are attachments and we also would like to drop these > attachments. See > > that i have a distinct list for messages i want to delete and for > > messages i want to drop the attachment. Differences between one and > > the other are done by the Subject field. In common they have the To: > > field > > > > What i did already: > > 1. Setup some MCP rules for the Subject. But i soon realized i > > couldn?t do that because while i can tell MS to drop MCP?s i > want to > > do that based on a specific To address. Should i do that by using a > > second body statement in the rule? > > > > 2. For the attachments, i followed your direction and created a > > ruleset that looks like the following: > > To: user@domain.com.br > > 1 > > FromOrTo: default -1 > > > > No problem arose here, but i checked Mailwatch and the status of > the > > message told that the attachment was too large, that?s correct but i > > didn?t receive any message on the user mailbox. It seemed like the > > message was not delivered (although Mailwatch report told it was, i > > mean no spam, bad content or anything) and i have both the > message and > > the attach stored in the quarantine. Maybe here i?ll have a hard > > issue. How can i tell MS to remove an attachment based on its > message > > Subject field? Is it possible at all? > > > > Thanks a lot Julian > > > > > > On 10/3/07, *Julian Field* > > >> wrote: > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Set the maximum attachment size to 1 byte and it will strip all > > attachments. > > > > Fabio Viero wrote: > > > Hi List > > > > > > Is there a way i can remove the attachment(s) from certain > specific > > > messages but still the delivering the message itself? > > > > > > Thanks is advance > > > > > > > Jules > > > > - -- > > Julian Field MEng CITP > > www.MailScanner.info > > > Buy the MailScanner book at www.MailScanner.info/store > > > < http://www.MailScanner.info/store> > > > > Need help customising MailScanner? > > Contact me! > > Need help fixing or optimising your systems? > > Contact me! > > Need help getting you started solving new requirements from > your boss? > > Contact me! > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP Desktop 9.6.3 (Build 3017) > > Comment: (pgp-secured) > > Charset: ISO-8859-1 > > > > wj8DBQFHA1VcEfZZRxQVtlQRAosVAJ9LxgUEDE6uT8HxQ9Niqxx8xnfNlQCfRlRC > > SAbwrvsoCxDGTiPuay89RRY= > > =Vr9N > > -----END PGP SIGNATURE----- > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > For all your IT requirements visit www.transtec.co.uk > > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > > Support MailScanner development - buy the book off the website! > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From fviero at gmail.com Wed Oct 3 23:30:01 2007 From: fviero at gmail.com (Fabio Viero) Date: Wed Oct 3 23:30:05 2007 Subject: Removing attachments but delivering the message In-Reply-To: <47040392.4000709@ecs.soton.ac.uk> References: <4703555B.8080901@ecs.soton.ac.uk> <4703D54E.80902@ecs.soton.ac.uk> <47040392.4000709@ecs.soton.ac.uk> Message-ID: Great Julian, thanks for the help. And as for credit cards, yes, non-international ones exists. The bad thing about them is that they?re valid only inside your country ;) On 10/3/07, Julian Field wrote: > > If you want to learn about Custom Functions, then take a look in > /usr/lib/MailScanner/MailScanner/CustomFunctions and read the code > samples in there. > > As for credit cards, I didn't realise that non-international credit > cards existed, sorry. > > Fabio Viero wrote: > > Sure that helps...i?ll be sending my MailScanner.conf ASAP > > > > In the meantime could you please direct me to some sort of tutorial > > about writing Custom Functions? And by the way, i would by your book > > but i don?t have an international credit card. I tried to look for it > > at some of the best bookstores here in Brazil but couldn?t find your > > book in any of these :( > > > > Thanks in advance Julian > > > > On 10/3/07, *Julian Field* > > wrote: > > > > For the attachments, I'm not sure why you aren't still receiving the > > "got the message but the attachment was too large" message, I > > would have > > to take a look at your system setup to see that one. As to making > > it set > > the attachment size limit depending on the subject, that could be > done > > with a very short Custom Function that looked at > > "$message->{subject}" > > to decide what value to return to the attachment limit configuration > > setting. > > > > Hope that helps a bit, > > Jules. > > > > Fabio Viero wrote: > > > Hi Julian > > > > > > Thanks for your reply. I?ll try to be more specific and i also did > > > some testing on what i think is the correct approach for my > problem. > > > Unfortunatelly i ran into some dificulties here. > > > > > > We have a system that sends a huge number of messages to a huge > > number > > > of distinct recipients on the internet and we receive a lot of > > bounces > > > (mailbox overquota, recipient does not exist and the like). We > would > > > like to drop these messages altogether. In some cases these > > warnings > > > are attachments and we also would like to drop these > > attachments. See > > > that i have a distinct list for messages i want to delete and for > > > messages i want to drop the attachment. Differences between one > and > > > the other are done by the Subject field. In common they have the > To: > > > field > > > > > > What i did already: > > > 1. Setup some MCP rules for the Subject. But i soon realized i > > > couldn?t do that because while i can tell MS to drop MCP?s i > > want to > > > do that based on a specific To address. Should i do that by using > a > > > second body statement in the rule? > > > > > > 2. For the attachments, i followed your direction and created a > > > ruleset that looks like the following: > > > To: user@domain.com.br > > > 1 > > > FromOrTo: default -1 > > > > > > No problem arose here, but i checked Mailwatch and the status of > > the > > > message told that the attachment was too large, that?s correct but > i > > > didn?t receive any message on the user mailbox. It seemed like the > > > message was not delivered (although Mailwatch report told it was, > i > > > mean no spam, bad content or anything) and i have both the > > message and > > > the attach stored in the quarantine. Maybe here i?ll have a hard > > > issue. How can i tell MS to remove an attachment based on its > > message > > > Subject field? Is it possible at all? > > > > > > Thanks a lot Julian > > > > > > > > > On 10/3/07, *Julian Field* > > > > > >> wrote: > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > Set the maximum attachment size to 1 byte and it will strip > all > > > attachments. > > > > > > Fabio Viero wrote: > > > > Hi List > > > > > > > > Is there a way i can remove the attachment(s) from certain > > specific > > > > messages but still the delivering the message itself? > > > > > > > > Thanks is advance > > > > > > > > > > Jules > > > > > > - -- > > > Julian Field MEng CITP > > > www.MailScanner.info > > > > > Buy the MailScanner book at www.MailScanner.info/store > > > > > < http://www.MailScanner.info/store> > > > > > > Need help customising MailScanner? > > > Contact me! > > > Need help fixing or optimising your systems? > > > Contact me! > > > Need help getting you started solving new requirements from > > your boss? > > > Contact me! > > > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 > B654 > > > > > > > > > -----BEGIN PGP SIGNATURE----- > > > Version: PGP Desktop 9.6.3 (Build 3017) > > > Comment: (pgp-secured) > > > Charset: ISO-8859-1 > > > > > > > wj8DBQFHA1VcEfZZRxQVtlQRAosVAJ9LxgUEDE6uT8HxQ9Niqxx8xnfNlQCfRlRC > > > SAbwrvsoCxDGTiPuay89RRY= > > > =Vr9N > > > -----END PGP SIGNATURE----- > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content by MailScanner, and is > > > believed to be clean. > > > For all your IT requirements visit www.transtec.co.uk > > > > > > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > > > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the > website! > > > > > > > > > > Jules > > > > -- > > Julian Field MEng CITP > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > > > MailScanner customisation, or any advanced system administration > help? > > Contact me at Jules@Jules.FM > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > For all your IT requirements visit www.transtec.co.uk > > > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > For all your IT requirements visit www.transtec.co.uk > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071003/3c110322/attachment-0001.html From vernon at comp-wiz.com Thu Oct 4 01:44:59 2007 From: vernon at comp-wiz.com (Vernon Webb) Date: Thu Oct 4 01:45:25 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 Message-ID: <20071004003834.M18847@comp-wiz.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071003/2390b367/attachment.html From raymond at prolocation.net Thu Oct 4 01:52:06 2007 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Thu Oct 4 01:52:02 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: <20071004003834.M18847@comp-wiz.com> References: <20071004003834.M18847@comp-wiz.com> Message-ID: Hi! > As I mentioned previously. I just upgraded 2 Fedora Core servers one 6 > and the other 7 (I know some of you don't like it, but it my server of > choice) and now MailScanner is broke, even after reinstalling it. I did > a lint test and from what I can tell all seems well. However now I am > getting hit with so much spam it i unbelievable and nothing at all > seems to be labeled as SPAM. I'm not really sure what to do. Amy ideas? We run a large number of MailScanner on FC6 and F7, no issues at all. What errors are you getting when doing lint? Bye, Raymond. From lists at sequestered.net Thu Oct 4 01:54:46 2007 From: lists at sequestered.net (Jay Chandler) Date: Thu Oct 4 01:55:13 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: <20071004003834.M18847@comp-wiz.com> References: <20071004003834.M18847@comp-wiz.com> Message-ID: <470439D6.8000002@sequestered.net> Vernon Webb wrote: > As I mentioned previously. I just upgraded 2 Fedora Core servers one 6 > and the other 7 (I know some of you don't like it, but it my server of > choice) and now MailScanner is broke, even after reinstalling it. I did > a lint test and from what I can tell all seems well. However now I am > getting hit with so much spam it is unbelievable and nothing at all > seems to be labeled as SPAM. I'm not really sure what to do. Amy ideas? > > Thanks > Is anything interesting appearing in the logs? -- Jay Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: asynchronous inode failure From vernon at comp-wiz.com Thu Oct 4 02:10:04 2007 From: vernon at comp-wiz.com (Vernon Webb) Date: Thu Oct 4 02:10:26 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: <470439D6.8000002@sequestered.net> References: <20071004003834.M18847@comp-wiz.com> <470439D6.8000002@sequestered.net> Message-ID: <20071004010922.M70299@comp-wiz.com> This is strange: Oct? 3 21:06:05 ns MailScanner[26250]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Oct? 3 21:06:09 ns sendmail[26189]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon Daemon0: cannot bind: Address already in use Oct? 3 21:06:09 ns sendmail[26189]: daemon Daemon0: problem creating SMTP socket Oct? 3 21:06:14 ns sendmail[26189]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon Daemon0: cannot bind: Address already in use Oct? 3 21:06:14 ns sendmail[26189]: daemon Daemon0: problem creating SMTP socket Oct? 3 21:06:19 ns sendmail[26189]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon Daemon0: cannot bind: Address already in use Oct? 3 21:06:19 ns sendmail[26189]: daemon Daemon0: problem creating SMTP socket Oct? 3 21:06:22 ns sendmail[26198]: STARTTLS=client, relay=inbound.electric.net., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256 Oct? 3 21:06:24 ns sendmail[26189]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon Daemon0: cannot bind: Address already in use Oct? 3 21:06:24 ns sendmail[26189]: daemon Daemon0: problem creating SMTP socket Oct? 3 21:06:29 ns sendmail[26189]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon Daemon0: cannot bind: Address already in use Oct? 3 21:06:29 ns sendmail[26189]: daemon Daemon0: problem creating SMTP socket Oct? 3 21:06:29 ns sendmail[26189]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon Daemon0: server SMTP socket wedged: exiting From philip at zeiglers.net Thu Oct 4 02:19:37 2007 From: philip at zeiglers.net (=?utf-8?B?UGhpbGlwIFplaWdsZXI=?=) Date: Thu Oct 4 02:19:58 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: <20071004010922.M70299@comp-wiz.com> References: <20071004003834.M18847@comp-wiz.com><470439D6.8000002@sequestered.net><20071004010922.M70299@comp-wiz.com> Message-ID: <2071723395-1191460784-cardhu_decombobulator_blackberry.rim.net-110161933-@bxe122.bisx.prod.on.blackberry> Did you remember to do: service sendmail stop chkconfig sendmail off before starting MailScanner? Sounds like sendmail process still running. Philip Sent via BlackBerry from T-Mobile -----Original Message----- From: "Vernon Webb" Date: Wed, 3 Oct 2007 21:10:04 To:MailScanner discussion Subject: Re: MailScanner Broke on both Fedora Core 6 & 7 This is strange: Oct? 3 21:06:05 ns MailScanner[26250]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Oct? 3 21:06:09 ns sendmail[26189]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon Daemon0: cannot bind: Address already in use Oct? 3 21:06:09 ns sendmail[26189]: daemon Daemon0: problem creating SMTP socket Oct? 3 21:06:14 ns sendmail[26189]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon Daemon0: cannot bind: Address already in use Oct? 3 21:06:14 ns sendmail[26189]: daemon Daemon0: problem creating SMTP socket Oct? 3 21:06:19 ns sendmail[26189]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon Daemon0: cannot bind: Address already in use Oct? 3 21:06:19 ns sendmail[26189]: daemon Daemon0: problem creating SMTP socket Oct? 3 21:06:22 ns sendmail[26198]: STARTTLS=client, relay=inbound.electric.net., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256 Oct? 3 21:06:24 ns sendmail[26189]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon Daemon0: cannot bind: Address already in use Oct? 3 21:06:24 ns sendmail[26189]: daemon Daemon0: problem creating SMTP socket Oct? 3 21:06:29 ns sendmail[26189]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon Daemon0: cannot bind: Address already in use Oct? 3 21:06:29 ns sendmail[26189]: daemon Daemon0: problem creating SMTP socket Oct? 3 21:06:29 ns sendmail[26189]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon Daemon0: server SMTP socket wedged: exiting -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From vernon at comp-wiz.com Thu Oct 4 03:40:07 2007 From: vernon at comp-wiz.com (Vernon Webb) Date: Thu Oct 4 03:40:32 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: <2071723395-1191460784-cardhu_decombobulator_blackberry.rim.net-110161933-@bxe122.bisx.prod.on.blackberry> References: <20071004003834.M18847@comp-wiz.com><470439D6.8000002@sequestered.net><20071004010922.M70299@comp-wiz.com> <2071723395-1191460784-cardhu_decombobulator_blackberry.rim.net-110161933-@bxe122.bisx.prod.on.blackberry> Message-ID: <20071004023934.M20713@comp-wiz.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071003/4ec30eec/attachment.html From mike at vesol.com Thu Oct 4 04:32:48 2007 From: mike at vesol.com (Mike Kercher) Date: Thu Oct 4 04:32:52 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: <20071004023934.M20713@comp-wiz.com> References: <20071004003834.M18847@comp-wiz.com><470439D6.8000002@sequestered.net><20071004010922.M70299@comp-wiz.com><2071723395-1191460784-cardhu_decombobulator_blackberry.rim.net-110161933-@bxe122.bisx.prod.on.blackberry> <20071004023934.M20713@comp-wiz.com> Message-ID: <6115482898C59848B35DB9D491C9A28E04BCDE@srv1.home.middlefinger.net> Worst case, stop MailScanner and look to see if any sendmail processes are still running. If so, you may need to kill them and then start MailScanner again. ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Vernon Webb Sent: Wednesday, October 03, 2007 9:40 PM To: MailScanner discussion Subject: Re: MailScanner Broke on both Fedora Core 6 & 7 > Did you remember to do: > > service sendmail stop > chkconfig sendmail off > > before starting MailScanner? Sounds like sendmail process still running. I did and I did again, still no luck. From slacker.ar at gmail.com Thu Oct 4 04:40:51 2007 From: slacker.ar at gmail.com (Dario Hernan) Date: Thu Oct 4 04:40:54 2007 Subject: Error in mailscanner with ID's duplicated In-Reply-To: <4703D43F.5060709@ecs.soton.ac.uk> References: <9bc19ef30709271339s979e7d9k30a6466406efa4c1@mail.gmail.com> <7d9b3cf20709271917q284d69e8w69b82c1f12f876c5@mail.gmail.com> <9bc19ef30709280946p48ab5116vad1b217e78765a78@mail.gmail.com> <9bc19ef30710030608m7c853908ib035ee55859c3bb7@mail.gmail.com> <4703D43F.5060709@ecs.soton.ac.uk> Message-ID: <9bc19ef30710032040s5a5c14f7x544b7cf95f6f083a@mail.gmail.com> I'm using mailscanner with sendmail 8.13.8, and the lock type is posix, I have more than 10 servers with mailscanner. I use centos 5 and slackware 10.2/11 and in both operative sistems appears this problem three or four times per day, receiving between 10000 and 20000 emails per day. any advice? Dario On 10/3/07, Julian Field wrote: > > > Scott Silva wrote: > > on 10/3/2007 6:08 AM Dario Hernan spake the following: > >> Hi, I see a full progression of the mail at the log. > >> I hope that two mailscanner's child take the same mail to process, and > >> when the first one end his job, move the mail to another folder and > >> the second one doesn't found it. > >> Is that possible?? there is a solution for that? > >> > > I don't think MailScanner should be doing that unless your locktype is > > somehow wrong. I suppose it is possible with high mail volume and many > > children to have two processes hit the same message a few times a day, > > but Julian would be a better judge of that possibility. > > > No, that most definitely shouldn't happen. The file locking should take > care of that. Only 1 child can have a message at once, and only then > when the MTA has finished writing it. Something is wrong in your file > locking. > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From dfilchak at sympatico.ca Thu Oct 4 04:47:39 2007 From: dfilchak at sympatico.ca (Dave Filchak) Date: Thu Oct 4 04:48:03 2007 Subject: Issue with MailScanner and listserve mail Message-ID: <4704625B.6010107@sympatico.ca> I am having a big issue with MailScanner and I need to resolve this in the next hour as I have to send out an email blast. I am sending out an html email through mailman to a list of opt-in recipients. The list server is on my secondary mail server. When I send to the list serve, the email goes out but is always getting tagged with {spam?]. In fact it is getting tagged twice, once from the secondary and once from my primary mail servers. When I send the same email directly to myself, it does not get tagged at all. I have both of my servers in my spam.whitelist.rules file as well as the NAT address from which I am sending the original email as well as all of the list serve addresses for this particular list. The funny thing is that the MailScanner on my secondary give the email a spam score of 8.226 while the MailScanner on my primary gives it a 5. The whitelist rules are in the form of: From: zuka-test-list-bounces@zuka.net yes From: 199.243.151.21 yes and so on. Can anyone offer some help to me. As I said, I need to get this out tonight and would really rather that the email did not get tagged with the {spam} tags. Thanks Dave From jon at radel.com Thu Oct 4 05:27:35 2007 From: jon at radel.com (Jon Radel) Date: Thu Oct 4 05:27:57 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: <6115482898C59848B35DB9D491C9A28E04BCDE@srv1.home.middlefinger.net> References: <20071004003834.M18847@comp-wiz.com><470439D6.8000002@sequestered.net><20071004010922.M70299@comp-wiz.com><2071723395-1191460784-cardhu_decombobulator_blackberry.rim.net-110161933-@bxe122.bisx.prod.on.blackberry> <20071004023934.M20713@comp-wiz.com> <6115482898C59848B35DB9D491C9A28E04BCDE@srv1.home.middlefinger.net> Message-ID: <47046BB7.40204@radel.com> And consider using lsof -i -P to see if anything is bound to ports of "interest." --Jon Radel Mike Kercher wrote: > Worst case, stop MailScanner and look to see if any sendmail processes > are still running. If so, you may need to kill them and then start > MailScanner again. > > > ________________________________ > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Vernon > Webb > Sent: Wednesday, October 03, 2007 9:40 PM > To: MailScanner discussion > Subject: Re: MailScanner Broke on both Fedora Core 6 & 7 > > > > > Did you remember to do: > > > > service sendmail stop > > chkconfig sendmail off > > > > before starting MailScanner? Sounds like sendmail process > still running. > > I did and I did again, still no luck. > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2890 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071004/6ea66566/smime.bin From r.berber at computer.org Thu Oct 4 05:56:18 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Thu Oct 4 05:56:50 2007 Subject: Issue with MailScanner and listserve mail In-Reply-To: <4704625B.6010107@sympatico.ca> References: <4704625B.6010107@sympatico.ca> Message-ID: Dave Filchak wrote: > I am having a big issue with MailScanner and I need to resolve this in > the next hour as I have to send out an email blast. > > I am sending out an html email through mailman to a list of opt-in > recipients. The list server is on my secondary mail server. When I send > to the list serve, the email goes out but is always getting tagged with > {spam?]. In fact it is getting tagged twice, once from the secondary and > once from my primary mail servers. When I send the same email directly > to myself, it does not get tagged at all. > > I have both of my servers in my spam.whitelist.rules file as well as the > NAT address from which I am sending the original email as well as all of > the list serve addresses for this particular list. The funny thing is > that the MailScanner on my secondary give the email a spam score of > 8.226 while the MailScanner on my primary gives it a 5. The whitelist > rules are in the form of: > > From: zuka-test-list-bounces@zuka.net yes > From: 199.243.151.21 yes > > and so on. > > Can anyone offer some help to me. As I said, I need to get this out > tonight and would really rather that the email did not get tagged with > the {spam} tags. In MailScanner.conf : Virus Scanning = %rules-dir%/not.localnetwork.rules Spam Checks = %rules-dir%/not.localnetwork.rules In rules/not.localnetwork.rules : From: 199.243.151.21 no # maybe others with the internal network address # From: 192.168.0. no FromOrTo: default yes That should do it. -- Ren? Berber From craig at csfs.co.za Thu Oct 4 08:09:22 2007 From: craig at csfs.co.za (Craig Retief) Date: Thu Oct 4 08:14:39 2007 Subject: OT: How You doing Jules? In-Reply-To: <4703F2E2.5010801@ecs.soton.ac.uk> References: <4703D66B.2000305@ecs.soton.ac.uk> <4703EE46.40409@nkpanama.com> <4703F2E2.5010801@ecs.soton.ac.uk> Message-ID: I am glad 2 hear that you are doing OK atm. :-) Well I know the feeling of living from the office, but hey, if we don't do it, who will? :-D Craig > I figure that I spend about 8.5 waking hours in my office each of 5 days > per week. > At home, I spend (ignoring time spent getting up in the morning) 4 > waking hours for each of 5 days per week, and 12 waking hours for each > of 2 days per week. > So office time = 8.5*5 = 42.5 hours per week > And home time = 4*5 + 12*2 = 44 hours per week. > So why shouldn't my office be about as comfortable as my house? Alex Neuman van der Hans wrote: > Be careful... you're just a bed and a portable closet away from living > in the office! :-) > > Julian Field wrote: >> I'm doing okay at the moment. I am back in the office full time, but >> I take at least an extra hour out of each day just to rest and >> recuperate. Fortunately I have a TV receiver, 2 reclining chairs, a >> sofa and a fridge in my office, so that's quite comfortable :-) >> >> I have my next planned hospital appointment on 11th December, when I >> will meet the liver transplant coordinators. Mail me or the list >> again then and I'll let you know what happened. >> >> Jules. >> >> Craig Retief wrote: >>> >>> Hi Julian, >>> >>> >>> >>> This is a bit off topic but I just wanted to find out how you have >>> been doing lately? >>> >>> >>> >>> Has your health been improving? >>> >>> Kind Regards, >>> >>> Craig >>> >> >> Jules >> > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From hvdkooij at vanderkooij.org Thu Oct 4 09:57:00 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Oct 4 09:57:11 2007 Subject: Removing attachments but delivering the message In-Reply-To: References: <4703555B.8080901@ecs.soton.ac.uk> <4703D54E.80902@ecs.soton.ac.uk> <47040392.4000709@ecs.soton.ac.uk> Message-ID: On Wed, 3 Oct 2007, Fabio Viero wrote: > Great Julian, thanks for the help. > > And as for credit cards, yes, non-international ones exists. The bad thing > about them is that they?re valid only inside your country ;) We just call them bankcards here. And they are only valid inside the Netherlands. Just about anyone here has one. I would guess creditcards (Mastercard, VISA, ...) have only a 1 out of 3 coverage here. But if yo have bank account you should be able to transfer money based on the IBAN codes. But I think that will not help you in the case of the book. But perhaps a local bookshop can buy it on your behalf and charge you the costs? Or someone else with a creditcard is willing to provide the service to you. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From hvdkooij at vanderkooij.org Thu Oct 4 10:05:01 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Oct 4 10:05:14 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: <20071004003834.M18847@comp-wiz.com> References: <20071004003834.M18847@comp-wiz.com> Message-ID: On Wed, 3 Oct 2007, Vernon Webb wrote: > As I mentioned previously. I just upgraded 2 Fedora Core servers one 6 and the other 7 (I know some of you don't like it, but it my server of choice) and now > MailScanner is broke, even after reinstalling it. I did a lint test and from what I can tell all seems well. However now I am getting hit with so much spam it is > unbelievable and nothing at all seems to be labeled as SPAM. I'm not really sure what to do. Amy ideas? Get back to the basics. What did you upgrade? Did you apply some updates to a FC6 machine? Of did you upgrade from say FC4 to FC6? In the first case you should not have an issue. Even if FC6 will be out of updates soon. Anyone running production on Fedora is in for upgrades head aches well before the end of the normal lifespan of that hardware. Been there, done that, and still got the scars. That is why I run machines with CentOS 4 or CentOS 5. Updates are there for years to come and if you know Fedora then you know Centos. They are pretty much 2 twigs of the same branch. To be honest. Running production level machines on Fedora is not worth the problems you get down the road. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From ajcartmell at fonant.com Thu Oct 4 10:37:41 2007 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Thu Oct 4 10:37:27 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: References: <20071004003834.M18847@comp-wiz.com> Message-ID: > To be honest. Running production level machines on Fedora is not worth > the problems you get down the road. Not disagreeing with your experience, but just to balance the discussion: I moved to Fedora from RedHat Linux, and have never had anyhing other than minor problems when upgrading. Have managed to painlessly upgrade from one FC version to the next using yum, remotely, several times. You do, of course, need a second server to run your sites and e-mail while the other one is being upgraded, but that's a wise thing to have anyway to protect against hardware failure. It's really down to wether you prefer to work with slighly-more-stable but older technology, or whether you prefer to use more up-to-date versions of things with perhaps some minor teething problems. Different environments have different requirements. FWIW I'm happily running MailScanner on both FC6 and FC7 on my machines, and keeping up-to-date with Jules' (excellent) new releases is a lot more work than keeping FC up-to-date :) Cheers! Anthony -- www.fonant.com - Quality web sites From vernon at comp-wiz.com Thu Oct 4 12:17:23 2007 From: vernon at comp-wiz.com (Vernon Webb) Date: Thu Oct 4 12:17:32 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: References: <20071004003834.M18847@comp-wiz.com> Message-ID: <20071004110940.M22700@comp-wiz.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071004/a839721c/attachment.html From fviero at gmail.com Thu Oct 4 12:23:27 2007 From: fviero at gmail.com (Fabio Viero) Date: Thu Oct 4 12:23:29 2007 Subject: Removing attachments but delivering the message In-Reply-To: References: <4703555B.8080901@ecs.soton.ac.uk> <4703D54E.80902@ecs.soton.ac.uk> <47040392.4000709@ecs.soton.ac.uk> Message-ID: On 10/4/07, Hugo van der Kooij wrote: > > On Wed, 3 Oct 2007, Fabio Viero wrote: > > > Great Julian, thanks for the help. > > > > And as for credit cards, yes, non-international ones exists. The bad > thing > > about them is that they?re valid only inside your country ;) > > We just call them bankcards here. And they are only valid inside the > Netherlands. Just about anyone here has one. I would guess creditcards > (Mastercard, VISA, ...) have only a 1 out of 3 coverage here. > > But if yo have bank account you should be able to transfer money based on > the IBAN codes. But I think that will not help you in the case of the > book. But perhaps a local bookshop can buy it on your behalf and charge > you the costs? Or someone else with a creditcard is willing to provide the > service to you. > > Hugo. > > -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > This message is using 100% recycled electrons. > > Some men see computers as they are and say "Windows" > I use computers with Linux and say "Why Windows?" > (Thanks JFK, for this quote of George Bernard Shaw.) > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! Actually it?s true here too. But we have Visa?s and the like wich are valid only in Brazil. But as for the book, there?s plenty of options when it comes to buying it. I?ll probably take Ben?s approach and ask my favorite bookstore about the options available. Going back to matter that started this thread, you guys pointed me the directions. If you think of anything else i could do to achieve my goals...i?m here to listen. Thanks all of you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071004/0a534b4e/attachment.html From hvdkooij at vanderkooij.org Thu Oct 4 12:48:48 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Oct 4 12:49:00 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: <20071004110940.M22700@comp-wiz.com> References: <20071004003834.M18847@comp-wiz.com> <20071004110940.M22700@comp-wiz.com> Message-ID: On Thu, 4 Oct 2007, Vernon Webb wrote: > > To be honest. Running production level machines on Fedora is not worth the > > problems you get down the road. > > No offence and this may well be a good debate, when someone is NOT dealing with issues as I am now. Personally I find it analogous to kicking a man when he is > down. As someone else mentioned I have had minor issues to date and have been running Fedora Core and Red Hat back to version 3 and rarely have had issues. You may need the kick if you are trying to stand up leaning on a bad stick. Either fix issues on a string of incidents or choose a path with less incidents. If you need the machine you need stablility. Go with FC6 if you like but do not expect stability like one will see with enterprise oriented distro's. I have seen my share of shitty issues with FC and learned from it. So it is up to you to learn it the hard way yourself by continueing on this path or take someone's word for it while you hit your first serious bump on a road I feel will lead you to more trouble. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From vernon at comp-wiz.com Thu Oct 4 12:57:03 2007 From: vernon at comp-wiz.com (Vernon Webb) Date: Thu Oct 4 12:57:12 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: References: <20071004003834.M18847@comp-wiz.com> <20071004110940.M22700@comp-wiz.com> Message-ID: <20071004115542.M57467@comp-wiz.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071004/e46c2e6c/attachment.html From ajcartmell at fonant.com Thu Oct 4 13:14:04 2007 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Thu Oct 4 13:13:52 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: References: <20071004003834.M18847@comp-wiz.com> <20071004110940.M22700@comp-wiz.com> Message-ID: > You may need the kick if you are trying to stand up leaning on a bad > stick. Either fix issues on a string of incidents or choose a path with > less incidents. If you need the machine you need stablility. Go with FC6 > if you like but do not expect stability like one will see with > enterprise oriented distro's. FC6 is perfectly stable enough in my experience :) This discussion is merely about whether one should upgrade your OS every two years or so, or every five years or so. Whichever route you choose you are likely to have upgrade problems sooner or later. The same goes for updates, you can run yum every night, or once a week, or never. Each has its benefits and its disadvantages. There are probably a few people who don't upgrade to every new MailScanner release, preferring to stick with the stable one from several years ago ;) Cheers! Anthony -- www.fonant.com - Quality web sites From glenn.steen at gmail.com Thu Oct 4 13:14:26 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Oct 4 13:14:28 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: <20071004115542.M57467@comp-wiz.com> References: <20071004003834.M18847@comp-wiz.com> <20071004110940.M22700@comp-wiz.com> <20071004115542.M57467@comp-wiz.com> Message-ID: <223f97700710040514p342e70a3ob0d7ccc9087e6843@mail.gmail.com> On 04/10/2007, Vernon Webb wrote: > > > > > You may need the kick if you are trying to stand up leaning on a bad > > stick. Either fix issues on a string of incidents or choose a path with > > less incidents. If you need the machine you need stablility. Go with FC6 > > if you like but do not expect stability like one will see with enterprise > > oriented distro's. > > > > I have seen my share of shitty issues with FC and learned from it. So it > > is up to you to learn it the hard way yourself by continueing on this path > > or take someone's word for it while you hit your first serious bump on a > > road I feel will lead you to more trouble. > > > Again, you may be right you may not, at this stage of the game a resolution > is needed, not a kick in the head. Moving in that direction then, it might not be FC6/7 as such, but rather what you do to them:-). Going to myself, I know that I tend to set things up the same way, "regardless" of distro/version... So, in your case, something in how you set them up/admin them has somehow introduced a secondary perl installation, or "fragments" of one. >From the MailScanner perspective, fixing that is easy... Just remove the "extra" perl install/fragments and redo the installation of MS... But if that is a "good idea" is so very much depending on the reason for the second install... And I'm afraid that the answer to that is only something _you_ can find. What other things than MS do you use them for? Looking at that might provide a clue... I know that it is really hard to focus on ... important "forensics" when the mail-flow is broken... But (since you seem to have some experience) I'm sure you know this already:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Oct 4 13:16:31 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Oct 4 13:16:32 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: <223f97700710040514p342e70a3ob0d7ccc9087e6843@mail.gmail.com> References: <20071004003834.M18847@comp-wiz.com> <20071004110940.M22700@comp-wiz.com> <20071004115542.M57467@comp-wiz.com> <223f97700710040514p342e70a3ob0d7ccc9087e6843@mail.gmail.com> Message-ID: <223f97700710040516i1902ebadieae6bd9e15ba2c6b@mail.gmail.com> On 04/10/2007, Glenn Steen wrote: > On 04/10/2007, Vernon Webb wrote: > > > > > > > > > You may need the kick if you are trying to stand up leaning on a bad > > > stick. Either fix issues on a string of incidents or choose a path with > > > less incidents. If you need the machine you need stablility. Go with FC6 > > > if you like but do not expect stability like one will see with enterprise > > > oriented distro's. > > > > > > I have seen my share of shitty issues with FC and learned from it. So it > > > is up to you to learn it the hard way yourself by continueing on this path > > > or take someone's word for it while you hit your first serious bump on a > > > road I feel will lead you to more trouble. > > > > > > Again, you may be right you may not, at this stage of the game a resolution > > is needed, not a kick in the head. > > Moving in that direction then, it might not be FC6/7 as such, but > rather what you do to them:-). > Going to myself, I know that I tend to set things up the same way, > "regardless" of distro/version... So, in your case, something in how > you set them up/admin them has somehow introduced a secondary perl > installation, or "fragments" of one. > From the MailScanner perspective, fixing that is easy... Just remove > the "extra" perl install/fragments and redo the installation of MS... > But if that is a "good idea" is so very much depending on the reason > for the second install... And I'm afraid that the answer to that is > only something _you_ can find. > > What other things than MS do you use them for? Looking at that might > provide a clue... > I know that it is really hard to focus on ... important "forensics" > when the mail-flow is broken... But (since you seem to have some > experience) I'm sure you know this already:-). > > Cheers BTW (while showing my Postfix roots, by replying to myself:-) what did netstat -anp (or lsof something-or-other) show as using the port 25 socket? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From hvdkooij at vanderkooij.org Thu Oct 4 13:35:52 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Oct 4 13:36:07 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: <20071004115542.M57467@comp-wiz.com> References: <20071004003834.M18847@comp-wiz.com> <20071004110940.M22700@comp-wiz.com> <20071004115542.M57467@comp-wiz.com> Message-ID: On Thu, 4 Oct 2007, Vernon Webb wrote: > > > You may need the kick if you are trying to stand up leaning on a bad > > stick. Either fix issues on a string of incidents or choose a path with > > less incidents. If you need the machine you need stablility. Go with FC6 > > if you like but do not expect stability like one will see with enterprise > > oriented distro's. > > > > I have seen my share of shitty issues with FC and learned from it. So it > > is up to you to learn it the hard way yourself by continueing on this path > > or take someone's word for it while you hit your first serious bump on a > > road I feel will lead you to more trouble. > > Again, you may be right you may not, at this stage of the game a resolution is needed, not a kick in the head. The solution is to dump an unstable system. Or go and revoke your updates. At present yo have not provided any information to go on. Except that you run some version of MailScanner on FC6 and it is not working somehow. How much information is that to solve a problem? Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From MailScanner at ecs.soton.ac.uk Thu Oct 4 14:08:56 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Oct 4 14:09:13 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: References: <20071004003834.M18847@comp-wiz.com> <20071004110940.M22700@comp-wiz.com> Message-ID: <4704E5E8.8090007@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hugo, Come on man, relax. This guy's got himself into a tight corner and I think you have already made that perfectly clear. It doesn't help him solve the problem he's got. Let's concentrate on getting him going again, I'm sure he has learned his lesson after your detailed explanations. Thanks, Jules. Hugo van der Kooij wrote: > On Thu, 4 Oct 2007, Vernon Webb wrote: > >> > To be honest. Running production level machines on Fedora is not >> worth the >> > problems you get down the road. >> >> No offence and this may well be a good debate, when someone is NOT >> dealing with issues as I am now. Personally I find it analogous to >> kicking a man when he is >> down. As someone else mentioned I have had minor issues to date and >> have been running Fedora Core and Red Hat back to version 3 and >> rarely have had issues. > > You may need the kick if you are trying to stand up leaning on a bad > stick. Either fix issues on a string of incidents or choose a path > with less incidents. If you need the machine you need stablility. Go > with FC6 if you like but do not expect stability like one will see > with enterprise oriented distro's. > > I have seen my share of shitty issues with FC and learned from it. So > it is up to you to learn it the hard way yourself by continueing on > this path or take someone's word for it while you hit your first > serious bump on a road I feel will lead you to more trouble. > > Hugo. > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHBOXpEfZZRxQVtlQRAsN5AJ0c/0M4wHQuCFnwlkLk8psi42Y3FACg7zB3 DGPd4fGNdXo952hAUDApdWU= =jAhl -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From rowan at rownetco.com Thu Oct 4 14:34:29 2007 From: rowan at rownetco.com (John Rowan) Date: Thu Oct 4 14:34:51 2007 Subject: Rejecting based on DNS Registrar Message-ID: <4704EBE5.3010602@rownetco.com> First, this is more a procmail question than a MailScanner one. I'm running version 4.21-9 on several old RedHat 9 servers. Please don't tell me RH9 is dead, I know it. Proprietary apps running that the software vendor hasn't moved to a later distribution. With that said, a lot of spam use to be advertising garbage where the domain name had been registered through RegisterFly. Now that that problem was taken care of it seems like a good amount of the advertising junk is being registered through COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM None of the companies we correspond with use joker.com so I'm looking for procmail to look in the body of the email to parse any links then see whether the name is registered through joker.com and throw it away. My problem is that I have very basic procmail recipe knowledge and don't know how to spawn off to dig or whois to see whether joker.com is the registrar. I went to Barnes & Noble (book store) looking for a procmail specific book but there was none. From hvdkooij at vanderkooij.org Thu Oct 4 14:39:37 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Oct 4 14:39:49 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: <4704E5E8.8090007@ecs.soton.ac.uk> References: <20071004003834.M18847@comp-wiz.com> <20071004110940.M22700@comp-wiz.com> <4704E5E8.8090007@ecs.soton.ac.uk> Message-ID: On Thu, 4 Oct 2007, Julian Field wrote: > Come on man, relax. This guy's got himself into a tight corner and I > think you have already made that perfectly clear. It doesn't help him > solve the problem he's got. Let's concentrate on getting him going > again, I'm sure he has learned his lesson after your detailed explanations. As soon as Vernon can produce sufficient details to see what goes on we might give that a shot. I just checked and there is no basic troubleshooting section on the mailscanner site. I think we just established there is some need for it. Perhaps I should give it a scratch. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From a.peacock at chime.ucl.ac.uk Thu Oct 4 16:16:55 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu Oct 4 16:16:59 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: References: <20071004003834.M18847@comp-wiz.com> <20071004110940.M22700@comp-wiz.com> <4704E5E8.8090007@ecs.soton.ac.uk> Message-ID: <470503E7.5090000@chime.ucl.ac.uk> Hi, Hugo van der Kooij wrote: > On Thu, 4 Oct 2007, Julian Field wrote: > >> Come on man, relax. This guy's got himself into a tight corner and I >> think you have already made that perfectly clear. It doesn't help him >> solve the problem he's got. Let's concentrate on getting him going >> again, I'm sure he has learned his lesson after your detailed >> explanations. > > As soon as Vernon can produce sufficient details to see what goes on we > might give that a shot. > > I just checked and there is no basic troubleshooting section on the > mailscanner site. I think we just established there is some need for it. > Perhaps I should give it a scratch. Agreed that we need more details. But the first thought based on the problem description is that the 'updates and upgrades' have broken Perl or a required Perl module. That would be the first place to start looking. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "A CAT scan should take less time than a PET scan. For a CAT scan, they're only looking for one thing, whereas a PET scan could result in a lot of things." - Carl Princi, 2002/07/19 From j.ede at birchenallhowden.co.uk Thu Oct 4 16:54:34 2007 From: j.ede at birchenallhowden.co.uk (Jason Ede) Date: Thu Oct 4 17:03:04 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: <470503E7.5090000@chime.ucl.ac.uk> References: <20071004003834.M18847@comp-wiz.com> <20071004110940.M22700@comp-wiz.com> <4704E5E8.8090007@ecs.soton.ac.uk> <470503E7.5090000@chime.ucl.ac.uk> Message-ID: On FC7 there was a broken perl update. Might affect FC6 as well... I posted on it a while back. Again, need more info... -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Anthony Peacock Sent: 04 October 2007 16:17 To: MailScanner discussion Subject: Re: MailScanner Broke on both Fedora Core 6 & 7 Hi, Hugo van der Kooij wrote: > On Thu, 4 Oct 2007, Julian Field wrote: > >> Come on man, relax. This guy's got himself into a tight corner and I >> think you have already made that perfectly clear. It doesn't help him >> solve the problem he's got. Let's concentrate on getting him going >> again, I'm sure he has learned his lesson after your detailed >> explanations. > > As soon as Vernon can produce sufficient details to see what goes on we > might give that a shot. > > I just checked and there is no basic troubleshooting section on the > mailscanner site. I think we just established there is some need for it. > Perhaps I should give it a scratch. Agreed that we need more details. But the first thought based on the problem description is that the 'updates and upgrades' have broken Perl or a required Perl module. That would be the first place to start looking. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "A CAT scan should take less time than a PET scan. For a CAT scan, they're only looking for one thing, whereas a PET scan could result in a lot of things." - Carl Princi, 2002/07/19 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From jaearick at colby.edu Thu Oct 4 17:07:23 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Oct 4 17:07:34 2007 Subject: 4.64.3: raise spam score via watermark? In-Reply-To: <4703DFF3.8070301@ecs.soton.ac.uk> References: <4703D577.2060100@ecs.soton.ac.uk> <4703DFF3.8070301@ecs.soton.ac.uk> Message-ID: Gang, I got Julian's revised version of Message.pm this morning, put it in and it works great for logging what watermarking is doing. So I chose an increase of 2.0 due to watermarking. If I had chosen "spam" instead of a number, I guess this would have been equivalent to the default of 6.0, right? Any suggestions on what to set this number to? Jeff Earickson Colby College On Wed, 3 Oct 2007, Julian Field wrote: > Date: Wed, 03 Oct 2007 19:31:15 +0100 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: 4.64.3: raise spam score via watermark? > > All done. It will be in the next release. If you really need this now, then I > can send you a replacement Message.pm, but I'll do this off list. > > Jules. > > Julian Field wrote: >> I don't think I added any logging to this. I'll add a log entry for when >> this happens. >> >> Jeff A. Earickson wrote: >>> Julian, >>> >>> I set: >>> >>> Treat Invalid Watermarks With No Sender as Spam = 2.0 >>> >>> in version 4.64.3. Is there any indication in the syslogs >>> that watermarking raised a spam score? Or any indication >>> on the mail headers? I have most spam logging settings turned >>> on. I'm giving this feature a whirl here... >>> >>> Jeff Earickson >>> Colby College >> >> Jules >> > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Thu Oct 4 16:19:58 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Oct 4 17:19:16 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: <20071004003834.M18847@comp-wiz.com> References: <20071004003834.M18847@comp-wiz.com> Message-ID: on 10/3/2007 5:44 PM Vernon Webb spake the following: > As I mentioned previously. I just upgraded 2 Fedora Core servers one 6 > and the other 7 (I know some of you don't like it, but it my server of > choice) and now MailScanner is broke, even after reinstalling it. I did > a lint test and from what I can tell all seems well. However now I am > getting hit with so much spam it is unbelievable and nothing at all > seems to be labeled as SPAM. I'm not really sure what to do. Amy ideas? > > Thanks > Was there a sendmail upgrade that might have turned it back on to autostart? chkconfig --list sendmail -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Thu Oct 4 16:18:23 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Oct 4 17:26:11 2007 Subject: OT: How You doing Jules? In-Reply-To: References: <4703D66B.2000305@ecs.soton.ac.uk> <4703EE46.40409@nkpanama.com> <4703F2E2.5010801@ecs.soton.ac.uk> Message-ID: on 10/4/2007 12:09 AM Craig Retief spake the following: > I am glad 2 hear that you are doing OK atm. :-) celebrate> > > Well I know the feeling of living from the office, but hey, if we don't do > it, who will? :-D > > Craig If we aren't in the office, they just call us at home anyway! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Thu Oct 4 16:46:43 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Oct 4 17:51:39 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: <20071004023934.M20713@comp-wiz.com> References: <20071004003834.M18847@comp-wiz.com><470439D6.8000002@sequestered.net><20071004010922.M70299@comp-wiz.com> <2071723395-1191460784-cardhu_decombobulator_blackberry.rim.net-110161933-@bxe122.bisx.prod.on.blackberry> <20071004023934.M20713@comp-wiz.com> Message-ID: on 10/3/2007 7:40 PM Vernon Webb spake the following: > > Did you remember to do: > > > > service sendmail stop > > chkconfig sendmail off > > > > before starting MailScanner? Sounds like sendmail process still > running. > > I did and I did again, still no luck. > How about a killall sendmail after the service sendmail start? Or a reboot if a process is really hosed. Look at the output of rpm -qa --last and look at what was upgraded. The date of install of the rpms will be there. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From hvdkooij at vanderkooij.org Thu Oct 4 18:03:53 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Oct 4 18:04:04 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: References: <20071004003834.M18847@comp-wiz.com> <20071004110940.M22700@comp-wiz.com> <4704E5E8.8090007@ecs.soton.ac.uk> Message-ID: On Thu, 4 Oct 2007, Hugo van der Kooij wrote: > On Thu, 4 Oct 2007, Julian Field wrote: > >> Come on man, relax. This guy's got himself into a tight corner and I >> think you have already made that perfectly clear. It doesn't help him >> solve the problem he's got. Let's concentrate on getting him going >> again, I'm sure he has learned his lesson after your detailed >> explanations. > > As soon as Vernon can produce sufficient details to see what goes on we might > give that a shot. > > I just checked and there is no basic troubleshooting section on the > mailscanner site. I think we just established there is some need for it. > Perhaps I should give it a scratch. I scrabled down some notes: http://wiki.mailscanner.info/doku.php?id=maq:index#basic_troubleshooting It should at least help a bit in getting the right information from future posters. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From vernon at comp-wiz.com Thu Oct 4 19:10:39 2007 From: vernon at comp-wiz.com (Vernon Webb) Date: Thu Oct 4 19:10:53 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: References: <20071004003834.M18847@comp-wiz.com> <20071004110940.M22700@comp-wiz.com> <4704E5E8.8090007@ecs.soton.ac.uk> <470503E7.5090000@chime.ucl.ac.uk> Message-ID: <20071004180823.M74714@comp-wiz.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071004/af9b07fc/attachment.html From vernon at comp-wiz.com Thu Oct 4 19:17:46 2007 From: vernon at comp-wiz.com (Vernon Webb) Date: Thu Oct 4 19:17:59 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: References: <20071004003834.M18847@comp-wiz.com> Message-ID: <20071004181706.M978@comp-wiz.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071004/65948ad1/attachment.html From uxbod at splatnix.net Thu Oct 4 19:25:45 2007 From: uxbod at splatnix.net (UxBoD) Date: Thu Oct 4 19:26:40 2007 Subject: OT: How You doing Jules? In-Reply-To: Message-ID: <11605653.8531191522345104.JavaMail.root@office.splatnix.net> Scott, its the little button you press on ya mobile/blackberry to switch it off :) IT people are never allowed a normal life! Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Scott Silva" To: mailscanner@lists.mailscanner.info Sent: Thursday, October 4, 2007 3:18:23 PM (GMT) Africa/Casablanca Subject: Re: OT: How You doing Jules? on 10/4/2007 12:09 AM Craig Retief spake the following: > I am glad 2 hear that you are doing OK atm. :-) celebrate> > > Well I know the feeling of living from the office, but hey, if we don't do > it, who will? :-D > > Craig If we aren't in the office, they just call us at home anyway! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From j.ede at birchenallhowden.co.uk Thu Oct 4 19:32:49 2007 From: j.ede at birchenallhowden.co.uk (Jason Ede) Date: Thu Oct 4 19:33:14 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: <20071004180823.M74714@comp-wiz.com> References: <20071004003834.M18847@comp-wiz.com> <20071004110940.M22700@comp-wiz.com> <4704E5E8.8090007@ecs.soton.ac.uk> <470503E7.5090000@chime.ucl.ac.uk> <20071004180823.M74714@comp-wiz.com> Message-ID: How did you uninstall and reinstall perl? If you did this with yum, then you'll probably need to check the requirements of MailScanner to check that everything needed is installed again as a lot of things depend on perl. Then take a look at the perl modules inside the mailscanner install and install as many as you can with yum, before running the MailScanner install script. What errors do you get when you try starting MailScanner or won't it even install? Jason From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Vernon Webb Sent: 04 October 2007 19:11 To: MailScanner discussion Subject: RE: MailScanner Broke on both Fedora Core 6 & 7 Perl was broken on 6 for sure, not so sure about 7 as MailScanner won't even install on that system and me being an idiot I decided to uninstall perl which really messed me up. But I did manage to get that back installed but still nothing. Next I decided to upgrade the system to 7 which really messed me up as the one system is now off line. How do I correct the perl situation? ________________________________ Vernon Webb (201) 703-1232 web designs & web hosting by comp-wiz.com, inc. Information in this transmission is privileged & confidential. It is intended for the use of the individual or entity named above. Any review, dissemination, disclosure, alteration, printing, circulation or transmission of this email or it's attachments is prohibited and unlawful. ---------- Original Message ----------- From: Jason Ede To: MailScanner discussion Sent: Thu, 4 Oct 2007 16:54:34 +0100 Subject: RE: MailScanner Broke on both Fedora Core 6 & 7 > On FC7 there was a broken perl update. Might affect FC6 as well... I posted on it a while back. Again, need more info... > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Anthony Peacock > Sent: 04 October 2007 16:17 > To: MailScanner discussion > Subject: Re: MailScanner Broke on both Fedora Core 6 & 7 > > Hi, > > Hugo van der Kooij wrote: > > On Thu, 4 Oct 2007, Julian Field wrote: > > > >> Come on man, relax. This guy's got himself into a tight corner and I > >> think you have already made that perfectly clear. It doesn't help him > >> solve the problem he's got. Let's concentrate on getting him going > >> again, I'm sure he has learned his lesson after your detailed > >> explanations. > > > > As soon as Vernon can produce sufficient details to see what goes on we > > might give that a shot. > > > > I just checked and there is no basic troubleshooting section on the > > mailscanner site. I think we just established there is some need for it. > > Perhaps I should give it a scratch. > > Agreed that we need more details. > > But the first thought based on the problem description is that the > 'updates and upgrades' have broken Perl or a required Perl module. > > That would be the first place to start looking. > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "A CAT scan should take less time than a PET scan. For a CAT scan, > they're only looking for one thing, whereas a PET scan could result in > a lot of things." - Carl Princi, 2002/07/19 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ------- End of Original Message ------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071004/2e336cf2/attachment-0001.html From ssilva at sgvwater.com Thu Oct 4 19:53:37 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Oct 4 21:03:21 2007 Subject: OT: How You doing Jules? In-Reply-To: <11605653.8531191522345104.JavaMail.root@office.splatnix.net> References: <11605653.8531191522345104.JavaMail.root@office.splatnix.net> Message-ID: on 10/4/2007 11:25 AM UxBoD spake the following: > Scott, its the little button you press on ya mobile/blackberry to switch it off :) IT people are never allowed a normal life! > > Regards, There is an off button on that d@*n thing! I usually take my lappy with me on trips, and the PHB's were kind enough to provide a wireless broadband card. But the systems usually stay pretty stable, and I have people trained to do the everyday tasks like release quarantined mail and re-start a server that is in the twilight zone. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Thu Oct 4 21:43:10 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Oct 4 21:43:28 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: References: <20071004003834.M18847@comp-wiz.com> <20071004110940.M22700@comp-wiz.com> <4704E5E8.8090007@ecs.soton.ac.uk> <470503E7.5090000@chime.ucl.ac.uk> <20071004180823.M74714@comp-wiz.com> Message-ID: <4705505E.4020802@ecs.soton.ac.uk> I've just fixed his system. You wouldn't have found it in a hurry, and it wasn't remotely related to Perl. Something in his sendmail.cf was making it ignore the -ODeliveryMode=queueonly command line switch to sendmail, causing it to immediately deliver all mail sent in. And yes, I know how to stop and start sendmail thoroughly so don't even go there. I've never seen anything like it. I upgraded his sendmail and sendmail-cf rpms, touched /etc/mail/sendmail.mc and rebuilt sendmail.cf from it with 'cd /etc/mail && make'. Lo and behold, sendmail started behaving itself again. I've never seen anything like it. It's taken me the best part of an hour to find it. That's ?200 or $400 at my usual rates, but it was an interesting problem so I've just asked him for some stuff off my wish list instead :-) I watched the sendmail command line go past (added a set -x to /etc/init.d/MailScanner so I could check it) and upped the LogLevel to 14 so I could get it to log its own command line, and all the switches were there completely as normal. It was just choosing to ignore the queueonly instruction completely! Upgraded sendmail and sendmail-cf, rebuild .cf and it started working normally. Nothing else wrong. Weird... Jules. Jason Ede wrote: > > How did you uninstall and reinstall perl? If you did this with yum, > then you?ll probably need to check the requirements of MailScanner to > check that everything needed is installed again as a lot of things > depend on perl. Then take a look at the perl modules inside the > mailscanner install and install as many as you can with yum, before > running the MailScanner install script. > > What errors do you get when you try starting MailScanner or won?t it > even install? > > Jason > > *From:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Vernon Webb > *Sent:* 04 October 2007 19:11 > *To:* MailScanner discussion > *Subject:* RE: MailScanner Broke on both Fedora Core 6 & 7 > > Perl was broken on 6 for sure, not so sure about 7 as MailScanner > won't even install on that system and me being an idiot I decided to > uninstall perl which really messed me up. But I did manage to get that > back installed but still nothing. Next I decided to upgrade the system > to 7 which really messed me up as the one system is now off line. How > do I correct the perl situation? > > ------------------------------------------------------------------------ > > Vernon Webb > (201) 703-1232 > web designs & web hosting > by comp-wiz.com, inc. > Information in this transmission is privileged & confidential. It is > intended for the use of the individual or entity named above. Any > review, dissemination, disclosure, alteration, printing, circulation > or transmission of this email or it's attachments is prohibited and > unlawful. > > *---------- Original Message -----------* > From: Jason Ede > To: MailScanner discussion > Sent: Thu, 4 Oct 2007 16:54:34 +0100 > Subject: RE: MailScanner Broke on both Fedora Core 6 & 7 > > > On FC7 there was a broken perl update. Might affect FC6 as well... I > posted on it a while back. Again, need more info... > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Anthony Peacock > > Sent: 04 October 2007 16:17 > > To: MailScanner discussion > > Subject: Re: MailScanner Broke on both Fedora Core 6 & 7 > > > > Hi, > > > > Hugo van der Kooij wrote: > > > On Thu, 4 Oct 2007, Julian Field wrote: > > > > > >> Come on man, relax. This guy's got himself into a tight corner and I > > >> think you have already made that perfectly clear. It doesn't help him > > >> solve the problem he's got. Let's concentrate on getting him going > > >> again, I'm sure he has learned his lesson after your detailed > > >> explanations. > > > > > > As soon as Vernon can produce sufficient details to see what goes > on we > > > might give that a shot. > > > > > > I just checked and there is no basic troubleshooting section on the > > > mailscanner site. I think we just established there is some need > for it. > > > Perhaps I should give it a scratch. > > > > Agreed that we need more details. > > > > But the first thought based on the problem description is that the > > 'updates and upgrades' have broken Perl or a required Perl module. > > > > That would be the first place to start looking. > > > > -- > > Anthony Peacock > > CHIME, Royal Free & University College Medical School > > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > > > "A CAT scan should take less time than a PET scan. For a CAT scan, > > they're only looking for one thing, whereas a PET scan could result in > > a lot of things." - Carl Princi, 2002/07/19 > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > *------- End of Original Message -------* > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From hvdkooij at vanderkooij.org Thu Oct 4 22:02:08 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Oct 4 22:02:26 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: <20071004180823.M74714@comp-wiz.com> References: <20071004003834.M18847@comp-wiz.com> <20071004110940.M22700@comp-wiz.com> <4704E5E8.8090007@ecs.soton.ac.uk> <470503E7.5090000@chime.ucl.ac.uk> <20071004180823.M74714@comp-wiz.com> Message-ID: On Thu, 4 Oct 2007, Vernon Webb wrote: > Perl was broken on 6 for sure, not so sure about 7 as MailScanner won't even install on that system and me being an idiot I decided to uninstall perl which really > messed me up. But I did manage to get that back installed but still nothing. Next I decided to upgrade the system to 7 which really messed me up as the one system > is now off line. How do I correct the perl situation? Right. You are in a tight spot. If these systems are important you have several options in my view: 1. Cut your losses as they are now and reinstall the OS fom scratch. A basic install will take less then an hour and with another hour you should also have all the requirements and the update in place. I have included a current RPM list what I needed to get Centos 5 work with the latest stabel MailScanner. I only needed rpmforge added and except for MS itself I only needed yum install ... 2. Try to salvage the current setup by removing everything from the perl stuff and install all of it a new. Frankly. I am not sure if it works but it might get you back in business in an hour. Or it may not work at all. 3. Try to describe the problem so someone might give you hints. At present you are not showing things like error messages or things that do or do not work there is no way to provide any help in salvaging anything. No one here knows your system, what you might have installed on it and in which way. By now there is no simple magic trick to make it all work. You have been strugling with this for hours. The list of perl RPM packages I have on Centos 5. You may not need them all for MailScanner: perl-5.8.8-10 perl-Archive-Tar-1.32-1.el5.rf perl-Archive-Zip-1.20-1.el5.rf perl-BerkeleyDB-0.31-1.el5.rf perl-Compress-Raw-Zlib-2.005-1.el5.rf perl-Compress-Zlib-2.005-1.el5.rf perl-Convert-BinHex-1.119-2.2.el5.rf perl-Convert-TNEF-0.17-3.2.el5.rf perl-Convert-UUlib-1.051-1.2.el5.rf perl-Crypt-DES-2.05-3.2.el5.rf perl-Crypt-OpenSSL-RSA-0.25-1.el5.rf perl-Crypt-PasswdMD5-1.3-1.2.el5.rf perl-DateManip-5.44-1.2.1 perl-DBD-MySQL-3.0007-1.fc6 perl-DBD-SQLite-1.13-1.el5.rf perl-DBI-1.58-2.el5.rf perl-Digest-HMAC-1.01-15 perl-Digest-SHA1-2.11-1.2.1 perl-Digest-SHA-5.44-1.el5.rf perl-Encode-Detect-1.00-1.el5.rf perl-Error-0.17008-2.el5.rf perl-Filesys-Df-0.92-1.el5.rf perl-Filesys-DiskFree-0.06-1.2.el5.rf perl-Filesys-DiskSpace-0.05-1.2.el5.rf perl-File-Tail-0.99.3-1.2.el5.rf perl-Geography-Countries-1.4-2.2.el5.rf perl-Geo-IP-1.27-1.2.el5.rf perl-Geo-IPfree-0.2-1.2.el5.rf perl-HTML-Parser-3.55-1.fc6 perl-HTML-Tagset-3.10-2.1.1 perl-Inline-0.44-1.el5.rf perl-IO-Compress-Base-2.005-1.el5.rf perl-IO-Compress-Zlib-2.005-1.el5.rf perl-IO-Interface-1.03-1.el5.rf perl-IO-Multiplex-1.08-3.el5.rf perl-IO-Socket-INET6-2.51-2.fc6 perl-IO-Socket-SSL-1.07-2.el5.rf perl-IO-stringy-2.110-1.2.el5.rf perl-IO-Zlib-1.05-1.el5.rf perl-IP-Country-2.23-1.el5.rf perl-libwww-perl-5.805-1.1.1 perl-Mail-ClamAV-0.20-1.el5.rf perl-Mail-DKIM-0.26-1.el5.rf perl-Mail-DomainKeys-1.0-1.el5.rf perl-Mail-SPF-2.005-1.el5.rf perl-MailTools-1.77-1.el5.rf perl-MIME-tools-5.420-2.el5.rf perl-NetAddr-IP-4.007-1.el5.rf perl-Net-CIDR-0.11-1.2.el5.rf perl-Net-CIDR-Lite-0.20-1.2.el5.rf perl-Net-Daemon-0.43-1.el5.rf perl-Net-DNS-0.61-1.el5.rf perl-Net-Ident-1.20-1.2.el5.rf perl-Net-IP-1.25-2.fc6 perl-Net-Pcap-0.12-1.el5.rf perl-Net-Server-0.97-1.el5.rf perl-Net-SSLeay-1.30-4.fc6 perl-Net-XWhois-0.90-1.2.el5.rf perl-Parse-Syslog-1.09-1.el5.rf perl-Parse-Yapp-1.05-1.el5.rf perl-PlRPC-0.2020-1.el5.rf perl-Razor-Agent-2.84-1.el5.rf perl-rrdtool-1.2.23-1.el5.rf perl-Socket6-0.19-3.fc6 perl-String-Approx-3.26-1.el5.rf perl-String-CRC32-1.4-2.fc6 perl-Sys-Hostname-Long-1.4-1.2.el5.rf perl-TimeDate-1.16-1.2.el5.rf perl-Unix-Syslog-0.100-1.2.el5.rf perl-URI-1.35-3 perl-version-0.72.3-1.el5.rf perl-XML-Dumper-0.81-2.fc6 perl-XML-Encoding-1.01-26 perl-XML-Parser-2.34-6.1.2.2.1 The repositories I use: -rw-r--r-- 1 root root 2371 Apr 8 21:22 CentOS-Base.repo -rw-r--r-- 1 root root 622 Apr 8 21:22 CentOS-Media.repo -rw-r--r-- 1 root root 428 Mar 8 2007 rpmforge.repo Add AV stuff and MailScanner and you could be back in business. I guess the list should be similar for Fedora Core 6 or Fedora 7 if you still wish to use it. Just make sure you only use the repository for the system in question. Do NOT put Fedora 7 stuff on Fedora Core 6 or the other way around unless you want to risk a similar nightmare. And for pity sake try to avoid using CPAN ton install anything for perl unless you want to relive the nightmare with a future upgrade. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From ajcartmell at fonant.com Thu Oct 4 22:05:42 2007 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Thu Oct 4 22:05:39 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: <4705505E.4020802@ecs.soton.ac.uk> References: <20071004003834.M18847@comp-wiz.com> <20071004110940.M22700@comp-wiz.com> <4704E5E8.8090007@ecs.soton.ac.uk> <470503E7.5090000@chime.ucl.ac.uk> <20071004180823.M74714@comp-wiz.com> <4705505E.4020802@ecs.soton.ac.uk> Message-ID: > I've just fixed his system. You wouldn't have found it in a hurry, and > it wasn't remotely related to Perl. Thanks for the feedback, Jules. I've filed it away in my "might need that at somepoint in the future" memory. I don't suppose you saved the original sendmail.cf to do a diff with... ;) Cheers! Anthony -- www.fonant.com - Quality web sites From hvdkooij at vanderkooij.org Thu Oct 4 22:13:19 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Oct 4 22:13:31 2007 Subject: [SPAM] Re: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: <4705505E.4020802@ecs.soton.ac.uk> References: <20071004003834.M18847@comp-wiz.com> <20071004110940.M22700@comp-wiz.com> <4704E5E8.8090007@ecs.soton.ac.uk> <470503E7.5090000@chime.ucl.ac.uk> <20071004180823.M74714@comp-wiz.com> <4705505E.4020802@ecs.soton.ac.uk> Message-ID: On Thu, 4 Oct 2007, Julian Field wrote: > I've just fixed his system. You wouldn't have found it in a hurry, and it > wasn't remotely related to Perl. > > Something in his sendmail.cf was making it ignore the > -ODeliveryMode=queueonly command line switch to sendmail, causing it to > immediately deliver all mail sent in. And yes, I know how to stop and start > sendmail thoroughly so don't even go there. I've never seen anything like it. > I upgraded his sendmail and sendmail-cf rpms, touched /etc/mail/sendmail.mc > and rebuilt sendmail.cf from it with 'cd /etc/mail && make'. Lo and behold, > sendmail started behaving itself again. But the log was clear enough to indicate that MailScanner was never called upon? But sendmail was just having a laugh at Vernon's expense and bypassed MailScanner completely. Or did I misunderstood the issue? Part of my enquiry has to do with the troubleshooting hints I am writing up. A working MTA without MS being called is something to cover at some point. BTW: Did you have a quick look at the first steps I took at a troubleshooting checklist/guide? (The list may seem trivial but I know troubleshooting is hard for a lot of people.) Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From MailScanner at ecs.soton.ac.uk Thu Oct 4 22:28:16 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Oct 4 22:28:45 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: References: <20071004003834.M18847@comp-wiz.com> <20071004110940.M22700@comp-wiz.com> <4704E5E8.8090007@ecs.soton.ac.uk> <470503E7.5090000@chime.ucl.ac.uk> <20071004180823.M74714@comp-wiz.com> <4705505E.4020802@ecs.soton.ac.uk> Message-ID: <47055AF0.6070806@ecs.soton.ac.uk> Anthony Cartmell wrote: >> I've just fixed his system. You wouldn't have found it in a hurry, >> and it wasn't remotely related to Perl. > > Thanks for the feedback, Jules. I've filed it away in my "might need > that at somepoint in the future" memory. > > I don't suppose you saved the original sendmail.cf to do a diff > with... ;) > > Cheers! > > Anthony The sendmail.mc was as shipped with FC7, except for changing the Daemon Options to stop it only listening on localhost. [root@ns mail]# diff sendmail.cf.bak sendmail.cf 19c19 < ##### built by root@ns.comp-wiz.com on Sun Aug 5 14:10:35 EDT 2007 --- > ##### built by root@ns.comp-wiz.com on Thu Oct 4 16:08:31 EDT 2007 264a265 > O DaemonPortOptions=Port=smtp, Name=MTA 1169a1171,1172 > R<@> < $* @ localhost.localdomain > > $: < ? $&{client_name} > < $1 @ localhost.localdomain > 1838d1840 < O MatchGECOS=False Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Thu Oct 4 22:30:07 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Oct 4 22:30:28 2007 Subject: [SPAM] Re: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: References: <20071004003834.M18847@comp-wiz.com> <20071004110940.M22700@comp-wiz.com> <4704E5E8.8090007@ecs.soton.ac.uk> <470503E7.5090000@chime.ucl.ac.uk> <20071004180823.M74714@comp-wiz.com> <4705505E.4020802@ecs.soton.ac.uk> Message-ID: <47055B5F.9020007@ecs.soton.ac.uk> Hugo van der Kooij wrote: > On Thu, 4 Oct 2007, Julian Field wrote: > >> I've just fixed his system. You wouldn't have found it in a hurry, >> and it wasn't remotely related to Perl. >> >> Something in his sendmail.cf was making it ignore the >> -ODeliveryMode=queueonly command line switch to sendmail, causing it >> to immediately deliver all mail sent in. And yes, I know how to stop >> and start sendmail thoroughly so don't even go there. I've never seen >> anything like it. I upgraded his sendmail and sendmail-cf rpms, >> touched /etc/mail/sendmail.mc and rebuilt sendmail.cf from it with >> 'cd /etc/mail && make'. Lo and behold, sendmail started behaving >> itself again. > > But the log was clear enough to indicate that MailScanner was never > called upon? But sendmail was just having a laugh at Vernon's expense > and bypassed MailScanner completely. Or did I misunderstood the issue? MailScanner was never managing to pick up the message before sendmail just delivered it. > > Part of my enquiry has to do with the troubleshooting hints I am > writing up. A working MTA without MS being called is something to > cover at some point. The MTA, without MailScanner, looked to be working fine, everything was being delivered as it would be normally. > > BTW: Did you have a quick look at the first steps I took at a > troubleshooting checklist/guide? (The list may seem trivial but I know > troubleshooting is hard for a lot of people.) No, I didn't. Sorry. > > Hugo. > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Thu Oct 4 22:32:28 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Oct 4 22:32:59 2007 Subject: Rejecting based on DNS Registrar In-Reply-To: <4704EBE5.3010602@rownetco.com> References: <4704EBE5.3010602@rownetco.com> Message-ID: <47055BEC.2010301@ecs.soton.ac.uk> Personally, I would write a SpamAssassin plugin to do it. Then you can use my new "SpamAssassin Rule Actions" setting to delete mail where your new rule to call your plugin fires. Grab a copy of Botnet.pm to start from, it's a very simple module that you can easily base your own on. John Rowan wrote: > First, this is more a procmail question than a MailScanner one. > I'm running version 4.21-9 on several old RedHat 9 servers. > Please don't tell me RH9 is dead, I know it. Proprietary apps running > that the software vendor hasn't moved to a later distribution. > > With that said, a lot of spam use to be advertising garbage where the > domain name had been registered through RegisterFly. Now that > that problem was taken care of it seems like a good amount of the > advertising > junk is being registered through > COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM > > None of the companies we correspond with use joker.com so I'm looking for > procmail to look in the body of the email to parse any links then see > whether > the name is registered through joker.com and throw it away. > > My problem is that I have very basic procmail recipe knowledge and > don't know > how to spawn off to dig or whois to see whether joker.com is the > registrar. > I went to Barnes & Noble (book store) looking for a procmail specific > book but > there was none. > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Thu Oct 4 22:15:23 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Oct 4 22:37:45 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: <4705505E.4020802@ecs.soton.ac.uk> References: <20071004003834.M18847@comp-wiz.com> <20071004110940.M22700@comp-wiz.com> <4704E5E8.8090007@ecs.soton.ac.uk> <470503E7.5090000@chime.ucl.ac.uk> <20071004180823.M74714@comp-wiz.com> <4705505E.4020802@ecs.soton.ac.uk> Message-ID: on 10/4/2007 1:43 PM Julian Field spake the following: > I've just fixed his system. You wouldn't have found it in a hurry, and > it wasn't remotely related to Perl. Julian, you are the greatest! > > Something in his sendmail.cf was making it ignore the > -ODeliveryMode=queueonly command line switch to sendmail, causing it to > immediately deliver all mail sent in. And yes, I know how to stop and > start sendmail thoroughly so don't even go there. I've never seen > anything like it. I upgraded his sendmail and sendmail-cf rpms, touched > /etc/mail/sendmail.mc and rebuilt sendmail.cf from it with 'cd /etc/mail > && make'. Lo and behold, sendmail started behaving itself again. > > I've never seen anything like it. It's taken me the best part of an hour > to find it. That's ?200 or $400 at my usual rates, but it was an Boy do I feel underpaid! I usually do off hours work for the $150(?75) range. But I do a lot of stuff for very poor non-profits like churches, and donate a lot of the time gratis. I think I am going to get into this MailScanner support business. The jokes will still be free... But you get what you pay for! ;-P Glenn will probably say I am still overcharging at free... > interesting problem so I've just asked him for some stuff off my wish > list instead :-) > > I watched the sendmail command line go past (added a set -x to > /etc/init.d/MailScanner so I could check it) and upped the LogLevel to > 14 so I could get it to log its own command line, and all the switches > were there completely as normal. It was just choosing to ignore the > queueonly instruction completely! Upgraded sendmail and sendmail-cf, > rebuild .cf and it started working normally. Nothing else wrong. Weird... > > Jules. I had a problem like this back in the RedHat 7.3 days. I think it was back when RedHat changed from keeping mail config files in /etc and then moved them to /etc/mail. It could be as far back as RH 6.0. Either way, it borked real bad. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Thu Oct 4 22:18:12 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Oct 4 22:41:36 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: References: <20071004003834.M18847@comp-wiz.com> <20071004110940.M22700@comp-wiz.com> <4704E5E8.8090007@ecs.soton.ac.uk> <470503E7.5090000@chime.ucl.ac.uk> <20071004180823.M74714@comp-wiz.com> Message-ID: on 10/4/2007 2:02 PM Hugo van der Kooij spake the following: > On Thu, 4 Oct 2007, Vernon Webb wrote: > >> Perl was broken on 6 for sure, not so sure about 7 as MailScanner >> won't even install on that system and me being an idiot I decided to >> uninstall perl which really >> messed me up. But I did manage to get that back installed but still >> nothing. Next I decided to upgrade the system to 7 which really messed >> me up as the one system >> is now off line. How do I correct the perl situation? > > Right. You are in a tight spot. If these systems are important you have > several options in my view: > > 1. Cut your losses as they are now and reinstall the OS fom scratch. > A basic install will take less then an hour and with another hour > you should also have all the requirements and the update in place. > I have included a current RPM list what I needed to get Centos 5 > work with the latest stabel MailScanner. I only needed rpmforge > added and except for MS itself I only needed yum install ... > > 2. Try to salvage the current setup by removing everything from the perl > stuff and install all of it a new. > Frankly. I am not sure if it works but it might get you back in > business in an hour. Or it may not work at all. > > 3. Try to describe the problem so someone might give you hints. > At present you are not showing things like error messages or > things that do or do not work there is no way to provide any help > in salvaging anything. No one here knows your system, what you > might have installed on it and in which way. > > By now there is no simple magic trick to make it all work. You have been > strugling with this for hours. > > The list of perl RPM packages I have on Centos 5. You may not need them > all for MailScanner: > > perl-5.8.8-10 > perl-Archive-Tar-1.32-1.el5.rf > perl-Archive-Zip-1.20-1.el5.rf > perl-BerkeleyDB-0.31-1.el5.rf > perl-Compress-Raw-Zlib-2.005-1.el5.rf > perl-Compress-Zlib-2.005-1.el5.rf > perl-Convert-BinHex-1.119-2.2.el5.rf > perl-Convert-TNEF-0.17-3.2.el5.rf > perl-Convert-UUlib-1.051-1.2.el5.rf > perl-Crypt-DES-2.05-3.2.el5.rf > perl-Crypt-OpenSSL-RSA-0.25-1.el5.rf > perl-Crypt-PasswdMD5-1.3-1.2.el5.rf > perl-DateManip-5.44-1.2.1 > perl-DBD-MySQL-3.0007-1.fc6 > perl-DBD-SQLite-1.13-1.el5.rf > perl-DBI-1.58-2.el5.rf > perl-Digest-HMAC-1.01-15 > perl-Digest-SHA1-2.11-1.2.1 > perl-Digest-SHA-5.44-1.el5.rf > perl-Encode-Detect-1.00-1.el5.rf > perl-Error-0.17008-2.el5.rf > perl-Filesys-Df-0.92-1.el5.rf > perl-Filesys-DiskFree-0.06-1.2.el5.rf > perl-Filesys-DiskSpace-0.05-1.2.el5.rf > perl-File-Tail-0.99.3-1.2.el5.rf > perl-Geography-Countries-1.4-2.2.el5.rf > perl-Geo-IP-1.27-1.2.el5.rf > perl-Geo-IPfree-0.2-1.2.el5.rf > perl-HTML-Parser-3.55-1.fc6 > perl-HTML-Tagset-3.10-2.1.1 > perl-Inline-0.44-1.el5.rf > perl-IO-Compress-Base-2.005-1.el5.rf > perl-IO-Compress-Zlib-2.005-1.el5.rf > perl-IO-Interface-1.03-1.el5.rf > perl-IO-Multiplex-1.08-3.el5.rf > perl-IO-Socket-INET6-2.51-2.fc6 > perl-IO-Socket-SSL-1.07-2.el5.rf > perl-IO-stringy-2.110-1.2.el5.rf > perl-IO-Zlib-1.05-1.el5.rf > perl-IP-Country-2.23-1.el5.rf > perl-libwww-perl-5.805-1.1.1 > perl-Mail-ClamAV-0.20-1.el5.rf > perl-Mail-DKIM-0.26-1.el5.rf > perl-Mail-DomainKeys-1.0-1.el5.rf > perl-Mail-SPF-2.005-1.el5.rf > perl-MailTools-1.77-1.el5.rf > perl-MIME-tools-5.420-2.el5.rf > perl-NetAddr-IP-4.007-1.el5.rf > perl-Net-CIDR-0.11-1.2.el5.rf > perl-Net-CIDR-Lite-0.20-1.2.el5.rf > perl-Net-Daemon-0.43-1.el5.rf > perl-Net-DNS-0.61-1.el5.rf > perl-Net-Ident-1.20-1.2.el5.rf > perl-Net-IP-1.25-2.fc6 > perl-Net-Pcap-0.12-1.el5.rf > perl-Net-Server-0.97-1.el5.rf > perl-Net-SSLeay-1.30-4.fc6 > perl-Net-XWhois-0.90-1.2.el5.rf > perl-Parse-Syslog-1.09-1.el5.rf > perl-Parse-Yapp-1.05-1.el5.rf > perl-PlRPC-0.2020-1.el5.rf > perl-Razor-Agent-2.84-1.el5.rf > perl-rrdtool-1.2.23-1.el5.rf > perl-Socket6-0.19-3.fc6 > perl-String-Approx-3.26-1.el5.rf > perl-String-CRC32-1.4-2.fc6 > perl-Sys-Hostname-Long-1.4-1.2.el5.rf > perl-TimeDate-1.16-1.2.el5.rf > perl-Unix-Syslog-0.100-1.2.el5.rf > perl-URI-1.35-3 > perl-version-0.72.3-1.el5.rf > perl-XML-Dumper-0.81-2.fc6 > perl-XML-Encoding-1.01-26 > perl-XML-Parser-2.34-6.1.2.2.1 > > The repositories I use: > -rw-r--r-- 1 root root 2371 Apr 8 21:22 CentOS-Base.repo > -rw-r--r-- 1 root root 622 Apr 8 21:22 CentOS-Media.repo > -rw-r--r-- 1 root root 428 Mar 8 2007 rpmforge.repo > > Add AV stuff and MailScanner and you could be back in business. I guess > the list should be similar for Fedora Core 6 or Fedora 7 if you still > wish to use it. Just make sure you only use the repository for the > system in question. Do NOT put Fedora 7 stuff on Fedora Core 6 or the > other way around unless you want to risk a similar nightmare. > > And for pity sake try to avoid using CPAN ton install anything for perl > unless you want to relive the nightmare with a future upgrade. > > Hugo. > > I wish somehow upstream would make the cpan stuff be a separate rpm and not default install it if it is possible. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From hvdkooij at vanderkooij.org Thu Oct 4 22:56:25 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Oct 4 22:56:42 2007 Subject: Rejecting based on DNS Registrar In-Reply-To: <47055BEC.2010301@ecs.soton.ac.uk> References: <4704EBE5.3010602@rownetco.com> <47055BEC.2010301@ecs.soton.ac.uk> Message-ID: On Thu, 4 Oct 2007, Julian Field wrote: > Personally, I would write a SpamAssassin plugin to do it. Then you can use my > new "SpamAssassin Rule Actions" setting to delete mail where your new rule to > call your plugin fires. > > Grab a copy of Botnet.pm to start from, it's a very simple module that you > can easily base your own on. There is a fun idea. A RegistarClassifier.pm module Just for the record Botnet.pm is not part of SA itself. But it can be found on: http://people.ucsc.edu/~jrudd/spamassassin/Botnet-0.7.tar Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From ssilva at sgvwater.com Thu Oct 4 23:14:36 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Oct 4 23:15:27 2007 Subject: Rejecting based on DNS Registrar In-Reply-To: References: <4704EBE5.3010602@rownetco.com> <47055BEC.2010301@ecs.soton.ac.uk> Message-ID: on 10/4/2007 2:56 PM Hugo van der Kooij spake the following: > On Thu, 4 Oct 2007, Julian Field wrote: > >> Personally, I would write a SpamAssassin plugin to do it. Then you can >> use my new "SpamAssassin Rule Actions" setting to delete mail where >> your new rule to call your plugin fires. >> >> Grab a copy of Botnet.pm to start from, it's a very simple module that >> you can easily base your own on. > > There is a fun idea. A RegistarClassifier.pm module > Just for the record Botnet.pm is not part of SA itself. But it can be > found on: http://people.ucsc.edu/~jrudd/spamassassin/Botnet-0.7.tar > > Hugo. > http://people.ucsc.edu/~jrudd/spamassassin/Botnet-0.8.tar as it has been updated, or just http://people.ucsc.edu/~jrudd/spamassassin/Botnet.tar to the latest version symlink. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From jefframsey at tubafor.com Thu Oct 4 23:51:23 2007 From: jefframsey at tubafor.com (Jeff Ramsey) Date: Fri Oct 5 01:14:17 2007 Subject: Anyone using MIMEDefang w/MailScanner to verify TO: address is valid Message-ID: <2F866896-4C56-4142-8E59-CEAC8FB5D3B7@tubafor.com> I am getting over 20,000 messages every day now, and only 3-5% are not spam. MailScanner is working great, however during the day it gets backed up to the point that it takes over an hour to get a message in or out. I was told that I could use MIMEDefang to verify that the TO: address is actually a vaild user. I am not quite sure how I would write such a filter. If anyone has a working mimedefang-filter for this situation, can you please send it my way? Jeff Ramsey MIS Administrator TMI Forest Products, Inc. jefframsey@tubafor.com 360.477.0738 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071004/dbecc7ee/attachment.html From ugob at lubik.ca Fri Oct 5 04:20:21 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Fri Oct 5 04:20:46 2007 Subject: MailScanner & Zenoss In-Reply-To: <18745390.801190640351110.JavaMail.root@office.splatnix.net> References: <18745390.801190640351110.JavaMail.root@office.splatnix.net> Message-ID: UxBoD wrote: > Hi, > > Is anybody using Zenoss to monitor MailScanner ? The issue I am having is that due to MailScanner showing its current state on the process line ie. Checking with SpamAssassin, Waiting for Messages there is no one process line to check and ensure MailScanner is running. On nagios, I use the check_process plugin. I raise an alert when there are less than x MailScanner processes. ugo From mailscanner at pdscc.com Fri Oct 5 06:28:10 2007 From: mailscanner at pdscc.com (Harondel J. Sibble) Date: Fri Oct 5 06:28:13 2007 Subject: copy spamassassin bayes filter to new ms machine Message-ID: <200710050528.l955S8i9020545@sinclaire.sibble.net> Is it possible to copy the spamassassin bayes corpus from a working mailscanner/mailwatch/spamassassing system to a newer ms/mw/sa box I setup to jumpstart it, rather than having to start from scratch? I figured this would be an easy google answer, but not so far. The new box is much faster and we want to retire the old box, but make use of it's "experience". -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From Jeff.Mills at versacold.com.au Fri Oct 5 06:45:53 2007 From: Jeff.Mills at versacold.com.au (Jeff Mills) Date: Fri Oct 5 06:45:58 2007 Subject: copy spamassassin bayes filter to new ms machine Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Harondel J. Sibble > Sent: Friday, 5 October 2007 3:28 PM > To: mailscanner@lists.mailscanner.info > Subject: copy spamassassin bayes filter to new ms machine > > Is it possible to copy the spamassassin bayes corpus from a > working mailscanner/mailwatch/spamassassing system to a newer > ms/mw/sa box I setup to jumpstart it, rather than having to > start from scratch? I figured this would be an easy google > answer, but not so far. I have copied my entire bayes folder from one mailscanner machine to another in the past with no adverse effects that I'm aware of. From mailscanner at PDSCC.COM Fri Oct 5 08:26:21 2007 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Fri Oct 5 08:26:24 2007 Subject: copy spamassassin bayes filter to new ms machine In-Reply-To: References: Message-ID: <200710050726.l957QJSQ020929@sinclaire.sibble.net> On 5 Oct 2007 at 15:45, Jeff Mills wrote: > I have copied my entire bayes folder from one mailscanner machine to > another in the past with no adverse effects that I'm aware of. I was going to give that a try, good to know there is at least 1 data point verifying that shouldn't cause any problems -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From MailScanner at ecs.soton.ac.uk Fri Oct 5 08:45:43 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Oct 5 08:46:10 2007 Subject: copy spamassassin bayes filter to new ms machine In-Reply-To: <200710050726.l957QJSQ020929@sinclaire.sibble.net> References: <200710050726.l957QJSQ020929@sinclaire.sibble.net> Message-ID: <4705EBA7.9030400@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Harondel J. Sibble wrote: > On 5 Oct 2007 at 15:45, Jeff Mills wrote: > > >> I have copied my entire bayes folder from one mailscanner machine to >> another in the past with no adverse effects that I'm aware of. >> > > I was going to give that a try, good to know there is at least 1 data point > verifying that shouldn't cause any problems > No problem at all, just copy the bayes_ files. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHBeuoEfZZRxQVtlQRAilBAJ9vnaGt2HY1Zw42ri1vipNz/OZd9gCg+hi2 cRdPaPFoh+iH5b7UudoEreM= =wJmW -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From list-mailscanner at linguaphone.com Fri Oct 5 09:09:32 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Fri Oct 5 09:09:39 2007 Subject: Anyone using MIMEDefang w/MailScanner to verify TO: address is valid In-Reply-To: <2F866896-4C56-4142-8E59-CEAC8FB5D3B7@tubafor.com> References: <2F866896-4C56-4142-8E59-CEAC8FB5D3B7@tubafor.com> Message-ID: <1191571772.12938.1.camel@gblades-suse.linguaphone-intranet.co.uk> What mail software are you using? If its Postfix you can use recipient verification. You might also want to consider using a RBL such as Spamhaus on the mail server. We do and we reject well over 75% of spam before it is accepted which reduces the load on MailScanner considerably. On Thu, 2007-10-04 at 23:51, Jeff Ramsey wrote: > I am getting over 20,000 messages every day now, and only 3-5% are not > spam. MailScanner is working great, however during the day it gets > backed up to the point that it takes over an hour to get a message in > or out. > > I was told that I could use MIMEDefang to verify that the TO: address > is actually a vaild user. I am not quite sure how I would write such a > filter. If anyone has a working mimedefang-filter for this situation, > can you please send it my way? > Jeff Ramsey > MIS Administrator > TMI Forest Products, Inc. > jefframsey@tubafor.com > 360.477.0738 > > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ______________________________________________________________________ > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Fri Oct 5 09:26:58 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Oct 5 09:27:01 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: References: <20071004003834.M18847@comp-wiz.com> <4704E5E8.8090007@ecs.soton.ac.uk> <470503E7.5090000@chime.ucl.ac.uk> <20071004180823.M74714@comp-wiz.com> <4705505E.4020802@ecs.soton.ac.uk> Message-ID: <223f97700710050126q1ab386e7wd9719762bbb7fbd5@mail.gmail.com> On 04/10/2007, Scott Silva wrote: > on 10/4/2007 1:43 PM Julian Field spake the following: > > I've just fixed his system. You wouldn't have found it in a hurry, and > > it wasn't remotely related to Perl. > Julian, you are the greatest! ... And a wise decision on Vernons part, to contract Jules...;) > > Something in his sendmail.cf was making it ignore the > > -ODeliveryMode=queueonly command line switch to sendmail, causing it to > > immediately deliver all mail sent in. And yes, I know how to stop and > > start sendmail thoroughly so don't even go there. I've never seen > > anything like it. I upgraded his sendmail and sendmail-cf rpms, touched > > /etc/mail/sendmail.mc and rebuilt sendmail.cf from it with 'cd /etc/mail > > && make'. Lo and behold, sendmail started behaving itself again. > > > > I've never seen anything like it. It's taken me the best part of an hour > > to find it. That's ?200 or $400 at my usual rates, but it was an > Boy do I feel underpaid! I usually do off hours work for the $150(?75) range. > But I do a lot of stuff for very poor non-profits like churches, and donate a > lot of the time gratis. > I think I am going to get into this MailScanner support business. The jokes > will still be free... But you get what you pay for! ;-P Glenn will probably > say I am still overcharging at free... Naah, you're just like the rest of us... Worth the pennies we get:-):-)... > > interesting problem so I've just asked him for some stuff off my wish > > list instead :-) > > > > I watched the sendmail command line go past (added a set -x to > > /etc/init.d/MailScanner so I could check it) and upped the LogLevel to > > 14 so I could get it to log its own command line, and all the switches > > were there completely as normal. It was just choosing to ignore the > > queueonly instruction completely! Upgraded sendmail and sendmail-cf, > > rebuild .cf and it started working normally. Nothing else wrong. Weird... > > > > Jules. > I had a problem like this back in the RedHat 7.3 days. I think it was back > when RedHat changed from keeping mail config files in /etc and then moved them > to /etc/mail. It could be as far back as RH 6.0. Either way, it borked real bad. Wasn't that in the switch from 6.x to 7.0? I have some vague recollections like that... Oh well, doesn't matter now:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ajcartmell at fonant.com Fri Oct 5 09:49:14 2007 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Fri Oct 5 09:49:07 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: <47055AF0.6070806@ecs.soton.ac.uk> References: <20071004003834.M18847@comp-wiz.com> <20071004110940.M22700@comp-wiz.com> <4704E5E8.8090007@ecs.soton.ac.uk> <470503E7.5090000@chime.ucl.ac.uk> <20071004180823.M74714@comp-wiz.com> <4705505E.4020802@ecs.soton.ac.uk> <47055AF0.6070806@ecs.soton.ac.uk> Message-ID: > The sendmail.mc was as shipped with FC7, except for changing the Daemon > Options to stop it only listening on localhost. So the fix was probably upgrading the sendmail rpms then, rather than fixing the .cf files? Anthony -- www.fonant.com - Quality web sites From housey at sme-ecom.co.uk Fri Oct 5 10:46:41 2007 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Fri Oct 5 10:46:56 2007 Subject: Anyone using MIMEDefang w/MailScanner to verify TO: address isvalid {Scanned by Allteks Mailsafe} In-Reply-To: <1191571772.12938.1.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: Take a look at http://www.mimedefang.org/kwiki/index.cgi?RelayCheckAddresses I used to use the script but have progressed onto the one linked of the bottom - Ray Fergusons fancy one (it uses a cache so cuts down on the amount of call outs) It works really well for me, cuts down on so much rubbish to invalid users. mimedefang was pretty straight forward to get going if you follow the install instructions. Cheers Paul > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Gareth > Sent: 05 October 2007 09:10 > To: MailScanner discussion > Subject: Re: Anyone using MIMEDefang w/MailScanner to verify TO: address > isvalid {Scanned by Allteks Mailsafe} > > > What mail software are you using? > If its Postfix you can use recipient verification. > > You might also want to consider using a RBL such as Spamhaus on the mail > server. We do and we reject well over 75% of spam before it is accepted > which reduces the load on MailScanner considerably. > > On Thu, 2007-10-04 at 23:51, Jeff Ramsey wrote: > > I am getting over 20,000 messages every day now, and only 3-5% are not > > spam. MailScanner is working great, however during the day it gets > > backed up to the point that it takes over an hour to get a message in > > or out. > > > > I was told that I could use MIMEDefang to verify that the TO: address > > is actually a vaild user. I am not quite sure how I would write such a > > filter. If anyone has a working mimedefang-filter for this situation, > > can you please send it my way? > > Jeff Ramsey > > MIS Administrator > > TMI Forest Products, Inc. > > jefframsey@tubafor.com > > 360.477.0738 > > > > > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > ______________________________________________________________________ > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > This message has been scanned by the Allteks Mailsafe Service > > > From MailScanner at ecs.soton.ac.uk Fri Oct 5 11:26:30 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Oct 5 11:26:52 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: References: <20071004003834.M18847@comp-wiz.com> <20071004110940.M22700@comp-wiz.com> <4704E5E8.8090007@ecs.soton.ac.uk> <470503E7.5090000@chime.ucl.ac.uk> <20071004180823.M74714@comp-wiz.com> <4705505E.4020802@ecs.soton.ac.uk> <47055AF0.6070806@ecs.soton.ac.uk> Message-ID: <47061156.40705@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anthony Cartmell wrote: >> The sendmail.mc was as shipped with FC7, except for changing the >> Daemon Options to stop it only listening on localhost. > > So the fix was probably upgrading the sendmail rpms then, rather than > fixing the .cf files? No, upgrading the RPM alone did not fix it, I had to rebuild the cf file too. I don't profess to understand why :-) Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: UTF-8 wj8DBQFHBhFXEfZZRxQVtlQRAjp8AKC8TQDZWNUTQHlJBUMDsh/Qih+NhgCfWg1W 4zw3q5MYiK3WLThNPvYO3pU= =OQ8y -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From prandal at herefordshire.gov.uk Fri Oct 5 11:52:18 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Oct 5 11:52:26 2007 Subject: copy spamassassin bayes filter to new ms machine In-Reply-To: <200710050528.l955S8i9020545@sinclaire.sibble.net> References: <200710050528.l955S8i9020545@sinclaire.sibble.net> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA01BEB102@HC-MBX02.herefordshire.gov.uk> I'd stop MailScanner on the source machine first before copying the files. It would also be a good point to do an sa-learn --force-expire too. You'll need to ensure that the ownership and permissions are correct after copying the files. Cheers, Phil (who's done this very successfully here not too long ago) -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Harondel J. Sibble > Sent: 05 October 2007 06:28 > To: mailscanner@lists.mailscanner.info > Subject: copy spamassassin bayes filter to new ms machine > > Is it possible to copy the spamassassin bayes corpus from a working > mailscanner/mailwatch/spamassassing system to a newer > ms/mw/sa box I setup to > jumpstart it, rather than having to start from scratch? I > figured this would > be an easy google answer, but not so far. > > The new box is much faster and we want to retire the old box, > but make use of > it's "experience". > -- > Harondel J. Sibble > Sibble Computer Consulting > Creating solutions for the small business and home computer user. > help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com > (604) 739-3709 (voice/fax) (604) 686-2253 (pager) > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From prandal at herefordshire.gov.uk Fri Oct 5 11:54:42 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Oct 5 11:54:48 2007 Subject: Anyone using MIMEDefang w/MailScanner to verify TO: address is valid In-Reply-To: <2F866896-4C56-4142-8E59-CEAC8FB5D3B7@tubafor.com> References: <2F866896-4C56-4142-8E59-CEAC8FB5D3B7@tubafor.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA01BEB106@HC-MBX02.herefordshire.gov.uk> Please tell us more about your setup. Specs of the box, what OS, etc. Do you have RBLs in your MTA, MailScanner or just in SA? Have you run sa-update recently? The completewhois RBLs were removed not long ago because of timeouts. Local caching DNS server on the same box? If not, do it now! Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeff Ramsey Sent: 04 October 2007 23:51 To: mailscanner@lists.mailscanner.info Subject: Anyone using MIMEDefang w/MailScanner to verify TO: address is valid I am getting over 20,000 messages every day now, and only 3-5% are not spam. MailScanner is working great, however during the day it gets backed up to the point that it takes over an hour to get a message in or out. I was told that I could use MIMEDefang to verify that the TO: address is actually a vaild user. I am not quite sure how I would write such a filter. If anyone has a working mimedefang-filter for this situation, can you please send it my way? Jeff Ramsey MIS Administrator TMI Forest Products, Inc. jefframsey@tubafor.com 360.477.0738 -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071005/2d903278/attachment.html From hvdkooij at vanderkooij.org Fri Oct 5 13:07:48 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Oct 5 13:08:03 2007 Subject: Anyone using MIMEDefang w/MailScanner to verify TO: address is valid In-Reply-To: <1191571772.12938.1.camel@gblades-suse.linguaphone-intranet.co.uk> References: <2F866896-4C56-4142-8E59-CEAC8FB5D3B7@tubafor.com> <1191571772.12938.1.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: On Fri, 5 Oct 2007, Gareth wrote: > What mail software are you using? > If its Postfix you can use recipient verification. > > You might also want to consider using a RBL such as Spamhaus on the mail > server. We do and we reject well over 75% of spam before it is accepted > which reduces the load on MailScanner considerably. Mind you that spamhaus will not work everywhere. Some networks are shut off due to too much traffic to spamhaus. So test this before you activate it. I added a few simple header checks to stop messages in languages I can not read. Like: # Unknown languages /^Subject: =\?koi8-r\?/ REJECT No one here reads this language! Or stop SMTP connections from end-users: /^adsl-.*$/ reject_dynamic /^dhcp-.*$/ reject_dynamic /^host-.*$/ reject_dynamic /^IGLD-.*$/ reject_dynamic /^ip-.*$/ reject_dynamic /^ppp-.*$/ reject_dynamic This may not fit everyone's need but it serves me rather well. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From hvdkooij at vanderkooij.org Fri Oct 5 13:24:31 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Oct 5 13:24:50 2007 Subject: MailScanner Broke on both Fedora Core 6 & 7 In-Reply-To: <47061156.40705@ecs.soton.ac.uk> References: <20071004003834.M18847@comp-wiz.com> <20071004110940.M22700@comp-wiz.com> <4704E5E8.8090007@ecs.soton.ac.uk> <470503E7.5090000@chime.ucl.ac.uk> <20071004180823.M74714@comp-wiz.com> <4705505E.4020802@ecs.soton.ac.uk> <47055AF0.6070806@ecs.soton.ac.uk> <47061156.40705@ecs.soton.ac.uk> Message-ID: On Fri, 5 Oct 2007, Julian Field wrote: > Anthony Cartmell wrote: >>> The sendmail.mc was as shipped with FC7, except for changing the >>> Daemon Options to stop it only listening on localhost. >> >> So the fix was probably upgrading the sendmail rpms then, rather than >> fixing the .cf files? > No, upgrading the RPM alone did not fix it, I had to rebuild the cf file > too. I don't profess to understand why :-) Can't tell for sure but it might be an issue with files be shifted around or anything. In my sendmail days I had a seperate directory with my sendmail.mc file (actually it use to be a .mc file) so I could keep track of my changes. I had quite a few tricks in there to hold of spammers and it was one of the reasons I was slow in picking up postfix. Just copy the file to a new date, add a function or remove it and compile it. Then move the .cf file in place and give sendmail a nudge to read the new config file. This 1 change, 1 version strategy is great for troubleshooting. In those days I could do quite some tricks in sendmail for which I did not see an equivelent in postfix. These days I can do quite a few tricks in postfix and it would take me some time to work out their equivelants in sendmail. If you know your MTA you can do a lot to stop SPAM from even entering your system. Header checks are expensive in postfix but not as much having to run the whole message through MailScanner, spamassassin, .... So I would advise anyone to become really good with customizing your MTA. MailScanner is a great tool. But any SPAM I can stop from completing it's SMTP connection saves me bandwidth and other resources. Can we add that slogan to the website? Treasure your MTA. It's MailScanners best friend. Right. Where were? Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From hvdkooij at vanderkooij.org Fri Oct 5 13:26:27 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Oct 5 13:26:38 2007 Subject: copy spamassassin bayes filter to new ms machine In-Reply-To: <200710050528.l955S8i9020545@sinclaire.sibble.net> References: <200710050528.l955S8i9020545@sinclaire.sibble.net> Message-ID: On Thu, 4 Oct 2007, Harondel J. Sibble wrote: > Is it possible to copy the spamassassin bayes corpus from a working > mailscanner/mailwatch/spamassassing system to a newer ms/mw/sa box I setup to > jumpstart it, rather than having to start from scratch? I figured this would > be an easy google answer, but not so far. > > The new box is much faster and we want to retire the old box, but make use of > it's "experience". Just keep in mind. What "experience" is in there? Will it still fit you needs or does it contain relative old information as well which might make it less accurate. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From hvdkooij at vanderkooij.org Fri Oct 5 13:40:39 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Oct 5 13:40:52 2007 Subject: Anyone using MIMEDefang w/MailScanner to verify TO: address is valid In-Reply-To: References: <2F866896-4C56-4142-8E59-CEAC8FB5D3B7@tubafor.com> <1191571772.12938.1.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: On Fri, 5 Oct 2007, Hugo van der Kooij wrote: > On Fri, 5 Oct 2007, Gareth wrote: > >> What mail software are you using? >> If its Postfix you can use recipient verification. >> >> You might also want to consider using a RBL such as Spamhaus on the mail >> server. We do and we reject well over 75% of spam before it is accepted >> which reduces the load on MailScanner considerably. > > Mind you that spamhaus will not work everywhere. Some networks are shut off > due to too much traffic to spamhaus. So test this before you activate it. Here is a simple receipe for testing a RBL manually. Pick your own public IP address. Say: 82.95.223.25 Pick your RBL you want to test. Say: zen.spamhaus.org Then test it with dig (you do run a caching name server on you system, don't you?): dig 25.223.95.82.zen.spamhaus.org a This should give you an answer almost instantly like: ; <<>> DiG 9.3.3rc2 <<>> 25.223.95.82.zen.spamhaus.org a ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30063 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;25.223.95.82.zen.spamhaus.org. IN A ;; AUTHORITY SECTION: zen.spamhaus.org. 461 IN SOA need.to.know.only. hostmaster.spamhaus.org. 2007100549 3600 600 432000 900 ;; Query time: 5 msec ;; SERVER: 84.244.176.5#53(84.244.176.5) ;; WHEN: Fri Oct 5 14:31:46 2007 ;; MSG SIZE rcvd: 111 If you hit a blacklisted IP your response would contain lines like: ;; QUESTION SECTION: ;187.227.153.83.zen.spamhaus.org. IN A ;; ANSWER SECTION: 187.227.153.83.zen.spamhaus.org. 1800 IN A 127.0.0.4 187.227.153.83.zen.spamhaus.org. 1800 IN A 127.0.0.11 If your reply is not there in a second you may need to fix your DNS server or you may be trying a bad RBL. OT: I have seen horrible things happen with the new 3.5 firmware on Barracuda hardware so I am rather keen on checking DNS issues manually these days on any email system. Hugo. PS: I know many of you know this already but it is always good to have this tidbit documented in the context of MailScanner for future references. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From campbell at cnpapers.com Fri Oct 5 14:09:26 2007 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Oct 5 14:10:25 2007 Subject: Anyone using MIMEDefang w/MailScanner to verify TO: address is valid In-Reply-To: <2F866896-4C56-4142-8E59-CEAC8FB5D3B7@tubafor.com> References: <2F866896-4C56-4142-8E59-CEAC8FB5D3B7@tubafor.com> Message-ID: <47063786.7000407@cnpapers.com> I use it and it works very well. I have two mailservers for a few domains. Each one acts as a gateway for it's own domain. The other acts as a secondary for the other domain. Both have the mailboxes for their respective domains. I check for a valid address with MimeDefang whenever an email comes through a secondary. The primary checks itself with Sendmail so there is no need for MD to kick in, although it's there.. I can send you the filter if this is similar to what you are wanting to do, along with a brief explanation of how it works. Steve Campbell Jeff Ramsey wrote: > I am getting over 20,000 messages every day now, and only 3-5% are not > spam. MailScanner is working great, however during the day it gets > backed up to the point that it takes over an hour to get a message in > or out. > > I was told that I could use MIMEDefang to verify that the TO: address > is actually a vaild user. I am not quite sure how I would write such a > filter. If anyone has a working mimedefang-filter for this situation, > can you please send it my way? > > Jeff Ramsey > MIS Administrator > TMI Forest Products, Inc. > jefframsey@tubafor.com > 360.477.0738 > > > > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. From wizard at jimhermann.com Sat Oct 6 04:59:29 2007 From: wizard at jimhermann.com (Jim Hermann) Date: Sat Oct 6 04:59:31 2007 Subject: SpamAssassin Rule Actions = SPF_FAIL=>notify In-Reply-To: <200710051102.l95B2E9b023547@safir.blacknight.ie> References: <200710051102.l95B2E9b023547@safir.blacknight.ie> Message-ID: <078501c807cd$4ba4a2b0$cc01a8c0@Dual> Is notify allowed in SpamAssassin Rule Actions? When I tried to use: SpamAssassin Rule Actions = SPF_FAIL=>notify The maillog reported: Oct 5 19:32:03 host MailScanner[11721]: Message l960VtZT016081 produced illegal Spam Actions " ify", so message is being delivered Jim From MailScanner at ecs.soton.ac.uk Sat Oct 6 16:33:32 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Oct 6 16:33:55 2007 Subject: SpamAssassin Rule Actions = SPF_FAIL=>notify In-Reply-To: <078501c807cd$4ba4a2b0$cc01a8c0@Dual> References: <200710051102.l95B2E9b023547@safir.blacknight.ie> <078501c807cd$4ba4a2b0$cc01a8c0@Dual> Message-ID: <4707AACC.9080406@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ooh, well spotted. I'll fix that for the next release. Jim Hermann wrote: > Is notify allowed in SpamAssassin Rule Actions? > > When I tried to use: > > SpamAssassin Rule Actions = SPF_FAIL=>notify > > The maillog reported: > > Oct 5 19:32:03 host MailScanner[11721]: Message l960VtZT016081 > produced illegal Spam Actions " ify", so message is being delivered > > > Jim > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHB6rMEfZZRxQVtlQRAmcFAJ4snIlZ64P0Q1n0qp21XQ80Uy/JxACeOe2a hVeuABrqc2Eltfl7B6IVMHY= =oMe5 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From garry at glendown.de Sat Oct 6 20:41:42 2007 From: garry at glendown.de (Garry Glendown) Date: Sat Oct 6 20:41:52 2007 Subject: Rejecting based on DNS Registrar In-Reply-To: <4704EBE5.3010602@rownetco.com> References: <4704EBE5.3010602@rownetco.com> Message-ID: <4707E4F6.6020107@glendown.de> John Rowan wrote: > With that said, a lot of spam use to be advertising garbage where the > domain name had been registered through RegisterFly. Now that > that problem was taken care of it seems like a good amount of the > advertising > junk is being registered through > COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM Sorry, but what you're thinking of doing there is a bad kind of censoring ... maybe for you there is little or no legitimate traffic coming through that registrar, but e.g. for Germany, it is a legitimate domain registrar ... automatically classifying all of a registrar's domains as spam is a bad thing ... other filters, including RBLs etc. result in a very reliable scoring (it took us a while, but at the moment I would dare to say we've reached a good 95% reliability on our systems)... If you want to, set up registrar recognition as an additional scoring input to MS, but do yourself (and your customers) a favor and do not use the registrar as a blacklist-input ... I get the feeling that many providers seem to go a bit overboard with their antispam-activities, taking the easy road of over-blocking stuff, instead of taking technological thought-through steps ... causing headaches for other providers that are forced to jump through all kind of hoops (including giving up RFC-conform features in order not to get blacklisted ...) -gg -- They who would give up an essential liberty for temporary security, neiter deserve nor receives either -- B.Franklin From hvdkooij at vanderkooij.org Sat Oct 6 22:44:02 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Oct 6 22:44:21 2007 Subject: OT: Stopping hotmail relayers Message-ID: <470801A2.3000202@vanderkooij.org> Hi, I have noticed that quite a bit of SPAM arrives through hotmail. I have tested it in the past it takes about 30 seconds to get a fake account through an anonymous proxy. After that one can safely SPAM as much as you like. If I shutdown hotmail alltogether there will be a bit of a riot. I noticed that hotmail transfers the original IP address in the header: X-Originating-IP Has anyone thought of a way to stop messages on the MTA (postfix) level based on the IP address of this header? Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. From masoumeh at ipm.ir Sun Oct 7 08:19:00 2007 From: masoumeh at ipm.ir (Masoumeh Izadi) Date: Sun Oct 7 08:20:10 2007 Subject: MailScanner quarantine my healthy file Message-ID: <20071007071344.M11704@ipm.ir> Hi; I use MailScanner on Fedora6 with sendmail for mail server. Yesterday I was waiting to receive an important email with an attachment.unfortunately they send it as zip attachment and MailScanner quarantine it. now I want to restore it, but I didn't know how? In /var/spool/MailScanner/quarantine/20071006/ID of messages thereis no zip file.It a file that its name is message. Any suggestions? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From nauman at worldcall.net.pk Sun Oct 7 11:40:29 2007 From: nauman at worldcall.net.pk (Muhammad Nauman) Date: Sun Oct 7 11:40:48 2007 Subject: Problem installing on CentOS 5 Message-ID: <026a01c808ce$7bd040f0$23c051cb@noc> Dear All, I have justed installed a fresh machine with CENT OS 5. I just did - updatedb - and download the MailScanner. I m using the Built - IN sendmail and its working fine . When i started the MailScanner Setup - it responded like this : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [root@MailScanner-4.64.3-2]# ./install.sh Good. You have the patch command. Your /usr/src/redhat, /usr/src/RPM or /usr/src/packages tree is missing. If you have access to an RPM called rpm-build or rpmbuild then install it first and come back and try again. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Any Help in this regard will be NICE. Thanks and Regards, M.Nauman Habib -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071007/70907615/attachment.html From raymond at prolocation.net Sun Oct 7 11:53:17 2007 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Sun Oct 7 11:53:17 2007 Subject: Problem installing on CentOS 5 In-Reply-To: <026a01c808ce$7bd040f0$23c051cb@noc> References: <026a01c808ce$7bd040f0$23c051cb@noc> Message-ID: Hi! > When i started the MailScanner Setup - it responded like this : > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > [root@MailScanner-4.64.3-2]# ./install.sh > > > Good. You have the patch command. > > Your /usr/src/redhat, /usr/src/RPM or /usr/src/packages > tree is missing. > If you have access to an RPM called rpm-build or rpmbuild > then install it first and come back and try again. > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > Any Help in this regard will be NICE. Well, do what it is suggesting, install those tools. 'yum -y install rpm-build rpmbuild' Bye, Raymond. From prandal at herefordshire.gov.uk Sun Oct 7 11:55:21 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Sun Oct 7 11:55:29 2007 Subject: Problem installing on CentOS 5 In-Reply-To: <026a01c808ce$7bd040f0$23c051cb@noc> References: <026a01c808ce$7bd040f0$23c051cb@noc> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03CF0D@HC-MBX02.herefordshire.gov.uk> Try yum install rpm-build and see if that helps. Works fine on CentOS 5 here. Phil ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Muhammad Nauman Sent: 07 October 2007 11:40 To: MailScanner discussion Subject: Problem installing on CentOS 5 Dear All, I have justed installed a fresh machine with CENT OS 5. I just did - updatedb - and download the MailScanner. I m using the Built - IN sendmail and its working fine . When i started the MailScanner Setup - it responded like this : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [root@MailScanner-4.64.3-2]# ./install.sh Good. You have the patch command. Your /usr/src/redhat, /usr/src/RPM or /usr/src/packages tree is missing. If you have access to an RPM called rpm-build or rpmbuild then install it first and come back and try again. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Any Help in this regard will be NICE. Thanks and Regards, M.Nauman Habib -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071007/803cf3e6/attachment.html From root at doctor.nl2k.ab.ca Sun Oct 7 12:18:40 2007 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Sun Oct 7 12:25:37 2007 Subject: [root@doctor.nl2k.ab.ca: Cron /opt/MailScanner/bin/update_phishing_sites] Message-ID: <20071007111838.GA27410@doctor.nl2k.ab.ca> What is going on below? Running 4.65.1-1 . ----- Forwarded message from Cron Daemon ----- X-NetKnow-InComing-4.65.1-1-MailScanner-Watermark: 1192158211.25923@n1YzugFczFXjpplg4qUtVA X-Spam-Filter: check_local@doctor.nl2k.ab.ca by digitalanswers.org Date: Sat, 6 Oct 2007 20:37:02 -0600 (MDT) From: Cron Daemon To: root@doctor.nl2k.ab.ca Subject: Cron /opt/MailScanner/bin/update_phishing_sites X-Cron-Env: X-Cron-Env: X-Cron-Env: X-Cron-Env: X-Cron-Env: X-NetKnow-InComing-4.65.1-1-MailScanner-Information: Please contact the ISP for more information X-NetKnow-InComing-4.65.1-1-MailScanner: Found to be clean X-NetKnow-InComing-4.65.1-1-MailScanner-From: root@doctor.nl2k.ab.ca X-Spam-Status: No --20:37:02-- http://www.mailscanner.info/phishing.safe.sites.conf.master => `phishing.safe.sites.conf.master' Connecting to www.mailscanner.info:80... connect: Operation timed out Retrying. --20:38:18-- http://www.mailscanner.info/phishing.safe.sites.conf.master (try: 2) => `phishing.safe.sites.conf.master' Connecting to www.mailscanner.info:80... connect: Operation timed out Retrying. --20:39:33-- http://www.mailscanner.info/phishing.safe.sites.conf.master (try: 3) => `phishing.safe.sites.conf.master' Connecting to www.mailscanner.info:80... connect: Operation timed out Retrying. --20:40:48-- http://www.mailscanner.info/phishing.safe.sites.conf.master (try: 4) => `phishing.safe.sites.conf.master' Connecting to www.mailscanner.info:80... connect: Operation timed out Retrying. --20:42:03-- http://www.mailscanner.info/phishing.safe.sites.conf.master (try: 5) => `phishing.safe.sites.conf.master' Connecting to www.mailscanner.info:80... connect: Operation timed out Retrying. --20:43:18-- http://www.mailscanner.info/phishing.safe.sites.conf.master (try: 6) => `phishing.safe.sites.conf.master' Connecting to www.mailscanner.info:80... connect: Operation timed out Retrying. --20:44:33-- http://www.mailscanner.info/phishing.safe.sites.conf.master (try: 7) => `phishing.safe.sites.conf.master' Connecting to www.mailscanner.info:80... connect: Operation timed out Retrying. --20:45:48-- http://www.mailscanner.info/phishing.safe.sites.conf.master (try: 8) => `phishing.safe.sites.conf.master' Connecting to www.mailscanner.info:80... connect: Operation timed out Retrying. --20:47:03-- http://www.mailscanner.info/phishing.safe.sites.conf.master (try: 9) => `phishing.safe.sites.conf.master' Connecting to www.mailscanner.info:80... connect: Operation timed out Retrying. --20:48:18-- http://www.mailscanner.info/phishing.safe.sites.conf.master (try:10) => `phishing.safe.sites.conf.master' Connecting to www.mailscanner.info:80... connect: Operation timed out Retrying. --20:49:33-- http://www.mailscanner.info/phishing.safe.sites.conf.master (try:11) => `phishing.safe.sites.conf.master' Connecting to www.mailscanner.info:80... connect: Operation timed out Retrying. --20:50:48-- http://www.mailscanner.info/phishing.safe.sites.conf.master (try:12) => `phishing.safe.sites.conf.master' Connecting to www.mailscanner.info:80... connect: Operation timed out Retrying. --20:52:03-- http://www.mailscanner.info/phishing.safe.sites.conf.master (try:13) => `phishing.safe.sites.conf.master' Connecting to www.mailscanner.info:80... connect: Operation timed out Retrying. --20:53:18-- http://www.mailscanner.info/phishing.safe.sites.conf.master (try:14) => `phishing.safe.sites.conf.master' Connecting to www.mailscanner.info:80... connect: Operation timed out Retrying. --20:54:33-- http://www.mailscanner.info/phishing.safe.sites.conf.master (try:15) => `phishing.safe.sites.conf.master' Connecting to www.mailscanner.info:80... connect: Operation timed out Retrying. --20:55:49-- http://www.mailscanner.info/phishing.safe.sites.conf.master (try:16) => `phishing.safe.sites.conf.master' Connecting to www.mailscanner.info:80... connect: Operation timed out Retrying. --20:57:04-- http://www.mailscanner.info/phishing.safe.sites.conf.master (try:17) => `phishing.safe.sites.conf.master' Connecting to www.mailscanner.info:80... connect: Operation timed out Retrying. --20:58:19-- http://www.mailscanner.info/phishing.safe.sites.conf.master (try:18) => `phishing.safe.sites.conf.master' Connecting to www.mailscanner.info:80... connect: Operation timed out Retrying. --20:59:34-- http://www.mailscanner.info/phishing.safe.sites.conf.master (try:19) => `phishing.safe.sites.conf.master' Connecting to www.mailscanner.info:80... connect: Operation timed out Retrying. --21:00:49-- http://www.mailscanner.info/phishing.safe.sites.conf.master (try:20) => `phishing.safe.sites.conf.master' Connecting to www.mailscanner.info:80... connect: Operation timed out Giving up. curl: (7) couldn't connect to host Cannot find wget or curl to do phishing sites update. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ----- End forwarded message ----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From raymond at prolocation.net Sun Oct 7 12:54:28 2007 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Sun Oct 7 12:54:29 2007 Subject: [root@doctor.nl2k.ab.ca: Cron /opt/MailScanner/bin/update_phishing_sites] In-Reply-To: <20071007111838.GA27410@doctor.nl2k.ab.ca> References: <20071007111838.GA27410@doctor.nl2k.ab.ca> Message-ID: Hi! > > --20:37:02-- http://www.mailscanner.info/phishing.safe.sites.conf.master > => `phishing.safe.sites.conf.master' > Connecting to www.mailscanner.info:80... > connect: Operation timed out > Retrying. > > --20:38:18-- http://www.mailscanner.info/phishing.safe.sites.conf.master > (try: 2) => `phishing.safe.sites.conf.master' > Connecting to www.mailscanner.info:80... > connect: Operation timed out > Retrying. Only you can tell i guess. Firewall or routing issue. Do a mtr trace an show where it stops. Bye, Raymond. From list-mailscanner at linguaphone.com Sun Oct 7 15:12:35 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Sun Oct 7 15:12:38 2007 Subject: Stopping hotmail relayers In-Reply-To: <470801A2.3000202@vanderkooij.org> Message-ID: I use rbldnsd I configure Postfix to use it. I then create by own private rbl file. You could also use my autoblock script to block IPs which are sending only spam. http://www.gbnetwork.co.uk/mailscanner/mailwatch2rbl/ > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Hugo van > der Kooij > Sent: 06 October 2007 22:44 > To: MailScanner Mailinglist > Subject: OT: Stopping hotmail relayers > > > Hi, > > I have noticed that quite a bit of SPAM arrives through hotmail. I have > tested it in the past it takes about 30 seconds to get a fake account > through an anonymous proxy. After that one can safely SPAM as much as > you like. > > If I shutdown hotmail alltogether there will be a bit of a riot. I > noticed that hotmail transfers the original IP address in the header: > X-Originating-IP > > Has anyone thought of a way to stop messages on the MTA (postfix) level > based on the IP address of this header? > > Hugo. > > -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > Don't meddle in the affairs of sysadmins, > for they are subtle and quick to anger. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From Jason at SYO.Com Sun Oct 7 15:19:33 2007 From: Jason at SYO.Com (Jason Gottschalk) Date: Sun Oct 7 15:15:47 2007 Subject: Can't figure out why we are getting so much spam. Message-ID: <1257432678.20071007101933@SYO.Com> Hello mailscanner, The amount of spam we are getting has really grown in the last few weeks, from 2 or 3 per day to dozens per hour. Any help would be appreciated. Here is an example: (and it certainly is NOT in my whitelist!:) Return-path: Envelope-to: jason@syo.com Delivery-date: Sun, 07 Oct 2007 09:35:15 -0400 Received: from [86.75.171.147] (helo=147.171.75-86.rev.gaoland.net) by sabrina.syo.com with esmtp (Exim 4.66) (envelope-from ) id 1IeWHm-00086o-1K for jason@syo.com; Sun, 07 Oct 2007 09:35:10 -0400 Date: Sun, 07 Oct 2007 06:04:53 -0200 From: "Jacob E. Henry" X-Mailer: Internet Mail Service (5.5.2650.21) X-Priority: 3 Message-ID: <652352516118.20071007060453566120153@starmobilesound.net> To: jason@syo.com Subject: Bright side MIME-Version: 1.0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit X-SYO-MailScanner-Information: Please contact the SYO for more information X-SYO-MailScanner: Found to be clean X-SYO-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (not cached, score=34.194, required 3, autolearn=spam, BAYES_95 3.00, DATE_IN_PAST_03_06 0.04, FORGED_IMS_HTML 2.26, FORGED_IMS_TAGS 2.32, FORGED_MUA_IMS 0.45, HELO_DYNAMIC_IPADDR2 4.39, HELO_DYNAMIC_SPLIT_IP 3.49, HS_INDEX_PARAM 0.00, HTML_MESSAGE 0.00, MIME_HTML_ONLY 1.46, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_BL_SPAMCOP_NET 1.96, RCVD_IN_PBL 0.91, RCVD_IN_SORBS_DUL 0.88, SPF_SOFTFAIL 0.60, URIBL_BLACK 1.96, URIBL_JP_SURBL 1.50, URIBL_OB_SURBL 1.50, URIBL_SBL 1.50, URIBL_SC_SURBL 0.47, URIBL_WS_SURBL 1.50) X-SYO-MailScanner-From: jason@syo.com -- Best regards, Jason Gottschalk mailto:Jason@SYO.Com SYO Computer Engineering Services, Inc. SYO - Servicing Your Organization 586-286-2557 From uxbod at splatnix.net Sun Oct 7 15:21:13 2007 From: uxbod at splatnix.net (UxBoD) Date: Sun Oct 7 15:30:19 2007 Subject: Can't figure out why we are getting so much spam. In-Reply-To: <1257432678.20071007101933@SYO.Com> Message-ID: <25707289.61191766873313.JavaMail.root@office.splatnix.net> Hi, You have scored that email over 30 points, so what help do you require ? If you want to reduce the number at the MTA then you could always look at implementing the RBLs directly from Exim, or look at other methods like greylisting. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Jason Gottschalk" To: mailscanner@lists.mailscanner.info Sent: Sunday, October 7, 2007 2:19:33 PM (GMT) Africa/Casablanca Subject: Can't figure out why we are getting so much spam. Hello mailscanner, The amount of spam we are getting has really grown in the last few weeks, from 2 or 3 per day to dozens per hour. Any help would be appreciated. Here is an example: (and it certainly is NOT in my whitelist!:) Return-path: Envelope-to: jason@syo.com Delivery-date: Sun, 07 Oct 2007 09:35:15 -0400 Received: from [86.75.171.147] (helo=147.171.75-86.rev.gaoland.net) by sabrina.syo.com with esmtp (Exim 4.66) (envelope-from ) id 1IeWHm-00086o-1K for jason@syo.com; Sun, 07 Oct 2007 09:35:10 -0400 Date: Sun, 07 Oct 2007 06:04:53 -0200 From: "Jacob E. Henry" X-Mailer: Internet Mail Service (5.5.2650.21) X-Priority: 3 Message-ID: <652352516118.20071007060453566120153@starmobilesound.net> To: jason@syo.com Subject: Bright side MIME-Version: 1.0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit X-SYO-MailScanner-Information: Please contact the SYO for more information X-SYO-MailScanner: Found to be clean X-SYO-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (not cached, score=34.194, required 3, autolearn=spam, BAYES_95 3.00, DATE_IN_PAST_03_06 0.04, FORGED_IMS_HTML 2.26, FORGED_IMS_TAGS 2.32, FORGED_MUA_IMS 0.45, HELO_DYNAMIC_IPADDR2 4.39, HELO_DYNAMIC_SPLIT_IP 3.49, HS_INDEX_PARAM 0.00, HTML_MESSAGE 0.00, MIME_HTML_ONLY 1.46, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_BL_SPAMCOP_NET 1.96, RCVD_IN_PBL 0.91, RCVD_IN_SORBS_DUL 0.88, SPF_SOFTFAIL 0.60, URIBL_BLACK 1.96, URIBL_JP_SURBL 1.50, URIBL_OB_SURBL 1.50, URIBL_SBL 1.50, URIBL_SC_SURBL 0.47, URIBL_WS_SURBL 1.50) X-SYO-MailScanner-From: jason@syo.com -- Best regards, Jason Gottschalk mailto:Jason@SYO.Com SYO Computer Engineering Services, Inc. SYO - Servicing Your Organization 586-286-2557 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From list-mailscanner at linguaphone.com Sun Oct 7 15:38:59 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Sun Oct 7 15:39:04 2007 Subject: Can't figure out why we are getting so much spam. In-Reply-To: <25707289.61191766873313.JavaMail.root@office.splatnix.net> Message-ID: > X-SYO-MailScanner-SpamCheck: not spam (whitelisted) Somthing is making Mailscanner think the mail is whitelisted. Yu could try stopping mailscanner and then running it manually in debug mode and it should tell you why it was whitelisted. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of UxBoD > Sent: 07 October 2007 15:21 > To: MailScanner discussion > Subject: Re: Can't figure out why we are getting so much spam. > > > Hi, > > You have scored that email over 30 points, so what help do you > require ? If you want to reduce the number at the MTA then you > could always look at implementing the RBLs directly from Exim, or > look at other methods like greylisting. > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > From: "Jason Gottschalk" > To: mailscanner@lists.mailscanner.info > Sent: Sunday, October 7, 2007 2:19:33 PM (GMT) Africa/Casablanca > Subject: Can't figure out why we are getting so much spam. > > Hello mailscanner, > > > The amount of spam we are getting has really grown in the last few > weeks, from 2 or 3 per day to dozens per hour. > > Any help would be appreciated. > > Here is an example: (and it certainly is NOT in my whitelist!:) > > Return-path: > Envelope-to: jason@syo.com > Delivery-date: Sun, 07 Oct 2007 09:35:15 -0400 > Received: from [86.75.171.147] (helo=147.171.75-86.rev.gaoland.net) > by sabrina.syo.com with esmtp (Exim 4.66) > (envelope-from ) > id 1IeWHm-00086o-1K > for jason@syo.com; Sun, 07 Oct 2007 09:35:10 -0400 > Date: Sun, 07 Oct 2007 06:04:53 -0200 > From: "Jacob E. Henry" > X-Mailer: Internet Mail Service (5.5.2650.21) > X-Priority: 3 > Message-ID: <652352516118.20071007060453566120153@starmobilesound.net> > To: jason@syo.com > Subject: Bright side > MIME-Version: 1.0 > Content-Type: text/html; charset=UTF-8 > Content-Transfer-Encoding: 7bit > X-SYO-MailScanner-Information: Please contact the SYO for more information > X-SYO-MailScanner: Found to be clean > X-SYO-MailScanner-SpamCheck: not spam (whitelisted), > SpamAssassin (not cached, score=34.194, required 3, > autolearn=spam, > BAYES_95 3.00, DATE_IN_PAST_03_06 0.04, FORGED_IMS_HTML 2.26, > FORGED_IMS_TAGS 2.32, FORGED_MUA_IMS 0.45, > HELO_DYNAMIC_IPADDR2 4.39, > HELO_DYNAMIC_SPLIT_IP 3.49, HS_INDEX_PARAM 0.00, > HTML_MESSAGE 0.00, > MIME_HTML_ONLY 1.46, RAZOR2_CF_RANGE_51_100 0.50, > RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CF_RANGE_E8_51_100 1.50, > RAZOR2_CHECK 0.50, RCVD_IN_BL_SPAMCOP_NET 1.96, RCVD_IN_PBL 0.91, > RCVD_IN_SORBS_DUL 0.88, SPF_SOFTFAIL 0.60, URIBL_BLACK 1.96, > URIBL_JP_SURBL 1.50, URIBL_OB_SURBL 1.50, URIBL_SBL 1.50, > URIBL_SC_SURBL 0.47, URIBL_WS_SURBL 1.50) > X-SYO-MailScanner-From: jason@syo.com > > > > > -- > > Best regards, > > Jason Gottschalk mailto:Jason@SYO.Com > SYO Computer Engineering Services, Inc. > SYO - Servicing Your Organization > 586-286-2557 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From uxbod at splatnix.net Sun Oct 7 15:46:55 2007 From: uxbod at splatnix.net (UxBoD) Date: Sun Oct 7 15:55:55 2007 Subject: Can't figure out why we are getting so much spam. In-Reply-To: Message-ID: <31004708.91191768415452.JavaMail.root@office.splatnix.net> Doh! Missed that ;) Are you using MailWatch at all with the SQL based whitelisting ? or using the text based rules ? Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Gareth" To: "MailScanner discussion" Sent: Sunday, October 7, 2007 2:38:59 PM (GMT) Africa/Casablanca Subject: RE: Can't figure out why we are getting so much spam. > X-SYO-MailScanner-SpamCheck: not spam (whitelisted) Somthing is making Mailscanner think the mail is whitelisted. Yu could try stopping mailscanner and then running it manually in debug mode and it should tell you why it was whitelisted. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of UxBoD > Sent: 07 October 2007 15:21 > To: MailScanner discussion > Subject: Re: Can't figure out why we are getting so much spam. > > > Hi, > > You have scored that email over 30 points, so what help do you > require ? If you want to reduce the number at the MTA then you > could always look at implementing the RBLs directly from Exim, or > look at other methods like greylisting. > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > From: "Jason Gottschalk" > To: mailscanner@lists.mailscanner.info > Sent: Sunday, October 7, 2007 2:19:33 PM (GMT) Africa/Casablanca > Subject: Can't figure out why we are getting so much spam. > > Hello mailscanner, > > > The amount of spam we are getting has really grown in the last few > weeks, from 2 or 3 per day to dozens per hour. > > Any help would be appreciated. > > Here is an example: (and it certainly is NOT in my whitelist!:) > > Return-path: > Envelope-to: jason@syo.com > Delivery-date: Sun, 07 Oct 2007 09:35:15 -0400 > Received: from [86.75.171.147] (helo=147.171.75-86.rev.gaoland.net) > by sabrina.syo.com with esmtp (Exim 4.66) > (envelope-from ) > id 1IeWHm-00086o-1K > for jason@syo.com; Sun, 07 Oct 2007 09:35:10 -0400 > Date: Sun, 07 Oct 2007 06:04:53 -0200 > From: "Jacob E. Henry" > X-Mailer: Internet Mail Service (5.5.2650.21) > X-Priority: 3 > Message-ID: <652352516118.20071007060453566120153@starmobilesound.net> > To: jason@syo.com > Subject: Bright side > MIME-Version: 1.0 > Content-Type: text/html; charset=UTF-8 > Content-Transfer-Encoding: 7bit > X-SYO-MailScanner-Information: Please contact the SYO for more information > X-SYO-MailScanner: Found to be clean > X-SYO-MailScanner-SpamCheck: not spam (whitelisted), > SpamAssassin (not cached, score=34.194, required 3, > autolearn=spam, > BAYES_95 3.00, DATE_IN_PAST_03_06 0.04, FORGED_IMS_HTML 2.26, > FORGED_IMS_TAGS 2.32, FORGED_MUA_IMS 0.45, > HELO_DYNAMIC_IPADDR2 4.39, > HELO_DYNAMIC_SPLIT_IP 3.49, HS_INDEX_PARAM 0.00, > HTML_MESSAGE 0.00, > MIME_HTML_ONLY 1.46, RAZOR2_CF_RANGE_51_100 0.50, > RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CF_RANGE_E8_51_100 1.50, > RAZOR2_CHECK 0.50, RCVD_IN_BL_SPAMCOP_NET 1.96, RCVD_IN_PBL 0.91, > RCVD_IN_SORBS_DUL 0.88, SPF_SOFTFAIL 0.60, URIBL_BLACK 1.96, > URIBL_JP_SURBL 1.50, URIBL_OB_SURBL 1.50, URIBL_SBL 1.50, > URIBL_SC_SURBL 0.47, URIBL_WS_SURBL 1.50) > X-SYO-MailScanner-From: jason@syo.com > > > > > -- > > Best regards, > > Jason Gottschalk mailto:Jason@SYO.Com > SYO Computer Engineering Services, Inc. > SYO - Servicing Your Organization > 586-286-2557 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Sun Oct 7 17:23:27 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Oct 7 17:23:44 2007 Subject: Problem installing on CentOS 5 In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA03CF0D@HC-MBX02.herefordshire.gov.uk> References: <026a01c808ce$7bd040f0$23c051cb@noc> <7EF0EE5CB3B263488C8C18823239BEBA03CF0D@HC-MBX02.herefordshire.gov.uk> Message-ID: <470907FF.9090609@nkpanama.com> Randal, Phil wrote: > > Try > > > > yum install rpm-build > > > > and see if that helps. > > > > Works fine on CentOS 5 here. > That's one of the first things I do since CentOS 5 came out. Other things you might consider include adding the repo from http://dag.wieers.com/ to your collection, since there are a few things you might need that otherwise are more difficult to get. > > > > Phil > > > > ------------------------------------------------------------------------ > > *From:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Muhammad Nauman > *Sent:* 07 October 2007 11:40 > *To:* MailScanner discussion > *Subject:* Problem installing on CentOS 5 > > > > **Dear All, ** > > > > **I have justed installed a fresh machine with CENT OS 5.** > > > > **I just did - updatedb - and download the MailScanner.** > > > > **I m using the Built - IN sendmail and its working fine .** > > * > When i started the MailScanner Setup - it responded like this : * > > **~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~** > > > > **[root@MailScanner-4.64.3-2]# ./install.sh** > > > > > **Good. You have the patch command.** > > > > **Your /usr/src/redhat, /usr/src/RPM or /usr/src/packages*** > **tree is missing.** > **If you have access to an RPM called rpm-build or rpmbuild** > **then install it first and come back and try again.*** > > **~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~** > > > > **Any Help in this regard will be NICE.** > > > > > > //Thanks and Regards,/// > // // > //M.Nauman Habib/// > From MailScanner at ecs.soton.ac.uk Sun Oct 7 18:01:05 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Oct 7 18:02:18 2007 Subject: Problem installing on CentOS 5 In-Reply-To: <470907FF.9090609@nkpanama.com> References: <026a01c808ce$7bd040f0$23c051cb@noc> <7EF0EE5CB3B263488C8C18823239BEBA03CF0D@HC-MBX02.herefordshire.gov.uk> <470907FF.9090609@nkpanama.com> Message-ID: <470910D1.7020508@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Neuman van der Hans wrote: > Randal, Phil wrote: >> >> Try >> >> >> >> yum install rpm-build >> >> >> >> and see if that helps. >> >> >> >> Works fine on CentOS 5 here. >> > That's one of the first things I do since CentOS 5 came out. Other > things you might consider include adding the repo from > http://dag.wieers.com/ to your collection, since there are a few > things you might need that otherwise are more difficult to get. You can do this by fetching the latest version of the RPM for el5 from dab.wieers.com/rpm/packages/rpmforge-release. Install it with "rpm - -Uvh rpmforge*rpm" once you have downloaded it. Then "yum search" and "yum install" will be able to do a whole lot more! MailScanner will need the development tools to install. You can do this with yum installgroup "Development Tools", or some command like that. But hopefully you installed the development tools when you installed CentOS5 in the first place. >> >> >> >> Phil >> >> >> >> ------------------------------------------------------------------------ >> >> >> >> *From:* mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of >> *Muhammad Nauman *Sent:* 07 October 2007 11:40 *To:* MailScanner >> discussion *Subject:* Problem installing on CentOS 5 >> >> >> >> **Dear All, ** >> >> >> >> **I have justed installed a fresh machine with CENT OS 5.** >> >> >> >> **I just did - updatedb - and download the MailScanner.** >> >> >> >> **I m using the Built - IN sendmail and its working fine .** >> >> * When i started the MailScanner Setup - it responded like this : >> * >> >> **~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~** >> >> >> >> **[root@MailScanner-4.64.3-2]# ./install.sh** >> >> >> >> >> **Good. You have the patch command.** >> >> >> >> **Your /usr/src/redhat, /usr/src/RPM or /usr/src/packages*** >> **tree is missing.** **If you have access to an RPM called >> rpm-build or rpmbuild** **then install it first and come back and >> try again.*** >> >> **~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~** >> >> >> >> **Any Help in this regard will be NICE.** >> >> >> >> >> >> //Thanks and Regards,/// // // //M.Nauman Habib/// >> > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHCRDQEfZZRxQVtlQRAomxAKCmDovzV/MRUawG0MI9WRFnykbb5wCg19Tw Z3Qsuuxjx9YBYkjGzkVK72Y= =ylUS -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From Jason at SYO.Com Sun Oct 7 18:05:59 2007 From: Jason at SYO.Com (Jason Gottschalk) Date: Sun Oct 7 18:02:25 2007 Subject: Can't figure out why we are getting so much spam. In-Reply-To: <31004708.91191768415452.JavaMail.root@office.splatnix.net> References: <31004708.91191768415452.JavaMail.root@office.splatnix.net> Message-ID: <862792542.20071007130559@SYO.Com> Hello UxBoD, Mailwatch with sql based whitelisting..... Sunday, October 7, 2007, 10:46:55 AM, you wrote: UxBoD> Doh! Missed that UxBoD> Are you using MailWatch at all with the SQL based whitelisting UxBoD> ? or using the text based rules ? UxBoD> Regards, UxBoD> --[ UxBoD ]-- UxBoD> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" UxBoD> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B UxBoD> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B UxBoD> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net UxBoD> ----- Original Message ----- UxBoD> From: "Gareth" UxBoD> To: "MailScanner discussion" UxBoD> Sent: Sunday, October 7, 2007 2:38:59 PM (GMT) Africa/Casablanca UxBoD> Subject: RE: Can't figure out why we are getting so much spam. >> X-SYO-MailScanner-SpamCheck: not spam (whitelisted) UxBoD> Somthing is making Mailscanner think the mail is whitelisted. UxBoD> Yu could try stopping mailscanner and then running it manually UxBoD> in debug mode and it should tell you why it was whitelisted. >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of UxBoD >> Sent: 07 October 2007 15:21 >> To: MailScanner discussion >> Subject: Re: Can't figure out why we are getting so much spam. >> >> >> Hi, >> >> You have scored that email over 30 points, so what help do you >> require ? If you want to reduce the number at the MTA then you >> could always look at implementing the RBLs directly from Exim, or >> look at other methods like greylisting. >> >> Regards, >> >> --[ UxBoD ]-- >> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" >> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B >> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B >> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net >> >> ----- Original Message ----- >> From: "Jason Gottschalk" >> To: mailscanner@lists.mailscanner.info >> Sent: Sunday, October 7, 2007 2:19:33 PM (GMT) Africa/Casablanca >> Subject: Can't figure out why we are getting so much spam. >> >> Hello mailscanner, >> >> >> The amount of spam we are getting has really grown in the last few >> weeks, from 2 or 3 per day to dozens per hour. >> >> Any help would be appreciated. >> >> Here is an example: (and it certainly is NOT in my whitelist!:) >> >> Return-path: >> Envelope-to: jason@syo.com >> Delivery-date: Sun, 07 Oct 2007 09:35:15 -0400 >> Received: from [86.75.171.147] (helo=147.171.75-86.rev.gaoland.net) >> by sabrina.syo.com with esmtp (Exim 4.66) >> (envelope-from ) >> id 1IeWHm-00086o-1K >> for jason@syo.com; Sun, 07 Oct 2007 09:35:10 -0400 >> Date: Sun, 07 Oct 2007 06:04:53 -0200 >> From: "Jacob E. Henry" >> X-Mailer: Internet Mail Service (5.5.2650.21) >> X-Priority: 3 >> Message-ID: <652352516118.20071007060453566120153@starmobilesound.net> >> To: jason@syo.com >> Subject: Bright side >> MIME-Version: 1.0 >> Content-Type: text/html; charset=UTF-8 >> Content-Transfer-Encoding: 7bit >> X-SYO-MailScanner-Information: Please contact the SYO for more information >> X-SYO-MailScanner: Found to be clean >> X-SYO-MailScanner-SpamCheck: not spam (whitelisted), >> SpamAssassin (not cached, score=34.194, required 3, >> autolearn=spam, >> BAYES_95 3.00, DATE_IN_PAST_03_06 0.04, FORGED_IMS_HTML 2.26, >> FORGED_IMS_TAGS 2.32, FORGED_MUA_IMS 0.45, >> HELO_DYNAMIC_IPADDR2 4.39, >> HELO_DYNAMIC_SPLIT_IP 3.49, HS_INDEX_PARAM 0.00, >> HTML_MESSAGE 0.00, >> MIME_HTML_ONLY 1.46, RAZOR2_CF_RANGE_51_100 0.50, >> RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CF_RANGE_E8_51_100 1.50, >> RAZOR2_CHECK 0.50, RCVD_IN_BL_SPAMCOP_NET 1.96, RCVD_IN_PBL 0.91, >> RCVD_IN_SORBS_DUL 0.88, SPF_SOFTFAIL 0.60, URIBL_BLACK 1.96, >> URIBL_JP_SURBL 1.50, URIBL_OB_SURBL 1.50, URIBL_SBL 1.50, >> URIBL_SC_SURBL 0.47, URIBL_WS_SURBL 1.50) >> X-SYO-MailScanner-From: jason@syo.com >> >> >> >> >> -- >> >> Best regards, >> >> Jason Gottschalk mailto:Jason@SYO.Com >> SYO Computer Engineering Services, Inc. >> SYO - Servicing Your Organization >> 586-286-2557 >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> UxBoD> -- UxBoD> MailScanner mailing list UxBoD> mailscanner@lists.mailscanner.info UxBoD> http://lists.mailscanner.info/mailman/listinfo/mailscanner UxBoD> Before posting, read http://wiki.mailscanner.info/posting UxBoD> Support MailScanner development - buy the book off the website! UxBoD> -- UxBoD> This message has been scanned for viruses and UxBoD> dangerous content by MailScanner, and is UxBoD> believed to be clean. UxBoD> -- UxBoD> This message has been scanned for viruses and UxBoD> dangerous content by MailScanner, and is UxBoD> believed to be clean. -- Best regards, Jason Gottschalk mailto:Jason@SYO.Com SYO Computer Engineering Services, Inc. 586-286-2557 From Jason at SYO.Com Sun Oct 7 18:11:18 2007 From: Jason at SYO.Com (Jason Gottschalk) Date: Sun Oct 7 18:07:31 2007 Subject: Can't figure out why we are getting so much spam. In-Reply-To: <31004708.91191768415452.JavaMail.root@office.splatnix.net> References: <31004708.91191768415452.JavaMail.root@office.splatnix.net> Message-ID: <1992621816.20071007131118@SYO.Com> Hello UxBoD, Okay, maybe not sql whitelisting. It appears to be text file whitelisting and the whitelist db in sql is empty. I'm glad you missed the whitelisted part originally, I thought, for a moment, that you were mean! :) I also, noticed in another spam that seems to be out of control, that there are two FROM: lines in the header, one is the sender of the message and the other is me, could this be what is causing it to come through too? Sunday, October 7, 2007, 10:46:55 AM, you wrote: UxBoD> Doh! Missed that UxBoD> Are you using MailWatch at all with the SQL based whitelisting UxBoD> ? or using the text based rules ? UxBoD> Regards, UxBoD> --[ UxBoD ]-- UxBoD> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" UxBoD> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B UxBoD> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B UxBoD> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net UxBoD> ----- Original Message ----- UxBoD> From: "Gareth" UxBoD> To: "MailScanner discussion" UxBoD> Sent: Sunday, October 7, 2007 2:38:59 PM (GMT) Africa/Casablanca UxBoD> Subject: RE: Can't figure out why we are getting so much spam. >> X-SYO-MailScanner-SpamCheck: not spam (whitelisted) UxBoD> Somthing is making Mailscanner think the mail is whitelisted. UxBoD> Yu could try stopping mailscanner and then running it manually UxBoD> in debug mode and it should tell you why it was whitelisted. >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of UxBoD >> Sent: 07 October 2007 15:21 >> To: MailScanner discussion >> Subject: Re: Can't figure out why we are getting so much spam. >> >> >> Hi, >> >> You have scored that email over 30 points, so what help do you >> require ? If you want to reduce the number at the MTA then you >> could always look at implementing the RBLs directly from Exim, or >> look at other methods like greylisting. >> >> Regards, >> >> --[ UxBoD ]-- >> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" >> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B >> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B >> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net >> >> ----- Original Message ----- >> From: "Jason Gottschalk" >> To: mailscanner@lists.mailscanner.info >> Sent: Sunday, October 7, 2007 2:19:33 PM (GMT) Africa/Casablanca >> Subject: Can't figure out why we are getting so much spam. >> >> Hello mailscanner, >> >> >> The amount of spam we are getting has really grown in the last few >> weeks, from 2 or 3 per day to dozens per hour. >> >> Any help would be appreciated. >> >> Here is an example: (and it certainly is NOT in my whitelist!:) >> >> Return-path: >> Envelope-to: jason@syo.com >> Delivery-date: Sun, 07 Oct 2007 09:35:15 -0400 >> Received: from [86.75.171.147] (helo=147.171.75-86.rev.gaoland.net) >> by sabrina.syo.com with esmtp (Exim 4.66) >> (envelope-from ) >> id 1IeWHm-00086o-1K >> for jason@syo.com; Sun, 07 Oct 2007 09:35:10 -0400 >> Date: Sun, 07 Oct 2007 06:04:53 -0200 >> From: "Jacob E. Henry" >> X-Mailer: Internet Mail Service (5.5.2650.21) >> X-Priority: 3 >> Message-ID: <652352516118.20071007060453566120153@starmobilesound.net> >> To: jason@syo.com >> Subject: Bright side >> MIME-Version: 1.0 >> Content-Type: text/html; charset=UTF-8 >> Content-Transfer-Encoding: 7bit >> X-SYO-MailScanner-Information: Please contact the SYO for more information >> X-SYO-MailScanner: Found to be clean >> X-SYO-MailScanner-SpamCheck: not spam (whitelisted), >> SpamAssassin (not cached, score=34.194, required 3, >> autolearn=spam, >> BAYES_95 3.00, DATE_IN_PAST_03_06 0.04, FORGED_IMS_HTML 2.26, >> FORGED_IMS_TAGS 2.32, FORGED_MUA_IMS 0.45, >> HELO_DYNAMIC_IPADDR2 4.39, >> HELO_DYNAMIC_SPLIT_IP 3.49, HS_INDEX_PARAM 0.00, >> HTML_MESSAGE 0.00, >> MIME_HTML_ONLY 1.46, RAZOR2_CF_RANGE_51_100 0.50, >> RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CF_RANGE_E8_51_100 1.50, >> RAZOR2_CHECK 0.50, RCVD_IN_BL_SPAMCOP_NET 1.96, RCVD_IN_PBL 0.91, >> RCVD_IN_SORBS_DUL 0.88, SPF_SOFTFAIL 0.60, URIBL_BLACK 1.96, >> URIBL_JP_SURBL 1.50, URIBL_OB_SURBL 1.50, URIBL_SBL 1.50, >> URIBL_SC_SURBL 0.47, URIBL_WS_SURBL 1.50) >> X-SYO-MailScanner-From: jason@syo.com >> >> >> >> >> -- >> >> Best regards, >> >> Jason Gottschalk mailto:Jason@SYO.Com >> SYO Computer Engineering Services, Inc. >> SYO - Servicing Your Organization >> 586-286-2557 >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> UxBoD> -- UxBoD> MailScanner mailing list UxBoD> mailscanner@lists.mailscanner.info UxBoD> http://lists.mailscanner.info/mailman/listinfo/mailscanner UxBoD> Before posting, read http://wiki.mailscanner.info/posting UxBoD> Support MailScanner development - buy the book off the website! UxBoD> -- UxBoD> This message has been scanned for viruses and UxBoD> dangerous content by MailScanner, and is UxBoD> believed to be clean. UxBoD> -- UxBoD> This message has been scanned for viruses and UxBoD> dangerous content by MailScanner, and is UxBoD> believed to be clean. -- Best regards, Jason Gottschalk mailto:Jason@SYO.Com SYO Computer Engineering Services, Inc. 586-286-2557 From uxbod at splatnix.net Sun Oct 7 18:31:34 2007 From: uxbod at splatnix.net (UxBoD) Date: Sun Oct 7 18:40:31 2007 Subject: Can't figure out why we are getting so much spam. In-Reply-To: <1992621816.20071007131118@SYO.Com> Message-ID: <26665879.151191778294113.JavaMail.root@office.splatnix.net> You should be able to block a lot by tuning your Exim installation for RFC compliance. Cannot comment on this though as I run Postfix. Are all the SPAMs being marked as whitelisted? Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Jason Gottschalk" To: "MailScanner discussion" Sent: Sunday, October 7, 2007 5:11:18 PM (GMT) Africa/Casablanca Subject: Re[2]: Can't figure out why we are getting so much spam. Hello UxBoD, Okay, maybe not sql whitelisting. It appears to be text file whitelisting and the whitelist db in sql is empty. I'm glad you missed the whitelisted part originally, I thought, for a moment, that you were mean! :) I also, noticed in another spam that seems to be out of control, that there are two FROM: lines in the header, one is the sender of the message and the other is me, could this be what is causing it to come through too? Sunday, October 7, 2007, 10:46:55 AM, you wrote: UxBoD> Doh! Missed that UxBoD> Are you using MailWatch at all with the SQL based whitelisting UxBoD> ? or using the text based rules ? UxBoD> Regards, UxBoD> --[ UxBoD ]-- UxBoD> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" UxBoD> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B UxBoD> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B UxBoD> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net UxBoD> ----- Original Message ----- UxBoD> From: "Gareth" UxBoD> To: "MailScanner discussion" UxBoD> Sent: Sunday, October 7, 2007 2:38:59 PM (GMT) Africa/Casablanca UxBoD> Subject: RE: Can't figure out why we are getting so much spam. >> X-SYO-MailScanner-SpamCheck: not spam (whitelisted) UxBoD> Somthing is making Mailscanner think the mail is whitelisted. UxBoD> Yu could try stopping mailscanner and then running it manually UxBoD> in debug mode and it should tell you why it was whitelisted. >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of UxBoD >> Sent: 07 October 2007 15:21 >> To: MailScanner discussion >> Subject: Re: Can't figure out why we are getting so much spam. >> >> >> Hi, >> >> You have scored that email over 30 points, so what help do you >> require ? If you want to reduce the number at the MTA then you >> could always look at implementing the RBLs directly from Exim, or >> look at other methods like greylisting. >> >> Regards, >> >> --[ UxBoD ]-- >> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" >> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B >> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B >> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net >> >> ----- Original Message ----- >> From: "Jason Gottschalk" >> To: mailscanner@lists.mailscanner.info >> Sent: Sunday, October 7, 2007 2:19:33 PM (GMT) Africa/Casablanca >> Subject: Can't figure out why we are getting so much spam. >> >> Hello mailscanner, >> >> >> The amount of spam we are getting has really grown in the last few >> weeks, from 2 or 3 per day to dozens per hour. >> >> Any help would be appreciated. >> >> Here is an example: (and it certainly is NOT in my whitelist!:) >> >> Return-path: >> Envelope-to: jason@syo.com >> Delivery-date: Sun, 07 Oct 2007 09:35:15 -0400 >> Received: from [86.75.171.147] (helo=147.171.75-86.rev.gaoland.net) >> by sabrina.syo.com with esmtp (Exim 4.66) >> (envelope-from ) >> id 1IeWHm-00086o-1K >> for jason@syo.com; Sun, 07 Oct 2007 09:35:10 -0400 >> Date: Sun, 07 Oct 2007 06:04:53 -0200 >> From: "Jacob E. Henry" >> X-Mailer: Internet Mail Service (5.5.2650.21) >> X-Priority: 3 >> Message-ID: <652352516118.20071007060453566120153@starmobilesound.net> >> To: jason@syo.com >> Subject: Bright side >> MIME-Version: 1.0 >> Content-Type: text/html; charset=UTF-8 >> Content-Transfer-Encoding: 7bit >> X-SYO-MailScanner-Information: Please contact the SYO for more information >> X-SYO-MailScanner: Found to be clean >> X-SYO-MailScanner-SpamCheck: not spam (whitelisted), >> SpamAssassin (not cached, score=34.194, required 3, >> autolearn=spam, >> BAYES_95 3.00, DATE_IN_PAST_03_06 0.04, FORGED_IMS_HTML 2.26, >> FORGED_IMS_TAGS 2.32, FORGED_MUA_IMS 0.45, >> HELO_DYNAMIC_IPADDR2 4.39, >> HELO_DYNAMIC_SPLIT_IP 3.49, HS_INDEX_PARAM 0.00, >> HTML_MESSAGE 0.00, >> MIME_HTML_ONLY 1.46, RAZOR2_CF_RANGE_51_100 0.50, >> RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CF_RANGE_E8_51_100 1.50, >> RAZOR2_CHECK 0.50, RCVD_IN_BL_SPAMCOP_NET 1.96, RCVD_IN_PBL 0.91, >> RCVD_IN_SORBS_DUL 0.88, SPF_SOFTFAIL 0.60, URIBL_BLACK 1.96, >> URIBL_JP_SURBL 1.50, URIBL_OB_SURBL 1.50, URIBL_SBL 1.50, >> URIBL_SC_SURBL 0.47, URIBL_WS_SURBL 1.50) >> X-SYO-MailScanner-From: jason@syo.com >> >> >> >> >> -- >> >> Best regards, >> >> Jason Gottschalk mailto:Jason@SYO.Com >> SYO Computer Engineering Services, Inc. >> SYO - Servicing Your Organization >> 586-286-2557 >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> UxBoD> -- UxBoD> MailScanner mailing list UxBoD> mailscanner@lists.mailscanner.info UxBoD> http://lists.mailscanner.info/mailman/listinfo/mailscanner UxBoD> Before posting, read http://wiki.mailscanner.info/posting UxBoD> Support MailScanner development - buy the book off the website! UxBoD> -- UxBoD> This message has been scanned for viruses and UxBoD> dangerous content by MailScanner, and is UxBoD> believed to be clean. UxBoD> -- UxBoD> This message has been scanned for viruses and UxBoD> dangerous content by MailScanner, and is UxBoD> believed to be clean. -- Best regards, Jason Gottschalk mailto:Jason@SYO.Com SYO Computer Engineering Services, Inc. 586-286-2557 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Sun Oct 7 18:55:27 2007 From: hvdkooij at vanderkooij.org (hvdkooij@vanderkooij.org) Date: Sun Oct 7 18:55:51 2007 Subject: Stopping hotmail relayers In-Reply-To: References: Message-ID: <47091D8F.6060707@vanderkooij.org> Gareth wrote: > I use rbldnsd I configure Postfix to use it. I then create by own private > rbl file. > > You could also use my autoblock script to block IPs which are sending only > spam. > http://www.gbnetwork.co.uk/mailscanner/mailwatch2rbl/ I think you miss the point from my question. All messages come from hotmail. People are seriously misusing hotmail to relay. It is peanuts just to give hotmail the finger but that would start a bit of a riot in the family. So I want to cut off the SMTP connection when I hit this header showing me the PERP is living in some country I do not have any relatives in. I have however not found a way to match a section of the header against a RBL in postfix. (It might very well be impossible.) Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. From cornelius.koelbel at gmx.de Sun Oct 7 19:14:26 2007 From: cornelius.koelbel at gmx.de (Cornelius Koelbel) Date: Sun Oct 7 19:14:41 2007 Subject: Stopping hotmail relayers In-Reply-To: <47091D8F.6060707@vanderkooij.org> References: <47091D8F.6060707@vanderkooij.org> Message-ID: <47092202.9070805@gmx.de> Hi, i think this is a very interesting idea. It is kind of "regular expression" blacklisting. - If the sender's domain is within a list AND - His IP belongs to... AND - if some more headers match some conditions ...I do not want to see the mail. I am also courios if postfix was this flexible. ( I personally would not care if it was during the smtp connection or if it could be handled by mailscanner after having accepted the mail ) Kind regards Cornelius hvdkooij@vanderkooij.org schrieb: > Gareth wrote: >> I use rbldnsd I configure Postfix to use it. I then create by own private >> rbl file. >> >> You could also use my autoblock script to block IPs which are sending only >> spam. >> http://www.gbnetwork.co.uk/mailscanner/mailwatch2rbl/ > > I think you miss the point from my question. All messages come from > hotmail. People are seriously misusing hotmail to relay. It is peanuts > just to give hotmail the finger but that would start a bit of a riot in > the family. > > So I want to cut off the SMTP connection when I hit this header showing > me the PERP is living in some country I do not have any relatives in. > > I have however not found a way to match a section of the header against > a RBL in postfix. (It might very well be impossible.) > > Hugo. > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3641 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071007/8d913db1/smime.bin From ms-list at alexb.ch Sun Oct 7 21:03:22 2007 From: ms-list at alexb.ch (Alex Broens) Date: Sun Oct 7 21:03:26 2007 Subject: Stopping hotmail relayers In-Reply-To: <47092202.9070805@gmx.de> References: <47091D8F.6060707@vanderkooij.org> <47092202.9070805@gmx.de> Message-ID: <47093B8A.5000500@alexb.ch> On 10/7/2007 8:14 PM, Cornelius Koelbel wrote: > Hi, > > i think this is a very interesting idea. It is kind of "regular > expression" blacklisting. > > - If the sender's domain is within a list AND > - His IP belongs to... AND > - if some more headers match some conditions > > > ...I do not want to see the mail. > > I am also courios if postfix was this flexible. > > ( I personally would not care if it was during the smtp connection or if > it could be handled by mailscanner after having accepted the mail ) A SA meta rules do what you want. Alex From cornelius.koelbel at gmx.de Sun Oct 7 22:21:41 2007 From: cornelius.koelbel at gmx.de (Cornelius Koelbel) Date: Sun Oct 7 22:21:55 2007 Subject: Stopping hotmail relayers In-Reply-To: <47093B8A.5000500@alexb.ch> References: <47091D8F.6060707@vanderkooij.org> <47092202.9070805@gmx.de> <47093B8A.5000500@alexb.ch> Message-ID: <47094DE5.30909@gmx.de> OUps! Hi Alex, Thanks a lot for this very good hint! (shame on me) Kind regards Cornelius Alex Broens schrieb: > On 10/7/2007 8:14 PM, Cornelius Koelbel wrote: >> Hi, >> >> i think this is a very interesting idea. It is kind of "regular >> expression" blacklisting. >> >> - If the sender's domain is within a list AND >> - His IP belongs to... AND >> - if some more headers match some conditions >> >> >> ...I do not want to see the mail. >> >> I am also courios if postfix was this flexible. >> >> ( I personally would not care if it was during the smtp connection or if >> it could be handled by mailscanner after having accepted the mail ) > > A SA meta rules do what you want. > > Alex > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3641 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071007/c13eb0e5/smime.bin From ja at conviator.com Sun Oct 7 23:02:36 2007 From: ja at conviator.com (Jan Agermose) Date: Sun Oct 7 23:03:50 2007 Subject: "starter bayes" database Message-ID: <6B59FCF2EFD0334A8147A1BB463F111E02DCDF3C@mail-17ps.atlarge.net> Hi Im trying to setup mailscanner and spamassassin for the first time. Im looking for a good guide. I tried the MailScanner book and the install pages - this does of cause install MailScanner and SpamAssassin and I can start the services and so on, but it does not really work :-) So im looking for a -complete- guide. One that would tell me to add lines to /etc/mail/access and mailertable, allow non-localhost access and so on. 1) Does such an "complete" tutorial exist somewhere? I cannot be an in depth description, I know, but the basics? Anyway - now I have something running that will accept emails and deliver non-spam mails. Even with MailWatch :-) But what about this bayes thing. Ive set it to autolearn but it looks like its not actually using the bayes database (im not using mysql for the bayes database) and it looks like this has to do with the bayes database not really having being trained yet - to little information in the database. 2) is it possible to download and install a "base bayes database"? The result of training the database from some sort of standard accepted training set of spam/ham mail? Thanks Jan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071007/b4ff6a36/attachment-0001.html From hvdkooij at vanderkooij.org Sun Oct 7 23:42:24 2007 From: hvdkooij at vanderkooij.org (hvdkooij@vanderkooij.org) Date: Sun Oct 7 23:42:47 2007 Subject: "starter bayes" database In-Reply-To: <6B59FCF2EFD0334A8147A1BB463F111E02DCDF3C@mail-17ps.atlarge.net> References: <6B59FCF2EFD0334A8147A1BB463F111E02DCDF3C@mail-17ps.atlarge.net> Message-ID: <470960D0.1050808@vanderkooij.org> Jan Agermose wrote: > 2) is it possible to download and install a ?base bayes database?? The > result of training the database from some sort of standard accepted > training set of spam/ham mail? No. Each network is unique and you must train your bayesian database to fit YOUR traffic and not fit someone elses traffic. I would even recommend against autolearning. If you manually select 200 SPAM and 200 HAM messages you make the database work for you. In this regard read the instructions from the competition: http://www.barracudanetworks.com/ns/downloads/Barracuda_Bayes.pdf If you do it this way in MailScanner you get pretty good results. I actually disable autolearn and use mailwatch to train the database. For that you need to store all messages in quarantaine. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. From xmasterx at gmail.com Mon Oct 8 00:48:30 2007 From: xmasterx at gmail.com (Pedro Cardoso) Date: Mon Oct 8 00:48:34 2007 Subject: "starter bayes" database In-Reply-To: <470960D0.1050808@vanderkooij.org> References: <6B59FCF2EFD0334A8147A1BB463F111E02DCDF3C@mail-17ps.atlarge.net> <470960D0.1050808@vanderkooij.org> Message-ID: I use the same method, mailwatch to train bayes and now I have +170k of tokens and rarely have spam get into any inbox. Regards, -- Pedro Cardoso [ xmasterx@gmail.com ] On 10/7/07, hvdkooij@vanderkooij.org wrote: > > Jan Agermose wrote: > > > 2) is it possible to download and install a "base bayes database"? The > > result of training the database from some sort of standard accepted > > training set of spam/ham mail? > > No. Each network is unique and you must train your bayesian database to > fit YOUR traffic and not fit someone elses traffic. > > I would even recommend against autolearning. If you manually select 200 > SPAM and 200 HAM messages you make the database work for you. In this > regard read the instructions from the competition: > http://www.barracudanetworks.com/ns/downloads/Barracuda_Bayes.pdf > > If you do it this way in MailScanner you get pretty good results. I > actually disable autolearn and use mailwatch to train the database. For > that you need to store all messages in quarantaine. > > Hugo. > > -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > Don't meddle in the affairs of sysadmins, > for they are subtle and quick to anger. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071008/40746824/attachment.html From r.berber at computer.org Mon Oct 8 00:51:31 2007 From: r.berber at computer.org (=?windows-1252?Q?Ren=E9_Berber?=) Date: Mon Oct 8 00:51:54 2007 Subject: "starter bayes" database In-Reply-To: <6B59FCF2EFD0334A8147A1BB463F111E02DCDF3C@mail-17ps.atlarge.net> References: <6B59FCF2EFD0334A8147A1BB463F111E02DCDF3C@mail-17ps.atlarge.net> Message-ID: Jan Agermose wrote: > Im trying to setup mailscanner and spamassassin for the first time. Im > looking for a good guide. I tried the MailScanner book and the install > pages ? this does of cause install MailScanner and SpamAssassin and I > can start the services and so on, but it does not really work J So im > looking for a ?complete- guide. One that would tell me to add lines to > /etc/mail/access and mailertable, allow non-localhost access and so on. > > 1) Does such an ?complete? tutorial exist somewhere? I cannot be an in > depth description, I know, but the basics? Don't know, usually you go piece by piece, i.e. sendmail, sendmail milters, MailScanner, SA, SA plugins... > Anyway ? now I have something running that will accept emails and > deliver non-spam mails. Even with MailWatch J But what about this bayes > thing. Ive set it to autolearn but it looks like its not actually using > the bayes database (im not using mysql for the bayes database) and it > looks like this has to do with the bayes database not really having > being trained yet ? to little information in the database. > > 2) is it possible to download and install a ?base bayes database?? The > result of training the database from some sort of standard accepted > training set of spam/ham mail? Yes and IIRC MailScanner's web pages used to point you to one, but I can't find the page now... anyway it pointed to http://www.fsl.com/resources.html which provide starter DBs and also the excellent rules_du_jour package. -- Ren? Berber From Jason at SYO.Com Mon Oct 8 01:27:40 2007 From: Jason at SYO.Com (Jason Gottschalk) Date: Mon Oct 8 01:23:53 2007 Subject: Can't figure out why we are getting so much spam. In-Reply-To: <26665879.151191778294113.JavaMail.root@office.splatnix.net> References: <1992621816.20071007131118@SYO.Com> <26665879.151191778294113.JavaMail.root@office.splatnix.net> Message-ID: <132406832.20071007202740@SYO.Com> Hello UxBoD, No. I would say 99% are are being marked as spam. It really looks like the mail being marked as whitelisted has two FROM: entries in the headers. ie: From: Jacob Henry and X-SYO-Mailscanner-From: Jason@syo.com Return-path: Envelope-to: jason@syo.com Delivery-date: Sun, 07 Oct 2007 09:35:15 -0400 Received: from [86.75.171.147] (helo=147.171.75-86.rev.gaoland.net) by sabrina.syo.com with esmtp (Exim 4.66) (envelope-from ) id 1IeWHm-00086o-1K for jason@syo.com; Sun, 07 Oct 2007 09:35:10 -0400 Date: Sun, 07 Oct 2007 06:04:53 -0200 From: "Jacob E. Henry" X-Mailer: Internet Mail Service (5.5.2650.21) X-Priority: 3 Message-ID: <652352516118.20071007060453566120153@starmobilesound.net> To: jason@syo.com Subject: Bright side MIME-Version: 1.0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit X-SYO-MailScanner-Information: Please contact the SYO for more information X-SYO-MailScanner: Found to be clean X-SYO-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (not cached, score=34.194, required 3, autolearn=spam, BAYES_95 3.00, DATE_IN_PAST_03_06 0.04, FORGED_IMS_HTML 2.26, FORGED_IMS_TAGS 2.32, FORGED_MUA_IMS 0.45, HELO_DYNAMIC_IPADDR2 4.39, HELO_DYNAMIC_SPLIT_IP 3.49, HS_INDEX_PARAM 0.00, HTML_MESSAGE 0.00, MIME_HTML_ONLY 1.46, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_BL_SPAMCOP_NET 1.96, RCVD_IN_PBL 0.91, RCVD_IN_SORBS_DUL 0.88, SPF_SOFTFAIL 0.60, URIBL_BLACK 1.96, URIBL_JP_SURBL 1.50, URIBL_OB_SURBL 1.50, URIBL_SBL 1.50, URIBL_SC_SURBL 0.47, URIBL_WS_SURBL 1.50) X-SYO-MailScanner-From: jason@syo.com Sunday, October 7, 2007, 1:31:34 PM, you wrote: UxBoD> You should be able to block a lot by tuning your Exim UxBoD> installation for RFC compliance. Cannot comment on this though UxBoD> as I run Postfix. Are all the SPAMs being marked as whitelisted? UxBoD> Regards, UxBoD> --[ UxBoD ]-- UxBoD> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" UxBoD> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B UxBoD> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B UxBoD> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net UxBoD> ----- Original Message ----- UxBoD> From: "Jason Gottschalk" UxBoD> To: "MailScanner discussion" UxBoD> Sent: Sunday, October 7, 2007 5:11:18 PM (GMT) Africa/Casablanca UxBoD> Subject: Re[2]: Can't figure out why we are getting so much spam. UxBoD> Hello UxBoD, UxBoD> Okay, maybe not sql whitelisting. It appears to be text file UxBoD> whitelisting and the whitelist db in sql is empty. UxBoD> I'm glad you missed the whitelisted part originally, I thought, for a UxBoD> moment, that you were mean! UxBoD> I also, noticed in another spam that seems to be out of control, that UxBoD> there are two FROM: lines in the header, one is the sender of the UxBoD> message and the other is me, could this be what is causing it to come UxBoD> through too? UxBoD> Sunday, October 7, 2007, 10:46:55 AM, you wrote: UxBoD>> Doh! Missed that UxBoD>> Are you using MailWatch at all with the SQL based whitelisting UxBoD>> ? or using the text based rules ? UxBoD>> Regards, UxBoD>> --[ UxBoD ]-- UxBoD>> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" UxBoD>> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B UxBoD>> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B UxBoD>> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net UxBoD>> ----- Original Message ----- UxBoD>> From: "Gareth" UxBoD>> To: "MailScanner discussion" UxBoD>> Sent: Sunday, October 7, 2007 2:38:59 PM (GMT) Africa/Casablanca UxBoD>> Subject: RE: Can't figure out why we are getting so much spam. >>> X-SYO-MailScanner-SpamCheck: not spam (whitelisted) UxBoD>> Somthing is making Mailscanner think the mail is whitelisted. UxBoD>> Yu could try stopping mailscanner and then running it manually UxBoD>> in debug mode and it should tell you why it was whitelisted. >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of UxBoD >>> Sent: 07 October 2007 15:21 >>> To: MailScanner discussion >>> Subject: Re: Can't figure out why we are getting so much spam. >>> >>> >>> Hi, >>> >>> You have scored that email over 30 points, so what help do you >>> require ? If you want to reduce the number at the MTA then you >>> could always look at implementing the RBLs directly from Exim, or >>> look at other methods like greylisting. >>> >>> Regards, >>> >>> --[ UxBoD ]-- >>> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" >>> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B >>> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B >>> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net >>> >>> ----- Original Message ----- >>> From: "Jason Gottschalk" >>> To: mailscanner@lists.mailscanner.info >>> Sent: Sunday, October 7, 2007 2:19:33 PM (GMT) Africa/Casablanca >>> Subject: Can't figure out why we are getting so much spam. >>> >>> Hello mailscanner, >>> >>> >>> The amount of spam we are getting has really grown in the last few >>> weeks, from 2 or 3 per day to dozens per hour. >>> >>> Any help would be appreciated. >>> >>> Here is an example: (and it certainly is NOT in my whitelist!:) >>> >>> Return-path: >>> Envelope-to: jason@syo.com >>> Delivery-date: Sun, 07 Oct 2007 09:35:15 -0400 >>> Received: from [86.75.171.147] (helo=147.171.75-86.rev.gaoland.net) >>> by sabrina.syo.com with esmtp (Exim 4.66) >>> (envelope-from ) >>> id 1IeWHm-00086o-1K >>> for jason@syo.com; Sun, 07 Oct 2007 09:35:10 -0400 >>> Date: Sun, 07 Oct 2007 06:04:53 -0200 >>> From: "Jacob E. Henry" >>> X-Mailer: Internet Mail Service (5.5.2650.21) >>> X-Priority: 3 >>> Message-ID: <652352516118.20071007060453566120153@starmobilesound.net> >>> To: jason@syo.com >>> Subject: Bright side >>> MIME-Version: 1.0 >>> Content-Type: text/html; charset=UTF-8 >>> Content-Transfer-Encoding: 7bit >>> X-SYO-MailScanner-Information: Please contact the SYO for more information >>> X-SYO-MailScanner: Found to be clean >>> X-SYO-MailScanner-SpamCheck: not spam (whitelisted), >>> SpamAssassin (not cached, score=34.194, required 3, >>> autolearn=spam, >>> BAYES_95 3.00, DATE_IN_PAST_03_06 0.04, FORGED_IMS_HTML 2.26, >>> FORGED_IMS_TAGS 2.32, FORGED_MUA_IMS 0.45, >>> HELO_DYNAMIC_IPADDR2 4.39, >>> HELO_DYNAMIC_SPLIT_IP 3.49, HS_INDEX_PARAM 0.00, >>> HTML_MESSAGE 0.00, >>> MIME_HTML_ONLY 1.46, RAZOR2_CF_RANGE_51_100 0.50, >>> RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CF_RANGE_E8_51_100 1.50, >>> RAZOR2_CHECK 0.50, RCVD_IN_BL_SPAMCOP_NET 1.96, RCVD_IN_PBL 0.91, >>> RCVD_IN_SORBS_DUL 0.88, SPF_SOFTFAIL 0.60, URIBL_BLACK 1.96, >>> URIBL_JP_SURBL 1.50, URIBL_OB_SURBL 1.50, URIBL_SBL 1.50, >>> URIBL_SC_SURBL 0.47, URIBL_WS_SURBL 1.50) >>> X-SYO-MailScanner-From: jason@syo.com >>> >>> >>> >>> >>> -- >>> >>> Best regards, >>> >>> Jason Gottschalk mailto:Jason@SYO.Com >>> SYO Computer Engineering Services, Inc. >>> SYO - Servicing Your Organization >>> 586-286-2557 >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> UxBoD>> -- UxBoD>> MailScanner mailing list UxBoD>> mailscanner@lists.mailscanner.info UxBoD>> http://lists.mailscanner.info/mailman/listinfo/mailscanner UxBoD>> Before posting, read http://wiki.mailscanner.info/posting UxBoD>> Support MailScanner development - buy the book off the website! UxBoD>> -- UxBoD>> This message has been scanned for viruses and UxBoD>> dangerous content by MailScanner, and is UxBoD>> believed to be clean. UxBoD>> -- UxBoD>> This message has been scanned for viruses and UxBoD>> dangerous content by MailScanner, and is UxBoD>> believed to be clean. UxBoD> -- UxBoD> Best regards, UxBoD> Jason Gottschalk mailto:Jason@SYO.Com UxBoD> SYO Computer Engineering Services, Inc. UxBoD> 586-286-2557 UxBoD> -- UxBoD> MailScanner mailing list UxBoD> mailscanner@lists.mailscanner.info UxBoD> http://lists.mailscanner.info/mailman/listinfo/mailscanner UxBoD> Before posting, read http://wiki.mailscanner.info/posting UxBoD> Support MailScanner development - buy the book off the website! UxBoD> -- UxBoD> This message has been scanned for viruses and UxBoD> dangerous content by MailScanner, and is UxBoD> believed to be clean. UxBoD> -- UxBoD> This message has been scanned for viruses and UxBoD> dangerous content by MailScanner, and is UxBoD> believed to be clean. -- Best regards, Jason Gottschalk mailto:Jason@SYO.Com SYO Computer Engineering Services, Inc. 586-286-2557 From stork at openenterprise.ca Mon Oct 8 01:33:38 2007 From: stork at openenterprise.ca (Johnny Stork) Date: Mon Oct 8 01:33:40 2007 Subject: rejected commands from localhost due to pre-greeting traffic Message-ID: <47097AE2.4010104@openenterprise.ca> I am not sure whats happened to my system, and I dont recall making any changes in the past few weeks, but I am seeing lots of these in the maillog Oct 7 17:25:24 gateway sendmail[11378]: l980POcH011378: rejecting commands from localhost.localdomain [127.0.0.1] due to pre-greeting traffic Any ideas? Most mail "seems" to be getting through though. its a fresh CentOS 5x, current mailscanner etc. -- *Johnny Stork* Business & Technology Consultant stork@openenterprise.ca From philip at zeiglers.net Mon Oct 8 01:40:20 2007 From: philip at zeiglers.net (=?utf-8?B?UGhpbGlwIFplaWdsZXI=?=) Date: Mon Oct 8 01:40:42 2007 Subject: rejected commands from localhost due to pre-greeting traffic In-Reply-To: <47097AE2.4010104@openenterprise.ca> References: <47097AE2.4010104@openenterprise.ca> Message-ID: <1787502942-1191804028-cardhu_decombobulator_blackberry.rim.net-920865539-@bxe122.bisx.prod.on.blackberry> You have greet-pause activated in sendmail. You need to set the pause to 0 for 127.0.0.1 in the access file. Philip Sent via BlackBerry from T-Mobile -----Original Message----- From: Johnny Stork Date: Sun, 07 Oct 2007 17:33:38 To:MailScanner discussion Subject: rejected commands from localhost due to pre-greeting traffic I am not sure whats happened to my system, and I dont recall making any changes in the past few weeks, but I am seeing lots of these in the maillog Oct 7 17:25:24 gateway sendmail[11378]: l980POcH011378: rejecting commands from localhost.localdomain [127.0.0.1] due to pre-greeting traffic Any ideas? Most mail "seems" to be getting through though. its a fresh CentOS 5x, current mailscanner etc. -- *Johnny Stork* Business & Technology Consultant stork@openenterprise.ca -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From naolson at gmail.com Mon Oct 8 02:13:21 2007 From: naolson at gmail.com (Nathan Olson) Date: Mon Oct 8 02:13:29 2007 Subject: Can't figure out why we are getting so much spam. In-Reply-To: <132406832.20071007202740@SYO.Com> References: <1992621816.20071007131118@SYO.Com> <26665879.151191778294113.JavaMail.root@office.splatnix.net> <132406832.20071007202740@SYO.Com> Message-ID: <8f54b4330710071813v504428b0yd3bba9ff95721b9b@mail.gmail.com> X-MailScanner-From: is the envelope sender. From: is from the headers. Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071007/7bff9648/attachment.html From stork at openenterprise.ca Mon Oct 8 02:15:52 2007 From: stork at openenterprise.ca (Johnny Stork) Date: Mon Oct 8 02:15:54 2007 Subject: rejected commands from localhost due to pre-greeting traffic In-Reply-To: <1787502942-1191804028-cardhu_decombobulator_blackberry.rim.net-920865539-@bxe122.bisx.prod.on.blackberry> References: <47097AE2.4010104@openenterprise.ca> <1787502942-1191804028-cardhu_decombobulator_blackberry.rim.net-920865539-@bxe122.bisx.prod.on.blackberry> Message-ID: <470984C8.10309@openenterprise.ca> Sorry for my ignorance. Which file does this setting need to be set in? Philip Zeigler wrote: > You have greet-pause activated in sendmail. You need to set the pause to 0 for 127.0.0.1 in the access file. > > Philip > Sent via BlackBerry from T-Mobile > > -----Original Message----- > From: Johnny Stork > > Date: Sun, 07 Oct 2007 17:33:38 > To:MailScanner discussion > Subject: rejected commands from localhost due to pre-greeting traffic > > > I am not sure whats happened to my system, and I dont recall making any > changes in the past few weeks, but I am seeing lots of these in the maillog > > Oct 7 17:25:24 gateway sendmail[11378]: l980POcH011378: rejecting > commands from localhost.localdomain [127.0.0.1] due to pre-greeting traffic > > > Any ideas? Most mail "seems" to be getting through though. > > its a fresh CentOS 5x, current mailscanner etc. > > > From philip at zeiglers.net Mon Oct 8 02:22:48 2007 From: philip at zeiglers.net (=?utf-8?B?UGhpbGlwIFplaWdsZXI=?=) Date: Mon Oct 8 02:23:12 2007 Subject: rejected commands from localhost due to pre-greeting traffic In-Reply-To: <470984C8.10309@openenterprise.ca> References: <47097AE2.4010104@openenterprise.ca><1787502942-1191804028-cardhu_decombobulator_blackberry.rim.net-920865539-@bxe122.bisx.prod.on.blackberry><470984C8.10309@openenterprise.ca> Message-ID: <1565144563-1191806577-cardhu_decombobulator_blackberry.rim.net-1686681262-@bxe122.bisx.prod.on.blackberry> /etc/mail/access Sent via BlackBerry from T-Mobile -----Original Message----- From: Johnny Stork Date: Sun, 07 Oct 2007 18:15:52 To:MailScanner discussion Subject: Re: rejected commands from localhost due to pre-greeting traffic Sorry for my ignorance. Which file does this setting need to be set in? Philip Zeigler wrote: > You have greet-pause activated in sendmail. You need to set the pause to 0 for 127.0.0.1 in the access file. > > Philip > Sent via BlackBerry from T-Mobile > > -----Original Message----- > From: Johnny Stork > > Date: Sun, 07 Oct 2007 17:33:38 > To:MailScanner discussion > Subject: rejected commands from localhost due to pre-greeting traffic > > > I am not sure whats happened to my system, and I dont recall making any > changes in the past few weeks, but I am seeing lots of these in the maillog > > Oct 7 17:25:24 gateway sendmail[11378]: l980POcH011378: rejecting > commands from localhost.localdomain [127.0.0.1] due to pre-greeting traffic > > > Any ideas? Most mail "seems" to be getting through though. > > its a fresh CentOS 5x, current mailscanner etc. > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From stork at openenterprise.ca Mon Oct 8 02:30:18 2007 From: stork at openenterprise.ca (Johnny Stork) Date: Mon Oct 8 02:30:20 2007 Subject: rejected commands from localhost due to pre-greeting traffic In-Reply-To: <1565144563-1191806577-cardhu_decombobulator_blackberry.rim.net-1686681262-@bxe122.bisx.prod.on.blackberry> References: <47097AE2.4010104@openenterprise.ca><1787502942-1191804028-cardhu_decombobulator_blackberry.rim.net-920865539-@bxe122.bisx.prod.on.blackberry><470984C8.10309@openenterprise.ca> <1565144563-1191806577-cardhu_decombobulator_blackberry.rim.net-1686681262-@bxe122.bisx.prod.on.blackberry> Message-ID: <4709882A.1060106@openenterprise.ca> Thanks, after a quick google I did find it...right after sending the message. But thanks kindly for the quick and helpful responses :) Philip Zeigler wrote: > /etc/mail/access > Sent via BlackBerry from T-Mobile > > -----Original Message----- > From: Johnny Stork > > Date: Sun, 07 Oct 2007 18:15:52 > To:MailScanner discussion > Subject: Re: rejected commands from localhost due to pre-greeting traffic > > > Sorry for my ignorance. Which file does this setting need to be set in? > > Philip Zeigler wrote: > >> You have greet-pause activated in sendmail. You need to set the pause to 0 for 127.0.0.1 in the access file. >> >> Philip >> Sent via BlackBerry from T-Mobile >> >> -----Original Message----- >> From: Johnny Stork >> >> Date: Sun, 07 Oct 2007 17:33:38 >> To:MailScanner discussion >> Subject: rejected commands from localhost due to pre-greeting traffic >> >> >> I am not sure whats happened to my system, and I dont recall making any >> changes in the past few weeks, but I am seeing lots of these in the maillog >> >> Oct 7 17:25:24 gateway sendmail[11378]: l980POcH011378: rejecting >> commands from localhost.localdomain [127.0.0.1] due to pre-greeting traffic >> >> >> Any ideas? Most mail "seems" to be getting through though. >> >> its a fresh CentOS 5x, current mailscanner etc. >> >> >> >> > > From philip at zeiglers.net Mon Oct 8 02:36:13 2007 From: philip at zeiglers.net (=?utf-8?B?UGhpbGlwIFplaWdsZXI=?=) Date: Mon Oct 8 02:36:27 2007 Subject: rejected commands from localhost due to pre-greeting traffic In-Reply-To: <470984C8.10309@openenterprise.ca> References: <47097AE2.4010104@openenterprise.ca><1787502942-1191804028-cardhu_decombobulator_blackberry.rim.net-920865539-@bxe122.bisx.prod.on.blackberry><470984C8.10309@openenterprise.ca> Message-ID: <882238850-1191807382-cardhu_decombobulator_blackberry.rim.net-1943669039-@bxe122.bisx.prod.on.blackberry> Edit the /etc/mail/access file and add a line like this: GreetPause:127.0.0.1 0 Then make -c /etc/mail to build the access.db file. Philip Sent via BlackBerry from T-Mobile -----Original Message----- From: Johnny Stork Date: Sun, 07 Oct 2007 18:15:52 To:MailScanner discussion Subject: Re: rejected commands from localhost due to pre-greeting traffic Sorry for my ignorance. Which file does this setting need to be set in? Philip Zeigler wrote: > You have greet-pause activated in sendmail. You need to set the pause to 0 for 127.0.0.1 in the access file. > > Philip > Sent via BlackBerry from T-Mobile > > -----Original Message----- > From: Johnny Stork > > Date: Sun, 07 Oct 2007 17:33:38 > To:MailScanner discussion > Subject: rejected commands from localhost due to pre-greeting traffic > > > I am not sure whats happened to my system, and I dont recall making any > changes in the past few weeks, but I am seeing lots of these in the maillog > > Oct 7 17:25:24 gateway sendmail[11378]: l980POcH011378: rejecting > commands from localhost.localdomain [127.0.0.1] due to pre-greeting traffic > > > Any ideas? Most mail "seems" to be getting through though. > > its a fresh CentOS 5x, current mailscanner etc. > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From stork at openenterprise.ca Mon Oct 8 02:45:10 2007 From: stork at openenterprise.ca (Johnny Stork) Date: Mon Oct 8 02:45:12 2007 Subject: rejected commands from localhost due to pre-greeting traffic In-Reply-To: <882238850-1191807382-cardhu_decombobulator_blackberry.rim.net-1943669039-@bxe122.bisx.prod.on.blackberry> References: <47097AE2.4010104@openenterprise.ca><1787502942-1191804028-cardhu_decombobulator_blackberry.rim.net-920865539-@bxe122.bisx.prod.on.blackberry><470984C8.10309@openenterprise.ca> <882238850-1191807382-cardhu_decombobulator_blackberry.rim.net-1943669039-@bxe122.bisx.prod.on.blackberry> Message-ID: <47098BA6.2020404@openenterprise.ca> Thanks again. Did all the suggested steps and although that original message is gone, it seems to have been replaced by these.... localhost.localdomain [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Philip Zeigler wrote: > Edit the /etc/mail/access file and add a line like this: > > GreetPause:127.0.0.1 0 > > Then make -c /etc/mail to build the access.db file. > > Philip > Sent via BlackBerry from T-Mobile > > -----Original Message----- > From: Johnny Stork > > Date: Sun, 07 Oct 2007 18:15:52 > To:MailScanner discussion > Subject: Re: rejected commands from localhost due to pre-greeting traffic > > > Sorry for my ignorance. Which file does this setting need to be set in? > > Philip Zeigler wrote: > >> You have greet-pause activated in sendmail. You need to set the pause to 0 for 127.0.0.1 in the access file. >> >> Philip >> Sent via BlackBerry from T-Mobile >> >> -----Original Message----- >> From: Johnny Stork >> >> Date: Sun, 07 Oct 2007 17:33:38 >> To:MailScanner discussion >> Subject: rejected commands from localhost due to pre-greeting traffic >> >> >> I am not sure whats happened to my system, and I dont recall making any >> changes in the past few weeks, but I am seeing lots of these in the maillog >> >> Oct 7 17:25:24 gateway sendmail[11378]: l980POcH011378: rejecting >> commands from localhost.localdomain [127.0.0.1] due to pre-greeting traffic >> >> >> Any ideas? Most mail "seems" to be getting through though. >> >> its a fresh CentOS 5x, current mailscanner etc. >> >> >> >> > > From Jason at SYO.Com Mon Oct 8 03:36:28 2007 From: Jason at SYO.Com (Jason Gottschalk) Date: Mon Oct 8 03:32:42 2007 Subject: Can't figure out why we are getting so much spam. In-Reply-To: References: <25707289.61191766873313.JavaMail.root@office.splatnix.net> Message-ID: <3410414129.20071007223628@SYO.Com> Hello Gareth, How do I run it in debug mode? is it a command line option? Sunday, October 7, 2007, 10:38:59 AM, you wrote: >> X-SYO-MailScanner-SpamCheck: not spam (whitelisted) Gareth> Somthing is making Mailscanner think the mail is whitelisted. Gareth> Yu could try stopping mailscanner and then running it Gareth> manually in debug mode and it should tell you why it was whitelisted. >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of UxBoD >> Sent: 07 October 2007 15:21 >> To: MailScanner discussion >> Subject: Re: Can't figure out why we are getting so much spam. >> >> >> Hi, >> >> You have scored that email over 30 points, so what help do you >> require ? If you want to reduce the number at the MTA then you >> could always look at implementing the RBLs directly from Exim, or >> look at other methods like greylisting. >> >> Regards, >> >> --[ UxBoD ]-- >> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" >> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B >> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B >> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net >> >> ----- Original Message ----- >> From: "Jason Gottschalk" >> To: mailscanner@lists.mailscanner.info >> Sent: Sunday, October 7, 2007 2:19:33 PM (GMT) Africa/Casablanca >> Subject: Can't figure out why we are getting so much spam. >> >> Hello mailscanner, >> >> >> The amount of spam we are getting has really grown in the last few >> weeks, from 2 or 3 per day to dozens per hour. >> >> Any help would be appreciated. >> >> Here is an example: (and it certainly is NOT in my whitelist!:) >> >> Return-path: >> Envelope-to: jason@syo.com >> Delivery-date: Sun, 07 Oct 2007 09:35:15 -0400 >> Received: from [86.75.171.147] (helo=147.171.75-86.rev.gaoland.net) >> by sabrina.syo.com with esmtp (Exim 4.66) >> (envelope-from ) >> id 1IeWHm-00086o-1K >> for jason@syo.com; Sun, 07 Oct 2007 09:35:10 -0400 >> Date: Sun, 07 Oct 2007 06:04:53 -0200 >> From: "Jacob E. Henry" >> X-Mailer: Internet Mail Service (5.5.2650.21) >> X-Priority: 3 >> Message-ID: <652352516118.20071007060453566120153@starmobilesound.net> >> To: jason@syo.com >> Subject: Bright side >> MIME-Version: 1.0 >> Content-Type: text/html; charset=UTF-8 >> Content-Transfer-Encoding: 7bit >> X-SYO-MailScanner-Information: Please contact the SYO for more information >> X-SYO-MailScanner: Found to be clean >> X-SYO-MailScanner-SpamCheck: not spam (whitelisted), >> SpamAssassin (not cached, score=34.194, required 3, >> autolearn=spam, >> BAYES_95 3.00, DATE_IN_PAST_03_06 0.04, FORGED_IMS_HTML 2.26, >> FORGED_IMS_TAGS 2.32, FORGED_MUA_IMS 0.45, >> HELO_DYNAMIC_IPADDR2 4.39, >> HELO_DYNAMIC_SPLIT_IP 3.49, HS_INDEX_PARAM 0.00, >> HTML_MESSAGE 0.00, >> MIME_HTML_ONLY 1.46, RAZOR2_CF_RANGE_51_100 0.50, >> RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CF_RANGE_E8_51_100 1.50, >> RAZOR2_CHECK 0.50, RCVD_IN_BL_SPAMCOP_NET 1.96, RCVD_IN_PBL 0.91, >> RCVD_IN_SORBS_DUL 0.88, SPF_SOFTFAIL 0.60, URIBL_BLACK 1.96, >> URIBL_JP_SURBL 1.50, URIBL_OB_SURBL 1.50, URIBL_SBL 1.50, >> URIBL_SC_SURBL 0.47, URIBL_WS_SURBL 1.50) >> X-SYO-MailScanner-From: jason@syo.com >> >> >> >> >> -- >> >> Best regards, >> >> Jason Gottschalk mailto:Jason@SYO.Com >> SYO Computer Engineering Services, Inc. >> SYO - Servicing Your Organization >> 586-286-2557 >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> -- Best regards, Jason Gottschalk mailto:Jason@SYO.Com SYO Computer Engineering Services, Inc. 586-286-2557 From Jason at SYO.Com Mon Oct 8 03:57:19 2007 From: Jason at SYO.Com (Jason Gottschalk) Date: Mon Oct 8 03:53:34 2007 Subject: Can't figure out why we are getting so much spam. In-Reply-To: <8f54b4330710071813v504428b0yd3bba9ff95721b9b@mail.gmail.com> References: <1992621816.20071007131118@SYO.Com> <26665879.151191778294113.JavaMail.root@office.splatnix.net> <132406832.20071007202740@SYO.Com> <8f54b4330710071813v504428b0yd3bba9ff95721b9b@mail.gmail.com> Message-ID: <1528590582.20071007225719@SYO.Com> Hello Nathan, Here is a screen shot showing the spam in question. It is marked as whitelist for me, but spam for other domains on the same server. Please note the from and to addresses???? http://www.hostanon.com/images/2007-07-10/3565959384.jpg Sunday, October 7, 2007, 9:13:21 PM, you wrote: Nathan> X-MailScanner-From: is the envelope sender. Nathan> From: is from the headers. Nathan> Nate -- Best regards, Jason Gottschalk mailto:Jason@SYO.Com SYO Computer Engineering Services, Inc. 586-286-2557 From uxbod at splatnix.net Mon Oct 8 05:27:57 2007 From: uxbod at splatnix.net (UxBoD) Date: Mon Oct 8 05:36:59 2007 Subject: Can't figure out why we are getting so much spam. In-Reply-To: <1528590582.20071007225719@SYO.Com> Message-ID: <31226381.181191817677628.JavaMail.root@office.splatnix.net> That URL does not show anything. What do you have in your spam.whitelist.rule ? /etc/rules Also, to run in debug stop all MailScanner processes, and then run MailScanner --debug Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Jason Gottschalk" To: "MailScanner discussion" Sent: Monday, October 8, 2007 2:57:19 AM (GMT) Africa/Casablanca Subject: Re[6]: Can't figure out why we are getting so much spam. Hello Nathan, Here is a screen shot showing the spam in question. It is marked as whitelist for me, but spam for other domains on the same server. Please note the from and to addresses???? http://www.hostanon.com/images/2007-07-10/3565959384.jpg Sunday, October 7, 2007, 9:13:21 PM, you wrote: Nathan> X-MailScanner-From: is the envelope sender. Nathan> From: is from the headers. Nathan> Nate -- Best regards, Jason Gottschalk mailto:Jason@SYO.Com SYO Computer Engineering Services, Inc. 586-286-2557 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve.freegard at fsl.com Mon Oct 8 08:26:29 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Mon Oct 8 08:26:31 2007 Subject: rejected commands from localhost due to pre-greeting traffic In-Reply-To: <47098BA6.2020404@openenterprise.ca> References: <47097AE2.4010104@openenterprise.ca><1787502942-1191804028-cardhu_decombobulator_blackberry.rim.net-920865539-@bxe122.bisx.prod.on.blackberry><470984C8.10309@openenterprise.ca> <882238850-1191807382-cardhu_decombobulator_blackberry.rim.net-1943669039-@bxe122.bisx.prod.on.blackberry> <47098BA6.2020404@openenterprise.ca> Message-ID: <4709DBA5.9050003@fsl.com> Johnny Stork wrote: > Thanks again. Did all the suggested steps and although that original > message is gone, it seems to have been replaced by these.... > > localhost.localdomain [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN > during connection to MTA > Are you running Nagios or some sort of other monitoring locally? It seems that something is connecting to port 25 and maybe even issuing a HELO/EHLO and then disconnecting. I've seen this happen with some monitoring tools before, if you don't run any or have not carried out any work on this machine recently then you should probably check for rootkits or other nasties and make sure you don't have any weak root or user passwords as malware could case this as well. Cheers, Steve. From stork at openenterprise.ca Mon Oct 8 08:32:11 2007 From: stork at openenterprise.ca (Johnny Stork) Date: Mon Oct 8 08:32:11 2007 Subject: rejected commands from localhost due to pre-greeting traffic In-Reply-To: <4709DBA5.9050003@fsl.com> References: <47097AE2.4010104@openenterprise.ca><1787502942-1191804028-cardhu_decombobulator_blackberry.rim.net-920865539-@bxe122.bisx.prod.on.blackberry><470984C8.10309@openenterprise.ca> <882238850-1191807382-cardhu_decombobulator_blackberry.rim.net-1943669039-@bxe122.bisx.prod.on.blackberry> <47098BA6.2020404@openenterprise.ca> <4709DBA5.9050003@fsl.com> Message-ID: <4709DCFB.7070107@openenterprise.ca> No nagios running, but I do run a zabbix client but it is currently not being used for any smtp or other mail ports. Its is also a fresh, clean install of Centos 5, and is currently accepting mail on port 25. Thats the only port connecting to that server from the internet Steve Freegard wrote: > Johnny Stork wrote: >> Thanks again. Did all the suggested steps and although that original >> message is gone, it seems to have been replaced by these.... >> >> localhost.localdomain [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN >> during connection to MTA >> > > Are you running Nagios or some sort of other monitoring locally? > > It seems that something is connecting to port 25 and maybe even > issuing a HELO/EHLO and then disconnecting. > > I've seen this happen with some monitoring tools before, if you don't > run any or have not carried out any work on this machine recently then > you should probably check for rootkits or other nasties and make sure > you don't have any weak root or user passwords as malware could case > this as well. > > Cheers, > Steve. From prandal at herefordshire.gov.uk Mon Oct 8 10:37:02 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Oct 8 10:37:11 2007 Subject: Stopping hotmail relayers In-Reply-To: <47092202.9070805@gmx.de> References: <47091D8F.6060707@vanderkooij.org> <47092202.9070805@gmx.de> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA01BEB266@HC-MBX02.herefordshire.gov.uk> Many of the spams originating from hotmail addresses here have a Reply-To: address in a yahoo domain. The following rule hits only spam here: header __HC_FROM_HOTMAIL From =~ /\@hotmail\./ describe __HC_FROM_HOTMAIL email From hotmail user header __HC_REPLY_YAHOO Reply-To =~ /\@yahoo\./ describe __HC_REPLY_YAHOO Reply-To yahoo user meta HC_HOTMAIL_YAHOO ( __HC_FROM_HOTMAIL && __HC_REPLY_YAHOO ) describe HC_HOTMAIL_YAHOO From hotmail, reply to Yahoo score HC_HOTMAIL_YAHOO 20 I suspect the rule can be tweaked to score Reply-To's to yahoo positively by themselves, but that will hit both ham and spam. If you're adventurous try this and then tweak the scores: header __HC_FROM_HOTMAIL From =~ /\@hotmail\./ describe __HC_FROM_HOTMAIL email From hotmail user header HC_REPLY_YAHOO Reply-To =~ /\@yahoo\./ describe HC_REPLY_YAHOO Reply-To yahoo user score HC_REPLY_YAHOO 0.5 meta HC_HOTMAIL_YAHOO ( __HC_FROM_HOTMAIL && HC_REPLY_YAHOO ) describe HC_HOTMAIL_YAHOO From hotmail, reply to Yahoo score HC_HOTMAIL_YAHOO 20 Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Cornelius Koelbel > Sent: 07 October 2007 19:14 > To: MailScanner discussion > Subject: Re: Stopping hotmail relayers > > Hi, > > i think this is a very interesting idea. It is kind of "regular > expression" blacklisting. > > - If the sender's domain is within a list AND > - His IP belongs to... AND > - if some more headers match some conditions > > > ...I do not want to see the mail. > > I am also courios if postfix was this flexible. > > ( I personally would not care if it was during the smtp > connection or if > it could be handled by mailscanner after having accepted the mail ) > > Kind regards > Cornelius > > hvdkooij@vanderkooij.org schrieb: > > Gareth wrote: > >> I use rbldnsd I configure Postfix to use it. I then create > by own private > >> rbl file. > >> > >> You could also use my autoblock script to block IPs which > are sending only > >> spam. > >> http://www.gbnetwork.co.uk/mailscanner/mailwatch2rbl/ > > > > I think you miss the point from my question. All messages come from > > hotmail. People are seriously misusing hotmail to relay. It > is peanuts > > just to give hotmail the finger but that would start a bit > of a riot in > > the family. > > > > So I want to cut off the SMTP connection when I hit this > header showing > > me the PERP is living in some country I do not have any > relatives in. > > > > I have however not found a way to match a section of the > header against > > a RBL in postfix. (It might very well be impossible.) > > > > Hugo. > > > From uxbod at splatnix.net Mon Oct 8 13:11:28 2007 From: uxbod at splatnix.net (UxBoD) Date: Mon Oct 8 13:20:33 2007 Subject: Can't figure out why we are getting so much spam. In-Reply-To: <1515133924.20071008081905@SYO.Com> Message-ID: <18715505.1141191845488702.JavaMail.root@office.splatnix.net> We need to see what is in your spam.whitelist.rules file Jason. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Jason Gottschalk" To: "UxBoD" Cc: "MailScanner discussion" Sent: Monday, October 8, 2007 1:19:05 PM (GMT) Europe/London Subject: Re[8]: Can't figure out why we are getting so much spam. Hello UxBoD, Here it is attached. Monday, October 8, 2007, 12:27:57 AM, you wrote: UxBoD> That URL does not show anything. UxBoD> What do you have in your spam.whitelist.rule ? /etc/rules UxBoD> Also, to run in debug stop all MailScanner processes, and then run MailScanner --debug UxBoD> Regards, UxBoD> --[ UxBoD ]-- UxBoD> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" UxBoD> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B UxBoD> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B UxBoD> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net UxBoD> ----- Original Message ----- UxBoD> From: "Jason Gottschalk" UxBoD> To: "MailScanner discussion" UxBoD> Sent: Monday, October 8, 2007 2:57:19 AM (GMT) Africa/Casablanca UxBoD> Subject: Re[6]: Can't figure out why we are getting so much spam. UxBoD> Hello Nathan, UxBoD> Here is a screen shot showing the spam in question. It is marked as UxBoD> whitelist for me, but spam for other domains on the same server. UxBoD> Please note the from and to addresses???? UxBoD> http://www.hostanon.com/images/2007-07-10/3565959384.jpg UxBoD> Sunday, October 7, 2007, 9:13:21 PM, you wrote: Nathan>> X-MailScanner-From: is the envelope sender. Nathan>> From: is from the headers. Nathan>> Nate UxBoD> -- UxBoD> Best regards, UxBoD> Jason Gottschalk mailto:Jason@SYO.Com UxBoD> SYO Computer Engineering Services, Inc. UxBoD> 586-286-2557 UxBoD> -- UxBoD> MailScanner mailing list UxBoD> mailscanner@lists.mailscanner.info UxBoD> http://lists.mailscanner.info/mailman/listinfo/mailscanner UxBoD> Before posting, read http://wiki.mailscanner.info/posting UxBoD> Support MailScanner development - buy the book off the website! UxBoD> -- UxBoD> This message has been scanned for viruses and UxBoD> dangerous content by MailScanner, and is UxBoD> believed to be clean. UxBoD> -- UxBoD> This message has been scanned for viruses and UxBoD> dangerous content by MailScanner, and is UxBoD> believed to be clean. -- Best regards, Jason Gottschalk mailto:Jason@SYO.Com SYO Computer Engineering Services, Inc. 586-286-2557 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Jason at SYO.Com Mon Oct 8 13:24:23 2007 From: Jason at SYO.Com (Jason Gottschalk) Date: Mon Oct 8 13:20:34 2007 Subject: Can't figure out why we are getting so much spam. In-Reply-To: <31226381.181191817677628.JavaMail.root@office.splatnix.net> References: <1528590582.20071007225719@SYO.Com> <31226381.181191817677628.JavaMail.root@office.splatnix.net> Message-ID: <124985322.20071008082423@SYO.Com> Hello UxBoD, To: *@syo.com and From: tekeetam@gmail.com yes To: *@syo.com and From: *@ibcbiometrics.com yes To: *@syo.com and From: *@actatekusa.com yes To: *@syo.com and From: *@thegagestore.com yes To: *@syo.com and From: nancy@yahoo.com yes To: *@syo.com and From: lakehuroncamp@yahoo.com yes To: *@syo.com and From: kmay@abs.misd.net yes To: *@syo.com and From: julski70@comcast.net yes To: *@syo.com and From: keller@comcast.net yes To: *@syo.com and From: dinab162004@yahoo.com yes To: *@syo.com and From: webeljr@netzero.net yes To: *@syo.com and From: kaysnow3@msn.com yes To: *@syo.com and From: jarnk@comcast.net yes To: *@syo.com and From: *@investordelivery.com yes To: *@syo.com and From: *@noc.digitalrealm.net yes To: *@syo.com and From: *@digitalrealm.net yes To: *@syo.com and From: dmarshick@gmail.com yes Monday, October 8, 2007, 12:27:57 AM, you wrote: UxBoD> That URL does not show anything. UxBoD> What do you have in your spam.whitelist.rule ? /etc/rules UxBoD> Also, to run in debug stop all MailScanner processes, and then run MailScanner --debug UxBoD> Regards, UxBoD> --[ UxBoD ]-- UxBoD> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" UxBoD> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B UxBoD> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B UxBoD> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net UxBoD> ----- Original Message ----- UxBoD> From: "Jason Gottschalk" UxBoD> To: "MailScanner discussion" UxBoD> Sent: Monday, October 8, 2007 2:57:19 AM (GMT) Africa/Casablanca UxBoD> Subject: Re[6]: Can't figure out why we are getting so much spam. UxBoD> Hello Nathan, UxBoD> Here is a screen shot showing the spam in question. It is marked as UxBoD> whitelist for me, but spam for other domains on the same server. UxBoD> Please note the from and to addresses???? UxBoD> http://www.hostanon.com/images/2007-07-10/3565959384.jpg UxBoD> Sunday, October 7, 2007, 9:13:21 PM, you wrote: Nathan>> X-MailScanner-From: is the envelope sender. Nathan>> From: is from the headers. Nathan>> Nate UxBoD> -- UxBoD> Best regards, UxBoD> Jason Gottschalk mailto:Jason@SYO.Com UxBoD> SYO Computer Engineering Services, Inc. UxBoD> 586-286-2557 UxBoD> -- UxBoD> MailScanner mailing list UxBoD> mailscanner@lists.mailscanner.info UxBoD> http://lists.mailscanner.info/mailman/listinfo/mailscanner UxBoD> Before posting, read http://wiki.mailscanner.info/posting UxBoD> Support MailScanner development - buy the book off the website! UxBoD> -- UxBoD> This message has been scanned for viruses and UxBoD> dangerous content by MailScanner, and is UxBoD> believed to be clean. UxBoD> -- UxBoD> This message has been scanned for viruses and UxBoD> dangerous content by MailScanner, and is UxBoD> believed to be clean. -- Best regards, Jason Gottschalk mailto:Jason@SYO.Com SYO Computer Engineering Services, Inc. 586-286-2557 From Jason at SYO.Com Mon Oct 8 13:33:05 2007 From: Jason at SYO.Com (Jason Gottschalk) Date: Mon Oct 8 13:31:14 2007 Subject: Can't figure out why we are getting so much spam. In-Reply-To: <31226381.181191817677628.JavaMail.root@office.splatnix.net> References: <1528590582.20071007225719@SYO.Com> <31226381.181191817677628.JavaMail.root@office.splatnix.net> Message-ID: <226196360.20071008083305@SYO.Com> Hello UxBoD, Do you want the whole file? including the other domains? I am running it in debug mode now, but it doesn't show much. It just says that it is generating hash with the input of: and then it shows the to: and the message id and a 10 digit number Monday, October 8, 2007, 12:27:57 AM, you wrote: UxBoD> That URL does not show anything. UxBoD> What do you have in your spam.whitelist.rule ? /etc/rules UxBoD> Also, to run in debug stop all MailScanner processes, and then run MailScanner --debug UxBoD> Regards, UxBoD> --[ UxBoD ]-- UxBoD> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" UxBoD> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B UxBoD> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B UxBoD> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net UxBoD> ----- Original Message ----- UxBoD> From: "Jason Gottschalk" UxBoD> To: "MailScanner discussion" UxBoD> Sent: Monday, October 8, 2007 2:57:19 AM (GMT) Africa/Casablanca UxBoD> Subject: Re[6]: Can't figure out why we are getting so much spam. UxBoD> Hello Nathan, UxBoD> Here is a screen shot showing the spam in question. It is marked as UxBoD> whitelist for me, but spam for other domains on the same server. UxBoD> Please note the from and to addresses???? UxBoD> http://www.hostanon.com/images/2007-07-10/3565959384.jpg UxBoD> Sunday, October 7, 2007, 9:13:21 PM, you wrote: Nathan>> X-MailScanner-From: is the envelope sender. Nathan>> From: is from the headers. Nathan>> Nate UxBoD> -- UxBoD> Best regards, UxBoD> Jason Gottschalk mailto:Jason@SYO.Com UxBoD> SYO Computer Engineering Services, Inc. UxBoD> 586-286-2557 UxBoD> -- UxBoD> MailScanner mailing list UxBoD> mailscanner@lists.mailscanner.info UxBoD> http://lists.mailscanner.info/mailman/listinfo/mailscanner UxBoD> Before posting, read http://wiki.mailscanner.info/posting UxBoD> Support MailScanner development - buy the book off the website! UxBoD> -- UxBoD> This message has been scanned for viruses and UxBoD> dangerous content by MailScanner, and is UxBoD> believed to be clean. UxBoD> -- UxBoD> This message has been scanned for viruses and UxBoD> dangerous content by MailScanner, and is UxBoD> believed to be clean. -- Best regards, Jason Gottschalk mailto:Jason@SYO.Com SYO Computer Engineering Services, Inc. 586-286-2557 From hvdkooij at vanderkooij.org Mon Oct 8 14:56:43 2007 From: hvdkooij at vanderkooij.org (hvdkooij@vanderkooij.org) Date: Mon Oct 8 14:57:06 2007 Subject: Can't figure out why we are getting so much spam. In-Reply-To: <226196360.20071008083305@SYO.Com> References: <1528590582.20071007225719@SYO.Com> <31226381.181191817677628.JavaMail.root@office.splatnix.net> <226196360.20071008083305@SYO.Com> Message-ID: <470A371B.7040103@vanderkooij.org> Jason Gottschalk wrote: > Hello UxBoD, > > Do you want the whole file? including the other domains? > > I am running it in debug mode now, but it doesn't show much. > > It just says that it is generating hash with the input of: and then it > shows the to: and the message id and a 10 digit number If you know the moment you seem to have more SPAM passing then match that against your changes. Hugo. PS: Would you be kind enough to trim your postings? It saves the mailinglist a lot and everyone else some SMTP bandwidth. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. From uxbod at splatnix.net Mon Oct 8 15:14:44 2007 From: uxbod at splatnix.net (UxBoD) Date: Mon Oct 8 15:23:50 2007 Subject: Can't figure out why we are getting so much spam. In-Reply-To: <226196360.20071008083305@SYO.Com> Message-ID: <7408107.1351191852884753.JavaMail.root@office.splatnix.net> Jason, I do believe something in your ruleset is triggering the W/L. Could you test by moving the whitelist ruleset out of the way ? Perhaps save one of those messages and run it manually through SA in debug mode. May I ask why there are so many entries in your whitelist ? IIRC you have the SA score set to 3. Why not just increase that and drop some of the W/L entries. IMHO. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Mon Oct 8 16:03:06 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Oct 8 16:03:27 2007 Subject: Can't figure out why we are getting so much spam. In-Reply-To: <1257432678.20071007101933@SYO.Com> References: <1257432678.20071007101933@SYO.Com> Message-ID: <470A46AA.3000608@evi-inc.com> Jason Gottschalk wrote: > Hello mailscanner, > > > The amount of spam we are getting has really grown in the last few > weeks, from 2 or 3 per day to dozens per hour. > > Any help would be appreciated. > > Here is an example: (and it certainly is NOT in my whitelist!:) > > Return-path: > Envelope-to: jason@syo.com Are you sure that: From *@syo.com yes is not in your spam.whitelist.rules? Note that from a MailScanner perspective this message was from and to jason@syo.com, despite the body-text From: header containing: From: "Jacob E. Henry" From mikael at syska.dk Mon Oct 8 17:06:16 2007 From: mikael at syska.dk (Mikael Syska) Date: Mon Oct 8 17:06:25 2007 Subject: ms, sanesecurity, clamd and freebsd Message-ID: <470A5578.3090002@syska.dk> Hi, Maybe someone on this list can help ... System: FreeBSD 7.0-current MailScanner-4.62.9 postfix-2.4.5,1 p5-Mail-SpamAssassin-3.2.3 http://www.sanesecurity.co.uk/clamav/usage.htm Just downloaded the: http://www.sanesecurity.co.uk/clamav/UpdateSaneSecurity.txt Renamed to "sanesecurity" and changed the bash path in the top, since under freebsd its under "/usr/local/bin/bash" When running: "./sanesecurity" I get the following: sed: 1: "s/\/$//; s/^.*loading d ...": bad flag in substitute command: 'i' And then I'm lost ... just wandered if some one here maybe could tell me if the "sed" command is different on FreeBSD or maybe someone using it on freebsd with no problems .... ? mvh Mikael Syska From Jason at SYO.Com Mon Oct 8 17:33:35 2007 From: Jason at SYO.Com (Jason Gottschalk) Date: Mon Oct 8 17:29:48 2007 Subject: Can't figure out why we are getting so much spam. In-Reply-To: <470A46AA.3000608@evi-inc.com> References: <1257432678.20071007101933@SYO.Com> <470A46AA.3000608@evi-inc.com> Message-ID: <328318142.20071008123335@SYO.Com> Hello Matt, I did find way at the end of the whitelist file: To: *@* and From: *@syo.com yes I've removed it, we should know shortly..... Monday, October 8, 2007, 11:03:06 AM, you wrote: Matt> Jason Gottschalk wrote: >> Hello mailscanner, >> >> >> The amount of spam we are getting has really grown in the last few >> weeks, from 2 or 3 per day to dozens per hour. >> >> Any help would be appreciated. >> >> Here is an example: (and it certainly is NOT in my whitelist!:) >> >> Return-path: >> Envelope-to: jason@syo.com Matt> Are you sure that: Matt> From *@syo.com yes Matt> is not in your spam.whitelist.rules? Matt> Note that from a MailScanner perspective this message was from and to Matt> jason@syo.com, despite the body-text From: header containing: Matt> From: "Jacob E. Henry" -- Best regards, Jason Gottschalk mailto:Jason@SYO.Com SYO Computer Engineering Services, Inc. 586-286-2557 From shuttlebox at gmail.com Mon Oct 8 18:18:22 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Oct 8 18:18:25 2007 Subject: Can't figure out why we are getting so much spam. In-Reply-To: <328318142.20071008123335@SYO.Com> References: <1257432678.20071007101933@SYO.Com> <470A46AA.3000608@evi-inc.com> <328318142.20071008123335@SYO.Com> Message-ID: <625385e30710081018ne87b3d9r4953c8349935482d@mail.gmail.com> On 10/8/07, Jason Gottschalk wrote: > Hello Matt, > > I did find way at the end of the whitelist file: > > To: *@* and From: *@syo.com yes > > I've removed it, we should know shortly..... When you want to whitelist mail from yourself you should use ip addresses, not so easy to fake. -- /peter From uxbod at splatnix.net Mon Oct 8 18:46:33 2007 From: uxbod at splatnix.net (UxBoD) Date: Mon Oct 8 18:55:35 2007 Subject: ms, sanesecurity, clamd and freebsd In-Reply-To: <470A5578.3090002@syska.dk> Message-ID: <29229750.1981191865593074.JavaMail.root@office.splatnix.net> How did you download it ? Just make sure no characters have been transformed when you dragged it down. If done via a browser, try using wget to the URL. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Mikael Syska" To: "MailScanner discussion" Sent: Monday, October 8, 2007 4:06:16 PM (GMT) Africa/Casablanca Subject: ms, sanesecurity, clamd and freebsd Hi, Maybe someone on this list can help ... System: FreeBSD 7.0-current MailScanner-4.62.9 postfix-2.4.5,1 p5-Mail-SpamAssassin-3.2.3 http://www.sanesecurity.co.uk/clamav/usage.htm Just downloaded the: http://www.sanesecurity.co.uk/clamav/UpdateSaneSecurity.txt Renamed to "sanesecurity" and changed the bash path in the top, since under freebsd its under "/usr/local/bin/bash" When running: "./sanesecurity" I get the following: sed: 1: "s/\/$//; s/^.*loading d ...": bad flag in substitute command: 'i' And then I'm lost ... just wandered if some one here maybe could tell me if the "sed" command is different on FreeBSD or maybe someone using it on freebsd with no problems .... ? mvh Mikael Syska -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From list-mailscanner at linguaphone.com Mon Oct 8 19:15:04 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Oct 8 19:15:09 2007 Subject: Patch to detect spf +all (assistance requested) Message-ID: Been working with someone to create a patch and additional rule for the spamassassin SPF plugin so that it can detect SPF entries with '+all' which a lot of spammers now appear to be using. You can get the current patch from the URL below. However this only works with mail::SPF::Query and doesn't work with mail::SPF. Is anyone able to give some assistance in getting this working? If we do then the plugin author is willing to accept the patch. http://www.freespamfilter.org/forum/viewtopic.php?p=4600 Thanks From mikael at syska.dk Mon Oct 8 19:28:29 2007 From: mikael at syska.dk (Mikael Syska) Date: Mon Oct 8 19:28:40 2007 Subject: ms, sanesecurity, clamd and freebsd In-Reply-To: <29229750.1981191865593074.JavaMail.root@office.splatnix.net> References: <29229750.1981191865593074.JavaMail.root@office.splatnix.net> Message-ID: <470A76CD.60303@syska.dk> Hi, Used wget to fetch it from the URL .... There does not seem to be anything odd in the file ... so I'm totally lost about what it might be. Hopefully someone using freebsd also will report back if they got the same problem. // ouT UxBoD wrote: > How did you download it ? Just make sure no characters have been transformed when you dragged it down. If done via a browser, try using wget to the URL. > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > From: "Mikael Syska" > To: "MailScanner discussion" > Sent: Monday, October 8, 2007 4:06:16 PM (GMT) Africa/Casablanca > Subject: ms, sanesecurity, clamd and freebsd > > Hi, > > Maybe someone on this list can help ... > > System: > FreeBSD 7.0-current > MailScanner-4.62.9 > postfix-2.4.5,1 > p5-Mail-SpamAssassin-3.2.3 > > http://www.sanesecurity.co.uk/clamav/usage.htm > > Just downloaded the: > http://www.sanesecurity.co.uk/clamav/UpdateSaneSecurity.txt > > Renamed to "sanesecurity" and changed the bash path in the top, since > under freebsd its under "/usr/local/bin/bash" > > When running: "./sanesecurity" > I get the following: > sed: 1: "s/\/$//; s/^.*loading d ...": bad flag in substitute command: 'i' > > And then I'm lost ... just wandered if some one here maybe could tell me > if the "sed" command is different on FreeBSD or maybe someone using it > on freebsd with no problems .... ? > > mvh > Mikael Syska > From uxbod at splatnix.net Mon Oct 8 19:25:40 2007 From: uxbod at splatnix.net (UxBoD) Date: Mon Oct 8 19:34:42 2007 Subject: Patch to detect spf +all (assistance requested) In-Reply-To: Message-ID: <17975322.2041191867940675.JavaMail.root@office.splatnix.net> If this is SA specific would it be better directed to the SA list ? A lot of us are on it aswell. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Gareth" To: mailscanner@lists.mailscanner.info Sent: Monday, October 8, 2007 6:15:04 PM (GMT) Africa/Casablanca Subject: Patch to detect spf +all (assistance requested) Been working with someone to create a patch and additional rule for the spamassassin SPF plugin so that it can detect SPF entries with '+all' which a lot of spammers now appear to be using. You can get the current patch from the URL below. However this only works with mail::SPF::Query and doesn't work with mail::SPF. Is anyone able to give some assistance in getting this working? If we do then the plugin author is willing to accept the patch. http://www.freespamfilter.org/forum/viewtopic.php?p=4600 Thanks -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Mon Oct 8 19:36:58 2007 From: uxbod at splatnix.net (UxBoD) Date: Mon Oct 8 19:46:09 2007 Subject: ms, sanesecurity, clamd and freebsd In-Reply-To: <470A76CD.60303@syska.dk> Message-ID: <13074502.2071191868618460.JavaMail.root@office.splatnix.net> instead of diaging the whole script, copy just that line into your own and pass the text through it. easier to isolate then. sorry, on Gentoo Linux. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From list-mailscanner at linguaphone.com Mon Oct 8 19:48:03 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Oct 8 19:48:09 2007 Subject: Patch to detect spf +all (assistance requested) In-Reply-To: <17975322.2041191867940675.JavaMail.root@office.splatnix.net> Message-ID: Yes but I thought I would try here first. Its generally a much friendlier list :) > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of UxBoD > Sent: 08 October 2007 19:26 > To: MailScanner discussion > Subject: Re: Patch to detect spf +all (assistance requested) > > > If this is SA specific would it be better directed to the SA list > ? A lot of us are on it aswell. > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > From: "Gareth" > To: mailscanner@lists.mailscanner.info > Sent: Monday, October 8, 2007 6:15:04 PM (GMT) Africa/Casablanca > Subject: Patch to detect spf +all (assistance requested) > > Been working with someone to create a patch and additional rule for the > spamassassin SPF plugin so that it can detect SPF entries with > '+all' which > a lot of spammers now appear to be using. > > You can get the current patch from the URL below. However this only works > with mail::SPF::Query and doesn't work with mail::SPF. Is anyone able to > give some assistance in getting this working? > If we do then the plugin author is willing to accept the patch. > > http://www.freespamfilter.org/forum/viewtopic.php?p=4600 > > Thanks > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From r.berber at computer.org Mon Oct 8 20:40:06 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Mon Oct 8 20:49:06 2007 Subject: ms, sanesecurity, clamd and freebsd In-Reply-To: <470A5578.3090002@syska.dk> References: <470A5578.3090002@syska.dk> Message-ID: Mikael Syska wrote: [snip] > I get the following: > sed: 1: "s/\/$//; s/^.*loading d ...": bad flag in substitute command: 'i' > > And then I'm lost ... just wandered if some one here maybe could tell me > if the "sed" command is different on FreeBSD or maybe someone using it > on freebsd with no problems .... ? Yes sed is different, GNU's sed does accept the -i option, other older versions of sed (which I have in Solaris) don't. There are at least 2 options: - Install GNU sed; - Change the script from sed to perl. perl also has a -i option so the equivalent of what I see above would be: perl -pi -e "s/\/$//; s/^.*loading d ..." -- Ren? Berber From ssilva at sgvwater.com Mon Oct 8 20:47:51 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Oct 8 20:58:34 2007 Subject: Patch to detect spf +all (assistance requested) In-Reply-To: References: <17975322.2041191867940675.JavaMail.root@office.splatnix.net> Message-ID: on 10/8/2007 11:48 AM Gareth spake the following: > Yes but I thought I would try here first. Its generally a much friendlier list :) > There have been some in the past that have thought otherwise... ;-D -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From dstraka at caspercollege.edu Mon Oct 8 21:15:07 2007 From: dstraka at caspercollege.edu (Dan Straka) Date: Mon Oct 8 21:15:34 2007 Subject: Will whitelisting a domain allow a password protected attachment through? References: <470A3A52020000000001E027@gw.caspercollege.edu> <470A3B6B020000000001E02E@gw.caspercollege.edu> Message-ID: <470A3B6B.61A4.0000.0@caspercollege.edu> A user is receiving password protected .xls files which is being interpreted as and "Infected message" by MailScanner. Can I simply whitelist the senders domain in /etc/MailScanner/rules/spam.whitelist.rules to allow the files through? -- Dan Straka Systems Coordinator Casper College 307.268.2399 From mikael at syska.dk Mon Oct 8 21:23:03 2007 From: mikael at syska.dk (Mikael Syska) Date: Mon Oct 8 21:23:14 2007 Subject: ms, sanesecurity, clamd and freebsd In-Reply-To: References: <470A5578.3090002@syska.dk> Message-ID: <470A91A7.2030006@syska.dk> Hi, Thanks for the reply. Ren? Berber wrote: > Mikael Syska wrote: > > [snip] > >> I get the following: >> sed: 1: "s/\/$//; s/^.*loading d ...": bad flag in substitute command: 'i' >> >> And then I'm lost ... just wandered if some one here maybe could tell me >> if the "sed" command is different on FreeBSD or maybe someone using it >> on freebsd with no problems .... ? >> > > Yes sed is different, GNU's sed does accept the -i option, other older versions > of sed (which I have in Solaris) don't. > > There are at least 2 options: > > - Install GNU sed; > - Change the script from sed to perl. perl also has a -i option so the > equivalent of what I see above would be: > > perl -pi -e "s/\/$//; s/^.*loading d ..." > The whole line would be this then: clam_db_dir=`"$clamscan" --debug "$test_file" 2>&1 | \ sed -ne 's/\/$//; s/^.*loading databases from \(.*\)$/\1/ip' | head -1` If you could translate that, I would be very happy. Maybe other freebsd users have the same problem. I will then mail the author of the script, maybe he can check if its the GNU version that is being used ... and then use perl to fetch it. best regards Mikael Syska From mkettler at evi-inc.com Mon Oct 8 21:51:32 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Oct 8 21:51:48 2007 Subject: Will whitelisting a domain allow a password protected attachment through? In-Reply-To: <470A3B6B.61A4.0000.0@caspercollege.edu> References: <470A3A52020000000001E027@gw.caspercollege.edu> <470A3B6B020000000001E02E@gw.caspercollege.edu> <470A3B6B.61A4.0000.0@caspercollege.edu> Message-ID: <470A9854.9010005@evi-inc.com> Dan Straka wrote: > A user is receiving password protected .xls files which is being interpreted as and "Infected message" by MailScanner. Can I simply whitelist the senders domain in /etc/MailScanner/rules/spam.whitelist.rules to allow the files through? No, because virus checks have nothing to do with spam checks.. You'd have to be more specific about what MailScanner has to say about the infection before we could tell you how to fix it. From rcooper at dwford.com Mon Oct 8 23:23:57 2007 From: rcooper at dwford.com (Rick Cooper) Date: Mon Oct 8 23:24:07 2007 Subject: ms, sanesecurity, clamd and freebsd In-Reply-To: <470A91A7.2030006@syska.dk> References: <470A5578.3090002@syska.dk> <470A91A7.2030006@syska.dk> Message-ID: <010501c809f9$eb833390$0301a8c0@SAHOMELT> Or you can just remove the offending /i. It's not valid in MAC or FreeBSD and I removed it from the script I was maintaining in July. Clam_Db_Dir=`${clamscan} --debug $tmp_dir/test.file 2>&1 | grep -m 1 -i -E \ 'loading databases from.*clamav\/?$'| sed "s/.*oading databases from //"` Works fine and it's os dependant Rick > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Mikael Syska > Sent: Monday, October 08, 2007 4:23 PM > To: MailScanner discussion > Subject: Re: ms, sanesecurity, clamd and freebsd > > Hi, > > Thanks for the reply. > > Ren? Berber wrote: > > Mikael Syska wrote: > > > > [snip] > > > >> I get the following: > >> sed: 1: "s/\/$//; s/^.*loading d ...": bad flag in > substitute command: 'i' > >> > >> And then I'm lost ... just wandered if some one here > maybe could tell me > >> if the "sed" command is different on FreeBSD or maybe > someone using it > >> on freebsd with no problems .... ? > >> > > > > Yes sed is different, GNU's sed does accept the -i option, > other older versions > > of sed (which I have in Solaris) don't. > > > > There are at least 2 options: > > > > - Install GNU sed; > > - Change the script from sed to perl. perl also has a -i > option so the > > equivalent of what I see above would be: > > > > perl -pi -e "s/\/$//; s/^.*loading d ..." > > > The whole line would be this then: > clam_db_dir=`"$clamscan" --debug "$test_file" 2>&1 | \ > sed -ne 's/\/$//; s/^.*loading databases from > \(.*\)$/\1/ip' | head -1` > > If you could translate that, I would be very happy. Maybe > other freebsd > users have the same problem. > > I will then mail the author of the script, maybe he can > check if its the > GNU version that is being used ... and then use perl to fetch it. > > best regards > Mikael Syska > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Kevin_Miller at ci.juneau.ak.us Mon Oct 8 23:32:58 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Oct 8 23:32:24 2007 Subject: Will whitelisting a domain allow a password protectedattachment through? In-Reply-To: <470A3B6B.61A4.0000.0@caspercollege.edu> References: <470A3A52020000000001E027@gw.caspercollege.edu><470A3B6B020000000001E02E@gw.caspercollege.edu> <470A3B6B.61A4.0000.0@caspercollege.edu> Message-ID: Dan Straka wrote: > A user is receiving password protected .xls files which is being > interpreted as and "Infected message" by MailScanner. Can I simply > whitelist the senders domain in > /etc/MailScanner/rules/spam.whitelist.rules to allow the files > through? Check your settings in MailScanner.conf. You can explicitly allow/disallow password archives. If they're disallowed, the returned message says something about virus detected - can't recall the exact message and too lazy to look it up - but long story short the message is a bit of a misnomer. There may or may not actually be a virus. It's just that built in messages in MailScanner fall into two categories: spam and virus. It's sorta confusing to the recipient, but makes it sense in that one (most likely) disallows password protected archives to protect from viruses. If the virus scanner can't open the archive, it can't scan the contents, and thus a virus can be slipped in. HTH... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From r.berber at computer.org Mon Oct 8 23:51:12 2007 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Mon Oct 8 23:56:32 2007 Subject: ms, sanesecurity, clamd and freebsd In-Reply-To: <470A91A7.2030006@syska.dk> References: <470A5578.3090002@syska.dk> <470A91A7.2030006@syska.dk> Message-ID: Mikael Syska wrote: > Thanks for the reply. > > Ren? Berber wrote: >> Mikael Syska wrote: >> >> [snip] >> >>> I get the following: >>> sed: 1: "s/\/$//; s/^.*loading d ...": bad flag in substitute >>> command: 'i' >>> >>> And then I'm lost ... just wandered if some one here maybe could tell me >>> if the "sed" command is different on FreeBSD or maybe someone using it >>> on freebsd with no problems .... ? >>> >> >> Yes sed is different, GNU's sed does accept the -i option, other older >> versions >> of sed (which I have in Solaris) don't. >> >> There are at least 2 options: >> >> - Install GNU sed; >> - Change the script from sed to perl. perl also has a -i option so the >> equivalent of what I see above would be: >> >> perl -pi -e "s/\/$//; s/^.*loading d ..." >> > The whole line would be this then: > clam_db_dir=`"$clamscan" --debug "$test_file" 2>&1 | \ > sed -ne 's/\/$//; s/^.*loading databases from > \(.*\)$/\1/ip' | head -1` Oh oh, it's not the -i parameter (edit file in place) its an i (for case insensitive) at the end... forget what I said about old sed and the equivalent in perl. Looking at info sed it says it is a GNU extension. > If you could translate that, I would be very happy. Maybe other freebsd > users have the same problem. > > I will then mail the author of the script, maybe he can check if its the > GNU version that is being used ... and then use perl to fetch it. This works with regular sed: clam_db_dir=`"$clamscan" --debug "$test_file" 2>&1 | \ sed -ne 's/\/$//; s/^.*oading databases from\(.*\)$/\1/p' | head -1` Since only the L in loading is capitalized in the output, getting rid of the i flag and that letter does the job. -- Ren? Berber From mikael at syska.dk Tue Oct 9 00:32:49 2007 From: mikael at syska.dk (Mikael Syska) Date: Tue Oct 9 00:33:01 2007 Subject: ms, sanesecurity, clamd and freebsd In-Reply-To: References: <470A5578.3090002@syska.dk> <470A91A7.2030006@syska.dk> Message-ID: <470ABE21.1040701@syska.dk> Hi, Thanks for the help both ... Ren? Berber wrote: > This works with regular sed: > > clam_db_dir=`"$clamscan" --debug "$test_file" 2>&1 | \ > sed -ne 's/\/$//; s/^.*oading databases from\(.*\)$/\1/p' | head -1` > > Since only the L in loading is capitalized in the output, getting rid of the i > flag and that letter does the job. > Well, I just hardcoded the path now ... there seem to be some problems with a traling " " space infront of the path ... like " /var/db/clamav" Its now downloading fine ... but there seem to be some problems importing the signatures ... havent search the web yet, as I'm on the way to bet now, just wanted to say thanks for the help ... very apriciated. Output from the log: Oct 9 01:28:22 spam02 sanesecurity[97025]: Error executing command <<>>, exit status: 50, output: <<>> Oct 9 01:28:22 spam02 sanesecurity[97031]: ClamAV had a problem using '/tmp/sanesecurity.XXXXXXXX.mfr7015O/MSRBL-SPAM.hdb' (exit status: 50). Oct 9 01:28:22 spam02 sanesecurity[97037]: We will NOT install '/tmp/sanesecurity.XXXXXXXX.mfr7015O/MSRBL-SPAM.hdb' into the database directory. Oct 9 01:28:22 spam02 sanesecurity[97045]: Preserving the corrupt file as '/var/db/clamav/MSRBL-SPAM.hdb.bad' for you to check. see you guys later to day ... // ouT From mikael at syska.dk Tue Oct 9 00:47:11 2007 From: mikael at syska.dk (Mikael Syska) Date: Tue Oct 9 00:47:25 2007 Subject: ms, sanesecurity, clamd and freebsd In-Reply-To: <470ABE21.1040701@syska.dk> References: <470A5578.3090002@syska.dk> <470A91A7.2030006@syska.dk> <470ABE21.1040701@syska.dk> Message-ID: <470AC17F.3080709@syska.dk> Mikael Syska wrote: > Hi, > > Thanks for the help both ... > > Ren? Berber wrote: >> This works with regular sed: >> >> clam_db_dir=`"$clamscan" --debug "$test_file" 2>&1 | \ >> sed -ne 's/\/$//; s/^.*oading databases >> from\(.*\)$/\1/p' | head -1` >> >> Since only the L in loading is capitalized in the output, getting rid >> of the i >> flag and that letter does the job. >> > > Well, I just hardcoded the path now ... there seem to be some problems > with a traling " " space infront of the path ... like " /var/db/clamav" > > Its now downloading fine ... but there seem to be some problems > importing the signatures ... havent search the web yet, as I'm on the > way to bet now, just wanted to say thanks for the help ... very > apriciated. > > Output from the log: > Oct 9 01:28:22 spam02 sanesecurity[97025]: Error executing command > << /tmp/sanesecurity.XXXXXXXX.mfr7015O/MSRBL-SPAM.hdb > /tmp/sanesecurity.XXXXXXXX.mfr7015O/test.file>>>, exit status: 50, > output: << (109)\nLibClamAV Error: cli_loadhdb: Malformed MD5 string at line > 1\nLibClamAV Error: cli_loadhdb: Problem parsing database at line > 1\nLibClamAV Error: Can't load > /tmp/sanesecurity.XXXXXXXX.mfr7015O/MSRBL-SPAM.hdb: Malformed > database\nERROR: Malformed database>>> > Oct 9 01:28:22 spam02 sanesecurity[97031]: ClamAV had a problem using > '/tmp/sanesecurity.XXXXXXXX.mfr7015O/MSRBL-SPAM.hdb' (exit status: 50). > Oct 9 01:28:22 spam02 sanesecurity[97037]: We will NOT install > '/tmp/sanesecurity.XXXXXXXX.mfr7015O/MSRBL-SPAM.hdb' into the database > directory. > Oct 9 01:28:22 spam02 sanesecurity[97045]: Preserving the corrupt > file as '/var/db/clamav/MSRBL-SPAM.hdb.bad' for you to check. > > see you guys later to day ... > > // ouT this seems to be a problem with the MSRBL-SPAM .... Seem to catch both "scams" and "Phishing" signatures from the site: http://www.sanesecurity.co.uk/clamav/usage.htm So i'm a happy now ... the other problem will probebly fix it self later ... Just need to turn on, so mail marked with "clamav" does not get scanned to save some CPU power ... // ouT From Jason at SYO.Com Tue Oct 9 02:35:59 2007 From: Jason at SYO.Com (Jason Gottschalk) Date: Tue Oct 9 02:32:10 2007 Subject: Where do I look for errors? Message-ID: <108397276.20071008213559@SYO.Com> Hello MailScanner, I have a user that gets "Deferred: Connection Refused by staffcos.com" when they send mail to one of the addresses at that domain, they can send to other addresses without any problems. I have looked at all the log files I can find, I see no evidence the message in question ever made it to our server. Mailscanner show no record of it. But if I go to the sender's PC and send the message myself, the error certainly comes back. First a warning after four hours, then a failure at 5 hours. Is there a log file I might be missing? I've looked at maillog, exim_mainlog, exim_paniclog and exim_rejectlog. Help????? -- Best regards, Jason Gottschalk mailto:Jason@SYO.Com SYO Computer Engineering Services, Inc. SYO - Servicing Your Organization 586-286-2557 From alex at nkpanama.com Tue Oct 9 03:07:16 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Oct 9 03:07:35 2007 Subject: Patch to detect spf +all (assistance requested) In-Reply-To: References: <17975322.2041191867940675.JavaMail.root@office.splatnix.net> Message-ID: <470AE254.1060802@nkpanama.com> Scott Silva wrote: > on 10/8/2007 11:48 AM Gareth spake the following: >> Yes but I thought I would try here first. Its generally a much >> friendlier list :) >> > There have been some in the past that have thought otherwise... ;-D > > And there's Vietsev Enema too... ;-) From masoumeh at ipm.ir Tue Oct 9 06:31:35 2007 From: masoumeh at ipm.ir (Masoumeh Izadi) Date: Tue Oct 9 06:33:06 2007 Subject: MailScanner quarantine my healthy file Message-ID: <20071009053136.M94937@ipm.ir> Hi; I use MailScanner on Fedora6 with sendmail for mail server. Yesterday I was waiting to receive an important email with an attachment.unfortunately they send it as zip attachment and MailScanner quarantine it. now I want to restore it, but I didn't know how? In /var/spool/MailScanner/quarantine/20071006/ID of messages thereis no zip file.It a file that its name is message. Any suggestions? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Tue Oct 9 07:40:21 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Oct 9 07:40:26 2007 Subject: MailScanner quarantine my healthy file In-Reply-To: <20071009053136.M94937@ipm.ir> References: <20071009053136.M94937@ipm.ir> Message-ID: <625385e30710082340t196b0686wfe336231758b287e@mail.gmail.com> On 10/9/07, Masoumeh Izadi wrote: > Hi; > I use MailScanner on Fedora6 with sendmail for mail server. Yesterday I was > waiting to receive an important email with an attachment.unfortunately they > send it as zip attachment and MailScanner quarantine it. now I want to > restore it, but I didn't know how? > In /var/spool/MailScanner/quarantine/20071006/ID of messages thereis no zip > file.It a file that its name is message. > > Any suggestions? http://wiki.mailscanner.info/doku.php?id=maq:index#quarantine_management -- /peter From w.kranenborg at am-impact.nl Tue Oct 9 08:52:27 2007 From: w.kranenborg at am-impact.nl (A&M ImpacT [W. Kranenborg]) Date: Tue Oct 9 08:49:22 2007 Subject: Attachments not being recognized by mailscanner Message-ID: Dear mailscanner users, We have a 64-bit server with mailscanner 4.46.2, spamassassin 3.1.3 and sendmail 8.13.5. We have a problem with this set-up and we don't know the reason. The problem is that mailscanner doesn't recognize some attachments so the binary code of the attachments is shown in the body of the message. Spamassassin detects a lot of strange characters and gives it a very high score so the message is marked as spam. An example message: ------------------------------------- Here is the body of the message with nothing strange in it. begin 666 pakbon haven Ningbo.JPG M_]C_X `02D9)1@`!`0$!+ $L``#_X0?P17AI9@``24DJ``@````'`!(!`P`! M`````0```!H!!0`!````8@```!L!!0`!````:@```"@!`P`!`````@```#$! M`@`4````<@```#(!`@`4````A@```&F'! `!````F@```,0````L`0```0`` M`"P!```!````061O8F4@4&AO=&]S:&]P(# References: Message-ID: <470B399E.5080206@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Set Find UU-Encoded Files = yes in MailScanner.conf. A&M ImpacT [W. Kranenborg] wrote: > Dear mailscanner users, > > We have a 64-bit server with mailscanner 4.46.2, spamassassin 3.1.3 and > sendmail 8.13.5. > > We have a problem with this set-up and we don't know the reason. The > problem is that mailscanner doesn't recognize some attachments so the > binary code of the attachments is shown in the body of the message. > Spamassassin detects a lot of strange characters and gives it a very > high score so the message is marked as spam. > An example message: > > ------------------------------------- > > Here is the body of the message with nothing strange in it. > > begin 666 pakbon haven Ningbo.JPG > M_]C_X `02D9)1@`!`0$!+ $L``#_X0?P17AI9@``24DJ``@````'`!(!`P`! > M`````0```!H!!0`!````8@```!L!!0`!````:@```"@!`P`!`````@```#$! > M`@`4````<@```#(!`@`4````A@```&F'! `!````F@```,0````L`0```0`` > M`"P!```!````061O8F4@4&AO=&]S:&]P(# M.C(X``,``: #``$```#__P```J $``$````@`P```Z $``$```!+`@`````` > M``8``P$#``$````&````&@$%``$````2`0``&P$%``$````:`0``* $#``$` > M```"`````0($``$````B`0```@($``$```#&!@```````$@````!````2 `` > M``$```#_V/_@`!!*1DE&``$"`0!(`$@``/_M``Q!9&]B95]#30`"_^X`#D%D > M;V)E`&2 `````?_;`(0`# @(" D(# D)#!$+"@L1%0\,# \5&!,3%1,3&!$, > M# P,# P1# P,# P,# P,# P,# P,# P,# P,# P,# P,# $-"PL-#@T0#@X0 > > This goes on a bit until we get this: > > M6***`"BBB@`HHHH`****`"BBB@`HHHH`****`"BBB@`HHHH`****`"BBB@`H > MHHH`****`"BBB@`HHHH`****`"BBB@`HHHH`****`"BBB@`HHHH`****`"BB > MB@`HHHH`****`"BBB@`HHHH`****`"BBB@`HHHH`****`"BBB@`HHHH`**** > M`"BBB@`IJEB6RN #A3D'<,#YN.G/:G44`%%%% !1110`4444`%%%% !1110` > I4444`%%%4M2ED@T^]FB8I+%:SR1N,':Z1LRL`05." <$$'H010!__]D` > ` > end > > ------------------------------------- > > Does anyone have any solutions for this very strange problem because > when I send this message to my own email-adres the client recognizes the > .JPG and shows it as an attachment but mailscanner doesn't. > > Hope to hear from you soon. > > Kind regards, > Wessel Kranenborg > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHCzmeEfZZRxQVtlQRArRUAJ40l6CcydEKOtYmev2haPAQW5Eh1wCfUW6o hbZyUe8ItP9xJAa3CPs33V0= =FOi8 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From w.kranenborg at am-impact.nl Tue Oct 9 09:36:43 2007 From: w.kranenborg at am-impact.nl (A&M ImpacT [W. Kranenborg]) Date: Tue Oct 9 09:33:42 2007 Subject: Attachments not being recognized by mailscanner References: <470B399E.5080206@ecs.soton.ac.uk> Message-ID: The option "Find UU-Encoded Files" is added in mailscanner 4.50 and we user 4.46.2(http://packages.ubuntu.com/dapper/mail/mailscanner is the version we use) see the changelog: http://lists.mailscanner.info/pipermail/mailscanner-announce/2006-Februa ry/000003.html - - Added UU-decoder to automatically extract files from attachments that were stored in uu-encoded form. This behaves similarly to the zip and rar decoders. The virus scanners should check inside these files for themselves anyway, but this assists them when they do not. It also allows for filename and filetype checking of files stored in uu-encoded attachments. - - Added configuration option "Find UU-Encoded Files" to set whether uu-encoded files are decoded or not. These files are very rarely used, and the overhead of finding them is fairly large as it involves reading all existing attachments looking for the signature of them. So the default is to not look for them. A ruleset can be used to protect particularly vulnerable recipients or senders. Is there any other solution or do we have to upgrade? Kind regards, Wessel Kranenborg > -----Oorspronkelijk bericht----- > Van: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] Namens Julian Field > Verzonden: dinsdag 9 oktober 2007 10:20 > Aan: MailScanner discussion > Onderwerp: Re: Attachments not being recognized by mailscanner > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Set > Find UU-Encoded Files = yes > in MailScanner.conf. > > A&M ImpacT [W. Kranenborg] wrote: > > Dear mailscanner users, > > > > We have a 64-bit server with mailscanner 4.46.2, spamassassin 3.1.3 and > > sendmail 8.13.5. > > > > We have a problem with this set-up and we don't know the reason. The > > problem is that mailscanner doesn't recognize some attachments so the > > binary code of the attachments is shown in the body of the message. > > Spamassassin detects a lot of strange characters and gives it a very > > high score so the message is marked as spam. > > An example message: > > > > ------------------------------------- > > > > Here is the body of the message with nothing strange in it. > > > > begin 666 pakbon haven Ningbo.JPG > > M_]C_X `02D9)1@`!`0$!+ $L``#_X0?P17AI9@``24DJ``@````'`!(!`P`! > > M`````0```!H!!0`!````8@```!L!!0`!````:@```"@!`P`!`````@```#$! > > M`@`4````<@```#(!`@`4````A@```&F'! `!````F@```,0````L`0```0`` > > M`"P!```!````061O8F4@4&AO=&]S:&]P(# > M.C(X``,``: #``$```#__P```J $``$````@`P```Z $``$```!+`@`````` > > M``8``P$#``$````&````&@$%``$````2`0``&P$%``$````:`0``* $#``$` > > M```"`````0($``$````B`0```@($``$```#&!@```````$@````!````2 `` > > M``$```#_V/_@`!!*1DE&``$"`0!(`$@``/_M``Q!9&]B95]#30`"_^X`#D%D > > M;V)E`&2 `````?_;`(0`# @(" D(# D)#!$+"@L1%0\,# \5&!,3%1,3&!$, > > M# P,# P1# P,# P,# P,# P,# P,# P,# P,# P,# P,# $-"PL-#@T0#@X0 > > > > This goes on a bit until we get this: > > > > M6***`"BBB@`HHHH`****`"BBB@`HHHH`****`"BBB@`HHHH`****`"BBB@`H > > MHHH`****`"BBB@`HHHH`****`"BBB@`HHHH`****`"BBB@`HHHH`****`"BB > > MB@`HHHH`****`"BBB@`HHHH`****`"BBB@`HHHH`****`"BBB@`HHHH`**** > > M`"BBB@`IJEB6RN #A3D'<,#YN.G/:G44`%%%% !1110`4444`%%%% !1110` > > I4444`%%%4M2ED@T^]FB8I+%:SR1N,':Z1LRL`05." <$$'H010!__]D` > > ` > > end > > > > ------------------------------------- > > > > Does anyone have any solutions for this very strange problem because > > when I send this message to my own email-adres the client recognizes the > > .JPG and shows it as an attachment but mailscanner doesn't. > > > > Hope to hear from you soon. > > > > Kind regards, > > Wessel Kranenborg > > > > > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.3 (Build 3017) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFHCzmeEfZZRxQVtlQRArRUAJ40l6CcydEKOtYmev2haPAQW5Eh1wCfUW6o > hbZyUe8ItP9xJAa3CPs33V0= > =FOi8 > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From list-mailscanner at linguaphone.com Tue Oct 9 09:36:32 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue Oct 9 09:36:46 2007 Subject: update_virus_scanners not finding clamavmodule Message-ID: <1191918992.23082.7.camel@gblades-suse.linguaphone-intranet.co.uk> The update_virus_scanners broke after an upgrade last month. Virus scanning is still working but the update script is not finding clamavmodule. The virus scanners conf file contains :- clamav /usr/lib/MailScanner/clamav-wrapper /usr/local/bin clamd /bin/false /usr/local/bin clamavmodule /bin/false /tmp clamav is installed in /usr/local/bin From shuttlebox at gmail.com Tue Oct 9 09:59:21 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Oct 9 09:59:24 2007 Subject: update_virus_scanners not finding clamavmodule In-Reply-To: <1191918992.23082.7.camel@gblades-suse.linguaphone-intranet.co.uk> References: <1191918992.23082.7.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <625385e30710090159q74621b12n74433a56f371c67b@mail.gmail.com> On 10/9/07, Gareth wrote: > The update_virus_scanners broke after an upgrade last month. Virus > scanning is still working but the update script is not finding > clamavmodule. > > The virus scanners conf file contains :- > > clamav /usr/lib/MailScanner/clamav-wrapper /usr/local/bin > clamd /bin/false /usr/local/bin > clamavmodule /bin/false /tmp > > clamav is installed in /usr/local/bin Does it help to remove bin from the paths? From virus.scanners.conf file: # 3. Installation directory of virus scanner. This does not usually include # any "bin" directory in the path to the scanner program itself. -- /peter From list-mailscanner at linguaphone.com Tue Oct 9 10:04:41 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue Oct 9 10:04:57 2007 Subject: update_virus_scanners not finding clamavmodule In-Reply-To: <625385e30710090159q74621b12n74433a56f371c67b@mail.gmail.com> References: <1191918992.23082.7.camel@gblades-suse.linguaphone-intranet.co.uk> <625385e30710090159q74621b12n74433a56f371c67b@mail.gmail.com> Message-ID: <1191920681.23083.9.camel@gblades-suse.linguaphone-intranet.co.uk> Yes that fixed it thanks. On Tue, 2007-10-09 at 09:59, shuttlebox wrote: > On 10/9/07, Gareth wrote: > > The update_virus_scanners broke after an upgrade last month. Virus > > scanning is still working but the update script is not finding > > clamavmodule. > > > > The virus scanners conf file contains :- > > > > clamav /usr/lib/MailScanner/clamav-wrapper /usr/local/bin > > clamd /bin/false /usr/local/bin > > clamavmodule /bin/false /tmp > > > > clamav is installed in /usr/local/bin > > Does it help to remove bin from the paths? From virus.scanners.conf file: > > # 3. Installation directory of virus scanner. This does not usually include > # any "bin" directory in the path to the scanner program itself. > > -- > /peter From hvdkooij at vanderkooij.org Tue Oct 9 10:49:47 2007 From: hvdkooij at vanderkooij.org (hvdkooij@vanderkooij.org) Date: Tue Oct 9 10:50:19 2007 Subject: Where do I look for errors? In-Reply-To: <108397276.20071008213559@SYO.Com> References: <108397276.20071008213559@SYO.Com> Message-ID: <470B4EBB.7040406@vanderkooij.org> Jason Gottschalk wrote: > Hello MailScanner, > > I have a user that gets "Deferred: Connection Refused by > staffcos.com" when they send mail to one of the addresses at that > domain, they can send to other addresses without any problems. > > I have looked at all the log files I can find, I see no evidence > the message in question ever made it to our server. Mailscanner show > no record of it. But if I go to the sender's PC and send the message > myself, the error certainly comes back. > > First a warning after four hours, then a failure at 5 hours. > > Is there a log file I might be missing? I've looked at maillog, > exim_mainlog, exim_paniclog and exim_rejectlog. Forget log files. Use tcpdump and track SMTP sessions. You know which SMTP server you expect to deliver the message. So you can filter accordingly. Even just filtering ALL SMTP traffic for a minute or 2 when you fire a message should tell you if the message even comes close to your server or not. And check DNS info on the sending server. It might not be what you expect. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. From hvdkooij at vanderkooij.org Tue Oct 9 10:56:58 2007 From: hvdkooij at vanderkooij.org (hvdkooij@vanderkooij.org) Date: Tue Oct 9 10:57:20 2007 Subject: Attachments not being recognized by mailscanner In-Reply-To: References: <470B399E.5080206@ecs.soton.ac.uk> Message-ID: <470B506A.902@vanderkooij.org> A&M ImpacT [W. Kranenborg] wrote: > The option "Find UU-Encoded Files" is added in mailscanner 4.50 and we > user 4.46.2(http://packages.ubuntu.com/dapper/mail/mailscanner is the > version we use) see the changelog: > http://lists.mailscanner.info/pipermail/mailscanner-announce/2006-Februa > ry/000003.html ..... > Is there any other solution or do we have to upgrade? "Disable MailScanner" is the other option. You are very strongly encuraged NOT to follow packagers who do not keep up-to-date with important developments. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. From sandro at e-den.it Tue Oct 9 11:14:10 2007 From: sandro at e-den.it (Sandro Dentella) Date: Tue Oct 9 11:47:30 2007 Subject: optimisation hints required & broken links on wiki Message-ID: <20071009101410.GA18717@ubuntu> Hi, I 'inherited' in these days a mailserver in which there are huge delays. I need to optimize but reading the wiki I discovered some relevant links are broken, namely: How to run a DCC: http://www.mailscanner.info/serve/cache/312.html Bayes growing out of control http://www.mailscanner.info/serve/cache/317.html How to manually train SpamAssassin: http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/98.html I'd appreciate any hint on how to get to those pages. In the meanwhile I'like to better understand where I should concentrate to get a more responsive server. Main problem is that often the queue goes higher that 5000 messages and some messages are delivered after 1 hour and even more. My hardware setup should be quite fast: * dual xeon 3GB server - 4GB RAM around 50.000 mail/day concentrated in * working time postfix on debian sarge - mailscanner 4.57.6 DNS is local * (named from bind9) load average is normally low (1-4) cpu around 4% Max Unscanned Messages Per Scan = 10 Max Unsafe Messages Per Scan = 10 Spam List = ORDB-RBL in this moment average time is high: Batch (10 messages) processed in 51.55 seconds Batch (12 messages) processed in 57.42 seconds Batch (13 messages) processed in 46.37 seconds Batch (14 messages) processed in 52.74 seconds Batch (11 messages) processed in 46.81 seconds Batch (12 messages) processed in 48.57 seconds Batch (10 messages) processed in 29.24 seconds Batch (12 messages) processed in 42.29 seconds Batch (14 messages) processed in 36.74 seconds Batch (10 messages) processed in 35.31 seconds Batch (12 messages) processed in 41.79 seconds Batch (10 messages) processed in 42.96 seconds and later: Batch (12 messages) processed in 119.03 seconds Batch (12 messages) processed in 113.34 seconds Batch (12 messages) processed in 144.11 seconds Batch (10 messages) processed in 142.57 seconds Batch (10 messages) processed in 148.63 seconds Batch (13 messages) processed in 120.17 seconds Batch (13 messages) processed in 109.28 seconds Batch (11 messages) processed in 152.12 seconds Batch (10 messages) processed in 226.92 seconds compared with what stated in the wiki (below 3 seconds) Is there a way to understand how is time spent? According to ps ax, MailScanner is mainly busy with SpamAssassin 9030 ? S 0:08 MailScanner: checking with SpamAssassin I'd really appreciate any hint / document to read. This situation is becoming more and more important to me... Tanks a lot in advance sandro *:-) From list-mailscanner at linguaphone.com Tue Oct 9 12:06:46 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue Oct 9 12:07:05 2007 Subject: optimisation hints required & broken links on wiki In-Reply-To: <20071009101410.GA18717@ubuntu> References: <20071009101410.GA18717@ubuntu> Message-ID: <1191928006.23074.15.camel@gblades-suse.linguaphone-intranet.co.uk> What is your setting for 'Max Children' in MailScanner.conf? Given your processor and amount of RAM it should be set to no more than 10. Are you using clamav? If you are use clamavmodule or clamd. Clamav method loads the signatures for each batch which takes longer. Clamav 0.90 has a bug causing it to take a long time loading the signatures aswell. What version of spamassassin are you running? On Tue, 2007-10-09 at 11:14, Sandro Dentella wrote: > Hi, > > I 'inherited' in these days a mailserver in which there are huge delays. I > need to optimize but reading the wiki I discovered some relevant links are > broken, namely: > > How to run a DCC: > http://www.mailscanner.info/serve/cache/312.html > > Bayes growing out of control > http://www.mailscanner.info/serve/cache/317.html > > How to manually train SpamAssassin: > http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/98.html > > I'd appreciate any hint on how to get to those pages. > > > In the meanwhile I'like to better understand where I should concentrate to > get a more responsive server. Main problem is that often the queue goes > higher that 5000 messages and some messages are delivered after 1 hour and > even more. > > My hardware setup should be quite fast: > > * dual xeon 3GB server - 4GB RAM around 50.000 mail/day concentrated in > * working time postfix on debian sarge - mailscanner 4.57.6 DNS is local > * (named from bind9) load average is normally low (1-4) cpu around 4% > > > Max Unscanned Messages Per Scan = 10 > Max Unsafe Messages Per Scan = 10 > Spam List = ORDB-RBL > > in this moment average time is high: > > Batch (10 messages) processed in 51.55 seconds > Batch (12 messages) processed in 57.42 seconds > Batch (13 messages) processed in 46.37 seconds > Batch (14 messages) processed in 52.74 seconds > Batch (11 messages) processed in 46.81 seconds > Batch (12 messages) processed in 48.57 seconds > Batch (10 messages) processed in 29.24 seconds > Batch (12 messages) processed in 42.29 seconds > Batch (14 messages) processed in 36.74 seconds > Batch (10 messages) processed in 35.31 seconds > Batch (12 messages) processed in 41.79 seconds > Batch (10 messages) processed in 42.96 seconds > > and later: > > Batch (12 messages) processed in 119.03 seconds > Batch (12 messages) processed in 113.34 seconds > Batch (12 messages) processed in 144.11 seconds > Batch (10 messages) processed in 142.57 seconds > Batch (10 messages) processed in 148.63 seconds > Batch (13 messages) processed in 120.17 seconds > Batch (13 messages) processed in 109.28 seconds > Batch (11 messages) processed in 152.12 seconds > Batch (10 messages) processed in 226.92 seconds > > compared with what stated in the wiki (below 3 seconds) > Is there a way to understand how is time spent? > > > According to ps ax, MailScanner is mainly busy with > SpamAssassin > > 9030 ? S 0:08 MailScanner: checking with SpamAssassin > > I'd really appreciate any hint / document to read. This situation is > becoming more and more important to me... > > Tanks a lot in advance > sandro > *:-) From glenn.steen at gmail.com Tue Oct 9 12:17:57 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Oct 9 12:17:58 2007 Subject: optimisation hints required & broken links on wiki In-Reply-To: <20071009101410.GA18717@ubuntu> References: <20071009101410.GA18717@ubuntu> Message-ID: <223f97700710090417h2c502051uf08241866f84a390@mail.gmail.com> On 09/10/2007, Sandro Dentella wrote: (snip) > Spam List = ORDB-RBL > ORDB is dead since a while back, remove it (a blank setting is OK:-), restart MailScanner ... and perhaps things will start speeding up. Ref: http://www.cyberciti.biz/tips/ordborg-rbl-anti-spam-service-going-offline.html Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From prandal at herefordshire.gov.uk Tue Oct 9 12:24:29 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Oct 9 12:24:39 2007 Subject: optimisation hints required & broken links on wiki In-Reply-To: <20071009101410.GA18717@ubuntu> References: <20071009101410.GA18717@ubuntu> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA01BEB482@HC-MBX02.herefordshire.gov.uk> I think you'll find that the ordb rbl is long dead. Remove it and see if that helps. Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Sandro Dentella > Sent: 09 October 2007 11:14 > To: mailscanner@lists.mailscanner.info > Cc: Giulio Patisso > Subject: optimisation hints required & broken links on wiki > > Hi, > > I 'inherited' in these days a mailserver in which there are > huge delays. I > need to optimize but reading the wiki I discovered some > relevant links are > broken, namely: > > How to run a DCC: > http://www.mailscanner.info/serve/cache/312.html > > Bayes growing out of control > http://www.mailscanner.info/serve/cache/317.html > > How to manually train SpamAssassin: > http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/98.html > > I'd appreciate any hint on how to get to those pages. > > > In the meanwhile I'like to better understand where I should > concentrate to > get a more responsive server. Main problem is that often > the queue goes > higher that 5000 messages and some messages are delivered > after 1 hour and > even more. > > My hardware setup should be quite fast: > > * dual xeon 3GB server - 4GB RAM around 50.000 mail/day > concentrated in > * working time postfix on debian sarge - mailscanner 4.57.6 > DNS is local > * (named from bind9) load average is normally low (1-4) cpu > around 4% > > > Max Unscanned Messages Per Scan = 10 > Max Unsafe Messages Per Scan = 10 > Spam List = ORDB-RBL > > in this moment average time is high: > > Batch (10 messages) processed in 51.55 seconds > Batch (12 messages) processed in 57.42 seconds > Batch (13 messages) processed in 46.37 seconds > Batch (14 messages) processed in 52.74 seconds > Batch (11 messages) processed in 46.81 seconds > Batch (12 messages) processed in 48.57 seconds > Batch (10 messages) processed in 29.24 seconds > Batch (12 messages) processed in 42.29 seconds > Batch (14 messages) processed in 36.74 seconds > Batch (10 messages) processed in 35.31 seconds > Batch (12 messages) processed in 41.79 seconds > Batch (10 messages) processed in 42.96 seconds > > and later: > > Batch (12 messages) processed in 119.03 seconds > Batch (12 messages) processed in 113.34 seconds > Batch (12 messages) processed in 144.11 seconds > Batch (10 messages) processed in 142.57 seconds > Batch (10 messages) processed in 148.63 seconds > Batch (13 messages) processed in 120.17 seconds > Batch (13 messages) processed in 109.28 seconds > Batch (11 messages) processed in 152.12 seconds > Batch (10 messages) processed in 226.92 seconds > > compared with what stated in the wiki (below 3 seconds) > Is there a way to understand how is time spent? > > > According to ps ax, MailScanner is mainly busy with > SpamAssassin > > 9030 ? S 0:08 MailScanner: checking with SpamAssassin > > I'd really appreciate any hint / document to read. This situation is > becoming more and more important to me... > > Tanks a lot in advance > sandro > *:-) > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From help at intuitiveisp.com Tue Oct 9 18:14:30 2007 From: help at intuitiveisp.com (jason lingnau) Date: Tue Oct 9 18:14:47 2007 Subject: filter stops Message-ID: <06043FE6-ADB0-4F2C-833F-44909CBC5ACB@intuitiveisp.com> Hi all, cheers Jules! running nuonce BQ machine(s) and this has been the deal with all of them. At some point our filters drop.( currenly the case see below)...mail still gets sent as sendmail must not wait forever to hear back from MS. My ( newbie ) self thinks spamassassitn in the culprit. My question- how do I tell where this event is occurring. CentOS release 4.4 This is MailScanner version 4.56.8 SpamAssassin version 3.1.7 Clamav rev ? ( from clam-sa combo install) ps aux root 11381 0.0 1.7 25040 18092 ? Ss Oct07 0:00 MailScanner: master waiting for children, sleeping root 11382 0.0 6.5 72556 66732 ? S Oct07 0:10 MailScanner: waiting for messages root 11395 0.0 6.3 70384 64564 ? S Oct07 0:09 MailScanner: waiting for messages root 11400 0.0 6.3 70860 64664 ? S Oct07 0:08 MailScanner: waiting for messages root 11410 0.0 6.3 70540 64864 ? S Oct07 0:08 MailScanner: waiting for messages root 11420 0.0 6.1 70808 62116 ? S Oct07 0:09 MailScanner: waiting for messages jason intuitiveisp From martinh at solidstatelogic.com Tue Oct 9 18:31:24 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Oct 9 18:31:30 2007 Subject: Where do I look for errors? In-Reply-To: <108397276.20071008213559@SYO.Com> Message-ID: Jason This is the MTA nothing to do with Mailscanner - have you implementing greylisting or similar? Sounds like the 'PC' is actually trying to send via it's own MTA... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jason Gottschalk > Sent: 09 October 2007 02:36 > To: MailScanner discussion > Subject: Where do I look for errors? > > Hello MailScanner, > > I have a user that gets "Deferred: Connection Refused by > staffcos.com" when they send mail to one of the addresses at that > domain, they can send to other addresses without any problems. > > I have looked at all the log files I can find, I see no evidence > the message in question ever made it to our server. Mailscanner show > no record of it. But if I go to the sender's PC and send the message > myself, the error certainly comes back. > > First a warning after four hours, then a failure at 5 hours. > > Is there a log file I might be missing? I've looked at maillog, > exim_mainlog, exim_paniclog and exim_rejectlog. > > Help????? > > -- > > Best regards, > > Jason Gottschalk mailto:Jason@SYO.Com > SYO Computer Engineering Services, Inc. > SYO - Servicing Your Organization > 586-286-2557 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From uxbod at splatnix.net Tue Oct 9 18:23:24 2007 From: uxbod at splatnix.net (UxBoD) Date: Tue Oct 9 18:33:32 2007 Subject: filter stops In-Reply-To: <06043FE6-ADB0-4F2C-833F-44909CBC5ACB@intuitiveisp.com> Message-ID: <15189231.3441191950604041.JavaMail.root@office.splatnix.net> Have you tried running MS in debug mode ? Stop all MS processes and then run MailScanner --debug Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "jason lingnau" To: "MailScanner discussion" Sent: Tuesday, October 9, 2007 5:14:30 PM (GMT) Africa/Casablanca Subject: filter stops Hi all, cheers Jules! running nuonce BQ machine(s) and this has been the deal with all of them. At some point our filters drop.( currenly the case see below)...mail still gets sent as sendmail must not wait forever to hear back from MS. My ( newbie ) self thinks spamassassitn in the culprit. My question- how do I tell where this event is occurring. CentOS release 4.4 This is MailScanner version 4.56.8 SpamAssassin version 3.1.7 Clamav rev ? ( from clam-sa combo install) ps aux root 11381 0.0 1.7 25040 18092 ? Ss Oct07 0:00 MailScanner: master waiting for children, sleeping root 11382 0.0 6.5 72556 66732 ? S Oct07 0:10 MailScanner: waiting for messages root 11395 0.0 6.3 70384 64564 ? S Oct07 0:09 MailScanner: waiting for messages root 11400 0.0 6.3 70860 64664 ? S Oct07 0:08 MailScanner: waiting for messages root 11410 0.0 6.3 70540 64864 ? S Oct07 0:08 MailScanner: waiting for messages root 11420 0.0 6.1 70808 62116 ? S Oct07 0:09 MailScanner: waiting for messages jason intuitiveisp -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Richard.Frovarp at sendit.nodak.edu Tue Oct 9 18:57:03 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Tue Oct 9 18:57:08 2007 Subject: filter stops In-Reply-To: <06043FE6-ADB0-4F2C-833F-44909CBC5ACB@intuitiveisp.com> References: <06043FE6-ADB0-4F2C-833F-44909CBC5ACB@intuitiveisp.com> Message-ID: <470BC0EF.5030909@sendit.nodak.edu> jason lingnau wrote: > Hi all, cheers Jules! > > running nuonce BQ machine(s) and this has been the deal with all of them. > At some point our filters drop.( currenly the case see below)...mail > still gets sent as sendmail must not wait forever to hear back from MS. > My ( newbie ) self thinks spamassassitn in the culprit. > > My question- how do I tell where this event is occurring. > > CentOS release 4.4 > This is MailScanner version 4.56.8 > SpamAssassin version 3.1.7 > Clamav rev ? ( from clam-sa combo install) > > ps aux > root 11381 0.0 1.7 25040 18092 ? Ss Oct07 0:00 > MailScanner: master waiting for children, sleeping > root 11382 0.0 6.5 72556 66732 ? S Oct07 0:10 > MailScanner: waiting for messages > root 11395 0.0 6.3 70384 64564 ? S Oct07 0:09 > MailScanner: waiting for messages > root 11400 0.0 6.3 70860 64664 ? S Oct07 0:08 > MailScanner: waiting for messages > root 11410 0.0 6.3 70540 64864 ? S Oct07 0:08 > MailScanner: waiting for messages > root 11420 0.0 6.1 70808 62116 ? S Oct07 0:09 > MailScanner: waiting for messages > > jason > intuitiveisp Sendmail doesn't wait to hear back from MS. It simply puts it in an incoming queue for MS which then will place it in the outgoing queue for sendmail to pick back up again. I would guess that you have the default sendmail running. MS will start up its own set of sendmail processes with the correct settings. If you shutdown MS and sendmail is still running and passing messages through, this is your problem. From martinh at solidstatelogic.com Tue Oct 9 19:09:44 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Oct 9 19:09:48 2007 Subject: optimisation hints required & broken links on wiki In-Reply-To: <20071009101410.GA18717@ubuntu> Message-ID: <56d5287ad267b44e8d332450572dc531@solidstatelogic.com> SAndro Have a look in the wiki (wiki.mailscanner.info) for upto date info. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Sandro Dentella > Sent: 09 October 2007 11:14 > To: mailscanner@lists.mailscanner.info > Cc: Giulio Patisso > Subject: optimisation hints required & broken links on wiki > > Hi, > > I 'inherited' in these days a mailserver in which there are huge delays. > I > need to optimize but reading the wiki I discovered some relevant links > are > broken, namely: > > How to run a DCC: > http://www.mailscanner.info/serve/cache/312.html > > Bayes growing out of control > http://www.mailscanner.info/serve/cache/317.html > > How to manually train SpamAssassin: > http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/98.html > > I'd appreciate any hint on how to get to those pages. > > > In the meanwhile I'like to better understand where I should concentrate > to > get a more responsive server. Main problem is that often the queue goes > higher that 5000 messages and some messages are delivered after 1 hour > and > even more. > > My hardware setup should be quite fast: > > * dual xeon 3GB server - 4GB RAM around 50.000 mail/day concentrated in > * working time postfix on debian sarge - mailscanner 4.57.6 DNS is local > * (named from bind9) load average is normally low (1-4) cpu around 4% > > > Max Unscanned Messages Per Scan = 10 > Max Unsafe Messages Per Scan = 10 > Spam List = ORDB-RBL > > in this moment average time is high: > > Batch (10 messages) processed in 51.55 seconds > Batch (12 messages) processed in 57.42 seconds > Batch (13 messages) processed in 46.37 seconds > Batch (14 messages) processed in 52.74 seconds > Batch (11 messages) processed in 46.81 seconds > Batch (12 messages) processed in 48.57 seconds > Batch (10 messages) processed in 29.24 seconds > Batch (12 messages) processed in 42.29 seconds > Batch (14 messages) processed in 36.74 seconds > Batch (10 messages) processed in 35.31 seconds > Batch (12 messages) processed in 41.79 seconds > Batch (10 messages) processed in 42.96 seconds > > and later: > > Batch (12 messages) processed in 119.03 seconds > Batch (12 messages) processed in 113.34 seconds > Batch (12 messages) processed in 144.11 seconds > Batch (10 messages) processed in 142.57 seconds > Batch (10 messages) processed in 148.63 seconds > Batch (13 messages) processed in 120.17 seconds > Batch (13 messages) processed in 109.28 seconds > Batch (11 messages) processed in 152.12 seconds > Batch (10 messages) processed in 226.92 seconds > > compared with what stated in the wiki (below 3 seconds) > Is there a way to understand how is time spent? > > > According to ps ax, MailScanner is mainly busy with > SpamAssassin > > 9030 ? S 0:08 MailScanner: checking with SpamAssassin > > I'd really appreciate any hint / document to read. This situation is > becoming more and more important to me... > > Tanks a lot in advance > sandro > *:-) > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From help at intuitiveisp.com Tue Oct 9 20:04:17 2007 From: help at intuitiveisp.com (jason lingnau) Date: Tue Oct 9 20:04:28 2007 Subject: filter stops In-Reply-To: <470BC0EF.5030909@sendit.nodak.edu> References: <06043FE6-ADB0-4F2C-833F-44909CBC5ACB@intuitiveisp.com> <470BC0EF.5030909@sendit.nodak.edu> Message-ID: On Oct 9, 2007, at 10:57 AM, Richard Frovarp wrote: > jason lingnau wrote: >> Hi all, cheers Jules! >> >> running nuonce BQ machine(s) and this has been the deal with all >> of them. >> At some point our filters drop.( currenly the case see >> below)...mail still gets sent as sendmail must not wait forever to >> hear back from MS. >> My ( newbie ) self thinks spamassassitn in the culprit. >> >> My question- how do I tell where this event is occurring. >> >> CentOS release 4.4 >> This is MailScanner version 4.56.8 >> SpamAssassin version 3.1.7 >> Clamav rev ? ( from clam-sa combo install) >> >> ps aux >> root 11381 0.0 1.7 25040 18092 ? Ss Oct07 0:00 >> MailScanner: master waiting for children, sleeping >> root 11382 0.0 6.5 72556 66732 ? S Oct07 0:10 >> MailScanner: waiting for messages >> root 11395 0.0 6.3 70384 64564 ? S Oct07 0:09 >> MailScanner: waiting for messages >> root 11400 0.0 6.3 70860 64664 ? S Oct07 0:08 >> MailScanner: waiting for messages >> root 11410 0.0 6.3 70540 64864 ? S Oct07 0:08 >> MailScanner: waiting for messages >> root 11420 0.0 6.1 70808 62116 ? S Oct07 0:09 >> MailScanner: waiting for messages >> >> jason >> intuitiveisp > Sendmail doesn't wait to hear back from MS. It simply puts it in an > incoming queue for MS which then will place it in the outgoing > queue for sendmail to pick back up again. I would guess that you > have the default sendmail running. MS will start up its own set of > sendmail processes with the correct settings. If you shutdown MS > and sendmail is still running and passing messages through, this is > your problem. No second sendmail, If I manually stop MS all mail stops being delivered ( and there is plenty in all ques if sendmail were still active. However you are correct , when Im alerted that the filter is off (no SA/MS signing) Mail does continue to flow. I hate running in debug mode for something like this as it wont happen for 2 days....Ill try my hand at sending debug to a file and scouring though it at the next breaking point. Thank you! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From nwp at nz.lemon-computing.com Tue Oct 9 21:59:01 2007 From: nwp at nz.lemon-computing.com (Nick Phillips) Date: Tue Oct 9 21:57:03 2007 Subject: rejected commands from localhost due to pre-greeting traffic In-Reply-To: <4709DCFB.7070107@openenterprise.ca> References: <47097AE2.4010104@openenterprise.ca><1787502942-1191804028-cardhu_decombobulator_blackberry.rim.net-920865539-@bxe122.bisx.prod.on.blackberry><470984C8.10309@openenterprise.ca> <882238850-1191807382-cardhu_decombobulator_blackberry.rim.net-1943669039-@bxe122.bisx.prod.on.blackberry> <47098BA6.2020404@openenterprise.ca> <4709DBA5.9050003@fsl.com> <4709DCFB.7070107@openenterprise.ca> Message-ID: On 8/10/2007, at 8:32 PM, Johnny Stork wrote: > No nagios running, but I do run a zabbix client but it is currently > not being used for any smtp or other mail ports. Its is also a > fresh, clean install of Centos 5, and is currently accepting mail > on port 25. Thats the only port connecting to that server from the > internet You sure zabbix isn't doing it? Even if it's not being used to trigger alerts, it can still be doing the checks ("items"). Cheers, Nick From mikael at syska.dk Wed Oct 10 10:10:20 2007 From: mikael at syska.dk (mikael@syska.dk) Date: Wed Oct 10 10:10:24 2007 Subject: Dont spam scna, if its a virus Message-ID: <33681.130.225.184.24.1192007420.squirrel@mail.syska.dk> Hi, I thinking of disabling spam scan on messages, if they contain viruses as I have just installed the "sanesecurity" ... scam and phising signatures Many of the messages score 30+ ... and are also marked as virus, so also scanning seems to be waste of time .... But how do I do that in MailScanner, I must be missing some very simple, cause IIRC there was a post about this a few month ago ... Also ... if this is a bad idea to do ... please tell. // ouT From ja at conviator.com Wed Oct 10 10:10:07 2007 From: ja at conviator.com (Jan Agermose) Date: Wed Oct 10 10:11:04 2007 Subject: mail char encoding Message-ID: <6B59FCF2EFD0334A8147A1BB463F111E02DCE636@mail-17ps.atlarge.net> Im having some problems with danish special chars that are sometimes "changed" during the scanning process. I've prob. set the wrong char encoding of the server or something. Im sure I read somewhere to set something like this, but now I cannot find it anywhere. Running centos4.5, installed mailscanner using rpm. Regards Jan From prandal at herefordshire.gov.uk Wed Oct 10 10:30:52 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Oct 10 10:31:02 2007 Subject: Dont spam scna, if its a virus In-Reply-To: <33681.130.225.184.24.1192007420.squirrel@mail.syska.dk> References: <33681.130.225.184.24.1192007420.squirrel@mail.syska.dk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA01BEB5DB@HC-MBX02.herefordshire.gov.uk> I think it's a bad idea. If they are scoring that highly then they'll be training Bayes so that new variants of this malware are likely to be marked as spam, even before virus patterns are available. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of mikael@syska.dk > Sent: 10 October 2007 10:10 > To: mailscanner@lists.mailscanner.info > Subject: Dont spam scna, if its a virus > > Hi, > > I thinking of disabling spam scan on messages, if they > contain viruses as > I have just installed the "sanesecurity" ... scam and phising > signatures > > Many of the messages score 30+ ... and are also marked as > virus, so also > scanning seems to be waste of time .... > > But how do I do that in MailScanner, I must be missing some > very simple, > cause IIRC there was a post about this a few month ago ... > > Also ... if this is a bad idea to do ... please tell. > > // ouT > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From mikael at syska.dk Wed Oct 10 12:01:43 2007 From: mikael at syska.dk (Mikael Syska) Date: Wed Oct 10 12:02:03 2007 Subject: Dont spam scan, if its a virus In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA01BEB5DB@HC-MBX02.herefordshire.gov.uk> References: <33681.130.225.184.24.1192007420.squirrel@mail.syska.dk> <7EF0EE5CB3B263488C8C18823239BEBA01BEB5DB@HC-MBX02.herefordshire.gov.uk> Message-ID: <470CB117.10105@syska.dk> Hi, You are probebly right ... but if the loads get too high, I guess this could be a option. Also just wandered if people were doing something like this ... for some reasons ... like the one above, or maybe for some other reasons, please let me know // ouT Randal, Phil wrote: > I think it's a bad idea. > > If they are scoring that highly then they'll be training Bayes so that > new variants of this malware are likely to be marked as spam, even > before virus patterns are available. > > Cheers, > > Phil > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of mikael@syska.dk >> Sent: 10 October 2007 10:10 >> To: mailscanner@lists.mailscanner.info >> Subject: Dont spam scna, if its a virus >> >> Hi, >> >> I thinking of disabling spam scan on messages, if they >> contain viruses as >> I have just installed the "sanesecurity" ... scam and phising >> signatures >> >> Many of the messages score 30+ ... and are also marked as >> virus, so also >> scanning seems to be waste of time .... >> >> But how do I do that in MailScanner, I must be missing some >> very simple, >> cause IIRC there was a post about this a few month ago ... >> >> Also ... if this is a bad idea to do ... please tell. >> >> // ouT >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> From shuttlebox at gmail.com Wed Oct 10 12:31:07 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Oct 10 12:31:09 2007 Subject: Dont spam scna, if its a virus In-Reply-To: <33681.130.225.184.24.1192007420.squirrel@mail.syska.dk> References: <33681.130.225.184.24.1192007420.squirrel@mail.syska.dk> Message-ID: <625385e30710100431g216d7775x7768fa394169b11b@mail.gmail.com> On 10/10/07, mikael@syska.dk wrote: > I thinking of disabling spam scan on messages, if they contain viruses as > I have just installed the "sanesecurity" ... scam and phising signatures The spam checks are done before the virus checks. > Many of the messages score 30+ ... and are also marked as virus, so also > scanning seems to be waste of time .... If the mail is not to be delivered due to the result of the spam check it will not be virus checked. That is, if you don't use deliver/forward as spam actions and you don't have "Keep Spam And MCP Archive Clean" set to yes. -- /peter From hvdkooij at vanderkooij.org Wed Oct 10 12:55:54 2007 From: hvdkooij at vanderkooij.org (hvdkooij@vanderkooij.org) Date: Wed Oct 10 12:56:15 2007 Subject: Dont spam scan, if its a virus In-Reply-To: <470CB117.10105@syska.dk> References: <33681.130.225.184.24.1192007420.squirrel@mail.syska.dk> <7EF0EE5CB3B263488C8C18823239BEBA01BEB5DB@HC-MBX02.herefordshire.gov.uk> <470CB117.10105@syska.dk> Message-ID: <470CBDCA.4060000@vanderkooij.org> Mikael Syska wrote: > Hi, > > You are probebly right ... but if the loads get too high, I guess this > could be a option. If you fear your load will be too high you need to reduce the load by other means. RBL's can be part of that strategy. Even simple pattern matches in the MTA may serve you well. Dropping extra signatures from ClamAV and let ClamAV concentrate on the virus half and let SA do the Spam part woud be another way. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. From mikael at syska.dk Wed Oct 10 14:08:09 2007 From: mikael at syska.dk (Mikael Syska) Date: Wed Oct 10 14:08:30 2007 Subject: Dont spam scan, if its a virus In-Reply-To: <470CBDCA.4060000@vanderkooij.org> References: <33681.130.225.184.24.1192007420.squirrel@mail.syska.dk> <7EF0EE5CB3B263488C8C18823239BEBA01BEB5DB@HC-MBX02.herefordshire.gov.uk> <470CB117.10105@syska.dk> <470CBDCA.4060000@vanderkooij.org> Message-ID: <470CCEB9.7040202@syska.dk> Hi, hvdkooij@vanderkooij.org wrote: > Mikael Syska wrote: > >> Hi, >> >> You are probebly right ... but if the loads get too high, I guess this >> could be a option. >> > > If you fear your load will be too high you need to reduce the load by > other means. RBL's can be part of that strategy. Even simple pattern > matches in the MTA may serve you well. > > Dropping extra signatures from ClamAV and let ClamAV concentrate on the > virus half and let SA do the Spam part woud be another way. > > Hugo. > Maybe you are right ... not that the load is high at the moment, but I guess in the future it could raise even more, so it would be a god idea to know what could be done. thanks. I will keep it this way for now. // ouT From MailScanner at ecs.soton.ac.uk Wed Oct 10 16:38:00 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 10 16:38:24 2007 Subject: Dont spam scan, if its a virus In-Reply-To: <470CCEB9.7040202@syska.dk> References: <33681.130.225.184.24.1192007420.squirrel@mail.syska.dk> <7EF0EE5CB3B263488C8C18823239BEBA01BEB5DB@HC-MBX02.herefordshire.gov.uk> <470CB117.10105@syska.dk> <470CBDCA.4060000@vanderkooij.org> <470CCEB9.7040202@syska.dk> Message-ID: <470CF1D8.3030802@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mikael Syska wrote: > Hi, > > hvdkooij@vanderkooij.org wrote: >> Mikael Syska wrote: >> >>> Hi, >>> >>> You are probebly right ... but if the loads get too high, I guess this >>> could be a option. >>> >> >> If you fear your load will be too high you need to reduce the load by >> other means. RBL's can be part of that strategy. Even simple pattern >> matches in the MTA may serve you well. >> >> Dropping extra signatures from ClamAV and let ClamAV concentrate on the >> virus half and let SA do the Spam part woud be another way. >> >> Hugo. >> > Maybe you are right ... not that the load is high at the moment, but I > guess in the future it could raise even more, so it would be a god > idea to know what could be done. thanks. > > I will keep it this way for now. Remember that only about 1% (or less) of your mail is virus-infected, compared to 85%-90% spam. So not spam-scanning virus-infected messages makes pretty much no discernible difference in performance. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHDPHmEfZZRxQVtlQRAsq7AKCldYMi8RwuuB5l6J9uTag5VVYM6gCbB1OR DDU8ncWlWHMHvcYaKIIP6ng= =h+DL -----END PGP SIGNATURE----- From ugob at lubik.ca Wed Oct 10 20:04:45 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Wed Oct 10 20:08:38 2007 Subject: filter stops In-Reply-To: <06043FE6-ADB0-4F2C-833F-44909CBC5ACB@intuitiveisp.com> References: <06043FE6-ADB0-4F2C-833F-44909CBC5ACB@intuitiveisp.com> Message-ID: jason lingnau wrote: > Hi all, cheers Jules! > > running nuonce BQ machine(s) and this has been the deal with all of them. > At some point our filters drop.( currenly the case see below)...mail > still gets sent as sendmail must not wait forever to hear back from MS. > My ( newbie ) self thinks spamassassitn in the culprit. > > My question- how do I tell where this event is occurring. > > CentOS release 4.4 > This is MailScanner version 4.56.8 > SpamAssassin version 3.1.7 > Clamav rev ? ( from clam-sa combo install) > > ps aux > root 11381 0.0 1.7 25040 18092 ? Ss Oct07 0:00 > MailScanner: master waiting for children, sleeping > root 11382 0.0 6.5 72556 66732 ? S Oct07 0:10 > MailScanner: waiting for messages > root 11395 0.0 6.3 70384 64564 ? S Oct07 0:09 > MailScanner: waiting for messages > root 11400 0.0 6.3 70860 64664 ? S Oct07 0:08 > MailScanner: waiting for messages > root 11410 0.0 6.3 70540 64864 ? S Oct07 0:08 > MailScanner: waiting for messages > root 11420 0.0 6.1 70808 62116 ? S Oct07 0:09 > MailScanner: waiting for messages Anything in the logs? Ugo From lists at sequestered.net Wed Oct 10 23:21:28 2007 From: lists at sequestered.net (Jay Chandler) Date: Wed Oct 10 23:21:25 2007 Subject: Running as a Milter? Message-ID: <470D5068.2050708@sequestered.net> Now that Postfix supports a milter interface, has anyone had any luck getting MailScanner to run in-line so it can reject during the SMTP conversation? -- Jay Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: doppler effect From ssilva at sgvwater.com Wed Oct 10 23:37:05 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 10 23:37:29 2007 Subject: Running as a Milter? In-Reply-To: <470D5068.2050708@sequestered.net> References: <470D5068.2050708@sequestered.net> Message-ID: on 10/10/2007 3:21 PM Jay Chandler spake the following: > Now that Postfix supports a milter interface, has anyone had any luck > getting MailScanner to run in-line so it can reject during the SMTP > conversation? MailScanner doesn't work that way. It isn't a milter. If you want to reject inline, there are milters that will do that. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From jan-peter at koopmann.eu Thu Oct 11 00:05:43 2007 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Thu Oct 11 00:04:42 2007 Subject: sa-compile question Message-ID: Hi guys, I am a bit confused about what files are used by spamassassin with compiled rules. sa-compile creates "/var/db/spamassassin/compiled/3.002000/bases_body_0.pl" but spamassassin -D says "using compiled ruleset in /var/db/spamassassin/compiled/3.002000/Mail/SpamAssassin/CompiledRegexps /body_0.pm". I can see no reference to the freshly compiled bases_body_0.pl anywhere in spamassassin -D. What am I missing? Kind regards, JP -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071011/c1806001/attachment.html From lists at sequestered.net Thu Oct 11 02:01:51 2007 From: lists at sequestered.net (Jay Chandler) Date: Thu Oct 11 02:01:47 2007 Subject: Running as a Milter? In-Reply-To: References: <470D5068.2050708@sequestered.net> Message-ID: <470D75FF.8020208@sequestered.net> Scott Silva wrote: > on 10/10/2007 3:21 PM Jay Chandler spake the following: >> Now that Postfix supports a milter interface, has anyone had any luck >> getting MailScanner to run in-line so it can reject during the SMTP >> conversation? > MailScanner doesn't work that way. It isn't a milter. If you want to > reject inline, there are milters that will do that. > Yeah, that's a bit unfortunate. I was under the impression that using a milter might have been an interesting direction to go in as far as getting MailScanner to run inline. Unfortunately, I'm as close to being a developer as I am to being a nuclear physicist, so I'm probably not the man to do it... -- Jay Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: doppler effect From hvdkooij at vanderkooij.org Thu Oct 11 09:33:02 2007 From: hvdkooij at vanderkooij.org (hvdkooij@vanderkooij.org) Date: Thu Oct 11 09:33:21 2007 Subject: Running as a Milter? In-Reply-To: <470D5068.2050708@sequestered.net> References: <470D5068.2050708@sequestered.net> Message-ID: <470DDFBE.6070504@vanderkooij.org> Jay Chandler wrote: > Now that Postfix supports a milter interface, has anyone had any luck > getting MailScanner to run in-line so it can reject during the SMTP > conversation? MailScanner is designed to be batch oriented. That will never match with the milter strategy as far as I can tell. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. From sandro at e-den.it Thu Oct 11 11:30:23 2007 From: sandro at e-den.it (Sandro Dentella) Date: Thu Oct 11 11:30:37 2007 Subject: optimisation hints required & broken links on wiki In-Reply-To: <56d5287ad267b44e8d332450572dc531@solidstatelogic.com> References: <20071009101410.GA18717@ubuntu> <56d5287ad267b44e8d332450572dc531@solidstatelogic.com> Message-ID: <20071011103023.GA2121@ubuntu> On Tue, Oct 09, 2007 at 07:09:44PM +0100, Martin.Hepworth wrote: > SAndro > > Have a look in the wiki (wiki.mailscanner.info) for upto date info. really all the links that i report as broken are from the wiki... > > need to optimize but reading the wiki I discovered some relevant links > > are > > broken, namely: > > > > How to run a DCC: > > http://www.mailscanner.info/serve/cache/312.html > > > > Bayes growing out of control > > http://www.mailscanner.info/serve/cache/317.html > > > > How to manually train SpamAssassin: > > http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/98.html > > I'd really like to have correct links. I'd like to try to run DCC myself sandro *:-) From sandro at e-den.it Thu Oct 11 11:48:04 2007 From: sandro at e-den.it (Sandro Dentella) Date: Thu Oct 11 11:48:19 2007 Subject: optimisation hints required & broken links on wiki In-Reply-To: <1191928006.23074.15.camel@gblades-suse.linguaphone-intranet.co.uk> References: <20071009101410.GA18717@ubuntu> <1191928006.23074.15.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <20071011104804.GB2121@ubuntu> On Tue, Oct 09, 2007 at 12:06:46PM +0100, Gareth wrote: > What is your setting for 'Max Children' in MailScanner.conf? > Given your processor and amount of RAM it should be set to no more than > 10. I had 25 I lowered to 10. And of course killed MailScanner and restarted. What strikes me is that sarge-netorange:/opt/MailScanner/etc/rules# ps ax|grep MailSca 9015 ? Ss 0:00 MailScanner: master waiting for children, sleeping 9016 ? S 0:27 MailScanner: checking with SpamAssassin 9072 ? S 0:34 MailScanner: checking with SpamAssassin 9172 ? R 0:28 MailScanner: checking with SpamAssassin 9234 ? S 0:27 MailScanner: checking with SpamAssassin 9328 ? S 0:30 MailScanner: checking with SpamAssassin 9424 ? S 0:26 MailScanner: checking with SpamAssassin 9498 ? S 0:26 MailScanner: checking with SpamAssassin 9593 ? R 0:29 MailScanner: checking with SpamAssassin 9700 ? S 0:23 MailScanner: checking with Spam Lists 9806 ? S 0:26 MailScanner: checking with SpamAssassin 13591 ? D 0:00 MailScanner: checking with SpamAssassin 13608 ? S 0:00 MailScanner: checking with SpamAssassin 13618 ? S 0:00 MailScanner: checking with SpamAssassin 13635 ? S 0:00 MailScanner: checking with SpamAssassin 13651 ? S 0:00 MailScanner: checking with SpamAssassin 13724 ? S 0:00 MailScanner: checking with SpamAssassin 13726 ? S 0:00 MailScanner: checking with SpamAssassin 13729 ? R 0:00 MailScanner: checking with SpamAssassin sarge-netorange:/opt/MailScanner/etc/rules# ps ax|grep MailSca|wc -l 22 that's 21 children to me not 10. How come? Many of these processes are in S (sleeping) state. What does that mean? Are those processes waiting for something? sandro -- Sandro Dentella *:-) e-mail: sandro@e-den.it http://www.tksql.org TkSQL Home page - My GPL work From steve.freegard at fsl.com Thu Oct 11 11:57:59 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Thu Oct 11 11:57:57 2007 Subject: optimisation hints required & broken links on wiki In-Reply-To: <20071011104804.GB2121@ubuntu> References: <20071009101410.GA18717@ubuntu> <1191928006.23074.15.camel@gblades-suse.linguaphone-intranet.co.uk> <20071011104804.GB2121@ubuntu> Message-ID: <470E01B7.9000806@fsl.com> Sandro Dentella wrote: > I had 25 I lowered to 10. And of course killed MailScanner and restarted. > What strikes me is that > > sarge-netorange:/opt/MailScanner/etc/rules# ps ax|grep MailSca > 9015 ? Ss 0:00 MailScanner: master waiting for children, sleeping > sarge-netorange:/opt/MailScanner/etc/rules# ps ax|grep MailSca|wc -l > 22 > > that's 21 children to me not 10. How come? Try 'ps axf' instead, you'll see the parent process, then 10 children, the rest are sub-processes of each child (e.g. SpamAssassin): [root@mail src]# ps axfw | grep MailScanner 21461 ? Ss 0:00 MailScanner: starting child 10741 ? S 0:10 \_ MailScanner: waiting for messages 10795 ? S 0:10 \_ MailScanner: waiting for messages 10851 ? S 0:10 \_ MailScanner: waiting for messages 10894 ? S 0:09 \_ MailScanner: waiting for messages 10935 ? S 0:09 \_ MailScanner: waiting for messages 10976 ? S 0:09 \_ MailScanner: waiting for messages 11020 ? S 0:09 \_ MailScanner: waiting for messages 11092 ? S 0:10 \_ MailScanner: waiting for messages 11154 ? S 0:09 \_ MailScanner: waiting for messages 11219 ? S 0:11 \_ MailScanner: waiting for messages Cheers, Steve. From sandro at e-den.it Thu Oct 11 12:09:24 2007 From: sandro at e-den.it (Sandro Dentella) Date: Thu Oct 11 12:09:38 2007 Subject: Debug on a production server Message-ID: <20071011110924.GE2121@ubuntu> Hi, I'd like to run MailScanner on a server that cannot be stopped as it's a production server. Can I run another process separately I'd like to understand where MailScanner is spending its time and possibly where SpamAssasing is spending its time. Is there a way to run SpamAssasing the same way MailScanner runs it? thanks sandro *:-) From jonas at vrt.dk Thu Oct 11 12:18:01 2007 From: jonas at vrt.dk (Jonas A. Larsen) Date: Thu Oct 11 12:18:04 2007 Subject: mail char encoding In-Reply-To: <6B59FCF2EFD0334A8147A1BB463F111E02DCE636@mail-17ps.atlarge.net> References: <6B59FCF2EFD0334A8147A1BB463F111E02DCE636@mail-17ps.atlarge.net> Message-ID: <001301c80bf8$62cdab60$28690220$@dk> Hi Jan > Im having some problems with danish special chars that are sometimes > "changed" during the scanning process. I've prob. set the wrong char > encoding of the server or something. Im sure I read somewhere to set > something like this, but now I cannot find it anywhere. > > Running centos4.5, installed mailscanner using rpm. We are running mailscanner allmost entirely with danish clients, and therefor have lots of danish emails going through our system, and ive never heard of any mails being changed, except when mailscanner thinks there is a phishing attempt and insert a warning, are you sure that its mailscanner that?s changing your mail chars? Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 33369974 Fax: 7020 0978 Mobile: 51201096 Web: www.techbiz.dk From martinh at solidstatelogic.com Thu Oct 11 13:40:05 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Oct 11 13:40:15 2007 Subject: Debug on a production server In-Reply-To: <20071011110924.GE2121@ubuntu> References: <20071011110924.GE2121@ubuntu> Message-ID: Sandro have a look at the optimisation page in the wiki, (local cachine dns server, only run a couple of RBLs etc etc) if you're using SA 3.2.3 then make sure you have the DNS performance patch installed and possibly disabled the whois lookup rules as well.. http://lists.mailscanner.info/pipermail/mailscanner/2007-September/078445.html Back to you original question you can quite safely run in debug mode on a production server. The whole architecture is MS makes it quite difficult to loose messages. -- Martin On Thu, 11 Oct 2007 13:09:24 +0200 Sandro Dentella wrote: > Hi, > > I'd like to run MailScanner on a server that cannot be >stopped as it's a > production server. Can I run another process separately > > I'd like to understand where MailScanner is spending >its time and possibly > where SpamAssasing is spending its time. Is there a way >to run > SpamAssasing the same way MailScanner runs it? > > thanks > sandro > *:-) > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read >http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the >website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From sandro at e-den.it Thu Oct 11 14:53:37 2007 From: sandro at e-den.it (Sandro Dentella) Date: Thu Oct 11 14:53:55 2007 Subject: optimisation hints required & broken links on wiki In-Reply-To: <1191928006.23074.15.camel@gblades-suse.linguaphone-intranet.co.uk> References: <20071009101410.GA18717@ubuntu> <1191928006.23074.15.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <20071011135337.GA23760@ubuntu> On Tue, Oct 09, 2007 at 12:06:46PM +0100, Gareth wrote: > What is your setting for 'Max Children' in MailScanner.conf? > Given your processor and amount of RAM it should be set to no more than > 10. > I said i'm using dual xeon 3 GB. Better would have been 'dual xeon biproc'. That's 4 procs (0-3 in /proc/cpuinfo). According to that mean config man page should be 4 processes for CPU. So I should raise again to 20. Do I understand correctly? sandro *:-) From hvdkooij at vanderkooij.org Thu Oct 11 14:57:52 2007 From: hvdkooij at vanderkooij.org (hvdkooij@vanderkooij.org) Date: Thu Oct 11 14:58:32 2007 Subject: mail char encoding In-Reply-To: <6B59FCF2EFD0334A8147A1BB463F111E02DCE636@mail-17ps.atlarge.net> References: <6B59FCF2EFD0334A8147A1BB463F111E02DCE636@mail-17ps.atlarge.net> Message-ID: <470E2BE0.5020901@vanderkooij.org> Jan Agermose wrote: > Im having some problems with danish special chars that are sometimes > "changed" during the scanning process. I've prob. set the wrong char > encoding of the server or something. Im sure I read somewhere to set > something like this, but now I cannot find it anywhere. > > Running centos4.5, installed mailscanner using rpm. Jules wrote about this in his book. What have you set your Language settings to? If it contain UTF-8 in there then you may have found a possible cause. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. From hvdkooij at vanderkooij.org Thu Oct 11 15:02:32 2007 From: hvdkooij at vanderkooij.org (hvdkooij@vanderkooij.org) Date: Thu Oct 11 15:02:59 2007 Subject: optimisation hints required & broken links on wiki In-Reply-To: <20071011135337.GA23760@ubuntu> References: <20071009101410.GA18717@ubuntu> <1191928006.23074.15.camel@gblades-suse.linguaphone-intranet.co.uk> <20071011135337.GA23760@ubuntu> Message-ID: <470E2CF8.4070506@vanderkooij.org> Sandro Dentella wrote: > On Tue, Oct 09, 2007 at 12:06:46PM +0100, Gareth wrote: >> What is your setting for 'Max Children' in MailScanner.conf? >> Given your processor and amount of RAM it should be set to no more than >> 10. > > I said i'm using dual xeon 3 GB. Better would have been 'dual xeon biproc'. > That's 4 procs (0-3 in /proc/cpuinfo). > > According to that mean config man page should be 4 processes for CPU. So I > should raise again to 20. Do I understand correctly? I would keep it at 10 process and concentrate on other suspects. Check each and every RBL in your spamassassin and MailScanner config. I wrote a procedure for this a short while ago so it is in the archives. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. From prandal at herefordshire.gov.uk Thu Oct 11 15:13:23 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Oct 11 15:13:32 2007 Subject: Debug on a production server In-Reply-To: References: <20071011110924.GE2121@ubuntu> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA01BEB83B@HC-MBX02.herefordshire.gov.uk> The completewhois lookups are removed in the current SA config files, so make sure you've successfully run sa-update. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Martin.Hepworth > Sent: 11 October 2007 13:40 > To: MailScanner discussion > Subject: Re: Debug on a production server > > Sandro > > have a look at the optimisation page in the wiki, (local > cachine dns server, > only run a couple of RBLs etc etc) > > if you're using SA 3.2.3 then make sure you have the DNS > performance patch > installed and possibly disabled the whois lookup rules as well.. > > http://lists.mailscanner.info/pipermail/mailscanner/2007-Septe > mber/078445.html > > Back to you original question you can quite safely run in > debug mode on a > production server. The whole architecture is MS makes it > quite difficult to > loose messages. > > -- > Martin > > > On Thu, 11 Oct 2007 13:09:24 +0200 > Sandro Dentella wrote: > > Hi, > > > > I'd like to run MailScanner on a server that cannot be > >stopped as it's a > > production server. Can I run another process separately > > > > I'd like to understand where MailScanner is spending > >its time and possibly > > where SpamAssasing is spending its time. Is there a way > >to run > > SpamAssasing the same way MailScanner runs it? > > > > thanks > > sandro > > *:-) > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read > >http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the > >website! > > ********************************************************************** > Confidentiality : This e-mail and any attachments are > intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. > We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From Denis.Beauchemin at USherbrooke.ca Thu Oct 11 15:50:37 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Oct 11 15:52:12 2007 Subject: mail char encoding In-Reply-To: <470E2BE0.5020901@vanderkooij.org> References: <6B59FCF2EFD0334A8147A1BB463F111E02DCE636@mail-17ps.atlarge.net> <470E2BE0.5020901@vanderkooij.org> Message-ID: <470E383D.7030700@USherbrooke.ca> hvdkooij@vanderkooij.org a ?crit : > Jan Agermose wrote: > >> Im having some problems with danish special chars that are sometimes >> "changed" during the scanning process. I've prob. set the wrong char >> encoding of the server or something. Im sure I read somewhere to set >> something like this, but now I cannot find it anywhere. >> >> Running centos4.5, installed mailscanner using rpm. >> > > Jules wrote about this in his book. What have you set your Language > settings to? If it contain UTF-8 in there then you may have found a > possible cause. > > Hugo. > > Hugo, My newest MS servers run with LANG=en_US.UTF-8 without any problems. I just made sure I installed MS, Clam and SA with LANG=C. Most ham we receive is in French and we don't have any problems with contents being "changed" by MS. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From martinh at solidstatelogic.com Thu Oct 11 16:16:29 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Oct 11 16:16:41 2007 Subject: large word doc attachments in spam Message-ID: All Had reports (from the MD!) of large MS-Word attachments as spam. (300Kb) Apart from Increasing the "Max Spam Check Size" setting to cover this and seeing is SA traps this, has anyone else seen this technique? -- martin ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From mikael at syska.dk Thu Oct 11 16:22:28 2007 From: mikael at syska.dk (Mikael Syska) Date: Thu Oct 11 16:22:55 2007 Subject: Debug on a production server In-Reply-To: References: <20071011110924.GE2121@ubuntu> Message-ID: <470E3FB4.1070807@syska.dk> Hi, How do I actually apply the patch ? There does not seem to be much info on this ... and my scan times are also rather high ... not that its a problem atm ... but it could be in the future :-( // ouT Martin.Hepworth wrote: > Sandro > > have a look at the optimisation page in the wiki, (local cachine dns > server, only run a couple of RBLs etc etc) > > if you're using SA 3.2.3 then make sure you have the DNS performance > patch installed and possibly disabled the whois lookup rules as well.. > > http://lists.mailscanner.info/pipermail/mailscanner/2007-September/078445.html > > > Back to you original question you can quite safely run in debug mode > on a production server. The whole architecture is MS makes it quite > difficult to loose messages. > > -- > Martin > > > On Thu, 11 Oct 2007 13:09:24 +0200 > Sandro Dentella wrote: >> Hi, >> >> I'd like to run MailScanner on a server that cannot be stopped as >> it's a >> production server. Can I run another process separately >> >> I'd like to understand where MailScanner is spending its time and >> possibly >> where SpamAssasing is spending its time. Is there a way to run >> SpamAssasing the same way MailScanner runs it? >> >> thanks >> sandro >> *:-) >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. Viruses : We have taken > steps to ensure that this e-mail and any attachments are free from > known viruses but in keeping with good computing practice, you should > ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > From list-mailscanner at linguaphone.com Thu Oct 11 16:24:51 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Thu Oct 11 16:25:31 2007 Subject: large word doc attachments in spam In-Reply-To: References: Message-ID: <1192116291.30507.23.camel@gblades-suse.linguaphone-intranet.co.uk> Perhaps its a new virus? http://www.theregister.co.uk/2007/10/11/exploit_wednesday/ On Thu, 2007-10-11 at 16:16, Martin.Hepworth wrote: > All > > Had reports (from the MD!) of large MS-Word attachments as spam. (300Kb) > > Apart from Increasing the "Max Spam Check Size" setting to cover this and > seeing is SA traps this, has anyone else seen this technique? > > -- > martin > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** From ugob at lubik.ca Thu Oct 11 16:57:47 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Thu Oct 11 17:49:11 2007 Subject: Debug on a production server In-Reply-To: <470E3FB4.1070807@syska.dk> References: <20071011110924.GE2121@ubuntu> <470E3FB4.1070807@syska.dk> Message-ID: Mikael Syska wrote: > Hi, > > How do I actually apply the patch ? Which patch? > There does not seem to be much info on this ... and my scan times are > also rather high ... not that its a problem atm ... but it could be in > the future :-( Please provide more information: Hardware # of child processes scan times of full batches. Virus scanners userd MailScanner versions (MailScanner -v) Local caching DNS server? Using RBLs at MTA Which MTA etc... From Jason at SYO.Com Thu Oct 11 18:04:38 2007 From: Jason at SYO.Com (Jason Gottschalk) Date: Thu Oct 11 18:01:05 2007 Subject: MySQL Error on Mailscanner load Message-ID: <1721213318.20071011130438@SYO.Com> Hello mailscanner, So last night I get a call from my ISP saying my server is not responding. I was snoozing so they waited the 20 minutes I require then they rebooted it for me. It came back up and everything seems just ducky.... Then I go to have a peak at MailScanner a bit ago, and SHEBANG! I have a problem, that most likely caused my server lockup during the night. Here is my error when I try to load MailScanner: Any ideas? My fellow Gurus... Warning: mysql_query() [function.mysql-query]: Unable to save result set in /usr/local/cpanel/whostmgr/docroot/3rdparty/mailwatch/functions.php on line 530 Error executing query: Got error 127 from table handler SQL: SELECT id AS id2, LEFT(hostname,INSTR(hostname,'.')-1) AS host, DATE_FORMAT(timestamp, '%d/%m/%y%H:%i:%s') AS datetime, from_address, to_address, subject, size as size, isspam, ishighspam, spamwhitelisted, spamblacklisted, virusinfected, nameinfected, otherinfected, sascore, report, ismcp, issamcp, ishighmcp, mcpsascore, '' AS status FROM maillog WHERE 1 ORDER BY date DESC, time DESC LIMIT 50 -- Best regards, Jason Gottschalk mailto:Jason@SYO.Com SYO Computer Engineering Services, Inc. SYO - Servicing Your Organization 586-286-2557 From ssilva at sgvwater.com Thu Oct 11 17:53:05 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Oct 11 18:07:41 2007 Subject: optimisation hints required & broken links on wiki In-Reply-To: <20071011103023.GA2121@ubuntu> References: <20071009101410.GA18717@ubuntu> <56d5287ad267b44e8d332450572dc531@solidstatelogic.com> <20071011103023.GA2121@ubuntu> Message-ID: on 10/11/2007 3:30 AM Sandro Dentella spake the following: > On Tue, Oct 09, 2007 at 07:09:44PM +0100, Martin.Hepworth wrote: >> SAndro >> >> Have a look in the wiki (wiki.mailscanner.info) for upto date info. > > really all the links that i report as broken are from the wiki... > >>> need to optimize but reading the wiki I discovered some relevant links >>> are >>> broken, namely: >>> >>> How to run a DCC: >>> http://www.mailscanner.info/serve/cache/312.html >>> >>> Bayes growing out of control >>> http://www.mailscanner.info/serve/cache/317.html >>> >>> How to manually train SpamAssassin: >>> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/98.html >>> > > I'd really like to have correct links. I'd like to try to run DCC myself > > > sandro > *:-) > I don't know if Julian still has archives of this older content, but maybe if it could be put up somewhere for a few months, we could all add it to the wiki as time permits. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mikael at syska.dk Thu Oct 11 18:29:44 2007 From: mikael at syska.dk (Mikael Syska) Date: Thu Oct 11 18:30:15 2007 Subject: Debug on a production server In-Reply-To: References: <20071011110924.GE2121@ubuntu> <470E3FB4.1070807@syska.dk> Message-ID: <470E5D88.2050902@syska.dk> Hi, Ugo Bellavance wrote: > Mikael Syska wrote: >> Hi, >> >> How do I actually apply the patch ? > > Which patch? ups, I must have foggoten to paste it: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5589 > >> There does not seem to be much info on this ... and my scan times are >> also rather high ... not that its a problem atm ... but it could be >> in the future :-( > > Please provide more information: > > Hardware OS: FreeBSD 7 ( yes its current, but 6.4 did not perform very disk with the SAS 5iR controller 2GB ram Dual Core Intel Xeon 3060 2.40 Ghz > # of child processes 8 > scan times of full batches. Oct 11 18:48:58 spam02 MailScanner[72858]: Batch (15 messages) processed in 89.57 seconds Oct 11 18:49:08 spam02 MailScanner[72872]: Batch (15 messages) processed in 88.72 seconds Oct 11 18:49:10 spam02 MailScanner[72854]: Batch (15 messages) processed in 106.89 seconds Oct 11 18:49:19 spam02 MailScanner[72865]: Batch (15 messages) processed in 105.85 seconds > Virus scanners userd clamd > MailScanner versions (MailScanner -v) 4.63.8 > Local caching DNS server? yes > Using RBLs at MTA nope ... we have had very bad exprerience with that ... both tried spamcop and spamhaus ... both have to many FP here in denmark .... > Which MTA Postfix ... > > etc... > Its not a problem that I takes so long time .. just saw the message about the patch and wandered if that would make a diff on my scan times ... So maybe it will help ... best regards Mikael Syska From ssilva at sgvwater.com Thu Oct 11 17:59:16 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Oct 11 18:48:07 2007 Subject: Running as a Milter? In-Reply-To: <470D75FF.8020208@sequestered.net> References: <470D5068.2050708@sequestered.net> <470D75FF.8020208@sequestered.net> Message-ID: on 10/10/2007 6:01 PM Jay Chandler spake the following: > Scott Silva wrote: >> on 10/10/2007 3:21 PM Jay Chandler spake the following: >>> Now that Postfix supports a milter interface, has anyone had any luck >>> getting MailScanner to run in-line so it can reject during the SMTP >>> conversation? >> MailScanner doesn't work that way. It isn't a milter. If you want to >> reject inline, there are milters that will do that. >> > > Yeah, that's a bit unfortunate. I was under the impression that using a > milter might have been an interesting direction to go in as far as > getting MailScanner to run inline. Unfortunately, I'm as close to being > a developer as I am to being a nuclear physicist, so I'm probably not > the man to do it... > > Mailscanner works much better the way it is designed. There are many ways to stop content at the early phases. You can use blacklists at the MTA. You can use milters, (clam has a milter, and so does DCC, and there are all sorts of milters for spamassassin or url scans). -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From martinh at solidstatelogic.com Thu Oct 11 19:04:19 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Oct 11 19:04:23 2007 Subject: MySQL Error on Mailscanner load In-Reply-To: <1721213318.20071011130438@SYO.Com> Message-ID: <662590f6b00f9e4da5a2e89c54df114b@solidstatelogic.com> Jason Have a look in the mysql error log, should have some clues.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jason Gottschalk > Sent: 11 October 2007 18:05 > To: mailscanner@lists.mailscanner.info > Subject: MySQL Error on Mailscanner load > > Hello mailscanner, > > So last night I get a call from my ISP saying my server is not > responding. I was snoozing so they waited the 20 minutes I require > then they rebooted it for me. It came back up and everything seems > just ducky.... > > Then I go to have a peak at MailScanner a bit ago, and SHEBANG! I > have a problem, that most likely caused my server lockup during the > night. > > Here is my error when I try to load MailScanner: Any ideas? My > fellow Gurus... > > Warning: mysql_query() [function.mysql-query]: Unable to save result > set in > /usr/local/cpanel/whostmgr/docroot/3rdparty/mailwatch/functions.php on > line 530 > Error executing query: > > Got error 127 from table handler > > SQL: > > SELECT > id AS id2, > LEFT(hostname,INSTR(hostname,'.')-1) AS host, > DATE_FORMAT(timestamp, '%d/%m/%y%H:%i:%s') AS datetime, > from_address, > to_address, > subject, > size as size, > isspam, > ishighspam, > spamwhitelisted, > spamblacklisted, > virusinfected, > nameinfected, > otherinfected, > sascore, > report, > ismcp, > issamcp, > ishighmcp, > mcpsascore, > '' AS status > FROM > maillog > WHERE > 1 > ORDER BY > date DESC, > time DESC > LIMIT 50 > > > > -- > > Best regards, > > Jason Gottschalk mailto:Jason@SYO.Com > SYO Computer Engineering Services, Inc. > SYO - Servicing Your Organization > 586-286-2557 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From ssilva at sgvwater.com Thu Oct 11 18:22:51 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Oct 11 19:11:52 2007 Subject: MySQL Error on Mailscanner load In-Reply-To: <1721213318.20071011130438@SYO.Com> References: <1721213318.20071011130438@SYO.Com> Message-ID: on 10/11/2007 10:04 AM Jason Gottschalk spake the following: > Hello mailscanner, > > So last night I get a call from my ISP saying my server is not > responding. I was snoozing so they waited the 20 minutes I require > then they rebooted it for me. It came back up and everything seems > just ducky.... > > Then I go to have a peak at MailScanner a bit ago, and SHEBANG! I > have a problem, that most likely caused my server lockup during the > night. > > Here is my error when I try to load MailScanner: Any ideas? My > fellow Gurus... > > Warning: mysql_query() [function.mysql-query]: Unable to save result > set in > /usr/local/cpanel/whostmgr/docroot/3rdparty/mailwatch/functions.php on > line 530 > Error executing query: > > Got error 127 from table handler > > SQL: > > SELECT > id AS id2, > LEFT(hostname,INSTR(hostname,'.')-1) AS host, > DATE_FORMAT(timestamp, '%d/%m/%y%H:%i:%s') AS datetime, > from_address, > to_address, > subject, > size as size, > isspam, > ishighspam, > spamwhitelisted, > spamblacklisted, > virusinfected, > nameinfected, > otherinfected, > sascore, > report, > ismcp, > issamcp, > ishighmcp, > mcpsascore, > '' AS status > FROM > maillog > WHERE > 1 > ORDER BY > date DESC, > time DESC > LIMIT 50 > > > Mysql table corruption? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From doc at maddoc.net Thu Oct 11 19:17:42 2007 From: doc at maddoc.net (Doc Schneider) Date: Thu Oct 11 19:17:52 2007 Subject: MySQL Error on Mailscanner load In-Reply-To: <1721213318.20071011130438@SYO.Com> References: <1721213318.20071011130438@SYO.Com> Message-ID: <470E68C6.6070308@maddoc.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jason Gottschalk wrote: > Hello mailscanner, > > So last night I get a call from my ISP saying my server is not > responding. I was snoozing so they waited the 20 minutes I require > then they rebooted it for me. It came back up and everything seems > just ducky.... > > Then I go to have a peak at MailScanner a bit ago, and SHEBANG! I > have a problem, that most likely caused my server lockup during the > night. > > Here is my error when I try to load MailScanner: Any ideas? My > fellow Gurus... > > Warning: mysql_query() [function.mysql-query]: Unable to save result > set in > /usr/local/cpanel/whostmgr/docroot/3rdparty/mailwatch/functions.php on > line 530 > Error executing query: > > Got error 127 from table handler > To fix this: service MailScanner stop cd /var/lib/mysql/mailscannner myisamchk -r *.MYI IF it repairs successfully. server MailScanner start Depending on how much is there could take a while - -- - -Doc Lincoln, NE. http://www.fsl.com http://www.genealogyforyou.com http://www.cairnproductions.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFHDmjFqOEeBwEpgcsRAnWDAKCjV2FqrNSDfjs0YR4sU/U9505N+gCeI72h h7c8WYSv1rNBaHguTEttUF0= =MSJ6 -----END PGP SIGNATURE----- From doc at maddoc.net Thu Oct 11 19:23:59 2007 From: doc at maddoc.net (Doc Schneider) Date: Thu Oct 11 19:24:14 2007 Subject: MySQL Error on Mailscanner load In-Reply-To: <470E68C6.6070308@maddoc.net> References: <1721213318.20071011130438@SYO.Com> <470E68C6.6070308@maddoc.net> Message-ID: <470E6A3F.9080503@maddoc.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Doc Schneider wrote: > Jason Gottschalk wrote: >> Hello mailscanner, > >> So last night I get a call from my ISP saying my server is not >> responding. I was snoozing so they waited the 20 minutes I require >> then they rebooted it for me. It came back up and everything seems >> just ducky.... > >> Then I go to have a peak at MailScanner a bit ago, and SHEBANG! I >> have a problem, that most likely caused my server lockup during the >> night. > >> Here is my error when I try to load MailScanner: Any ideas? My >> fellow Gurus... > >> Warning: mysql_query() [function.mysql-query]: Unable to save result >> set in >> /usr/local/cpanel/whostmgr/docroot/3rdparty/mailwatch/functions.php on >> line 530 >> Error executing query: > >> Got error 127 from table handler > > > To fix this: > > service MailScanner stop > > cd /var/lib/mysql/mailscannner typo: cd /var/lib/mysql/mailscanner Had too many n's. HAR! > myisamchk -r *.MYI > > IF it repairs successfully. > server MailScanner start > > Depending on how much is there could take a while > > - -- - -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFHDmo/qOEeBwEpgcsRAlU0AJ9LE41X/dsYePbzJ2dmHYJK05t48gCeJY/Q s7mgFUWOvtCzanvzj92ri/I= =EL81 -----END PGP SIGNATURE----- From ugob at lubik.ca Thu Oct 11 19:15:07 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Thu Oct 11 19:34:37 2007 Subject: Debug on a production server In-Reply-To: <470E5D88.2050902@syska.dk> References: <20071011110924.GE2121@ubuntu> <470E3FB4.1070807@syska.dk> <470E5D88.2050902@syska.dk> Message-ID: Mikael Syska wrote: > Hi, >>> There does not seem to be much info on this ... and my scan times are >>> also rather high ... not that its a problem atm ... but it could be >>> in the future :-( >> >> Please provide more information: >> >> Hardware > OS: FreeBSD 7 ( yes its current, but 6.4 did not perform very disk with > the SAS 5iR controller > 2GB ram > Dual Core Intel Xeon 3060 2.40 Ghz >> # of child processes > 8 >> scan times of full batches. > Oct 11 18:48:58 spam02 MailScanner[72858]: Batch (15 messages) processed > in 89.57 seconds > Oct 11 18:49:08 spam02 MailScanner[72872]: Batch (15 messages) processed > in 88.72 seconds > Oct 11 18:49:10 spam02 MailScanner[72854]: Batch (15 messages) processed > in 106.89 seconds > Oct 11 18:49:19 spam02 MailScanner[72865]: Batch (15 messages) processed > in 105.85 seconds Looks fine. Is there a reason why you use 15 message batches? >> Using RBLs at MTA > nope ... we have had very bad exprerience with that ... both tried > spamcop and spamhaus ... both have to many FP here in denmark .... Spamcop is FP-prone, but I've never heard of a FP in north america for spamhaus. > Its not a problem that I takes so long time .. just saw the message > about the patch and wandered if that would make a diff on my scan times ... Ok, I doubt so. Did you put the MailScanner working dir and /tmp in memory (tmpfs on linux)? From ugob at lubik.ca Thu Oct 11 19:18:12 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Thu Oct 11 19:35:23 2007 Subject: MySQL Error on Mailscanner load In-Reply-To: <1721213318.20071011130438@SYO.Com> References: <1721213318.20071011130438@SYO.Com> Message-ID: Jason Gottschalk wrote: > Hello mailscanner, > > So last night I get a call from my ISP saying my server is not > responding. I was snoozing so they waited the 20 minutes I require > then they rebooted it for me. It came back up and everything seems > just ducky.... > > Then I go to have a peak at MailScanner a bit ago, and SHEBANG! I > have a problem, that most likely caused my server lockup during the > night. > > Here is my error when I try to load MailScanner: Any ideas? My > fellow Gurus... > > Warning: mysql_query() [function.mysql-query]: Unable to save result > set in > /usr/local/cpanel/whostmgr/docroot/3rdparty/mailwatch/functions.php on > line 530 > Error executing query: > > Got error 127 from table handler Looks like the maillog table is corrupted. Do a 'REPAIR TABLE maillog' or use myisamchk. Ugo From sandrews at andrewscompanies.com Thu Oct 11 19:51:55 2007 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Thu Oct 11 19:52:02 2007 Subject: sendmail ldap exchange Message-ID: <1964AAFBC212F742958F9275BF63DBB05B41A8@winchester.andrewscompanies.com> Can anyone comment on if this works? http://www.mailarchive.ca/lists/comp.mail.sendmail//2005-06/0022.html I'm currently running as suggested in the wiki: http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta :sendmail:how_to:setup_a_gateway I tried the above and everything got bounced back 550. Also wondering if you have multiple domains, I assume you need multiple: LDAPROUTE_DOMAIN(`yourdomain.com') One for each domain, but do you need multiple define('confLDAP_DEFAULT_SPC.... lines? OS is CentOS 4.3, sendmail is 8.13.1 The author makes reference to compiling sendmail to work with ldap. sendmail -bt -d0.1 responds: Using username "root". Last login: Thu Oct 11 11:47:16 2007 from mail.xxxxxxx.com [root@spamfiilter ~]# sendmail -bt -d0.1 Version 8.13.1 Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS TCPWRAPPERS USERDB USE_LDAP_INIT ============ SYSTEM IDENTITY (after readcf) ============ (short domain name) $w = spamfilter (canonical domain name) $j = spamfilter.xxxxxxx.com (subdomain name) $m = xxxxxxx.com (node name) $k = spamfiilter ======================================================== ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter
> Thanks! Steve -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071011/6771a22e/attachment.html From mikael at syska.dk Thu Oct 11 20:02:23 2007 From: mikael at syska.dk (Mikael Syska) Date: Thu Oct 11 20:02:51 2007 Subject: Debug on a production server In-Reply-To: References: <20071011110924.GE2121@ubuntu> <470E3FB4.1070807@syska.dk> <470E5D88.2050902@syska.dk> Message-ID: <470E733F.8040800@syska.dk> Ugo Bellavance wrote: > Mikael Syska wrote: >> Hi, >>>> There does not seem to be much info on this ... and my scan times >>>> are also rather high ... not that its a problem atm ... but it >>>> could be in the future :-( >>> >>> Please provide more information: >>> >>> Hardware >> OS: FreeBSD 7 ( yes its current, but 6.4 did not perform very disk >> with the SAS 5iR controller >> 2GB ram >> Dual Core Intel Xeon 3060 2.40 Ghz >>> # of child processes >> 8 >>> scan times of full batches. >> Oct 11 18:48:58 spam02 MailScanner[72858]: Batch (15 messages) >> processed in 89.57 seconds >> Oct 11 18:49:08 spam02 MailScanner[72872]: Batch (15 messages) >> processed in 88.72 seconds >> Oct 11 18:49:10 spam02 MailScanner[72854]: Batch (15 messages) >> processed in 106.89 seconds >> Oct 11 18:49:19 spam02 MailScanner[72865]: Batch (15 messages) >> processed in 105.85 seconds > > Looks fine. Is there a reason why you use 15 message batches? you mean instead of 30 .... Some performance turning I read on the wiki ... but t does not seem to have any effect on my system ... so it will do up to deafult again. > >>> Using RBLs at MTA >> nope ... we have had very bad exprerience with that ... both tried >> spamcop and spamhaus ... both have to many FP here in denmark .... > > Spamcop is FP-prone, but I've never heard of a FP in north america for > spamhaus. Then you are a lucky man ... since the server aint that overloaded I dont see any reason to risk getting any FP ... > >> Its not a problem that I takes so long time .. just saw the message >> about the patch and wandered if that would make a diff on my scan >> times ... > > Ok, I doubt so. Did you put the MailScanner working dir and /tmp in > memory (tmpfs on linux)? no ... its on the disk ... and since every mail could be far too important I dont intend to use it .... // ouT From Denis.Beauchemin at USherbrooke.ca Thu Oct 11 20:11:25 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Oct 11 20:12:06 2007 Subject: sendmail ldap exchange In-Reply-To: <1964AAFBC212F742958F9275BF63DBB05B41A8@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB05B41A8@winchester.andrewscompanies.com> Message-ID: <470E755D.4050507@USherbrooke.ca> Steven Andrews a ?crit : > Can anyone comment on if this works? > http://www.mailarchive.ca/lists/comp.mail.sendmail//2005-06/0022.html > > I'm currently running as suggested in the wiki: > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:setup_a_gateway > > I tried the above and everything got bounced back 550. > > Also wondering if you have multiple domains, I assume you need multiple: > LDAPROUTE_DOMAIN(`yourdomain.com') > > One for each domain, but do you need multiple > define('confLDAP_DEFAULT_SPC.... lines? > > OS is CentOS 4.3, sendmail is 8.13.1 The author makes reference to > compiling sendmail to work with ldap. sendmail -bt -d0.1 responds: > > Using username "root". > Last login: Thu Oct 11 11:47:16 2007 from mail.xxxxxxx.com > [root@spamfiilter ~]# sendmail -bt -d0.1 > Version 8.13.1 > Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX > MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET > NETINET6 > NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP > STARTTLS > TCPWRAPPERS USERDB USE_LDAP_INIT > > ============ SYSTEM IDENTITY (after readcf) ============ > (short domain name) $w = spamfilter > (canonical domain name) $j = spamfilter.xxxxxxx.com > (subdomain name) $m = xxxxxxx.com > (node name) $k = spamfiilter > ======================================================== > > ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) > Enter
> > > > > Thanks! > > Steve Steve, I have one "define(`confLDAP_DEFAULT_SPEC...", one "FEATURE(`ldap_routing')", and many "LDAPROUTE_DOMAIN(`...')" Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From Kevin_Miller at ci.juneau.ak.us Thu Oct 11 20:20:05 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Oct 11 20:19:31 2007 Subject: sendmail ldap exchange In-Reply-To: <1964AAFBC212F742958F9275BF63DBB05B41A8@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB05B41A8@winchester.andrewscompanies.com> Message-ID: Take a look at the smf-sav milter - a number of folks here are using it, including myself, and it works just jiffy. Quite easy to set up. I'm not sure about the multiple domains part. I accept for multiple domains, but my Exchange server knows about all of them, so it isn't a problem. If you have multiple Exchange servers that don't do address synchronization it may or may not work. But it's easy, free and works well for us here... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steven Andrews Sent: Thursday, October 11, 2007 10:52 AM To: MailScanner discussion Subject: sendmail ldap exchange Can anyone comment on if this works? http://www.mailarchive.ca/lists/comp.mail.sendmail//2005-06/0022.html I'm currently running as suggested in the wiki: http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta :sendmail:how_to:setup_a_gateway I tried the above and everything got bounced back 550. Also wondering if you have multiple domains, I assume you need multiple: LDAPROUTE_DOMAIN(`yourdomain.com') One for each domain, but do you need multiple define('confLDAP_DEFAULT_SPC.... lines? OS is CentOS 4.3, sendmail is 8.13.1 The author makes reference to compiling sendmail to work with ldap. sendmail -bt -d0.1 responds: Using username "root". Last login: Thu Oct 11 11:47:16 2007 from mail.xxxxxxx.com [root@spamfiilter ~]# sendmail -bt -d0.1 Version 8.13.1 Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS TCPWRAPPERS USERDB USE_LDAP_INIT ============ SYSTEM IDENTITY (after readcf) ============ (short domain name) $w = spamfilter (canonical domain name) $j = spamfilter.xxxxxxx.com (subdomain name) $m = xxxxxxx.com (node name) $k = spamfiilter ======================================================== ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter
> Thanks! Steve -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071011/676c856e/attachment-0001.html From Jason at SYO.Com Thu Oct 11 20:28:45 2007 From: Jason at SYO.Com (Jason Gottschalk) Date: Thu Oct 11 20:25:18 2007 Subject: MySQL Error on Mailscanner load In-Reply-To: <470E6A3F.9080503@maddoc.net> References: <1721213318.20071011130438@SYO.Com> <470E68C6.6070308@maddoc.net> <470E6A3F.9080503@maddoc.net> Message-ID: <1449740572.20071011152845@SYO.Com> Hello Doc, This did not work, although it did run successfully! Thursday, October 11, 2007, 2:23:59 PM, you wrote: Doc> typo: cd /var/lib/mysql/mailscanner Doc> Had too many n's. HAR! -- Best regards, Jason Gottschalk mailto:Jason@SYO.Com SYO Computer Engineering Services, Inc. 586-286-2557 From Jason at SYO.Com Thu Oct 11 20:29:03 2007 From: Jason at SYO.Com (Jason Gottschalk) Date: Thu Oct 11 20:25:28 2007 Subject: MySQL Error on Mailscanner load In-Reply-To: <662590f6b00f9e4da5a2e89c54df114b@solidstatelogic.com> References: <1721213318.20071011130438@SYO.Com> <662590f6b00f9e4da5a2e89c54df114b@solidstatelogic.com> Message-ID: <1399216863.20071011152903@SYO.Com> Hello Martin.Hepworth, Where is the log? Thursday, October 11, 2007, 2:04:19 PM, you wrote: Martin.Hepworth> Jason Martin.Hepworth> Have a look in the mysql error log, should have some clues.. -- Best regards, Jason Gottschalk mailto:Jason@SYO.Com SYO Computer Engineering Services, Inc. 586-286-2557 From doc at maddoc.net Thu Oct 11 20:30:20 2007 From: doc at maddoc.net (Doc Schneider) Date: Thu Oct 11 20:30:31 2007 Subject: MySQL Error on Mailscanner load In-Reply-To: <1449740572.20071011152845@SYO.Com> References: <1721213318.20071011130438@SYO.Com> <470E68C6.6070308@maddoc.net> <470E6A3F.9080503@maddoc.net> <1449740572.20071011152845@SYO.Com> Message-ID: <470E79CC.8050501@maddoc.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jason Gottschalk wrote: > Hello Doc, > > This did not work, although it did run successfully! > > Thursday, October 11, 2007, 2:23:59 PM, you wrote: > Doc> typo: cd /var/lib/mysql/mailscanner > Doc> Had too many n's. HAR! > > Then mysql mailscanner REPAIR TABLE maillog; - -- - -Doc Lincoln, NE. http://www.fsl.com http://www.genealogyforyou.com/ http://www.cairnproductions.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFHDnnMqOEeBwEpgcsRAmKDAJ9QIbfiUvreO3YbLFoJHj4fOeteyQCbB/r4 Dqw/LSgfGOU8LwzZMjtW4ao= =X0uH -----END PGP SIGNATURE----- From ssilva at sgvwater.com Thu Oct 11 20:17:11 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Oct 11 20:56:02 2007 Subject: Debug on a production server In-Reply-To: <470E733F.8040800@syska.dk> References: <20071011110924.GE2121@ubuntu> <470E3FB4.1070807@syska.dk> <470E5D88.2050902@syska.dk> <470E733F.8040800@syska.dk> Message-ID: on 10/11/2007 12:02 PM Mikael Syska spake the following: > Ugo Bellavance wrote: >> Mikael Syska wrote: >>> Hi, >>>>> There does not seem to be much info on this ... and my scan times >>>>> are also rather high ... not that its a problem atm ... but it >>>>> could be in the future :-( >>>> >>>> Please provide more information: >>>> >>>> Hardware >>> OS: FreeBSD 7 ( yes its current, but 6.4 did not perform very disk >>> with the SAS 5iR controller >>> 2GB ram >>> Dual Core Intel Xeon 3060 2.40 Ghz >>>> # of child processes >>> 8 >>>> scan times of full batches. >>> Oct 11 18:48:58 spam02 MailScanner[72858]: Batch (15 messages) >>> processed in 89.57 seconds >>> Oct 11 18:49:08 spam02 MailScanner[72872]: Batch (15 messages) >>> processed in 88.72 seconds >>> Oct 11 18:49:10 spam02 MailScanner[72854]: Batch (15 messages) >>> processed in 106.89 seconds >>> Oct 11 18:49:19 spam02 MailScanner[72865]: Batch (15 messages) >>> processed in 105.85 seconds >> >> Looks fine. Is there a reason why you use 15 message batches? > you mean instead of 30 .... > > Some performance turning I read on the wiki ... but t does not seem to > have any effect on my system ... so it will do up to deafult again. >> >>>> Using RBLs at MTA >>> nope ... we have had very bad exprerience with that ... both tried >>> spamcop and spamhaus ... both have to many FP here in denmark .... >> >> Spamcop is FP-prone, but I've never heard of a FP in north america for >> spamhaus. > Then you are a lucky man ... > > since the server aint that overloaded I dont see any reason to risk > getting any FP ... >> >>> Its not a problem that I takes so long time .. just saw the message >>> about the patch and wandered if that would make a diff on my scan >>> times ... >> >> Ok, I doubt so. Did you put the MailScanner working dir and /tmp in >> memory (tmpfs on linux)? > no ... its on the disk ... and since every mail could be far too > important I dont intend to use it .... Tmpfs is absolutely safe on mailscanner if you follow the wiki and only put the mailscanner incoming directory there. And the speed increase is very noticeable, especially in virus and spam scanning. Mailscanner does not actually remove any messages. It sees the message in mqueue.in, extracts it to incoming, does its work, and if messages are clean it hard links it to mqueue and then unlinks from mqueue.in. So there is no chance of mailscanner losing a message. If it dies at any point up to the unlink, the original message is in mqueue.in waiting to be processed again. It is a marvelously thought out system, and I have to say that Julian is brilliant. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Thu Oct 11 21:03:15 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Oct 11 21:03:33 2007 Subject: Change default phishing net setting? Message-ID: <470E8183.2010602@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am considering changing the supplied default Use Stricter Phishing Net = yes to "no". As a reminder, the biggest consequence of this is that links that take you to host tracking.yourdomain.com while claiming to be taking you to www.yourdomain.com would be allowed. Any thoughts? What do most people set this to? Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHDoGCEfZZRxQVtlQRAqQjAJ9qJ519/XidhiWRdXCJpLB/38IPAwCg4WMV ML8hN7maQ8KASXpDqP9jtqg= =Qhk8 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Thu Oct 11 21:05:09 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Oct 11 21:05:25 2007 Subject: Debug on a production server In-Reply-To: References: <20071011110924.GE2121@ubuntu> <470E3FB4.1070807@syska.dk> <470E5D88.2050902@syska.dk> <470E733F.8040800@syska.dk> Message-ID: <470E81F5.8060801@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > on 10/11/2007 12:02 PM Mikael Syska spake the following: >> Ugo Bellavance wrote: >>> Mikael Syska wrote: >>>> Hi, >>>>>> There does not seem to be much info on this ... and my >>>>>> scan times are also rather high ... not that its a >>>>>> problem atm ... but it could be in the future :-( >>>>> >>>>> Please provide more information: >>>>> >>>>> Hardware >>>> OS: FreeBSD 7 ( yes its current, but 6.4 did not perform very >>>> disk with the SAS 5iR controller 2GB ram Dual Core Intel >>>> Xeon 3060 2.40 Ghz >>>>> # of child processes >>>> 8 >>>>> scan times of full batches. >>>> Oct 11 18:48:58 spam02 MailScanner[72858]: Batch (15 >>>> messages) processed in 89.57 seconds Oct 11 18:49:08 spam02 >>>> MailScanner[72872]: Batch (15 messages) processed in 88.72 >>>> seconds Oct 11 18:49:10 spam02 MailScanner[72854]: Batch (15 >>>> messages) processed in 106.89 seconds Oct 11 18:49:19 spam02 >>>> MailScanner[72865]: Batch (15 messages) processed in 105.85 >>>> seconds >>> >>> Looks fine. Is there a reason why you use 15 message batches? >> you mean instead of 30 .... >> >> Some performance turning I read on the wiki ... but t does not >> seem to have any effect on my system ... so it will do up to >> deafult again. >>> >>>>> Using RBLs at MTA >>>> nope ... we have had very bad exprerience with that ... both >>>> tried spamcop and spamhaus ... both have to many FP here in >>>> denmark .... >>> >>> Spamcop is FP-prone, but I've never heard of a FP in north >>> america for spamhaus. >> Then you are a lucky man ... >> >> since the server aint that overloaded I dont see any reason to >> risk getting any FP ... >>> >>>> Its not a problem that I takes so long time .. just saw the >>>> message about the patch and wandered if that would make a >>>> diff on my scan times ... >>> >>> Ok, I doubt so. Did you put the MailScanner working dir and >>> /tmp in memory (tmpfs on linux)? >> no ... its on the disk ... and since every mail could be far too >> important I dont intend to use it .... > Tmpfs is absolutely safe on mailscanner if you follow the wiki and > only put the mailscanner incoming directory there. And the speed > increase is very noticeable, especially in virus and spam scanning. > Mailscanner does not actually remove any messages. It sees the > message in mqueue.in, extracts it to incoming, does its work, and > if messages are clean it hard links it to mqueue and then unlinks > from mqueue.in. So there is no chance of mailscanner losing a > message. If it dies at any point up to the unlink, the original > message is in mqueue.in waiting to be processed again. Quite correct. > > It is a marvelously thought out system, and I have to say that > Julian is brilliant. You guys make me blush :-) Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHDoH1EfZZRxQVtlQRAj1wAKDj52XYtvntRRt97x8vVoYqLS0P1gCguUcP psKt8khEGYH52JMyHMfqPLk= =8G2Z -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From mikael at syska.dk Thu Oct 11 21:38:52 2007 From: mikael at syska.dk (Mikael Syska) Date: Thu Oct 11 21:39:20 2007 Subject: Debug on a production server In-Reply-To: References: <20071011110924.GE2121@ubuntu> <470E3FB4.1070807@syska.dk> <470E5D88.2050902@syska.dk> <470E733F.8040800@syska.dk> Message-ID: <470E89DC.2040808@syska.dk> Scott Silva wrote: > on 10/11/2007 12:02 PM Mikael Syska spake the following: >> Ugo Bellavance wrote: >>> Mikael Syska wrote: >>>> Hi, >>>>>> There does not seem to be much info on this ... and my scan times >>>>>> are also rather high ... not that its a problem atm ... but it >>>>>> could be in the future :-( >>>>> >>>>> Please provide more information: >>>>> >>>>> Hardware >>>> OS: FreeBSD 7 ( yes its current, but 6.4 did not perform very disk >>>> with the SAS 5iR controller >>>> 2GB ram >>>> Dual Core Intel Xeon 3060 2.40 Ghz >>>>> # of child processes >>>> 8 >>>>> scan times of full batches. >>>> Oct 11 18:48:58 spam02 MailScanner[72858]: Batch (15 messages) >>>> processed in 89.57 seconds >>>> Oct 11 18:49:08 spam02 MailScanner[72872]: Batch (15 messages) >>>> processed in 88.72 seconds >>>> Oct 11 18:49:10 spam02 MailScanner[72854]: Batch (15 messages) >>>> processed in 106.89 seconds >>>> Oct 11 18:49:19 spam02 MailScanner[72865]: Batch (15 messages) >>>> processed in 105.85 seconds >>> >>> Looks fine. Is there a reason why you use 15 message batches? >> you mean instead of 30 .... >> >> Some performance turning I read on the wiki ... but t does not seem >> to have any effect on my system ... so it will do up to deafult again. >>> >>>>> Using RBLs at MTA >>>> nope ... we have had very bad exprerience with that ... both tried >>>> spamcop and spamhaus ... both have to many FP here in denmark .... >>> >>> Spamcop is FP-prone, but I've never heard of a FP in north america >>> for spamhaus. >> Then you are a lucky man ... >> >> since the server aint that overloaded I dont see any reason to risk >> getting any FP ... >>> >>>> Its not a problem that I takes so long time .. just saw the message >>>> about the patch and wandered if that would make a diff on my scan >>>> times ... >>> >>> Ok, I doubt so. Did you put the MailScanner working dir and /tmp in >>> memory (tmpfs on linux)? >> no ... its on the disk ... and since every mail could be far too >> important I dont intend to use it .... > Tmpfs is absolutely safe on mailscanner if you follow the wiki and > only put the mailscanner incoming directory there. And the speed > increase is very noticeable, especially in virus and spam scanning. > Mailscanner does not actually remove any messages. It sees the message > in mqueue.in, extracts it to incoming, does its work, and if messages > are clean it hard links it to mqueue and then unlinks from mqueue.in. > So there is no chance of mailscanner losing a message. If it dies at > any point up to the unlink, the original message is in mqueue.in > waiting to be processed again. You mention the wiki ... I can only see http://wiki.mailscanner.info/doku.php and a link to: http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/120.html witch does not seem to work. and there does not seem to be anything about tmpfs ... if ... then I'm not able to find it ... But it seems very easy .... Incoming Work Dir SpamAssassin Temporary Dir SpamAssassin Cache Database File on the Ram disk ... and that should be about it I guess ... Running Postfix if that makes any difference ... what about size of it .... 1.5 * max message size or ? > > It is a marvelously thought out system, and I have to say that Julian > is brilliant. > Yes ... very. // ouT From r.curtis at ywcaelpaso.org Thu Oct 11 21:40:56 2007 From: r.curtis at ywcaelpaso.org (Curtis, Roger) Date: Thu Oct 11 21:41:56 2007 Subject: Change default phishing net setting? In-Reply-To: <470E8183.2010602@ecs.soton.ac.uk> References: <470E8183.2010602@ecs.soton.ac.uk> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Thursday, October 11, 2007 2:03 PM > To: MailScanner discussion > Subject: Change default phishing net setting? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I am considering changing the supplied default > Use Stricter Phishing Net = yes > to "no". > > As a reminder, the biggest consequence of this is that links that take > you to host tracking.yourdomain.com while claiming to be taking you to > www.yourdomain.com would be allowed. > > Any thoughts? > What do most people set this to? I have set it to "No" for quite awhile as I was getting too many false positives on mailing lists and newsletters. > > Jules From ugob at lubik.ca Thu Oct 11 21:54:34 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Thu Oct 11 21:55:09 2007 Subject: Debug on a production server In-Reply-To: <470E89DC.2040808@syska.dk> References: <20071011110924.GE2121@ubuntu> <470E3FB4.1070807@syska.dk> <470E5D88.2050902@syska.dk> <470E733F.8040800@syska.dk> <470E89DC.2040808@syska.dk> Message-ID: Mikael Syska wrote: > You mention the wiki ... I can only see > http://wiki.mailscanner.info/doku.php and a link to: > http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/120.html witch > does not seem to work. Sorry... > and there does not seem to be anything about tmpfs ... if ... then I'm > not able to find it ... > > But it seems very easy .... > > Incoming Work Dir > SpamAssassin Temporary Dir > SpamAssassin Cache Database File Usually /tmp and /var/spool/MailScanner/incoming > > on the Ram disk ... and that should be about it I guess ... > > Running Postfix if that makes any difference ... No. > what about size of it .... 1.5 * max message size or ? On linux it usually gets up to half the ram, but is usually never used that much. >> >> It is a marvelously thought out system, and I have to say that Julian >> is brilliant. >> > Yes ... very. > Eh ;) Ugo From ugob at lubik.ca Thu Oct 11 21:55:22 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Thu Oct 11 22:00:13 2007 Subject: Change default phishing net setting? In-Reply-To: References: <470E8183.2010602@ecs.soton.ac.uk> Message-ID: Curtis, Roger wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Julian Field >> Sent: Thursday, October 11, 2007 2:03 PM >> To: MailScanner discussion >> Subject: Change default phishing net setting? >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I am considering changing the supplied default >> Use Stricter Phishing Net = yes >> to "no". >> >> As a reminder, the biggest consequence of this is that links that take >> you to host tracking.yourdomain.com while claiming to be taking you to >> www.yourdomain.com would be allowed. >> >> Any thoughts? >> What do most people set this to? > > I have set it to "No" for quite awhile as I was getting too many false > positives on mailing lists and newsletters. > >> Jules I agree. Ugo From MailScanner at ecs.soton.ac.uk Thu Oct 11 22:03:38 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Oct 11 22:04:00 2007 Subject: Debug on a production server In-Reply-To: References: <20071011110924.GE2121@ubuntu> <470E3FB4.1070807@syska.dk> <470E5D88.2050902@syska.dk> <470E733F.8040800@syska.dk> <470E89DC.2040808@syska.dk> Message-ID: <470E8FAA.6030001@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ugo Bellavance wrote: > Mikael Syska wrote: >> You mention the wiki ... I can only see >> http://wiki.mailscanner.info/doku.php and a link to: >> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/120.html >> witch does not seem to work. > > Sorry... > >> and there does not seem to be anything about tmpfs ... if ... >> then I'm not able to find it ... >> >> But it seems very easy .... >> >> Incoming Work Dir SpamAssassin Temporary Dir SpamAssassin Cache >> Database File > > Usually /tmp and /var/spool/MailScanner/incoming > >> >> on the Ram disk ... and that should be about it I guess ... >> >> Running Postfix if that makes any difference ... > > No. > >> what about size of it .... 1.5 * max message size or ? > > On linux it usually gets up to half the ram, but is usually never > used that much. > >>> >>> It is a marvelously thought out system, and I have to say that >>> Julian is brilliant. >>> >> Yes ... very. >> > > Eh ;) > > Ugo > Always better to use tmpfs and a ramdisk, tmpfs is elastic and only as much space as it needs. Wasting ram on a fixed size ramdisk is not a good move. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHDo+qEfZZRxQVtlQRAja1AJ4m2MIHo6Q9jciJXkgWG/hqm6ZQKwCcD1Mp qtPEt3FpRT27Xcbnxn/P3UA= =gKk7 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Thu Oct 11 22:05:52 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Oct 11 22:07:52 2007 Subject: Debug on a production server In-Reply-To: <470E81F5.8060801@ecs.soton.ac.uk> References: <20071011110924.GE2121@ubuntu> <470E3FB4.1070807@syska.dk> <470E5D88.2050902@syska.dk> <470E733F.8040800@syska.dk> <470E81F5.8060801@ecs.soton.ac.uk> Message-ID: on 10/11/2007 1:05 PM Julian Field spake the following: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Scott Silva wrote: >> on 10/11/2007 12:02 PM Mikael Syska spake the following: >>> Ugo Bellavance wrote: >>>> Mikael Syska wrote: >>>>> Hi, >>>>>>> There does not seem to be much info on this ... and my >>>>>>> scan times are also rather high ... not that its a >>>>>>> problem atm ... but it could be in the future :-( >>>>>> Please provide more information: >>>>>> >>>>>> Hardware >>>>> OS: FreeBSD 7 ( yes its current, but 6.4 did not perform very >>>>> disk with the SAS 5iR controller 2GB ram Dual Core Intel >>>>> Xeon 3060 2.40 Ghz >>>>>> # of child processes >>>>> 8 >>>>>> scan times of full batches. >>>>> Oct 11 18:48:58 spam02 MailScanner[72858]: Batch (15 >>>>> messages) processed in 89.57 seconds Oct 11 18:49:08 spam02 >>>>> MailScanner[72872]: Batch (15 messages) processed in 88.72 >>>>> seconds Oct 11 18:49:10 spam02 MailScanner[72854]: Batch (15 >>>>> messages) processed in 106.89 seconds Oct 11 18:49:19 spam02 >>>>> MailScanner[72865]: Batch (15 messages) processed in 105.85 >>>>> seconds >>>> Looks fine. Is there a reason why you use 15 message batches? >>> you mean instead of 30 .... >>> >>> Some performance turning I read on the wiki ... but t does not >>> seem to have any effect on my system ... so it will do up to >>> deafult again. >>>>>> Using RBLs at MTA >>>>> nope ... we have had very bad exprerience with that ... both >>>>> tried spamcop and spamhaus ... both have to many FP here in >>>>> denmark .... >>>> Spamcop is FP-prone, but I've never heard of a FP in north >>>> america for spamhaus. >>> Then you are a lucky man ... >>> >>> since the server aint that overloaded I dont see any reason to >>> risk getting any FP ... >>>>> Its not a problem that I takes so long time .. just saw the >>>>> message about the patch and wandered if that would make a >>>>> diff on my scan times ... >>>> Ok, I doubt so. Did you put the MailScanner working dir and >>>> /tmp in memory (tmpfs on linux)? >>> no ... its on the disk ... and since every mail could be far too >>> important I dont intend to use it .... >> Tmpfs is absolutely safe on mailscanner if you follow the wiki and >> only put the mailscanner incoming directory there. And the speed >> increase is very noticeable, especially in virus and spam scanning. >> Mailscanner does not actually remove any messages. It sees the >> message in mqueue.in, extracts it to incoming, does its work, and >> if messages are clean it hard links it to mqueue and then unlinks >> from mqueue.in. So there is no chance of mailscanner losing a >> message. If it dies at any point up to the unlink, the original >> message is in mqueue.in waiting to be processed again. > Quite correct. >> It is a marvelously thought out system, and I have to say that >> Julian is brilliant. > You guys make me blush :-) You make the incoming mail safe for my (l)users!! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Thu Oct 11 22:10:14 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Oct 11 22:14:37 2007 Subject: Debug on a production server In-Reply-To: <470E89DC.2040808@syska.dk> References: <20071011110924.GE2121@ubuntu> <470E3FB4.1070807@syska.dk> <470E5D88.2050902@syska.dk> <470E733F.8040800@syska.dk> <470E89DC.2040808@syska.dk> Message-ID: on 10/11/2007 1:38 PM Mikael Syska spake the following: > Scott Silva wrote: >> on 10/11/2007 12:02 PM Mikael Syska spake the following: >>> Ugo Bellavance wrote: >>>> Mikael Syska wrote: >>>>> Hi, >>>>>>> There does not seem to be much info on this ... and my scan times >>>>>>> are also rather high ... not that its a problem atm ... but it >>>>>>> could be in the future :-( >>>>>> >>>>>> Please provide more information: >>>>>> >>>>>> Hardware >>>>> OS: FreeBSD 7 ( yes its current, but 6.4 did not perform very disk >>>>> with the SAS 5iR controller >>>>> 2GB ram >>>>> Dual Core Intel Xeon 3060 2.40 Ghz >>>>>> # of child processes >>>>> 8 >>>>>> scan times of full batches. >>>>> Oct 11 18:48:58 spam02 MailScanner[72858]: Batch (15 messages) >>>>> processed in 89.57 seconds >>>>> Oct 11 18:49:08 spam02 MailScanner[72872]: Batch (15 messages) >>>>> processed in 88.72 seconds >>>>> Oct 11 18:49:10 spam02 MailScanner[72854]: Batch (15 messages) >>>>> processed in 106.89 seconds >>>>> Oct 11 18:49:19 spam02 MailScanner[72865]: Batch (15 messages) >>>>> processed in 105.85 seconds >>>> >>>> Looks fine. Is there a reason why you use 15 message batches? >>> you mean instead of 30 .... >>> >>> Some performance turning I read on the wiki ... but t does not seem >>> to have any effect on my system ... so it will do up to deafult again. >>>> >>>>>> Using RBLs at MTA >>>>> nope ... we have had very bad exprerience with that ... both tried >>>>> spamcop and spamhaus ... both have to many FP here in denmark .... >>>> >>>> Spamcop is FP-prone, but I've never heard of a FP in north america >>>> for spamhaus. >>> Then you are a lucky man ... >>> >>> since the server aint that overloaded I dont see any reason to risk >>> getting any FP ... >>>> >>>>> Its not a problem that I takes so long time .. just saw the message >>>>> about the patch and wandered if that would make a diff on my scan >>>>> times ... >>>> >>>> Ok, I doubt so. Did you put the MailScanner working dir and /tmp in >>>> memory (tmpfs on linux)? >>> no ... its on the disk ... and since every mail could be far too >>> important I dont intend to use it .... >> Tmpfs is absolutely safe on mailscanner if you follow the wiki and >> only put the mailscanner incoming directory there. And the speed >> increase is very noticeable, especially in virus and spam scanning. >> Mailscanner does not actually remove any messages. It sees the message >> in mqueue.in, extracts it to incoming, does its work, and if messages >> are clean it hard links it to mqueue and then unlinks from mqueue.in. >> So there is no chance of mailscanner losing a message. If it dies at >> any point up to the unlink, the original message is in mqueue.in >> waiting to be processed again. > You mention the wiki ... I can only see > http://wiki.mailscanner.info/doku.php and a link to: > http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/120.html witch > does not seem to work. > > and there does not seem to be anything about tmpfs ... if ... then I'm > not able to find it ... > Julian, Do you have any of this old material ( like http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/120.html) archived somewhere? I would be willing to spend some time fixing this up if I had the content to put in. I don't want to go from memory, as I will probably get something really wonky. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Thu Oct 11 22:15:35 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Oct 11 22:19:06 2007 Subject: Change default phishing net setting? In-Reply-To: <470E8183.2010602@ecs.soton.ac.uk> References: <470E8183.2010602@ecs.soton.ac.uk> Message-ID: on 10/11/2007 1:03 PM Julian Field spake the following: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I am considering changing the supplied default > Use Stricter Phishing Net = yes > to "no". > > As a reminder, the biggest consequence of this is that links that take > you to host tracking.yourdomain.com while claiming to be taking you to > www.yourdomain.com would be allowed. > > Any thoughts? > What do most people set this to? > I leave the phishing code off as my users were bit ---er whining about it. Clam is catching the phishing stuff pretty well, and the rest seems to be scoring high enough to get stopped. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Thu Oct 11 22:39:00 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Oct 11 22:39:36 2007 Subject: Debug on a production server In-Reply-To: <470E89DC.2040808@syska.dk> References: <20071011110924.GE2121@ubuntu> <470E3FB4.1070807@syska.dk> <470E5D88.2050902@syska.dk> <470E733F.8040800@syska.dk> <470E89DC.2040808@syska.dk> Message-ID: on 10/11/2007 1:38 PM Mikael Syska spake the following: > Scott Silva wrote: >> on 10/11/2007 12:02 PM Mikael Syska spake the following: >>> Ugo Bellavance wrote: >>>> Mikael Syska wrote: >>>>> Hi, >>>>>>> There does not seem to be much info on this ... and my scan times >>>>>>> are also rather high ... not that its a problem atm ... but it >>>>>>> could be in the future :-( >>>>>> >>>>>> Please provide more information: >>>>>> >>>>>> Hardware >>>>> OS: FreeBSD 7 ( yes its current, but 6.4 did not perform very disk >>>>> with the SAS 5iR controller >>>>> 2GB ram >>>>> Dual Core Intel Xeon 3060 2.40 Ghz >>>>>> # of child processes >>>>> 8 >>>>>> scan times of full batches. >>>>> Oct 11 18:48:58 spam02 MailScanner[72858]: Batch (15 messages) >>>>> processed in 89.57 seconds >>>>> Oct 11 18:49:08 spam02 MailScanner[72872]: Batch (15 messages) >>>>> processed in 88.72 seconds >>>>> Oct 11 18:49:10 spam02 MailScanner[72854]: Batch (15 messages) >>>>> processed in 106.89 seconds >>>>> Oct 11 18:49:19 spam02 MailScanner[72865]: Batch (15 messages) >>>>> processed in 105.85 seconds >>>> >>>> Looks fine. Is there a reason why you use 15 message batches? >>> you mean instead of 30 .... >>> >>> Some performance turning I read on the wiki ... but t does not seem >>> to have any effect on my system ... so it will do up to deafult again. >>>> >>>>>> Using RBLs at MTA >>>>> nope ... we have had very bad exprerience with that ... both tried >>>>> spamcop and spamhaus ... both have to many FP here in denmark .... >>>> >>>> Spamcop is FP-prone, but I've never heard of a FP in north america >>>> for spamhaus. >>> Then you are a lucky man ... >>> >>> since the server aint that overloaded I dont see any reason to risk >>> getting any FP ... >>>> >>>>> Its not a problem that I takes so long time .. just saw the message >>>>> about the patch and wandered if that would make a diff on my scan >>>>> times ... >>>> >>>> Ok, I doubt so. Did you put the MailScanner working dir and /tmp in >>>> memory (tmpfs on linux)? >>> no ... its on the disk ... and since every mail could be far too >>> important I dont intend to use it .... >> Tmpfs is absolutely safe on mailscanner if you follow the wiki and >> only put the mailscanner incoming directory there. And the speed >> increase is very noticeable, especially in virus and spam scanning. >> Mailscanner does not actually remove any messages. It sees the message >> in mqueue.in, extracts it to incoming, does its work, and if messages >> are clean it hard links it to mqueue and then unlinks from mqueue.in. >> So there is no chance of mailscanner losing a message. If it dies at >> any point up to the unlink, the original message is in mqueue.in >> waiting to be processed again. > You mention the wiki ... I can only see > http://wiki.mailscanner.info/doku.php and a link to: > http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/120.html witch > does not seem to work. > > and there does not seem to be anything about tmpfs ... if ... then I'm > not able to find it ... I just fixed the maq page to replace the missing content in this section. I will work on what I can fix with the documentation I managed to save from the old site. You now have the instructions to get started with tmpfs though. http://wiki.mailscanner.info/doku.php?id=maq:index -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From gerard at seibercom.net Thu Oct 11 23:53:29 2007 From: gerard at seibercom.net (Gerard) Date: Thu Oct 11 23:53:16 2007 Subject: Running as a Milter? In-Reply-To: References: <470D75FF.8020208@sequestered.net> Message-ID: <20071011185027.0F5E.GERARD@seibercom.net> On October 11, 2007 at 12:59PM Scott Silva wrote: [snip] > Mailscanner works much better the way it is designed. There are many ways to > stop content at the early phases. You can use blacklists at the MTA. You can > use milters, (clam has a milter, and so does DCC, and there are all sorts of > milters for spamassassin or url scans). The clam milter does not work as described with Postfix as it does with Sendmail. At least it did not in the past. I am unaware of it being updated to work in a similar fashion on Postfix. I once contacted the author; however, he indicated that he did not have the time to essentially write a different version that would work identically with Postfix. Just thought you might like to know. -- Gerard From ssilva at sgvwater.com Fri Oct 12 00:08:32 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Oct 12 00:08:55 2007 Subject: Running as a Milter? In-Reply-To: <20071011185027.0F5E.GERARD@seibercom.net> References: <470D75FF.8020208@sequestered.net> <20071011185027.0F5E.GERARD@seibercom.net> Message-ID: on 10/11/2007 3:53 PM Gerard spake the following: > On October 11, 2007 at 12:59PM Scott Silva wrote: > > [snip] > >> Mailscanner works much better the way it is designed. There are many ways to >> stop content at the early phases. You can use blacklists at the MTA. You can >> use milters, (clam has a milter, and so does DCC, and there are all sorts of >> milters for spamassassin or url scans). > > The clam milter does not work as described with Postfix as it does with > Sendmail. At least it did not in the past. I am unaware of it being updated to > work in a similar fashion on Postfix. I once contacted the author; however, he > indicated that he did not have the time to essentially write a different > version that would work identically with Postfix. > > Just thought you might like to know. > Weiste likes to do things his own way, so I'm sure milter support will progress as he sees fit. He will probably insist that the milters are re-written to his specs. I don't use postfix on my current production boxes, as I had a lot of sendmail experience under my belt. You tend to use the tools you are comfortable with. But someday, I might be turned to the darkside. I like some of the things that postfix does, but I am not in a big hurry to join the Postfix/MailScanner feud. Maybe I'll learn Exim and be a rebel! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From jherrick at gmail.com Fri Oct 12 04:59:28 2007 From: jherrick at gmail.com (Jim Herrick) Date: Fri Oct 12 04:59:33 2007 Subject: sendmail ldap exchange In-Reply-To: <1964AAFBC212F742958F9275BF63DBB05B41A8@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB05B41A8@winchester.andrewscompanies.com> Message-ID: <82ad773b0710112059s6ae6106n35ac2207083e6f69@mail.gmail.com> milter-ahead seems to work well, too. On 10/11/07, Steven Andrews wrote: > > > Can anyone comment on if this works? > http://www.mailarchive.ca/lists/comp.mail.sendmail//2005-06/0022.html > > I'm currently running as suggested in the wiki: > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:setup_a_gateway > > I tried the above and everything got bounced back 550. > > Also wondering if you have multiple domains, I assume you need multiple: > LDAPROUTE_DOMAIN(`yourdomain.com') > > One for each domain, but do you need multiple > define('confLDAP_DEFAULT_SPC.... lines? > > OS is CentOS 4.3, sendmail is 8.13.1 The author makes reference to > compiling sendmail to work with ldap. sendmail -bt -d0.1 responds: > > Using username "root". > Last login: Thu Oct 11 11:47:16 2007 from mail.xxxxxxx.com > [root@spamfiilter ~]# sendmail -bt -d0.1 > Version 8.13.1 > Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX > MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET > NETINET6 > NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS > TCPWRAPPERS USERDB USE_LDAP_INIT > > ============ SYSTEM IDENTITY (after readcf) ============ > (short domain name) $w = spamfilter > (canonical domain name) $j = spamfilter.xxxxxxx.com > (subdomain name) $m = xxxxxxx.com > (node name) $k = spamfiilter > ======================================================== > > ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) > Enter
> > > > > > Thanks! > > Steve > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From mikael at syska.dk Fri Oct 12 06:48:27 2007 From: mikael at syska.dk (Mikael Syska) Date: Fri Oct 12 06:48:57 2007 Subject: Debug on a production server In-Reply-To: References: <20071011110924.GE2121@ubuntu> <470E3FB4.1070807@syska.dk> <470E5D88.2050902@syska.dk> <470E733F.8040800@syska.dk> <470E89DC.2040808@syska.dk> Message-ID: <470F0AAB.8040803@syska.dk> HI Scott Silva wrote: > I just fixed the maq page to replace the missing content in this > section. I will work on what I can fix with the documentation I > managed to save from the old site. > You now have the instructions to get started with tmpfs though. > http://wiki.mailscanner.info/doku.php?id=maq:index If possible .... Can you then make a note on the wiki, that its only possible to use tmpfs on FreeBSD 7.0-current ... and ofcause stable when it will be released. If a erliar release is used, only ramdisk will be available with a fixed size..... Or am I allowed to update the wiki ? // ouT From shuttlebox at gmail.com Fri Oct 12 08:08:55 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Oct 12 08:08:58 2007 Subject: Debug on a production server In-Reply-To: References: <20071011110924.GE2121@ubuntu> <470E3FB4.1070807@syska.dk> <470E5D88.2050902@syska.dk> <470E733F.8040800@syska.dk> <470E89DC.2040808@syska.dk> Message-ID: <625385e30710120008t1a01f9fm1f1caa2249fad5d2@mail.gmail.com> On 10/11/07, Scott Silva wrote: > I just fixed the maq page to replace the missing content in this section. I > will work on what I can fix with the documentation I managed to save from the > old site. > You now have the instructions to get started with tmpfs though. > http://wiki.mailscanner.info/doku.php?id=maq:index Did you find the old material somewhere or did you just write it from scratch? I'm pretty sure I added to the old about how to set up tmpfs in Solaris. -- /peter From Q.G.Campbell at newcastle.ac.uk Fri Oct 12 08:33:20 2007 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Fri Oct 12 08:33:38 2007 Subject: Change default phishing net setting? In-Reply-To: <470E8183.2010602@ecs.soton.ac.uk> References: <470E8183.2010602@ecs.soton.ac.uk> Message-ID: <4165CF7A7F12DE4B96622CCBB90586470BE3CC73@largo.campus.ncl.ac.uk> >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >bounces@lists.mailscanner.info] On Behalf Of Julian Field >Sent: 11 October 2007 21:03 >To: MailScanner discussion >Subject: Change default phishing net setting? > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >I am considering changing the supplied default > Use Stricter Phishing Net = yes >to "no". > >As a reminder, the biggest consequence of this is that links that take >you to host tracking.yourdomain.com while claiming to be taking you to >www.yourdomain.com would be allowed. > >Any thoughts? >What do most people set this to? We set this to "no" after initially trying "yes". Too many false positives and complaints. I think I understand the implications of using 'Use Stricter Phishing Net = no'. Its effects would only be serious if 'yourdomain.com' was a _reputable_ sounding organisation owned or subverted by some foreign criminal enterprise, not vulnerable to the rule of law. But observe that 'yourdomain.com' could construct its phishing/scam e-mails so that they would not even be detected by MailScanner with 'Use Stricter Phishing Net = yes', since it has full control of its DNS entries. If 'yourdomain.com' was a reputable business, vulnerable to the rule of law, who unknowingly allowed a part of its organisation to register and use 'trojan.yourdomain.com' in a phishing exercise (seems an unlikely possibility), then I would expect the problem to be quickly recognised and dealt with and affected individuals to have recourse through the courts where necessary. Is this assessment to na?ve? Quentin From w.kranenborg at am-impact.nl Fri Oct 12 08:56:02 2007 From: w.kranenborg at am-impact.nl (A&M ImpacT [W. Kranenborg]) Date: Fri Oct 12 08:52:42 2007 Subject: Very long lint test - leaving helper-app run mode Message-ID: Dear guys, I just ran a lint test of spamassassin and the following wonders me. "leaving helper-app run mode" takes about 5 seconds. This seems very long. Does anybody know why this takes so long or is this just normal? ... [23316] dbg: plugin: registering glue method for dummy_check (FuzzyOcr=HASH(0x26391a0)) 0.00123 [23316] dbg: plugin: registering glue method for pdf_match_details (Mail::SpamAssassin::Plugin::PDFInfo=HASH(0x240bf20)) 0.00022 [23316] dbg: plugin: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x828f40)) 0.00021 [23316] dbg: plugin: registering glue method for pdf_is_encrypted (Mail::SpamAssassin::Plugin::PDFInfo=HASH(0x240bf20)) 0.0004 [23316] dbg: plugin: registering glue method for pdf_image_size_range (Mail::SpamAssassin::Plugin::PDFInfo=HASH(0x240bf20)) 0.00151 [23316] dbg: plugin: registering glue method for pdf_image_to_text_ratio (Mail::SpamAssassin::Plugin::PDFInfo=HASH(0x240bf20)) 0.00048 [23316] dbg: rules: ran eval rule BAYES_50 ======> got hit 0.00041 [23316] dbg: plugin: registering glue method for pdf_is_empty_body (Mail::SpamAssassin::Plugin::PDFInfo=HASH(0x240bf20)) 0.00056 [23316] dbg: rules: running raw-body-text per-line regexp tests; score so far=0.961 0.00028 [23316] dbg: rules: ran rawbody rule __SOMETHING ======> got hit: "I" 0.08492 [23316] dbg: rules: running full-text regexp tests; score so far=0.961 0.01016 [23316] dbg: plugin: registering glue method for check_razor2_range (Mail::SpamAssassin::Plugin::Razor2=HASH(0x2410ee0)) 0.00863 [23316] dbg: info: entering helper-app run mode 0.00024 [23316] dbg: info: leaving helper-app run mode 5.00712 [23316] dbg: razor2: razor2 check timed out after 5 seconds 0.0001 [23316] dbg: razor2: results: spam? 0 0.0002 [23316] dbg: razor2: results: engine 8, highest cf score: 0 4E-05 [23316] dbg: razor2: results: engine 4, highest cf score: 0 3E-05 [23316] dbg: plugin: registering glue method for check_razor2 (Mail::SpamAssassin::Plugin::Razor2=HASH(0x2410ee0)) 9E-05 [23316] dbg: plugin: registering glue method for check_pyzor (Mail::SpamAssassin::Plugin::Pyzor=HASH(0x240e480)) 0.00026 [23316] dbg: pyzor: pyzor is available: /usr/bin/pyzor 0.00012 [23316] dbg: info: entering helper-app run mode 0.00048 [23316] dbg: pyzor: opening pipe: /usr/bin/pyzor check < /tmp/.spamassassin23316VHKUGttmp 0.00028 [23388] dbg: util: setuid: ruid=33 euid=33 0.00935 [23316] dbg: pyzor: [23388] finished: exit=0x0100 0.05349 [23316] dbg: pyzor: got response: 82.94.255.100:24441 (200, 'OK') 0 0 0.00011 [23316] dbg: info: leaving helper-app run mode 0.0001 [23316] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x828f40) implements 'check_tick' 0.00054 [23316] dbg: check: running tests for priority: 500 ... Kind regards, Wessel Kranenborg -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071012/c19b340d/attachment.html From MailScanner at ecs.soton.ac.uk Fri Oct 12 09:14:17 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Oct 12 09:14:39 2007 Subject: Change default phishing net setting? In-Reply-To: <4165CF7A7F12DE4B96622CCBB90586470BE3CC73@largo.campus.ncl.ac.uk> References: <470E8183.2010602@ecs.soton.ac.uk> <4165CF7A7F12DE4B96622CCBB90586470BE3CC73@largo.campus.ncl.ac.uk> Message-ID: <470F2CD9.5050104@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Quentin Campbell wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Julian Field >> Sent: 11 October 2007 21:03 >> To: MailScanner discussion >> Subject: Change default phishing net setting? >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I am considering changing the supplied default >> Use Stricter Phishing Net = yes >> to "no". >> >> As a reminder, the biggest consequence of this is that links that take >> you to host tracking.yourdomain.com while claiming to be taking you to >> www.yourdomain.com would be allowed. >> >> Any thoughts? >> What do most people set this to? >> > > We set this to "no" after initially trying "yes". Too many false positives and complaints. > > I think I understand the implications of using 'Use Stricter Phishing Net = no'. > > Its effects would only be serious if 'yourdomain.com' was a _reputable_ sounding organisation owned or subverted by some foreign criminal enterprise, not vulnerable to the rule of law. But observe that 'yourdomain.com' could construct its phishing/scam e-mails so that they would not even be detected by MailScanner with 'Use Stricter Phishing Net = yes', since it has full control of its DNS entries. > > If 'yourdomain.com' was a reputable business, vulnerable to the rule of law, who unknowingly allowed a part of its organisation to register and use 'trojan.yourdomain.com' in a phishing exercise (seems an unlikely possibility), then I would expect the problem to be quickly recognised and dealt with and affected individuals to have recourse through the courts where necessary. > > Is this assessment to na?ve? > It has happened to Google before now. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHDyzaEfZZRxQVtlQRAnCIAKCSXkKhB1sBvd15+44Am3phFc9vCwCfVUq2 thMALr6nXe80FsXxTDyaA5U= =4lka -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From martinh at solidstatelogic.com Fri Oct 12 09:18:58 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Oct 12 09:19:01 2007 Subject: Debug on a production server In-Reply-To: <470F0AAB.8040803@syska.dk> References: <20071011110924.GE2121@ubuntu> Message-ID: In my testing under fbsd 4.x I found a ufs filesystem with softupdates just as quick as a ramdisk..ymmv under freebsd. -- martin On Fri, 12 Oct 2007 07:48:27 +0200 Mikael Syska wrote: > HI > Scott Silva wrote: >> I just fixed the maq page to replace the missing content >>in this >> section. I will work on what I can fix with the >>documentation I >> managed to save from the old site. >> You now have the instructions to get started with tmpfs >>though. >> http://wiki.mailscanner.info/doku.php?id=maq:index > If possible .... > > Can you then make a note on the wiki, that its only >possible to use tmpfs on FreeBSD 7.0-current ... and >ofcause stable when it will be released. > If a erliar release is used, only ramdisk will be >available with a fixed size..... > > Or am I allowed to update the wiki ? > > // ouT > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read >http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the >website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Fri Oct 12 09:21:43 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Oct 12 09:22:05 2007 Subject: Debug on a production server In-Reply-To: References: <20071011110924.GE2121@ubuntu> <470E3FB4.1070807@syska.dk> <470E5D88.2050902@syska.dk> <470E733F.8040800@syska.dk> <470E89DC.2040808@syska.dk> Message-ID: <470F2E97.1010508@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > on 10/11/2007 1:38 PM Mikael Syska spake the following: >> Scott Silva wrote: >>> on 10/11/2007 12:02 PM Mikael Syska spake the following: >>>> Ugo Bellavance wrote: >>>>> Mikael Syska wrote: >>>>>> Hi, >>>>>>>> There does not seem to be much info on this ... and my scan >>>>>>>> times are also rather high ... not that its a problem atm ... >>>>>>>> but it could be in the future :-( >>>>>>> >>>>>>> Please provide more information: >>>>>>> >>>>>>> Hardware >>>>>> OS: FreeBSD 7 ( yes its current, but 6.4 did not perform very >>>>>> disk with the SAS 5iR controller >>>>>> 2GB ram >>>>>> Dual Core Intel Xeon 3060 2.40 Ghz >>>>>>> # of child processes >>>>>> 8 >>>>>>> scan times of full batches. >>>>>> Oct 11 18:48:58 spam02 MailScanner[72858]: Batch (15 messages) >>>>>> processed in 89.57 seconds >>>>>> Oct 11 18:49:08 spam02 MailScanner[72872]: Batch (15 messages) >>>>>> processed in 88.72 seconds >>>>>> Oct 11 18:49:10 spam02 MailScanner[72854]: Batch (15 messages) >>>>>> processed in 106.89 seconds >>>>>> Oct 11 18:49:19 spam02 MailScanner[72865]: Batch (15 messages) >>>>>> processed in 105.85 seconds >>>>> >>>>> Looks fine. Is there a reason why you use 15 message batches? >>>> you mean instead of 30 .... >>>> >>>> Some performance turning I read on the wiki ... but t does not seem >>>> to have any effect on my system ... so it will do up to deafult again. >>>>> >>>>>>> Using RBLs at MTA >>>>>> nope ... we have had very bad exprerience with that ... both >>>>>> tried spamcop and spamhaus ... both have to many FP here in >>>>>> denmark .... >>>>> >>>>> Spamcop is FP-prone, but I've never heard of a FP in north america >>>>> for spamhaus. >>>> Then you are a lucky man ... >>>> >>>> since the server aint that overloaded I dont see any reason to risk >>>> getting any FP ... >>>>> >>>>>> Its not a problem that I takes so long time .. just saw the >>>>>> message about the patch and wandered if that would make a diff on >>>>>> my scan times ... >>>>> >>>>> Ok, I doubt so. Did you put the MailScanner working dir and /tmp >>>>> in memory (tmpfs on linux)? >>>> no ... its on the disk ... and since every mail could be far too >>>> important I dont intend to use it .... >>> Tmpfs is absolutely safe on mailscanner if you follow the wiki and >>> only put the mailscanner incoming directory there. And the speed >>> increase is very noticeable, especially in virus and spam scanning. >>> Mailscanner does not actually remove any messages. It sees the >>> message in mqueue.in, extracts it to incoming, does its work, and if >>> messages are clean it hard links it to mqueue and then unlinks from >>> mqueue.in. So there is no chance of mailscanner losing a message. If >>> it dies at any point up to the unlink, the original message is in >>> mqueue.in waiting to be processed again. >> You mention the wiki ... I can only see >> http://wiki.mailscanner.info/doku.php and a link to: >> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/120.html witch >> does not seem to work. >> >> and there does not seem to be anything about tmpfs ... if ... then >> I'm not able to find it ... >> > Julian, > Do you have any of this old material ( like > http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/120.html) > archived somewhere? > I would be willing to spend some time fixing this up if I had the > content to put in. > I don't want to go from memory, as I will probably get something > really wonky. > Thank you very much, it's greatly appreciated! The old material is now online again at http://www.sng.ecs.soton.ac.uk/mailscanner.archive/serve/cache/ If you could get it added to the wiki (the useful bits, anyway :-) that would be great. Cheers, Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHDy6XEfZZRxQVtlQRAiK6AJ9d65YZ2Dd+j/YeAV7431BLNtaRawCg9nhM if24gMEa26EaXc2LIEpofvU= =990x -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Fri Oct 12 09:24:35 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Oct 12 09:24:54 2007 Subject: Very long lint test - leaving helper-app run mode In-Reply-To: References: Message-ID: <470F2F43.7000602@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The clue is in the line immediately after the one you highlighted. Razor2 is timing out. What you do about that is up to you. I find it works more often than not, so I keep it in my configuration. A&M ImpacT [W. Kranenborg] wrote: > > Dear guys, > > I just ran a lint test of spamassassin and the following wonders me. > ?leaving helper-app run mode? takes about 5 seconds. This seems very > long. > > Does anybody know why this takes so long or is this just normal? > > ? > > [23316] dbg: plugin: registering glue method for dummy_check > (FuzzyOcr=HASH(0x26391a0)) 0.00123 > > [23316] dbg: plugin: registering glue method for pdf_match_details > (Mail::SpamAssassin::Plugin::PDFInfo=HASH(0x240bf20)) 0.00022 > > [23316] dbg: plugin: registering glue method for check_uridnsbl > (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x828f40)) 0.00021 > > [23316] dbg: plugin: registering glue method for pdf_is_encrypted > (Mail::SpamAssassin::Plugin::PDFInfo=HASH(0x240bf20)) 0.0004 > > [23316] dbg: plugin: registering glue method for pdf_image_size_range > (Mail::SpamAssassin::Plugin::PDFInfo=HASH(0x240bf20)) 0.00151 > > [23316] dbg: plugin: registering glue method for > pdf_image_to_text_ratio > (Mail::SpamAssassin::Plugin::PDFInfo=HASH(0x240bf20)) 0.00048 > > [23316] dbg: rules: ran eval rule BAYES_50 ======> got hit 0.00041 > > [23316] dbg: plugin: registering glue method for pdf_is_empty_body > (Mail::SpamAssassin::Plugin::PDFInfo=HASH(0x240bf20)) 0.00056 > > [23316] dbg: rules: running raw-body-text per-line regexp tests; score > so far=0.961 0.00028 > > [23316] dbg: rules: ran rawbody rule __SOMETHING ======> got hit: "I" > 0.08492 > > [23316] dbg: rules: running full-text regexp tests; score so far=0.961 > 0.01016 > > [23316] dbg: plugin: registering glue method for check_razor2_range > (Mail::SpamAssassin::Plugin::Razor2=HASH(0x2410ee0)) 0.00863 > > [23316] dbg: info: entering helper-app run mode 0.00024 > > [23316] dbg: info: leaving helper-app run mode* 5.00712* > > [23316] dbg: razor2: razor2 check timed out after 5 seconds 0.0001 > > [23316] dbg: razor2: results: spam? 0 0.0002 > > [23316] dbg: razor2: results: engine 8, highest cf score: 0 4E-05 > > [23316] dbg: razor2: results: engine 4, highest cf score: 0 3E-05 > > [23316] dbg: plugin: registering glue method for check_razor2 > (Mail::SpamAssassin::Plugin::Razor2=HASH(0x2410ee0)) 9E-05 > > [23316] dbg: plugin: registering glue method for check_pyzor > (Mail::SpamAssassin::Plugin::Pyzor=HASH(0x240e480)) 0.00026 > > [23316] dbg: pyzor: pyzor is available: /usr/bin/pyzor 0.00012 > > [23316] dbg: info: entering helper-app run mode 0.00048 > > [23316] dbg: pyzor: opening pipe: /usr/bin/pyzor check < > /tmp/.spamassassin23316VHKUGttmp 0.00028 > > [23388] dbg: util: setuid: ruid=33 euid=33 0.00935 > > [23316] dbg: pyzor: [23388] finished: exit=0x0100 0.05349 > > [23316] dbg: pyzor: got response: 82.94.255.100:24441 (200, 'OK') 0 0 > 0.00011 > > [23316] dbg: info: leaving helper-app run mode 0.0001 > > [23316] dbg: plugin: > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x828f40) implements > 'check_tick' 0.00054 > > [23316] dbg: check: running tests for priority: 500 > > ? > > Kind regards, > > Wessel Kranenborg > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: windows-1252 wj8DBQFHDy9EEfZZRxQVtlQRAkCxAJ4rms23j9nngKdjIW3dgVIY15XknQCfTs7q 7SJE7dWggjKeANopDzs8Zrw= =Fv3o -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From mikael at syska.dk Fri Oct 12 09:33:47 2007 From: mikael at syska.dk (mikael@syska.dk) Date: Fri Oct 12 09:33:50 2007 Subject: Debug on a production server In-Reply-To: References: <470F0AAB.8040803@syska.dk> Message-ID: <59037.130.225.184.24.1192178027.squirrel@mail.syska.dk> Hi, thanks for the information. Later this week or next, I will try using tmpfs and see if that is faster on a freebsd 7.0-current system. // ouT > In my testing under fbsd 4.x I found a ufs filesystem with softupdates > just > as quick as a ramdisk..ymmv under freebsd. > > -- > martin > > On Fri, 12 Oct 2007 07:48:27 +0200 > Mikael Syska wrote: >> HI >> Scott Silva wrote: >>> I just fixed the maq page to replace the missing content >>>in this >>> section. I will work on what I can fix with the >>>documentation I >>> managed to save from the old site. >>> You now have the instructions to get started with tmpfs >>>though. >>> http://wiki.mailscanner.info/doku.php?id=maq:index >> If possible .... >> >> Can you then make a note on the wiki, that its only >>possible to use tmpfs on FreeBSD 7.0-current ... and >>ofcause stable when it will be released. >> If a erliar release is used, only ramdisk will be >>available with a fixed size..... >> >> Or am I allowed to update the wiki ? >> >> // ouT >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read >>http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the >>website! > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From andreab at guttadauro.com Fri Oct 12 11:19:27 2007 From: andreab at guttadauro.com (Andrea Bazzanini) Date: Fri Oct 12 11:16:42 2007 Subject: Question about rules Message-ID: <470F4A2F.70300@guttadauro.com> Hello Guys. I have changed mailscanner.conf and add this line Scan Messages = %rules-dir%/scan.messages.rules Below i write content of scan.messages.rules file FromOrTo: *@domain1.net yes FromOrTo: *@domain2.com yes FromOrTo: Default: no I try send message to domain1 and domain2 and email is correctly processed by mailscanner. I made another test and send email to domain3. Domain3 is processed ... IMHO domain3 must be delivered without any control !!! Why messages for domain3 are processed ??? Many Thanks AndreA NB: sorry about bad english -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi, ed e' risultato non infetto. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071012/080177f8/attachment.html From andreab at guttadauro.com Fri Oct 12 11:26:17 2007 From: andreab at guttadauro.com (Andrea Bazzanini) Date: Fri Oct 12 11:23:35 2007 Subject: Question about rules In-Reply-To: <470F4A2F.70300@guttadauro.com> References: <470F4A2F.70300@guttadauro.com> Message-ID: <470F4BC9.9030100@guttadauro.com> Hello Guys !!! After another check.... i found this (i think) error I wrote FromOrTo: Default: no # (there is : at the end !!!) instead of FromOrTo: Default no Is this the problem ?? -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi, ed e' risultato non infetto. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071012/dff572e0/attachment.html From Per.Olsson at interlan.se Fri Oct 12 11:54:49 2007 From: Per.Olsson at interlan.se (Per Olsson) Date: Fri Oct 12 11:54:57 2007 Subject: SV: Question about rules References: <470F4A2F.70300@guttadauro.com> <470F4BC9.9030100@guttadauro.com> Message-ID: Ehi amico J, Yes, there should'nt be a colon, that's probably what is causing your problem. Distini saluti, Per Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Andrea Bazzanini Skickat: den 12 oktober 2007 12:26 Till: MailScanner discussion ?mne: Re: Question about rules Hello Guys !!! After another check.... i found this (i think) error I wrote FromOrTo: Default: no # (there is : at the end !!!) instead of FromOrTo: Default no Is this the problem ?? -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi, ed e' risultato non infetto. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071012/bca50308/attachment.html From hvdkooij at vanderkooij.org Fri Oct 12 11:57:41 2007 From: hvdkooij at vanderkooij.org (hvdkooij@vanderkooij.org) Date: Fri Oct 12 11:58:05 2007 Subject: Question about rules In-Reply-To: <470F4BC9.9030100@guttadauro.com> References: <470F4A2F.70300@guttadauro.com> <470F4BC9.9030100@guttadauro.com> Message-ID: <470F5325.7000105@vanderkooij.org> Andrea Bazzanini wrote: > Hello Guys !!! > > After another check.... i found this (i think) error > > I wrote > > FromOrTo: Default: no # (there is : at the end !!!) > > instead of > > FromOrTo: Default no > > Is this the problem ?? Did it solve the issue? Or where yo sending from domain1 to domain3 and never getting to the default anyway. And as always. Test your config with the --lint option Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. From sandrews at andrewscompanies.com Fri Oct 12 13:58:41 2007 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Fri Oct 12 13:58:47 2007 Subject: sendmail ldap exchange In-Reply-To: References: <1964AAFBC212F742958F9275BF63DBB05B41A8@winchester.andrewscompanies.com> Message-ID: <1964AAFBC212F742958F9275BF63DBB05B41B9@winchester.andrewscompanies.com> any chance you can share your config? i've got it installed, but i really don't understand what smf-sav.conf is wanting me to config. also the readme says to add this milter to startup scripts before sendmail....also not quite sure what that's asking. it references some start up script examples...can't seem to find them. thanks. steve ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kevin Miller Sent: Thursday, October 11, 2007 3:20 PM To: MailScanner discussion Subject: RE: sendmail ldap exchange Take a look at the smf-sav milter - a number of folks here are using it, including myself, and it works just jiffy. Quite easy to set up. I'm not sure about the multiple domains part. I accept for multiple domains, but my Exchange server knows about all of them, so it isn't a problem. If you have multiple Exchange servers that don't do address synchronization it may or may not work. But it's easy, free and works well for us here... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steven Andrews Sent: Thursday, October 11, 2007 10:52 AM To: MailScanner discussion Subject: sendmail ldap exchange Can anyone comment on if this works? http://www.mailarchive.ca/lists/comp.mail.sendmail//2005-06/0022.html I'm currently running as suggested in the wiki: http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta :sendmail:how_to:setup_a_gateway I tried the above and everything got bounced back 550. Also wondering if you have multiple domains, I assume you need multiple: LDAPROUTE_DOMAIN(`yourdomain.com') One for each domain, but do you need multiple define('confLDAP_DEFAULT_SPC.... lines? OS is CentOS 4.3, sendmail is 8.13.1 The author makes reference to compiling sendmail to work with ldap. sendmail -bt -d0.1 responds: Using username "root". Last login: Thu Oct 11 11:47:16 2007 from mail.xxxxxxx.com [root@spamfiilter ~]# sendmail -bt -d0.1 Version 8.13.1 Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS TCPWRAPPERS USERDB USE_LDAP_INIT ============ SYSTEM IDENTITY (after readcf) ============ (short domain name) $w = spamfilter (canonical domain name) $j = spamfilter.xxxxxxx.com (subdomain name) $m = xxxxxxx.com (node name) $k = spamfiilter ======================================================== ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter
> Thanks! Steve -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071012/5afc8087/attachment.html From sandro at e-den.it Fri Oct 12 15:16:07 2007 From: sandro at e-den.it (Sandro Dentella) Date: Fri Oct 12 15:16:22 2007 Subject: Debug on a production server In-Reply-To: References: <20071011110924.GE2121@ubuntu> Message-ID: <20071012141607.GA21529@ubuntu> On Thu, Oct 11, 2007 at 01:40:05PM +0100, Martin.Hepworth wrote: > Sandro > > have a look at the optimisation page in the wiki, (local cachine dns > server, only run a couple of RBLs etc etc) > > if you're using SA 3.2.3 then make sure you have the DNS performance patch > installed and possibly disabled the whois lookup rules as well.. > > http://lists.mailscanner.info/pipermail/mailscanner/2007-September/078445.html since I still have spamassassin 3.1.4 (debian sarge default) I didn't apply the patch. Simply adding the rules you pointed out dramatically lowered the processing time from 100-150 seconds to 1-20 and the queue vanished completely. score __RCVD_IN_WHOIS 0 score RCVD_IN_WHOIS_INVALID 0 score URIBL_COMPLETEWHOIS 0 Very nice!! Now I guess I should spend some time understanding the rules... ;-) Thanks to all for the help sandro *;-) From andreab at guttadauro.com Fri Oct 12 15:42:06 2007 From: andreab at guttadauro.com (Andrea Bazzanini) Date: Fri Oct 12 15:39:45 2007 Subject: Question about rules In-Reply-To: <470F5325.7000105@vanderkooij.org> References: <470F4A2F.70300@guttadauro.com> <470F4BC9.9030100@guttadauro.com> <470F5325.7000105@vanderkooij.org> Message-ID: <470F87BE.6080800@guttadauro.com> Hello Guys ! Yes... i have fixed my issue. Thanks alot to all ! AndreA -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi, ed e' risultato non infetto. From Denis.Beauchemin at USherbrooke.ca Fri Oct 12 16:22:54 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Oct 12 16:24:20 2007 Subject: optimisation hints required & broken links on wiki In-Reply-To: <20071011135337.GA23760@ubuntu> References: <20071009101410.GA18717@ubuntu> <1191928006.23074.15.camel@gblades-suse.linguaphone-intranet.co.uk> <20071011135337.GA23760@ubuntu> Message-ID: <470F914E.1040701@USherbrooke.ca> Sandro Dentella a ?crit : > On Tue, Oct 09, 2007 at 12:06:46PM +0100, Gareth wrote: > >> What is your setting for 'Max Children' in MailScanner.conf? >> Given your processor and amount of RAM it should be set to no more than >> 10. >> >> > > I said i'm using dual xeon 3 GB. Better would have been 'dual xeon biproc'. > That's 4 procs (0-3 in /proc/cpuinfo). > > According to that mean config man page should be 4 processes for CPU. So I > should raise again to 20. Do I understand correctly? > > > sandro > *:-) > Sandro, I think Xeon processors are not really double processors. The second one is not as fast as the first one so you should not consider them as 2 processors. If you have a dual Xeon, then you are closer to 3 processors than 4. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From Richard.Frovarp at sendit.nodak.edu Fri Oct 12 16:32:23 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Fri Oct 12 16:32:29 2007 Subject: optimisation hints required & broken links on wiki In-Reply-To: <470F914E.1040701@USherbrooke.ca> References: <20071009101410.GA18717@ubuntu> <1191928006.23074.15.camel@gblades-suse.linguaphone-intranet.co.uk> <20071011135337.GA23760@ubuntu> <470F914E.1040701@USherbrooke.ca> Message-ID: <470F9387.50804@sendit.nodak.edu> Denis Beauchemin wrote: > Sandro Dentella a ?crit : >> On Tue, Oct 09, 2007 at 12:06:46PM +0100, Gareth wrote: >> >>> What is your setting for 'Max Children' in MailScanner.conf? >>> Given your processor and amount of RAM it should be set to no more than >>> 10. >>> >>> >> >> I said i'm using dual xeon 3 GB. Better would have been 'dual xeon >> biproc'. That's 4 procs (0-3 in /proc/cpuinfo). >> According to that mean config man page should be 4 processes for CPU. >> So I >> should raise again to 20. Do I understand correctly? >> >> >> sandro >> *:-) >> > Sandro, > > I think Xeon processors are not really double processors. The second > one is not as fast as the first one so you should not consider them as > 2 processors. If you have a dual Xeon, then you are closer to 3 > processors than 4. > > Denis > What? If it's a dual core Xeon, it has two cores of the same speed on one chip. If it's just hyper threading, well that's something else, and should probably be turned off. From Kevin_Miller at ci.juneau.ak.us Fri Oct 12 16:53:38 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Oct 12 16:53:07 2007 Subject: sendmail ldap exchange In-Reply-To: <1964AAFBC212F742958F9275BF63DBB05B41B9@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB05B41A8@winchester.andrewscompanies.com> <1964AAFBC212F742958F9275BF63DBB05B41B9@winchester.andrewscompanies.com> Message-ID: I sorta hesitate to send the whole thing for privacy's sake, but most is pretty straight forward. The parts that gave me pause I'll outline below - if you have questions beyond that holler and I'll try to fill in the blanks. Whitelist your internal networks so any host on the inside can use your mail server. For example: WhitelistIP 192.168.0.0/16 The host I grabbed the config from is called mx2.ci.juneau.ak.us - so that's what goes in "PublicName". You'll want to enter the name of your mail gateway as I would see it - i.e., what is used for the MX record in DNS. # FQDN of the publicly visible IP address of the interface # of an outgoing connection of your Sendmail daemon # It will be used with the SMTP HELO command for SAV and RAV # #PublicName yourhost.yourdomain.tld # it *MUST* be corrected properly PublicName mx2.ci.juneau.ak.us Mail to this address is whitelisted I think, so complaints/errors can come in: # Any valid e-Mail address of your local domain for the safe call-out purposes #SafeCallBack postmaster@yourdomain.tld # it *MUST* be corrected properly SafeCallBack postmaster@ci.juneau.ak.us This is the one that wasn't really clear to me. Basically it's asking for the name or address of the host that knows who all your users are. In this case it's my Exchange server. I used a phoney name here (but the real name in my actual config). This is the machine the LDAP looks are directed to. #MailStore yourhost.yourdomain.tld # uncomment and set it properly MailStore cbjmail.ci.juneau.ak.us Pretty much everything else was just left as the default. Of course, I've added remote hosts to the whitelist section as the situation warranted. You can see who's being denied in /var/log/mail (or where ever you mail logs go). Re: the milter. You have to add the following to the end of your sendmail.mc then rebuild your sendmail.cf file: define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO`, {verify}')dnl INPUT_MAIL_FILTER(`smf-sav', `S=unix:/var/run/smfs/smf-sav.sock, T=S:30s;R:4m')dnl Sendmail shouldn't be running, of course, while all this is happening. I presume that you were able to successfully compile smf-sav and it's installed. Now you just need to start smf-sav before you start MailScanner (since MailScanner starts sendmail). You do that via the normal Linux startup scripts. If you're new to Linux, you'll find them in /etc/init.d/. In that directory are many different scripts to start the system related stuff you have installed. Common examples are you networking stuff, database programs, web servers, etc. There are four scripts that come with smf-sav, if memory serves: one each for slackware, redhat, freebsd and solaris. If you're using Redhat or one of it's clones like Fedora, copy the smfsav.redhat over to the /etc/init.d directory and then create the links to it in the appropriate run level directories. That varies slightly from linux flavor to flavor. If you're not familiar with that, grab a manual appropriate to your distribution and read about how that works. It's really pretty straight forward, simple to explain, but potentially a lot of typing to do so. It's a pretty fundemental skill for managing a Linux box, so if you don't already understand it, you really need to get an understanding of it before you get in much deeper. Hope this helps... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steven Andrews Sent: Friday, October 12, 2007 4:59 AM To: MailScanner discussion Subject: RE: sendmail ldap exchange any chance you can share your config? i've got it installed, but i really don't understand what smf-sav.conf is wanting me to config. also the readme says to add this milter to startup scripts before sendmail....also not quite sure what that's asking. it references some start up script examples...can't seem to find them. thanks. steve ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kevin Miller Sent: Thursday, October 11, 2007 3:20 PM To: MailScanner discussion Subject: RE: sendmail ldap exchange Take a look at the smf-sav milter - a number of folks here are using it, including myself, and it works just jiffy. Quite easy to set up. I'm not sure about the multiple domains part. I accept for multiple domains, but my Exchange server knows about all of them, so it isn't a problem. If you have multiple Exchange servers that don't do address synchronization it may or may not work. But it's easy, free and works well for us here... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steven Andrews Sent: Thursday, October 11, 2007 10:52 AM To: MailScanner discussion Subject: sendmail ldap exchange Can anyone comment on if this works? http://www.mailarchive.ca/lists/comp.mail.sendmail//2005-06/0022.html I'm currently running as suggested in the wiki: http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta :sendmail:how_to:setup_a_gateway I tried the above and everything got bounced back 550. Also wondering if you have multiple domains, I assume you need multiple: LDAPROUTE_DOMAIN(`yourdomain.com') One for each domain, but do you need multiple define('confLDAP_DEFAULT_SPC.... lines? OS is CentOS 4.3, sendmail is 8.13.1 The author makes reference to compiling sendmail to work with ldap. sendmail -bt -d0.1 responds: Using username "root". Last login: Thu Oct 11 11:47:16 2007 from mail.xxxxxxx.com [root@spamfiilter ~]# sendmail -bt -d0.1 Version 8.13.1 Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS TCPWRAPPERS USERDB USE_LDAP_INIT ============ SYSTEM IDENTITY (after readcf) ============ (short domain name) $w = spamfilter (canonical domain name) $j = spamfilter.xxxxxxx.com (subdomain name) $m = xxxxxxx.com (node name) $k = spamfiilter ======================================================== ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter
> Thanks! Steve -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071012/3f9f2d2d/attachment.html From prandal at herefordshire.gov.uk Fri Oct 12 17:21:06 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Oct 12 17:21:22 2007 Subject: sendmail ldap exchange In-Reply-To: References: <1964AAFBC212F742958F9275BF63DBB05B41A8@winchester.andrewscompanies.com><1964AAFBC212F742958F9275BF63DBB05B41B9@winchester.andrewscompanies.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA01BEB9CB@HC-MBX02.herefordshire.gov.uk> For smf-sav to work with Exchange 2003, you have to enable a recipient policy to reject unknown recipients: There's a simple howto here: http://www.amset.info/exchange/filter-unknown.asp Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kevin Miller Sent: 12 October 2007 16:54 To: MailScanner discussion Subject: RE: sendmail ldap exchange I sorta hesitate to send the whole thing for privacy's sake, but most is pretty straight forward. The parts that gave me pause I'll outline below - if you have questions beyond that holler and I'll try to fill in the blanks. Whitelist your internal networks so any host on the inside can use your mail server. For example: WhitelistIP 192.168.0.0/16 The host I grabbed the config from is called mx2.ci.juneau.ak.us - so that's what goes in "PublicName". You'll want to enter the name of your mail gateway as I would see it - i.e., what is used for the MX record in DNS. # FQDN of the publicly visible IP address of the interface # of an outgoing connection of your Sendmail daemon # It will be used with the SMTP HELO command for SAV and RAV # #PublicName yourhost.yourdomain.tld # it *MUST* be corrected properly PublicName mx2.ci.juneau.ak.us Mail to this address is whitelisted I think, so complaints/errors can come in: # Any valid e-Mail address of your local domain for the safe call-out purposes #SafeCallBack postmaster@yourdomain.tld # it *MUST* be corrected properly SafeCallBack postmaster@ci.juneau.ak.us This is the one that wasn't really clear to me. Basically it's asking for the name or address of the host that knows who all your users are. In this case it's my Exchange server. I used a phoney name here (but the real name in my actual config). This is the machine the LDAP looks are directed to. #MailStore yourhost.yourdomain.tld # uncomment and set it properly MailStore cbjmail.ci.juneau.ak.us Pretty much everything else was just left as the default. Of course, I've added remote hosts to the whitelist section as the situation warranted. You can see who's being denied in /var/log/mail (or where ever you mail logs go). Re: the milter. You have to add the following to the end of your sendmail.mc then rebuild your sendmail.cf file: define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO`, {verify}')dnl INPUT_MAIL_FILTER(`smf-sav', `S=unix:/var/run/smfs/smf-sav.sock, T=S:30s;R:4m')dnl Sendmail shouldn't be running, of course, while all this is happening. I presume that you were able to successfully compile smf-sav and it's installed. Now you just need to start smf-sav before you start MailScanner (since MailScanner starts sendmail). You do that via the normal Linux startup scripts. If you're new to Linux, you'll find them in /etc/init.d/. In that directory are many different scripts to start the system related stuff you have installed. Common examples are you networking stuff, database programs, web servers, etc. There are four scripts that come with smf-sav, if memory serves: one each for slackware, redhat, freebsd and solaris. If you're using Redhat or one of it's clones like Fedora, copy the smfsav.redhat over to the /etc/init.d directory and then create the links to it in the appropriate run level directories. That varies slightly from linux flavor to flavor. If you're not familiar with that, grab a manual appropriate to your distribution and read about how that works. It's really pretty straight forward, simple to explain, but potentially a lot of typing to do so. It's a pretty fundemental skill for managing a Linux box, so if you don't already understand it, you really need to get an understanding of it before you get in much deeper. Hope this helps... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steven Andrews Sent: Friday, October 12, 2007 4:59 AM To: MailScanner discussion Subject: RE: sendmail ldap exchange any chance you can share your config? i've got it installed, but i really don't understand what smf-sav.conf is wanting me to config. also the readme says to add this milter to startup scripts before sendmail....also not quite sure what that's asking. it references some start up script examples...can't seem to find them. thanks. steve ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kevin Miller Sent: Thursday, October 11, 2007 3:20 PM To: MailScanner discussion Subject: RE: sendmail ldap exchange Take a look at the smf-sav milter - a number of folks here are using it, including myself, and it works just jiffy. Quite easy to set up. I'm not sure about the multiple domains part. I accept for multiple domains, but my Exchange server knows about all of them, so it isn't a problem. If you have multiple Exchange servers that don't do address synchronization it may or may not work. But it's easy, free and works well for us here... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steven Andrews Sent: Thursday, October 11, 2007 10:52 AM To: MailScanner discussion Subject: sendmail ldap exchange Can anyone comment on if this works? http://www.mailarchive.ca/lists/comp.mail.sendmail//2005-06/0022.html I'm currently running as suggested in the wiki: http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta :sendmail:how_to:setup_a_gateway I tried the above and everything got bounced back 550. Also wondering if you have multiple domains, I assume you need multiple: LDAPROUTE_DOMAIN(`yourdomain.com') One for each domain, but do you need multiple define('confLDAP_DEFAULT_SPC.... lines? OS is CentOS 4.3, sendmail is 8.13.1 The author makes reference to compiling sendmail to work with ldap. sendmail -bt -d0.1 responds: Using username "root". Last login: Thu Oct 11 11:47:16 2007 from mail.xxxxxxx.com [root@spamfiilter ~]# sendmail -bt -d0.1 Version 8.13.1 Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS TCPWRAPPERS USERDB USE_LDAP_INIT ============ SYSTEM IDENTITY (after readcf) ============ (short domain name) $w = spamfilter (canonical domain name) $j = spamfilter.xxxxxxx.com (subdomain name) $m = xxxxxxx.com (node name) $k = spamfiilter ======================================================== ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter
> Thanks! Steve -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071012/df393f3b/attachment.html From Kevin_Miller at ci.juneau.ak.us Fri Oct 12 17:43:32 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Oct 12 17:43:05 2007 Subject: sendmail ldap exchange In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA01BEB9CB@HC-MBX02.herefordshire.gov.uk> References: <1964AAFBC212F742958F9275BF63DBB05B41A8@winchester.andrewscompanies.com><1964AAFBC212F742958F9275BF63DBB05B41B9@winchester.andrewscompanies.com> <7EF0EE5CB3B263488C8C18823239BEBA01BEB9CB@HC-MBX02.herefordshire.gov.uk> Message-ID: Well spotted Phil - I'd forgotten about that. Not sure that I'd turn on tarpitting since the Exchange server is inside. Some rate limiting on the sendmail side like greet-pause or using smf-spf, greylisting, etc. can help keep the dictionary attacks at bay... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal, Phil Sent: Friday, October 12, 2007 8:21 AM To: MailScanner discussion Subject: RE: sendmail ldap exchange For smf-sav to work with Exchange 2003, you have to enable a recipient policy to reject unknown recipients: There's a simple howto here: http://www.amset.info/exchange/filter-unknown.asp Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kevin Miller Sent: 12 October 2007 16:54 To: MailScanner discussion Subject: RE: sendmail ldap exchange I sorta hesitate to send the whole thing for privacy's sake, but most is pretty straight forward. The parts that gave me pause I'll outline below - if you have questions beyond that holler and I'll try to fill in the blanks. Whitelist your internal networks so any host on the inside can use your mail server. For example: WhitelistIP 192.168.0.0/16 The host I grabbed the config from is called mx2.ci.juneau.ak.us - so that's what goes in "PublicName". You'll want to enter the name of your mail gateway as I would see it - i.e., what is used for the MX record in DNS. # FQDN of the publicly visible IP address of the interface # of an outgoing connection of your Sendmail daemon # It will be used with the SMTP HELO command for SAV and RAV # #PublicName yourhost.yourdomain.tld # it *MUST* be corrected properly PublicName mx2.ci.juneau.ak.us Mail to this address is whitelisted I think, so complaints/errors can come in: # Any valid e-Mail address of your local domain for the safe call-out purposes #SafeCallBack postmaster@yourdomain.tld # it *MUST* be corrected properly SafeCallBack postmaster@ci.juneau.ak.us This is the one that wasn't really clear to me. Basically it's asking for the name or address of the host that knows who all your users are. In this case it's my Exchange server. I used a phoney name here (but the real name in my actual config). This is the machine the LDAP looks are directed to. #MailStore yourhost.yourdomain.tld # uncomment and set it properly MailStore cbjmail.ci.juneau.ak.us Pretty much everything else was just left as the default. Of course, I've added remote hosts to the whitelist section as the situation warranted. You can see who's being denied in /var/log/mail (or where ever you mail logs go). Re: the milter. You have to add the following to the end of your sendmail.mc then rebuild your sendmail.cf file: define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO`, {verify}')dnl INPUT_MAIL_FILTER(`smf-sav', `S=unix:/var/run/smfs/smf-sav.sock, T=S:30s;R:4m')dnl Sendmail shouldn't be running, of course, while all this is happening. I presume that you were able to successfully compile smf-sav and it's installed. Now you just need to start smf-sav before you start MailScanner (since MailScanner starts sendmail). You do that via the normal Linux startup scripts. If you're new to Linux, you'll find them in /etc/init.d/. In that directory are many different scripts to start the system related stuff you have installed. Common examples are you networking stuff, database programs, web servers, etc. There are four scripts that come with smf-sav, if memory serves: one each for slackware, redhat, freebsd and solaris. If you're using Redhat or one of it's clones like Fedora, copy the smfsav.redhat over to the /etc/init.d directory and then create the links to it in the appropriate run level directories. That varies slightly from linux flavor to flavor. If you're not familiar with that, grab a manual appropriate to your distribution and read about how that works. It's really pretty straight forward, simple to explain, but potentially a lot of typing to do so. It's a pretty fundemental skill for managing a Linux box, so if you don't already understand it, you really need to get an understanding of it before you get in much deeper. Hope this helps... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steven Andrews Sent: Friday, October 12, 2007 4:59 AM To: MailScanner discussion Subject: RE: sendmail ldap exchange any chance you can share your config? i've got it installed, but i really don't understand what smf-sav.conf is wanting me to config. also the readme says to add this milter to startup scripts before sendmail....also not quite sure what that's asking. it references some start up script examples...can't seem to find them. thanks. steve ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kevin Miller Sent: Thursday, October 11, 2007 3:20 PM To: MailScanner discussion Subject: RE: sendmail ldap exchange Take a look at the smf-sav milter - a number of folks here are using it, including myself, and it works just jiffy. Quite easy to set up. I'm not sure about the multiple domains part. I accept for multiple domains, but my Exchange server knows about all of them, so it isn't a problem. If you have multiple Exchange servers that don't do address synchronization it may or may not work. But it's easy, free and works well for us here... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steven Andrews Sent: Thursday, October 11, 2007 10:52 AM To: MailScanner discussion Subject: sendmail ldap exchange Can anyone comment on if this works? http://www.mailarchive.ca/lists/comp.mail.sendmail//2005-06/0022.html I'm currently running as suggested in the wiki: http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta :sendmail:how_to:setup_a_gateway I tried the above and everything got bounced back 550. Also wondering if you have multiple domains, I assume you need multiple: LDAPROUTE_DOMAIN(`yourdomain.com') One for each domain, but do you need multiple define('confLDAP_DEFAULT_SPC.... lines? OS is CentOS 4.3, sendmail is 8.13.1 The author makes reference to compiling sendmail to work with ldap. sendmail -bt -d0.1 responds: Using username "root". Last login: Thu Oct 11 11:47:16 2007 from mail.xxxxxxx.com [root@spamfiilter ~]# sendmail -bt -d0.1 Version 8.13.1 Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS TCPWRAPPERS USERDB USE_LDAP_INIT ============ SYSTEM IDENTITY (after readcf) ============ (short domain name) $w = spamfilter (canonical domain name) $j = spamfilter.xxxxxxx.com (subdomain name) $m = xxxxxxx.com (node name) $k = spamfiilter ======================================================== ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter
> Thanks! Steve -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071012/639b0f4e/attachment-0001.html From ssilva at sgvwater.com Sat Oct 13 00:27:27 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Oct 13 00:28:57 2007 Subject: Debug on a production server In-Reply-To: <470F2E97.1010508@ecs.soton.ac.uk> References: <20071011110924.GE2121@ubuntu> <470E3FB4.1070807@syska.dk> <470E5D88.2050902@syska.dk> <470E733F.8040800@syska.dk> <470E89DC.2040808@syska.dk> <470F2E97.1010508@ecs.soton.ac.uk> Message-ID: on 10/12/2007 1:21 AM Julian Field spake the following: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Scott Silva wrote: >> on 10/11/2007 1:38 PM Mikael Syska spake the following: >>> Scott Silva wrote: >>>> on 10/11/2007 12:02 PM Mikael Syska spake the following: >>>>> Ugo Bellavance wrote: >>>>>> Mikael Syska wrote: >>>>>>> Hi, >>>>>>>>> There does not seem to be much info on this ... and my scan >>>>>>>>> times are also rather high ... not that its a problem atm ... >>>>>>>>> but it could be in the future :-( >>>>>>>> Please provide more information: >>>>>>>> >>>>>>>> Hardware >>>>>>> OS: FreeBSD 7 ( yes its current, but 6.4 did not perform very >>>>>>> disk with the SAS 5iR controller >>>>>>> 2GB ram >>>>>>> Dual Core Intel Xeon 3060 2.40 Ghz >>>>>>>> # of child processes >>>>>>> 8 >>>>>>>> scan times of full batches. >>>>>>> Oct 11 18:48:58 spam02 MailScanner[72858]: Batch (15 messages) >>>>>>> processed in 89.57 seconds >>>>>>> Oct 11 18:49:08 spam02 MailScanner[72872]: Batch (15 messages) >>>>>>> processed in 88.72 seconds >>>>>>> Oct 11 18:49:10 spam02 MailScanner[72854]: Batch (15 messages) >>>>>>> processed in 106.89 seconds >>>>>>> Oct 11 18:49:19 spam02 MailScanner[72865]: Batch (15 messages) >>>>>>> processed in 105.85 seconds >>>>>> Looks fine. Is there a reason why you use 15 message batches? >>>>> you mean instead of 30 .... >>>>> >>>>> Some performance turning I read on the wiki ... but t does not seem >>>>> to have any effect on my system ... so it will do up to deafult again. >>>>>>>> Using RBLs at MTA >>>>>>> nope ... we have had very bad exprerience with that ... both >>>>>>> tried spamcop and spamhaus ... both have to many FP here in >>>>>>> denmark .... >>>>>> Spamcop is FP-prone, but I've never heard of a FP in north america >>>>>> for spamhaus. >>>>> Then you are a lucky man ... >>>>> >>>>> since the server aint that overloaded I dont see any reason to risk >>>>> getting any FP ... >>>>>>> Its not a problem that I takes so long time .. just saw the >>>>>>> message about the patch and wandered if that would make a diff on >>>>>>> my scan times ... >>>>>> Ok, I doubt so. Did you put the MailScanner working dir and /tmp >>>>>> in memory (tmpfs on linux)? >>>>> no ... its on the disk ... and since every mail could be far too >>>>> important I dont intend to use it .... >>>> Tmpfs is absolutely safe on mailscanner if you follow the wiki and >>>> only put the mailscanner incoming directory there. And the speed >>>> increase is very noticeable, especially in virus and spam scanning. >>>> Mailscanner does not actually remove any messages. It sees the >>>> message in mqueue.in, extracts it to incoming, does its work, and if >>>> messages are clean it hard links it to mqueue and then unlinks from >>>> mqueue.in. So there is no chance of mailscanner losing a message. If >>>> it dies at any point up to the unlink, the original message is in >>>> mqueue.in waiting to be processed again. >>> You mention the wiki ... I can only see >>> http://wiki.mailscanner.info/doku.php and a link to: >>> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/120.html witch >>> does not seem to work. >>> >>> and there does not seem to be anything about tmpfs ... if ... then >>> I'm not able to find it ... >>> >> Julian, >> Do you have any of this old material ( like >> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/120.html) >> archived somewhere? >> I would be willing to spend some time fixing this up if I had the >> content to put in. >> I don't want to go from memory, as I will probably get something >> really wonky. >> > Thank you very much, it's greatly appreciated! > The old material is now online again at > http://www.sng.ecs.soton.ac.uk/mailscanner.archive/serve/cache/ > If you could get it added to the wiki (the useful bits, anyway :-) that > would be great. > > Cheers, > > Jules It will take me a few weeks to go through it all and see what I can do with it. Scott -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Sat Oct 13 00:34:01 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Oct 13 00:34:42 2007 Subject: Debug on a production server In-Reply-To: References: <20071011110924.GE2121@ubuntu> Message-ID: on 10/12/2007 1:18 AM Martin.Hepworth spake the following: > In my testing under fbsd 4.x I found a ufs filesystem with softupdates > just as quick as a ramdisk..ymmv under freebsd. > Isn't ufs with soft updates basically like journaling? And wouldn't the difference depend on if the OS tried to swap because of the decreased ram? I am probably showing my BSD ignorance. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Sat Oct 13 00:29:30 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Oct 13 00:35:22 2007 Subject: Debug on a production server In-Reply-To: <470F0AAB.8040803@syska.dk> References: <20071011110924.GE2121@ubuntu> <470E3FB4.1070807@syska.dk> <470E5D88.2050902@syska.dk> <470E733F.8040800@syska.dk> <470E89DC.2040808@syska.dk> <470F0AAB.8040803@syska.dk> Message-ID: on 10/11/2007 10:48 PM Mikael Syska spake the following: > HI > Scott Silva wrote: >> I just fixed the maq page to replace the missing content in this >> section. I will work on what I can fix with the documentation I >> managed to save from the old site. >> You now have the instructions to get started with tmpfs though. >> http://wiki.mailscanner.info/doku.php?id=maq:index > If possible .... > > Can you then make a note on the wiki, that its only possible to use > tmpfs on FreeBSD 7.0-current ... and ofcause stable when it will be > released. > If a erliar release is used, only ramdisk will be available with a fixed > size..... > > Or am I allowed to update the wiki ? > > // ouT You have to set up an account, but then edit away... I don't use Freebsd, so I wouldn't have known that. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Sat Oct 13 00:31:01 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Oct 13 00:40:21 2007 Subject: Debug on a production server In-Reply-To: <625385e30710120008t1a01f9fm1f1caa2249fad5d2@mail.gmail.com> References: <20071011110924.GE2121@ubuntu> <470E3FB4.1070807@syska.dk> <470E5D88.2050902@syska.dk> <470E733F.8040800@syska.dk> <470E89DC.2040808@syska.dk> <625385e30710120008t1a01f9fm1f1caa2249fad5d2@mail.gmail.com> Message-ID: on 10/12/2007 12:08 AM shuttlebox spake the following: > On 10/11/07, Scott Silva wrote: >> I just fixed the maq page to replace the missing content in this section. I >> will work on what I can fix with the documentation I managed to save from the >> old site. >> You now have the instructions to get started with tmpfs though. >> http://wiki.mailscanner.info/doku.php?id=maq:index > > Did you find the old material somewhere or did you just write it from > scratch? I'm pretty sure I added to the old about how to set up tmpfs > in Solaris. > Julian just put the info up, so I will be doing some editing. I had an old mailscanner manual that I got it from, so it only covered linux. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ajos1 at onion.demon.co.uk Sat Oct 13 19:34:24 2007 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Sat Oct 13 18:34:29 2007 Subject: Off Topic: Hotmail Message-ID: - Off Topic: Hotmail I am having a mare on two of my servers... in terms of sending mail to Hotmail.... Hotmail says: Oct 13 15:01:53 www sendmail[11277]: l9DE1hnP011220: to=, ctladdr= (0/0), delay=00:00:10, xdelay=00:00:02, mailer=esmtp, pri=120338, relay=mx1.hotmail.com. [65.54.244.136], dsn=2.0.0, stat=Sent ( <200710131401.l9DE1fti011214@www.tbshs.herts.sch.uk> Queued mail for delivery) ( MYUSER has replaced the real names )... Basically it says it has accepted it... but it never arrives... This applies to roughly 8 out of 10 messages sent to HOTMAIL . Does anyone have any ideas what I can do to get it to accept my mail! (I have seen reference to Hotmail and SPF problems on the InterWeb... but I do not have that... far as I know...) From hvdkooij at vanderkooij.org Sat Oct 13 19:08:41 2007 From: hvdkooij at vanderkooij.org (hvdkooij@vanderkooij.org) Date: Sat Oct 13 19:09:01 2007 Subject: Off Topic: Hotmail In-Reply-To: References: Message-ID: <471109A9.4030209@vanderkooij.org> ajos1@onion.demon.co.uk wrote: > - > > Off Topic: Hotmail > > I am having a mare on two of my servers... in terms of sending mail to Hotmail.... Hotmail says: > > Oct 13 15:01:53 www sendmail[11277]: l9DE1hnP011220: to=, ctladdr= (0/0), delay=00:00:10, xdelay=00:00:02, mailer=esmtp, pri=120338, relay=mx1.hotmail.com. [65.54.244.136], dsn=2.0.0, stat=Sent ( <200710131401.l9DE1fti011214@www.tbshs.herts.sch.uk> Queued mail for delivery) That happens to be you log. Not the one from hotmail. If you want to be sure then use tcpdump or WireShark to track the messages. (I have seen reference to Hotmail and SPF problems on the InterWeb... but I do not have that... far as I know...) Just for argument sake. What is on the path from your SMTP server to the outside world? IS there some firewall in ther trying to be smart about SMTP traffic? And they do have a long SMTP welcome message:220 bay0-mc12-f21.bay0.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.msn.com/Anti-spam/. Violations will result in use of equipment located in California and other states. Sat, 13 Oct 2007 11:04:20 -0700 Almost a full disclaimer. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3661 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071013/2242dbfb/smime.bin From rcooper at dwford.com Sat Oct 13 19:24:08 2007 From: rcooper at dwford.com (Rick Cooper) Date: Sat Oct 13 19:24:16 2007 Subject: Off Topic: Hotmail In-Reply-To: References: Message-ID: <103401c80dc6$3f510860$0301a8c0@SAHOMELT> I believe you may have issues with SmartScreen. SmartScreen dumps, dumps, deletes, removes user mail after accepting it and does not inform the sender or the recipient. This is an example of Microsoft at their very worst. They will not divulge what causes SmartScreen to choose an email to dump, and I have found that a user can send the very same message (resend button) a few hours apart and the second one might go. Further IIRC you can pay MS to place your mail service on a list of servers that never have SmartScreen applied. The users have no ability to turn it off, and most do not even know it exists (free mail get what you pay for). I have made all our users aware of this and if they send a message that does not arrive I can give them the date and time that hotmail/livemail accepted delivery and tell them to get another mail service or get used to having Microsoft decide what mails they will or will not get. http://postmaster.live.com/FightingJunk.aspx http://www.microsoft.com/mscorp/safety/technologies/antispam/default.mspx#2 Rick > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of ajos1@onion.demon.co.uk > Sent: Saturday, October 13, 2007 2:34 PM > To: mailscanner@lists.mailscanner.info > Cc: ajos1@onion.demon.co.uk > Subject: Off Topic: Hotmail > > - > > Off Topic: Hotmail > > I am having a mare on two of my servers... in terms of > sending mail to Hotmail.... Hotmail says: > > Oct 13 15:01:53 www sendmail[11277]: l9DE1hnP011220: > to=, > ctladdr= (0/0), > delay=00:00:10, xdelay=00:00:02, mailer=esmtp, pri=120338, > relay=mx1.hotmail.com. [65.54.244.136], dsn=2.0.0, stat=Sent > ( <200710131401.l9DE1fti011214@www.tbshs.herts.sch.uk> > Queued mail for delivery) > > ( MYUSER has replaced the real names )... > > Basically it says it has accepted it... but it never arrives... > > This applies to roughly 8 out of 10 messages sent to HOTMAIL . > > Does anyone have any ideas what I can do to get it to accept my mail! > > (I have seen reference to Hotmail and SPF problems on the > InterWeb... but I do not have that... far as I know...) > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From j.ede at birchenallhowden.co.uk Sat Oct 13 19:54:14 2007 From: j.ede at birchenallhowden.co.uk (Jason Ede) Date: Sat Oct 13 19:54:57 2007 Subject: Off Topic: Hotmail Message-ID: I've found that making sure your spf records are correct tends to help a lot with hotmail. Their whitelist that you subscribe to along with money seems to be just a way of getting the spammers to pay to spam hotmail... -----Original Message----- From: ajos1@onion.demon.co.uk Sent: 13 October 2007 18:49 To: mailscanner@lists.mailscanner.info Cc: ajos1@onion.demon.co.uk Subject: Off Topic: Hotmail - Off Topic: Hotmail I am having a mare on two of my servers... in terms of sending mail to Hotmail.... Hotmail says: Oct 13 15:01:53 www sendmail[11277]: l9DE1hnP011220: to=, ctladdr= (0/0), delay=00:00:10, xdelay=00:00:02, mailer=esmtp, pri=120338, relay=mx1.hotmail.com. [65.54.244.136], dsn=2.0.0, stat=Sent ( <200710131401.l9DE1fti011214@www.tbshs.herts.sch.uk> Queued mail for delivery) ( MYUSER has replaced the real names )... Basically it says it has accepted it... but it never arrives... This applies to roughly 8 out of 10 messages sent to HOTMAIL . Does anyone have any ideas what I can do to get it to accept my mail! (I have seen reference to Hotmail and SPF problems on the InterWeb... but I do not have that... far as I know...) -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ajcartmell at fonant.com Sat Oct 13 19:55:10 2007 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Sat Oct 13 19:55:14 2007 Subject: Off Topic: Hotmail In-Reply-To: References: Message-ID: > Basically it says it has accepted it... but it never arrives... > > This applies to roughly 8 out of 10 messages sent to HOTMAIL . Yup, Hotmail is getting very good at silently deleting e-mails. They're accepted for delivery but never arrive. Most annoying if the recipient relies on these messages for new contacts: unless they happen to get talking via other communication channels no-one knows there's a problem! > Does anyone have any ideas what I can do to get it to accept my mail! You need to jump through all sorts of unspecified hoops, it seems, as well as some or all of the things specified at http://postmaster.msn.com/Guidelines.aspx The biggest problem I've had is sending messages from web forms. SPF uses the envelope sender (my web server) which is OK, SenderID uses the From: address (could be anything) which always fails. I had some response from MS support from using this well-hidden form: https://support.msn.com/eform.aspx?productKey=edfsmsbl&ct=eformts and they did something to help my server send mail to hotmail. But messages still often get flagged as being dangerous because SenderID tests failed. The "nice" quote from MS is: "The troubleshooting steps in this email are recommendations only. Microsoft makes no guarantees that following these steps will guarantee deliverability to MSN, Hotmail, or Live.com customers." I wouldn't mind, if they _told_ me my message wasn't deliverable! I'm going to try adding a "Resent-From:" header to see if that fixes the SenderID problem, but am still researching the implications (I'd only do it for hotmail addresses). I don't really want to make my webserver the "From" address, it just looks wrong in the hotmail inbox... Similar mail gets through my filters quite happily, and also gets delivered reliably to Google Mail. Cheers! Anthony -- www.fonant.com - Quality web sites From hvdkooij at vanderkooij.org Sat Oct 13 20:37:04 2007 From: hvdkooij at vanderkooij.org (hvdkooij@vanderkooij.org) Date: Sat Oct 13 20:37:37 2007 Subject: [SPAM] Re: Off Topic: Hotmail In-Reply-To: References: Message-ID: <47111E60.3060501@vanderkooij.org> ajos1@onion.demon.co.uk wrote: > - > > Off Topic: Hotmail > > I am having a mare on two of my servers... in terms of sending mail to Hotmail.... Hotmail says: > > Oct 13 15:01:53 www sendmail[11277]: l9DE1hnP011220: to=, ctladdr= (0/0), delay=00:00:10, xdelay=00:00:02, mailer=esmtp, pri=120338, relay=mx1.hotmail.com. [65.54.244.136], dsn=2.0.0, stat=Sent ( <200710131401.l9DE1fti011214@www.tbshs.herts.sch.uk> Queued mail for delivery) > > ( MYUSER has replaced the real names )... > > Basically it says it has accepted it... but it never arrives... > > This applies to roughly 8 out of 10 messages sent to HOTMAIL . > > Does anyone have any ideas what I can do to get it to accept my mail! > > (I have seen reference to Hotmail and SPF problems on the InterWeb... but I do not have that... far as I know...) The ackward thing is. They do not do enough to stop spammers from their own network. I get plenty of messages like this: Received: from bay0-omc2-s22.bay0.hotmail.com (bay0-omc2-s22.bay0.hotmail.com [65.54.246.158]) by balin.waakhond.net (Postfix) with ESMTP id 7020817E884E for ; Sat, 13 Oct 2007 19:41:02 +0200 (CEST) Received: from BAY114-W5 ([65.54.169.105]) by bay0-omc2-s22.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Sat, 13 Oct 2007 10:41:01 -0700 Message-ID: X-Originating-IP: [71.250.47.46] From: kicking Cruz Sender: To: Subject: =?utf-8?Q?Prescriiptions_Fediex_1_Day=EF=BF=BD_levitira_Get_Expilosive_Er?= =?utf-8?Q?ectioins_today!_Erectiile_Dysfuncition=3F?= Date: Sat, 13 Oct 2007 17:41:01 +0000 Importance: Normal Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginalArrivalTime: 13 Oct 2007 17:41:01.0292 (UTC) FILETIME=[388102C0:01C80DC0] That is why I am looking into a system to play this the other way around. While I do not like whitelisting system you need to register to in general it may be required to stop the hotmail spammers. Hugo -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3661 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071013/7fc71e65/smime.bin From glenn.steen at gmail.com Sun Oct 14 15:50:57 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Oct 14 15:50:59 2007 Subject: MySQL Error on Mailscanner load In-Reply-To: <470E79CC.8050501@maddoc.net> References: <1721213318.20071011130438@SYO.Com> <470E68C6.6070308@maddoc.net> <470E6A3F.9080503@maddoc.net> <1449740572.20071011152845@SYO.Com> <470E79CC.8050501@maddoc.net> Message-ID: <223f97700710140750p4633df10y33822c45ecf75711@mail.gmail.com> On 11/10/2007, Doc Schneider wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Jason Gottschalk wrote: > > Hello Doc, > > > > This did not work, although it did run successfully! > > > > Thursday, October 11, 2007, 2:23:59 PM, you wrote: > > Doc> typo: cd /var/lib/mysql/mailscanner > > Doc> Had too many n's. HAR! > > > > > > Then mysql mailscanner > REPAIR TABLE maillog; > Another thought... What does select count(*) maillog; (in "mysql mailscanner", of ourse) give? I suppose you (Jason) run MailWatch, so ... on the tools page you should be able to see something about the mysql status (or lack thereof:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sun Oct 14 15:56:10 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Oct 14 15:56:12 2007 Subject: Change default phishing net setting? In-Reply-To: <470E8183.2010602@ecs.soton.ac.uk> References: <470E8183.2010602@ecs.soton.ac.uk> Message-ID: <223f97700710140756o78fea656o57908bafd5d43a95@mail.gmail.com> On 11/10/2007, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I am considering changing the supplied default > Use Stricter Phishing Net = yes > to "no". > > As a reminder, the biggest consequence of this is that links that take > you to host tracking.yourdomain.com while claiming to be taking you to > www.yourdomain.com would be allowed. > > Any thoughts? > What do most people set this to? > > Jules > In a BOFH-ish .... mood... I've always had this set to "yes"... Perhaps time for me to be ... "nice"...:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mgaudreault at reference.qc.ca Sun Oct 14 16:24:13 2007 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Sun Oct 14 16:24:19 2007 Subject: No header changes after upgrade to 4.55.10-3 Message-ID: <6DD6B2C8A11BFC4092A148347F6126B841258E@jupiter.reference.local> Hi, I upgraded my antispam gateway to Debian Etch. It upgraded Mailscanner to 4.55.10-3. I had an error about the "SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf" setting. I commented out this line, is that ok ? Second problem, there's no more change to the message headers. It don't add these headers anymore: X-RS-MailScanner: Found to be clean X-RS-MailScanner-SpamScore: ss X-RS-MailScanner-From: ca-news@your.hp.com Any help would be appreciated Maxime Gaudreault Technicien R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071014/ce571d5f/attachment.html From mgaudreault at reference.qc.ca Sun Oct 14 16:30:06 2007 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Sun Oct 14 16:30:12 2007 Subject: No header changes after upgrade to 4.55.10-3 In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B841258E@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B841258E@jupiter.reference.local> Message-ID: <6DD6B2C8A11BFC4092A148347F6126B841258F@jupiter.reference.local> I just noticed that the Header is added in the message's body is this message is in TEXT format. If the message is HTML, I can't see the header changes. Exemple: X-MailScanner-Information Please contact the ISP for more information X-RS-MailScanner: Found to be clean X-RS-MailScanner-SpamScore: ss X-RS-MailScanner-From: mailscanner-bounces@lists.mailscanner.info Mailing list subscription confirmation notice for mailing list MailScanner We have received a request from x.x.x.x for subscription of your email address, "xxx@xxx.xxx", to the mailscanner@lists.mailscanner.info mailing list. To confirm that you want to be added to this mailing list, simply reply to this message, keeping the Subject: header intact. Or visit this web page: Maxime Gaudreault Technicien R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Maxime Gaudreault Sent: October 14, 2007 11:24 To: mailscanner@lists.mailscanner.info Subject: No header changes after upgrade to 4.55.10-3 Hi, I upgraded my antispam gateway to Debian Etch. It upgraded Mailscanner to 4.55.10-3. I had an error about the "SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf" setting. I commented out this line, is that ok ? Second problem, there's no more change to the message headers. It don't add these headers anymore: X-RS-MailScanner: Found to be clean X-RS-MailScanner-SpamScore: ss X-RS-MailScanner-From: ca-news@your.hp.com Any help would be appreciated Maxime Gaudreault Technicien R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071014/d6a421a7/attachment.html From glenn.steen at gmail.com Sun Oct 14 16:55:49 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Oct 14 16:55:52 2007 Subject: No header changes after upgrade to 4.55.10-3 In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B841258F@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B841258E@jupiter.reference.local> <6DD6B2C8A11BFC4092A148347F6126B841258F@jupiter.reference.local> Message-ID: <223f97700710140855y7340f3f2pb47d880f2a4daa2@mail.gmail.com> On 14/10/2007, Maxime Gaudreault wrote: > > I just noticed that the Header is added in the message's body is this > message is in TEXT format. If the message is HTML, I can't see the header > changes. > Could you please show a complete example? Lets work with a "pure text" example, then we'd like to see the whole thing, headers and body. You can edit it to not show details you think private, but ... As is, all I can say is that *something* seems to be inserting a blank line before the MS headers... Also... 4.55.10 isn't exactly new... Consider not letting Debian install such an old thing and going with another install method... If that doesn't suit you, perhaps getting MS from unstable would be more OK. And the line you commented out, I suppose that was the line in MailScanner.conf? Doing that will only make it use the default, which likely isn't what you wanted...:-). For a modern MailScanner there should be no need to point to that file in the MS config, since it should be referenced through a symbolic link in /etc/mail/spamassassin (mailscanner.cf should point to your spam.assassin.prefs.conf file), so that all invocations of spamassassin would pick it up "automagically":-). Might be that that was the version where that switch got effective ... so then removing the setting would be the right thing to do... Do you have the symlink? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071014/6830e76c/attachment.html From mgaudreault at reference.qc.ca Sun Oct 14 17:33:17 2007 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Sun Oct 14 17:33:24 2007 Subject: No header changes after upgrade to 4.55.10-3 In-Reply-To: <223f97700710140855y7340f3f2pb47d880f2a4daa2@mail.gmail.com> References: <6DD6B2C8A11BFC4092A148347F6126B841258E@jupiter.reference.local><6DD6B2C8A11BFC4092A148347F6126B841258F@jupiter.reference.local> <223f97700710140855y7340f3f2pb47d880f2a4daa2@mail.gmail.com> Message-ID: <6DD6B2C8A11BFC4092A148347F6126B8412593@jupiter.reference.local> This is the complete header: Microsoft Mail Internet Headers Version 2.0 Received: from blademail.reference.qc.ca ([10.0.1.12]) by jupiter.reference.local with Microsoft SMTPSVC(6.0.3790.3959); Sun, 14 Oct 2007 11:40:34 -0400 Received: from SMTP32-FWD by reference.qc.ca (SMTP32) id A3839048B0000140E; Sun, 14 Oct 2007 11:39:37 -0400 Received: from pf.reference.qc.ca [10.0.1.67] by blademail.reference.qc.ca with ESMTP (SMTPD-9.20) id A839028C; Sun, 14 Oct 2007 11:39:37 -0400 Received-SPF: pass (localhost.localdomain: domain of XXX@gmail.com designates 64.233.182.189 as permitted sender) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.189]) by pf.reference.qc.ca (Postfix) with ESMTP id BDE1D81801A for ; Sun, 14 Oct 2007 11:47:19 -0400 (EDT) Received: by nf-out-0910.google.com with SMTP id d3so1044220nfc for ; Sun, 14 Oct 2007 08:40:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=MPRIAx6pprtmfB3S/gb41hFWLeEbumqazS0loVOg9mM=; b=ZaIKRF5KATJW1wmm/2p2irJ0ZOGSNI3I9qWsWeWoBx00jQQRo9L/ZigTp0vDoEMCOzTcUZqeTLuVfjEuMZOn283hFha2Tpir0zBIWD+RQmzRHZKolM9JgvQrVMYblJ00xhsdK6PMpR9AmW9cMgWMXZQ36eJjIq2x4S7mulPU4Yg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=k9uuoe9ZPEGDFB0Kc2retKw7vKiVThnJTbIYyUHn2xZpmy0huQRxJWdTZBkZLNEPI8GIM2hHg1+7CYl4/5yhrbUuTlr8UFRbx8kd57WLlFPtjmWSi7Ze+ckni8pEdmOj/kCYmIo03i4u5Z5uKXudCB7DSyliqD0huC91hwiSZM0= Received: by 10.78.142.14 with SMTP id p14mr3477832hud.1192376410977; Sun, 14 Oct 2007 08:40:10 -0700 (PDT) Received: by 10.78.146.20 with HTTP; Sun, 14 Oct 2007 08:40:10 -0700 (PDT) Message-ID: Date: Sun, 14 Oct 2007 11:40:10 -0400 From: "Maxime Gaudreault" To: mgaudreault@reference.qc.ca Subject: test MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Return-Path: maxime.gaudreault@gmail.com X-OriginalArrivalTime: 14 Oct 2007 15:40:34.0449 (UTC) FILETIME=[8F620810:01C80E78] And the body: X-MailScanner-Information Please contact the ISP for more information X-RS-MailScanner: Found to be clean X-RS-MailScanner-From: XXX@gmail.com test message Maxime Gaudreault Technicien R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: October 14, 2007 11:56 To: MailScanner discussion Subject: Re: No header changes after upgrade to 4.55.10-3 On 14/10/2007, Maxime Gaudreault wrote: I just noticed that the Header is added in the message's body is this message is in TEXT format. If the message is HTML, I can't see the header changes. Could you please show a complete example? Lets work with a "pure text" example, then we'd like to see the whole thing, headers and body. You can edit it to not show details you think private, but ... As is, all I can say is that *something* seems to be inserting a blank line before the MS headers... Also... 4.55.10 isn't exactly new... Consider not letting Debian install such an old thing and going with another install method... If that doesn't suit you, perhaps getting MS from unstable would be more OK. And the line you commented out, I suppose that was the line in MailScanner.conf? Doing that will only make it use the default, which likely isn't what you wanted...:-). For a modern MailScanner there should be no need to point to that file in the MS config, since it should be referenced through a symbolic link in /etc/mail/spamassassin ( mailscanner.cf should point to your spam.assassin.prefs.conf file), so that all invocations of spamassassin would pick it up "automagically":-). Might be that that was the version where that switch got effective ... so then removing the setting would be the right thing to do... Do you have the symlink? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071014/41f0f937/attachment.html From mgaudreault at reference.qc.ca Sun Oct 14 17:45:35 2007 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Sun Oct 14 17:45:46 2007 Subject: No header changes after upgrade to 4.55.10-3 In-Reply-To: <223f97700710140855y7340f3f2pb47d880f2a4daa2@mail.gmail.com> References: <6DD6B2C8A11BFC4092A148347F6126B841258E@jupiter.reference.local><6DD6B2C8A11BFC4092A148347F6126B841258F@jupiter.reference.local> <223f97700710140855y7340f3f2pb47d880f2a4daa2@mail.gmail.com> Message-ID: <6DD6B2C8A11BFC4092A148347F6126B8412594@jupiter.reference.local> "And the line you commented out, I suppose that was the line in MailScanner.conf? Doing that will only make it use the default, which likely isn't what you wanted...:-). For a modern MailScanner there should be no need to point to that file in the MS config, since it should be referenced through a symbolic link in /etc/mail/spamassassin ( mailscanner.cf should point to your spam.assassin.prefs.conf file), so that all invocations of spamassassin would pick it up "automagically":-). Might be that that was the version where that switch got effective ... so then removing the setting would be the right thing to do... Do you have the symlink?" Yes I have the symlink For the 4.55.10 version that is old.. I will install from the .tar.gz package later... I'm not sure how to keep my actual config with the new version... Maxime Gaudreault Technicien R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: October 14, 2007 11:56 To: MailScanner discussion Subject: Re: No header changes after upgrade to 4.55.10-3 On 14/10/2007, Maxime Gaudreault wrote: I just noticed that the Header is added in the message's body is this message is in TEXT format. If the message is HTML, I can't see the header changes. Could you please show a complete example? Lets work with a "pure text" example, then we'd like to see the whole thing, headers and body. You can edit it to not show details you think private, but ... As is, all I can say is that *something* seems to be inserting a blank line before the MS headers... Also... 4.55.10 isn't exactly new... Consider not letting Debian install such an old thing and going with another install method... If that doesn't suit you, perhaps getting MS from unstable would be more OK. And the line you commented out, I suppose that was the line in MailScanner.conf? Doing that will only make it use the default, which likely isn't what you wanted...:-). For a modern MailScanner there should be no need to point to that file in the MS config, since it should be referenced through a symbolic link in /etc/mail/spamassassin ( mailscanner.cf should point to your spam.assassin.prefs.conf file), so that all invocations of spamassassin would pick it up "automagically":-). Might be that that was the version where that switch got effective ... so then removing the setting would be the right thing to do... Do you have the symlink? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071014/af12942f/attachment.html From mgaudreault at reference.qc.ca Sun Oct 14 18:00:31 2007 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Sun Oct 14 18:00:36 2007 Subject: No header changes after upgrade to 4.55.10-3 In-Reply-To: <223f97700710140855y7340f3f2pb47d880f2a4daa2@mail.gmail.com> References: <6DD6B2C8A11BFC4092A148347F6126B841258E@jupiter.reference.local><6DD6B2C8A11BFC4092A148347F6126B841258F@jupiter.reference.local> <223f97700710140855y7340f3f2pb47d880f2a4daa2@mail.gmail.com> Message-ID: <6DD6B2C8A11BFC4092A148347F6126B8412595@jupiter.reference.local> I found the problem... I did not use the upgrade_MailScanner_conf script... The headers are ok now Maxime Gaudreault Technicien R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: October 14, 2007 11:56 To: MailScanner discussion Subject: Re: No header changes after upgrade to 4.55.10-3 On 14/10/2007, Maxime Gaudreault wrote: I just noticed that the Header is added in the message's body is this message is in TEXT format. If the message is HTML, I can't see the header changes. Could you please show a complete example? Lets work with a "pure text" example, then we'd like to see the whole thing, headers and body. You can edit it to not show details you think private, but ... As is, all I can say is that *something* seems to be inserting a blank line before the MS headers... Also... 4.55.10 isn't exactly new... Consider not letting Debian install such an old thing and going with another install method... If that doesn't suit you, perhaps getting MS from unstable would be more OK. And the line you commented out, I suppose that was the line in MailScanner.conf? Doing that will only make it use the default, which likely isn't what you wanted...:-). For a modern MailScanner there should be no need to point to that file in the MS config, since it should be referenced through a symbolic link in /etc/mail/spamassassin ( mailscanner.cf should point to your spam.assassin.prefs.conf file), so that all invocations of spamassassin would pick it up "automagically":-). Might be that that was the version where that switch got effective ... so then removing the setting would be the right thing to do... Do you have the symlink? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071014/96598419/attachment-0001.html From glenn.steen at gmail.com Sun Oct 14 18:12:21 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Oct 14 18:12:24 2007 Subject: No header changes after upgrade to 4.55.10-3 In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B8412594@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B841258E@jupiter.reference.local> <6DD6B2C8A11BFC4092A148347F6126B841258F@jupiter.reference.local> <223f97700710140855y7340f3f2pb47d880f2a4daa2@mail.gmail.com> <6DD6B2C8A11BFC4092A148347F6126B8412594@jupiter.reference.local> Message-ID: <223f97700710141012i76698273g9e8e29115a134a2c@mail.gmail.com> On 14/10/2007, Maxime Gaudreault wrote: > > "And the line you commented out, I suppose that was the line in > MailScanner.conf? Doing that will only make it use the default, which > likely isn't what you wanted...:-). For a modern MailScanner there should be > no need to point to that file in the MS config, since it should be > referenced through a symbolic link in /etc/mail/spamassassin ( > mailscanner.cf should point to your spam.assassin.prefs.conf file), so > that all invocations of spamassassin would pick it up "automagically":-). > Might be that that was the version where that switch got effective ... so > then removing the setting would be the right thing to do... Do you have the > symlink?" > > > > Yes I have the symlink > > > > For the 4.55.10 version that is old.. I will install from the .tar.gz > package later? I'm not sure how to keep my actual config with the new > version? > Good plan....:-) Just save the rules and MailScanner.conf ... and anything else you've changed... then "reapply" them to the new install by hand (you could likely copy the MailScanner.conf (and rules files) into place ... /opt/MailScanner/etc ... and then run the upgrade_MailScanner_conf script... Might be good to have a backup handy though:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071014/92e263af/attachment.html From glenn.steen at gmail.com Sun Oct 14 18:13:06 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Oct 14 18:13:09 2007 Subject: No header changes after upgrade to 4.55.10-3 In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B8412595@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B841258E@jupiter.reference.local> <6DD6B2C8A11BFC4092A148347F6126B841258F@jupiter.reference.local> <223f97700710140855y7340f3f2pb47d880f2a4daa2@mail.gmail.com> <6DD6B2C8A11BFC4092A148347F6126B8412595@jupiter.reference.local> Message-ID: <223f97700710141013y3e370b2fw8f8860df7a3c824f@mail.gmail.com> On 14/10/2007, Maxime Gaudreault wrote: > > I found the problem? I did not use the upgrade_MailScanner_conf script? > > > > The headers are ok now > Ah. That one... Glad to hear you're OK now:). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071014/42d2f6ea/attachment.html From ajos1 at onion.demon.co.uk Sun Oct 14 19:51:45 2007 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Sun Oct 14 18:51:49 2007 Subject: Off Topic: Hotmail Message-ID: - Many many thanks to the following replies: 1. Off Topic: Hotmail (ajos1@onion.demon.co.uk) 2. Re: Off Topic: Hotmail (hvdkooij@vanderkooij.org) 3. RE: Off Topic: Hotmail (Rick Cooper) 4. RE: Off Topic: Hotmail (Jason Ede) 5. Re: Off Topic: Hotmail (Anthony Cartmell) 6. [SPAM] Re: Off Topic: Hotmail (hvdkooij@vanderkooij.org) I know that my system is talking directly to hotmail.com ... and it is not a firewall issue... [root@www ~]# telnet mx1.hotmail.com 25 Trying 65.54.244.136... Connected to mx1.hotmail.com (65.54.244.136). Escape character is '^]'. 220 bay0-mc3-f17.bay0.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.msn.com/Anti-spam/. Violations will result in use of equipment located in California and other states. Sun, 14 Oct 2007 10:48:24 -0700 I have noticed one thing... though... If I send a message out from hotmail.com and reply... the reply will have a much much higher success rate at getting back to hotmail.com than a brand new message. (Especially from Outlook). I have always had the "mail gets put into people's junk mail folder" problem... but that is minor compared to nothing getting through at all! Even though I totally disagree with paying to be on a hotmail whitelist... it is something I might have to do... because it is my servers users who count... not my opinions. I am going to try and sort out this SPF DNS method... the main problem is that alot of peoples domain registrations are all over the place... so it is going to take some work. Thanks for your excellent replies... time to ruin my DNS system!!! From mgaudreault at reference.qc.ca Sun Oct 14 19:36:58 2007 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Sun Oct 14 19:37:04 2007 Subject: No header changes after upgrade to 4.55.10-3 In-Reply-To: <223f97700710141012i76698273g9e8e29115a134a2c@mail.gmail.com> References: <6DD6B2C8A11BFC4092A148347F6126B841258E@jupiter.reference.local><6DD6B2C8A11BFC4092A148347F6126B841258F@jupiter.reference.local><223f97700710140855y7340f3f2pb47d880f2a4daa2@mail.gmail.com><6DD6B2C8A11BFC4092A148347F6126B8412594@jupiter.reference.local> <223f97700710141012i76698273g9e8e29115a134a2c@mail.gmail.com> Message-ID: <6DD6B2C8A11BFC4092A148347F6126B8412598@jupiter.reference.local> I installed 4.64.3. It's working great ! But I can't find the init.d script.. it's not in /etc/init.d Where it should be ? Maxime Gaudreault Technicien R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: October 14, 2007 13:12 To: MailScanner discussion Subject: Re: No header changes after upgrade to 4.55.10-3 On 14/10/2007, Maxime Gaudreault wrote: "And the line you commented out, I suppose that was the line in MailScanner.conf? Doing that will only make it use the default, which likely isn't what you wanted...:-). For a modern MailScanner there should be no need to point to that file in the MS config, since it should be referenced through a symbolic link in /etc/mail/spamassassin ( mailscanner.cf should point to your spam.assassin.prefs.conf file), so that all invocations of spamassassin would pick it up "automagically":-). Might be that that was the version where that switch got effective ... so then removing the setting would be the right thing to do... Do you have the symlink?" Yes I have the symlink For the 4.55.10 version that is old.. I will install from the .tar.gz package later... I'm not sure how to keep my actual config with the new version... Good plan....:-) Just save the rules and MailScanner.conf ... and anything else you've changed... then "reapply" them to the new install by hand (you could likely copy the MailScanner.conf (and rules files) into place ... /opt/MailScanner/etc ... and then run the upgrade_MailScanner_conf script... Might be good to have a backup handy though:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071014/0dff8de1/attachment.html From ajcartmell at fonant.com Sun Oct 14 20:21:40 2007 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Sun Oct 14 20:21:34 2007 Subject: Off Topic: Hotmail In-Reply-To: References: Message-ID: > If I send a message out from hotmail.com and reply... the reply will > have a much much higher success rate at getting back to hotmail.com than > a brand new message. (Especially from Outlook). Probably because people tend to notice if their reply doesn't arrive, as both parties are aware of the "conversation" and are expecting messages... I suspect that the problem of e-mails going missing on the first contact attempt isn't such an issue for Hotmail to fix simply because so few people notice that this happens :( > Even though I totally disagree with paying to be on a hotmail > whitelist... it is something I might have to do... because it is my > servers users who count... not my opinions. All of their help and support is aimed squarely at people sending many e-mails from a mailing list. I suspect their whitelist is similarly aimed. They certainly don't seem to see that there's a problem with occasional individual messages disappearing. > I am going to try and sort out this SPF DNS method... the main problem > is that alot of peoples domain registrations are all over the place... > so it is going to take some work. SPF is probably a useful thing to set up anyway, as Google and others use it. Sadly Hotmail, and their nasty filter, uses a Microsoft copy of SPF called SenderID, which does things differently. Although it uses SPF records from DNS, it applies them differently and so sometimes comes up with "wrong" results, compared with SPF tests. Anthony -- www.fonant.com - Quality web sites From mikael at syska.dk Sun Oct 14 21:37:55 2007 From: mikael at syska.dk (Mikael Syska) Date: Sun Oct 14 21:37:57 2007 Subject: Porn mails ... all with low score ... Message-ID: <47127E23.4020302@syska.dk> Hi, I have one person, who gets so many porn mails ... probebly his own fault ... since he is the only one. But never the less ... its a pain. These four mails: http://bigbabies.dk/spam/05C5C80A856.txt - 1,12 http://bigbabies.dk/spam/3DE0980A85C.txt - 2,3 - this dont hit my bayes_00 but the bayes_50 http://bigbabies.dk/spam/A06AF80A862.txt - 0,05 http://bigbabies.dk/spam/EE8CE80A855.txt - 1,32 Other than that ... mails are considered spam over 5.5 ... Any wonder rule I'm missing ... what rules does your system hit on these ? // ouT From MailScanner at ecs.soton.ac.uk Sun Oct 14 22:41:17 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Oct 14 22:41:34 2007 Subject: Porn mails ... all with low score ... In-Reply-To: <47127E23.4020302@syska.dk> References: <47127E23.4020302@syska.dk> Message-ID: <47128CFD.2090204@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My setup gave me much the same results as yours. I'm now interested in hearing a working solution, just like you :-) Jules. Mikael Syska wrote: > Hi, > > I have one person, who gets so many porn mails ... probebly his own > fault ... since he is the only one. > > But never the less ... its a pain. > > These four mails: > http://bigbabies.dk/spam/05C5C80A856.txt - 1,12 > http://bigbabies.dk/spam/3DE0980A85C.txt - 2,3 - this dont hit my > bayes_00 but the bayes_50 > http://bigbabies.dk/spam/A06AF80A862.txt - 0,05 > http://bigbabies.dk/spam/EE8CE80A855.txt - 1,32 > > Other than that ... mails are considered spam over 5.5 ... > > Any wonder rule I'm missing ... what rules does your system hit on > these ? > > // ouT Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHEoz9EfZZRxQVtlQRAoe+AKCjTZOZUSa4H0aHjFw9ZZKZCJ+oEwCfbyil Ow79nkPMlQiOMN8Pe0hFyHw= =/Mi+ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From hvdkooij at vanderkooij.org Sun Oct 14 23:33:19 2007 From: hvdkooij at vanderkooij.org (hvdkooij@vanderkooij.org) Date: Sun Oct 14 23:33:43 2007 Subject: Porn mails ... all with low score ... In-Reply-To: <47127E23.4020302@syska.dk> References: <47127E23.4020302@syska.dk> Message-ID: <4712992F.3020100@vanderkooij.org> Mikael Syska wrote: > Hi, > > I have one person, who gets so many porn mails ... probebly his own > fault ... since he is the only one. > > But never the less ... its a pain. > > These four mails: > http://bigbabies.dk/spam/05C5C80A856.txt - 1,12 > http://bigbabies.dk/spam/3DE0980A85C.txt - 2,3 - this dont hit my > bayes_00 but the bayes_50 > http://bigbabies.dk/spam/A06AF80A862.txt - 0,05 > http://bigbabies.dk/spam/EE8CE80A855.txt - 1,32 > > Other than that ... mails are considered spam over 5.5 ... They all seem to come from weak parties. But the ackward thing is that the To: header is not even close. If it were me I would start to write something to tag this and kill this at the MTA level. Check if the source is not local. Then see if the To: header goes to one of the known weak parties. I mean. Why would I receive a message to me where the To: line is obviously garbled. Hugo. PS: It is definitely time I start writing down my notes on some webpage. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3661 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071015/b8455cd8/smime.bin From martinh at solidstatelogic.com Mon Oct 15 09:42:34 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Oct 15 09:43:12 2007 Subject: Debug on a production server In-Reply-To: Message-ID: <4c37985373116440bae516e14a374577@solidstatelogic.com> Scott Sort of like journalling, but can better in some situations, esp with lots of updates to many files. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Scott Silva > Sent: 13 October 2007 00:34 > To: mailscanner@lists.mailscanner.info > Subject: Re: Debug on a production server > > on 10/12/2007 1:18 AM Martin.Hepworth spake the following: > > In my testing under fbsd 4.x I found a ufs filesystem with softupdates > > just as quick as a ramdisk..ymmv under freebsd. > > > Isn't ufs with soft updates basically like journaling? > And wouldn't the difference depend on if the OS tried to swap because of > the > decreased ram? > > I am probably showing my BSD ignorance. > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From martinh at solidstatelogic.com Mon Oct 15 09:58:00 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Oct 15 09:58:16 2007 Subject: Porn mails ... all with low score ... In-Reply-To: <47128CFD.2090204@ecs.soton.ac.uk> Message-ID: <61390d2e4d6d7545804b5bd8d562c515@solidstatelogic.com> Hmm abuse of googlepages, bit like the geosite a while ago.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 14 October 2007 22:41 > To: MailScanner discussion > Subject: Re: Porn mails ... all with low score ... > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > My setup gave me much the same results as yours. I'm now interested in > hearing a working solution, just like you :-) > > Jules. > > Mikael Syska wrote: > > Hi, > > > > I have one person, who gets so many porn mails ... probebly his own > > fault ... since he is the only one. > > > > But never the less ... its a pain. > > > > These four mails: > > http://bigbabies.dk/spam/05C5C80A856.txt - 1,12 > > http://bigbabies.dk/spam/3DE0980A85C.txt - 2,3 - this dont hit my > > bayes_00 but the bayes_50 > > http://bigbabies.dk/spam/A06AF80A862.txt - 0,05 > > http://bigbabies.dk/spam/EE8CE80A855.txt - 1,32 > > > > Other than that ... mails are considered spam over 5.5 ... > > > > Any wonder rule I'm missing ... what rules does your system hit on > > these ? > > > > // ouT > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFHEoz9EfZZRxQVtlQRAoe+AKCjTZOZUSa4H0aHjFw9ZZKZCJ+oEwCfbyil > Ow79nkPMlQiOMN8Pe0hFyHw= > =/Mi+ > -----END PGP SIGNATURE----- > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From t.d.lee at durham.ac.uk Mon Oct 15 16:58:09 2007 From: t.d.lee at durham.ac.uk (David Lee) Date: Mon Oct 15 16:58:34 2007 Subject: fake ASDA spam Message-ID: (This might be a UK-only spam.) Some of our users are getting lots of instances of a new spam allegedly offering money off for shopping at ASDA. The spam seems to have little content for Bayes to get its teeth into reliably; the linked URLs seem to change; the set of machines from which it arrives changes. So although it gets an SA spam score (DCC, RAZOR2) there is insufficient evidence for a secure conviction, so it gets through and annoys our users. Has anyone (probably in the UK) seen this and been able to come up with a means (SA rules?) of detecting its characteristics, whilst avoiding false positives? Thanks. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From Chris at 7of9b.org Mon Oct 15 16:19:59 2007 From: Chris at 7of9b.org (Chris Burton) Date: Mon Oct 15 17:21:04 2007 Subject: fake ASDA spam References: Message-ID: <01bd01c80f3e$dd300580$d5561640@murphy4> > Has anyone (probably in the UK) seen this and been able to come up with a > means (SA rules?) of detecting its characteristics, whilst avoiding false > positives? Hi, I added a basic rule to MSRBL-SPAM (http://www.msrbl.com/msrbl-spam) earlier today - it seems to be working OK for me as its stopped a few 100 so far but YMMV. Regards, ChrisB. From ugob at lubik.ca Mon Oct 15 17:07:06 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Mon Oct 15 18:15:39 2007 Subject: 67.200.9., this week-end Message-ID: Hi, Anyone got a lot of clever spams scoring below 6 during the weekend, from this network block? Mostly from 67.200.9.121-127? Regards, Ugo From list-mailscanner at linguaphone.com Mon Oct 15 18:22:14 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Oct 15 18:22:22 2007 Subject: 67.200.9., this week-end In-Reply-To: Message-ID: I haven't received any mail from tho in the last 3 months. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Ugo > Bellavance > Sent: 15 October 2007 17:07 > To: mailscanner@lists.mailscanner.info > Subject: 67.200.9., this week-end > > > Hi, > > Anyone got a lot of clever spams scoring below 6 during the > weekend, > from this network block? Mostly from 67.200.9.121-127? > > Regards, > > Ugo > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From list-mailscanner at linguaphone.com Mon Oct 15 18:30:39 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Oct 15 18:30:42 2007 Subject: fake ASDA spam In-Reply-To: Message-ID: Been getting lots of these for the last couple of weeks or so. The vast majority were being caught even back then. It is only one user they are sendint it to at our site anf he keeps subscribing to the 'freebie' and 'offers' type of websites so he is practically asking for spam and certenly gets more than his fair share. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of David > Lee > Sent: 15 October 2007 16:58 > To: MailScanner discussion > Subject: fake ASDA spam > > > (This might be a UK-only spam.) > > Some of our users are getting lots of instances of a new spam allegedly > offering money off for shopping at ASDA. The spam seems to have little > content for Bayes to get its teeth into reliably; the linked URLs seem to > change; the set of machines from which it arrives changes. So although it > gets an SA spam score (DCC, RAZOR2) there is insufficient evidence for a > secure conviction, so it gets through and annoys our users. > > Has anyone (probably in the UK) seen this and been able to come up with a > means (SA rules?) of detecting its characteristics, whilst avoiding false > positives? > > Thanks. > > -- > > : David Lee I.T. Service : > : Senior Systems Programmer Computer Centre : > : UNIX Team Leader Durham University : > : South Road : > : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : > : Phone: +44 191 334 2752 U.K. : > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From list-mailscanner at linguaphone.com Mon Oct 15 18:32:09 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Oct 15 18:32:14 2007 Subject: fake ASDA spam In-Reply-To: <01bd01c80f3e$dd300580$d5561640@murphy4> Message-ID: MSRBL started picking them up for me at 14:19 BST. One or two slipped though the virus scanner after that so I can send you samples if you are interested. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Chris > Burton > Sent: 15 October 2007 16:20 > To: MailScanner discussion > Subject: Re: fake ASDA spam > > > > Has anyone (probably in the UK) seen this and been able to come > up with a > > means (SA rules?) of detecting its characteristics, whilst > avoiding false > > positives? > > Hi, > I added a basic rule to MSRBL-SPAM (http://www.msrbl.com/msrbl-spam) > earlier today - it seems to be working OK for me as its stopped a > few 100 so > far but YMMV. > > Regards, > ChrisB. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From alex at nkpanama.com Mon Oct 15 19:05:57 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Oct 15 19:06:08 2007 Subject: SpamHaus DROP list Message-ID: <4713AC05.5010409@nkpanama.com> Anybody here had any success/horror stories regarding the implementation of the SpamHaus DROP list? I've been getting a lot of crap (spam and other assorted network nonsense) from places in the DROP list and I'd like to know if it's worth implementing at the firewall level. Any info on false positives would be good too, specially if there are any otherwise legit servers in that "rough network neighborhood". From prandal at herefordshire.gov.uk Mon Oct 15 19:19:20 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Oct 15 19:19:25 2007 Subject: fake ASDA spam In-Reply-To: References: Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03CF14@HC-MBX02.herefordshire.gov.uk> Here's what I use. header HC_ASDA Subject =~ /(?:\d{3} ASDA|ASDA \$\d{3} worth of)/ describe HC_ASDA Hundreds of bucks ASDA score HC_ASDA 5 In our environment false positives don't matter, as our users aren't supposed to be doing their shopping in working hours. Not that there have been any FPs so far. Cheers, Phil -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of David Lee Sent: 15 October 2007 16:58 To: MailScanner discussion Subject: fake ASDA spam (This might be a UK-only spam.) Some of our users are getting lots of instances of a new spam allegedly offering money off for shopping at ASDA. The spam seems to have little content for Bayes to get its teeth into reliably; the linked URLs seem to change; the set of machines from which it arrives changes. So although it gets an SA spam score (DCC, RAZOR2) there is insufficient evidence for a secure conviction, so it gets through and annoys our users. Has anyone (probably in the UK) seen this and been able to come up with a means (SA rules?) of detecting its characteristics, whilst avoiding false positives? Thanks. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From prandal at herefordshire.gov.uk Mon Oct 15 19:20:10 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Oct 15 19:20:20 2007 Subject: fake ASDA spam In-Reply-To: References: Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03CF15@HC-MBX02.herefordshire.gov.uk> I call that stuff "subscriber spam", and am usually very ruthless towards it. Cheers, Phil -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gareth Sent: 15 October 2007 18:31 To: MailScanner discussion Subject: RE: fake ASDA spam Been getting lots of these for the last couple of weeks or so. The vast majority were being caught even back then. It is only one user they are sendint it to at our site anf he keeps subscribing to the 'freebie' and 'offers' type of websites so he is practically asking for spam and certenly gets more than his fair share. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of David > Lee > Sent: 15 October 2007 16:58 > To: MailScanner discussion > Subject: fake ASDA spam > > > (This might be a UK-only spam.) > > Some of our users are getting lots of instances of a new spam allegedly > offering money off for shopping at ASDA. The spam seems to have little > content for Bayes to get its teeth into reliably; the linked URLs seem to > change; the set of machines from which it arrives changes. So although it > gets an SA spam score (DCC, RAZOR2) there is insufficient evidence for a > secure conviction, so it gets through and annoys our users. > > Has anyone (probably in the UK) seen this and been able to come up with a > means (SA rules?) of detecting its characteristics, whilst avoiding false > positives? > > Thanks. > > -- > > : David Lee I.T. Service : > : Senior Systems Programmer Computer Centre : > : UNIX Team Leader Durham University : > : South Road : > : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : > : Phone: +44 191 334 2752 U.K. : > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From prandal at herefordshire.gov.uk Mon Oct 15 19:24:36 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Oct 15 19:24:42 2007 Subject: 67.200.9., this week-end In-Reply-To: References: Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03CF16@HC-MBX02.herefordshire.gov.uk> None at all here. Phil -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ugo Bellavance Sent: 15 October 2007 17:07 To: mailscanner@lists.mailscanner.info Subject: 67.200.9., this week-end Hi, Anyone got a lot of clever spams scoring below 6 during the weekend, from this network block? Mostly from 67.200.9.121-127? Regards, Ugo -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From hvdkooij at vanderkooij.org Mon Oct 15 19:56:14 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Oct 15 19:56:44 2007 Subject: fake ASDA spam In-Reply-To: References: Message-ID: <4713B7CE.7080801@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gareth wrote: > Been getting lots of these for the last couple of weeks or so. The vast > majority were being caught even back then. > It is only one user they are sendint it to at our site anf he keeps > subscribing to the 'freebie' and 'offers' type of websites so he is > practically asking for spam and certenly gets more than his fair share. Hmmm. The moment someone in our company shows that kind of attitude they better have their resume in order. They will need it by the time they land on the street about 5 seconds later. OK. Security is part of our job description so anything this monumentaly stupid qualifies as intentional neglect. And someone tried the DUI rule and got busted for loosing their drivers license while it was part of the job requirements. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHE7fNBvzDRVjxmYERAtwFAJ940lTGGE5Vb3gCnPnEZjsDB1V+YgCgiELI ZgrY2XAt3FyaVib8Dq1i7aM= =HE+O -----END PGP SIGNATURE----- From list-mailscanner at linguaphone.com Mon Oct 15 20:25:43 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Oct 15 20:25:49 2007 Subject: fake ASDA spam In-Reply-To: <4713B7CE.7080801@vanderkooij.org> Message-ID: True but there is antivirus and antispyware software installed on the machine. He works in the warehouse so depending on workload there are times when there is nothing to do so as long as he doesnt abuse the service and get any sptware/viruses I dont mind. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Hugo van > der Kooij > Sent: 15 October 2007 19:56 > To: MailScanner discussion > Subject: Re: fake ASDA spam > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Gareth wrote: > > Been getting lots of these for the last couple of weeks or so. The vast > > majority were being caught even back then. > > It is only one user they are sendint it to at our site anf he keeps > > subscribing to the 'freebie' and 'offers' type of websites so he is > > practically asking for spam and certenly gets more than his fair share. > > Hmmm. The moment someone in our company shows that kind of attitude they > better have their resume in order. They will need it by the time they > land on the street about 5 seconds later. > > OK. Security is part of our job description so anything this monumentaly > stupid qualifies as intentional neglect. And someone tried the DUI rule > and got busted for loosing their drivers license while it was part of > the job requirements. > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > Don't meddle in the affairs of sysadmins, > for they are subtle and quick to anger. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFHE7fNBvzDRVjxmYERAtwFAJ940lTGGE5Vb3gCnPnEZjsDB1V+YgCgiELI > ZgrY2XAt3FyaVib8Dq1i7aM= > =HE+O > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From hvdkooij at vanderkooij.org Mon Oct 15 21:35:45 2007 From: hvdkooij at vanderkooij.org (hvdkooij@vanderkooij.org) Date: Mon Oct 15 21:36:12 2007 Subject: SpamHaus DROP list In-Reply-To: <4713AC05.5010409@nkpanama.com> References: <4713AC05.5010409@nkpanama.com> Message-ID: <4713CF21.4000901@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Neuman van der Hans wrote: > Anybody here had any success/horror stories regarding the implementation > of the SpamHaus DROP list? I've been getting a lot of crap (spam and > other assorted network nonsense) from places in the DROP list and I'd > like to know if it's worth implementing at the firewall level. Any info > on false positives would be good too, specially if there are any > otherwise legit servers in that "rough network neighborhood". Too early to tell. I just wrote script to add it to my postfix blocking. I guess blacklisting is more effective them stopping it with IP tables. This way they will not try my fallback server(s). In main.cf: smtpd_client_restrictions = check_client_access cidr:/etc/postfix/cidr/spamhause-droplist And the update script: #!/usr/bin/perl use LWP::Simple; $workdir = "/etc/postfix/cidr"; $file = "$workdir/spamhaus-droplist"; $url = "http://www.spamhaus.org/drop/drop.lasso"; my $content = get $url; die "Couldn't get $url" unless defined $content; #print $content; @lines = split(/\n/, $content); open(FILE, ">$file"); print FILE "#\n# spamhaus.org BLOCK list\n# http://www.spamhaus.org/drop/drop.lasso\n#\n"; foreach $line (@lines) { if ($line =~ / ; /) { ($IP,$identifier) = split(/ ; /,$line); $length = 40 - length($IP); $filler = " " x $length; $string = $IP . $filler . "REJECT spamhaus.org BLOCK list " . $identifier; print FILE "$string\n"; } } close FILE; # EOF Feel free to use it or enhance it. But be nice and do not run it too much. I guess every 3 hours should do the trick. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHE88eBvzDRVjxmYERAurgAKCExrH3Q/wN11VDHedn8c2raR8X0gCgshtZ teARwaPl9spgPq6igROP/zw= =bid6 -----END PGP SIGNATURE----- From ugob at lubik.ca Mon Oct 15 20:20:55 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Mon Oct 15 22:11:16 2007 Subject: SpamHaus DROP list In-Reply-To: <4713AC05.5010409@nkpanama.com> References: <4713AC05.5010409@nkpanama.com> Message-ID: Alex Neuman van der Hans wrote: > Anybody here had any success/horror stories regarding the implementation > of the SpamHaus DROP list? I've been getting a lot of crap (spam and > other assorted network nonsense) from places in the DROP list and I'd > like to know if it's worth implementing at the firewall level. Any info > on false positives would be good too, specially if there are any > otherwise legit servers in that "rough network neighborhood". > I think the drop list is not included with zen.spamhaus.org. Ugo From ms-list at alexb.ch Mon Oct 15 22:21:45 2007 From: ms-list at alexb.ch (Alex Broens) Date: Mon Oct 15 22:21:56 2007 Subject: SpamHaus DROP list In-Reply-To: References: <4713AC05.5010409@nkpanama.com> Message-ID: <4713D9E9.2040503@alexb.ch> On 10/15/2007 9:20 PM, Ugo Bellavance wrote: > Alex Neuman van der Hans wrote: >> Anybody here had any success/horror stories regarding the >> implementation of the SpamHaus DROP list? I've been getting a lot of >> crap (spam and other assorted network nonsense) from places in the >> DROP list and I'd like to know if it's worth implementing at the >> firewall level. Any info on false positives would be good too, >> specially if there are any otherwise legit servers in that "rough >> network neighborhood". >> > > I think the drop list is not included with zen.spamhaus.org. Its in SBL spamhaus.org/drop Alex From steve.freegard at fsl.com Mon Oct 15 22:39:38 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Mon Oct 15 22:39:44 2007 Subject: SpamHaus DROP list In-Reply-To: <4713CF21.4000901@vanderkooij.org> References: <4713AC05.5010409@nkpanama.com> <4713CF21.4000901@vanderkooij.org> Message-ID: <4713DE1A.3040403@fsl.com> Hi Hugo, hvdkooij@vanderkooij.org wrote: > Too early to tell. I just wrote script to add it to my postfix blocking. > I guess blacklisting is more effective them stopping it with IP tables. > This way they will not try my fallback server(s). > > In main.cf: > > smtpd_client_restrictions = > check_client_access cidr:/etc/postfix/cidr/spamhause-droplist > Anything listed on DROP is also listed on the SBL, so if you already use the Spamhaus RBLs then this won't make any difference. Cheers, Steve. From hvdkooij at vanderkooij.org Mon Oct 15 22:52:03 2007 From: hvdkooij at vanderkooij.org (hvdkooij@vanderkooij.org) Date: Mon Oct 15 22:52:30 2007 Subject: SpamHaus DROP list In-Reply-To: <4713DE1A.3040403@fsl.com> References: <4713AC05.5010409@nkpanama.com> <4713CF21.4000901@vanderkooij.org> <4713DE1A.3040403@fsl.com> Message-ID: <4713E103.4030702@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Steve Freegard wrote: > Hi Hugo, > > hvdkooij@vanderkooij.org wrote: >> Too early to tell. I just wrote script to add it to my postfix blocking. >> I guess blacklisting is more effective them stopping it with IP tables. >> This way they will not try my fallback server(s). >> >> In main.cf: >> >> smtpd_client_restrictions = >> check_client_access cidr:/etc/postfix/cidr/spamhause-droplist >> > > > Anything listed on DROP is also listed on the SBL, so if you already use > the Spamhaus RBLs then this won't make any difference. There is a slight one. This one reads from static lists. So it might reduce hits on the DNS infrastructure. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHE+EBBvzDRVjxmYERAnqUAJ96m+zRlcAH4/fiO0scF+LcxdATYQCguJIc JGQAGo39wG27wai63YTwAQk= =jL3o -----END PGP SIGNATURE----- From micoots at yahoo.com Mon Oct 15 22:57:46 2007 From: micoots at yahoo.com (Michael Mansour) Date: Mon Oct 15 22:57:52 2007 Subject: SpamHaus DROP list In-Reply-To: <4713AC05.5010409@nkpanama.com> Message-ID: <700133.10206.qm@web33309.mail.mud.yahoo.com> Hi Alex, Alex Neuman van der Hans wrote: Anybody here had any success/horror stories regarding the implementation of the SpamHaus DROP list? I've been getting a lot of crap (spam and other assorted network nonsense) from places in the DROP list and I'd like to know if it's worth implementing at the firewall level. Any info on false positives would be good too, specially if there are any otherwise legit servers in that "rough network neighborhood". I've been using the droplist for years and have never had any issues with it. I have a script which runs which queries the site for new updates, then applies to the blocklist and runs a shorewall refresh automatically. I've never had complaints from anyone from getting blocked from those IP's, since they are IP's which have been hijacked. Regards, Michael. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! --------------------------------- Sick of deleting your inbox? Yahoo!7 Mail has free unlimited storage. Get it now. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071016/e7577354/attachment.html From craigwhite at azapple.com Mon Oct 15 23:30:11 2007 From: craigwhite at azapple.com (Craig White) Date: Mon Oct 15 23:30:47 2007 Subject: building on Red Hat EL v 5 Message-ID: <1192487411.8445.16.camel@lin-workstation.azapple.com> Actually...this system is CentOS-5 # rpm -q --whatprovides /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/APR/Base64.pm mod_perl-2.0.2-6.3.el5 this one is worse... # rpm -q --whatprovides /usr/share/man/man3/Test\:\:Simple.3pm.gz perl-5.8.8-10 perl-Test-Simple-0.70-1 apparently new mailscanner is forcing the install of these items... # rpm -q mailscanner mailscanner-4.64.3-2 Thus the forcing of perl-Test-Simple and perl-MIME-Base64 are a problem - especially when you want to update. Craig From ssilva at sgvwater.com Mon Oct 15 23:43:36 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Oct 15 23:45:38 2007 Subject: SpamHaus DROP list In-Reply-To: <4713DE1A.3040403@fsl.com> References: <4713AC05.5010409@nkpanama.com> <4713CF21.4000901@vanderkooij.org> <4713DE1A.3040403@fsl.com> Message-ID: on 10/15/2007 2:39 PM Steve Freegard spake the following: > Hi Hugo, > > hvdkooij@vanderkooij.org wrote: >> Too early to tell. I just wrote script to add it to my postfix blocking. >> I guess blacklisting is more effective them stopping it with IP tables. >> This way they will not try my fallback server(s). >> >> In main.cf: >> >> smtpd_client_restrictions = >> check_client_access cidr:/etc/postfix/cidr/spamhause-droplist >> > > > Anything listed on DROP is also listed on the SBL, so if you already use > the Spamhaus RBLs then this won't make any difference. > > Cheers, > Steve. I don't see any mention of the DROP list being in any zones on the spamhaus site. Can you verify this with some links to info? The PBL might be similar, but it doesn't mention the DROP zones either. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ugob at lubik.ca Tue Oct 16 00:25:00 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Tue Oct 16 00:41:38 2007 Subject: SpamHaus DROP list In-Reply-To: <4713E103.4030702@vanderkooij.org> References: <4713AC05.5010409@nkpanama.com> <4713CF21.4000901@vanderkooij.org> <4713DE1A.3040403@fsl.com> <4713E103.4030702@vanderkooij.org> Message-ID: hvdkooij@vanderkooij.org wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 >> >> >> Anything listed on DROP is also listed on the SBL, so if you already use >> the Spamhaus RBLs then this won't make any difference. > > There is a slight one. This one reads from static lists. So it might > reduce hits on the DNS infrastructure. Yes, but it will not show in logs, so it is harder to diagnosis. Ugo From alex at nkpanama.com Tue Oct 16 02:44:25 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Oct 16 02:44:39 2007 Subject: SpamHaus DROP list In-Reply-To: <700133.10206.qm@web33309.mail.mud.yahoo.com> References: <700133.10206.qm@web33309.mail.mud.yahoo.com> Message-ID: <47141779.3060907@nkpanama.com> Michael Mansour wrote: > Hi Alex, > > */Alex Neuman van der Hans /* wrote: > > Anybody here had any success/horror stories regarding the > implementation > of the SpamHaus DROP list? I've been getting a lot of crap (spam and > other assorted network nonsense) from places in the DROP list and I'd > like to know if it's worth implementing at the firewall level. Any > info > on false positives would be good too, specially if there are any > otherwise legit servers in that "rough network neighborhood". > > I've been using the droplist for years and have never had any issues > with it. > > I have a script which runs which queries the site for new updates, > then applies to the blocklist and runs a shorewall refresh automatically. > > I've never had complaints from anyone from getting blocked from those > IP's, since they are IP's which have been hijacked. > By "new updates" do you "wget" or "curl" the drop.lasso file (whatever the name is) and "diff" the existing file? I'm looking to write a simple script using iptables that'll do that, unless somebody's already invented the wheel. > Regards, > > Michael. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > ------------------------------------------------------------------------ > Sick of deleting your inbox? Yahoo!7 Mail has free unlimited storage. > Get it now > . From clacroix at cegep-ste-foy.qc.ca Tue Oct 16 03:01:01 2007 From: clacroix at cegep-ste-foy.qc.ca (clacroix@cegep-ste-foy.qc.ca) Date: Tue Oct 16 03:01:06 2007 Subject: SpamHaus DROP list In-Reply-To: <47141779.3060907@nkpanama.com> References: <700133.10206.qm@web33309.mail.mud.yahoo.com> <47141779.3060907@nkpanama.com> Message-ID: <49288.70.80.222.193.1192500061.squirrel@courrier.cegep-ste-foy.qc.ca> Using the perl script that was posted here earlier, and this simple awk/sed pipe abuse i bet you can archive what you want quite easily, but why would you want to block at the firewall level, it's so much cleaner to do at the mta level, at least it won't fall back to your secondary MX. cat spamhaus-droplist |awk '{print $1}' | sed -e 's/^/iptables -I INPUT -i ethX -s /' | sed -e 's/$/-d 0\/0 -j DROP/' I guess you can make some shell script that will 1 take the old file and generate equivalent delete rules 2 run the perl script found on this list earlier today 3 run the cmd above anyways, i hope this can help you. > Michael Mansour wrote: >> Hi Alex, >> >> */Alex Neuman van der Hans /* wrote: >> >> Anybody here had any success/horror stories regarding the >> implementation >> of the SpamHaus DROP list? I've been getting a lot of crap (spam and >> other assorted network nonsense) from places in the DROP list and >> I'd >> like to know if it's worth implementing at the firewall level. Any >> info >> on false positives would be good too, specially if there are any >> otherwise legit servers in that "rough network neighborhood". >> >> I've been using the droplist for years and have never had any issues >> with it. >> >> I have a script which runs which queries the site for new updates, >> then applies to the blocklist and runs a shorewall refresh >> automatically. >> >> I've never had complaints from anyone from getting blocked from those >> IP's, since they are IP's which have been hijacked. >> > By "new updates" do you "wget" or "curl" the drop.lasso file (whatever > the name is) and "diff" the existing file? I'm looking to write a simple > script using iptables that'll do that, unless somebody's already > invented the wheel. >> Regards, >> >> Michael. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> ------------------------------------------------------------------------ >> Sick of deleting your inbox? Yahoo!7 Mail has free unlimited storage. >> Get it now >> . > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From alex at nkpanama.com Tue Oct 16 05:53:23 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Tue Oct 16 05:53:39 2007 Subject: SpamHaus DROP list In-Reply-To: <49288.70.80.222.193.1192500061.squirrel@courrier.cegep-ste-foy.qc.ca> References: <700133.10206.qm@web33309.mail.mud.yahoo.com> <47141779.3060907@nkpanama.com> <49288.70.80.222.193.1192500061.squirrel@courrier.cegep-ste-foy.qc.ca> Message-ID: <471443C3.9050900@nkpanama.com> clacroix@cegep-ste-foy.qc.ca wrote: > Using the perl script that was posted here earlier, and this simple > awk/sed pipe abuse i bet you can archive what you want quite easily, but > why would you want to block at the firewall level, it's so much cleaner to > do at the mta level, at least it won't fall back to your secondary MX. > > I'd like to block for the following reasons: 1. "Best block, no be there, OK?" - Pat Morita as Mr. Miyagi in one of the Karate Kid movies. A server getting hammered by the russian mafia botnets can have several hundred (if not thousands) of connections per minute coming from their shady networks. This uses up valuable instances of sendmail or TCP SYN/ACK packets that count towards bandwidth and/or download/upload caps. I'd rather use the DROP list on BOTH the main server and the backup MX in order to protect them, if I can trust the list to be close to 0 in regards to false positives. In this regard, and IMHO, it's much cleaner to do it at the firewall level for my particular situation, and from my point of view (I see how one could arrive at the same conclusion you did, even though I'd rather do it the other way). 2. Failing to put these on a backup MX because it's not under my control, I could still generate, for example, greylisting or SA scores or milters or whatever based on the DROP list. I'd still benefit from knowing "it came from the shady part of the internet". 3. Infected machines inside the network (there are the occasional guests) that tried to "phone home" to one of the many IRC-powered botnet controllers would have a more difficult (I know, some of them use distributed nets and scanning, so it's not impossible) time getting commands from the "russian mother ship". Noninfected machines would, for example, find it difficult to get to the many phishing websites hosted in those networks (most of them knowingly), or the kiddie pr0n, or whatever. The point is it would be difficult "to get there from here". So while I agree in most circumstances it's better (and more polite too) to reject at the MTA level with a very concise but accurate explanation of the reason, and (where possible) a URL to go to for more information, the DROP list warrants (in my case, maybe others find similar situations where they work) use at the firewall or router. > cat spamhaus-droplist |awk '{print $1}' | sed -e 's/^/iptables -I INPUT -i > ethX -s /' | sed -e 's/$/-d 0\/0 -j DROP/' > > I guess you can make some shell script that will > 1 take the old file and generate equivalent delete rules > 2 run the perl script found on this list earlier today > 3 run the cmd above > > > anyways, i hope this can help you. > > > Anything at all helps. Remember, you can only learn what you almost already know. A good nudge in the right direction and I'll probably get it to work - and report back with the results, and you guys will probably contribute your own 2c, and so on. The beauty of collaborative environments like OSS. Too bad *other* projects don't have as nice people running and contributing the lists ;-) > > >> Michael Mansour wrote: >> >>> Hi Alex, >>> >>> */Alex Neuman van der Hans /* wrote: >>> >>> Anybody here had any success/horror stories regarding the >>> implementation >>> of the SpamHaus DROP list? I've been getting a lot of crap (spam and >>> other assorted network nonsense) from places in the DROP list and >>> I'd >>> like to know if it's worth implementing at the firewall level. Any >>> info >>> on false positives would be good too, specially if there are any >>> otherwise legit servers in that "rough network neighborhood". >>> >>> I've been using the droplist for years and have never had any issues >>> with it. >>> >>> I have a script which runs which queries the site for new updates, >>> then applies to the blocklist and runs a shorewall refresh >>> automatically. >>> >>> I've never had complaints from anyone from getting blocked from those >>> IP's, since they are IP's which have been hijacked. >>> >>> >> By "new updates" do you "wget" or "curl" the drop.lasso file (whatever >> the name is) and "diff" the existing file? I'm looking to write a simple >> script using iptables that'll do that, unless somebody's already >> invented the wheel. >> >>> Regards, >>> >>> Michael. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> ------------------------------------------------------------------------ >>> Sick of deleting your inbox? Yahoo!7 Mail has free unlimited storage. >>> Get it now >>> . >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > > From hvdkooij at vanderkooij.org Tue Oct 16 07:54:31 2007 From: hvdkooij at vanderkooij.org (hvdkooij@vanderkooij.org) Date: Tue Oct 16 07:54:51 2007 Subject: SpamHaus DROP list In-Reply-To: References: <4713AC05.5010409@nkpanama.com> <4713CF21.4000901@vanderkooij.org> <4713DE1A.3040403@fsl.com> <4713E103.4030702@vanderkooij.org> Message-ID: <47146027.2060502@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ugo Bellavance wrote: > hvdkooij@vanderkooij.org wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >>> >>> >>> Anything listed on DROP is also listed on the SBL, so if you already use >>> the Spamhaus RBLs then this won't make any difference. >> >> There is a slight one. This one reads from static lists. So it might >> reduce hits on the DNS infrastructure. > > Yes, but it will not show in logs, so it is harder to diagnosis. Wether I blacklist on my MTA for a RBL or a static list makes no difference. It all gets logged. Hugo - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHFGAlBvzDRVjxmYERAvEIAJ9O+g6/9CRawGTvwPSV5URaVR0ZHgCeLwcC 67hPR63MDmFNz4Rp7jkFw4A= =CBX3 -----END PGP SIGNATURE----- From uxbod at splatnix.net Tue Oct 16 08:20:42 2007 From: uxbod at splatnix.net (UxBoD) Date: Tue Oct 16 08:28:47 2007 Subject: fake ASDA spam In-Reply-To: Message-ID: <30485827.81192519242681.JavaMail.root@office.splatnix.net> I am sure it is detailed in everybodies IT policy that staff have to sign when they join ? ;) Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Gareth" To: "MailScanner discussion" Sent: Monday, October 15, 2007 8:25:43 PM (GMT) Europe/London Subject: RE: fake ASDA spam True but there is antivirus and antispyware software installed on the machine. He works in the warehouse so depending on workload there are times when there is nothing to do so as long as he doesnt abuse the service and get any sptware/viruses I dont mind. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Hugo van > der Kooij > Sent: 15 October 2007 19:56 > To: MailScanner discussion > Subject: Re: fake ASDA spam > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Gareth wrote: > > Been getting lots of these for the last couple of weeks or so. The vast > > majority were being caught even back then. > > It is only one user they are sendint it to at our site anf he keeps > > subscribing to the 'freebie' and 'offers' type of websites so he is > > practically asking for spam and certenly gets more than his fair share. > > Hmmm. The moment someone in our company shows that kind of attitude they > better have their resume in order. They will need it by the time they > land on the street about 5 seconds later. > > OK. Security is part of our job description so anything this monumentaly > stupid qualifies as intentional neglect. And someone tried the DUI rule > and got busted for loosing their drivers license while it was part of > the job requirements. > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > Don't meddle in the affairs of sysadmins, > for they are subtle and quick to anger. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFHE7fNBvzDRVjxmYERAtwFAJ940lTGGE5Vb3gCnPnEZjsDB1V+YgCgiELI > ZgrY2XAt3FyaVib8Dq1i7aM= > =HE+O > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From prandal at herefordshire.gov.uk Tue Oct 16 09:57:37 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Oct 16 09:57:43 2007 Subject: building on Red Hat EL v 5 In-Reply-To: <1192487411.8445.16.camel@lin-workstation.azapple.com> References: <1192487411.8445.16.camel@lin-workstation.azapple.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA01E04D44@HC-MBX02.herefordshire.gov.uk> Not such a big problem, though a nuisance. I've added exclude=perl-MIME-Base64 perl-Test-Simple to my /etc/yum.repos.d/rpmforge.repo file as a workaround. Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Craig White > Sent: 15 October 2007 23:30 > To: MailScanner discussion > Subject: building on Red Hat EL v 5 > > Actually...this system is CentOS-5 > > # rpm -q > --whatprovides > /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/APR/Base64.pm > mod_perl-2.0.2-6.3.el5 > > this one is worse... > > # rpm -q --whatprovides /usr/share/man/man3/Test\:\:Simple.3pm.gz > perl-5.8.8-10 > perl-Test-Simple-0.70-1 > > apparently new mailscanner is forcing the install of these items... > > # rpm -q mailscanner > mailscanner-4.64.3-2 > > Thus the forcing of perl-Test-Simple and perl-MIME-Base64 are > a problem > - especially when you want to update. > > Craig > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From prandal at herefordshire.gov.uk Tue Oct 16 09:59:15 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Oct 16 09:59:25 2007 Subject: fake ASDA spam In-Reply-To: References: <4713B7CE.7080801@vanderkooij.org> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA01E04D48@HC-MBX02.herefordshire.gov.uk> Just remember that antivirus and antispyware programs are not yet precognitive. Malware always preceeds the patterns to detect it. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Gareth > Sent: 15 October 2007 20:26 > To: MailScanner discussion > Subject: RE: fake ASDA spam > > True but there is antivirus and antispyware software installed on the > machine. He works in the warehouse so depending on workload > there are times > when there is nothing to do so as long as he doesnt abuse the > service and > get any sptware/viruses I dont mind. > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info]On > Behalf Of Hugo van > > der Kooij > > Sent: 15 October 2007 19:56 > > To: MailScanner discussion > > Subject: Re: fake ASDA spam > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Gareth wrote: > > > Been getting lots of these for the last couple of weeks > or so. The vast > > > majority were being caught even back then. > > > It is only one user they are sendint it to at our site > anf he keeps > > > subscribing to the 'freebie' and 'offers' type of > websites so he is > > > practically asking for spam and certenly gets more than > his fair share. > > > > Hmmm. The moment someone in our company shows that kind of > attitude they > > better have their resume in order. They will need it by the > time they > > land on the street about 5 seconds later. > > > > OK. Security is part of our job description so anything > this monumentaly > > stupid qualifies as intentional neglect. And someone tried > the DUI rule > > and got busted for loosing their drivers license while it > was part of > > the job requirements. > > > > Hugo. > > > > - -- > > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > > Don't meddle in the affairs of sysadmins, > > for they are subtle and quick to anger. > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.7 (GNU/Linux) > > > > iD8DBQFHE7fNBvzDRVjxmYERAtwFAJ940lTGGE5Vb3gCnPnEZjsDB1V+YgCgiELI > > ZgrY2XAt3FyaVib8Dq1i7aM= > > =HE+O > > -----END PGP SIGNATURE----- > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From Chris at 7of9b.org Tue Oct 16 10:34:11 2007 From: Chris at 7of9b.org (Chris Burton) Date: Tue Oct 16 10:34:53 2007 Subject: fake ASDA spam References: Message-ID: <009c01c80fd7$b696caa0$c7fda8c0@murphy3> > MSRBL started picking them up for me at 14:19 BST. One or two slipped > though > the virus scanner after that so I can send you samples if you are > interested. Bit late in the day but feel free to send them via the contact form on the MSRBL site. Chris. From housey at sme-ecom.co.uk Tue Oct 16 10:50:06 2007 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Tue Oct 16 10:50:17 2007 Subject: Ruleset Woe Message-ID: Hi I thought I had a decent handle on how rulesets worked but now im not so sure. I have a script that runs on a server that sends a daily csv file containing info about all the mail thats been blocked for a particluar domain. Since I started using the sane security clam definitions this mail keeps getting flagged as a virus. Ive tried to use rulesets to exclude this particluar email from being virus checked I have these rulesets set up Scan Messages = %rules-dir%/scan.messages.rules Virus Scanning = %rules-dir%/virus.scanning.rules The Email is sent from the local machine (127.0.0.1) and From: admin@domain.com To: paul@differentdomain.com Ive tried the following in scan.messages.rules FromOrTo: default no From: admin@domain.com no FromOrTo: *@differentdomain.com yes But the message gets scanned (I want all other email scanned for the domain) I also tried FromOrTo: default no From: 127.0.0.1 no From: admin@domain.com no FromOrTo: *@differentdomain.com yes and the message still got scanned. I then tried in virus.scanning.rules FromOrTo: default no From: 127.0.0.1 AND To: *@differentdomain.com no From: admin@domain.com AND To: *@differentdomain.com no FromOrTo: *@differentdomain.com yes and still the message got scanned (I am doing MailScanner reload after each edit) Any ideals on what im doing wrong. Kind Regards Paul From martinh at solidstatelogic.com Tue Oct 16 10:54:22 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Oct 16 10:54:29 2007 Subject: Ruleset Woe In-Reply-To: Message-ID: <90b72305504723448bd775aecb259980@solidstatelogic.com> Paul The default line needs to go last. MS works through the rulesets till it find a hit then stops. If it finds a default line first if will never evaluate any rule after that. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Paul Houselander > Sent: 16 October 2007 10:50 > To: mailscanner@lists.mailscanner.info > Subject: Ruleset Woe > > Hi > > I thought I had a decent handle on how rulesets worked but now im not so > sure. > > I have a script that runs on a server that sends a daily csv file > containing > info about all the mail thats been blocked for a particluar domain. > > Since I started using the sane security clam definitions this mail keeps > getting flagged as a virus. > > Ive tried to use rulesets to exclude this particluar email from being > virus > checked > > I have these rulesets set up > > Scan Messages = %rules-dir%/scan.messages.rules > Virus Scanning = %rules-dir%/virus.scanning.rules > > The Email is sent from the local machine (127.0.0.1) and From: > admin@domain.com To: paul@differentdomain.com > > Ive tried the following in scan.messages.rules > > FromOrTo: default no > From: admin@domain.com no > FromOrTo: *@differentdomain.com yes > > But the message gets scanned (I want all other email scanned for the > domain) > > I also tried > > FromOrTo: default no > From: 127.0.0.1 no > From: admin@domain.com no > FromOrTo: *@differentdomain.com yes > > and the message still got scanned. > > I then tried in virus.scanning.rules > > FromOrTo: default no > From: 127.0.0.1 AND To: *@differentdomain.com no > From: admin@domain.com AND To: *@differentdomain.com no > FromOrTo: *@differentdomain.com yes > > and still the message got scanned (I am doing MailScanner reload after > each > edit) > > Any ideals on what im doing wrong. > > Kind Regards > > Paul > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From viralert at fadalto.com Tue Oct 16 11:03:41 2007 From: viralert at fadalto.com (Phil) Date: Tue Oct 16 11:04:04 2007 Subject: MCP info Message-ID: <20071016095844.M98551@yatta-it.com> Hi all, I'm using MCP to have the best filter from MS. I use only two methods to catch them header RULE1 Subject =~ /wrote\:/i describe RULE1 Banned Subject "wrote:" score RULE1 4 body RULE2 /An incredible announcement/i describe RULE2 Banned Body "An incredible announcement" score RULE2 4 Anyone have hints about keywords to use MCP in a better way? I search internet to find out the documentation of that CF file but I did'n have success... many Thanks Phil From housey at sme-ecom.co.uk Tue Oct 16 11:03:45 2007 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Tue Oct 16 11:04:04 2007 Subject: Ruleset Woe {Scanned by Allteks Mailsafe} In-Reply-To: <90b72305504723448bd775aecb259980@solidstatelogic.com> Message-ID: I didnt think the default statement worked like that? My understanding was it would scan through and if there was no other match the default would apply? If it worked the way you describe no mail on my system would be scanned as both the default statements in my rulesets are the 1st entries and both default to No. Im running MailScanner 4.64.3 if that makes any difference Cheers Paul > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of > Martin.Hepworth > Sent: 16 October 2007 10:54 > To: MailScanner discussion > Subject: RE: Ruleset Woe {Scanned by Allteks Mailsafe} > > > Paul > > The default line needs to go last. > > MS works through the rulesets till it find a hit then stops. > > If it finds a default line first if will never evaluate any rule > after that. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Paul Houselander > > Sent: 16 October 2007 10:50 > > To: mailscanner@lists.mailscanner.info > > Subject: Ruleset Woe > > > > Hi > > > > I thought I had a decent handle on how rulesets worked but now im not so > > sure. > > > > I have a script that runs on a server that sends a daily csv file > > containing > > info about all the mail thats been blocked for a particluar domain. > > > > Since I started using the sane security clam definitions this mail keeps > > getting flagged as a virus. > > > > Ive tried to use rulesets to exclude this particluar email from being > > virus > > checked > > > > I have these rulesets set up > > > > Scan Messages = %rules-dir%/scan.messages.rules > > Virus Scanning = %rules-dir%/virus.scanning.rules > > > > The Email is sent from the local machine (127.0.0.1) and From: > > admin@domain.com To: paul@differentdomain.com > > > > Ive tried the following in scan.messages.rules > > > > FromOrTo: default no > > From: admin@domain.com no > > FromOrTo: *@differentdomain.com yes > > > > But the message gets scanned (I want all other email scanned for the > > domain) > > > > I also tried > > > > FromOrTo: default no > > From: 127.0.0.1 no > > From: admin@domain.com no > > FromOrTo: *@differentdomain.com yes > > > > and the message still got scanned. > > > > I then tried in virus.scanning.rules > > > > FromOrTo: default no > > From: 127.0.0.1 AND To: *@differentdomain.com no > > From: admin@domain.com AND To: > *@differentdomain.com no > > FromOrTo: *@differentdomain.com yes > > > > and still the message got scanned (I am doing MailScanner reload after > > each > > edit) > > > > Any ideals on what im doing wrong. > > > > Kind Regards > > > > Paul > > > > > > > > > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > This message has been scanned by the Allteks Mailsafe Service > > > From a.peacock at chime.ucl.ac.uk Tue Oct 16 11:09:34 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Tue Oct 16 11:09:38 2007 Subject: Ruleset Woe In-Reply-To: <90b72305504723448bd775aecb259980@solidstatelogic.com> References: <90b72305504723448bd775aecb259980@solidstatelogic.com> Message-ID: <47148DDE.8030403@chime.ucl.ac.uk> Hi, Martin.Hepworth wrote: > Paul > > The default line needs to go last. > > MS works through the rulesets till it find a hit then stops. > > If it finds a default line first if will never evaluate any rule after that. Actually, I don't think this is true for the default line. It is true for all the others, but I think the default line is treated as a special case, and its position does not matter. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "A CAT scan should take less time than a PET scan. For a CAT scan, they're only looking for one thing, whereas a PET scan could result in a lot of things." - Carl Princi, 2002/07/19 From martinh at solidstatelogic.com Tue Oct 16 11:13:46 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Oct 16 11:13:55 2007 Subject: Ruleset Woe {Scanned by Allteks Mailsafe} In-Reply-To: Message-ID: <1d83bd8412bd0449bfcf56fa18f53044@solidstatelogic.com> Nope Same rules apply for the default line as to all others.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Paul Houselander > Sent: 16 October 2007 11:04 > To: MailScanner discussion > Subject: RE: Ruleset Woe {Scanned by Allteks Mailsafe} > > I didnt think the default statement worked like that? My understanding was > it would scan through and if there was no other match the default would > apply? > > If it worked the way you describe no mail on my system would be scanned as > both the default statements in my rulesets are the 1st entries and both > default to No. > > Im running MailScanner 4.64.3 if that makes any difference > > Cheers > > Paul > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of > > Martin.Hepworth > > Sent: 16 October 2007 10:54 > > To: MailScanner discussion > > Subject: RE: Ruleset Woe {Scanned by Allteks Mailsafe} > > > > > > Paul > > > > The default line needs to go last. > > > > MS works through the rulesets till it find a hit then stops. > > > > If it finds a default line first if will never evaluate any rule > > after that. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Paul Houselander > > > Sent: 16 October 2007 10:50 > > > To: mailscanner@lists.mailscanner.info > > > Subject: Ruleset Woe > > > > > > Hi > > > > > > I thought I had a decent handle on how rulesets worked but now im not > so > > > sure. > > > > > > I have a script that runs on a server that sends a daily csv file > > > containing > > > info about all the mail thats been blocked for a particluar domain. > > > > > > Since I started using the sane security clam definitions this mail > keeps > > > getting flagged as a virus. > > > > > > Ive tried to use rulesets to exclude this particluar email from being > > > virus > > > checked > > > > > > I have these rulesets set up > > > > > > Scan Messages = %rules-dir%/scan.messages.rules > > > Virus Scanning = %rules-dir%/virus.scanning.rules > > > > > > The Email is sent from the local machine (127.0.0.1) and From: > > > admin@domain.com To: paul@differentdomain.com > > > > > > Ive tried the following in scan.messages.rules > > > > > > FromOrTo: default no > > > From: admin@domain.com no > > > FromOrTo: *@differentdomain.com yes > > > > > > But the message gets scanned (I want all other email scanned for the > > > domain) > > > > > > I also tried > > > > > > FromOrTo: default no > > > From: 127.0.0.1 no > > > From: admin@domain.com no > > > FromOrTo: *@differentdomain.com yes > > > > > > and the message still got scanned. > > > > > > I then tried in virus.scanning.rules > > > > > > FromOrTo: default no > > > From: 127.0.0.1 AND To: *@differentdomain.com no > > > From: admin@domain.com AND To: > > *@differentdomain.com no > > > FromOrTo: *@differentdomain.com yes > > > > > > and still the message got scanned (I am doing MailScanner reload after > > > each > > > edit) > > > > > > Any ideals on what im doing wrong. > > > > > > Kind Regards > > > > > > Paul > > > > > > > > > > > > > > > > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are intended for the > > addressee only and may be confidential. If they come to you in error > > you must take no action based on them, nor must you copy or show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data corruption. We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales > > (Company No:5362730) > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > United Kingdom > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > This message has been scanned by the Allteks Mailsafe Service > > > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From martinh at solidstatelogic.com Tue Oct 16 11:14:18 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Oct 16 11:14:46 2007 Subject: Ruleset Woe In-Reply-To: <47148DDE.8030403@chime.ucl.ac.uk> Message-ID: <1ad236da12fdfc4ab15e9291778809fa@solidstatelogic.com> Position matters - same for all lines. I've had this fun myself! -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Anthony Peacock > Sent: 16 October 2007 11:10 > To: MailScanner discussion > Subject: Re: Ruleset Woe > > Hi, > > Martin.Hepworth wrote: > > Paul > > > > The default line needs to go last. > > > > MS works through the rulesets till it find a hit then stops. > > > > If it finds a default line first if will never evaluate any rule after > that. > > Actually, I don't think this is true for the default line. It is true > for all the others, but I think the default line is treated as a special > case, and its position does not matter. > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "A CAT scan should take less time than a PET scan. For a CAT scan, > they're only looking for one thing, whereas a PET scan could result in > a lot of things." - Carl Princi, 2002/07/19 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From hvdkooij at vanderkooij.org Tue Oct 16 11:25:41 2007 From: hvdkooij at vanderkooij.org (hvdkooij@vanderkooij.org) Date: Tue Oct 16 11:26:13 2007 Subject: Ruleset Woe In-Reply-To: References: Message-ID: <471491A5.1090500@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paul Houselander wrote: > I have a script that runs on a server that sends a daily csv file containing > info about all the mail thats been blocked for a particluar domain. > > Since I started using the sane security clam definitions this mail keeps > getting flagged as a virus. > > Ive tried to use rulesets to exclude this particluar email from being virus > checked What information did you get from the message headers? What information did you get fom the logs? These 2 should give you a better insight how a message was handled. And never forget that whatever happens to be on the To: or From: line may not be at all what is used to deliver the message. So your rules may not work the way you think because you might be looking at the wrong addresses. Think of it as snailmail. The postman only looks at the envelope to deliver the message. MailScanner is the bastard in the middle that scans the same envelopes and decides who is going to read the messages besides you. That is where your rules come to play. Like this one passes the CIA and the FBI. The next one one we do not touch. The third one is looked at by the CIA and DEA. And so on. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHFJGiBvzDRVjxmYERAhAOAJ41+JjlWMGR0n8oPIvJa415MbgT8wCfT6Li p8TSnVfAQ0tt8GFJDXn7Isk= =9TLW -----END PGP SIGNATURE----- From a.peacock at chime.ucl.ac.uk Tue Oct 16 11:27:47 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Tue Oct 16 11:27:50 2007 Subject: Ruleset Woe In-Reply-To: <1ad236da12fdfc4ab15e9291778809fa@solidstatelogic.com> References: <1ad236da12fdfc4ab15e9291778809fa@solidstatelogic.com> Message-ID: <47149223.4060804@chime.ucl.ac.uk> Hi Martin, Martin.Hepworth wrote: > Position matters - same for all lines. > > I've had this fun myself! Not according to Julian. See this posting by Jules in the archives: http://article.gmane.org/gmane.mail.virus.mailscanner/39687/match=default > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Anthony Peacock >> Sent: 16 October 2007 11:10 >> To: MailScanner discussion >> Subject: Re: Ruleset Woe >> >> Hi, >> >> Martin.Hepworth wrote: >>> Paul >>> >>> The default line needs to go last. >>> >>> MS works through the rulesets till it find a hit then stops. >>> >>> If it finds a default line first if will never evaluate any rule after >> that. >> >> Actually, I don't think this is true for the default line. It is true >> for all the others, but I think the default line is treated as a special >> case, and its position does not matter. >> >> -- >> Anthony Peacock >> CHIME, Royal Free & University College Medical School >> WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ >> "A CAT scan should take less time than a PET scan. For a CAT scan, >> they're only looking for one thing, whereas a PET scan could result in >> a lot of things." - Carl Princi, 2002/07/19 -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "A CAT scan should take less time than a PET scan. For a CAT scan, they're only looking for one thing, whereas a PET scan could result in a lot of things." - Carl Princi, 2002/07/19 From dstefani at multirede.com.br Tue Oct 16 12:27:49 2007 From: dstefani at multirede.com.br (Daniel Stefani) Date: Tue Oct 16 11:28:21 2007 Subject: filename of a ruleset (Convert Dangerous HTML To Text) Message-ID: <47147605020000950000F227@SANSPO01.multirede.com.br> hi, which the syntax that I must use to create an archive of rule for the parameter Convert Dangerous HTML To Text tks Daniel Stefani -- Esta mensagem foi verificada pelo sistema de antivírus e acredita-se estar livre de perigo. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071016/1c13e8fc/attachment.html From MailScanner at ecs.soton.ac.uk Tue Oct 16 12:02:56 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Oct 16 12:03:39 2007 Subject: Ruleset Woe In-Reply-To: <90b72305504723448bd775aecb259980@solidstatelogic.com> References: <90b72305504723448bd775aecb259980@solidstatelogic.com> Message-ID: <47149A60.802@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Martin.Hepworth wrote: > Paul > > The default line needs to go last. > Not true. Doesn't matter where the default line goes. > MS works through the rulesets till it find a hit then stops. > True. It uses the default value if *no* other rules hit. > If it finds a default line first if will never evaluate any rule after that. > Not true, see above. > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Paul Houselander >> Sent: 16 October 2007 10:50 >> To: mailscanner@lists.mailscanner.info >> Subject: Ruleset Woe >> >> Hi >> >> I thought I had a decent handle on how rulesets worked but now im not so >> sure. >> >> I have a script that runs on a server that sends a daily csv file >> containing >> info about all the mail thats been blocked for a particluar domain. >> >> Since I started using the sane security clam definitions this mail keeps >> getting flagged as a virus. >> >> Ive tried to use rulesets to exclude this particluar email from being >> virus >> checked >> >> I have these rulesets set up >> >> Scan Messages = %rules-dir%/scan.messages.rules >> Virus Scanning = %rules-dir%/virus.scanning.rules >> >> The Email is sent from the local machine (127.0.0.1) and From: >> admin@domain.com To: paul@differentdomain.com >> >> Ive tried the following in scan.messages.rules >> >> FromOrTo: default no >> From: admin@domain.com no >> FromOrTo: *@differentdomain.com yes >> >> But the message gets scanned (I want all other email scanned for the >> domain) >> >> I also tried >> >> FromOrTo: default no >> From: 127.0.0.1 no >> From: admin@domain.com no >> FromOrTo: *@differentdomain.com yes >> >> and the message still got scanned. >> >> I then tried in virus.scanning.rules >> >> FromOrTo: default no >> From: 127.0.0.1 AND To: *@differentdomain.com no >> From: admin@domain.com AND To: *@differentdomain.com no >> FromOrTo: *@differentdomain.com yes >> >> and still the message got scanned (I am doing MailScanner reload after >> each >> edit) >> >> Any ideals on what im doing wrong. >> >> Kind Regards >> >> Paul >> >> >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHFJpgEfZZRxQVtlQRAmp8AJ41J+XJQaQEe81Lr3XM4POSXp2WrgCgpyn0 M4YPaSGxvSTgq4cogGSSHis= =k5HJ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From housey at sme-ecom.co.uk Tue Oct 16 12:16:43 2007 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Tue Oct 16 12:16:47 2007 Subject: Ruleset Woe {Scanned by Allteks Mailsafe} In-Reply-To: <471491A5.1090500@vanderkooij.org> Message-ID: > > Paul Houselander wrote: > > > I have a script that runs on a server that sends a daily csv > file containing > > info about all the mail thats been blocked for a particluar domain. > > > > Since I started using the sane security clam definitions this mail keeps > > getting flagged as a virus. > > > > Ive tried to use rulesets to exclude this particluar email from > being virus > > checked > > What information did you get from the message headers? > What information did you get fom the logs? > > These 2 should give you a better insight how a message was handled. > > And never forget that whatever happens to be on the To: or From: line > may not be at all what is used to deliver the message. So your rules may > not work the way you think because you might be looking at the wrong > addresses. > > Think of it as snailmail. The postman only looks at the envelope to > deliver the message. MailScanner is the bastard in the middle that scans > the same envelopes and decides who is going to read the messages besides > you. That is where your rules come to play. > > Like this one passes the CIA and the FBI. The next one one we do not > touch. The third one is looked at by the CIA and DEA. And so on. > > Hugo. > Thanks for the reply, ive reviewed the headers and they show the To: address the same as the one im using in the ruleset. The log shows the same "To" address and also 127.0.0.1 as the relaying host. Im at a loss as to what to try next, it looks pretty straight forward FromOrTo: default no From: 127.0.0.1 no From: admin@domain.com no To: *@differentdomain.com yes I just cant see why its still scanning the message, I changed the To address to an external address not dealt with on my system and the mail went through without being scanned so its picking up on the To address even though I said anything From admin@domain.com should not be scanned! Any other ideals? CHeers Paul From martinh at solidstatelogic.com Tue Oct 16 12:22:03 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Oct 16 12:22:45 2007 Subject: Ruleset Woe In-Reply-To: <47149A60.802@ecs.soton.ac.uk> Message-ID: <09561d2c3544b34786745654e4a35736@solidstatelogic.com> Jules Hmm ok - I'll remember that one.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 16 October 2007 12:03 > To: MailScanner discussion > Subject: Re: Ruleset Woe > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Martin.Hepworth wrote: > > Paul > > > > The default line needs to go last. > > > Not true. Doesn't matter where the default line goes. > > MS works through the rulesets till it find a hit then stops. > > > True. It uses the default value if *no* other rules hit. > > If it finds a default line first if will never evaluate any rule after > that. > > > Not true, see above. > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Paul Houselander > >> Sent: 16 October 2007 10:50 > >> To: mailscanner@lists.mailscanner.info > >> Subject: Ruleset Woe > >> > >> Hi > >> > >> I thought I had a decent handle on how rulesets worked but now im not > so > >> sure. > >> > >> I have a script that runs on a server that sends a daily csv file > >> containing > >> info about all the mail thats been blocked for a particluar domain. > >> > >> Since I started using the sane security clam definitions this mail > keeps > >> getting flagged as a virus. > >> > >> Ive tried to use rulesets to exclude this particluar email from being > >> virus > >> checked > >> > >> I have these rulesets set up > >> > >> Scan Messages = %rules-dir%/scan.messages.rules > >> Virus Scanning = %rules-dir%/virus.scanning.rules > >> > >> The Email is sent from the local machine (127.0.0.1) and From: > >> admin@domain.com To: paul@differentdomain.com > >> > >> Ive tried the following in scan.messages.rules > >> > >> FromOrTo: default no > >> From: admin@domain.com no > >> FromOrTo: *@differentdomain.com yes > >> > >> But the message gets scanned (I want all other email scanned for the > >> domain) > >> > >> I also tried > >> > >> FromOrTo: default no > >> From: 127.0.0.1 no > >> From: admin@domain.com no > >> FromOrTo: *@differentdomain.com yes > >> > >> and the message still got scanned. > >> > >> I then tried in virus.scanning.rules > >> > >> FromOrTo: default no > >> From: 127.0.0.1 AND To: *@differentdomain.com no > >> From: admin@domain.com AND To: *@differentdomain.com no > >> FromOrTo: *@differentdomain.com yes > >> > >> and still the message got scanned (I am doing MailScanner reload after > >> each > >> edit) > >> > >> Any ideals on what im doing wrong. > >> > >> Kind Regards > >> > >> Paul > >> > >> > >> > >> > >> > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are intended for the > > addressee only and may be confidential. If they come to you in error > > you must take no action based on them, nor must you copy or show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data corruption. We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales > > (Company No:5362730) > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > United Kingdom > > ********************************************************************** > > > > > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.3 (Build 3017) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFHFJpgEfZZRxQVtlQRAmp8AJ41J+XJQaQEe81Lr3XM4POSXp2WrgCgpyn0 > M4YPaSGxvSTgq4cogGSSHis= > =k5HJ > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From glenn.steen at gmail.com Tue Oct 16 12:59:48 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Oct 16 12:59:51 2007 Subject: Bug evaluating rulesets with the MailScanner command? Message-ID: <223f97700710160459j61e0c950ve2e023f823e147df@mail.gmail.com> Hi Jules&everyone, I thought I'd give Paul Houselander the usual "use MailScanner to check your rulesets" line, with some examples... Just to get the following: # MailScanner --value=virusscanning --from=glenn.steen@ap1.se --to=glenn.steen@ap1.se --ip=172.16.0.1 Can't call method "HDFileName" on an undefined value at /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 88. # Ok I thought, perhaps the same fix as for the --lint problem would help, so I changed $_='sendmail' if $WantLintOnly; to $_='sendmail' if $WantLintOnly or $WantRuleCheck; ,,, and then got: # MailScanner --value=virusscanning --from=glenn.steen@ap1.se --to=glenn.steen@ap1.se --ip=172.16.0.1 Can't call method "DFileName" on an undefined value at /usr/lib/MailScanner/MailScanner/SMDiskStore.pm line 90. # Hmmm. What "undefined value"? $id is definitely set to "1" ... I'm lagging a bit, running 4.62.9 in production on a Mandriva 2007, but couldn't find anything in the ChangeLog that would affect this ... and can't remember seeing anything on the list either... Could someone please corroborate that this indeed is a problem? And perhaps help find a fix? I'm thoroughly swamped, as is... Bl**dy Oracle update... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From prandal at herefordshire.gov.uk Tue Oct 16 13:52:16 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Oct 16 13:52:36 2007 Subject: Bug evaluating rulesets with the MailScanner command? In-Reply-To: <223f97700710160459j61e0c950ve2e023f823e147df@mail.gmail.com> References: <223f97700710160459j61e0c950ve2e023f823e147df@mail.gmail.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA01E04E0E@HC-MBX02.herefordshire.gov.uk> #MailScanner --value=virusscanning --from=glenn.steen@ap1.se --to=glenn.steen@ap1.se --ip=172.16.0.1 Can't call method "DFileName" on an undefined value at /usr/lib/MailScanner/MailScanner/SMDiskStore.pm line 90. # MailScanner --lint Checking version numbers... Version number in MailScanner.conf (4.64.3) is correct. Yup, it's still broken. I mentioned this on the list not that long ago, to zero response. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Glenn Steen > Sent: 16 October 2007 13:00 > To: MailScanner discussion > Subject: Bug evaluating rulesets with the MailScanner command? > > Hi Jules&everyone, > > I thought I'd give Paul Houselander the usual "use MailScanner to > check your rulesets" line, with some examples... Just to get the > following: > > # MailScanner --value=virusscanning --from=glenn.steen@ap1.se > --to=glenn.steen@ap1.se --ip=172.16.0.1 > Can't call method "HDFileName" on an undefined value at > /usr/lib/MailScanner/MailScanner/PFDiskStore.pm line 88. > # > > Ok I thought, perhaps the same fix as for the --lint problem would > help, so I changed > $_='sendmail' if $WantLintOnly; > to > $_='sendmail' if $WantLintOnly or $WantRuleCheck; > ,,, and then got: > # MailScanner --value=virusscanning --from=glenn.steen@ap1.se > --to=glenn.steen@ap1.se --ip=172.16.0.1 > Can't call method "DFileName" on an undefined value at > /usr/lib/MailScanner/MailScanner/SMDiskStore.pm line 90. > # > > Hmmm. What "undefined value"? $id is definitely set to "1" ... > > I'm lagging a bit, running 4.62.9 in production on a Mandriva 2007, > but couldn't find anything in the ChangeLog that would affect this ... > and can't remember seeing anything on the list either... > > Could someone please corroborate that this indeed is a problem? And > perhaps help find a fix? I'm thoroughly swamped, as is... Bl**dy > Oracle update... > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From hvdkooij at vanderkooij.org Tue Oct 16 14:28:22 2007 From: hvdkooij at vanderkooij.org (hvdkooij@vanderkooij.org) Date: Tue Oct 16 14:28:43 2007 Subject: Ruleset Woe In-Reply-To: <47149A60.802@ecs.soton.ac.uk> References: <90b72305504723448bd775aecb259980@solidstatelogic.com> <47149A60.802@ecs.soton.ac.uk> Message-ID: <4714BC76.2070705@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > Martin.Hepworth wrote: > >> The default line needs to go last. > > Not true. Doesn't matter where the default line goes. >> MS works through the rulesets till it find a hit then stops. > > True. It uses the default value if *no* other rules hit. >> If it finds a default line first if will never evaluate any rule after that. > > Not true, see above. As a human reader I prefer to have a catch-all line like that at the end. It makes more sense to me that way. But it is more a matter of taste and common logic I guess. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHFLx0BvzDRVjxmYERAuOlAJ0W1RHEVzQNui8mpZhL8mjESwZJYgCfeI3S +xZtbUTCYveElV3Czi06KXM= =nVRr -----END PGP SIGNATURE----- From glenn.steen at gmail.com Tue Oct 16 14:45:12 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Oct 16 14:45:15 2007 Subject: Bug evaluating rulesets with the MailScanner command? In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA01E04E0E@HC-MBX02.herefordshire.gov.uk> References: <223f97700710160459j61e0c950ve2e023f823e147df@mail.gmail.com> <7EF0EE5CB3B263488C8C18823239BEBA01E04E0E@HC-MBX02.herefordshire.gov.uk> Message-ID: <223f97700710160645u667fc98flda278781765a122f@mail.gmail.com> On 16/10/2007, Randal, Phil wrote: > #MailScanner --value=virusscanning --from=glenn.steen@ap1.se > --to=glenn.steen@ap1.se --ip=172.16.0.1 > Can't call method "DFileName" on an undefined value at > /usr/lib/MailScanner/MailScanner/SMDiskStore.pm line 90. > > # MailScanner --lint > Checking version numbers... > Version number in MailScanner.conf (4.64.3) is correct. > > Yup, it's still broken. > > I mentioned this on the list not that long ago, to zero response. > > Cheers, > > Phil > Thanks Phil, for the confirmation, and sorry for missing your earlier report. Jules, could you please have a look? This is (IMO) a nifty thing, when debugging rulesets... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martinh at solidstatelogic.com Tue Oct 16 14:56:59 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Oct 16 14:57:05 2007 Subject: MySQL Error on Mailscanner load In-Reply-To: <1399216863.20071011152903@SYO.Com> Message-ID: <81ca7203fbbd4a498a45c0abfdd859ed@solidstatelogic.com> Jason Same directory as you're database, normally 'server'.err -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jason Gottschalk > Sent: 11 October 2007 20:29 > To: MailScanner discussion > Subject: Re[2]: MySQL Error on Mailscanner load > > Hello Martin.Hepworth, > > Where is the log? > > > Thursday, October 11, 2007, 2:04:19 PM, you wrote: > Martin.Hepworth> Jason > > Martin.Hepworth> Have a look in the mysql error log, should have some > clues.. > > -- > Best regards, > Jason Gottschalk mailto:Jason@SYO.Com > SYO Computer Engineering Services, Inc. > 586-286-2557 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From craigwhite at azapple.com Tue Oct 16 16:09:00 2007 From: craigwhite at azapple.com (Craig White) Date: Tue Oct 16 16:09:17 2007 Subject: building on Red Hat EL v 5 In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA01E04D44@HC-MBX02.herefordshire.gov.uk> References: <1192487411.8445.16.camel@lin-workstation.azapple.com> <7EF0EE5CB3B263488C8C18823239BEBA01E04D44@HC-MBX02.herefordshire.gov.uk> Message-ID: <1192547340.27692.12.camel@lin-workstation.azapple.com> That is not a very good solution. The perl package itself has perl-Test-Simple built in so the 'forced' install is unnecessary if not injurious. Craig On Tue, 2007-10-16 at 09:57 +0100, Randal, Phil wrote: > Not such a big problem, though a nuisance. > > I've added > > exclude=perl-MIME-Base64 perl-Test-Simple > > to my /etc/yum.repos.d/rpmforge.repo file as a workaround. > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Craig White > > Sent: 15 October 2007 23:30 > > To: MailScanner discussion > > Subject: building on Red Hat EL v 5 > > > > Actually...this system is CentOS-5 > > > > # rpm -q > > --whatprovides > > /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/APR/Base64.pm > > mod_perl-2.0.2-6.3.el5 > > > > this one is worse... > > > > # rpm -q --whatprovides /usr/share/man/man3/Test\:\:Simple.3pm.gz > > perl-5.8.8-10 > > perl-Test-Simple-0.70-1 > > > > apparently new mailscanner is forcing the install of these items... > > > > # rpm -q mailscanner > > mailscanner-4.64.3-2 > > > > Thus the forcing of perl-Test-Simple and perl-MIME-Base64 are > > a problem > > - especially when you want to update. > > > > Craig > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > From ssilva at sgvwater.com Tue Oct 16 16:11:08 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Oct 16 16:17:30 2007 Subject: MCP info In-Reply-To: <20071016095844.M98551@yatta-it.com> References: <20071016095844.M98551@yatta-it.com> Message-ID: on 10/16/2007 3:03 AM Phil spake the following: > Hi all, > > I'm using MCP to have the best filter from MS. > > I use only two methods to catch them > > > header RULE1 Subject =~ /wrote\:/i > describe RULE1 Banned Subject "wrote:" > score RULE1 4 > > body RULE2 /An incredible announcement/i > describe RULE2 Banned Body "An incredible announcement" > score RULE2 4 > > > Anyone have hints about keywords to use MCP in a better way? > > I search internet to find out the documentation of that CF file but I did'n have > success... > > many Thanks > > Phil > MCP is more of a local ruleset. It would be different for every site. Some sites might want to stop different things than others. Since it spawns another spamassassin process for MCP, you want to only use it to catch stuff that you can't get with regular spamassassin rules. You can use any rules you would set in regular spamassassin, but with the new rules action commands that Julian added, you can probably do the same thing in your regular spamassassin process and save the extra spamassassin fork. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Tue Oct 16 16:05:57 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Oct 16 16:18:43 2007 Subject: Ruleset Woe {Scanned by Allteks Mailsafe} In-Reply-To: References: <471491A5.1090500@vanderkooij.org> Message-ID: on 10/16/2007 4:16 AM Paul Houselander spake the following: >> Paul Houselander wrote: >> >>> I have a script that runs on a server that sends a daily csv >> file containing >>> info about all the mail thats been blocked for a particluar domain. >>> >>> Since I started using the sane security clam definitions this mail keeps >>> getting flagged as a virus. >>> >>> Ive tried to use rulesets to exclude this particluar email from >> being virus >>> checked >> What information did you get from the message headers? >> What information did you get fom the logs? >> >> These 2 should give you a better insight how a message was handled. >> >> And never forget that whatever happens to be on the To: or From: line >> may not be at all what is used to deliver the message. So your rules may >> not work the way you think because you might be looking at the wrong >> addresses. >> >> Think of it as snailmail. The postman only looks at the envelope to >> deliver the message. MailScanner is the bastard in the middle that scans >> the same envelopes and decides who is going to read the messages besides >> you. That is where your rules come to play. >> >> Like this one passes the CIA and the FBI. The next one one we do not >> touch. The third one is looked at by the CIA and DEA. And so on. >> >> Hugo. >> > > Thanks for the reply, ive reviewed the headers and they show the To: address > the same as the one im using in the ruleset. The log shows the same "To" > address and also 127.0.0.1 as the relaying host. > > Im at a loss as to what to try next, it looks pretty straight forward > > FromOrTo: default no > From: 127.0.0.1 no > From: admin@domain.com no > To: *@differentdomain.com yes > > I just cant see why its still scanning the message, I changed the To address > to an external address not dealt with on my system and the mail went through > without being scanned so its picking up on the To address even though I said > anything From admin@domain.com should not be scanned! > > Any other ideals? > > CHeers > > Paul > > You can set MailScanner to set headers for the envelope address. It can help you to see what MailScanner actually works on. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mgaudreault at reference.qc.ca Tue Oct 16 20:50:20 2007 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Tue Oct 16 20:50:27 2007 Subject: Installed 4.64.3 but no init.d script Message-ID: <6DD6B2C8A11BFC4092A148347F6126B8412685@jupiter.reference.local> I installed MailScanner v4.64.3 from the .tar.gz file but I can't find the init script. It's now in /etc/init.d Where it should be ? Maxime Gaudreault Technicien R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071016/0e07355d/attachment.html From ssilva at sgvwater.com Wed Oct 17 00:40:51 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 17 00:41:15 2007 Subject: Debug on a production server In-Reply-To: <470F2E97.1010508@ecs.soton.ac.uk> References: <20071011110924.GE2121@ubuntu> <470E3FB4.1070807@syska.dk> <470E5D88.2050902@syska.dk> <470E733F.8040800@syska.dk> <470E89DC.2040808@syska.dk> <470F2E97.1010508@ecs.soton.ac.uk> Message-ID: on 10/12/2007 1:21 AM Julian Field spake the following: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Scott Silva wrote: >> on 10/11/2007 1:38 PM Mikael Syska spake the following: >>> Scott Silva wrote: >>>> on 10/11/2007 12:02 PM Mikael Syska spake the following: >>>>> Ugo Bellavance wrote: >>>>>> Mikael Syska wrote: >>>>>>> Hi, >>>>>>>>> There does not seem to be much info on this ... and my scan >>>>>>>>> times are also rather high ... not that its a problem atm ... >>>>>>>>> but it could be in the future :-( >>>>>>>> Please provide more information: >>>>>>>> >>>>>>>> Hardware >>>>>>> OS: FreeBSD 7 ( yes its current, but 6.4 did not perform very >>>>>>> disk with the SAS 5iR controller >>>>>>> 2GB ram >>>>>>> Dual Core Intel Xeon 3060 2.40 Ghz >>>>>>>> # of child processes >>>>>>> 8 >>>>>>>> scan times of full batches. >>>>>>> Oct 11 18:48:58 spam02 MailScanner[72858]: Batch (15 messages) >>>>>>> processed in 89.57 seconds >>>>>>> Oct 11 18:49:08 spam02 MailScanner[72872]: Batch (15 messages) >>>>>>> processed in 88.72 seconds >>>>>>> Oct 11 18:49:10 spam02 MailScanner[72854]: Batch (15 messages) >>>>>>> processed in 106.89 seconds >>>>>>> Oct 11 18:49:19 spam02 MailScanner[72865]: Batch (15 messages) >>>>>>> processed in 105.85 seconds >>>>>> Looks fine. Is there a reason why you use 15 message batches? >>>>> you mean instead of 30 .... >>>>> >>>>> Some performance turning I read on the wiki ... but t does not seem >>>>> to have any effect on my system ... so it will do up to deafult again. >>>>>>>> Using RBLs at MTA >>>>>>> nope ... we have had very bad exprerience with that ... both >>>>>>> tried spamcop and spamhaus ... both have to many FP here in >>>>>>> denmark .... >>>>>> Spamcop is FP-prone, but I've never heard of a FP in north america >>>>>> for spamhaus. >>>>> Then you are a lucky man ... >>>>> >>>>> since the server aint that overloaded I dont see any reason to risk >>>>> getting any FP ... >>>>>>> Its not a problem that I takes so long time .. just saw the >>>>>>> message about the patch and wandered if that would make a diff on >>>>>>> my scan times ... >>>>>> Ok, I doubt so. Did you put the MailScanner working dir and /tmp >>>>>> in memory (tmpfs on linux)? >>>>> no ... its on the disk ... and since every mail could be far too >>>>> important I dont intend to use it .... >>>> Tmpfs is absolutely safe on mailscanner if you follow the wiki and >>>> only put the mailscanner incoming directory there. And the speed >>>> increase is very noticeable, especially in virus and spam scanning. >>>> Mailscanner does not actually remove any messages. It sees the >>>> message in mqueue.in, extracts it to incoming, does its work, and if >>>> messages are clean it hard links it to mqueue and then unlinks from >>>> mqueue.in. So there is no chance of mailscanner losing a message. If >>>> it dies at any point up to the unlink, the original message is in >>>> mqueue.in waiting to be processed again. >>> You mention the wiki ... I can only see >>> http://wiki.mailscanner.info/doku.php and a link to: >>> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/120.html witch >>> does not seem to work. >>> >>> and there does not seem to be anything about tmpfs ... if ... then >>> I'm not able to find it ... >>> >> Julian, >> Do you have any of this old material ( like >> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/120.html) >> archived somewhere? >> I would be willing to spend some time fixing this up if I had the >> content to put in. >> I don't want to go from memory, as I will probably get something >> really wonky. >> > Thank you very much, it's greatly appreciated! > The old material is now online again at > http://www.sng.ecs.soton.ac.uk/mailscanner.archive/serve/cache/ > If you could get it added to the wiki (the useful bits, anyway :-) that > would be great. > There is much outdated info in here. I will need to spend more time trying to fix it up where I can, and post links to parts that I need experts in that area (postfix, exim, sql, etc...) to clean up. I will also try to leave docs as generic as possibe, and not use full paths, since they are different from rpm and tarball installs. Julian, Are you going to leave the old cache up for a while, or are you going to remove it soon? I thought about fixing links into the old docs at first until I can fix the entire section. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From steve.swaney at fsl.com Wed Oct 17 00:59:06 2007 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Oct 17 01:00:14 2007 Subject: Debug on a production server In-Reply-To: References: <20071011110924.GE2121@ubuntu> <470E3FB4.1070807@syska.dk> <470E5D88.2050902@syska.dk> <470E733F.8040800@syska.dk> <470E89DC.2040808@syska.dk> <470F2E97.1010508@ecs.soton.ac.uk> Message-ID: <05ea01c81050$8954e710$9bfeb530$@swaney@fsl.com> Scott, Count us (the whole team - they're lots of us here now thanks to Julian's MailScanner) if you need specific help. Best regards, Steve Steve Swaney Fort Systems Ltd. Steve@fsl.com www.fsl.com > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Scott Silva > Sent: Tuesday, October 16, 2007 7:41 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: Debug on a production server > > on 10/12/2007 1:21 AM Julian Field spake the following: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > > > > Scott Silva wrote: > >> on 10/11/2007 1:38 PM Mikael Syska spake the following: > >>> Scott Silva wrote: > >>>> on 10/11/2007 12:02 PM Mikael Syska spake the following: > >>>>> Ugo Bellavance wrote: > >>>>>> Mikael Syska wrote: > >>>>>>> Hi, > >>>>>>>>> There does not seem to be much info on this ... and my scan > >>>>>>>>> times are also rather high ... not that its a problem atm ... > >>>>>>>>> but it could be in the future :-( > >>>>>>>> Please provide more information: > >>>>>>>> > >>>>>>>> Hardware > >>>>>>> OS: FreeBSD 7 ( yes its current, but 6.4 did not perform very > >>>>>>> disk with the SAS 5iR controller > >>>>>>> 2GB ram > >>>>>>> Dual Core Intel Xeon 3060 2.40 Ghz > >>>>>>>> # of child processes > >>>>>>> 8 > >>>>>>>> scan times of full batches. > >>>>>>> Oct 11 18:48:58 spam02 MailScanner[72858]: Batch (15 messages) > >>>>>>> processed in 89.57 seconds > >>>>>>> Oct 11 18:49:08 spam02 MailScanner[72872]: Batch (15 messages) > >>>>>>> processed in 88.72 seconds > >>>>>>> Oct 11 18:49:10 spam02 MailScanner[72854]: Batch (15 messages) > >>>>>>> processed in 106.89 seconds > >>>>>>> Oct 11 18:49:19 spam02 MailScanner[72865]: Batch (15 messages) > >>>>>>> processed in 105.85 seconds > >>>>>> Looks fine. Is there a reason why you use 15 message batches? > >>>>> you mean instead of 30 .... > >>>>> > >>>>> Some performance turning I read on the wiki ... but t does not > seem > >>>>> to have any effect on my system ... so it will do up to deafult > again. > >>>>>>>> Using RBLs at MTA > >>>>>>> nope ... we have had very bad exprerience with that ... both > >>>>>>> tried spamcop and spamhaus ... both have to many FP here in > >>>>>>> denmark .... > >>>>>> Spamcop is FP-prone, but I've never heard of a FP in north > america > >>>>>> for spamhaus. > >>>>> Then you are a lucky man ... > >>>>> > >>>>> since the server aint that overloaded I dont see any reason to > risk > >>>>> getting any FP ... > >>>>>>> Its not a problem that I takes so long time .. just saw the > >>>>>>> message about the patch and wandered if that would make a diff > on > >>>>>>> my scan times ... > >>>>>> Ok, I doubt so. Did you put the MailScanner working dir and /tmp > >>>>>> in memory (tmpfs on linux)? > >>>>> no ... its on the disk ... and since every mail could be far too > >>>>> important I dont intend to use it .... > >>>> Tmpfs is absolutely safe on mailscanner if you follow the wiki and > >>>> only put the mailscanner incoming directory there. And the speed > >>>> increase is very noticeable, especially in virus and spam > scanning. > >>>> Mailscanner does not actually remove any messages. It sees the > >>>> message in mqueue.in, extracts it to incoming, does its work, and > if > >>>> messages are clean it hard links it to mqueue and then unlinks > from > >>>> mqueue.in. So there is no chance of mailscanner losing a message. > If > >>>> it dies at any point up to the unlink, the original message is in > >>>> mqueue.in waiting to be processed again. > >>> You mention the wiki ... I can only see > >>> http://wiki.mailscanner.info/doku.php and a link to: > >>> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/120.html > witch > >>> does not seem to work. > >>> > >>> and there does not seem to be anything about tmpfs ... if ... then > >>> I'm not able to find it ... > >>> > >> Julian, > >> Do you have any of this old material ( like > >> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/120.html) > >> archived somewhere? > >> I would be willing to spend some time fixing this up if I had the > >> content to put in. > >> I don't want to go from memory, as I will probably get something > >> really wonky. > >> > > Thank you very much, it's greatly appreciated! > > The old material is now online again at > > http://www.sng.ecs.soton.ac.uk/mailscanner.archive/serve/cache/ > > If you could get it added to the wiki (the useful bits, anyway :-) > that > > would be great. > > > There is much outdated info in here. I will need to spend more time > trying to > fix it up where I can, and post links to parts that I need experts in > that > area (postfix, exim, sql, etc...) to clean up. > I will also try to leave docs as generic as possibe, and not use full > paths, > since they are different from rpm and tarball installs. > > Julian, > Are you going to leave the old cache up for a while, or are you going > to > remove it soon? I thought about fixing links into the old docs at first > until > I can fix the entire section. > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Oct 17 10:17:14 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 17 10:17:33 2007 Subject: Debug on a production server In-Reply-To: References: <20071011110924.GE2121@ubuntu> <470E3FB4.1070807@syska.dk> <470E5D88.2050902@syska.dk> <470E733F.8040800@syska.dk> <470E89DC.2040808@syska.dk> <470F2E97.1010508@ecs.soton.ac.uk> Message-ID: <4715D31A.9070109@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > on 10/12/2007 1:21 AM Julian Field spake the following: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Scott Silva wrote: >>> on 10/11/2007 1:38 PM Mikael Syska spake the following: >>>> Scott Silva wrote: >>>>> on 10/11/2007 12:02 PM Mikael Syska spake the following: >>>>>> Ugo Bellavance wrote: >>>>>>> Mikael Syska wrote: >>>>>>>> Hi, >>>>>>>>>> There does not seem to be much info on this ... and my scan >>>>>>>>>> times are also rather high ... not that its a problem atm ... >>>>>>>>>> but it could be in the future :-( >>>>>>>>> Please provide more information: >>>>>>>>> >>>>>>>>> Hardware >>>>>>>> OS: FreeBSD 7 ( yes its current, but 6.4 did not perform very >>>>>>>> disk with the SAS 5iR controller >>>>>>>> 2GB ram >>>>>>>> Dual Core Intel Xeon 3060 2.40 Ghz >>>>>>>>> # of child processes >>>>>>>> 8 >>>>>>>>> scan times of full batches. >>>>>>>> Oct 11 18:48:58 spam02 MailScanner[72858]: Batch (15 messages) >>>>>>>> processed in 89.57 seconds >>>>>>>> Oct 11 18:49:08 spam02 MailScanner[72872]: Batch (15 messages) >>>>>>>> processed in 88.72 seconds >>>>>>>> Oct 11 18:49:10 spam02 MailScanner[72854]: Batch (15 messages) >>>>>>>> processed in 106.89 seconds >>>>>>>> Oct 11 18:49:19 spam02 MailScanner[72865]: Batch (15 messages) >>>>>>>> processed in 105.85 seconds >>>>>>> Looks fine. Is there a reason why you use 15 message batches? >>>>>> you mean instead of 30 .... >>>>>> >>>>>> Some performance turning I read on the wiki ... but t does not >>>>>> seem to have any effect on my system ... so it will do up to >>>>>> deafult again. >>>>>>>>> Using RBLs at MTA >>>>>>>> nope ... we have had very bad exprerience with that ... both >>>>>>>> tried spamcop and spamhaus ... both have to many FP here in >>>>>>>> denmark .... >>>>>>> Spamcop is FP-prone, but I've never heard of a FP in north >>>>>>> america for spamhaus. >>>>>> Then you are a lucky man ... >>>>>> >>>>>> since the server aint that overloaded I dont see any reason to >>>>>> risk getting any FP ... >>>>>>>> Its not a problem that I takes so long time .. just saw the >>>>>>>> message about the patch and wandered if that would make a diff >>>>>>>> on my scan times ... >>>>>>> Ok, I doubt so. Did you put the MailScanner working dir and /tmp >>>>>>> in memory (tmpfs on linux)? >>>>>> no ... its on the disk ... and since every mail could be far too >>>>>> important I dont intend to use it .... >>>>> Tmpfs is absolutely safe on mailscanner if you follow the wiki and >>>>> only put the mailscanner incoming directory there. And the speed >>>>> increase is very noticeable, especially in virus and spam scanning. >>>>> Mailscanner does not actually remove any messages. It sees the >>>>> message in mqueue.in, extracts it to incoming, does its work, and >>>>> if messages are clean it hard links it to mqueue and then unlinks >>>>> from mqueue.in. So there is no chance of mailscanner losing a >>>>> message. If it dies at any point up to the unlink, the original >>>>> message is in mqueue.in waiting to be processed again. >>>> You mention the wiki ... I can only see >>>> http://wiki.mailscanner.info/doku.php and a link to: >>>> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/120.html >>>> witch does not seem to work. >>>> >>>> and there does not seem to be anything about tmpfs ... if ... then >>>> I'm not able to find it ... >>>> >>> Julian, >>> Do you have any of this old material ( like >>> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/120.html) >>> archived somewhere? >>> I would be willing to spend some time fixing this up if I had the >>> content to put in. >>> I don't want to go from memory, as I will probably get something >>> really wonky. >>> >> Thank you very much, it's greatly appreciated! >> The old material is now online again at >> http://www.sng.ecs.soton.ac.uk/mailscanner.archive/serve/cache/ >> If you could get it added to the wiki (the useful bits, anyway :-) >> that would be great. >> > There is much outdated info in here. I will need to spend more time > trying to fix it up where I can, and post links to parts that I need > experts in that area (postfix, exim, sql, etc...) to clean up. > I will also try to leave docs as generic as possibe, and not use full > paths, since they are different from rpm and tarball installs. > > Julian, > Are you going to leave the old cache up for a while, or are you going > to remove it soon? I thought about fixing links into the old docs at > first until I can fix the entire section. > I'll leave all the old stuff up there for as long as you need it, don't worry. Many thanks for your help, Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHFdMbEfZZRxQVtlQRAtYqAKDV4luYAtLEVvADiD5JXg4wSF0Y5wCfdbxP VR7JpiGYY8hH2EhJ1CFpfTY= =YejL -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Wed Oct 17 10:23:06 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 17 10:23:34 2007 Subject: Installed 4.64.3 but no init.d script In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B8412685@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B8412685@jupiter.reference.local> Message-ID: <4715D47A.5080202@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Did you install from the rpm.tar.gz distribution (as you should have done if you're installing on an RPM-based system)? Maxime Gaudreault wrote: > > I installed MailScanner v4.64.3 from the .tar.gz file but I can't find > the init script. It's now in /etc/init.d > > > > Where it should be ? > > > > *Maxime Gaudreault* > > Technicien > > _ _ > > R?f?rence Syst?mes inc. > > T?l. : 418.650.0997 > > T?l?c. : 418.650.9668 > > Courriel : _mgaudreault_@reference.qc.ca > > > Site Internet : http://www.reference.qc.ca/ > > > > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHFdR6EfZZRxQVtlQRAhPiAKCxA38zXuVeRymXKLBAvg+3T7hWSQCgrV+o rsI0icVwYj6F8pnOmClj03Q= =OoE2 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From maillists at conactive.com Wed Oct 17 11:32:01 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Oct 17 11:32:04 2007 Subject: SpamHaus DROP list In-Reply-To: References: <4713AC05.5010409@nkpanama.com> <4713CF21.4000901@vanderkooij.org> <4713DE1A.3040403@fsl.com> Message-ID: Scott Silva wrote on Mon, 15 Oct 2007 15:43:36 -0700: > I don't see any mention of the DROP list being in any zones on the spamhaus > site. Can you verify this with some links to info? Well, it should be part of it by definition as it is a subset of what is in PBL. The FAQ tells the same: http://www.spamhaus.org/faq/answers.lasso?section=DROP%20FAQ Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed Oct 17 11:32:01 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Oct 17 11:32:05 2007 Subject: SpamHaus DROP list In-Reply-To: <471443C3.9050900@nkpanama.com> References: <700133.10206.qm@web33309.mail.mud.yahoo.com> <47141779.3060907@nkpanama.com> <49288.70.80.222.193.1192500061.squirrel@courrier.cegep-ste-foy.qc.ca> <471443C3.9050900@nkpanama.com> Message-ID: There is another good reason for firewalling: these subsets surely don't originate only spamming attacks. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed Oct 17 11:32:01 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Oct 17 11:32:08 2007 Subject: SpamHaus DROP list In-Reply-To: <700133.10206.qm@web33309.mail.mud.yahoo.com> References: <700133.10206.qm@web33309.mail.mud.yahoo.com> Message-ID: Michael Mansour wrote on Tue, 16 Oct 2007 07:57:46 +1000 (EST): > I've never had complaints from anyone from getting blocked from those IP's, since they are IP's which have been hijacked. Rather in complaints I'd be interested if it is worth it. Do you (=anyone reading this thread) have any idea how many of your Zen hits (assuming you use Zen) are in this subset? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From glenn.steen at gmail.com Wed Oct 17 11:41:23 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Oct 17 11:41:27 2007 Subject: Installed 4.64.3 but no init.d script In-Reply-To: <4715D47A.5080202@ecs.soton.ac.uk> References: <6DD6B2C8A11BFC4092A148347F6126B8412685@jupiter.reference.local> <4715D47A.5080202@ecs.soton.ac.uk> Message-ID: <223f97700710170341m689bb3dfpfe0de35fde25e596@mail.gmail.com> On 17/10/2007, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Did you install from the rpm.tar.gz distribution (as you should have > done if you're installing on an RPM-based system)? Maxime is on Debian, and went with the tarball on my recommendation, more or less:-). The init script on that distro is either a do-it-yourself thing, or something you have to get from as recent a .deb as you can... You just might find something useful if you search the list (I haven't)... Not sure that a Redhat-ish init-script would work OK "out of the box"... But perhaps not that hard to ... adapt...:-) > Maxime Gaudreault wrote: > > > > I installed MailScanner v4.64.3 from the .tar.gz file but I can't find > > the init script. It's now in /etc/init.d > > > > > > > > Where it should be ? > > > > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From hvdkooij at vanderkooij.org Wed Oct 17 12:00:43 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Oct 17 12:01:09 2007 Subject: SpamHaus DROP list In-Reply-To: References: <700133.10206.qm@web33309.mail.mud.yahoo.com> Message-ID: <4715EB5B.5050402@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kai Schaetzl wrote: > Michael Mansour wrote on Tue, 16 Oct 2007 07:57:46 +1000 (EST): > >> I've never had complaints from anyone from getting blocked from those IP's, since > they are IP's which have been hijacked. > > Rather in complaints I'd be interested if it is worth it. Do you (=anyone reading > this thread) have any idea how many of your Zen hits (assuming you use Zen) are in > this subset? I put my filter in front of other blacklists. And I did notice some hits since I started this. Like: Oct 17 00:16:21 balin postfix/smtpd[16000]: NOQUEUE: reject: RCPT from host105.200-117-38.telecom.net.ar[200.117.38.105]: 554 5.7.1 Service unavailable; Client host [200.117.38.105] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=200.117.38.105; from= to= proto=ESMTP helo= Oct 17 01:16:34 balin postfix/smtpd[29159]: NOQUEUE: reject: RCPT from unknown[196.204.154.39]: 554 5.7.1 Service unavailable; Client host [196.204.154.39] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=196.204.154.39; from= to= proto=SMTP helo= I guess they would propably be shot on ERS (Trend Micro RBL) or on ZEN. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHFetZBvzDRVjxmYERAocxAKCD7JstGb0SOK2G4CcHtgMgyUYwKQCeKmfw 0yNeLroOgNgdBo1EvZQinQ0= =3TaV -----END PGP SIGNATURE----- From ms-list at alexb.ch Wed Oct 17 12:28:12 2007 From: ms-list at alexb.ch (Alex Broens) Date: Wed Oct 17 12:28:22 2007 Subject: SpamHaus DROP list In-Reply-To: <4715EB5B.5050402@vanderkooij.org> References: <700133.10206.qm@web33309.mail.mud.yahoo.com> <4715EB5B.5050402@vanderkooij.org> Message-ID: <4715F1CC.2040807@alexb.ch> On 10/17/2007 1:00 PM, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Kai Schaetzl wrote: >> Michael Mansour wrote on Tue, 16 Oct 2007 07:57:46 +1000 (EST): >> >>> I've never had complaints from anyone from getting blocked from those IP's, since >> they are IP's which have been hijacked. >> >> Rather in complaints I'd be interested if it is worth it. Do you (=anyone reading >> this thread) have any idea how many of your Zen hits (assuming you use Zen) are in >> this subset? > > I put my filter in front of other blacklists. And I did notice some hits > since I started this. Like: > > Oct 17 00:16:21 balin postfix/smtpd[16000]: NOQUEUE: reject: RCPT from > host105.200-117-38.telecom.net.ar[200.117.38.105]: 554 5.7.1 Service > unavailable; Client host [200.117.38.105] blocked using > zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=200.117.38.105; > from= to= proto=ESMTP > helo= > Oct 17 01:16:34 balin postfix/smtpd[29159]: NOQUEUE: reject: RCPT from > unknown[196.204.154.39]: 554 5.7.1 Service unavailable; Client host > [196.204.154.39] blocked using zen.spamhaus.org; > http://www.spamhaus.org/query/bl?ip=196.204.154.39; > from= to= > proto=SMTP helo= > > I guess they would propably be shot on ERS (Trend Micro RBL) or on ZEN. > I wonder why you don't use reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_non_fqdn_hostname, SMTP helo= and similar would have been blocked by "reject_non_fqdn_hostname" before RBL checks - less load on RBLs, faster processing. Alex From maillists at conactive.com Wed Oct 17 12:32:02 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Oct 17 12:32:06 2007 Subject: building on Red Hat EL v 5 In-Reply-To: <1192487411.8445.16.camel@lin-workstation.azapple.com> References: <1192487411.8445.16.camel@lin-workstation.azapple.com> Message-ID: Craig White wrote on Mon, 15 Oct 2007 15:30:11 -0700: > apparently new mailscanner is forcing the install of these items... It's been doing this since long. Just install the mailscanner.rpm by it's own with --nodeps and nothing else. I've asked several times to just provide the mailscanner.rpm for updates alternatively for those people who do not want to force all this stuff on their PCs, but Jules doesn't listen. There's really no reason that this stuff should get forced on most Linux distributions. Also, version-specific dependencies are not necessary. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mgaudreault at reference.qc.ca Wed Oct 17 14:46:49 2007 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Wed Oct 17 14:46:55 2007 Subject: Installed 4.64.3 but no init.d script In-Reply-To: <4715D47A.5080202@ecs.soton.ac.uk> References: <6DD6B2C8A11BFC4092A148347F6126B8412685@jupiter.reference.local> <4715D47A.5080202@ecs.soton.ac.uk> Message-ID: <6DD6B2C8A11BFC4092A148347F6126B84126D9@jupiter.reference.local> No I installed it on Debian from the .tar.gz Maxime Gaudreault Technicien ?????????????????????????????????????????????????? R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: October 17, 2007 05:23 To: MailScanner discussion Subject: Re: Installed 4.64.3 but no init.d script -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Did you install from the rpm.tar.gz distribution (as you should have done if you're installing on an RPM-based system)? Maxime Gaudreault wrote: > > I installed MailScanner v4.64.3 from the .tar.gz file but I can't find > the init script. It's now in /etc/init.d > > > > Where it should be ? > > > > *Maxime Gaudreault* > > Technicien > > _ _ > > R?f?rence Syst?mes inc. > > T?l. : 418.650.0997 > > T?l?c. : 418.650.9668 > > Courriel : _mgaudreault_@reference.qc.ca > > > Site Internet : http://www.reference.qc.ca/ > > > > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHFdR6EfZZRxQVtlQRAhPiAKCxA38zXuVeRymXKLBAvg+3T7hWSQCgrV+o rsI0icVwYj6F8pnOmClj03Q= =OoE2 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Oct 17 15:40:17 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 17 15:40:39 2007 Subject: Bug evaluating rulesets with the MailScanner command? In-Reply-To: <223f97700710160645u667fc98flda278781765a122f@mail.gmail.com> References: <223f97700710160459j61e0c950ve2e023f823e147df@mail.gmail.com> <7EF0EE5CB3B263488C8C18823239BEBA01E04E0E@HC-MBX02.herefordshire.gov.uk> <223f97700710160645u667fc98flda278781765a122f@mail.gmail.com> Message-ID: <47161ED1.8070502@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: > On 16/10/2007, Randal, Phil wrote: > >> #MailScanner --value=virusscanning --from=glenn.steen@ap1.se >> --to=glenn.steen@ap1.se --ip=172.16.0.1 >> Can't call method "DFileName" on an undefined value at >> /usr/lib/MailScanner/MailScanner/SMDiskStore.pm line 90. >> >> # MailScanner --lint >> Checking version numbers... >> Version number in MailScanner.conf (4.64.3) is correct. >> >> Yup, it's still broken. >> >> I mentioned this on the list not that long ago, to zero response. >> >> Cheers, >> >> Phil >> >> > Thanks Phil, for the confirmation, and sorry for missing your earlier report. > > Jules, could you please have a look? > Sure thing, will do. I'll try to find time to take a look tonight. If you don't hear anything by 8pm GMT, email me. > This is (IMO) a nifty thing, when debugging rulesets... > > Cheers > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHFh7SEfZZRxQVtlQRAs+vAJ9wScCr3MJTSuxqxBKrnBaLJG54ggCeII75 Ph78fEkqSGOzI9UyVJXfC88= =tzcY -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Wed Oct 17 15:43:26 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 17 15:43:42 2007 Subject: Installed 4.64.3 but no init.d script In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B84126D9@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B8412685@jupiter.reference.local> <4715D47A.5080202@ecs.soton.ac.uk> <6DD6B2C8A11BFC4092A148347F6126B84126D9@jupiter.reference.local> Message-ID: <47161F8E.9040208@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You should be able to get the init.d script out of the (old) Debian distributed version, then remove the package again and use your .tar.gz-based distribution. Can someone post me the Debian init.d script please so I can post it on the website to avoid this exact problem? Thanks guys! Jules. Maxime Gaudreault wrote: > No I installed it on Debian from the .tar.gz > > Maxime Gaudreault > Technicien > > R?f?rence Syst?mes inc. > T?l. : 418.650.0997 > T?l?c. : 418.650.9668 > Courriel : mgaudreault@reference.qc.ca > Site Internet : http://www.reference.qc.ca/ > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: October 17, 2007 05:23 > To: MailScanner discussion > Subject: Re: Installed 4.64.3 but no init.d script > > > * PGP Signed by an unmatched address: 10/17/07 at 10:23:06 > > Did you install from the rpm.tar.gz distribution (as you should have > done if you're installing on an RPM-based system)? > > Maxime Gaudreault wrote: > >> I installed MailScanner v4.64.3 from the .tar.gz file but I can't find >> the init script. It's now in /etc/init.d >> >> >> >> Where it should be ? >> >> >> >> *Maxime Gaudreault* >> >> Technicien >> >> _ _ >> >> R?f?rence Syst?mes inc. >> >> T?l. : 418.650.0997 >> >> T?l?c. : 418.650.9668 >> >> Courriel : _mgaudreault_@reference.qc.ca >> >> >> Site Internet : http://www.reference.qc.ca/ >> >> >> >> >> >> > > Jules > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHFh+OEfZZRxQVtlQRAvnPAJ9aBeI/NoA9mlv08bceg9G17VONoACeKFpW CPrBrLk2h5abjCUziq1/+CE= =7Xb0 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From alex at nkpanama.com Wed Oct 17 15:43:49 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Wed Oct 17 15:44:15 2007 Subject: SpamHaus DROP list In-Reply-To: References: <700133.10206.qm@web33309.mail.mud.yahoo.com> <47141779.3060907@nkpanama.com> <49288.70.80.222.193.1192500061.squirrel@courrier.cegep-ste-foy.qc.ca> <471443C3.9050900@nkpanama.com> Message-ID: <47161FA5.4020907@nkpanama.com> Kai Schaetzl wrote: > There is another good reason for firewalling: these subsets surely don't > originate only spamming attacks. > > Kai > That's what I tried to say with my last post. From craigwhite at azapple.com Wed Oct 17 15:54:21 2007 From: craigwhite at azapple.com (Craig White) Date: Wed Oct 17 15:54:46 2007 Subject: building on Red Hat EL v 5 In-Reply-To: References: <1192487411.8445.16.camel@lin-workstation.azapple.com> Message-ID: <1192632861.32761.4.camel@lin-workstation.azapple.com> On Wed, 2007-10-17 at 13:32 +0200, Kai Schaetzl wrote: > Craig White wrote on Mon, 15 Oct 2007 15:30:11 -0700: > > > apparently new mailscanner is forcing the install of these items... > > It's been doing this since long. Just install the mailscanner.rpm by it's > own with --nodeps and nothing else. I've asked several times to just > provide the mailscanner.rpm for updates alternatively for those people who > do not want to force all this stuff on their PCs, but Jules doesn't > listen. There's really no reason that this stuff should get forced on most > Linux distributions. Also, version-specific dependencies are not > necessary. ---- that seems to not comport with my understanding as I think it's pretty clear that Jules listens. As for mailscanner only, the noarch source rpm is in the tarball and you could simply build that by itself and not execute install.sh so that is clearly a choice that one makes. I don't do things like --nodeps for obvious reasons. I was trying to feed back to Jules that the forced install of perl-Test-Simple and perl-MIME-Base64 are not only unnecessary on RHEL v5 (and clone OS's) but really need to be removed after installation of MailScanner because they are forced and create a maintenance headache. Craig From MailScanner at ecs.soton.ac.uk Wed Oct 17 16:00:44 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 17 16:01:02 2007 Subject: Bug evaluating rulesets with the MailScanner command? In-Reply-To: <223f97700710160645u667fc98flda278781765a122f@mail.gmail.com> References: <223f97700710160459j61e0c950ve2e023f823e147df@mail.gmail.com> <7EF0EE5CB3B263488C8C18823239BEBA01E04E0E@HC-MBX02.herefordshire.gov.uk> <223f97700710160645u667fc98flda278781765a122f@mail.gmail.com> Message-ID: <4716239C.70303@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've just fixed this problem, it will be in the next release. Glenn Steen wrote: > On 16/10/2007, Randal, Phil wrote: > >> #MailScanner --value=virusscanning --from=glenn.steen@ap1.se >> --to=glenn.steen@ap1.se --ip=172.16.0.1 >> Can't call method "DFileName" on an undefined value at >> /usr/lib/MailScanner/MailScanner/SMDiskStore.pm line 90. >> >> # MailScanner --lint >> Checking version numbers... >> Version number in MailScanner.conf (4.64.3) is correct. >> >> Yup, it's still broken. >> >> I mentioned this on the list not that long ago, to zero response. >> >> Cheers, >> >> Phil >> >> > Thanks Phil, for the confirmation, and sorry for missing your earlier report. > > Jules, could you please have a look? > This is (IMO) a nifty thing, when debugging rulesets... > > Cheers > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHFiOcEfZZRxQVtlQRAlJ7AJ9SsIkgaw3us7k7KFhvsCvx7lCNcgCgylmD BjQJR8hwuMNFAnv4xJglMRw= =tssV -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From mgaudreault at reference.qc.ca Wed Oct 17 16:33:32 2007 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Wed Oct 17 16:33:43 2007 Subject: Postfix queue fulling up Message-ID: <6DD6B2C8A11BFC4092A148347F6126B84126F3@jupiter.reference.local> I have a serious problem with my antispam gateway. The postfix queue is fulling up. It gets to 200-300 and even sometime more than 2000 mails in the queue. The server is a HP BL20P G4. CPU: Intel(R) Xeon(TM) CPU 2.80GHz 1Gb RAM I noticed that the load average is about 2.0. If I check with "htop" I often see MailScanner: spam list or MailScanner: Checking with spamassassin using 100% of CPU. RAM is used to 50%. MailScanner version: 4.64.3 SpamAssassin version: 3.1.7-2 (from Debian repos.) I use FuzzyOCR, razor and DCC. I rarely had this problem before using razor and dcc and before upgrading to MS 4.64.3. Here are some config from MailScanner.conf Max Children = 5 Queue Scan Interval = 6 Restart Every = 14400 Max Unscanned Bytes Per Scan = 100000000 Max Unsafe Bytes Per Scan = 50000000 Max Unscanned Messages Per Scan = 30 Max Unsafe Messages Per Scan = 30 I'm thinking of adding a 2nd CPU but I want to know if I can change some settings to fix the problem Thanks and sorry for my very bad english Maxime Gaudreault Technicien R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071017/e3b24c5d/attachment.html From ssilva at sgvwater.com Wed Oct 17 16:45:16 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 17 16:50:15 2007 Subject: Debug on a production server In-Reply-To: <4715D31A.9070109@ecs.soton.ac.uk> References: <20071011110924.GE2121@ubuntu> <470E3FB4.1070807@syska.dk> <470E5D88.2050902@syska.dk> <470E733F.8040800@syska.dk> <470E89DC.2040808@syska.dk> <470F2E97.1010508@ecs.soton.ac.uk> <4715D31A.9070109@ecs.soton.ac.uk> Message-ID: on 10/17/2007 2:17 AM Julian Field spake the following: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Scott Silva wrote: >> on 10/12/2007 1:21 AM Julian Field spake the following: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> >>> >>> Scott Silva wrote: >>>> on 10/11/2007 1:38 PM Mikael Syska spake the following: >>>>> Scott Silva wrote: >>>>>> on 10/11/2007 12:02 PM Mikael Syska spake the following: >>>>>>> Ugo Bellavance wrote: >>>>>>>> Mikael Syska wrote: >>>>>>>>> Hi, >>>>>>>>>>> There does not seem to be much info on this ... and my scan >>>>>>>>>>> times are also rather high ... not that its a problem atm ... >>>>>>>>>>> but it could be in the future :-( >>>>>>>>>> Please provide more information: >>>>>>>>>> >>>>>>>>>> Hardware >>>>>>>>> OS: FreeBSD 7 ( yes its current, but 6.4 did not perform very >>>>>>>>> disk with the SAS 5iR controller >>>>>>>>> 2GB ram >>>>>>>>> Dual Core Intel Xeon 3060 2.40 Ghz >>>>>>>>>> # of child processes >>>>>>>>> 8 >>>>>>>>>> scan times of full batches. >>>>>>>>> Oct 11 18:48:58 spam02 MailScanner[72858]: Batch (15 messages) >>>>>>>>> processed in 89.57 seconds >>>>>>>>> Oct 11 18:49:08 spam02 MailScanner[72872]: Batch (15 messages) >>>>>>>>> processed in 88.72 seconds >>>>>>>>> Oct 11 18:49:10 spam02 MailScanner[72854]: Batch (15 messages) >>>>>>>>> processed in 106.89 seconds >>>>>>>>> Oct 11 18:49:19 spam02 MailScanner[72865]: Batch (15 messages) >>>>>>>>> processed in 105.85 seconds >>>>>>>> Looks fine. Is there a reason why you use 15 message batches? >>>>>>> you mean instead of 30 .... >>>>>>> >>>>>>> Some performance turning I read on the wiki ... but t does not >>>>>>> seem to have any effect on my system ... so it will do up to >>>>>>> deafult again. >>>>>>>>>> Using RBLs at MTA >>>>>>>>> nope ... we have had very bad exprerience with that ... both >>>>>>>>> tried spamcop and spamhaus ... both have to many FP here in >>>>>>>>> denmark .... >>>>>>>> Spamcop is FP-prone, but I've never heard of a FP in north >>>>>>>> america for spamhaus. >>>>>>> Then you are a lucky man ... >>>>>>> >>>>>>> since the server aint that overloaded I dont see any reason to >>>>>>> risk getting any FP ... >>>>>>>>> Its not a problem that I takes so long time .. just saw the >>>>>>>>> message about the patch and wandered if that would make a diff >>>>>>>>> on my scan times ... >>>>>>>> Ok, I doubt so. Did you put the MailScanner working dir and /tmp >>>>>>>> in memory (tmpfs on linux)? >>>>>>> no ... its on the disk ... and since every mail could be far too >>>>>>> important I dont intend to use it .... >>>>>> Tmpfs is absolutely safe on mailscanner if you follow the wiki and >>>>>> only put the mailscanner incoming directory there. And the speed >>>>>> increase is very noticeable, especially in virus and spam scanning. >>>>>> Mailscanner does not actually remove any messages. It sees the >>>>>> message in mqueue.in, extracts it to incoming, does its work, and >>>>>> if messages are clean it hard links it to mqueue and then unlinks >>>>>> from mqueue.in. So there is no chance of mailscanner losing a >>>>>> message. If it dies at any point up to the unlink, the original >>>>>> message is in mqueue.in waiting to be processed again. >>>>> You mention the wiki ... I can only see >>>>> http://wiki.mailscanner.info/doku.php and a link to: >>>>> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/120.html >>>>> witch does not seem to work. >>>>> >>>>> and there does not seem to be anything about tmpfs ... if ... then >>>>> I'm not able to find it ... >>>>> >>>> Julian, >>>> Do you have any of this old material ( like >>>> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/120.html) >>>> archived somewhere? >>>> I would be willing to spend some time fixing this up if I had the >>>> content to put in. >>>> I don't want to go from memory, as I will probably get something >>>> really wonky. >>>> >>> Thank you very much, it's greatly appreciated! >>> The old material is now online again at >>> http://www.sng.ecs.soton.ac.uk/mailscanner.archive/serve/cache/ >>> If you could get it added to the wiki (the useful bits, anyway :-) >>> that would be great. >>> >> There is much outdated info in here. I will need to spend more time >> trying to fix it up where I can, and post links to parts that I need >> experts in that area (postfix, exim, sql, etc...) to clean up. >> I will also try to leave docs as generic as possibe, and not use full >> paths, since they are different from rpm and tarball installs. >> >> Julian, >> Are you going to leave the old cache up for a while, or are you going >> to remove it soon? I thought about fixing links into the old docs at >> first until I can fix the entire section. >> > I'll leave all the old stuff up there for as long as you need it, don't > worry. > Many thanks for your help, > I DL'd a copy so I can look through it on my lappy. A lot of it is very old (anybody need to run MailScanner on RedHat 9?). -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Oct 17 16:53:36 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 17 16:55:10 2007 Subject: SpamHaus DROP list In-Reply-To: References: <4713AC05.5010409@nkpanama.com> <4713CF21.4000901@vanderkooij.org> <4713DE1A.3040403@fsl.com> Message-ID: on 10/17/2007 3:32 AM Kai Schaetzl spake the following: > Scott Silva wrote on Mon, 15 Oct 2007 15:43:36 -0700: > >> I don't see any mention of the DROP list being in any zones on the spamhaus >> site. Can you verify this with some links to info? > > Well, it should be part of it by definition as it is a subset of what is in > PBL. The FAQ tells the same: > http://www.spamhaus.org/faq/answers.lasso?section=DROP%20FAQ > > Kai > It looks like 2 different things. The PBL is contributed to by block owners that state what ranges of their address space shouldn't relay mail, and the drop list is created by spamhaus over hijacked or (completely controlled by spammers) space. It looks like it will be much better when they get it into BGP routes with ASN numbering so ISP's can just choose to blackhole it easily. With IP4 running out of numbers, someone needs to figure out how to get back all that "wasted" space to legitimate uses. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From hvdkooij at vanderkooij.org Wed Oct 17 17:02:24 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Oct 17 17:02:41 2007 Subject: SpamHaus DROP list In-Reply-To: References: <4713AC05.5010409@nkpanama.com> <4713CF21.4000901@vanderkooij.org> <4713DE1A.3040403@fsl.com> Message-ID: <47163210.2090501@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > on 10/17/2007 3:32 AM Kai Schaetzl spake the following: >> Scott Silva wrote on Mon, 15 Oct 2007 15:43:36 -0700: >> >>> I don't see any mention of the DROP list being in any zones on the >>> spamhaus site. Can you verify this with some links to info? >> >> Well, it should be part of it by definition as it is a subset of what >> is in PBL. The FAQ tells the same: >> http://www.spamhaus.org/faq/answers.lasso?section=DROP%20FAQ >> >> Kai >> > It looks like 2 different things. The PBL is contributed to by block > owners that state what ranges of their address space shouldn't relay > mail, and the drop list is created by spamhaus over hijacked or > (completely controlled by spammers) space. > > It looks like it will be much better when they get it into BGP routes > with ASN numbering so ISP's can just choose to blackhole it easily. > > With IP4 running out of numbers, someone needs to figure out how to get > back all that "wasted" space to legitimate uses. That time would be better spend in migrating to IPv6. It is there. It is alive. I use it mainly to communicate localy and to my hosted servers in differentl colo's. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHFjIOBvzDRVjxmYERAkzZAJ9Rnm9+jAaO22O1S18EkpBWC/st7QCglfMD mWq6CIOwTpWfCq6g8iUxRhE= =l335 -----END PGP SIGNATURE----- From ssilva at sgvwater.com Wed Oct 17 17:11:16 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 17 17:15:54 2007 Subject: Installed 4.64.3 but no init.d script In-Reply-To: <47161F8E.9040208@ecs.soton.ac.uk> References: <6DD6B2C8A11BFC4092A148347F6126B8412685@jupiter.reference.local> <4715D47A.5080202@ecs.soton.ac.uk> <6DD6B2C8A11BFC4092A148347F6126B84126D9@jupiter.reference.local> <47161F8E.9040208@ecs.soton.ac.uk> Message-ID: on 10/17/2007 7:43 AM Julian Field spake the following: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > You should be able to get the init.d script out of the (old) Debian > distributed version, then remove the package again and use your > .tar.gz-based distribution. > > Can someone post me the Debian init.d script please so I can post it on > the website to avoid this exact problem? > > Thanks guys! > Jules. Here you go! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: mailscanner_debian_init.tgz Type: application/x-compressed Size: 1471 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071017/fd007ec1/mailscanner_debian_init.bin From ssilva at sgvwater.com Wed Oct 17 17:17:58 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 17 17:20:15 2007 Subject: Postfix queue fulling up In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B84126F3@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B84126F3@jupiter.reference.local> Message-ID: on 10/17/2007 8:33 AM Maxime Gaudreault spake the following: > I have a serious problem with my antispam gateway. The postfix queue is > fulling up. It gets to 200-300 and even sometime more than 2000 mails in > the queue. > > > > The server is a HP BL20P G4. CPU: Intel(R) Xeon(TM) CPU 2.80GHz > > 1Gb RAM > > > > I noticed that the load average is about 2.0. If I check with "htop" I > often see MailScanner: spam list or MailScanner: Checking with > spamassassin using 100% of CPU. RAM is used to 50%. > > > > MailScanner version: 4.64.3 > > SpamAssassin version: 3.1.7-2 (from Debian repos.) > > > > I use FuzzyOCR, razor and DCC. I rarely had this problem before using > razor and dcc and before upgrading to MS 4.64.3. > > > > Here are some config from MailScanner.conf > > > > Max Children = 5 > > Queue Scan Interval = 6 > > Restart Every = 14400 > > Max Unscanned Bytes Per Scan = 100000000 > > Max Unsafe Bytes Per Scan = 50000000 > > Max Unscanned Messages Per Scan = 30 > > Max Unsafe Messages Per Scan = 30 > > > > I'm thinking of adding a 2^nd CPU but I want to know if I can change > some settings to fix the problem Also look back in the archives and make sure you aren't using spam lists that are no longer in use. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mgaudreault at reference.qc.ca Wed Oct 17 17:20:14 2007 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Wed Oct 17 17:20:21 2007 Subject: Installed 4.64.3 but no init.d script In-Reply-To: References: <6DD6B2C8A11BFC4092A148347F6126B8412685@jupiter.reference.local> <4715D47A.5080202@ecs.soton.ac.uk> <6DD6B2C8A11BFC4092A148347F6126B84126D9@jupiter.reference.local><47161F8E.9040208@ecs.soton.ac.uk> Message-ID: <6DD6B2C8A11BFC4092A148347F6126B84126F4@jupiter.reference.local> Thanks a lot Jules! Maxime Gaudreault Technicien ?????????????????????????????????????????????????? R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva Sent: October 17, 2007 12:11 To: mailscanner@lists.mailscanner.info Subject: Re: Installed 4.64.3 but no init.d script on 10/17/2007 7:43 AM Julian Field spake the following: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > You should be able to get the init.d script out of the (old) Debian > distributed version, then remove the package again and use your > .tar.gz-based distribution. > > Can someone post me the Debian init.d script please so I can post it > on the website to avoid this exact problem? > > Thanks guys! > Jules. Here you go! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Oct 17 17:21:43 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 17 17:25:06 2007 Subject: SpamHaus DROP list In-Reply-To: <47163210.2090501@vanderkooij.org> References: <4713AC05.5010409@nkpanama.com> <4713CF21.4000901@vanderkooij.org> <4713DE1A.3040403@fsl.com> <47163210.2090501@vanderkooij.org> Message-ID: on 10/17/2007 9:02 AM Hugo van der Kooij spake the following: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Scott Silva wrote: >> on 10/17/2007 3:32 AM Kai Schaetzl spake the following: >>> Scott Silva wrote on Mon, 15 Oct 2007 15:43:36 -0700: >>> >>>> I don't see any mention of the DROP list being in any zones on the >>>> spamhaus site. Can you verify this with some links to info? >>> Well, it should be part of it by definition as it is a subset of what >>> is in PBL. The FAQ tells the same: >>> http://www.spamhaus.org/faq/answers.lasso?section=DROP%20FAQ >>> >>> Kai >>> >> It looks like 2 different things. The PBL is contributed to by block >> owners that state what ranges of their address space shouldn't relay >> mail, and the drop list is created by spamhaus over hijacked or >> (completely controlled by spammers) space. >> >> It looks like it will be much better when they get it into BGP routes >> with ASN numbering so ISP's can just choose to blackhole it easily. >> >> With IP4 running out of numbers, someone needs to figure out how to get >> back all that "wasted" space to legitimate uses. > > That time would be better spend in migrating to IPv6. It is there. It is > alive. I use it mainly to communicate localy and to my hosted servers in > differentl colo's. > > Hugo. I agree. But until the entire world is using V6, we still need to use V4. I don't have time to count all the numbers on the drop list, but I would guess it was over 250,000 potential crap sources pounding on our doors with both fists! ;-) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Oct 17 17:13:47 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 17 17:30:36 2007 Subject: Postfix queue fulling up In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B84126F3@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B84126F3@jupiter.reference.local> Message-ID: on 10/17/2007 8:33 AM Maxime Gaudreault spake the following: > I have a serious problem with my antispam gateway. The postfix queue is > fulling up. It gets to 200-300 and even sometime more than 2000 mails in > the queue. > > > > The server is a HP BL20P G4. CPU: Intel(R) Xeon(TM) CPU 2.80GHz > > 1Gb RAM > > > > I noticed that the load average is about 2.0. If I check with "htop" I > often see MailScanner: spam list or MailScanner: Checking with > spamassassin using 100% of CPU. RAM is used to 50%. > > > > MailScanner version: 4.64.3 > > SpamAssassin version: 3.1.7-2 (from Debian repos.) > > > > I use FuzzyOCR, razor and DCC. I rarely had this problem before using > razor and dcc and before upgrading to MS 4.64.3. > > > > Here are some config from MailScanner.conf > > > > Max Children = 5 > > Queue Scan Interval = 6 > > Restart Every = 14400 > > Max Unscanned Bytes Per Scan = 100000000 > > Max Unsafe Bytes Per Scan = 50000000 > > Max Unscanned Messages Per Scan = 30 > > Max Unsafe Messages Per Scan = 30 > > > > I'm thinking of adding a 2^nd CPU but I want to know if I can change > some settings to fix the problem > Have you run through the optimizing steps on the wiki? http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From steinkel at pa.net Wed Oct 17 17:53:52 2007 From: steinkel at pa.net (Leland J. Steinke) Date: Wed Oct 17 17:53:59 2007 Subject: IronMail experience? In-Reply-To: <470291DC.5040904@pa.net> References: <470291DC.5040904@pa.net> Message-ID: <47163E20.8090409@pa.net> Leland J. Steinke wrote: > > Could anybody on the list with recent experience with IronMail [1] in an > ISP setting give me their impressions? If there is interest, I will > summarize to the list. > Here is a summary of all the responses I received regarding experience with IronMail: Thanks to all who replied. ;-) It should be an interesting conversation with the SecureComputing salesman. Leland [1] http://www.securecomputing.com/index.cfm?skey=1612 From uxbod at splatnix.net Wed Oct 17 18:00:34 2007 From: uxbod at splatnix.net (UxBoD) Date: Wed Oct 17 18:06:47 2007 Subject: Postfix queue fulling up In-Reply-To: Message-ID: <14247956.1351192640434675.JavaMail.root@office.splatnix.net> FuzzyOCR uses quite a lot of RAM aswell. Have you configured it so that it will not process images if the SA score is already greater than your threshold ? 1GB of RAM is pretty low to be honest. Instead of a second processor, IMHO I was add at least another 1GB of RAM. At work we process 150k messages per day and I got them to buy a new server with two dual core Opterons and 8GB of RAM. Okay, this sounds over-spec'd but we have a lot of SA rules and plugins and never ever have a queue. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Scott Silva" To: mailscanner@lists.mailscanner.info Sent: Wednesday, October 17, 2007 4:13:47 PM (GMT) Africa/Casablanca Subject: Re: Postfix queue fulling up on 10/17/2007 8:33 AM Maxime Gaudreault spake the following: > I have a serious problem with my antispam gateway. The postfix queue is > fulling up. It gets to 200-300 and even sometime more than 2000 mails in > the queue. > > > > The server is a HP BL20P G4. CPU: Intel(R) Xeon(TM) CPU 2.80GHz > > 1Gb RAM > > > > I noticed that the load average is about 2.0. If I check with "htop" I > often see MailScanner: spam list or MailScanner: Checking with > spamassassin using 100% of CPU. RAM is used to 50%. > > > > MailScanner version: 4.64.3 > > SpamAssassin version: 3.1.7-2 (from Debian repos.) > > > > I use FuzzyOCR, razor and DCC. I rarely had this problem before using > razor and dcc and before upgrading to MS 4.64.3. > > > > Here are some config from MailScanner.conf > > > > Max Children = 5 > > Queue Scan Interval = 6 > > Restart Every = 14400 > > Max Unscanned Bytes Per Scan = 100000000 > > Max Unsafe Bytes Per Scan = 50000000 > > Max Unscanned Messages Per Scan = 30 > > Max Unsafe Messages Per Scan = 30 > > > > I'm thinking of adding a 2^nd CPU but I want to know if I can change > some settings to fix the problem > Have you run through the optimizing steps on the wiki? http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Oct 17 18:09:20 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 17 18:09:47 2007 Subject: building on Red Hat EL v 5 In-Reply-To: <1192632861.32761.4.camel@lin-workstation.azapple.com> References: <1192487411.8445.16.camel@lin-workstation.azapple.com> <1192632861.32761.4.camel@lin-workstation.azapple.com> Message-ID: <471641C0.5050200@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Craig White wrote: > On Wed, 2007-10-17 at 13:32 +0200, Kai Schaetzl wrote: >> Craig White wrote on Mon, 15 Oct 2007 15:30:11 -0700: >> >>> apparently new mailscanner is forcing the install of these >>> items... >> It's been doing this since long. Just install the mailscanner.rpm >> by it's own with --nodeps and nothing else. I've asked several >> times to just provide the mailscanner.rpm for updates >> alternatively for those people who do not want to force all this >> stuff on their PCs, but Jules doesn't listen. There's really no >> reason that this stuff should get forced on most Linux >> distributions. Also, version-specific dependencies are not >> necessary. > ---- that seems to not comport with my understanding as I think > it's pretty clear that Jules listens. > > As for mailscanner only, the noarch source rpm is in the tarball > and you could simply build that by itself and not execute > install.sh so that is clearly a choice that one makes. I don't do > things like --nodeps for obvious reasons. > > I was trying to feed back to Jules that the forced install of > perl-Test-Simple and perl-MIME-Base64 are not only unnecessary on > RHEL v5 (and clone OS's) But they are needed on things other than RHEL5. What's the best way of detecting RHEL5 and all its clones? > but really need to be removed after installation of MailScanner > because they are forced and create a maintenance headache. > > Craig > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHFkG/EfZZRxQVtlQRAnmLAJ9sZ79q69R6uA1fxia1l/uUTzoczQCfRLrg lypTWNPsLso1hRrfiUlPnTo= =Boyd -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ugob at lubik.ca Wed Oct 17 18:00:49 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Wed Oct 17 18:14:41 2007 Subject: Postfix queue fulling up In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B84126F3@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B84126F3@jupiter.reference.local> Message-ID: Maxime Gaudreault wrote: > I have a serious problem with my antispam gateway. The postfix queue is > fulling up. It gets to 200-300 and even sometime more than 2000 mails in > the queue. > > > > The server is a HP BL20P G4. CPU: Intel(R) Xeon(TM) CPU 2.80GHz > > 1Gb RAM > > > > I noticed that the load average is about 2.0. If I check with "htop" I > often see MailScanner: spam list or MailScanner: Checking with > spamassassin using 100% of CPU. RAM is used to 50%. > > > > MailScanner version: 4.64.3 > > SpamAssassin version: 3.1.7-2 (from Debian repos.) > > > > I use FuzzyOCR, razor and DCC. I rarely had this problem before using > razor and dcc and before upgrading to MS 4.64.3. > I'm thinking of adding a 2^nd CPU but I want to know if I can change > some settings to fix the problem This looks like a network problem. When INQ goes up and load is low, that usually means that network congestion is the source. Does your FW block outbound ports? You need open ports for dcc, pyzor, razor. Are your DNS queries answered quickly? Ugo From MailScanner at ecs.soton.ac.uk Wed Oct 17 18:16:42 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 17 18:17:01 2007 Subject: Installed 4.64.3 but no init.d script In-Reply-To: References: <6DD6B2C8A11BFC4092A148347F6126B8412685@jupiter.reference.local> <4715D47A.5080202@ecs.soton.ac.uk> <6DD6B2C8A11BFC4092A148347F6126B84126D9@jupiter.reference.local> <47161F8E.9040208@ecs.soton.ac.uk> Message-ID: <4716437A.6090608@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It is accessible from the downloads page on www.mailscanner.info. Scott Silva wrote: > on 10/17/2007 7:43 AM Julian Field spake the following: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> You should be able to get the init.d script out of the (old) >> Debian distributed version, then remove the package again and use >> your .tar.gz-based distribution. >> >> Can someone post me the Debian init.d script please so I can post >> it on the website to avoid this exact problem? >> >> Thanks guys! Jules. > Here you go! > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHFkN5EfZZRxQVtlQRAoU/AKD2F3iMRWmkrDn693lCtF3ziwJmowCg5dQI 6OafZL/rrqKP7ksofWfmDqk= =VCab -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Wed Oct 17 18:18:14 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 17 18:26:38 2007 Subject: IronMail experience? In-Reply-To: <47163E20.8090409@pa.net> References: <470291DC.5040904@pa.net> <47163E20.8090409@pa.net> Message-ID: on 10/17/2007 9:53 AM Leland J. Steinke spake the following: > Leland J. Steinke wrote: >> >> Could anybody on the list with recent experience with IronMail [1] in >> an ISP setting give me their impressions? If there is interest, I >> will summarize to the list. >> > Here is a summary of all the responses I received regarding experience > with IronMail: > > > > > Thanks to all who replied. ;-) It should be an interesting > conversation with the SecureComputing salesman. > > > Leland > [1] http://www.securecomputing.com/index.cfm?skey=1612 > I'm surprised you didn't get at least one "I dumped|switched|left it for MailScanner" -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From hvdkooij at vanderkooij.org Wed Oct 17 18:53:11 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Oct 17 18:53:35 2007 Subject: building on Red Hat EL v 5 In-Reply-To: <471641C0.5050200@ecs.soton.ac.uk> References: <1192487411.8445.16.camel@lin-workstation.azapple.com> <1192632861.32761.4.camel@lin-workstation.azapple.com> <471641C0.5050200@ecs.soton.ac.uk> Message-ID: <47164C07.4050207@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > But they are needed on things other than RHEL5. > What's the best way of detecting RHEL5 and all its clones? $ cat /etc/redhat-release CentOS release 5 (Final) I have just asked if anyone is working on MailScanner for rpmforge. If no one is doing so I will give it a shot. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHFkwGBvzDRVjxmYERAoBFAJ9OmUKgNx6R3cquw3GFh935/ItdugCguFMG iEH2kGz12mxndoWBDDBsznQ= =Ykdb -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Wed Oct 17 18:56:43 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Oct 17 18:57:05 2007 Subject: IronMail experience? In-Reply-To: References: <470291DC.5040904@pa.net> <47163E20.8090409@pa.net> Message-ID: <47164CDB.1030208@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > on 10/17/2007 9:53 AM Leland J. Steinke spake the following: >> Leland J. Steinke wrote: >>> >>> Could anybody on the list with recent experience with IronMail [1] in >>> an ISP setting give me their impressions? If there is interest, I >>> will summarize to the list. >>> >> Here is a summary of all the responses I received regarding experience >> with IronMail: >> >> >> >> >> Thanks to all who replied. ;-) It should be an interesting >> conversation with the SecureComputing salesman. >> >> >> Leland >> [1] http://www.securecomputing.com/index.cfm?skey=1612 >> > I'm surprised you didn't get at least one "I dumped|switched|left it for > MailScanner" I guess they are used in environments where the admin hardly is any better then a smart user. I notice their tags sometimes when I get hit by spam or misconfigured systems. Not exactly the way they might want to advertise their product. ;-) Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHFkzZBvzDRVjxmYERArmbAJ9ZIwYgo5JR8fZfeR4d6gKIdTIukQCghPWJ ZZa9gBw9qEbWhC7cXUiaFkw= =/eUe -----END PGP SIGNATURE----- From Denis.Beauchemin at USherbrooke.ca Wed Oct 17 19:01:42 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Oct 17 19:02:29 2007 Subject: building on Red Hat EL v 5 In-Reply-To: <47164C07.4050207@vanderkooij.org> References: <1192487411.8445.16.camel@lin-workstation.azapple.com> <1192632861.32761.4.camel@lin-workstation.azapple.com> <471641C0.5050200@ecs.soton.ac.uk> <47164C07.4050207@vanderkooij.org> Message-ID: <47164E06.40903@USherbrooke.ca> Hugo van der Kooij a ?crit : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Julian Field wrote: > > >> But they are needed on things other than RHEL5. >> What's the best way of detecting RHEL5 and all its clones? >> > > $ cat /etc/redhat-release > CentOS release 5 (Final) > > > cat /etc/redhat-release Red Hat Enterprise Linux Server release 5 (Tikanga) Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From rcooper at dwford.com Wed Oct 17 19:06:13 2007 From: rcooper at dwford.com (Rick Cooper) Date: Wed Oct 17 19:06:21 2007 Subject: building on Red Hat EL v 5 In-Reply-To: <471641C0.5050200@ecs.soton.ac.uk> References: <1192487411.8445.16.camel@lin-workstation.azapple.com> <1192632861.32761.4.camel@lin-workstation.azapple.com> <471641C0.5050200@ecs.soton.ac.uk> Message-ID: <18a401c810e8$67e706b0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Julian Field > Sent: Wednesday, October 17, 2007 1:09 PM > To: MailScanner discussion > Subject: Re: building on Red Hat EL v 5 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Craig White wrote: > > On Wed, 2007-10-17 at 13:32 +0200, Kai Schaetzl wrote: > >> Craig White wrote on Mon, 15 Oct 2007 15:30:11 -0700: > >> [...] > > I was trying to feed back to Jules that the forced install of > > perl-Test-Simple and perl-MIME-Base64 are not only unnecessary on > > RHEL v5 (and clone OS's) > But they are needed on things other than RHEL5. > What's the best way of detecting RHEL5 and all its clones? > > > but really need to be removed after installation of MailScanner > > because they are forced and create a maintenance headache. > > > > Craig > > > > Jules You can get that information from /etc/redhat-release I don't know the format for vendors other than CentOS (whitebox etc) but I am sure someone out there can provide it. Centos would be: CentOS release MajorVersion.MinorRelease (final|other) Redhat example: Red Hat Enterprise Linux ES release 3 (Taroon Update 1) Perhaps RHEL and clone users could post their /etc/redhat-release contents? Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Wed Oct 17 19:33:59 2007 From: rcooper at dwford.com (Rick Cooper) Date: Wed Oct 17 19:34:03 2007 Subject: building on Red Hat EL v 5 In-Reply-To: <18a401c810e8$67e706b0$0301a8c0@SAHOMELT> References: <1192487411.8445.16.camel@lin-workstation.azapple.com> <1192632861.32761.4.camel@lin-workstation.azapple.com><471641C0.5050200@ecs.soton.ac.uk> <18a401c810e8$67e706b0$0301a8c0@SAHOMELT> Message-ID: <18b001c810ec$48aa3660$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Rick Cooper > Sent: Wednesday, October 17, 2007 2:06 PM > To: 'MailScanner discussion' > Subject: RE: building on Red Hat EL v 5 > > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Julian Field > > Sent: Wednesday, October 17, 2007 1:09 PM > > To: MailScanner discussion > > Subject: Re: building on Red Hat EL v 5 > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > > > > But they are needed on things other than RHEL5. > > What's the best way of detecting RHEL5 and all its clones? > > > > > but really need to be removed after installation of MailScanner > > > because they are forced and create a maintenance headache. > > > > > > Craig > > > > > > > Jules > > You can get that information from /etc/redhat-release > > I don't know the format for vendors other than CentOS > (whitebox etc) but I > am sure someone out there can provide it. Centos would be: > > CentOS release MajorVersion.MinorRelease (final|other) > > Redhat example: > > Red Hat Enterprise Linux ES release 3 (Taroon Update 1) > > Perhaps RHEL and clone users could post their > /etc/redhat-release contents? > > Rick Replying to myself, actually if /etc/redhat-release exists and you cat /etc/redhat-release| sed "s/.*release \(.\).*/\1/" Should give you major release of RHEL, CentOS and any other clone that follows the Redhat format Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From prandal at herefordshire.gov.uk Wed Oct 17 19:40:24 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Oct 17 19:40:29 2007 Subject: building on Red Hat EL v 5 In-Reply-To: <47164C07.4050207@vanderkooij.org> References: <471641C0.5050200@ecs.soton.ac.uk> <47164C07.4050207@vanderkooij.org> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03CF1B@HC-MBX02.herefordshire.gov.uk> Hugo, I think it's time to repeat my original concerns about putting MailScanner on rpmforge. I'm not against it at all, it's a fab idea, but.... Users will expect (and in my opinion rightfully so) "yum update" to do the right thing. That is, update MailScanner and any dependencies and restart MailScanner. Now, at the moment we have two obstacles to that: upgrade_MailScanner_conf and upgrade_languages_conf. I for one would vote for the default MailScanner install doing this automatically and creating .rpmsave copies of the previous .conf files. Comments anyone? Phil -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Hugo van der Kooij Sent: 17 October 2007 18:53 To: MailScanner discussion Subject: Re: building on Red Hat EL v 5 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > But they are needed on things other than RHEL5. > What's the best way of detecting RHEL5 and all its clones? $ cat /etc/redhat-release CentOS release 5 (Final) I have just asked if anyone is working on MailScanner for rpmforge. If no one is doing so I will give it a shot. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHFkwGBvzDRVjxmYERAoBFAJ9OmUKgNx6R3cquw3GFh935/ItdugCguFMG iEH2kGz12mxndoWBDDBsznQ= =Ykdb -----END PGP SIGNATURE----- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From clacroix at cegep-ste-foy.qc.ca Wed Oct 17 19:51:41 2007 From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix) Date: Wed Oct 17 19:51:49 2007 Subject: building on Red Hat EL v 5 In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA03CF1B@HC-MBX02.herefordshire.gov.uk> References: <471641C0.5050200@ecs.soton.ac.uk> <47164C07.4050207@vanderkooij.org> <7EF0EE5CB3B263488C8C18823239BEBA03CF1B@HC-MBX02.herefordshire.gov.uk> Message-ID: <471659BD.3080408@cegep-ste-foy.qc.ca> Can't we echo a message saying "Don't forget to upgrade your config and language" but then again some people run auto-updates :( Would it break anthing if we force ran them in the %post of the rpm and keep a .rpmsave/timestamp of the config files. I'm interested in this discution as I'll be pushing rhel clone to production soon and i hate to keep -devel packages installed on my machines. later, charles Randal, Phil a ?crit : > Hugo, > > I think it's time to repeat my original concerns about putting > MailScanner on rpmforge. > > I'm not against it at all, it's a fab idea, but.... > > Users will expect (and in my opinion rightfully so) "yum update" to do > the right thing. That is, update MailScanner and any dependencies and > restart MailScanner. > > Now, at the moment we have two obstacles to that: > > upgrade_MailScanner_conf and upgrade_languages_conf. > > I for one would vote for the default MailScanner install doing this > automatically and creating .rpmsave copies of the previous .conf files. > > Comments anyone? > > Phil > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Hugo > van der Kooij > Sent: 17 October 2007 18:53 > To: MailScanner discussion > Subject: Re: building on Red Hat EL v 5 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Julian Field wrote: > > >> But they are needed on things other than RHEL5. >> What's the best way of detecting RHEL5 and all its clones? >> > > $ cat /etc/redhat-release > CentOS release 5 (Final) > > > I have just asked if anyone is working on MailScanner for rpmforge. If > no one is doing so I will give it a shot. > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFHFkwGBvzDRVjxmYERAoBFAJ9OmUKgNx6R3cquw3GFh935/ItdugCguFMG > iEH2kGz12mxndoWBDDBsznQ= > =Ykdb > -----END PGP SIGNATURE----- > From prandal at herefordshire.gov.uk Wed Oct 17 20:03:49 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Oct 17 20:03:56 2007 Subject: building on Red Hat EL v 5 In-Reply-To: <471659BD.3080408@cegep-ste-foy.qc.ca> References: <471641C0.5050200@ecs.soton.ac.uk> <47164C07.4050207@vanderkooij.org><7EF0EE5CB3B263488C8C18823239BEBA03CF1B@HC-MBX02.herefordshire.gov.uk> <471659BD.3080408@cegep-ste-foy.qc.ca> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03CF1E@HC-MBX02.herefordshire.gov.uk> Auto-updates was one of my concerns. But there is still the issue of which is the right approach? Update config files saving a copy of the originals, or not updating and requiring a manual process? Maybe we should have a poll of how many on this list install and run the upgrade scripts without batting an eyelid? I certainly do. And surely it would be worth investing a bit of time (if that's needed) to make the upgrade process simple and "fool" proof? There was an issue of the upgrade_languages_conf not creating a languages.new file if nothing changed, resulting in a bit of a disaster if there wasn't already a languages.new file and you blindly copied languages.new over languages.conf. Cheers, Phil -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Charles Lacroix Sent: 17 October 2007 19:52 To: MailScanner discussion Subject: Re: building on Red Hat EL v 5 Can't we echo a message saying "Don't forget to upgrade your config and language" but then again some people run auto-updates :( Would it break anthing if we force ran them in the %post of the rpm and keep a .rpmsave/timestamp of the config files. I'm interested in this discution as I'll be pushing rhel clone to production soon and i hate to keep -devel packages installed on my machines. later, charles Randal, Phil a ?crit : > Hugo, > > I think it's time to repeat my original concerns about putting > MailScanner on rpmforge. > > I'm not against it at all, it's a fab idea, but.... > > Users will expect (and in my opinion rightfully so) "yum update" to do > the right thing. That is, update MailScanner and any dependencies and > restart MailScanner. > > Now, at the moment we have two obstacles to that: > > upgrade_MailScanner_conf and upgrade_languages_conf. > > I for one would vote for the default MailScanner install doing this > automatically and creating .rpmsave copies of the previous .conf files. > > Comments anyone? > > Phil > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Hugo > van der Kooij > Sent: 17 October 2007 18:53 > To: MailScanner discussion > Subject: Re: building on Red Hat EL v 5 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Julian Field wrote: > > >> But they are needed on things other than RHEL5. >> What's the best way of detecting RHEL5 and all its clones? >> > > $ cat /etc/redhat-release > CentOS release 5 (Final) > > > I have just asked if anyone is working on MailScanner for rpmforge. If > no one is doing so I will give it a shot. > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFHFkwGBvzDRVjxmYERAoBFAJ9OmUKgNx6R3cquw3GFh935/ItdugCguFMG > iEH2kGz12mxndoWBDDBsznQ= > =Ykdb > -----END PGP SIGNATURE----- > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From hvdkooij at vanderkooij.org Wed Oct 17 20:26:50 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Oct 17 20:27:20 2007 Subject: building on Red Hat EL v 5 In-Reply-To: <471659BD.3080408@cegep-ste-foy.qc.ca> References: <471641C0.5050200@ecs.soton.ac.uk> <47164C07.4050207@vanderkooij.org> <7EF0EE5CB3B263488C8C18823239BEBA03CF1B@HC-MBX02.herefordshire.gov.uk> <471659BD.3080408@cegep-ste-foy.qc.ca> Message-ID: <471661FA.9070803@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Charles Lacroix wrote: > > Can't we echo a message saying "Don't forget to upgrade your config and > language" > but then again some people run auto-updates :( Anyone running automatic updates without looking is entitled to all the trouble of this business. That is my rather simple view on the matter. I really like yum. but I never assume it to update each and every config file. But I have done a few MailScanner updates and untill now it works if I do not upgrade the config. I just did not get the extra's untill I did upgrade the config. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHFmHyBvzDRVjxmYERAjJcAJ0YQtRmLRdi97Higjws/+f/2S6AbwCgsgsh yMmBywDh/yFwhY2CUgtCn9k= =poUG -----END PGP SIGNATURE----- From naolson at gmail.com Wed Oct 17 20:57:51 2007 From: naolson at gmail.com (Nathan Olson) Date: Wed Oct 17 20:57:53 2007 Subject: building on Red Hat EL v 5 In-Reply-To: <471661FA.9070803@vanderkooij.org> References: <471641C0.5050200@ecs.soton.ac.uk> <47164C07.4050207@vanderkooij.org> <7EF0EE5CB3B263488C8C18823239BEBA03CF1B@HC-MBX02.herefordshire.gov.uk> <471659BD.3080408@cegep-ste-foy.qc.ca> <471661FA.9070803@vanderkooij.org> Message-ID: <8f54b4330710171257i38102b0elbe38a8150dd794db@mail.gmail.com> I've mentioned multiple times that I have spec files for all the MailScanner and SpamAssassin RPMs needed to install MS + SA by hand while working with RHEL5's included Perl components. No one seems to care. Anyone that upgrades production mail systems automatically deserves what they get. Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071017/8e07b103/attachment.html From ajcartmell at fonant.com Wed Oct 17 21:14:04 2007 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Wed Oct 17 21:14:16 2007 Subject: building on Red Hat EL v 5 In-Reply-To: <47164E06.40903@USherbrooke.ca> References: <1192487411.8445.16.camel@lin-workstation.azapple.com> <1192632861.32761.4.camel@lin-workstation.azapple.com> <471641C0.5050200@ecs.soton.ac.uk> <47164C07.4050207@vanderkooij.org> <47164E06.40903@USherbrooke.ca> Message-ID: cat /etc/redhat-release Fedora Core release 6 (Zod) Anthony -- www.fonant.com - Quality web sites From viralert at fadalto.com Wed Oct 17 22:02:45 2007 From: viralert at fadalto.com (Phil) Date: Wed Oct 17 22:03:07 2007 Subject: MCP info In-Reply-To: References: <20071016095844.M98551@yatta-it.com> Message-ID: <20071017205813.M60914@yatta-it.com> Sorry.. I don't understand what you're telling me. I think to know everything you point out, but I need a guide to write down rules... where I could find spamassassin regular expression documentations? Phil ---------- Original Message ----------- From: Scott Silva To: mailscanner@lists.mailscanner.info Sent: Tue, 16 Oct 2007 08:11:08 -0700 Subject: Re: MCP info > on 10/16/2007 3:03 AM Phil spake the following: > > Hi all, > > > > I'm using MCP to have the best filter from MS. > > > > I use only two methods to catch them > > > > > > header RULE1 Subject =~ /wrote\:/i > > describe RULE1 Banned Subject "wrote:" > > score RULE1 4 > > > > body RULE2 /An incredible announcement/i > > describe RULE2 Banned Body "An incredible announcement" > > score RULE2 4 > > > > > > Anyone have hints about keywords to use MCP in a better way? > > > > I search internet to find out the documentation of that CF file but I did'n have > > success... > > > > many Thanks > > > > Phil > > > MCP is more of a local ruleset. It would be different for every site. Some > sites might want to stop different things than others. > Since it spawns another spamassassin process for MCP, you want to only use it > to catch stuff that you can't get with regular spamassassin rules. > > You can use any rules you would set in regular spamassassin, but with the new > rules action commands that Julian added, you can probably do the same thing in > your regular spamassassin process and save the extra spamassassin fork. > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ------- End of Original Message ------- From glenn.steen at gmail.com Wed Oct 17 22:03:21 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Oct 17 22:03:24 2007 Subject: Bug evaluating rulesets with the MailScanner command? In-Reply-To: <4716239C.70303@ecs.soton.ac.uk> References: <223f97700710160459j61e0c950ve2e023f823e147df@mail.gmail.com> <7EF0EE5CB3B263488C8C18823239BEBA01E04E0E@HC-MBX02.herefordshire.gov.uk> <223f97700710160645u667fc98flda278781765a122f@mail.gmail.com> <4716239C.70303@ecs.soton.ac.uk> Message-ID: <223f97700710171403h37456cf2jf38948567f608103@mail.gmail.com> On 17/10/2007, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I've just fixed this problem, it will be in the next release. Thanks! Might one ask what all that was about? Or will it be obvious when one sees the code?:-) > Glenn Steen wrote: > > On 16/10/2007, Randal, Phil wrote: > > > >> #MailScanner --value=virusscanning --from=glenn.steen@ap1.se > >> --to=glenn.steen@ap1.se --ip=172.16.0.1 > >> Can't call method "DFileName" on an undefined value at > >> /usr/lib/MailScanner/MailScanner/SMDiskStore.pm line 90. > >> > >> # MailScanner --lint > >> Checking version numbers... > >> Version number in MailScanner.conf (4.64.3) is correct. > >> > >> Yup, it's still broken. > >> > >> I mentioned this on the list not that long ago, to zero response. > >> > >> Cheers, > >> > >> Phil > >> > >> > > Thanks Phil, for the confirmation, and sorry for missing your earlier report. > > > > Jules, could you please have a look? > > This is (IMO) a nifty thing, when debugging rulesets... > > > > Cheers > > > > Jules > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Richard.Frovarp at sendit.nodak.edu Wed Oct 17 22:10:45 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Wed Oct 17 22:10:53 2007 Subject: building on Red Hat EL v 5 In-Reply-To: <8f54b4330710171257i38102b0elbe38a8150dd794db@mail.gmail.com> References: <471641C0.5050200@ecs.soton.ac.uk> <47164C07.4050207@vanderkooij.org> <7EF0EE5CB3B263488C8C18823239BEBA03CF1B@HC-MBX02.herefordshire.gov.uk> <471659BD.3080408@cegep-ste-foy.qc.ca> <471661FA.9070803@vanderkooij.org> <8f54b4330710171257i38102b0elbe38a8150dd794db@mail.gmail.com> Message-ID: <47167A55.6080606@sendit.nodak.edu> Nathan Olson wrote: > I've mentioned multiple times that I have spec files for all the > MailScanner > and SpamAssassin RPMs needed to install MS + SA by hand while > working with RHEL5's included Perl components. > No one seems to care. > > Anyone that upgrades production mail systems automatically > deserves what they get. Quick upgrades vs week long upgrades? I also hear your mail is sometimes slow over there. ;) From glenn.steen at gmail.com Wed Oct 17 22:11:34 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Oct 17 22:11:36 2007 Subject: Debug on a production server In-Reply-To: References: <20071011110924.GE2121@ubuntu> <470E733F.8040800@syska.dk> <470E89DC.2040808@syska.dk> <470F2E97.1010508@ecs.soton.ac.uk> <4715D31A.9070109@ecs.soton.ac.uk> Message-ID: <223f97700710171411h585abc31t89515654c319474f@mail.gmail.com> On 17/10/2007, Scott Silva wrote: > on 10/17/2007 2:17 AM Julian Field spake the following: (snip) > > I'll leave all the old stuff up there for as long as you need it, don't > > worry. > > Many thanks for your help, > > > I DL'd a copy so I can look through it on my lappy. A lot of it is very old > (anybody need to run MailScanner on RedHat 9?). > Oh no... Haven't you been reading the list Scott? There actually are people still doing that...:-). When I get another day of the week (8 day weeks ... sounds ... tempting, provided it is one more weekend day...:-) I'll be able to offer to help. When last I looked at the faq-o-matic things, there simply was a huge part that was more or less dated, and a lot that I couldn't say for sure was... useless historical rubbish. And then there was a few pages that seemed worthwhile. Most of those _should_ be in the wiki already, but perhaps in a slightly different guise... So do search the wiki before expending to much effort on any given topic/page. Anyway, it's about time someone does this hard work, so a big THANK YOU pal for starting it. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Oct 17 22:20:42 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Oct 17 22:20:44 2007 Subject: IronMail experience? In-Reply-To: <47164CDB.1030208@vanderkooij.org> References: <470291DC.5040904@pa.net> <47163E20.8090409@pa.net> <47164CDB.1030208@vanderkooij.org> Message-ID: <223f97700710171420r1f6cff94p9135569fd71c1c63@mail.gmail.com> On 17/10/2007, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Scott Silva wrote: > > on 10/17/2007 9:53 AM Leland J. Steinke spake the following: > >> Leland J. Steinke wrote: > >>> > >>> Could anybody on the list with recent experience with IronMail [1] in > >>> an ISP setting give me their impressions? If there is interest, I > >>> will summarize to the list. > >>> > >> Here is a summary of all the responses I received regarding experience > >> with IronMail: > >> > >> > >> > >> > >> Thanks to all who replied. ;-) It should be an interesting > >> conversation with the SecureComputing salesman. > >> > >> > >> Leland > >> [1] http://www.securecomputing.com/index.cfm?skey=1612 > >> > > I'm surprised you didn't get at least one "I dumped|switched|left it for > > MailScanner" > > I guess they are used in environments where the admin hardly is any > better then a smart user. I notice their tags sometimes when I get hit > by spam or misconfigured systems. > > Not exactly the way they might want to advertise their product. ;-) > > Hugo. > I only know of it from my neighbour (who happen to work at the institute next door from us... Commute 80 km to work, and find your next-door neighbour is your next-door neighbour at work too:-). For them it seems to do a pretty bad job, but ... that is more or less a non-technical users view of things... So I didn't want to say anything about it to Leland. Hear-say would be another way to put it:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Wed Oct 17 22:21:31 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 17 22:21:42 2007 Subject: building on Red Hat EL v 5 In-Reply-To: <8f54b4330710171257i38102b0elbe38a8150dd794db@mail.gmail.com> References: <471641C0.5050200@ecs.soton.ac.uk> <47164C07.4050207@vanderkooij.org> <7EF0EE5CB3B263488C8C18823239BEBA03CF1B@HC-MBX02.herefordshire.gov.uk> <471659BD.3080408@cegep-ste-foy.qc.ca> <471661FA.9070803@vanderkooij.org> <8f54b4330710171257i38102b0elbe38a8150dd794db@mail.gmail.com> Message-ID: on 10/17/2007 12:57 PM Nathan Olson spake the following: > I've mentioned multiple times that I have spec files for all the MailScanner > and SpamAssassin RPMs needed to install MS + SA by hand while > working with RHEL5's included Perl components. > No one seems to care. > > Anyone that upgrades production mail systems automatically > deserves what they get. > > Nate > Want to contribute them to the wiki? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Oct 17 22:36:12 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 17 22:36:28 2007 Subject: Debug on a production server In-Reply-To: <223f97700710171411h585abc31t89515654c319474f@mail.gmail.com> References: <20071011110924.GE2121@ubuntu> <470E733F.8040800@syska.dk> <470E89DC.2040808@syska.dk> <470F2E97.1010508@ecs.soton.ac.uk> <4715D31A.9070109@ecs.soton.ac.uk> <223f97700710171411h585abc31t89515654c319474f@mail.gmail.com> Message-ID: on 10/17/2007 2:11 PM Glenn Steen spake the following: > On 17/10/2007, Scott Silva wrote: >> on 10/17/2007 2:17 AM Julian Field spake the following: > (snip) >>> I'll leave all the old stuff up there for as long as you need it, don't >>> worry. >>> Many thanks for your help, >>> >> I DL'd a copy so I can look through it on my lappy. A lot of it is very old >> (anybody need to run MailScanner on RedHat 9?). >> > Oh no... Haven't you been reading the list Scott? There actually are > people still doing that...:-). I still see mention of RedHat 7.3 ... Has to be a manual patching nightmare by now. Franken-Distro? ". . . the companions of our childhood always possess a certain power over our minds which hardly any later friend can obtain." > When I get another day of the week (8 day weeks ... sounds ... > tempting, provided it is one more weekend day...:-) I'll be able to > offer to help. Those come after the 32 hour days! > When last I looked at the faq-o-matic things, there simply was a huge > part that was more or less dated, and a lot that I couldn't say for > sure was... useless historical rubbish. And then there was a few pages > that seemed worthwhile. Most of those _should_ be in the wiki already, > but perhaps in a slightly different guise... So do search the wiki > before expending to much effort on any given topic/page. > Anyway, it's about time someone does this hard work, so a big THANK > YOU pal for starting it. > > Cheers There are several links into the old faq-o-matic that I was going to fix up. Some content in the wiki is similar, or more current, and I just linked to that. I can only do a little bit a day, as I was trying to do some today, and handling my normal (l)user calls, and the edit page kept warning me that I wasn't paying enough attention to it. (I think I need some more comma's in that last sentence... time for coffee!) So I just make small changes and preview and save so as to not lose my place. I see some others have already been cleaning up behind me, such as the Solaris equivalent of tmpfs mounting. (Thanks Peter!) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Wed Oct 17 22:55:33 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 17 22:55:49 2007 Subject: building on Red Hat EL v 5 In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA03CF1E@HC-MBX02.herefordshire.gov.uk> References: <471641C0.5050200@ecs.soton.ac.uk> <47164C07.4050207@vanderkooij.org><7EF0EE5CB3B263488C8C18823239BEBA03CF1B@HC-MBX02.herefordshire.gov.uk> <471659BD.3080408@cegep-ste-foy.qc.ca> <7EF0EE5CB3B263488C8C18823239BEBA03CF1E@HC-MBX02.herefordshire.gov.uk> Message-ID: <471684D5.1020307@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Randal, Phil wrote: > Auto-updates was one of my concerns. > > But there is still the issue of which is the right approach? > Update config files saving a copy of the originals, or not updating > and requiring a manual process? > > Maybe we should have a poll of how many on this list install and > run the upgrade scripts without batting an eyelid? > > I certainly do. And surely it would be worth investing a bit of > time (if that's needed) to make the upgrade process simple and > "fool" proof? > > There was an issue of the upgrade_languages_conf not creating a > languages.new file if nothing changed, resulting in a bit of a > disaster if there wasn't already a languages.new file and you > blindly copied languages.new over languages.conf. I have improved upgrade_MailScanner_conf and upgrade_languages_conf so that this no longer causes a problem. If there is no .rpmnew file (as given in the example command-line the script tells you to type), then the .conf file is output to the .new file, so you can blindly copy the .new over your .conf without any problems arising. New script attached. Gunzip it and copy it to /usr/sbin/upgrade_MailScanner_conf and the upgrade_languages_conf will pick it up automatically. Please give it a try and confirm it works okay for you. Jules. > -----Original Message----- From: > mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Charles Lacroix Sent: 17 October 2007 19:52 To: MailScanner > discussion Subject: Re: building on Red Hat EL v 5 > > > Can't we echo a message saying "Don't forget to upgrade your config > and language" but then again some people run auto-updates :( > > Would it break anthing if we force ran them in the %post of the rpm > and keep a .rpmsave/timestamp of the config files. > > I'm interested in this discution as I'll be pushing rhel clone to > production soon and i hate to keep -devel packages installed on my > machines. > > later, charles > > > > > Randal, Phil a ?crit : >> Hugo, >> >> I think it's time to repeat my original concerns about putting >> MailScanner on rpmforge. >> >> I'm not against it at all, it's a fab idea, but.... >> >> Users will expect (and in my opinion rightfully so) "yum update" >> to do the right thing. That is, update MailScanner and any >> dependencies and restart MailScanner. >> >> Now, at the moment we have two obstacles to that: >> >> upgrade_MailScanner_conf and upgrade_languages_conf. >> >> I for one would vote for the default MailScanner install doing >> this automatically and creating .rpmsave copies of the previous >> .conf files. >> >> Comments anyone? >> >> Phil -----Original Message----- From: >> mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> Hugo van der Kooij Sent: 17 October 2007 18:53 To: MailScanner >> discussion Subject: Re: building on Red Hat EL v 5 >> > Julian Field wrote: > > >>>> But they are needed on things other than RHEL5. What's the >>>> best way of detecting RHEL5 and all its clones? >>>> > $ cat /etc/redhat-release CentOS release 5 (Final) > > > I have just asked if anyone is working on MailScanner for rpmforge. > If no one is doing so I will give it a shot. > > Hugo. > Jules - -- Julian Field MBCS CITP jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHFoTUEfZZRxQVtlQRAudNAJ9qZMno6wyHwi4PxqM7boetnCP7CQCeN/O5 NRTjja+tKAtiwB5lK3OoCBs= =gHha -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -------------- next part -------------- A non-text attachment was scrubbed... Name: upgrade_MailScanner_conf.gz Type: application/gzip Size: 3389 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071017/70c2f043/upgrade_MailScanner_conf.bin From MailScanner at ecs.soton.ac.uk Wed Oct 17 23:06:13 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 17 23:06:28 2007 Subject: building on Red Hat EL v 5 In-Reply-To: References: <1192487411.8445.16.camel@lin-workstation.azapple.com> <1192632861.32761.4.camel@lin-workstation.azapple.com> <471641C0.5050200@ecs.soton.ac.uk> <47164C07.4050207@vanderkooij.org> <47164E06.40903@USherbrooke.ca> Message-ID: <47168755.4010209@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 But on Fedora 6, do I need to force installation of any of the Perl modules, or not? Attached is a new install.sh (gzipped), which should solve the --force issue for RHEL 5 and CentOS 5. On Fedora systems it works just the same as it did before (i.e. it will --force the installation of some of the Perl modules like it always has done in the past). Please check it works okay for you! Anthony Cartmell wrote: > cat /etc/redhat-release Fedora Core release 6 (Zod) > > Anthony Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHFodTEfZZRxQVtlQRAjMqAJwODeS/anquhLf0yIljmhO4N9fnBgCgoC2d gVNg8KYSYdYPWTscDAWKkEQ= =TU4H -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -------------- next part -------------- A non-text attachment was scrubbed... Name: install.sh.gz Type: application/gzip Size: 5237 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071017/318e052e/install.sh-0001.bin From MailScanner at ecs.soton.ac.uk Wed Oct 17 23:10:13 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 17 23:10:28 2007 Subject: MCP info In-Reply-To: <20071017205813.M60914@yatta-it.com> References: <20071016095844.M98551@yatta-it.com> <20071017205813.M60914@yatta-it.com> Message-ID: <47168845.1020702@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Phil wrote: > Sorry.. I don't understand what you're telling me. > > I think to know everything you point out, but I need a guide to > write down rules... where I could find spamassassin regular > expression documentations? SpamAssassin uses standard Perl regular expressions. Any decent book on Perl will document these. There is also an entire O'Reilly book devoted to the issue of regular expressions. I recommend the O'Reilly 3rd edition of "Programming Perl". You can buy the whole series of books on a CD (with a paper copy of the excellent "Perl In A Nutshell") from O'Reilly too, it's called something like the "Perl Bookshelf". > > Phil > > > ---------- Original Message ----------- From: Scott Silva > To: mailscanner@lists.mailscanner.info Sent: > Tue, 16 Oct 2007 08:11:08 -0700 Subject: Re: MCP info > >> on 10/16/2007 3:03 AM Phil spake the following: >>> Hi all, >>> >>> I'm using MCP to have the best filter from MS. >>> >>> I use only two methods to catch them >>> >>> >>> header RULE1 Subject =~ /wrote\:/i describe RULE1 >>> Banned Subject "wrote:" score RULE1 4 >>> >>> body RULE2 /An incredible announcement/i describe RULE2 >>> Banned Body "An incredible announcement" score RULE2 4 >>> >>> >>> Anyone have hints about keywords to use MCP in a better way? >>> >>> I search internet to find out the documentation of that CF file >>> but I did'n have success... >>> >>> many Thanks >>> >>> Phil >>> >> MCP is more of a local ruleset. It would be different for every >> site. Some sites might want to stop different things than others. >> Since it spawns another spamassassin process for MCP, you want >> to only use it to catch stuff that you can't get with regular >> spamassassin rules. >> >> You can use any rules you would set in regular spamassassin, but >> with the new rules action commands that Julian added, you can >> probably do the same thing in your regular spamassassin process >> and save the extra spamassassin fork. >> >> -- MailScanner is like deodorant... You hope everybody uses it, >> and you notice quickly if they don't!!!! >> >> -- MailScanner mailing list mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > ------- End of Original Message ------- > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHFohDEfZZRxQVtlQRAvroAJ0Q4HF6dv9fC3/TLWeG46JdP1ThwgCg+mOQ RX0kmLo03V8xS5uaq8reRdE= =3sdX -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Wed Oct 17 23:11:16 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 17 23:11:34 2007 Subject: Bug evaluating rulesets with the MailScanner command? In-Reply-To: <223f97700710171403h37456cf2jf38948567f608103@mail.gmail.com> References: <223f97700710160459j61e0c950ve2e023f823e147df@mail.gmail.com> <7EF0EE5CB3B263488C8C18823239BEBA01E04E0E@HC-MBX02.herefordshire.gov.uk> <223f97700710160645u667fc98flda278781765a122f@mail.gmail.com> <4716239C.70303@ecs.soton.ac.uk> <223f97700710171403h37456cf2jf38948567f608103@mail.gmail.com> Message-ID: <47168884.2030806@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: > On 17/10/2007, Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> I've just fixed this problem, it will be in the next release. > > Thanks! Might one ask what all that was about? Er, no :-) > Or will it be obvious when one sees the code?:-) Possibly, but I wouldn't guarantee it... :-) > >> Glenn Steen wrote: >>> On 16/10/2007, Randal, Phil >>> wrote: >>> >>>> #MailScanner --value=virusscanning --from=glenn.steen@ap1.se >>>> --to=glenn.steen@ap1.se --ip=172.16.0.1 Can't call method >>>> "DFileName" on an undefined value at >>>> /usr/lib/MailScanner/MailScanner/SMDiskStore.pm line 90. >>>> >>>> # MailScanner --lint Checking version numbers... Version >>>> number in MailScanner.conf (4.64.3) is correct. >>>> >>>> Yup, it's still broken. >>>> >>>> I mentioned this on the list not that long ago, to zero >>>> response. >>>> >>>> Cheers, >>>> >>>> Phil >>>> >>>> >>> Thanks Phil, for the confirmation, and sorry for missing your >>> earlier report. >>> >>> Jules, could you please have a look? This is (IMO) a nifty >>> thing, when debugging rulesets... >>> >>> Cheers >>> >> Jules >> > > Cheers Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHFoiDEfZZRxQVtlQRAmMLAKD9VCMmepCyeVQWrSFViiC3CXJ4AgCgjCqV VoEah9UX/HlQKB2DfshOaxQ= =o+mr -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From hden at kcbbs.gen.nz Thu Oct 18 01:31:59 2007 From: hden at kcbbs.gen.nz (Hendrik den Hartog) Date: Thu Oct 18 01:11:30 2007 Subject: Adding RBLs to sendmail In-Reply-To: <47164C07.4050207@vanderkooij.org> References: <1192487411.8445.16.camel@lin-workstation.azapple.com> <1192632861.32761.4.camel@lin-workstation.azapple.com> <471641C0.5050200@ecs.soton.ac.uk> <47164C07.4050207@vanderkooij.org> Message-ID: <20071018003159.GA7635@mew.kcbbs.gen.nz> Hello Apologies for this simple request for help, but the result would help us tweak our MailScanner/Sendmail setup. I note advice about adding RBLs to sendmail, e.g. from a post by Denis Beauchemin, FEATURE(`dnsbl',`safe.dnsbl.sorbs.net',`"554 Rejected " $&{client_addr} " found in safe.dnsbl.sorbs.net"')dnl FEATURE(`dnsbl',`cbl.abuseat.org',`"554 Rejected " $&{client_addr} " found in cbl.abuseat.org"')dnl What I'd like to know is what is the minimum version sendmail I can add entries like this to? Any advice, links, etc, appreciated... Cheers! Dave From penguin at dhcp.net Thu Oct 18 01:32:20 2007 From: penguin at dhcp.net (A. Eijkhoudt) Date: Thu Oct 18 01:32:43 2007 Subject: Adding RBLs to sendmail In-Reply-To: <20071018003159.GA7635@mew.kcbbs.gen.nz> References: <1192487411.8445.16.camel@lin-workstation.azapple.com> <1192632861.32761.4.camel@lin-workstation.azapple.com> <471641C0.5050200@ecs.soton.ac.uk> <47164C07.4050207@vanderkooij.org> <20071018003159.GA7635@mew.kcbbs.gen.nz> Message-ID: <4716A994.6040307@dhcp.net> Hi Hendrik, This feature has actually been in Sendmail for a very long time - at least since 2001, judging from a quick Google search. Additionally, you might consider adding these as well; we use quite an extensive sendmail.mc with lots of additional milters for SPF, ClamAV, SpamAssassin... FEATURE(`dnsbl', `relays.ordb.org', `"554 Rejected " $&{client_addr} " found in relays.ordb.org"')dnl FEATURE(`dnsbl', `bl.spamcop.net', `"554 Rejected " $&{client_addr} " found in bl.spamcop.net"')dnl FEATURE(`dnsbl', `sbl.spamhaus.org', `"554 Rejected " $&{client_addr} " found in sbl.spamhaus.org/"')dnl FEATURE(`dnsbl', `chinanet.blackholes.us', `"554 Rejected " $&{client_addr} " found in chinanet.blackholes.us"')dnl Regards, A. Eijkhoudt Hendrik den Hartog wrote: > Hello > > Apologies for this simple request for help, but the result would > help us tweak our MailScanner/Sendmail setup. > > I note advice about adding RBLs to sendmail, e.g. > from a post by Denis Beauchemin, > > FEATURE(`dnsbl',`safe.dnsbl.sorbs.net',`"554 Rejected " $&{client_addr} > " found in safe.dnsbl.sorbs.net"')dnl > FEATURE(`dnsbl',`cbl.abuseat.org',`"554 Rejected " $&{client_addr} " > found in cbl.abuseat.org"')dnl > > What I'd like to know is what is the minimum version sendmail I > can add entries like this to? > Any advice, links, etc, appreciated... > > Cheers! > Dave > > From brose at med.wayne.edu Thu Oct 18 01:38:53 2007 From: brose at med.wayne.edu (Rose, Bobby) Date: Thu Oct 18 01:39:05 2007 Subject: Adding RBLs to sendmail In-Reply-To: <4716A994.6040307@dhcp.net> References: <1192487411.8445.16.camel@lin-workstation.azapple.com> <1192632861.32761.4.camel@lin-workstation.azapple.com> <471641C0.5050200@ecs.soton.ac.uk> <47164C07.4050207@vanderkooij.org><20071018003159.GA7635@mew.kcbbs.gen.nz> <4716A994.6040307@dhcp.net> Message-ID: <8F2A53954C22554EB75D9643FCCE0C6B05757AFE@MED-CORE03-MS1.med.wayne.edu> Ordb? How can you be successfully be using that since it shut down about a year ago? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of A. Eijkhoudt Sent: Wednesday, October 17, 2007 8:32 PM To: MailScanner discussion Subject: Re: Adding RBLs to sendmail Hi Hendrik, This feature has actually been in Sendmail for a very long time - at least since 2001, judging from a quick Google search. Additionally, you might consider adding these as well; we use quite an extensive sendmail.mc with lots of additional milters for SPF, ClamAV, SpamAssassin... FEATURE(`dnsbl', `relays.ordb.org', `"554 Rejected " $&{client_addr} " found in relays.ordb.org"')dnl FEATURE(`dnsbl', `bl.spamcop.net', `"554 Rejected " $&{client_addr} " found in bl.spamcop.net"')dnl FEATURE(`dnsbl', `sbl.spamhaus.org', `"554 Rejected " $&{client_addr} " found in sbl.spamhaus.org/"')dnl FEATURE(`dnsbl', `chinanet.blackholes.us', `"554 Rejected " $&{client_addr} " found in chinanet.blackholes.us"')dnl Regards, A. Eijkhoudt Hendrik den Hartog wrote: > Hello > > Apologies for this simple request for help, but the result would > help us tweak our MailScanner/Sendmail setup. > > I note advice about adding RBLs to sendmail, e.g. > from a post by Denis Beauchemin, > > FEATURE(`dnsbl',`safe.dnsbl.sorbs.net',`"554 Rejected " $&{client_addr} > " found in safe.dnsbl.sorbs.net"')dnl > FEATURE(`dnsbl',`cbl.abuseat.org',`"554 Rejected " $&{client_addr} " > found in cbl.abuseat.org"')dnl > > What I'd like to know is what is the minimum version sendmail I > can add entries like this to? > Any advice, links, etc, appreciated... > > Cheers! > Dave > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From penguin at dhcp.net Thu Oct 18 01:52:07 2007 From: penguin at dhcp.net (A. Eijkhoudt) Date: Thu Oct 18 01:52:12 2007 Subject: Adding RBLs to sendmail In-Reply-To: <8F2A53954C22554EB75D9643FCCE0C6B05757AFE@MED-CORE03-MS1.med.wayne.edu> References: <1192487411.8445.16.camel@lin-workstation.azapple.com> <1192632861.32761.4.camel@lin-workstation.azapple.com> <471641C0.5050200@ecs.soton.ac.uk> <47164C07.4050207@vanderkooij.org><20071018003159.GA7635@mew.kcbbs.gen.nz> <4716A994.6040307@dhcp.net> <8F2A53954C22554EB75D9643FCCE0C6B05757AFE@MED-CORE03-MS1.med.wayne.edu> Message-ID: <4716AE37.3060506@dhcp.net> Doh! It's a leftover actually, hadn't noticed it on the machine I copied and pasted from :o) We snipped it out of the mc/cf on other machines already... It doesn't actually prevent things from working so we never noticed it either (because it doesn't error or warn)...! The rest is fine though. Rose, Bobby wrote: > Ordb? How can you be successfully be using that since it shut down > about a year ago? From mailscanner at PDSCC.COM Thu Oct 18 06:07:05 2007 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Thu Oct 18 06:07:08 2007 Subject: attach disclaimer to outgoing email Message-ID: <200710180507.l9I574Wb006532@sinclaire.sibble.net> I'm having a brain furt and can't remember the name of the feature I need to implement. Client wants some text added to all outgoing messages, you know the one, "this is a privleged communication, if it's not addressed to you delete it without reading" blah blah blah. What's that feature called in MS? I went throught the MailScanner.conf file and I see there are ways to append after spam and virus scans, but don't see a way to just append to all outgoing messages in general, The client's calling this an endnote, but that's not quite the right term, can someone help me out here. I know MS can do this, I just don't remember what it's called, so can't look up how to implement it... :-( Thanks. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From p_ugyel at telecom.net.bt Thu Oct 18 07:43:00 2007 From: p_ugyel at telecom.net.bt (Phuntsho Ugyel) Date: Thu Oct 18 07:43:07 2007 Subject: Postfix, Mail Scanner and Mailscanner-mrtg Message-ID: <47170074.1040106@telecom.net.bt> Hi Am running postfix and would really like to have an mrtg graph of mails, spams etc that is being processed by my mail server. I generally try not to flood mailing lists but i could not find anything when trying to google. So here are the doubts that i have. 1. Can mailscanner-mrtg be used on a mail server running postfix? if yes, any documentations? 2. Does the mailscanner-mrtg and postfix have to be on the same server? Can they be on different machines? [would like them to be on different machines] If it is not possible, then could someone please suggest an alternative. Thanking you in advance Phuntsho From hvdkooij at vanderkooij.org Thu Oct 18 08:10:24 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Oct 18 08:10:57 2007 Subject: building on Red Hat EL v 5 In-Reply-To: <8f54b4330710171257i38102b0elbe38a8150dd794db@mail.gmail.com> References: <471641C0.5050200@ecs.soton.ac.uk> <47164C07.4050207@vanderkooij.org> <7EF0EE5CB3B263488C8C18823239BEBA03CF1B@HC-MBX02.herefordshire.gov.uk> <471659BD.3080408@cegep-ste-foy.qc.ca> <471661FA.9070803@vanderkooij.org> <8f54b4330710171257i38102b0elbe38a8150dd794db@mail.gmail.com> Message-ID: <471706E0.40507@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nathan Olson wrote: > I've mentioned multiple times that I have spec files for all the MailScanner > and SpamAssassin RPMs needed to install MS + SA by hand while > working with RHEL5's included Perl components. > No one seems to care. Can you send me the SPEC files and I start working with DAG on getting them in rpmforge. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD4DBQFHFwbeBvzDRVjxmYERAtB0AJ0WwWZT4BI979bspgsm4AMQasqm8wCXbBB2 rCExrEgxHtrqolW/gm0CLA== =jSqc -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Thu Oct 18 08:13:20 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Oct 18 08:13:56 2007 Subject: Adding RBLs to sendmail In-Reply-To: <20071018003159.GA7635@mew.kcbbs.gen.nz> References: <1192487411.8445.16.camel@lin-workstation.azapple.com> <1192632861.32761.4.camel@lin-workstation.azapple.com> <471641C0.5050200@ecs.soton.ac.uk> <47164C07.4050207@vanderkooij.org> <20071018003159.GA7635@mew.kcbbs.gen.nz> Message-ID: <47170790.3060304@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hendrik den Hartog wrote: > Hello > > Apologies for this simple request for help, but the result would > help us tweak our MailScanner/Sendmail setup. Please use a new message and not a reply to a non-relevant thread. It really makes a mess of threads. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHFweOBvzDRVjxmYERAk9SAKCRjs+hCleHE+tqHeKf/l/H5qQK9QCfdN0f ncy71n785FE96NuwqqJyI40= =1vXT -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Thu Oct 18 08:18:32 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Oct 18 08:18:59 2007 Subject: attach disclaimer to outgoing email In-Reply-To: <200710180507.l9I574Wb006532@sinclaire.sibble.net> References: <200710180507.l9I574Wb006532@sinclaire.sibble.net> Message-ID: <471708C8.5080001@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Harondel J. Sibble wrote: > I'm having a brain furt and can't remember the name of the feature I need to > implement. Client wants some text added to all outgoing messages, you know > the one, "this is a privleged communication, if it's not addressed to you > delete it without reading" blah blah blah. http://www.google.nl/search?q=mailscanner+disclaimer But I never understood these disclaimers. By the time I get to them I read the whole thing. Some are absurdly long as well. (The record is 68 lines.) One of the best was about a single line long. A simple translation from Dutch to English would be: "If you received this message in error please notify the sender and remove the message." Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHFwjGBvzDRVjxmYERAsEwAKCNXg9flA/6+eIUwIV5jpCQEUgVvQCeI9zN 7fwJUMWQlCnp3N8w2zVaH6I= =yipg -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Thu Oct 18 08:20:22 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Oct 18 08:20:40 2007 Subject: Postfix, Mail Scanner and Mailscanner-mrtg In-Reply-To: <47170074.1040106@telecom.net.bt> References: <47170074.1040106@telecom.net.bt> Message-ID: <47170936.6000504@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Phuntsho Ugyel wrote: > Hi > Am running postfix and would really like to have an mrtg graph of mails, > spams etc that is being processed by my mail server. Say no more. You want mailgraph! http://mailgraph.schweikert.ch/ BTW: it also works with sendmail, ...... Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHFwk0BvzDRVjxmYERAsy1AJ9GKGAss6rSk/9krJJJJtePFVUn5gCggUJK imDfjFos2mbGlrcMmwNuQGQ= =Gq1S -----END PGP SIGNATURE----- From chris at clh.org.uk Thu Oct 18 08:22:55 2007 From: chris at clh.org.uk (Chris Hardy) Date: Thu Oct 18 08:23:09 2007 Subject: attach disclaimer to outgoing email In-Reply-To: <200710180507.l9I574Wb006532@sinclaire.sibble.net> References: <200710180507.l9I574Wb006532@sinclaire.sibble.net> Message-ID: <471709CF.8080401@clh.org.uk> Morning :) The option you're looking for is : Inline HTML Signature Inline Text Signature Put your info into those - in the appropriate format (HTML and plain text) and they'll be added to all emails in an out You also need to set 'Sign Clean Messages' to yes for it to work You could write a ruleset so that outgoings are tagged with one message, and incomings are with another if you want to be clever :) HTH chris Harondel J. Sibble wrote: > I'm having a brain furt and can't remember the name of the feature I need to > implement. Client wants some text added to all outgoing messages, you know > the one, "this is a privleged communication, if it's not addressed to you > delete it without reading" blah blah blah. > > What's that feature called in MS? I went throught the MailScanner.conf file > and I see there are ways to append after spam and virus scans, but don't see > a way to just append to all outgoing messages in general, The client's > calling this an endnote, but that's not quite the right term, can someone > help me out here. I know MS can do this, I just don't remember what it's > called, so can't look up how to implement it... :-( > > Thanks. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From support-lists at petdoctors.co.uk Thu Oct 18 09:51:03 2007 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu Oct 18 09:56:33 2007 Subject: mp3 spam? Message-ID: <012e01c81164$03f3f2e0$3c65a8c0@support01> Hi, I have just received my first junk mail with a (claimed to be) mp3 file attached - are users expected to listen to the spam now!? mp3s now blocked! Nigel From p_ugyel at telecom.net.bt Thu Oct 18 10:02:57 2007 From: p_ugyel at telecom.net.bt (Phuntsho Ugyel) Date: Thu Oct 18 10:03:10 2007 Subject: Postfix, Mail Scanner and Mailscanner-mrtg In-Reply-To: <47170936.6000504@vanderkooij.org> References: <47170074.1040106@telecom.net.bt> <47170936.6000504@vanderkooij.org> Message-ID: <47172141.4020803@telecom.net.bt> Looking no further than mail graph as it seems the tool that i need. However, l could you tell me if it is possible to install it on another server (say network monitor server) rather than installing it on my mail server? If yes, how? -Phuntsho Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Phuntsho Ugyel wrote: > >> Hi >> Am running postfix and would really like to have an mrtg graph of mails, >> spams etc that is being processed by my mail server. >> > > Say no more. You want mailgraph! > http://mailgraph.schweikert.ch/ > > BTW: it also works with sendmail, ...... > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFHFwk0BvzDRVjxmYERAsy1AJ9GKGAss6rSk/9krJJJJtePFVUn5gCggUJK > imDfjFos2mbGlrcMmwNuQGQ= > =Gq1S > -----END PGP SIGNATURE----- > From ajcartmell at fonant.com Thu Oct 18 10:09:58 2007 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Thu Oct 18 10:10:05 2007 Subject: building on Red Hat EL v 5 In-Reply-To: <47168755.4010209@ecs.soton.ac.uk> References: <1192487411.8445.16.camel@lin-workstation.azapple.com> <1192632861.32761.4.camel@lin-workstation.azapple.com> <471641C0.5050200@ecs.soton.ac.uk> <47164C07.4050207@vanderkooij.org> <47164E06.40903@USherbrooke.ca> <47168755.4010209@ecs.soton.ac.uk> Message-ID: > But on Fedora 6, do I need to force installation of any of the Perl > modules, or not? Since I haven't had any problems with either MailScanner or Perl on FC6, I'm assuming that all is OK. But I'm no Perl guru, I'm afraid, so am unsure of the consequences... Cheers! Anthony -- www.fonant.com - Quality web sites From hvdkooij at vanderkooij.org Thu Oct 18 10:17:50 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Oct 18 10:18:20 2007 Subject: Postfix, Mail Scanner and Mailscanner-mrtg In-Reply-To: <47172141.4020803@telecom.net.bt> References: <47170074.1040106@telecom.net.bt> <47170936.6000504@vanderkooij.org> <47172141.4020803@telecom.net.bt> Message-ID: <471724BE.8050201@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Phuntsho Ugyel wrote: > Looking no further than mail graph as it seems the tool that i need. > However, l could you tell me if it is possible to install it on another > server (say network monitor server) rather than installing it on my mail > server? If yes, how? If you can figure out how you get the logs from server A on server B you should be able to make this work. I guess have server A send everything with syslog messages to server B would take of that in realtime. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHFyS7BvzDRVjxmYERAnUYAJ9BXd0AeRSf8QCG8p7WxB1quE+uFgCfTACs fP+bNOryJvgCH7UtOX0TfCQ= =q56L -----END PGP SIGNATURE----- From p_ugyel at telecom.net.bt Thu Oct 18 10:25:33 2007 From: p_ugyel at telecom.net.bt (Phuntsho Ugyel) Date: Thu Oct 18 10:25:39 2007 Subject: Postfix, Mail Scanner and Mailscanner-mrtg In-Reply-To: <471724BE.8050201@vanderkooij.org> References: <47170074.1040106@telecom.net.bt> <47170936.6000504@vanderkooij.org> <47172141.4020803@telecom.net.bt> <471724BE.8050201@vanderkooij.org> Message-ID: <4717268D.2010603@telecom.net.bt> Thanks a lot for the clue Hugo... Now will work on it as i now know how to start -Phuntsho Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Phuntsho Ugyel wrote: > >> Looking no further than mail graph as it seems the tool that i need. >> However, l could you tell me if it is possible to install it on another >> server (say network monitor server) rather than installing it on my mail >> server? If yes, how? >> > > If you can figure out how you get the logs from server A on server B you > should be able to make this work. > > I guess have server A send everything with syslog messages to server B > would take of that in realtime. > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFHFyS7BvzDRVjxmYERAnUYAJ9BXd0AeRSf8QCG8p7WxB1quE+uFgCfTACs > fP+bNOryJvgCH7UtOX0TfCQ= > =q56L > -----END PGP SIGNATURE----- > From glenn.steen at gmail.com Thu Oct 18 12:08:45 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Oct 18 12:08:51 2007 Subject: Bug evaluating rulesets with the MailScanner command? In-Reply-To: <47168884.2030806@ecs.soton.ac.uk> References: <223f97700710160459j61e0c950ve2e023f823e147df@mail.gmail.com> <7EF0EE5CB3B263488C8C18823239BEBA01E04E0E@HC-MBX02.herefordshire.gov.uk> <223f97700710160645u667fc98flda278781765a122f@mail.gmail.com> <4716239C.70303@ecs.soton.ac.uk> <223f97700710171403h37456cf2jf38948567f608103@mail.gmail.com> <47168884.2030806@ecs.soton.ac.uk> Message-ID: <223f97700710180408q68bb020w558dea298cd73806@mail.gmail.com> On 18/10/2007, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Glenn Steen wrote: > > On 17/10/2007, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > >> > >> I've just fixed this problem, it will be in the next release. > > > > Thanks! Might one ask what all that was about? > Er, no :-) Sounds like it was ... embarrassing:-) ... must find the time to look at that then...:-):-) > > Or will it be obvious when one sees the code?:-) > Possibly, but I wouldn't guarantee it... :-) Commenting on my code-reading skills, eh?;-) > > > >> Glenn Steen wrote: > >>> On 16/10/2007, Randal, Phil > >>> wrote: > >>> > >>>> #MailScanner --value=virusscanning --from=glenn.steen@ap1.se > >>>> --to=glenn.steen@ap1.se --ip=172.16.0.1 Can't call method > >>>> "DFileName" on an undefined value at > >>>> /usr/lib/MailScanner/MailScanner/SMDiskStore.pm line 90. > >>>> > >>>> # MailScanner --lint Checking version numbers... Version > >>>> number in MailScanner.conf (4.64.3) is correct. > >>>> > >>>> Yup, it's still broken. > >>>> > >>>> I mentioned this on the list not that long ago, to zero > >>>> response. > >>>> > >>>> Cheers, > >>>> > >>>> Phil > >>>> > >>>> > >>> Thanks Phil, for the confirmation, and sorry for missing your > >>> earlier report. > >>> > >>> Jules, could you please have a look? This is (IMO) a nifty > >>> thing, when debugging rulesets... > >>> > >>> Cheers > >>> > >> Jules > >> > > > > Cheers > > Jules > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Thu Oct 18 12:22:16 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Oct 18 12:22:36 2007 Subject: Bug evaluating rulesets with the MailScanner command? In-Reply-To: <223f97700710180408q68bb020w558dea298cd73806@mail.gmail.com> References: <223f97700710160459j61e0c950ve2e023f823e147df@mail.gmail.com> <7EF0EE5CB3B263488C8C18823239BEBA01E04E0E@HC-MBX02.herefordshire.gov.uk> <223f97700710160645u667fc98flda278781765a122f@mail.gmail.com> <4716239C.70303@ecs.soton.ac.uk> <223f97700710171403h37456cf2jf38948567f608103@mail.gmail.com> <47168884.2030806@ecs.soton.ac.uk> <223f97700710180408q68bb020w558dea298cd73806@mail.gmail.com> Message-ID: <471741E8.4070004@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: > On 18/10/2007, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Glenn Steen wrote: >> >>> On 17/10/2007, Julian Field wrote: >>> >>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>>> >>>> I've just fixed this problem, it will be in the next release. >>>> >>> Thanks! Might one ask what all that was about? >>> >> Er, no :-) >> > Sounds like it was ... embarrassing:-) > ... must find the time to look at that then...:-):-) > No, not at all. It's just very techy, and not easy to explain. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHF0HpEfZZRxQVtlQRAlBOAKDs0Vn9nakGtz2btoG/VBf1pZRrugCgw9wF NlYSpJdIgNSApRRbMBmUxw8= =9HIK -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From glenn.steen at gmail.com Thu Oct 18 12:36:02 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Oct 18 12:36:04 2007 Subject: Bug evaluating rulesets with the MailScanner command? In-Reply-To: <471741E8.4070004@ecs.soton.ac.uk> References: <223f97700710160459j61e0c950ve2e023f823e147df@mail.gmail.com> <7EF0EE5CB3B263488C8C18823239BEBA01E04E0E@HC-MBX02.herefordshire.gov.uk> <223f97700710160645u667fc98flda278781765a122f@mail.gmail.com> <4716239C.70303@ecs.soton.ac.uk> <223f97700710171403h37456cf2jf38948567f608103@mail.gmail.com> <47168884.2030806@ecs.soton.ac.uk> <223f97700710180408q68bb020w558dea298cd73806@mail.gmail.com> <471741E8.4070004@ecs.soton.ac.uk> Message-ID: <223f97700710180436m4668172ev43ca3b68471b09d7@mail.gmail.com> On 18/10/2007, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Glenn Steen wrote: > > On 18/10/2007, Julian Field wrote: > > > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> > >> > >> Glenn Steen wrote: > >> > >>> On 17/10/2007, Julian Field wrote: > >>> > >>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > >>>> > >>>> I've just fixed this problem, it will be in the next release. > >>>> > >>> Thanks! Might one ask what all that was about? > >>> > >> Er, no :-) > >> > > Sounds like it was ... embarrassing:-) > > ... must find the time to look at that then...:-):-) > > > No, not at all. It's just very techy, and not easy to explain. > > Jules > Ah. Glad you explained that to .... this un-techy-like-feeling type:-):-) BTW, did you ever get the camera book from amazon? I don't seem to have gotten any receipt from them... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Amelein at dantumadeel.nl Thu Oct 18 13:24:34 2007 From: Amelein at dantumadeel.nl (Amelein@dantumadeel.nl) Date: Thu Oct 18 13:24:52 2007 Subject: Betr.: mp3 spam? In-Reply-To: <012e01c81164$03f3f2e0$3c65a8c0@support01> References: <012e01c81164$03f3f2e0$3c65a8c0@support01> Message-ID: <47176CA2.BDBC.008E.3@Dantumadeel.nl> I've seen these also since this morning, i first thought it was some kind of exploit in media files so I opened the mp3 on a linux machine. After that we spent about 30 minutes in amusement trying to figure out what was being said, in the end we concluded that the person speaking was either 15 years old or a woman. MP3's were allready blocked here. - Arjan >>> "Nigel Kendrick" 18-10-2007 10:51 >>> Hi, I have just received my first junk mail with a (claimed to be) mp3 file attached - are users expected to listen to the spam now!? mp3s now blocked! Nigel -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ************************************************************************** De inhoud van deze e-mail is uitsluitend bestemd voor de geadresseerde(n). Wanneer de e-mail ten onrechte bij u terecht is gekomen, wordt u verzocht contact op te nemen met de afzender. Gebruik van de inhoud van deze e-mail zonder toestemming van de afzender is niet toegestaan en onrechtmatig. Aan de inhoud van deze e-mail kunnen geen rechten worden ontleend. De gemeente Dantumadeel sluit iedere aansprakelijkheid uit die kan voortvloeien uit de inhoud van deze e-mail. DENK AAN ONS MILIEU VOORDAT U BESLUIT OM DEZE E-MAIL TE PRINTEN! ************************************************************************** From glenn.steen at gmail.com Thu Oct 18 13:52:17 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Oct 18 13:52:22 2007 Subject: Betr.: mp3 spam? In-Reply-To: <47176CA2.BDBC.008E.3@Dantumadeel.nl> References: <012e01c81164$03f3f2e0$3c65a8c0@support01> <47176CA2.BDBC.008E.3@Dantumadeel.nl> Message-ID: <223f97700710180552q355f12e2hf6b1617f83174214@mail.gmail.com> On 18/10/2007, Amelein@dantumadeel.nl wrote: > I've seen these also since this morning, i first thought it was some kind of exploit in media files so I opened the mp3 on a linux machine. > After that we spent about 30 minutes in amusement trying to figure out what was being said, in the end we concluded that the person speaking was either 15 years old or a woman. > Oh? Strange language, or what? Post it somehwere for all our amusement:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Thu Oct 18 13:57:23 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Oct 18 13:57:44 2007 Subject: Bug evaluating rulesets with the MailScanner command? In-Reply-To: <223f97700710180436m4668172ev43ca3b68471b09d7@mail.gmail.com> References: <223f97700710160459j61e0c950ve2e023f823e147df@mail.gmail.com> <7EF0EE5CB3B263488C8C18823239BEBA01E04E0E@HC-MBX02.herefordshire.gov.uk> <223f97700710160645u667fc98flda278781765a122f@mail.gmail.com> <4716239C.70303@ecs.soton.ac.uk> <223f97700710171403h37456cf2jf38948567f608103@mail.gmail.com> <47168884.2030806@ecs.soton.ac.uk> <223f97700710180408q68bb020w558dea298cd73806@mail.gmail.com> <471741E8.4070004@ecs.soton.ac.uk> <223f97700710180436m4668172ev43ca3b68471b09d7@mail.gmail.com> Message-ID: <47175833.8060904@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: > On 18/10/2007, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Glenn Steen wrote: >> >>> On 18/10/2007, Julian Field wrote: >>> >>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> >>>> >>>> Glenn Steen wrote: >>>> >>>> >>>>> On 17/10/2007, Julian Field wrote: >>>>> >>>>> >>>>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>>>>> >>>>>> I've just fixed this problem, it will be in the next release. >>>>>> >>>>>> >>>>> Thanks! Might one ask what all that was about? >>>>> >>>>> >>>> Er, no :-) >>>> >>>> >>> Sounds like it was ... embarrassing:-) >>> ... must find the time to look at that then...:-):-) >>> >>> >> No, not at all. It's just very techy, and not easy to explain. >> >> Jules >> >> > Ah. Glad you explained that to .... this un-techy-like-feeling type:-):-) > > BTW, did you ever get the camera book from amazon? I don't seem to > have gotten any receipt from them... > Yes I did. Many thanks for that, it's been very useful. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHF1gzEfZZRxQVtlQRArdBAKCh+PAzWnZeoNLrxb/BnZR+d4WAXACeOB5E svboIBhG2X163gWvZWa3QZ4= =AKIy -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From support-lists at petdoctors.co.uk Thu Oct 18 14:10:48 2007 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu Oct 18 14:38:38 2007 Subject: mp3 spam? In-Reply-To: <012e01c81164$03f3f2e0$3c65a8c0@support01> Message-ID: <001501c81188$4d8d00d0$3c65a8c0@support01> I played the mp3 and it's an 'investor alert' done by a woman with her head in a bucket, wearing a dalek voice changer mask. Very professional. From glenn.steen at gmail.com Thu Oct 18 14:52:56 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Oct 18 14:52:58 2007 Subject: mp3 spam? In-Reply-To: <001501c81188$4d8d00d0$3c65a8c0@support01> References: <012e01c81164$03f3f2e0$3c65a8c0@support01> <001501c81188$4d8d00d0$3c65a8c0@support01> Message-ID: <223f97700710180652n6cce6e2al38b8700b2ad7887@mail.gmail.com> On 18/10/2007, Nigel Kendrick wrote: > I played the mp3 and it's an 'investor alert' done by a woman with her head > in a bucket, wearing a dalek voice changer mask. Very professional. > You felt the urge to invest, right immediate like, eh?:-):-) Alex Broens provided me with a few samples... "Idiotic" comes to mind...:) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From hvdkooij at vanderkooij.org Thu Oct 18 16:19:29 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Oct 18 16:19:53 2007 Subject: mp3 spam? In-Reply-To: <001501c81188$4d8d00d0$3c65a8c0@support01> References: <001501c81188$4d8d00d0$3c65a8c0@support01> Message-ID: <47177981.1050003@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nigel Kendrick wrote: > I played the mp3 and it's an 'investor alert' done by a woman with her head > in a bucket, wearing a dalek voice changer mask. Very professional. Jules: Can you ask the doctor to take care of these Daleks after he finished his cup of thea? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHF3mABvzDRVjxmYERApTTAJ9I5IyJJV+DPm/EveotzaQm7wCBogCcC21D 2iOBLoq/1vFqcmUlLimuf9U= =L6RG -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Thu Oct 18 16:21:08 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Oct 18 16:21:26 2007 Subject: mp3 spam? In-Reply-To: <223f97700710180652n6cce6e2al38b8700b2ad7887@mail.gmail.com> References: <012e01c81164$03f3f2e0$3c65a8c0@support01> <001501c81188$4d8d00d0$3c65a8c0@support01> <223f97700710180652n6cce6e2al38b8700b2ad7887@mail.gmail.com> Message-ID: <471779E4.80800@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: > On 18/10/2007, Nigel Kendrick wrote: >> I played the mp3 and it's an 'investor alert' done by a woman with her head >> in a bucket, wearing a dalek voice changer mask. Very professional. >> > You felt the urge to invest, right immediate like, eh?:-):-) > Alex Broens provided me with a few samples... "Idiotic" comes to mind...:) Can they be put up for public display? Just so we can have some fun. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHF3niBvzDRVjxmYERAjd2AKCyINBICwPmsKivfkXIKHVJ4k6MnwCgmCio dp/Eg/S6eYHBtBRWLlwQ+2g= =zif/ -----END PGP SIGNATURE----- From ka at pacific.net Thu Oct 18 16:37:39 2007 From: ka at pacific.net (Ken A) Date: Thu Oct 18 16:37:44 2007 Subject: mp3 spam? In-Reply-To: <471779E4.80800@vanderkooij.org> References: <012e01c81164$03f3f2e0$3c65a8c0@support01> <001501c81188$4d8d00d0$3c65a8c0@support01> <223f97700710180652n6cce6e2al38b8700b2ad7887@mail.gmail.com> <471779E4.80800@vanderkooij.org> Message-ID: <47177DC3.2040601@pacific.net> here she is. http://www.pacific.net/spam/deleteme/kellyrowland.mp3 Ken Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Glenn Steen wrote: >> On 18/10/2007, Nigel Kendrick wrote: >>> I played the mp3 and it's an 'investor alert' done by a woman with her head >>> in a bucket, wearing a dalek voice changer mask. Very professional. >>> >> You felt the urge to invest, right immediate like, eh?:-):-) >> Alex Broens provided me with a few samples... "Idiotic" comes to mind...:) > > Can they be put up for public display? Just so we can have some fun. > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFHF3niBvzDRVjxmYERAjd2AKCyINBICwPmsKivfkXIKHVJ4k6MnwCgmCio > dp/Eg/S6eYHBtBRWLlwQ+2g= > =zif/ > -----END PGP SIGNATURE----- -- Ken Anderson Pacific.Net From wick at bobwickline.com Thu Oct 18 16:54:41 2007 From: wick at bobwickline.com (Bob Wickline) Date: Thu Oct 18 16:56:13 2007 Subject: mp3 spam? In-Reply-To: <47177DC3.2040601@pacific.net> References: <012e01c81164$03f3f2e0$3c65a8c0@support01> <001501c81188$4d8d00d0$3c65a8c0@support01> <223f97700710180652n6cce6e2al38b8700b2ad7887@mail.gmail.com> <471779E4.80800@vanderkooij.org> <47177DC3.2040601@pacific.net> Message-ID: <20071018155239.M34973@wickline.cc> Desperation comes to mind. Why bother with the disguise antics? I can't understand a bloody word she is saying! ---------- Original Message ----------- From: Ken A To: MailScanner discussion Sent: Thu, 18 Oct 2007 10:37:39 -0500 Subject: Re: mp3 spam? > here she is. > http://www.pacific.net/spam/deleteme/kellyrowland.mp3 > Ken > From dchee at uci.edu Thu Oct 18 17:29:54 2007 From: dchee at uci.edu (Derek Chee) Date: Thu Oct 18 17:29:08 2007 Subject: mp3 spam? In-Reply-To: <20071018155239.M34973@wickline.cc> References: <012e01c81164$03f3f2e0$3c65a8c0@support01> <001501c81188$4d8d00d0$3c65a8c0@support01> <223f97700710180652n6cce6e2al38b8700b2ad7887@mail.gmail.com> <471779E4.80800@vanderkooij.org> <47177DC3.2040601@pacific.net> <20071018155239.M34973@wickline.cc> Message-ID: On Oct 18, 2007, at 8:54 AM, Bob Wickline wrote: > Desperation comes to mind. Why bother with the disguise antics? I > can't > understand a bloody word she is saying! It sounds more like bad text-to-speech software. I recognize the stock ticker that is being pushed. It's the current ticker of the day. The sales pitch is almost the same as the text-based spam. -- Derek From alex at nkpanama.com Thu Oct 18 17:38:00 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Oct 18 17:38:38 2007 Subject: Adding RBLs to sendmail In-Reply-To: <4716AE37.3060506@dhcp.net> References: <1192487411.8445.16.camel@lin-workstation.azapple.com> <1192632861.32761.4.camel@lin-workstation.azapple.com> <471641C0.5050200@ecs.soton.ac.uk> <47164C07.4050207@vanderkooij.org><20071018003159.GA7635@mew.kcbbs.gen.nz> <4716A994.6040307@dhcp.net> <8F2A53954C22554EB75D9643FCCE0C6B05757AFE@MED-CORE03-MS1.med.wayne.edu> <4716AE37.3060506@dhcp.net> Message-ID: <47178BE8.3070702@nkpanama.com> A. Eijkhoudt wrote: > Doh! > > It's a leftover actually, hadn't noticed it on the machine I copied > and pasted from :o) We snipped it out of the mc/cf on other machines > already... > > It doesn't actually prevent things from working so we never noticed it > either (because it doesn't error or warn)...! > Actually it does become a problem; depending on your situation it may slow down your server when it can't reach it, or slow things down unnecessarily. The fact that it may not be easily noticeable doesn't mean that you should keep it set like that. You may find your servers work at least marginally better by getting rid of that reference. I know of one case where it helped tremendously, but YMMV. > The rest is fine though. > > Rose, Bobby wrote: >> Ordb? How can you be successfully be using that since it shut down >> about a year ago? From alex at nkpanama.com Thu Oct 18 17:41:21 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Oct 18 17:42:43 2007 Subject: mp3 spam? In-Reply-To: <47177981.1050003@vanderkooij.org> References: <001501c81188$4d8d00d0$3c65a8c0@support01> <47177981.1050003@vanderkooij.org> Message-ID: <47178CB1.30600@nkpanama.com> Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Nigel Kendrick wrote: > >> I played the mp3 and it's an 'investor alert' done by a woman with her head >> in a bucket, wearing a dalek voice changer mask. Very professional. >> > > Jules: Can you ask the doctor to take care of these Daleks after he > finished his cup of thea? > > Nah... we earthlings should deal with this alien threat of intergalactic spam ourselves. Call Captain Jack Harkness at Torchwood immediately! :-) > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFHF3mABvzDRVjxmYERApTTAJ9I5IyJJV+DPm/EveotzaQm7wCBogCcC21D > 2iOBLoq/1vFqcmUlLimuf9U= > =L6RG > -----END PGP SIGNATURE----- > From sandrews at andrewscompanies.com Thu Oct 18 17:58:36 2007 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Thu Oct 18 17:58:41 2007 Subject: mp3 spam? In-Reply-To: <47177DC3.2040601@pacific.net> References: <012e01c81164$03f3f2e0$3c65a8c0@support01> <001501c81188$4d8d00d0$3c65a8c0@support01> <223f97700710180652n6cce6e2al38b8700b2ad7887@mail.gmail.com><471779E4.80800@vanderkooij.org> <47177DC3.2040601@pacific.net> Message-ID: <1964AAFBC212F742958F9275BF63DBB05B4259@winchester.andrewscompanies.com> I had a speak & spell when I was a kid that sounded better than that. http://en.wikipedia.org/wiki/Speak_&_Spell_(game) -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken A Sent: Thursday, October 18, 2007 11:38 AM To: MailScanner discussion Subject: Re: mp3 spam? here she is. http://www.pacific.net/spam/deleteme/kellyrowland.mp3 Ken Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Glenn Steen wrote: >> On 18/10/2007, Nigel Kendrick wrote: >>> I played the mp3 and it's an 'investor alert' done by a woman with >>> her head in a bucket, wearing a dalek voice changer mask. Very professional. >>> >> You felt the urge to invest, right immediate like, eh?:-):-) Alex >> Broens provided me with a few samples... "Idiotic" comes to mind...:) > > Can they be put up for public display? Just so we can have some fun. > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFHF3niBvzDRVjxmYERAjd2AKCyINBICwPmsKivfkXIKHVJ4k6MnwCgmCio > dp/Eg/S6eYHBtBRWLlwQ+2g= > =zif/ > -----END PGP SIGNATURE----- -- Ken Anderson Pacific.Net -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USherbrooke.ca Thu Oct 18 18:29:54 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Oct 18 18:30:37 2007 Subject: mp3 spam? In-Reply-To: <012e01c81164$03f3f2e0$3c65a8c0@support01> References: <012e01c81164$03f3f2e0$3c65a8c0@support01> Message-ID: <47179812.6080008@USherbrooke.ca> Nigel Kendrick a ?crit : > Hi, > > I have just received my first junk mail with a (claimed to be) mp3 file > attached - are users expected to listen to the spam now!? > > mp3s now blocked! > > Nigel > > There's an article about this in MacWorld: http://www.macworld.com/news/2007/10/18/mp3spam/index.php They recommend slowing down the reception of messages containing embedded mp3 files. What milter could help us do so in sendmail? Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From uxbod at splatnix.net Thu Oct 18 18:42:09 2007 From: uxbod at splatnix.net (UxBoD) Date: Thu Oct 18 18:46:57 2007 Subject: mp3 spam? In-Reply-To: <47179812.6080008@USherbrooke.ca> Message-ID: <9470235.2131192729329076.JavaMail.root@office.splatnix.net> a baseball bat milter specially for spammers! :) does anybody have a example email, complete, so could look at the encoding ? Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Denis Beauchemin" To: "MailScanner discussion" Sent: Thursday, October 18, 2007 5:29:54 PM (GMT) Africa/Casablanca Subject: Re: mp3 spam? Nigel Kendrick a ?crit : > Hi, > > I have just received my first junk mail with a (claimed to be) mp3 file > attached - are users expected to listen to the spam now!? > > mp3s now blocked! > > Nigel > > There's an article about this in MacWorld: http://www.macworld.com/news/2007/10/18/mp3spam/index.php They recommend slowing down the reception of messages containing embedded mp3 files. What milter could help us do so in sendmail? Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From sandrews at andrewscompanies.com Thu Oct 18 19:16:13 2007 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Thu Oct 18 19:16:16 2007 Subject: Mailscanner with hylafax Message-ID: <1964AAFBC212F742958F9275BF63DBB05B425B@winchester.andrewscompanies.com> Ok, I know this is off-base...really off base, but I'm short on equipment for a customer and desperately need to get a hylafax going asap. Just a tiny 2 line box, won't have a ton of traffic, but may have some large faxes. I have plenty of overhead in that box for the mail volume they get so I don't think I'll have a resource contention issue, BUT.... The hylafax box will, of course, be using sendmail to forward faxes to the appropriate place. Since 127.0.0.1 is whitelisted already (as it should be), there should be no problem with MS trying to scan these, no? I suppose I'll whitelist the email the're supposed to be coming from anyway. Any thoughts? Steven R. Andrews, President Andrews Companies Incorporated Small Business Information Technology Consultants sandrews@andrewscompanies.com Phone: 317.536.1807 "If your only tool is a hammer, every problem looks like a nail." -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071018/92fb82e8/attachment.html From alex at nkpanama.com Thu Oct 18 19:41:42 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Thu Oct 18 19:43:44 2007 Subject: Mailscanner with hylafax In-Reply-To: <1964AAFBC212F742958F9275BF63DBB05B425B@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB05B425B@winchester.andrewscompanies.com> Message-ID: <4717A8E6.3060108@nkpanama.com> Don't. Someone could spoof the address. It would be best if you whitelist 127.0.0.1 and leave it at that. Steven Andrews wrote: > Ok, I know this is off-base...really off base, but I'm short on > equipment for a customer and desperately need to get a hylafax going > asap. Just a tiny 2 line box, won't have a ton of traffic, but may > have some large faxes. I have plenty of overhead in that box for the > mail volume they get so I don't think I'll have a resource contention > issue, BUT.... > > The hylafax box will, of course, be using sendmail to forward faxes to > the appropriate place. Since 127.0.0.1 is whitelisted already (as it > should be), there should be no problem with MS trying to scan these, > no? I suppose I'll whitelist the email the're supposed to be coming > from anyway. > > Any thoughts? > > > *Steven R. Andrews*, President > Andrews Companies Incorporated > /Small Business Information Technology Consultants/ > sandrews@andrewscompanies.com > Phone: 317.536.1807 > > "If your only tool is a hammer, every problem looks like a nail." > > From sandrews at andrewscompanies.com Thu Oct 18 20:56:16 2007 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Thu Oct 18 20:56:21 2007 Subject: Mailscanner with hylafax In-Reply-To: <4717A8E6.3060108@nkpanama.com> References: <1964AAFBC212F742958F9275BF63DBB05B425B@winchester.andrewscompanies.com> <4717A8E6.3060108@nkpanama.com> Message-ID: <1964AAFBC212F742958F9275BF63DBB05B425F@winchester.andrewscompanies.com> Good catch. Thank you. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans Sent: Thursday, October 18, 2007 2:42 PM To: MailScanner discussion Subject: Re: Mailscanner with hylafax Don't. Someone could spoof the address. It would be best if you whitelist 127.0.0.1 and leave it at that. Steven Andrews wrote: > Ok, I know this is off-base...really off base, but I'm short on > equipment for a customer and desperately need to get a hylafax going > asap. Just a tiny 2 line box, won't have a ton of traffic, but may > have some large faxes. I have plenty of overhead in that box for the > mail volume they get so I don't think I'll have a resource contention > issue, BUT.... > > The hylafax box will, of course, be using sendmail to forward faxes to > the appropriate place. Since 127.0.0.1 is whitelisted already (as it > should be), there should be no problem with MS trying to scan these, > no? I suppose I'll whitelist the email the're supposed to be coming > from anyway. > > Any thoughts? > > > *Steven R. Andrews*, President > Andrews Companies Incorporated > /Small Business Information Technology Consultants/ > sandrews@andrewscompanies.com > Phone: 317.536.1807 > > "If your only tool is a hammer, every problem looks like a nail." > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From martinh at solidstatelogic.com Thu Oct 18 21:52:03 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Oct 18 21:52:09 2007 Subject: FW: MP3 Spam Message-ID: Guy Someone just posted this on the SA list... Might be useful.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > UxBoD writes: > > Does anybody have one of these, or different one, that you could upload > somewhere so can do some analysis ? > > sure: http://taint.org/x/2007/mp3spam.txt > anyway, these rules catch them as far as I can tell: > > ifplugin Mail::SpamAssassin::Plugin::MIMEHeader > mimeheader __CTYPE_STORM_MP3_1 Content-Type:raw =~ /^audio\/mpeg;\n > name=\"[a-z]+\.mp3\"$/s > mimeheader __CDISP_STORM_MP3_1 Content-Disposition:raw =~ /^inline;\n > filename=\"[a-z]+\.mp3\"$/s > mimeheader __CTYPE_STORM_MP3_2 Content-Type:raw =~ > /^audio\/mpeg;\n\tname=\"[a-z]+\.mp3\"$/s > mimeheader __CDISP_STORM_MP3_2 Content-Disposition:raw =~ > /^attachment;\n\tfilename=\"[a-z]+\.mp3\"$/s > > meta JM_STORM_MP3 ((__CTYPE_STORM_MP3_1&&__CDISP_STORM_MP3_1) || > (__CTYPE_STORM_MP3_2&&__CDISP_STORM_MP3_2)) > > > --j. ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From ssilva at sgvwater.com Thu Oct 18 22:51:52 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Oct 18 22:55:07 2007 Subject: Adding RBLs to sendmail In-Reply-To: <47178BE8.3070702@nkpanama.com> References: <1192487411.8445.16.camel@lin-workstation.azapple.com> <1192632861.32761.4.camel@lin-workstation.azapple.com> <471641C0.5050200@ecs.soton.ac.uk> <47164C07.4050207@vanderkooij.org><20071018003159.GA7635@mew.kcbbs.gen.nz> <4716A994.6040307@dhcp.net> <8F2A53954C22554EB75D9643FCCE0C6B05757AFE@MED-CORE03-MS1.med.wayne.edu> <4716AE37.3060506@dhcp.net> <47178BE8.3070702@nkpanama.com> Message-ID: on 10/18/2007 9:38 AM Alex Neuman van der Hans spake the following: > A. Eijkhoudt wrote: >> Doh! >> >> It's a leftover actually, hadn't noticed it on the machine I copied >> and pasted from :o) We snipped it out of the mc/cf on other machines >> already... >> >> It doesn't actually prevent things from working so we never noticed it >> either (because it doesn't error or warn)...! >> > Actually it does become a problem; depending on your situation it may > slow down your server when it can't reach it, or slow things down > unnecessarily. The fact that it may not be easily noticeable doesn't > mean that you should keep it set like that. You may find your servers > work at least marginally better by getting rid of that reference. I know > of one case where it helped tremendously, but YMMV. >> The rest is fine though. There was a list that went down several years ago, whose name escapes me, but instead of turning off their servers, they returned every lookup as if on their list. That one caused a lot of problems. Every message got marked as spam. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From penguin at dhcp.net Thu Oct 18 23:12:45 2007 From: penguin at dhcp.net (A. Eijkhoudt) Date: Thu Oct 18 23:12:48 2007 Subject: Adding RBLs to sendmail In-Reply-To: References: <1192487411.8445.16.camel@lin-workstation.azapple.com> <1192632861.32761.4.camel@lin-workstation.azapple.com> <471641C0.5050200@ecs.soton.ac.uk> <47164C07.4050207@vanderkooij.org><20071018003159.GA7635@mew.kcbbs.gen.nz> <4716A994.6040307@dhcp.net> <8F2A53954C22554EB75D9643FCCE0C6B05757AFE@MED-CORE03-MS1.med.wayne.edu> <4716AE37.3060506@dhcp.net> <47178BE8.3070702@nkpanama.com> Message-ID: <4717DA5D.6020401@dhcp.net> Scott Silva wrote: > There was a list that went down several years ago, whose name escapes > me, but instead of turning off their servers, they returned every lookup > as if on their list. That one caused a lot of problems. Every message > got marked as spam. Indeed, a reasonable list of dead DNSBLs can be found here: http://spamlinks.net/filter-dnsbl-dead.htm It's a nice site; it also lists many working DNSBLs, instructions, tips... From hvdkooij at vanderkooij.org Thu Oct 18 23:47:52 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Oct 18 23:48:33 2007 Subject: mp3 spam? In-Reply-To: <012e01c81164$03f3f2e0$3c65a8c0@support01> References: <012e01c81164$03f3f2e0$3c65a8c0@support01> Message-ID: <4717E298.5060403@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nigel Kendrick wrote: > Hi, > > I have just received my first junk mail with a (claimed to be) mp3 file > attached - are users expected to listen to the spam now!? I just got this from VirusBuster.hu, so this amazing new bandwith consuming type of spam is apparantly 'hot news' ;-) Her master's voice Stock spammers have abandoned PDF files and image spam with a new campaign featuring MP3 files. The audio files pose as music from stars such as Elvis Presley and Fergie, but actually contain a monotone voice encouraging punters to invest in an obscure Canadian company. The MP3 files are being widely spammed in emails that often contain no subject line or message body. Some of the filenames used include hurricanechris.mp3, allforone.mp3, carrieunderwood.mp3, elvis.mp3, baby.mp3, fergie.mp3, and bbrown.mp3. The female (apparently British) voice on the MP3 file, recorded at low bit-rate and randomly altered to avoid detection by anti-spam filters, seeks to attract interest in Exit Only, a Canadian firm that runs a website marketplace for new and used motors. Experts advise users to block MP3 files in email. (Source: The Register) - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHF+KWBvzDRVjxmYERAtfXAKCEPa7C+lndskCtlfP4GSgmEoK7DwCgp0PM 33p6YAbPLvsWYh8v/PKq4Do= =LNEe -----END PGP SIGNATURE----- From davejones70 at gmail.com Fri Oct 19 01:50:20 2007 From: davejones70 at gmail.com (Dave Jones) Date: Fri Oct 19 01:50:22 2007 Subject: MailScanner processing email properly but is not delivering to outgoing queue Message-ID: <67a55ed50710181750q1d041a08m5dd018e080b33ccb@mail.gmail.com> I have a working setup of MailScanner with MailWatch that I just upgraded from 4.6.3 to the latest version. Sendmail mailertable is setup to forward email properly to the final email server which happens to be Exchange. I have manually tested creating an email from the MailScanner server to the Exchange server and it works fine. The mailq command shows that the outbound mail queue is emtpy. It appears that the outbound email is not getting put in the /var/spool/mqueue directory like it should be. The MailScanner.conf has correct "Queue Dir" settings and the directories exist with normal permissions. The mailertable files has not been changed before the upgrade when email was flowing properly. /etc/MailScanner/MailScanner.conf ============================ Incoming Queue Dir = /var/spool/mqueue.in Outgoing Queue Dir = /var/spool/mqueue /etc/mail/mailertaible ================= domain.com smtp:[192.168.1.2] # mailq /var/spool/mqueue is empty Total requests: 0 How do I debug MailScanner's last steps which I guess should be putting the delivered email into the /var/spool/mqueue directory? I tried "Debug = yes" mode but it didn't output anything useful. Also, the outbound email from the Exchange server to the Internet through MailScanner is doing the same thing. It logs to MailWatch but never makes it to the outbound queue. -- Dave Jones -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071018/791ae22d/attachment.html From martinh at solidstatelogic.com Fri Oct 19 07:29:17 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Oct 19 07:29:28 2007 Subject: {Disarmed} MailScanner processing email properly but is not delivering to outgoing queue In-Reply-To: <67a55ed50710181750q1d041a08m5dd018e080b33ccb@mail.gmail.com> Message-ID: <91afde9b753a4842ae8d3f65a48e01d5@solidstatelogic.com> Dave 1) see if there's anything in the maillog... 2a) when you run in debug this wayyou need to stop mailscanner then run 'MailScanner', and it should dump debug to the screen. 2b) alternatively stop mailscanner and then run "MailScanner --debug --debug-sa" and you'll get the information that way without editing the MailScanner.conf I presume you did the upgrade_MailScanner_conf when you did the upgrade? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Dave Jones > Sent: 19 October 2007 01:50 > To: mailscanner > Subject: {Disarmed} MailScanner processing email properly but is not > delivering to outgoing queue > > I have a working setup of MailScanner with MailWatch that I just upgraded > from 4.6.3 to the latest version. Sendmail mailertable is setup to > forward email properly to the final email server which happens to be > Exchange. I have manually tested creating an email from the MailScanner > server to the Exchange server and it works fine. The mailq command shows > that the outbound mail queue is emtpy. It appears that the outbound email > is not getting put in the /var/spool/mqueue directory like it should be. > The MailScanner.conf has correct "Queue Dir" settings and the directories > exist with normal permissions. The mailertable files has not been changed > before the upgrade when email was flowing properly. > > /etc/MailScanner/MailScanner.conf > ============================ > Incoming Queue Dir = /var/spool/mqueue.in > Outgoing Queue Dir = /var/spool/mqueue > > /etc/mail/mailertaible > ================= > domain.com smtp:[ MailScanner warning: numerical links are often > malicious: 192.168.1.2 ] > > # mailq > /var/spool/mqueue is empty > Total requests: 0 > > How do I debug MailScanner's last steps which I guess should be putting > the delivered email into the /var/spool/mqueue directory? I tried "Debug > = yes" mode but it didn't output anything useful. > > Also, the outbound email from the Exchange server to the Internet through > MailScanner is doing the same thing. It logs to MailWatch but never makes > it to the outbound queue. > -- > Dave Jones ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From martinh at solidstatelogic.com Fri Oct 19 07:30:24 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Oct 19 07:30:28 2007 Subject: mp3 spam? In-Reply-To: <4717E298.5060403@vanderkooij.org> Message-ID: <59a0f42281dfe04ebf5a3dfb3ba008ed@solidstatelogic.com> Heh Blocking MP3's (and PDF's/.xls etc) is not an option for us.. Right I'll off email now ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Hugo van der Kooij > Sent: 18 October 2007 23:48 > To: MailScanner discussion > Subject: Re: mp3 spam? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Nigel Kendrick wrote: > > Hi, > > > > I have just received my first junk mail with a (claimed to be) mp3 file > > attached - are users expected to listen to the spam now!? > > I just got this from VirusBuster.hu, so this amazing new bandwith > consuming type of spam is apparantly 'hot news' ;-) > > Her master's voice > > Stock spammers have abandoned PDF files and image spam with a new > campaign featuring MP3 files. > > The audio files pose as music from stars such as Elvis Presley and > Fergie, but actually contain a monotone voice encouraging punters to > invest in an obscure Canadian company. > > The MP3 files are being widely spammed in emails that often contain no > subject line or message body. Some of the filenames used include > hurricanechris.mp3, allforone.mp3, carrieunderwood.mp3, elvis.mp3, > baby.mp3, fergie.mp3, and bbrown.mp3. > > The female (apparently British) voice on the MP3 file, recorded at low > bit-rate and randomly altered to avoid detection by anti-spam filters, > seeks to attract interest in Exit Only, a Canadian firm that runs a > website marketplace for new and used motors. > > Experts advise users to block MP3 files in email. > > (Source: The Register) > > > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFHF+KWBvzDRVjxmYERAtfXAKCEPa7C+lndskCtlfP4GSgmEoK7DwCgp0PM > 33p6YAbPLvsWYh8v/PKq4Do= > =LNEe > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From glenn.steen at gmail.com Fri Oct 19 08:46:15 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Oct 19 08:46:16 2007 Subject: MailScanner processing email properly but is not delivering to outgoing queue In-Reply-To: <67a55ed50710181750q1d041a08m5dd018e080b33ccb@mail.gmail.com> References: <67a55ed50710181750q1d041a08m5dd018e080b33ccb@mail.gmail.com> Message-ID: <223f97700710190046s186ccb22mefa2fc3e257632eb@mail.gmail.com> On 19/10/2007, Dave Jones wrote: > I have a working setup of MailScanner with MailWatch that I just upgraded > from 4.6.3 to the latest version. Sendmail mailertable is setup to forward > email properly to the final email server which happens to be Exchange. I > have manually tested creating an email from the MailScanner server to the > Exchange server and it works fine. The mailq command shows that the > outbound mail queue is emtpy. It appears that the outbound email is not > getting put in the /var/spool/mqueue directory like it should be. The > MailScanner.conf has correct "Queue Dir" settings and the directories exist > with normal permissions. The mailertable files has not been changed before > the upgrade when email was flowing properly. > > /etc/MailScanner/MailScanner.conf > ============================ > Incoming Queue Dir = /var/spool/mqueue.in > Outgoing Queue Dir = /var/spool/mqueue > > /etc/mail/mailertaible > ================= > domain.com smtp:[ 192.168.1.2] > > # mailq > /var/spool/mqueue is empty > Total requests: 0 > > How do I debug MailScanner's last steps which I guess should be putting the > delivered email into the /var/spool/mqueue directory? I tried "Debug = yes" > mode but it didn't output anything useful. With the latest MailScanner, you no longer have to set Debug in the config file, you can use the command instead... Just stop MailScanner (and sendmail), and ... assuming an mqueue.in full of messages... then run "MailScanner --debug" ... and perhaps also att in --debug-sa ... Another nifty thing is to run the configuration suyntax checker: MailScanner --lint ... You don't have to stop MailScanner to run that one. You did remember to run the upgrade scripts? > Also, the outbound email from the Exchange server to the Internet through > MailScanner is doing the same thing. It logs to MailWatch but never makes > it to the outbound queue. If it logs to MailWatch... well, that is pretty much the last thing that happens... Check once more that the permissions are OK on the directories... Something strange is happening here. Nit sure that the debug run will show anything this "late"...:-) What does the log say about a typical message (if you post a snippet, please include a few lines before/after)? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Oct 19 08:48:44 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Oct 19 08:48:51 2007 Subject: {Disarmed} MailScanner processing email properly but is not delivering to outgoing queue In-Reply-To: <91afde9b753a4842ae8d3f65a48e01d5@solidstatelogic.com> References: <67a55ed50710181750q1d041a08m5dd018e080b33ccb@mail.gmail.com> <91afde9b753a4842ae8d3f65a48e01d5@solidstatelogic.com> Message-ID: <223f97700710190048t73fe83cr57c749245bbba8e7@mail.gmail.com> On 19/10/2007, Martin.Hepworth wrote: > Dave > > 1) see if there's anything in the maillog... > 2a) when you run in debug this wayyou need to stop mailscanner then run 'MailScanner', and it should dump debug to the screen. > 2b) alternatively stop mailscanner and then run "MailScanner --debug --debug-sa" and you'll get the information that way without editing the MailScanner.conf > > > I presume you did the upgrade_MailScanner_conf when you did the upgrade? > Howcome I didn't see your reply first... Ah, the disarming messed with the "threading"... Sometimes gmail is pretty dumb:-). Oh well, "great minds think alike" and all that:-D Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From p_ugyel at telecom.net.bt Fri Oct 19 09:28:43 2007 From: p_ugyel at telecom.net.bt (Phuntsho Ugyel) Date: Fri Oct 19 09:28:55 2007 Subject: Postfix, Mail Scanner and Mailscanner-mrtg In-Reply-To: <4717268D.2010603@telecom.net.bt> References: <47170074.1040106@telecom.net.bt> <47170936.6000504@vanderkooij.org> <47172141.4020803@telecom.net.bt> <471724BE.8050201@vanderkooij.org> <4717268D.2010603@telecom.net.bt> Message-ID: <47186ABB.5030401@telecom.net.bt> Hi, I got my mailgraph up and running but somehow the graphs displayed are empty. Following are the configuration that i have made. (OS- FreeBSD) In /usr/local/etc/rc.d/mailgraph, changed ${mailgraph_flags="--logfile /usr/local/www/apache22/mail/maillog --daemon-rrd=/var/db/mailgraph --ignore-localhost --daemon --daemon-pid=${mailgraph_pidfile}"} In mailgraph-init: MAILGRAPH_PL=/usr/local/sbin/mailgraph.pl MAIL_LOG=/usr/local/www/apache22/data/mail/maillog PID_FILE=/var/db/mailgraph/mailgraph.pid RRD_DIR=/var/db/mailgraph As for the maillog files, i created a crob job to ftp the files from the Mail server to the Network Monitor server. Am i heading the right direction?? -Phuntsho >> >> If you can figure out how you get the logs from server A on server B you >> should be able to make this work. >> >> I guess have server A send everything with syslog messages to server B >> would take of that in realtime. >> >> Hugo. >> >> - -- >> hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ >> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc >> >> Bored? Click on http://spamornot.org/ and rate those images. >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.7 (GNU/Linux) >> >> iD8DBQFHFyS7BvzDRVjxmYERAnUYAJ9BXd0AeRSf8QCG8p7WxB1quE+uFgCfTACs >> fP+bNOryJvgCH7UtOX0TfCQ= >> =q56L >> -----END PGP SIGNATURE----- >> > From P.G.M.Peters at utwente.nl Fri Oct 19 11:56:28 2007 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Fri Oct 19 11:56:36 2007 Subject: release mail from quarantine AND modify message-id In-Reply-To: <46FE4B79.3060001@fsl.com> References: <637e55b80709281111l29d90471xdf4bb6f8c1b9d1ac@mail.gmail.com> <46FE4B79.3060001@fsl.com> Message-ID: <47188D5C.1080001@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Steve Freegard wrote on 29-9-2007 14:56: > Try something like this: > > postcat | grep -Evi '^Message-ID:' | sendmail -oi > > > Untested - but it should work. It works. But it makes the server insert a new Message-ID. If you use something like IMF on Exchange this means extra penalty on the spam-score. - -- Peter Peters, Teamleider Unix/Linux-Beheer ICT-Servicecentrum Universiteit Twente, Postbus 217, 7500 AE Enschede Telefoon 053 489 2301, Fax 053 489 2383, P.G.M.Peters@utwente.nl; http://www.utwente.nl/icts -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHGI1aelLo80lrIdIRAo/cAKChC8WjngVxdkHQRWqdPNEUH92TwQCfTrP5 wr/YgJD31RVpa1FHHRf/xUs= =52+H -----END PGP SIGNATURE----- From P.G.M.Peters at utwente.nl Fri Oct 19 12:00:17 2007 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Fri Oct 19 12:00:38 2007 Subject: OT: How You doing Jules? In-Reply-To: <11605653.8531191522345104.JavaMail.root@office.splatnix.net> References: <11605653.8531191522345104.JavaMail.root@office.splatnix.net> Message-ID: <47188E41.3050409@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 UxBoD wrote on 4-10-2007 20:25: > Scott, its the little button you press on ya mobile/blackberry to switch it off :) IT people are never allowed a normal life! They know my home phone number too. And some people also happen to know where I live. - -- Peter Peters, Teamleider Unix/Linux-Beheer ICT-Servicecentrum Universiteit Twente, Postbus 217, 7500 AE Enschede Telefoon 053 489 2301, Fax 053 489 2383, P.G.M.Peters@utwente.nl; http://www.utwente.nl/icts -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHGI4/elLo80lrIdIRArJQAJ0RX1i/gp29kPA6TiBt6U5x4PETpQCeNbd0 npYZG38mx41Eu62JR/Kn5FM= =6cvr -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Fri Oct 19 12:56:24 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Oct 19 12:56:49 2007 Subject: [DISARMED] MailScanner processing email properly but is not delivering to outgoing queue In-Reply-To: <67a55ed50710181750q1d041a08m5dd018e080b33ccb@mail.gmail.com> References: <67a55ed50710181750q1d041a08m5dd018e080b33ccb@mail.gmail.com> Message-ID: <47189B68.5070106@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave Jones wrote: > /etc/mail/mailertaible > ================= > domain.com smtp:[ *MailScanner warning: numerical > links are often malicious:* 192.168.1.2 ] Well besides MailScanner having a lot of fun with this line. There is nothing on http://www.sendmail.org/m4/mailertables.html that makes me think you can use an IP address here. Wether or not it is supported remains to be seen. But if you can simple use a hostname instead it will take one unknown variable out of the equasion. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHGJtnBvzDRVjxmYERAirMAJ9MQpOWPDCxO0xXEidw86bkDg/kSQCZAXMA n3VlWJdfjCA/40CvYOOKoOs= =PC/Z -----END PGP SIGNATURE----- From ugob at lubik.ca Fri Oct 19 13:24:33 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Fri Oct 19 13:24:50 2007 Subject: [DISARMED] MailScanner processing email properly but is not delivering to outgoing queue In-Reply-To: <47189B68.5070106@vanderkooij.org> References: <67a55ed50710181750q1d041a08m5dd018e080b33ccb@mail.gmail.com> <47189B68.5070106@vanderkooij.org> Message-ID: Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Dave Jones wrote: > >> /etc/mail/mailertaible >> ================= >> domain.com smtp:[ *MailScanner warning: numerical >> links are often malicious:* 192.168.1.2 ] > > Well besides MailScanner having a lot of fun with this line. There is > nothing on http://www.sendmail.org/m4/mailertables.html that makes me > think you can use an IP address here. You can if it is within brackets. Please check your maillog, you may have one extra space between the [ and 192 From prandal at herefordshire.gov.uk Fri Oct 19 13:26:42 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Oct 19 13:26:54 2007 Subject: [DISARMED] MailScanner processing email properly but is not delivering to outgoing queue In-Reply-To: <47189B68.5070106@vanderkooij.org> References: <67a55ed50710181750q1d041a08m5dd018e080b33ccb@mail.gmail.com> <47189B68.5070106@vanderkooij.org> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA01E0525D@HC-MBX02.herefordshire.gov.uk> Hugo, That syntax is perfectly valid and should work fine. Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Hugo van der Kooij > Sent: 19 October 2007 12:56 > To: MailScanner discussion > Subject: Re: [DISARMED] MailScanner processing email properly > but is not delivering to outgoing queue > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Dave Jones wrote: > > > /etc/mail/mailertaible > > ================= > > domain.com smtp:[ *MailScanner warning: > numerical > > links are often malicious:* 192.168.1.2 ] > > Well besides MailScanner having a lot of fun with this line. There is > nothing on http://www.sendmail.org/m4/mailertables.html that makes me > think you can use an IP address here. > > Wether or not it is supported remains to be seen. But if you > can simple > use a hostname instead it will take one unknown variable out of the > equasion. > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFHGJtnBvzDRVjxmYERAirMAJ9MQpOWPDCxO0xXEidw86bkDg/kSQCZAXMA > n3VlWJdfjCA/40CvYOOKoOs= > =PC/Z > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From davejones70 at gmail.com Fri Oct 19 13:38:26 2007 From: davejones70 at gmail.com (Dave Jones) Date: Fri Oct 19 13:38:27 2007 Subject: MailScanner Digest, Vol 22, Issue 33 In-Reply-To: <200710190639.l9J6d2QY022730@safir.blacknight.ie> References: <200710190639.l9J6d2QY022730@safir.blacknight.ie> Message-ID: <67a55ed50710190538v172857f3u39d2160f9e30639d@mail.gmail.com> > Date: Fri, 19 Oct 2007 07:29:17 +0100 > From: "Martin.Hepworth" > Subject: RE: {Disarmed} MailScanner processing email properly but is > not delivering to outgoing queue > To: "MailScanner discussion" > Message-ID: <91afde9b753a4842ae8d3f65a48e01d5@solidstatelogic.com> > Content-Type: text/plain; charset="us-ascii" > > Dave > > 1) see if there's anything in the maillog... The maillog never has the "Queued mail for delivery" message from the outbound queue. My theory is that the email is never making it into the /var/spool/mqueue for sendmail to send it. BTW, I had to disable MS for now and just forward email using plain sendmail and it works now so I am sure it's not a sendmail issue. I have no protection on email at the moment and some pretty nasty SPAM emails are making it in. I need to do something soon. :) 2a) when you run in debug this wayyou need to stop mailscanner then run > 'MailScanner', and it should dump debug to the screen. I did stop MS for the debug. 2b) alternatively stop mailscanner and then run "MailScanner --debug > --debug-sa" and you'll get the information that way without editing the > MailScanner.conf Good information to know in the future! I presume you did the upgrade_MailScanner_conf when you did the upgrade? Yes. I have done this upgrade to 7 other MS instances I support and this one is the only problem I have had. Thanks for your suggestions Martin. -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Dave Jones > > Sent: 19 October 2007 01:50 > > To: mailscanner > > Subject: {Disarmed} MailScanner processing email properly but is not > > delivering to outgoing queue > > > > I have a working setup of MailScanner with MailWatch that I just > upgraded > > from 4.6.3 to the latest version. Sendmail mailertable is setup to > > forward email properly to the final email server which happens to be > > Exchange. I have manually tested creating an email from the MailScanner > > server to the Exchange server and it works fine. The mailq command > shows > > that the outbound mail queue is emtpy. It appears that the outbound > email > > is not getting put in the /var/spool/mqueue directory like it should be. > > The MailScanner.conf has correct "Queue Dir" settings and the > directories > > exist with normal permissions. The mailertable files has not been > changed > > before the upgrade when email was flowing properly. > > > > /etc/MailScanner/MailScanner.conf > > ============================ > > Incoming Queue Dir = /var/spool/mqueue.in > > Outgoing Queue Dir = /var/spool/mqueue > > > > /etc/mail/mailertaible > > ================= > > domain.com smtp:[ MailScanner warning: numerical links are often > > malicious: 192.168.1.2 ] > > > > # mailq > > /var/spool/mqueue is empty > > Total requests: 0 > > > > How do I debug MailScanner's last steps which I guess should be putting > > the delivered email into the /var/spool/mqueue directory? I tried > "Debug > > = yes" mode but it didn't output anything useful. > > > > Also, the outbound email from the Exchange server to the Internet > through > > MailScanner is doing the same thing. It logs to MailWatch but never > makes > > it to the outbound queue. > > -- > > Dave Jones > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071019/0846602b/attachment.html From hvdkooij at vanderkooij.org Fri Oct 19 13:41:59 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Oct 19 13:42:16 2007 Subject: [DISARMED] MailScanner processing email properly but is not delivering to outgoing queue In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA01E0525D@HC-MBX02.herefordshire.gov.uk> References: <67a55ed50710181750q1d041a08m5dd018e080b33ccb@mail.gmail.com> <47189B68.5070106@vanderkooij.org> <7EF0EE5CB3B263488C8C18823239BEBA01E0525D@HC-MBX02.herefordshire.gov.uk> Message-ID: <4718A617.6080400@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Randal, Phil wrote: > Hugo, > > That syntax is perfectly valid and should work fine. It is just not documented on that page. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHGKYUBvzDRVjxmYERAvlEAJ4n3Ko6gHq3194FqYkef3mONOKHdQCfe0wv IZKUTJ5L+IlXgCcNl0z4U2g= =Q+bl -----END PGP SIGNATURE----- From Timo.Jacobs at partners.de Fri Oct 19 16:53:05 2007 From: Timo.Jacobs at partners.de (Timo.Jacobs@partners.de) Date: Fri Oct 19 16:53:24 2007 Subject: Timo Jacobs is out of the office. Message-ID: I will be out of the office starting 19.10.2007 and will not return until 01.11.2007. I will respond to your message when I return. In urgent cases please contact Mr. Timo A. Schmidt (timo.schmidt@partners.de) From uxbod at splatnix.net Fri Oct 19 16:54:45 2007 From: uxbod at splatnix.net (UxBoD) Date: Fri Oct 19 16:58:28 2007 Subject: Timo Jacobs is out of the office. In-Reply-To: Message-ID: <4638640.3511192809285704.JavaMail.root@office.splatnix.net> DOH! Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Timo Jacobs" To: "MailScanner discussion" Sent: Friday, October 19, 2007 4:53:05 PM (GMT) Europe/London Subject: Timo Jacobs is out of the office. I will be out of the office starting 19.10.2007 and will not return until 01.11.2007. I will respond to your message when I return. In urgent cases please contact Mr. Timo A. Schmidt (timo.schmidt@partners.de) -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From damian at cht.com.ar Fri Oct 19 17:22:03 2007 From: damian at cht.com.ar (Damian Rivas) Date: Fri Oct 19 17:25:52 2007 Subject: Weird Problem with MailScanner Message-ID: <484E9B509664CA499A78F777A2D59A30027630@server6.chtnet.com.ar> Hi there, I'm having a really weird problem and as I am a n00b it gets a bit more difficult to find a solution. I'll explain the details first: Since 6 months ago, I am the System Administrator of a Tourism Agency. We use an E-mail Scanner in a server with the following characteristics: Processor: Pentium II 233 Mhz. RAM: 128 MB OS: Linux Slackware 9 MailScanner version: 4.55.10 This E-mail Scanner use the MailScanner with Sophos Antivirus and Spam Assasin to filter spam and scan incoming and outcoming mails for viruses which are then redirected to an internal MS Exchange Server or to the Internet, respectively by sendmail. One month ago, the server started behaving erratically. Instead of checking and sending mails as it normally did, it started queueing mails massively and therefore accumulating great quantities of them, it got up to 10000 mails queued up in a single day, therefore, no one recieved a single mail. After many pointless attempts to repair this problem and seeing that the Travel Agents were getting a bit mad, I decided to redirect the MX server of our domains in the DNS to the firewall, so that our E-Mail Scanner server didn't recieve more mail, which was only going to contribute to making the problem worse, more incoming mails, more queued mails. With this, the server started sending the queued mails and mail traffic was restored with the difference that mails weren't scanned at all(they were no longer passing through the MailScanner Server). When the mail queues were empty again, I tried to reestablish the scanning service, but the problem appeared again. I don't have a clear idea of what can be causing this problem. The machine is pretty old, but the former administrator told me that it had never had problems. I think that perhaps we are being Spam Bombed and perhaps the System poor processing capabilities cannot resists the increasing traffic and therefore it gets stuck and keeps enqueueing mails. Please if anyone can guide me I'll appreciate it, Sorry if my English is a bit rusty, it is not my native language, therefore if you need me to be more clear or try to give more details of something, don't hesitate to ask so. Thanks in advance! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071019/bb0b4cd3/attachment.html From list-mailscanner at linguaphone.com Fri Oct 19 17:31:58 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Fri Oct 19 17:32:11 2007 Subject: Weird Problem with MailScanner In-Reply-To: <484E9B509664CA499A78F777A2D59A30027630@server6.chtnet.com.ar> Message-ID: MensajeI would say it is seriously in need of a memory upgrade. The minimum recomendation is 1GB. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Damian Rivas Sent: 19 October 2007 17:22 To: mailscanner@lists.mailscanner.info Subject: Weird Problem with MailScanner Hi there, I'm having a really weird problem and as I am a n00b it gets a bit more difficult to find a solution. I'll explain the details first: Since 6 months ago, I am the System Administrator of a Tourism Agency. We use an E-mail Scanner in a server with the following characteristics: Processor: Pentium II 233 Mhz. RAM: 128 MB OS: Linux Slackware 9 MailScanner version: 4.55.10 This E-mail Scanner use the MailScanner with Sophos Antivirus and Spam Assasin to filter spam and scan incoming and outcoming mails for viruses which are then redirected to an internal MS Exchange Server or to the Internet, respectively by sendmail. One month ago, the server started behaving erratically. Instead of checking and sending mails as it normally did, it started queueing mails massively and therefore accumulating great quantities of them, it got up to 10000 mails queued up in a single day, therefore, no one recieved a single mail. After many pointless attempts to repair this problem and seeing that the Travel Agents were getting a bit mad, I decided to redirect the MX server of our domains in the DNS to the firewall, so that our E-Mail Scanner server didn't recieve more mail, which was only going to contribute to making the problem worse, more incoming mails, more queued mails. With this, the server started sending the queued mails and mail traffic was restored with the difference that mails weren't scanned at all(they were no longer passing through the MailScanner Server). When the mail queues were empty again, I tried to reestablish the scanning service, but the problem appeared again. I don't have a clear idea of what can be causing this problem. The machine is pretty old, but the former administrator told me that it had never had problems. I think that perhaps we are being Spam Bombed and perhaps the System poor processing capabilities cannot resists the increasing traffic and therefore it gets stuck and keeps enqueueing mails. Please if anyone can guide me I'll appreciate it, Sorry if my English is a bit rusty, it is not my native language, therefore if you need me to be more clear or try to give more details of something, don't hesitate to ask so. Thanks in advance! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071019/d6b32c84/attachment.html From maillists at conactive.com Fri Oct 19 17:33:04 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Oct 19 17:33:06 2007 Subject: building on Red Hat EL v 5 In-Reply-To: <471641C0.5050200@ecs.soton.ac.uk> References: <1192487411.8445.16.camel@lin-workstation.azapple.com> <1192632861.32761.4.camel@lin-workstation.azapple.com> <471641C0.5050200@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Wed, 17 Oct 2007 18:09:20 +0100: > But they are needed on things other than RHEL5. > What's the best way of detecting RHEL5 and all its clones? I don't know, best way is probably to check for the perl modules directly. SA does that and then presents a list of required and optional modules. I think this is a good way. I think these modules are also not needed on 4 and clones and on other more modern systems they aren't necessary as well. Maybe I got Craig's posting wrong. I thought you had added this to the dependencies of the mailscanner.rpm, if you just added this to install.sh (mime-base-64 has been on it for a long time already) this is a different matter. I think it's preferrable to have install.sh not force the install if it's already installed, but I can understand that you put it in there as you try to provide a complete package. Nevertheless, is there any chance to just get the mailscanner.rpm for a download? This would also save bandwidth on both sides. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Fri Oct 19 17:33:05 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Oct 19 17:33:10 2007 Subject: building on Red Hat EL v 5 In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA03CF1B@HC-MBX02.herefordshire.gov.uk> References: <471641C0.5050200@ecs.soton.ac.uk> <47164C07.4050207@vanderkooij.org> <7EF0EE5CB3B263488C8C18823239BEBA03CF1B@HC-MBX02.herefordshire.gov.uk> Message-ID: Phil Randal wrote on Wed, 17 Oct 2007 19:40:24 +0100: > I for one would vote for the default MailScanner install doing this > automatically and creating .rpmsave copies of the previous .conf files. > > Comments anyone? I rather suggest adding .rpmnew files, so the old configuration stays in place. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From damian at cht.com.ar Fri Oct 19 17:37:35 2007 From: damian at cht.com.ar (Damian Rivas) Date: Fri Oct 19 17:41:23 2007 Subject: Weird Problem with MailScanner Message-ID: <484E9B509664CA499A78F777A2D59A30027631@server6.chtnet.com.ar> Yeah, I was thinking in upgrading the hardware, but for me that means: installing an entirely new server. But I wanted to know if it can be a software error to fix the problem at least temporarily to give me time to install the new and upgraded server. Thanks for the data on memory minimun recommendation Gareth. -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Gareth Enviado el: viernes, 19 de octubre de 2007 13:32 Para: MailScanner discussion Asunto: RE: Weird Problem with MailScanner I would say it is seriously in need of a memory upgrade. The minimum recomendation is 1GB. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Damian Rivas Sent: 19 October 2007 17:22 To: mailscanner@lists.mailscanner.info Subject: Weird Problem with MailScanner Hi there, I'm having a really weird problem and as I am a n00b it gets a bit more difficult to find a solution. I'll explain the details first: Since 6 months ago, I am the System Administrator of a Tourism Agency. We use an E-mail Scanner in a server with the following characteristics: Processor: Pentium II 233 Mhz. RAM: 128 MB OS: Linux Slackware 9 MailScanner version: 4.55.10 This E-mail Scanner use the MailScanner with Sophos Antivirus and Spam Assasin to filter spam and scan incoming and outcoming mails for viruses which are then redirected to an internal MS Exchange Server or to the Internet, respectively by sendmail. One month ago, the server started behaving erratically. Instead of checking and sending mails as it normally did, it started queueing mails massively and therefore accumulating great quantities of them, it got up to 10000 mails queued up in a single day, therefore, no one recieved a single mail. After many pointless attempts to repair this problem and seeing that the Travel Agents were getting a bit mad, I decided to redirect the MX server of our domains in the DNS to the firewall, so that our E-Mail Scanner server didn't recieve more mail, which was only going to contribute to making the problem worse, more incoming mails, more queued mails. With this, the server started sending the queued mails and mail traffic was restored with the difference that mails weren't scanned at all(they were no longer passing through the MailScanner Server). When the mail queues were empty again, I tried to reestablish the scanning service, but the problem appeared again. I don't have a clear idea of what can be causing this problem. The machine is pretty old, but the former administrator told me that it had never had problems. I think that perhaps we are being Spam Bombed and perhaps the System poor processing capabilities cannot resists the increasing traffic and therefore it gets stuck and keeps enqueueing mails. Please if anyone can guide me I'll appreciate it, Sorry if my English is a bit rusty, it is not my native language, therefore if you need me to be more clear or try to give more details of something, don't hesitate to ask so. Thanks in advance! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071019/947fe5d4/attachment.html From prandal at herefordshire.gov.uk Fri Oct 19 17:42:20 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Oct 19 17:42:35 2007 Subject: Weird Problem with MailScanner In-Reply-To: <484E9B509664CA499A78F777A2D59A30027630@server6.chtnet.com.ar> References: <484E9B509664CA499A78F777A2D59A30027630@server6.chtnet.com.ar> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA01E052BF@HC-MBX02.herefordshire.gov.uk> That would perhaps coincide with the demise of the completewhois rbl. If your version of spamassassin uses completewhois, try adding the following to spam.assassin.prefs.conf: score __RCVD_IN_WHOIS 0 score RCVD_IN_WHOIS_INVALID 0 score URIBL_COMPLETEWHOIS 0 Cheers. Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas Sent: 19 October 2007 17:22 To: mailscanner@lists.mailscanner.info Subject: Weird Problem with MailScanner Hi there, I'm having a really weird problem and as I am a n00b it gets a bit more difficult to find a solution. I'll explain the details first: Since 6 months ago, I am the System Administrator of a Tourism Agency. We use an E-mail Scanner in a server with the following characteristics: Processor: Pentium II 233 Mhz. RAM: 128 MB OS: Linux Slackware 9 MailScanner version: 4.55.10 This E-mail Scanner use the MailScanner with Sophos Antivirus and Spam Assasin to filter spam and scan incoming and outcoming mails for viruses which are then redirected to an internal MS Exchange Server or to the Internet, respectively by sendmail. One month ago, the server started behaving erratically. Instead of checking and sending mails as it normally did, it started queueing mails massively and therefore accumulating great quantities of them, it got up to 10000 mails queued up in a single day, therefore, no one recieved a single mail. After many pointless attempts to repair this problem and seeing that the Travel Agents were getting a bit mad, I decided to redirect the MX server of our domains in the DNS to the firewall, so that our E-Mail Scanner server didn't recieve more mail, which was only going to contribute to making the problem worse, more incoming mails, more queued mails. With this, the server started sending the queued mails and mail traffic was restored with the difference that mails weren't scanned at all(they were no longer passing through the MailScanner Server). When the mail queues were empty again, I tried to reestablish the scanning service, but the problem appeared again. I don't have a clear idea of what can be causing this problem. The machine is pretty old, but the former administrator told me that it had never had problems. I think that perhaps we are being Spam Bombed and perhaps the System poor processing capabilities cannot resists the increasing traffic and therefore it gets stuck and keeps enqueueing mails. Please if anyone can guide me I'll appreciate it, Sorry if my English is a bit rusty, it is not my native language, therefore if you need me to be more clear or try to give more details of something, don't hesitate to ask so. Thanks in advance! From housey at sme-ecom.co.uk Fri Oct 19 17:51:47 2007 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Fri Oct 19 17:51:52 2007 Subject: Weird Problem with MailScanner In-Reply-To: Message-ID: MensajeWere lots of the messages undeliverable messages? In which case it could be your domain was under a backscatter attack see - http://spamlinks.net/prevent-secure-backscatter.htm Ive had this happen to various customers where all of a sudden there incommg e-mail shoots up to ridiculous levels. The quickest form of defence would be to implement some sort of recipient verification - I use mimedefang to achieve this here (sendmail). Before sendmail accepts the e-mail it checks if the recipient is indeed a valid user on your exchange box. You need to be running at least Exchange 2003 and above and enable recipient filtering http://support.microsoft.com/kb/886208 If the messages were not lots of undeliverable messages and all to valid recipients I would agree with the other reply that your server sounds like it needs an upgrade to cope. Cheers Paul -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Gareth Sent: 19 October 2007 17:32 To: MailScanner discussion Subject: RE: Weird Problem with MailScanner {Scanned by Allteks Mailsafe} I would say it is seriously in need of a memory upgrade. The minimum recomendation is 1GB. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Damian Rivas Sent: 19 October 2007 17:22 To: mailscanner@lists.mailscanner.info Subject: Weird Problem with MailScanner Hi there, I'm having a really weird problem and as I am a n00b it gets a bit more difficult to find a solution. I'll explain the details first: Since 6 months ago, I am the System Administrator of a Tourism Agency. We use an E-mail Scanner in a server with the following characteristics: Processor: Pentium II 233 Mhz. RAM: 128 MB OS: Linux Slackware 9 MailScanner version: 4.55.10 This E-mail Scanner use the MailScanner with Sophos Antivirus and Spam Assasin to filter spam and scan incoming and outcoming mails for viruses which are then redirected to an internal MS Exchange Server or to the Internet, respectively by sendmail. One month ago, the server started behaving erratically. Instead of checking and sending mails as it normally did, it started queueing mails massively and therefore accumulating great quantities of them, it got up to 10000 mails queued up in a single day, therefore, no one recieved a single mail. After many pointless attempts to repair this problem and seeing that the Travel Agents were getting a bit mad, I decided to redirect the MX server of our domains in the DNS to the firewall, so that our E-Mail Scanner server didn't recieve more mail, which was only going to contribute to making the problem worse, more incoming mails, more queued mails. With this, the server started sending the queued mails and mail traffic was restored with the difference that mails weren't scanned at all(they were no longer passing through the MailScanner Server). When the mail queues were empty again, I tried to reestablish the scanning service, but the problem appeared again. I don't have a clear idea of what can be causing this problem. The machine is pretty old, but the former administrator told me that it had never had problems. I think that perhaps we are being Spam Bombed and perhaps the System poor processing capabilities cannot resists the increasing traffic and therefore it gets stuck and keeps enqueueing mails. Please if anyone can guide me I'll appreciate it, Sorry if my English is a bit rusty, it is not my native language, therefore if you need me to be more clear or try to give more details of something, don't hesitate to ask so. Thanks in advance! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071019/e2a9b127/attachment.html From alex at nkpanama.com Fri Oct 19 18:01:17 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Oct 19 18:01:26 2007 Subject: Timo Jacobs is out of the office. In-Reply-To: References: Message-ID: <4718E2DD.8030306@nkpanama.com> Timo.Jacobs@partners.de wrote: > I will be out of the office starting 19.10.2007 and will not return until > 01.11.2007. > > I will respond to your message when I return. > In urgent cases please contact Mr. Timo A. Schmidt > (timo.schmidt@partners.de) > Let's forward this to the local burglars... :-) From uxbod at splatnix.net Fri Oct 19 18:12:58 2007 From: uxbod at splatnix.net (UxBoD) Date: Fri Oct 19 18:16:29 2007 Subject: Weird Problem with MailScanner In-Reply-To: <484E9B509664CA499A78F777A2D59A30027631@server6.chtnet.com.ar> Message-ID: <25189398.3541192813978300.JavaMail.root@office.splatnix.net> Was there anything in /var/log/messages that showed a problem ? How many MS child processes were set to run ? Even with very little memory it should at least process some emails. What RBLs were you checking against ? Quite are few are no longer running so if you are trying to query them you will get a very long wait and timeouts which maybe where the problem is. IMHO you could try removing the RBL list from your MailScanner.conf so at least virri scanning is still performed, and see if that makes a difference. We really need to see the following :- 1) Number of MS child processes set to spawn 2) MS run in debug mode 3) A lint of your SA configuration 4) ps ef | grep MailScanner when the problem is occuring Hope we can help you. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Damian Rivas" To: "MailScanner discussion" Sent: Friday, October 19, 2007 4:37:35 PM (GMT) Africa/Casablanca Subject: RE: Weird Problem with MailScanner Mensaje Yeah, I was thinking in upgrading the hardware, but for me that means: installing an entirely new server. But I wanted to know if it can be a software error to fix the problem at least temporarily to give me time to install the new and upgraded server. Thanks for the data on memory minimun recommendation Gareth. -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Gareth Enviado el: viernes, 19 de octubre de 2007 13:32 Para: MailScanner discussion Asunto: RE: Weird Problem with MailScanner I would say it is seriously in need of a memory upgrade. The minimum recomendation is 1GB. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas Sent: 19 October 2007 17:22 To: mailscanner@lists.mailscanner.info Subject: Weird Problem with MailScanner Hi there, I'm having a really weird problem and as I am a n00b it gets a bit more difficult to find a solution. I'll explain the details first: Since 6 months ago, I am the System Administrator of a Tourism Agency. We use an E-mail Scanner in a server with the following characteristics: Processor: Pentium II 233 Mhz. RAM: 128 MB OS: Linux Slackware 9 MailScanner version: 4.55.10 This E-mail Scanner use the MailScanner with Sophos Antivirus and Spam Assasin to filter spam and scan incoming and outcoming mails for viruses which are then redirected to an internal MS Exchange Server or to the Internet, respectively by sendmail. One month ago, the server started behaving erratically. Instead of checking and sending mails as it normally did, it started queueing mails massively and therefore accumulating great quantities of them, it got up to 10000 mails queued up in a single day, therefore, no one recieved a single mail. After many pointless attempts to repair this problem and seeing that the Travel Agents were getting a bit mad, I decided to redirect the MX server of our domains in the DNS to the firewall, so that our E-Mail Scanner server didn't recieve more mail, which was only going to contribute to making the problem worse, more incoming mails, more queued mails. With this, the server started sending the queued mails and mail traffic was restored with the difference that mails weren't scanned at all(they were no longer passing through the MailScanner Server). When the mail queues were empty again, I tried to reestablish the scanning service, but the problem appeared again. I don't have a clear idea of what can be causing this problem. The machine is pretty old, but the former administrator told me that it had never had problems. I think that perhaps we are being Spam Bombed and perhaps the System poor processing capabilities cannot resists the increasing traffic and therefore it gets stuck and keeps enqueueing mails. Please if anyone can guide me I'll appreciate it, Sorry if my English is a bit rusty, it is not my native language, therefore if you need me to be more clear or try to give more details of something, don't hesitate to ask so. Thanks in advance! -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Fri Oct 19 18:32:06 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Oct 19 18:32:08 2007 Subject: SpamHaus DROP list In-Reply-To: <47161FA5.4020907@nkpanama.com> References: <700133.10206.qm@web33309.mail.mud.yahoo.com> <47141779.3060907@nkpanama.com> <49288.70.80.222.193.1192500061.squirrel@courrier.cegep-ste-foy.qc.ca> <471443C3.9050900@nkpanama.com> <47161FA5.4020907@nkpanama.com> Message-ID: Alex Neuman van der Hans wrote on Wed, 17 Oct 2007 09:43:49 -0500: > That's what I tried to say with my last post. Oh, at least one person didn't get this :-) Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From damian at cht.com.ar Fri Oct 19 18:38:52 2007 From: damian at cht.com.ar (Damian Rivas) Date: Fri Oct 19 18:42:41 2007 Subject: Weird Problem with MailScanner Message-ID: <484E9B509664CA499A78F777A2D59A30027632@server6.chtnet.com.ar> 1) There are 3 MS childs running 2) How do I run MS on debug mode? Sorry for the ignorance, I'm newbie yet. 3) Attached. 4) 2413 pts/0 S+ 0:00 \_ grep MailScanner CPLUS_INCLUDE_PATH=/usr/lib/qt/include MANPATH=/usr/local/man:/usr/man:/usr/X11R6/man:/usr/lib/java/man:/usr/li b/qt/doc/man:/usr/share/texmf/man HOSTNAME=ns4.cht.com.ar TERM=xterm SSH_CLIENT=200.55.14.250 58852 22 WINDOW_MANAGER=metacity OLDPWD=/etc QTDIR=/usr/lib/qt SSH_TTY=/dev/pts/0 USER=root LS_COLORS=no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd =40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM =01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL =01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz= 01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2 =01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01; 31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01; 35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=0 1;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a =01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3 =01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.O GG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif =01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm =01;35:*.xpm=01;35: SUDO_USER=daniel GDK_USE_XFT=1 SUDO_UID=1000 KDEDIR=/opt/kde T1LIB_CONFIG=/usr/share/t1lib/t1lib.config MINICOM=-c on PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin LC_COLLATE=C PWD=/home/daniel INPUTRC=/etc/inputrc JAVA_HOME=/usr/lib/java LANG=en_US PS1=\u@\h:\w\$ PS2=> HOME=/root SUDO_COMMAND=/bin/su SHLVL=2 LS_OPTIONS= --color=auto -F -b -T 0 LOGNAME=root LESS=-M SSH_CONNECTION=200.55.14.250 58852 200.55.14.251 22 LESSOPEN=|lesspipe.sh %s SUDO_GID=100 _=/bin/grep -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de UxBoD Enviado el: viernes, 19 de octubre de 2007 14:13 Para: MailScanner discussion Asunto: Re: Weird Problem with MailScanner Was there anything in /var/log/messages that showed a problem ? How many MS child processes were set to run ? Even with very little memory it should at least process some emails. What RBLs were you checking against ? Quite are few are no longer running so if you are trying to query them you will get a very long wait and timeouts which maybe where the problem is. IMHO you could try removing the RBL list from your MailScanner.conf so at least virri scanning is still performed, and see if that makes a difference. We really need to see the following :- 1) Number of MS child processes set to spawn 2) MS run in debug mode 3) A lint of your SA configuration 4) ps ef | grep MailScanner when the problem is occuring Hope we can help you. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Damian Rivas" To: "MailScanner discussion" Sent: Friday, October 19, 2007 4:37:35 PM (GMT) Africa/Casablanca Subject: RE: Weird Problem with MailScanner Mensaje Yeah, I was thinking in upgrading the hardware, but for me that means: installing an entirely new server. But I wanted to know if it can be a software error to fix the problem at least temporarily to give me time to install the new and upgraded server. Thanks for the data on memory minimun recommendation Gareth. -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Gareth Enviado el: viernes, 19 de octubre de 2007 13:32 Para: MailScanner discussion Asunto: RE: Weird Problem with MailScanner I would say it is seriously in need of a memory upgrade. The minimum recomendation is 1GB. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas Sent: 19 October 2007 17:22 To: mailscanner@lists.mailscanner.info Subject: Weird Problem with MailScanner Hi there, I'm having a really weird problem and as I am a n00b it gets a bit more difficult to find a solution. I'll explain the details first: Since 6 months ago, I am the System Administrator of a Tourism Agency. We use an E-mail Scanner in a server with the following characteristics: Processor: Pentium II 233 Mhz. RAM: 128 MB OS: Linux Slackware 9 MailScanner version: 4.55.10 This E-mail Scanner use the MailScanner with Sophos Antivirus and Spam Assasin to filter spam and scan incoming and outcoming mails for viruses which are then redirected to an internal MS Exchange Server or to the Internet, respectively by sendmail. One month ago, the server started behaving erratically. Instead of checking and sending mails as it normally did, it started queueing mails massively and therefore accumulating great quantities of them, it got up to 10000 mails queued up in a single day, therefore, no one recieved a single mail. After many pointless attempts to repair this problem and seeing that the Travel Agents were getting a bit mad, I decided to redirect the MX server of our domains in the DNS to the firewall, so that our E-Mail Scanner server didn't recieve more mail, which was only going to contribute to making the problem worse, more incoming mails, more queued mails. With this, the server started sending the queued mails and mail traffic was restored with the difference that mails weren't scanned at all(they were no longer passing through the MailScanner Server). When the mail queues were empty again, I tried to reestablish the scanning service, but the problem appeared again. I don't have a clear idea of what can be causing this problem. The machine is pretty old, but the former administrator told me that it had never had problems. I think that perhaps we are being Spam Bombed and perhaps the System poor processing capabilities cannot resists the increasing traffic and therefore it gets stuck and keeps enqueueing mails. Please if anyone can guide me I'll appreciate it, Sorry if my English is a bit rusty, it is not my native language, therefore if you need me to be more clear or try to give more details of something, don't hesitate to ask so. Thanks in advance! -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: spam.assassin.prefs.conf Type: application/octet-stream Size: 11285 bytes Desc: spam.assassin.prefs.conf Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071019/79b6dc50/spam.assassin.prefs.obj From uxbod at splatnix.net Fri Oct 19 18:42:25 2007 From: uxbod at splatnix.net (UxBoD) Date: Fri Oct 19 18:46:20 2007 Subject: Weird Problem with MailScanner In-Reply-To: <484E9B509664CA499A78F777A2D59A30027632@server6.chtnet.com.ar> Message-ID: <25859462.3571192815745750.JavaMail.root@office.splatnix.net> Stop MS using the init.d script. Then run MailScanner --debug and see what it does Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Damian Rivas" To: "MailScanner discussion" Sent: Friday, October 19, 2007 5:38:52 PM (GMT) Africa/Casablanca Subject: RE: Weird Problem with MailScanner 1) There are 3 MS childs running 2) How do I run MS on debug mode? Sorry for the ignorance, I'm newbie yet. 3) Attached. 4) 2413 pts/0 S+ 0:00 \_ grep MailScanner CPLUS_INCLUDE_PATH=/usr/lib/qt/include MANPATH=/usr/local/man:/usr/man:/usr/X11R6/man:/usr/lib/java/man:/usr/li b/qt/doc/man:/usr/share/texmf/man HOSTNAME=ns4.cht.com.ar TERM=xterm SSH_CLIENT=200.55.14.250 58852 22 WINDOW_MANAGER=metacity OLDPWD=/etc QTDIR=/usr/lib/qt SSH_TTY=/dev/pts/0 USER=root LS_COLORS=no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd =40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM =01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL =01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz= 01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2 =01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01; 31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01; 35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=0 1;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a =01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3 =01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.O GG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif =01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm =01;35:*.xpm=01;35: SUDO_USER=daniel GDK_USE_XFT=1 SUDO_UID=1000 KDEDIR=/opt/kde T1LIB_CONFIG=/usr/share/t1lib/t1lib.config MINICOM=-c on PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin LC_COLLATE=C PWD=/home/daniel INPUTRC=/etc/inputrc JAVA_HOME=/usr/lib/java LANG=en_US PS1=\u@\h:\w\$ PS2=> HOME=/root SUDO_COMMAND=/bin/su SHLVL=2 LS_OPTIONS= --color=auto -F -b -T 0 LOGNAME=root LESS=-M SSH_CONNECTION=200.55.14.250 58852 200.55.14.251 22 LESSOPEN=|lesspipe.sh %s SUDO_GID=100 _=/bin/grep -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de UxBoD Enviado el: viernes, 19 de octubre de 2007 14:13 Para: MailScanner discussion Asunto: Re: Weird Problem with MailScanner Was there anything in /var/log/messages that showed a problem ? How many MS child processes were set to run ? Even with very little memory it should at least process some emails. What RBLs were you checking against ? Quite are few are no longer running so if you are trying to query them you will get a very long wait and timeouts which maybe where the problem is. IMHO you could try removing the RBL list from your MailScanner.conf so at least virri scanning is still performed, and see if that makes a difference. We really need to see the following :- 1) Number of MS child processes set to spawn 2) MS run in debug mode 3) A lint of your SA configuration 4) ps ef | grep MailScanner when the problem is occuring Hope we can help you. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Damian Rivas" To: "MailScanner discussion" Sent: Friday, October 19, 2007 4:37:35 PM (GMT) Africa/Casablanca Subject: RE: Weird Problem with MailScanner Mensaje Yeah, I was thinking in upgrading the hardware, but for me that means: installing an entirely new server. But I wanted to know if it can be a software error to fix the problem at least temporarily to give me time to install the new and upgraded server. Thanks for the data on memory minimun recommendation Gareth. -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Gareth Enviado el: viernes, 19 de octubre de 2007 13:32 Para: MailScanner discussion Asunto: RE: Weird Problem with MailScanner I would say it is seriously in need of a memory upgrade. The minimum recomendation is 1GB. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas Sent: 19 October 2007 17:22 To: mailscanner@lists.mailscanner.info Subject: Weird Problem with MailScanner Hi there, I'm having a really weird problem and as I am a n00b it gets a bit more difficult to find a solution. I'll explain the details first: Since 6 months ago, I am the System Administrator of a Tourism Agency. We use an E-mail Scanner in a server with the following characteristics: Processor: Pentium II 233 Mhz. RAM: 128 MB OS: Linux Slackware 9 MailScanner version: 4.55.10 This E-mail Scanner use the MailScanner with Sophos Antivirus and Spam Assasin to filter spam and scan incoming and outcoming mails for viruses which are then redirected to an internal MS Exchange Server or to the Internet, respectively by sendmail. One month ago, the server started behaving erratically. Instead of checking and sending mails as it normally did, it started queueing mails massively and therefore accumulating great quantities of them, it got up to 10000 mails queued up in a single day, therefore, no one recieved a single mail. After many pointless attempts to repair this problem and seeing that the Travel Agents were getting a bit mad, I decided to redirect the MX server of our domains in the DNS to the firewall, so that our E-Mail Scanner server didn't recieve more mail, which was only going to contribute to making the problem worse, more incoming mails, more queued mails. With this, the server started sending the queued mails and mail traffic was restored with the difference that mails weren't scanned at all(they were no longer passing through the MailScanner Server). When the mail queues were empty again, I tried to reestablish the scanning service, but the problem appeared again. I don't have a clear idea of what can be causing this problem. The machine is pretty old, but the former administrator told me that it had never had problems. I think that perhaps we are being Spam Bombed and perhaps the System poor processing capabilities cannot resists the increasing traffic and therefore it gets stuck and keeps enqueueing mails. Please if anyone can guide me I'll appreciate it, Sorry if my English is a bit rusty, it is not my native language, therefore if you need me to be more clear or try to give more details of something, don't hesitate to ask so. Thanks in advance! -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Fri Oct 19 18:46:13 2007 From: uxbod at splatnix.net (UxBoD) Date: Fri Oct 19 18:49:41 2007 Subject: Weird Problem with MailScanner In-Reply-To: <484E9B509664CA499A78F777A2D59A30027632@server6.chtnet.com.ar> Message-ID: <15054600.3601192815973522.JavaMail.root@office.splatnix.net> also check these out :- http://wiki.mailscanner.info/doku.php?id=documentation:tweaking:some_things_to_try_if_your_incoming_queue_is_running_slow http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:spamassassin:timeouts&s=debug http://www.cafepress.com/mailscanner.140046559 Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Damian Rivas" To: "MailScanner discussion" Sent: Friday, October 19, 2007 5:38:52 PM (GMT) Africa/Casablanca Subject: RE: Weird Problem with MailScanner 1) There are 3 MS childs running 2) How do I run MS on debug mode? Sorry for the ignorance, I'm newbie yet. 3) Attached. 4) 2413 pts/0 S+ 0:00 \_ grep MailScanner CPLUS_INCLUDE_PATH=/usr/lib/qt/include MANPATH=/usr/local/man:/usr/man:/usr/X11R6/man:/usr/lib/java/man:/usr/li b/qt/doc/man:/usr/share/texmf/man HOSTNAME=ns4.cht.com.ar TERM=xterm SSH_CLIENT=200.55.14.250 58852 22 WINDOW_MANAGER=metacity OLDPWD=/etc QTDIR=/usr/lib/qt SSH_TTY=/dev/pts/0 USER=root LS_COLORS=no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd =40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM =01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL =01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz= 01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2 =01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01; 31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01; 35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=0 1;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a =01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3 =01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.O GG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif =01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm =01;35:*.xpm=01;35: SUDO_USER=daniel GDK_USE_XFT=1 SUDO_UID=1000 KDEDIR=/opt/kde T1LIB_CONFIG=/usr/share/t1lib/t1lib.config MINICOM=-c on PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin LC_COLLATE=C PWD=/home/daniel INPUTRC=/etc/inputrc JAVA_HOME=/usr/lib/java LANG=en_US PS1=\u@\h:\w\$ PS2=> HOME=/root SUDO_COMMAND=/bin/su SHLVL=2 LS_OPTIONS= --color=auto -F -b -T 0 LOGNAME=root LESS=-M SSH_CONNECTION=200.55.14.250 58852 200.55.14.251 22 LESSOPEN=|lesspipe.sh %s SUDO_GID=100 _=/bin/grep -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de UxBoD Enviado el: viernes, 19 de octubre de 2007 14:13 Para: MailScanner discussion Asunto: Re: Weird Problem with MailScanner Was there anything in /var/log/messages that showed a problem ? How many MS child processes were set to run ? Even with very little memory it should at least process some emails. What RBLs were you checking against ? Quite are few are no longer running so if you are trying to query them you will get a very long wait and timeouts which maybe where the problem is. IMHO you could try removing the RBL list from your MailScanner.conf so at least virri scanning is still performed, and see if that makes a difference. We really need to see the following :- 1) Number of MS child processes set to spawn 2) MS run in debug mode 3) A lint of your SA configuration 4) ps ef | grep MailScanner when the problem is occuring Hope we can help you. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Damian Rivas" To: "MailScanner discussion" Sent: Friday, October 19, 2007 4:37:35 PM (GMT) Africa/Casablanca Subject: RE: Weird Problem with MailScanner Mensaje Yeah, I was thinking in upgrading the hardware, but for me that means: installing an entirely new server. But I wanted to know if it can be a software error to fix the problem at least temporarily to give me time to install the new and upgraded server. Thanks for the data on memory minimun recommendation Gareth. -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Gareth Enviado el: viernes, 19 de octubre de 2007 13:32 Para: MailScanner discussion Asunto: RE: Weird Problem with MailScanner I would say it is seriously in need of a memory upgrade. The minimum recomendation is 1GB. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas Sent: 19 October 2007 17:22 To: mailscanner@lists.mailscanner.info Subject: Weird Problem with MailScanner Hi there, I'm having a really weird problem and as I am a n00b it gets a bit more difficult to find a solution. I'll explain the details first: Since 6 months ago, I am the System Administrator of a Tourism Agency. We use an E-mail Scanner in a server with the following characteristics: Processor: Pentium II 233 Mhz. RAM: 128 MB OS: Linux Slackware 9 MailScanner version: 4.55.10 This E-mail Scanner use the MailScanner with Sophos Antivirus and Spam Assasin to filter spam and scan incoming and outcoming mails for viruses which are then redirected to an internal MS Exchange Server or to the Internet, respectively by sendmail. One month ago, the server started behaving erratically. Instead of checking and sending mails as it normally did, it started queueing mails massively and therefore accumulating great quantities of them, it got up to 10000 mails queued up in a single day, therefore, no one recieved a single mail. After many pointless attempts to repair this problem and seeing that the Travel Agents were getting a bit mad, I decided to redirect the MX server of our domains in the DNS to the firewall, so that our E-Mail Scanner server didn't recieve more mail, which was only going to contribute to making the problem worse, more incoming mails, more queued mails. With this, the server started sending the queued mails and mail traffic was restored with the difference that mails weren't scanned at all(they were no longer passing through the MailScanner Server). When the mail queues were empty again, I tried to reestablish the scanning service, but the problem appeared again. I don't have a clear idea of what can be causing this problem. The machine is pretty old, but the former administrator told me that it had never had problems. I think that perhaps we are being Spam Bombed and perhaps the System poor processing capabilities cannot resists the increasing traffic and therefore it gets stuck and keeps enqueueing mails. Please if anyone can guide me I'll appreciate it, Sorry if my English is a bit rusty, it is not my native language, therefore if you need me to be more clear or try to give more details of something, don't hesitate to ask so. Thanks in advance! -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Fri Oct 19 18:47:31 2007 From: uxbod at splatnix.net (UxBoD) Date: Fri Oct 19 18:51:01 2007 Subject: Bad Link Message-ID: <22710388.3631192816051529.JavaMail.root@office.splatnix.net> Jules, The link to your book on the documentation page comes back with :- CafePress.com Product Not Found Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From damian at cht.com.ar Fri Oct 19 19:30:09 2007 From: damian at cht.com.ar (Damian Rivas) Date: Fri Oct 19 19:33:58 2007 Subject: Weird Problem with MailScanner Message-ID: <484E9B509664CA499A78F777A2D59A30027634@server6.chtnet.com.ar> Ok guys, I'm going home soon, so I'll check this up on Monday, thanks for your quick answers and help. On Monday we will continue with this. -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de UxBoD Enviado el: viernes, 19 de octubre de 2007 14:46 Para: MailScanner discussion Asunto: Re: Weird Problem with MailScanner also check these out :- http://wiki.mailscanner.info/doku.php?id=documentation:tweaking:some_thi ngs_to_try_if_your_incoming_queue_is_running_slow http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot :spamassassin:timeouts&s=debug http://www.cafepress.com/mailscanner.140046559 Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Damian Rivas" To: "MailScanner discussion" Sent: Friday, October 19, 2007 5:38:52 PM (GMT) Africa/Casablanca Subject: RE: Weird Problem with MailScanner 1) There are 3 MS childs running 2) How do I run MS on debug mode? Sorry for the ignorance, I'm newbie yet. 3) Attached. 4) 2413 pts/0 S+ 0:00 \_ grep MailScanner CPLUS_INCLUDE_PATH=/usr/lib/qt/include MANPATH=/usr/local/man:/usr/man:/usr/X11R6/man:/usr/lib/java/man:/usr/li b/qt/doc/man:/usr/share/texmf/man HOSTNAME=ns4.cht.com.ar TERM=xterm SSH_CLIENT=200.55.14.250 58852 22 WINDOW_MANAGER=metacity OLDPWD=/etc QTDIR=/usr/lib/qt SSH_TTY=/dev/pts/0 USER=root LS_COLORS=no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd =40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM =01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL =01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz= 01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2 =01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01; 31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01; 35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=0 1;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a =01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3 =01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.O GG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif =01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm =01;35:*.xpm=01;35: SUDO_USER=daniel GDK_USE_XFT=1 SUDO_UID=1000 KDEDIR=/opt/kde T1LIB_CONFIG=/usr/share/t1lib/t1lib.config MINICOM=-c on PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin LC_COLLATE=C PWD=/home/daniel INPUTRC=/etc/inputrc JAVA_HOME=/usr/lib/java LANG=en_US PS1=\u@\h:\w\$ PS2=> HOME=/root SUDO_COMMAND=/bin/su SHLVL=2 LS_OPTIONS= --color=auto -F -b -T 0 LOGNAME=root LESS=-M SSH_CONNECTION=200.55.14.250 58852 200.55.14.251 22 LESSOPEN=|lesspipe.sh %s SUDO_GID=100 _=/bin/grep -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de UxBoD Enviado el: viernes, 19 de octubre de 2007 14:13 Para: MailScanner discussion Asunto: Re: Weird Problem with MailScanner Was there anything in /var/log/messages that showed a problem ? How many MS child processes were set to run ? Even with very little memory it should at least process some emails. What RBLs were you checking against ? Quite are few are no longer running so if you are trying to query them you will get a very long wait and timeouts which maybe where the problem is. IMHO you could try removing the RBL list from your MailScanner.conf so at least virri scanning is still performed, and see if that makes a difference. We really need to see the following :- 1) Number of MS child processes set to spawn 2) MS run in debug mode 3) A lint of your SA configuration 4) ps ef | grep MailScanner when the problem is occuring Hope we can help you. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Damian Rivas" To: "MailScanner discussion" Sent: Friday, October 19, 2007 4:37:35 PM (GMT) Africa/Casablanca Subject: RE: Weird Problem with MailScanner Mensaje Yeah, I was thinking in upgrading the hardware, but for me that means: installing an entirely new server. But I wanted to know if it can be a software error to fix the problem at least temporarily to give me time to install the new and upgraded server. Thanks for the data on memory minimun recommendation Gareth. -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Gareth Enviado el: viernes, 19 de octubre de 2007 13:32 Para: MailScanner discussion Asunto: RE: Weird Problem with MailScanner I would say it is seriously in need of a memory upgrade. The minimum recomendation is 1GB. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas Sent: 19 October 2007 17:22 To: mailscanner@lists.mailscanner.info Subject: Weird Problem with MailScanner Hi there, I'm having a really weird problem and as I am a n00b it gets a bit more difficult to find a solution. I'll explain the details first: Since 6 months ago, I am the System Administrator of a Tourism Agency. We use an E-mail Scanner in a server with the following characteristics: Processor: Pentium II 233 Mhz. RAM: 128 MB OS: Linux Slackware 9 MailScanner version: 4.55.10 This E-mail Scanner use the MailScanner with Sophos Antivirus and Spam Assasin to filter spam and scan incoming and outcoming mails for viruses which are then redirected to an internal MS Exchange Server or to the Internet, respectively by sendmail. One month ago, the server started behaving erratically. Instead of checking and sending mails as it normally did, it started queueing mails massively and therefore accumulating great quantities of them, it got up to 10000 mails queued up in a single day, therefore, no one recieved a single mail. After many pointless attempts to repair this problem and seeing that the Travel Agents were getting a bit mad, I decided to redirect the MX server of our domains in the DNS to the firewall, so that our E-Mail Scanner server didn't recieve more mail, which was only going to contribute to making the problem worse, more incoming mails, more queued mails. With this, the server started sending the queued mails and mail traffic was restored with the difference that mails weren't scanned at all(they were no longer passing through the MailScanner Server). When the mail queues were empty again, I tried to reestablish the scanning service, but the problem appeared again. I don't have a clear idea of what can be causing this problem. The machine is pretty old, but the former administrator told me that it had never had problems. I think that perhaps we are being Spam Bombed and perhaps the System poor processing capabilities cannot resists the increasing traffic and therefore it gets stuck and keeps enqueueing mails. Please if anyone can guide me I'll appreciate it, Sorry if my English is a bit rusty, it is not my native language, therefore if you need me to be more clear or try to give more details of something, don't hesitate to ask so. Thanks in advance! -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Oct 19 23:15:04 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Oct 19 23:15:21 2007 Subject: building on Red Hat EL v 5 In-Reply-To: References: <1192487411.8445.16.camel@lin-workstation.azapple.com> <1192632861.32761.4.camel@lin-workstation.azapple.com> <471641C0.5050200@ecs.soton.ac.uk> Message-ID: <47192C68.1000400@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kai Schaetzl wrote: > Julian Field wrote on Wed, 17 Oct 2007 18:09:20 +0100: > >> But they are needed on things other than RHEL5. What's the best >> way of detecting RHEL5 and all its clones? > > I don't know, best way is probably to check for the perl modules > directly. That's what I do. For each Perl module RPM I check for the version of the Perl module, not the version of any RPM that happened to contain it. That's what the "CheckModuleVersion" program does in the distributions. > SA does that and then presents a list of required and optional > modules. I think this is a good way. Agreed. > I think these modules are also not needed on 4 and clones and on > other more modern systems they aren't necessary as well. Maybe I > got Craig's posting wrong. I thought you had added this to the > dependencies of the mailscanner.rpm, if you just added this to > install.sh (mime-base-64 has been on it for a long time already) > this is a different matter. I think it's preferrable to have > install.sh not force the install if it's already installed, but I > can understand that you put it in there as you try to provide a > complete package. I do force some of them, agreed. > Nevertheless, is there any chance to just get the mailscanner.rpm > for a download? This would also save bandwidth on both sides. How many ISP's (most of my useres) can't afford the bandwidth to download a few megs of a package? You only need to do it at the very most once every few months. Most people waste more than that in a day's random web surfing. Adding more options to the list of downloads encourages new users to download the wrong one. Most people don't know if they want the full package or just the single RPM, so I would much rather keep things simpler for the masses. The enlightened among you can pull out the 1 file you want pretty easily. And what when the requirements change? They have done so in the past, and then you will need other files from the distribution as well. I want to keep it as simple as possible. Installing MailScanner is already quite hard enough! If you have suggestions for how I could make it simpler for the masses, please tell me. I'm hoping that someone will start working with Dag soon to get MailScanner into his archive in a form where one yum command will install/upgrade MailScanner and all its requirements at one go. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHGSxlEfZZRxQVtlQRAt48AKCU99kpqQDpVdiBGjdY2JI7JpskwwCg5yah qsRflDo1li8ZpCFik7khqSQ= =5BDV -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From craigwhite at azapple.com Sat Oct 20 02:48:55 2007 From: craigwhite at azapple.com (Craig White) Date: Sat Oct 20 02:49:21 2007 Subject: ****Re: building on Red Hat EL v 5 In-Reply-To: <47192C68.1000400@ecs.soton.ac.uk> References: <1192487411.8445.16.camel@lin-workstation.azapple.com> <1192632861.32761.4.camel@lin-workstation.azapple.com> <471641C0.5050200@ecs.soton.ac.uk> <47192C68.1000400@ecs.soton.ac.uk> Message-ID: <1192844935.27714.12.camel@lin-workstation.azapple.com> On Fri, 2007-10-19 at 23:15 +0100, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Kai Schaetzl wrote: > > Julian Field wrote on Wed, 17 Oct 2007 18:09:20 +0100: > > > >> But they are needed on things other than RHEL5. What's the best > >> way of detecting RHEL5 and all its clones? > > > > I don't know, best way is probably to check for the perl modules > > directly. > That's what I do. For each Perl module RPM I check for the version of > the Perl module, not the version of any RPM that happened to contain > it. That's what the "CheckModuleVersion" program does in the > distributions. ---- For what it's worth... *** package perl-MIME-Base64 Fedora 7 # rpm -ql mod_perl|grep Base64 /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/APR/Base64.pm /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/APR/Base64 /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/APR/Base64/Base64.so /usr/share/doc/mod_perl-2.0.3/docs/api/APR/Base64.pod /usr/share/man/man3/APR::Base64.3pm.gz I believe that this conflicts with perl-MIME-Base64 but I don't use Fedora for servers. RHEL v5 (virtually identical) # rpm -q mod_perl mod_perl-2.0.2-6.3.el5 # rpm -ql mod_perl|grep Base64 /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/APR/Base64.pm /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/APR/Base64 /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/APR/Base64/Base64.so /usr/share/doc/mod_perl-2.0.2/docs/api/APR/Base64.pod /usr/share/man/man3/APR::Base64.3pm.gz *** package perl-Test-Simple Fedora 7 (no conflicts) # rpm -q perl perl-5.8.8-23.fc7 # rpm -ql perl|grep Simple /usr/lib/perl5/5.8.8/Filter/Simple.pm /usr/share/man/man3/Filter::Simple.3pm.gz RHEL v5 # rpm -q perl perl-5.8.8-10 # rpm -ql perl|grep Simple /usr/lib/perl5/5.8.8/Filter/Simple.pm /usr/lib/perl5/5.8.8/Test/Simple.pm /usr/share/man/man3/Filter::Simple.3pm.gz /usr/share/man/man3/Test::Simple.3pm.gz This should make the problem with the collisions on RHELv5 a bit more obvious as to why it's not being detected ---- > > SA does that and then presents a list of required and optional > > modules. I think this is a good way. > Agreed. > > I think these modules are also not needed on 4 and clones and on > > other more modern systems they aren't necessary as well. Maybe I > > got Craig's posting wrong. I thought you had added this to the > > dependencies of the mailscanner.rpm, if you just added this to > > install.sh (mime-base-64 has been on it for a long time already) > > this is a different matter. I think it's preferrable to have > > install.sh not force the install if it's already installed, but I > > can understand that you put it in there as you try to provide a > > complete package. > I do force some of them, agreed. > > Nevertheless, is there any chance to just get the mailscanner.rpm > > for a download? This would also save bandwidth on both sides. > How many ISP's (most of my useres) can't afford the bandwidth to > download a few megs of a package? You only need to do it at the very > most once every few months. Most people waste more than that in a > day's random web surfing. ---- It's easy enough to just build the mailscanner.src.rpm after original install and I don't mind downloading the whole enchilada. ---- > Adding more options to the list of downloads encourages new users to > download the wrong one. Most people don't know if they want the full > package or just the single RPM, so I would much rather keep things > simpler for the masses. The enlightened among you can pull out the 1 > file you want pretty easily. And what when the requirements change? > They have done so in the past, and then you will need other files from > the distribution as well. > > I want to keep it as simple as possible. Installing MailScanner is > already quite hard enough! If you have suggestions for how I could > make it simpler for the masses, please tell me. I'm hoping that > someone will start working with Dag soon to get MailScanner into his > archive in a form where one yum command will install/upgrade > MailScanner and all its requirements at one go. ---- Not a job for me...I'm lucky to get srpms to build at all. ;-) Craig From beatinger at edenhosting.net Sat Oct 20 15:50:47 2007 From: beatinger at edenhosting.net (Bjorgen T. Eatinger) Date: Sat Oct 20 15:51:58 2007 Subject: MailScanner Digest, Vol 22, Issue 36 In-Reply-To: <200710201100.l9KB0CVW029208@safir.blacknight.ie> References: <200710201100.l9KB0CVW029208@safir.blacknight.ie> Message-ID: <1B74CA8F7AB18445B7355100411C4E192F36325979@edenusa.ehads.edenhosting.net> This mailing list is almost completely worthless, since it repeats everything over and over and over. Can you PLEASE upgrade to better list software? Bjorgen -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of mailscanner-request@lists.mailscanner.info Sent: Saturday, October 20, 2007 4:00 AM To: mailscanner@lists.mailscanner.info Subject: MailScanner Digest, Vol 22, Issue 36 Send MailScanner mailing list submissions to mailscanner@lists.mailscanner.info To subscribe or unsubscribe via the World Wide Web, visit http://lists.mailscanner.info/mailman/listinfo/mailscanner or, via email, send a message with subject or body 'help' to mailscanner-request@lists.mailscanner.info You can reach the person managing the list at mailscanner-owner@lists.mailscanner.info When replying, please edit your Subject line so it is more specific than "Re: Contents of MailScanner digest..." Today's Topics: 1. Re: SpamHaus DROP list (Kai Schaetzl) 2. RE: Weird Problem with MailScanner (Damian Rivas) 3. Re: Weird Problem with MailScanner (UxBoD) 4. Re: Weird Problem with MailScanner (UxBoD) 5. Bad Link (UxBoD) 6. RE: Weird Problem with MailScanner (Damian Rivas) 7. Re: building on Red Hat EL v 5 (Julian Field) 8. Re: ****Re: building on Red Hat EL v 5 (Craig White) ---------------------------------------------------------------------- Message: 1 Date: Fri, 19 Oct 2007 19:32:06 +0200 From: Kai Schaetzl Subject: Re: SpamHaus DROP list To: mailscanner@lists.mailscanner.info Message-ID: Content-Type: text/plain; charset=iso-8859-1 Alex Neuman van der Hans wrote on Wed, 17 Oct 2007 09:43:49 -0500: > That's what I tried to say with my last post. Oh, at least one person didn't get this :-) Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ------------------------------ Message: 2 Date: Fri, 19 Oct 2007 14:38:52 -0300 From: "Damian Rivas" Subject: RE: Weird Problem with MailScanner To: "MailScanner discussion" Message-ID: <484E9B509664CA499A78F777A2D59A30027632@server6.chtnet.com.ar> Content-Type: text/plain; charset="us-ascii" 1) There are 3 MS childs running 2) How do I run MS on debug mode? Sorry for the ignorance, I'm newbie yet. 3) Attached. 4) 2413 pts/0 S+ 0:00 \_ grep MailScanner CPLUS_INCLUDE_PATH=/usr/lib/qt/include MANPATH=/usr/local/man:/usr/man:/usr/X11R6/man:/usr/lib/java/man:/usr/li b/qt/doc/man:/usr/share/texmf/man HOSTNAME=ns4.cht.com.ar TERM=xterm SSH_CLIENT=200.55.14.250 58852 22 WINDOW_MANAGER=metacity OLDPWD=/etc QTDIR=/usr/lib/qt SSH_TTY=/dev/pts/0 USER=root LS_COLORS=no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd =40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM =01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL =01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz= 01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2 =01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01; 31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01; 35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=0 1;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a =01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3 =01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.O GG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif =01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm =01;35:*.xpm=01;35: SUDO_USER=daniel GDK_USE_XFT=1 SUDO_UID=1000 KDEDIR=/opt/kde T1LIB_CONFIG=/usr/share/t1lib/t1lib.config MINICOM=-c on PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin LC_COLLATE=C PWD=/home/daniel INPUTRC=/etc/inputrc JAVA_HOME=/usr/lib/java LANG=en_US PS1=\u@\h:\w\$ PS2=> HOME=/root SUDO_COMMAND=/bin/su SHLVL=2 LS_OPTIONS= --color=auto -F -b -T 0 LOGNAME=root LESS=-M SSH_CONNECTION=200.55.14.250 58852 200.55.14.251 22 LESSOPEN=|lesspipe.sh %s SUDO_GID=100 _=/bin/grep -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de UxBoD Enviado el: viernes, 19 de octubre de 2007 14:13 Para: MailScanner discussion Asunto: Re: Weird Problem with MailScanner Was there anything in /var/log/messages that showed a problem ? How many MS child processes were set to run ? Even with very little memory it should at least process some emails. What RBLs were you checking against ? Quite are few are no longer running so if you are trying to query them you will get a very long wait and timeouts which maybe where the problem is. IMHO you could try removing the RBL list from your MailScanner.conf so at least virri scanning is still performed, and see if that makes a difference. We really need to see the following :- 1) Number of MS child processes set to spawn 2) MS run in debug mode 3) A lint of your SA configuration 4) ps ef | grep MailScanner when the problem is occuring Hope we can help you. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Damian Rivas" To: "MailScanner discussion" Sent: Friday, October 19, 2007 4:37:35 PM (GMT) Africa/Casablanca Subject: RE: Weird Problem with MailScanner Mensaje Yeah, I was thinking in upgrading the hardware, but for me that means: installing an entirely new server. But I wanted to know if it can be a software error to fix the problem at least temporarily to give me time to install the new and upgraded server. Thanks for the data on memory minimun recommendation Gareth. -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Gareth Enviado el: viernes, 19 de octubre de 2007 13:32 Para: MailScanner discussion Asunto: RE: Weird Problem with MailScanner I would say it is seriously in need of a memory upgrade. The minimum recomendation is 1GB. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas Sent: 19 October 2007 17:22 To: mailscanner@lists.mailscanner.info Subject: Weird Problem with MailScanner Hi there, I'm having a really weird problem and as I am a n00b it gets a bit more difficult to find a solution. I'll explain the details first: Since 6 months ago, I am the System Administrator of a Tourism Agency. We use an E-mail Scanner in a server with the following characteristics: Processor: Pentium II 233 Mhz. RAM: 128 MB OS: Linux Slackware 9 MailScanner version: 4.55.10 This E-mail Scanner use the MailScanner with Sophos Antivirus and Spam Assasin to filter spam and scan incoming and outcoming mails for viruses which are then redirected to an internal MS Exchange Server or to the Internet, respectively by sendmail. One month ago, the server started behaving erratically. Instead of checking and sending mails as it normally did, it started queueing mails massively and therefore accumulating great quantities of them, it got up to 10000 mails queued up in a single day, therefore, no one recieved a single mail. After many pointless attempts to repair this problem and seeing that the Travel Agents were getting a bit mad, I decided to redirect the MX server of our domains in the DNS to the firewall, so that our E-Mail Scanner server didn't recieve more mail, which was only going to contribute to making the problem worse, more incoming mails, more queued mails. With this, the server started sending the queued mails and mail traffic was restored with the difference that mails weren't scanned at all(they were no longer passing through the MailScanner Server). When the mail queues were empty again, I tried to reestablish the scanning service, but the problem appeared again. I don't have a clear idea of what can be causing this problem. The machine is pretty old, but the former administrator told me that it had never had problems. I think that perhaps we are being Spam Bombed and perhaps the System poor processing capabilities cannot resists the increasing traffic and therefore it gets stuck and keeps enqueueing mails. Please if anyone can guide me I'll appreciate it, Sorry if my English is a bit rusty, it is not my native language, therefore if you need me to be more clear or try to give more details of something, don't hesitate to ask so. Thanks in advance! -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: spam.assassin.prefs.conf Type: application/octet-stream Size: 11285 bytes Desc: spam.assassin.prefs.conf Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071019/79b6dc50/spam.assassin.prefs-0001.obj ------------------------------ Message: 3 Date: Fri, 19 Oct 2007 18:42:25 +0100 (BST) From: UxBoD Subject: Re: Weird Problem with MailScanner To: MailScanner discussion Message-ID: <25859462.3571192815745750.JavaMail.root@office.splatnix.net> Content-Type: text/plain; charset=utf-8 Stop MS using the init.d script. Then run MailScanner --debug and see what it does Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Damian Rivas" To: "MailScanner discussion" Sent: Friday, October 19, 2007 5:38:52 PM (GMT) Africa/Casablanca Subject: RE: Weird Problem with MailScanner 1) There are 3 MS childs running 2) How do I run MS on debug mode? Sorry for the ignorance, I'm newbie yet. 3) Attached. 4) 2413 pts/0 S+ 0:00 \_ grep MailScanner CPLUS_INCLUDE_PATH=/usr/lib/qt/include MANPATH=/usr/local/man:/usr/man:/usr/X11R6/man:/usr/lib/java/man:/usr/li b/qt/doc/man:/usr/share/texmf/man HOSTNAME=ns4.cht.com.ar TERM=xterm SSH_CLIENT=200.55.14.250 58852 22 WINDOW_MANAGER=metacity OLDPWD=/etc QTDIR=/usr/lib/qt SSH_TTY=/dev/pts/0 USER=root LS_COLORS=no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd =40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM =01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL =01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz= 01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2 =01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01; 31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01; 35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=0 1;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a =01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3 =01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.O GG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif =01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm =01;35:*.xpm=01;35: SUDO_USER=daniel GDK_USE_XFT=1 SUDO_UID=1000 KDEDIR=/opt/kde T1LIB_CONFIG=/usr/share/t1lib/t1lib.config MINICOM=-c on PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin LC_COLLATE=C PWD=/home/daniel INPUTRC=/etc/inputrc JAVA_HOME=/usr/lib/java LANG=en_US PS1=\u@\h:\w\$ PS2=> HOME=/root SUDO_COMMAND=/bin/su SHLVL=2 LS_OPTIONS= --color=auto -F -b -T 0 LOGNAME=root LESS=-M SSH_CONNECTION=200.55.14.250 58852 200.55.14.251 22 LESSOPEN=|lesspipe.sh %s SUDO_GID=100 _=/bin/grep -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de UxBoD Enviado el: viernes, 19 de octubre de 2007 14:13 Para: MailScanner discussion Asunto: Re: Weird Problem with MailScanner Was there anything in /var/log/messages that showed a problem ? How many MS child processes were set to run ? Even with very little memory it should at least process some emails. What RBLs were you checking against ? Quite are few are no longer running so if you are trying to query them you will get a very long wait and timeouts which maybe where the problem is. IMHO you could try removing the RBL list from your MailScanner.conf so at least virri scanning is still performed, and see if that makes a difference. We really need to see the following :- 1) Number of MS child processes set to spawn 2) MS run in debug mode 3) A lint of your SA configuration 4) ps ef | grep MailScanner when the problem is occuring Hope we can help you. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Damian Rivas" To: "MailScanner discussion" Sent: Friday, October 19, 2007 4:37:35 PM (GMT) Africa/Casablanca Subject: RE: Weird Problem with MailScanner Mensaje Yeah, I was thinking in upgrading the hardware, but for me that means: installing an entirely new server. But I wanted to know if it can be a software error to fix the problem at least temporarily to give me time to install the new and upgraded server. Thanks for the data on memory minimun recommendation Gareth. -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Gareth Enviado el: viernes, 19 de octubre de 2007 13:32 Para: MailScanner discussion Asunto: RE: Weird Problem with MailScanner I would say it is seriously in need of a memory upgrade. The minimum recomendation is 1GB. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas Sent: 19 October 2007 17:22 To: mailscanner@lists.mailscanner.info Subject: Weird Problem with MailScanner Hi there, I'm having a really weird problem and as I am a n00b it gets a bit more difficult to find a solution. I'll explain the details first: Since 6 months ago, I am the System Administrator of a Tourism Agency. We use an E-mail Scanner in a server with the following characteristics: Processor: Pentium II 233 Mhz. RAM: 128 MB OS: Linux Slackware 9 MailScanner version: 4.55.10 This E-mail Scanner use the MailScanner with Sophos Antivirus and Spam Assasin to filter spam and scan incoming and outcoming mails for viruses which are then redirected to an internal MS Exchange Server or to the Internet, respectively by sendmail. One month ago, the server started behaving erratically. Instead of checking and sending mails as it normally did, it started queueing mails massively and therefore accumulating great quantities of them, it got up to 10000 mails queued up in a single day, therefore, no one recieved a single mail. After many pointless attempts to repair this problem and seeing that the Travel Agents were getting a bit mad, I decided to redirect the MX server of our domains in the DNS to the firewall, so that our E-Mail Scanner server didn't recieve more mail, which was only going to contribute to making the problem worse, more incoming mails, more queued mails. With this, the server started sending the queued mails and mail traffic was restored with the difference that mails weren't scanned at all(they were no longer passing through the MailScanner Server). When the mail queues were empty again, I tried to reestablish the scanning service, but the problem appeared again. I don't have a clear idea of what can be causing this problem. The machine is pretty old, but the former administrator told me that it had never had problems. I think that perhaps we are being Spam Bombed and perhaps the System poor processing capabilities cannot resists the increasing traffic and therefore it gets stuck and keeps enqueueing mails. Please if anyone can guide me I'll appreciate it, Sorry if my English is a bit rusty, it is not my native language, therefore if you need me to be more clear or try to give more details of something, don't hesitate to ask so. Thanks in advance! -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------ Message: 4 Date: Fri, 19 Oct 2007 18:46:13 +0100 (BST) From: UxBoD Subject: Re: Weird Problem with MailScanner To: MailScanner discussion Message-ID: <15054600.3601192815973522.JavaMail.root@office.splatnix.net> Content-Type: text/plain; charset=utf-8 also check these out :- http://wiki.mailscanner.info/doku.php?id=documentation:tweaking:some_things_to_try_if_your_incoming_queue_is_running_slow http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:spamassassin:timeouts&s=debug http://www.cafepress.com/mailscanner.140046559 Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Damian Rivas" To: "MailScanner discussion" Sent: Friday, October 19, 2007 5:38:52 PM (GMT) Africa/Casablanca Subject: RE: Weird Problem with MailScanner 1) There are 3 MS childs running 2) How do I run MS on debug mode? Sorry for the ignorance, I'm newbie yet. 3) Attached. 4) 2413 pts/0 S+ 0:00 \_ grep MailScanner CPLUS_INCLUDE_PATH=/usr/lib/qt/include MANPATH=/usr/local/man:/usr/man:/usr/X11R6/man:/usr/lib/java/man:/usr/li b/qt/doc/man:/usr/share/texmf/man HOSTNAME=ns4.cht.com.ar TERM=xterm SSH_CLIENT=200.55.14.250 58852 22 WINDOW_MANAGER=metacity OLDPWD=/etc QTDIR=/usr/lib/qt SSH_TTY=/dev/pts/0 USER=root LS_COLORS=no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd =40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM =01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL =01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz= 01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2 =01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01; 31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01; 35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=0 1;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a =01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3 =01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.O GG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif =01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm =01;35:*.xpm=01;35: SUDO_USER=daniel GDK_USE_XFT=1 SUDO_UID=1000 KDEDIR=/opt/kde T1LIB_CONFIG=/usr/share/t1lib/t1lib.config MINICOM=-c on PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin LC_COLLATE=C PWD=/home/daniel INPUTRC=/etc/inputrc JAVA_HOME=/usr/lib/java LANG=en_US PS1=\u@\h:\w\$ PS2=> HOME=/root SUDO_COMMAND=/bin/su SHLVL=2 LS_OPTIONS= --color=auto -F -b -T 0 LOGNAME=root LESS=-M SSH_CONNECTION=200.55.14.250 58852 200.55.14.251 22 LESSOPEN=|lesspipe.sh %s SUDO_GID=100 _=/bin/grep -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de UxBoD Enviado el: viernes, 19 de octubre de 2007 14:13 Para: MailScanner discussion Asunto: Re: Weird Problem with MailScanner Was there anything in /var/log/messages that showed a problem ? How many MS child processes were set to run ? Even with very little memory it should at least process some emails. What RBLs were you checking against ? Quite are few are no longer running so if you are trying to query them you will get a very long wait and timeouts which maybe where the problem is. IMHO you could try removing the RBL list from your MailScanner.conf so at least virri scanning is still performed, and see if that makes a difference. We really need to see the following :- 1) Number of MS child processes set to spawn 2) MS run in debug mode 3) A lint of your SA configuration 4) ps ef | grep MailScanner when the problem is occuring Hope we can help you. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Damian Rivas" To: "MailScanner discussion" Sent: Friday, October 19, 2007 4:37:35 PM (GMT) Africa/Casablanca Subject: RE: Weird Problem with MailScanner Mensaje Yeah, I was thinking in upgrading the hardware, but for me that means: installing an entirely new server. But I wanted to know if it can be a software error to fix the problem at least temporarily to give me time to install the new and upgraded server. Thanks for the data on memory minimun recommendation Gareth. -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Gareth Enviado el: viernes, 19 de octubre de 2007 13:32 Para: MailScanner discussion Asunto: RE: Weird Problem with MailScanner I would say it is seriously in need of a memory upgrade. The minimum recomendation is 1GB. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas Sent: 19 October 2007 17:22 To: mailscanner@lists.mailscanner.info Subject: Weird Problem with MailScanner Hi there, I'm having a really weird problem and as I am a n00b it gets a bit more difficult to find a solution. I'll explain the details first: Since 6 months ago, I am the System Administrator of a Tourism Agency. We use an E-mail Scanner in a server with the following characteristics: Processor: Pentium II 233 Mhz. RAM: 128 MB OS: Linux Slackware 9 MailScanner version: 4.55.10 This E-mail Scanner use the MailScanner with Sophos Antivirus and Spam Assasin to filter spam and scan incoming and outcoming mails for viruses which are then redirected to an internal MS Exchange Server or to the Internet, respectively by sendmail. One month ago, the server started behaving erratically. Instead of checking and sending mails as it normally did, it started queueing mails massively and therefore accumulating great quantities of them, it got up to 10000 mails queued up in a single day, therefore, no one recieved a single mail. After many pointless attempts to repair this problem and seeing that the Travel Agents were getting a bit mad, I decided to redirect the MX server of our domains in the DNS to the firewall, so that our E-Mail Scanner server didn't recieve more mail, which was only going to contribute to making the problem worse, more incoming mails, more queued mails. With this, the server started sending the queued mails and mail traffic was restored with the difference that mails weren't scanned at all(they were no longer passing through the MailScanner Server). When the mail queues were empty again, I tried to reestablish the scanning service, but the problem appeared again. I don't have a clear idea of what can be causing this problem. The machine is pretty old, but the former administrator told me that it had never had problems. I think that perhaps we are being Spam Bombed and perhaps the System poor processing capabilities cannot resists the increasing traffic and therefore it gets stuck and keeps enqueueing mails. Please if anyone can guide me I'll appreciate it, Sorry if my English is a bit rusty, it is not my native language, therefore if you need me to be more clear or try to give more details of something, don't hesitate to ask so. Thanks in advance! -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------ Message: 5 Date: Fri, 19 Oct 2007 18:47:31 +0100 (BST) From: UxBoD Subject: Bad Link To: mailscanner@lists.mailscanner.info Message-ID: <22710388.3631192816051529.JavaMail.root@office.splatnix.net> Content-Type: text/plain; charset=utf-8 Jules, The link to your book on the documentation page comes back with :- CafePress.com Product Not Found Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------ Message: 6 Date: Fri, 19 Oct 2007 15:30:09 -0300 From: "Damian Rivas" Subject: RE: Weird Problem with MailScanner To: "MailScanner discussion" Message-ID: <484E9B509664CA499A78F777A2D59A30027634@server6.chtnet.com.ar> Content-Type: text/plain; charset="us-ascii" Ok guys, I'm going home soon, so I'll check this up on Monday, thanks for your quick answers and help. On Monday we will continue with this. -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de UxBoD Enviado el: viernes, 19 de octubre de 2007 14:46 Para: MailScanner discussion Asunto: Re: Weird Problem with MailScanner also check these out :- http://wiki.mailscanner.info/doku.php?id=documentation:tweaking:some_thi ngs_to_try_if_your_incoming_queue_is_running_slow http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot :spamassassin:timeouts&s=debug http://www.cafepress.com/mailscanner.140046559 Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Damian Rivas" To: "MailScanner discussion" Sent: Friday, October 19, 2007 5:38:52 PM (GMT) Africa/Casablanca Subject: RE: Weird Problem with MailScanner 1) There are 3 MS childs running 2) How do I run MS on debug mode? Sorry for the ignorance, I'm newbie yet. 3) Attached. 4) 2413 pts/0 S+ 0:00 \_ grep MailScanner CPLUS_INCLUDE_PATH=/usr/lib/qt/include MANPATH=/usr/local/man:/usr/man:/usr/X11R6/man:/usr/lib/java/man:/usr/li b/qt/doc/man:/usr/share/texmf/man HOSTNAME=ns4.cht.com.ar TERM=xterm SSH_CLIENT=200.55.14.250 58852 22 WINDOW_MANAGER=metacity OLDPWD=/etc QTDIR=/usr/lib/qt SSH_TTY=/dev/pts/0 USER=root LS_COLORS=no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd =40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM =01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL =01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz= 01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2 =01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01; 31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01; 35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=0 1;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a =01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3 =01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.O GG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif =01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm =01;35:*.xpm=01;35: SUDO_USER=daniel GDK_USE_XFT=1 SUDO_UID=1000 KDEDIR=/opt/kde T1LIB_CONFIG=/usr/share/t1lib/t1lib.config MINICOM=-c on PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin LC_COLLATE=C PWD=/home/daniel INPUTRC=/etc/inputrc JAVA_HOME=/usr/lib/java LANG=en_US PS1=\u@\h:\w\$ PS2=> HOME=/root SUDO_COMMAND=/bin/su SHLVL=2 LS_OPTIONS= --color=auto -F -b -T 0 LOGNAME=root LESS=-M SSH_CONNECTION=200.55.14.250 58852 200.55.14.251 22 LESSOPEN=|lesspipe.sh %s SUDO_GID=100 _=/bin/grep -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de UxBoD Enviado el: viernes, 19 de octubre de 2007 14:13 Para: MailScanner discussion Asunto: Re: Weird Problem with MailScanner Was there anything in /var/log/messages that showed a problem ? How many MS child processes were set to run ? Even with very little memory it should at least process some emails. What RBLs were you checking against ? Quite are few are no longer running so if you are trying to query them you will get a very long wait and timeouts which maybe where the problem is. IMHO you could try removing the RBL list from your MailScanner.conf so at least virri scanning is still performed, and see if that makes a difference. We really need to see the following :- 1) Number of MS child processes set to spawn 2) MS run in debug mode 3) A lint of your SA configuration 4) ps ef | grep MailScanner when the problem is occuring Hope we can help you. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Damian Rivas" To: "MailScanner discussion" Sent: Friday, October 19, 2007 4:37:35 PM (GMT) Africa/Casablanca Subject: RE: Weird Problem with MailScanner Mensaje Yeah, I was thinking in upgrading the hardware, but for me that means: installing an entirely new server. But I wanted to know if it can be a software error to fix the problem at least temporarily to give me time to install the new and upgraded server. Thanks for the data on memory minimun recommendation Gareth. -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Gareth Enviado el: viernes, 19 de octubre de 2007 13:32 Para: MailScanner discussion Asunto: RE: Weird Problem with MailScanner I would say it is seriously in need of a memory upgrade. The minimum recomendation is 1GB. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas Sent: 19 October 2007 17:22 To: mailscanner@lists.mailscanner.info Subject: Weird Problem with MailScanner Hi there, I'm having a really weird problem and as I am a n00b it gets a bit more difficult to find a solution. I'll explain the details first: Since 6 months ago, I am the System Administrator of a Tourism Agency. We use an E-mail Scanner in a server with the following characteristics: Processor: Pentium II 233 Mhz. RAM: 128 MB OS: Linux Slackware 9 MailScanner version: 4.55.10 This E-mail Scanner use the MailScanner with Sophos Antivirus and Spam Assasin to filter spam and scan incoming and outcoming mails for viruses which are then redirected to an internal MS Exchange Server or to the Internet, respectively by sendmail. One month ago, the server started behaving erratically. Instead of checking and sending mails as it normally did, it started queueing mails massively and therefore accumulating great quantities of them, it got up to 10000 mails queued up in a single day, therefore, no one recieved a single mail. After many pointless attempts to repair this problem and seeing that the Travel Agents were getting a bit mad, I decided to redirect the MX server of our domains in the DNS to the firewall, so that our E-Mail Scanner server didn't recieve more mail, which was only going to contribute to making the problem worse, more incoming mails, more queued mails. With this, the server started sending the queued mails and mail traffic was restored with the difference that mails weren't scanned at all(they were no longer passing through the MailScanner Server). When the mail queues were empty again, I tried to reestablish the scanning service, but the problem appeared again. I don't have a clear idea of what can be causing this problem. The machine is pretty old, but the former administrator told me that it had never had problems. I think that perhaps we are being Spam Bombed and perhaps the System poor processing capabilities cannot resists the increasing traffic and therefore it gets stuck and keeps enqueueing mails. Please if anyone can guide me I'll appreciate it, Sorry if my English is a bit rusty, it is not my native language, therefore if you need me to be more clear or try to give more details of something, don't hesitate to ask so. Thanks in advance! -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ------------------------------ Message: 7 Date: Fri, 19 Oct 2007 23:15:04 +0100 From: Julian Field Subject: Re: building on Red Hat EL v 5 To: MailScanner discussion Message-ID: <47192C68.1000400@ecs.soton.ac.uk> Content-Type: text/plain; charset=ISO-8859-1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kai Schaetzl wrote: > Julian Field wrote on Wed, 17 Oct 2007 18:09:20 +0100: > >> But they are needed on things other than RHEL5. What's the best >> way of detecting RHEL5 and all its clones? > > I don't know, best way is probably to check for the perl modules > directly. That's what I do. For each Perl module RPM I check for the version of the Perl module, not the version of any RPM that happened to contain it. That's what the "CheckModuleVersion" program does in the distributions. > SA does that and then presents a list of required and optional > modules. I think this is a good way. Agreed. > I think these modules are also not needed on 4 and clones and on > other more modern systems they aren't necessary as well. Maybe I > got Craig's posting wrong. I thought you had added this to the > dependencies of the mailscanner.rpm, if you just added this to > install.sh (mime-base-64 has been on it for a long time already) > this is a different matter. I think it's preferrable to have > install.sh not force the install if it's already installed, but I > can understand that you put it in there as you try to provide a > complete package. I do force some of them, agreed. > Nevertheless, is there any chance to just get the mailscanner.rpm > for a download? This would also save bandwidth on both sides. How many ISP's (most of my useres) can't afford the bandwidth to download a few megs of a package? You only need to do it at the very most once every few months. Most people waste more than that in a day's random web surfing. Adding more options to the list of downloads encourages new users to download the wrong one. Most people don't know if they want the full package or just the single RPM, so I would much rather keep things simpler for the masses. The enlightened among you can pull out the 1 file you want pretty easily. And what when the requirements change? They have done so in the past, and then you will need other files from the distribution as well. I want to keep it as simple as possible. Installing MailScanner is already quite hard enough! If you have suggestions for how I could make it simpler for the masses, please tell me. I'm hoping that someone will start working with Dag soon to get MailScanner into his archive in a form where one yum command will install/upgrade MailScanner and all its requirements at one go. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHGSxlEfZZRxQVtlQRAt48AKCU99kpqQDpVdiBGjdY2JI7JpskwwCg5yah qsRflDo1li8ZpCFik7khqSQ= =5BDV -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk ------------------------------ Message: 8 Date: Fri, 19 Oct 2007 18:48:55 -0700 From: Craig White Subject: Re: ****Re: building on Red Hat EL v 5 To: MailScanner discussion Message-ID: <1192844935.27714.12.camel@lin-workstation.azapple.com> Content-Type: text/plain On Fri, 2007-10-19 at 23:15 +0100, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Kai Schaetzl wrote: > > Julian Field wrote on Wed, 17 Oct 2007 18:09:20 +0100: > > > >> But they are needed on things other than RHEL5. What's the best > >> way of detecting RHEL5 and all its clones? > > > > I don't know, best way is probably to check for the perl modules > > directly. > That's what I do. For each Perl module RPM I check for the version of > the Perl module, not the version of any RPM that happened to contain > it. That's what the "CheckModuleVersion" program does in the > distributions. ---- For what it's worth... *** package perl-MIME-Base64 Fedora 7 # rpm -ql mod_perl|grep Base64 /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/APR/Base64.pm /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/APR/Base64 /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/APR/Base64/Base64.so /usr/share/doc/mod_perl-2.0.3/docs/api/APR/Base64.pod /usr/share/man/man3/APR::Base64.3pm.gz I believe that this conflicts with perl-MIME-Base64 but I don't use Fedora for servers. RHEL v5 (virtually identical) # rpm -q mod_perl mod_perl-2.0.2-6.3.el5 # rpm -ql mod_perl|grep Base64 /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/APR/Base64.pm /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/APR/Base64 /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/APR/Base64/Base64.so /usr/share/doc/mod_perl-2.0.2/docs/api/APR/Base64.pod /usr/share/man/man3/APR::Base64.3pm.gz *** package perl-Test-Simple Fedora 7 (no conflicts) # rpm -q perl perl-5.8.8-23.fc7 # rpm -ql perl|grep Simple /usr/lib/perl5/5.8.8/Filter/Simple.pm /usr/share/man/man3/Filter::Simple.3pm.gz RHEL v5 # rpm -q perl perl-5.8.8-10 # rpm -ql perl|grep Simple /usr/lib/perl5/5.8.8/Filter/Simple.pm /usr/lib/perl5/5.8.8/Test/Simple.pm /usr/share/man/man3/Filter::Simple.3pm.gz /usr/share/man/man3/Test::Simple.3pm.gz This should make the problem with the collisions on RHELv5 a bit more obvious as to why it's not being detected ---- > > SA does that and then presents a list of required and optional > > modules. I think this is a good way. > Agreed. > > I think these modules are also not needed on 4 and clones and on > > other more modern systems they aren't necessary as well. Maybe I > > got Craig's posting wrong. I thought you had added this to the > > dependencies of the mailscanner.rpm, if you just added this to > > install.sh (mime-base-64 has been on it for a long time already) > > this is a different matter. I think it's preferrable to have > > install.sh not force the install if it's already installed, but I > > can understand that you put it in there as you try to provide a > > complete package. > I do force some of them, agreed. > > Nevertheless, is there any chance to just get the mailscanner.rpm > > for a download? This would also save bandwidth on both sides. > How many ISP's (most of my useres) can't afford the bandwidth to > download a few megs of a package? You only need to do it at the very > most once every few months. Most people waste more than that in a > day's random web surfing. ---- It's easy enough to just build the mailscanner.src.rpm after original install and I don't mind downloading the whole enchilada. ---- > Adding more options to the list of downloads encourages new users to > download the wrong one. Most people don't know if they want the full > package or just the single RPM, so I would much rather keep things > simpler for the masses. The enlightened among you can pull out the 1 > file you want pretty easily. And what when the requirements change? > They have done so in the past, and then you will need other files from > the distribution as well. > > I want to keep it as simple as possible. Installing MailScanner is > already quite hard enough! If you have suggestions for how I could > make it simpler for the masses, please tell me. I'm hoping that > someone will start working with Dag soon to get MailScanner into his > archive in a form where one yum command will install/upgrade > MailScanner and all its requirements at one go. ---- Not a job for me...I'm lucky to get srpms to build at all. ;-) Craig ------------------------------ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read the Wiki (http://wiki.mailscanner.info/). Support MailScanner development - buy the book off the website! End of MailScanner Digest, Vol 22, Issue 36 ******************************************* -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Sat Oct 20 16:11:08 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Oct 20 16:11:11 2007 Subject: MailScanner Digest, Vol 22, Issue 36 In-Reply-To: <1B74CA8F7AB18445B7355100411C4E192F36325979@edenusa.ehads.edenhosting.net> References: <200710201100.l9KB0CVW029208@safir.blacknight.ie> <1B74CA8F7AB18445B7355100411C4E192F36325979@edenusa.ehads.edenhosting.net> Message-ID: <223f97700710200811g287f7493jc21d74b5d85aa3ef@mail.gmail.com> On 20/10/2007, Bjorgen T. Eatinger wrote: > This mailing list is almost completely worthless, since it repeats everything over and over and over. Can you PLEASE upgrade to better list software? > > Bjorgen > (snip) What on earth (or perhaps .....:-) are you talking about? The disgest just "chunks" things together, yes. And peaple tend to not trim that well... You especially .... If you find that a problem, hy then just subscribe tho the list proper, not the digest. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From hvdkooij at vanderkooij.org Sat Oct 20 17:05:33 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Oct 20 17:05:54 2007 Subject: MailScanner Digest, Vol 22, Issue 36 In-Reply-To: <223f97700710200811g287f7493jc21d74b5d85aa3ef@mail.gmail.com> References: <200710201100.l9KB0CVW029208@safir.blacknight.ie> <1B74CA8F7AB18445B7355100411C4E192F36325979@edenusa.ehads.edenhosting.net> <223f97700710200811g287f7493jc21d74b5d85aa3ef@mail.gmail.com> Message-ID: <471A274D.9050904@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: > On 20/10/2007, Bjorgen T. Eatinger wrote: >> This mailing list is almost completely worthless, since it repeats everything over and over and over. Can you PLEASE upgrade to better list software? >> >> Bjorgen >> > (snip) > What on earth (or perhaps .....:-) are you talking about? > The disgest just "chunks" things together, yes. And peaple tend to not > trim that well... You especially .... If you find that a problem, hy > then just subscribe tho the list proper, not the digest. Jules: I would recommend to put a filter on the mailinglist so anyone sending a message with the MailScanner Digest indication on the subject line is blocked or at least held for moderation? To the best of my knowledge that should be peanuts with mailman. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHGidLBvzDRVjxmYERAuD3AJkBkJQxTeyofK2aMVe9VLqX3oVHZwCfaqru 2/IiFEekFdoS7d+yp49htk0= =+dwz -----END PGP SIGNATURE----- From ugob at lubik.ca Sun Oct 21 15:17:15 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Sun Oct 21 15:17:39 2007 Subject: Weird Problem with MailScanner In-Reply-To: <484E9B509664CA499A78F777A2D59A30027632@server6.chtnet.com.ar> References: <484E9B509664CA499A78F777A2D59A30027632@server6.chtnet.com.ar> Message-ID: Damian Rivas wrote: > 1) There are 3 MS childs running That is way too much. Your system is probably swapping like crazy. Set it to '1' in /etc/MailScanner/MailScanner.conf and do a 'service MailScanner restart' (assuming redhat/centos) Can you send us the output of : 'vmstat 5 10' (will take 50 seconds to execute) Did you check if memory was available for this system? If it is and if it is not too expensive, I'll add at least another 128 (more if you can). Ugo From stork at openenterprise.ca Sun Oct 21 20:50:11 2007 From: stork at openenterprise.ca (Johnny Stork) Date: Sun Oct 21 20:50:17 2007 Subject: Various sendmail and dovecot errors Message-ID: <471BAD73.7000404@openenterprise.ca> I am not sure these issues are related in any way to mailscanner, but I only noticed them after rebuilding the server and doing a clean install of mailscanner and running virtualmin. All mail 'seems' to be getting through, but I get these errors in maillog Oct 21 12:49:20 gateway dovecot: imap-login: Disconnected: rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured Oct 21 12:49:22 gateway sendmail[11378]: l9LJnMON011378: localhost.localdomain [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Oct 21 12:49:22 gateway dovecot: pop3-login: Disconnected: rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured -- *Johnny Stork* Business & Technology Consultant stork@openenterprise.ca -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071021/765767d6/attachment.html From ugob at lubik.ca Sun Oct 21 22:03:38 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Sun Oct 21 22:03:55 2007 Subject: Various sendmail and dovecot errors In-Reply-To: <471BAD73.7000404@openenterprise.ca> References: <471BAD73.7000404@openenterprise.ca> Message-ID: Johnny Stork wrote: > I am not sure these issues are related in any way to mailscanner, but I > only noticed them after rebuilding the server and doing a clean install > of mailscanner and running virtualmin. All mail 'seems' to be getting > through, but I get these errors in maillog > > > Oct 21 12:49:20 gateway dovecot: imap-login: Disconnected: > rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured > Oct 21 12:49:22 gateway sendmail[11378]: l9LJnMON011378: > localhost.localdomain [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN > during connection to MTA > Oct 21 12:49:22 gateway dovecot: pop3-login: Disconnected: > rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured It looks like logs that would be created by monitoring software or package. From stork at openenterprise.ca Sun Oct 21 22:29:31 2007 From: stork at openenterprise.ca (Johnny Stork) Date: Sun Oct 21 22:29:32 2007 Subject: Various sendmail and dovecot errors In-Reply-To: References: <471BAD73.7000404@openenterprise.ca> Message-ID: <471BC4BB.1030106@openenterprise.ca> I actually just determined/discovered that it is due to running the Zabbix (zabbix_clientd) agent. Any ideas how I can still rung the agent but get rid of those errors? Ugo Bellavance wrote: > Johnny Stork wrote: >> I am not sure these issues are related in any way to mailscanner, but >> I only noticed them after rebuilding the server and doing a clean >> install of mailscanner and running virtualmin. All mail 'seems' to be >> getting through, but I get these errors in maillog >> >> >> Oct 21 12:49:20 gateway dovecot: imap-login: Disconnected: >> rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured >> Oct 21 12:49:22 gateway sendmail[11378]: l9LJnMON011378: >> localhost.localdomain [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN >> during connection to MTA >> Oct 21 12:49:22 gateway dovecot: pop3-login: Disconnected: >> rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured > > It looks like logs that would be created by monitoring software or > package. > From ugob at lubik.ca Mon Oct 22 00:46:51 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Mon Oct 22 00:47:15 2007 Subject: Various sendmail and dovecot errors In-Reply-To: <471BC4BB.1030106@openenterprise.ca> References: <471BAD73.7000404@openenterprise.ca> <471BC4BB.1030106@openenterprise.ca> Message-ID: Johnny Stork wrote: > I actually just determined/discovered that it is due to running the > Zabbix (zabbix_clientd) agent. Any ideas how I can still rung the agent > but get rid of those errors? You can't. Zabbix (or any monitoring software) will attempt a real IMAP or SMTP (or whatever else) connection to determine if your server is responding correctly or not. You get the log entries that goes with it. I don't really call them errors, I call them "log entries". Regards, Ugo From arturs at netvision.net.il Mon Oct 22 13:40:02 2007 From: arturs at netvision.net.il (Arthur Sherman) Date: Mon Oct 22 13:41:11 2007 Subject: Problem with Hebrew filenames Message-ID: <00ac01c814a8$aa46ff60$0200000a@dell> Although Hebrew is allowed in conf, MS blocks legit, quite short filenames: Report: MailScanner: Very long filenames are good signs of attacks against Microsoft e-mail packages (%E4%F9%E5%F4%E8%FA %F9%EE%EE%F9%E9%EB%E4.doc) How can I fix this? TIA! Arthur From damian at cht.com.ar Mon Oct 22 13:48:12 2007 From: damian at cht.com.ar (Damian Rivas) Date: Mon Oct 22 13:52:04 2007 Subject: Weird Problem with MailScanner Message-ID: <484E9B509664CA499A78F777A2D59A30027637@server6.chtnet.com.ar> Ok, here we go again. How was your weekend people? Ugo, here is the output you asked for: vmstat 5 10: procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu---- r b swpd free buff cache si so bi bo in cs us sy id wa 0 0 105712 46416 14388 53324 5 3 1 8 13 11 21 1 78 0 0 0 105712 46264 14392 53324 0 0 0 10 111 171 0 0 99 0 0 0 105712 46196 14408 53324 0 0 0 24 108 170 0 1 99 0 0 0 105712 46128 14448 53324 0 0 0 39 112 179 0 0 100 0 0 0 105712 46132 14456 53324 0 0 0 54 124 174 0 0 100 0 1 0 105712 44988 14496 53424 0 0 21 89 123 176 8 4 88 0 0 0 105712 45464 14512 53548 0 0 24 28 110 162 8 3 89 0 0 0 105712 45264 14628 53612 0 0 22 138 138 208 9 4 87 0 0 0 105712 46036 14668 53596 0 0 0 61 114 179 0 0 100 0 2 0 105712 46028 14676 53596 0 0 0 4 105 166 0 0 100 0 I'm also attaching a bit of the output of a tail -f /var/log/maillog for you to see, there's too much spam and false addresses which slowing down MS a lot. There are still about 28k messages!(on Friday there were 45k!!!!). UxBoD, you told me to run the init.d script to stop the MS, the problem is Slackware uses the traditional BSD Init, so I went to the 'rc.d' directory but couldn't found, or couldn't figure out were the script for stoping MS is, sorry for my ignorance again. As always thank you people for your valuable help. Regards.- -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Ugo Bellavance Enviado el: domingo, 21 de octubre de 2007 11:17 Para: mailscanner@lists.mailscanner.info Asunto: Re: Weird Problem with MailScanner Damian Rivas wrote: > 1) There are 3 MS childs running That is way too much. Your system is probably swapping like crazy. Set it to '1' in /etc/MailScanner/MailScanner.conf and do a 'service MailScanner restart' (assuming redhat/centos) Can you send us the output of : 'vmstat 5 10' (will take 50 seconds to execute) Did you check if memory was available for this system? If it is and if it is not too expensive, I'll add at least another 128 (more if you can). Ugo -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- Oct 22 09:33:46 ns4 MailScanner[16303]: Message l9ECuov7009970 from 201.50.112.7 4 (jramos4@edd.ca.gov) to ci-educ.com.ar is Oct 22 09:33:52 ns4 MailScanner[16303]: RBL checks: l9ECv6Bn009990 found in SBL+ XBL Oct 22 09:33:58 ns4 sendmail[16856]: l9JNcvwm006808: to=, delay=2+ 12:53:15, xdelay=00:03:12, mailer=esmtp, pri=68884917, relay=hq.com. [213.86.173 .130], dsn=4.0.0, stat=Deferred: Connection timed out with hq.com. Oct 22 09:34:10 ns4 MailScanner[16635]: Message l9MCUCev016920 from 82.45.97.114 (madhu@telia.com) to cht.com.ar is spam, SBL+XBL, SpamAssassin (no almacenado, puntaje=14.681, requerido 6, BAYES_00 -2.60, EXTRA_MPART_TYPE 1.09, HELO_DYNAMIC _HCC 4.10, HELO_DYNAMIC_IPADDR2 3.82, HTML_IMAGE_ONLY_12 1.87, HTML_MESSAGE 0.00 , MSGID_DOLLARS 1.72, RATWARE_MS_HASH 1.91, RATWARE_OUTLOOK_NONAME 2.78) Oct 22 09:34:18 ns4 sendmail[16829]: l9IJTeW5018662: to=, delay=3+17:04:04, xdelay=00:03:17, mailer=esmtp, pri=93363511, relay=mountainzo ne.com. [216.162.212.71], dsn=4.0.0, stat=Deferred: Connection timed out with mo untainzone.com. Oct 22 09:34:26 ns4 MailScanner[16303]: Message l9ECv6Bn009990 from 89.31.89.73 (jraines@pfeiffer.edu) to ci-educ.com.ar is Oct 22 09:34:27 ns4 MailScanner[16303]: RBL checks: l9ECvHqO010002 found in SBL+ XBL Oct 22 09:34:38 ns4 sendmail[16739]: l9IJrsdf018978: to=, delay=3+16:39:10, xdelay=00:03:12, mailer=esmtp, pri=106055240, relay= kaplancollege.com. [72.166.181.37], dsn=4.0.0, stat=Deferred: Connection timed o ut with kaplancollege.com. Oct 22 09:34:38 ns4 sendmail[16937]: l9L03WVm023964: to=, d elay=1+12:30:35, xdelay=00:03:10, mailer=esmtp, pri=37384958, relay=mail.psi.org .kh. [203.189.130.189], dsn=4.0.0, stat=Deferred: Connection timed out with mail .psi.org.kh. Oct 22 09:34:40 ns4 sendmail[16930]: l9KNsHVk023852: to=, d elay=1+12:39:30, xdelay=00:03:11, mailer=esmtp, pri=40625012, relay=mail.psi.org .kh. [203.189.130.189], dsn=4.0.0, stat=Deferred: Connection timed out with mail .psi.org.kh. Oct 22 09:34:51 ns4 sendmail[16739]: l9IKUjqg019409: to=, delay=3+16:01:56, xdelay=00:00:02, mailer=esmtp, pri=143135197, relay=clm ail.afo.net. [72.215.140.74], dsn=4.0.0, stat=Deferred: Connection refused by cl mail.afo.net. Oct 22 09:35:01 ns4 MailScanner[16303]: Message l9ECvHqO010002 from 89.31.89.73 (jraines@pfeiffer.edu) to ci-educ.com.ar is Oct 22 09:35:02 ns4 MailScanner[16303]: RBL checks: l9ECvAi0009993 found in SBL+ XBL Oct 22 09:35:31 ns4 MailScanner[16635]: RBL checks: l9ECv1Ar009981 found in SBL+XBL Oct 22 09:35:36 ns4 MailScanner[16303]: Message l9ECvAi0009993 from 89.31.89.73 (jraines@pfeiffer.edu) to ci-educ.com.ar is Oct 22 09:35:49 ns4 MailScanner[16478]: Spam Checks: Found 5 spam messages Oct 22 09:35:49 ns4 MailScanner[16478]: Spam Actions: message l9MCQOWv016884 actions are deliver,header Oct 22 09:35:49 ns4 MailScanner[16478]: Spam Actions: message l9MCQG6c016878 actions are deliver,header Oct 22 09:35:49 ns4 MailScanner[16478]: Spam Actions: message l9ECu2ST009931 actions are deliver,header Oct 22 09:35:49 ns4 MailScanner[16478]: Spam Actions: message l9ECu53F009934 actions are deliver,header Oct 22 09:35:49 ns4 MailScanner[16478]: Spam Actions: message l9MCN30Q016843 actions are deliver,header Oct 22 09:35:49 ns4 MailScanner[16478]: Spam Checks completed at 102 bytes per second Oct 22 09:35:49 ns4 MailScanner[16478]: Virus and Content Scanning: Starting Oct 22 09:35:50 ns4 MailScanner[16478]: Virus Scanning completed at 58111 bytes per second Oct 22 09:35:58 ns4 sm-mta-queuein[16988]: l9MCZikR016988: from=, size=4132, class=0, nrcpts=1, msgid=<000d01c814a8$04911d19$07ac0fa8@stuynhil>, proto=ESMTP, daemon=MTA, relay=pool-72-94-52-3.phlapa.fios.verizon.net [72.94.52.3] Oct 22 09:35:58 ns4 sm-mta-queuein[16988]: l9MCZikR016988: to=, delay=00:00:00, mailer=esmtp, pri=34132, stat=queued Oct 22 09:36:05 ns4 MailScanner[16635]: Message l9ECv1Ar009981 from 89.31.89.73 (jraines@pfeiffer.edu) to ci-educ.com.ar is Oct 22 09:36:21 ns4 MailScanner[16478]: Uninfected: Delivered 10 messages Oct 22 09:36:21 ns4 MailScanner[16478]: Virus Processing completed at 127202 bytes per second Oct 22 09:36:21 ns4 MailScanner[16478]: Batch completed at 95 bytes per second (40214 / 423) Oct 22 09:36:21 ns4 MailScanner[16478]: Batch (10 messages) processed in 423.15 seconds Oct 22 09:36:21 ns4 sendmail[16909]: l9KMiBFJ023013: to=, delay=1+13:51:36, xdelay=00:03:22, mailer=esmtp, pri=41074801, relay=pacpipe.com. [4.18.42.162], dsn=4.0.0, stat=Deferred: Connection timed out with pacpipe.com. Oct 22 09:36:22 ns4 sendmail[16909]: l9JNcvwm006808: to=, delay=2+12:55:39, xdelay=00:00:00, mailer=esmtp, pri=68974917, relay=hq.com., dsn=4.0.0, stat=Deferred: Connection timed out with hq.com. Oct 22 09:36:22 ns4 MailScanner[16303]: RBL checks: l9ECv6Nl009991 found in SBL+XBL Oct 22 09:36:23 ns4 MailScanner[16478]: New Batch: Found 28981 messages waiting Oct 22 09:36:23 ns4 MailScanner[16478]: New Batch: Scanning 10 messages, 38569 bytes Oct 22 09:36:23 ns4 MailScanner[16478]: Spam Checks: Starting Oct 22 09:36:36 ns4 sendmail[16999]: l9ECu0SN009932: to=<014068407807.463607070680@ci-educ.com.ar>, delay=7+23:40:20, xdelay=00:00:10, mailer=esmtp, pri=123067, relay=ns1.cht.com.ar. [200.55.14.250], dsn=2.0.0, stat=Sent ( <06bb01c80e62$6aed7570$510398f6@Lucinda> Queued mail for delivery) Oct 22 09:36:38 ns4 sendmail[16999]: l9ECu53F009934: to=, delay=7+23:40:29, xdelay=00:00:00, mailer=esmtp, pri=123163, relay=ns1.cht.com.ar. [200.55.14.250], dsn=2.0.0, stat=Sent ( <133301c80e62$678bacd0$0a0003dd@Tamara> Queued mail for delivery) Oct 22 09:36:38 ns4 sendmail[16999]: l9ECu4BV009935: to=<014050342960.513915737364@ci-educ.com.ar>, delay=7+23:40:31, xdelay=00:00:00, mailer=esmtp, pri=123227, relay=ns1.cht.com.ar. [200.55.14.250], dsn=2.0.0, stat=Sent ( <069501c80e62$65b195a0$510398f6@Lucinda> Queued mail for delivery) Oct 22 09:36:39 ns4 sendmail[16999]: l9ECu5lO009936: to=, delay=7+23:40:32, xdelay=00:00:00, mailer=esmtp, pri=123298, relay=ns1.cht.com.ar. [200.55.14.250], dsn=2.0.0, stat=Sent ( <00d401c80e62$6432e4e0$b4136d59@Roland> Queued mail for delivery) Oct 22 09:36:40 ns4 sendmail[16849]: l9KH5LHB019103: to=, delay=1+19:30:47, xdelay=00:03:12, mailer=esmtp, pri=45484849, relay=kaplancollege.com. [72.166.181.37], dsn=4.0.0, stat=Deferred: Connection timed out with kaplancollege.com. From J.Ede at birchenallhowden.co.uk Mon Oct 22 14:08:19 2007 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Mon Oct 22 14:11:32 2007 Subject: Weird Problem with MailScanner In-Reply-To: <484E9B509664CA499A78F777A2D59A30027637@server6.chtnet.com.ar> References: <484E9B509664CA499A78F777A2D59A30027637@server6.chtnet.com.ar> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C0714BEE5@server02.bhl.local> What domains do you accept email for? Are you sure its not operating as an open gateway? Jason From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas [damian@cht.com.ar] Sent: 22 October 2007 13:48 To: MailScanner discussion Subject: RE: Weird Problem with MailScanner Ok, here we go again. How was your weekend people? Ugo, here is the output you asked for: vmstat 5 10: procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu---- r b swpd free buff cache si so bi bo in cs us sy id wa 0 0 105712 46416 14388 53324 5 3 1 8 13 11 21 1 78 0 0 0 105712 46264 14392 53324 0 0 0 10 111 171 0 0 99 0 0 0 105712 46196 14408 53324 0 0 0 24 108 170 0 1 99 0 0 0 105712 46128 14448 53324 0 0 0 39 112 179 0 0 100 0 0 0 105712 46132 14456 53324 0 0 0 54 124 174 0 0 100 0 1 0 105712 44988 14496 53424 0 0 21 89 123 176 8 4 88 0 0 0 105712 45464 14512 53548 0 0 24 28 110 162 8 3 89 0 0 0 105712 45264 14628 53612 0 0 22 138 138 208 9 4 87 0 0 0 105712 46036 14668 53596 0 0 0 61 114 179 0 0 100 0 2 0 105712 46028 14676 53596 0 0 0 4 105 166 0 0 100 0 I'm also attaching a bit of the output of a tail -f /var/log/maillog for you to see, there's too much spam and false addresses which slowing down MS a lot. There are still about 28k messages!(on Friday there were 45k!!!!). UxBoD, you told me to run the init.d script to stop the MS, the problem is Slackware uses the traditional BSD Init, so I went to the 'rc.d' directory but couldn't found, or couldn't figure out were the script for stoping MS is, sorry for my ignorance again. As always thank you people for your valuable help. Regards.- -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Ugo Bellavance Enviado el: domingo, 21 de octubre de 2007 11:17 Para: mailscanner@lists.mailscanner.info Asunto: Re: Weird Problem with MailScanner Damian Rivas wrote: > 1) There are 3 MS childs running That is way too much. Your system is probably swapping like crazy. Set it to '1' in /etc/MailScanner/MailScanner.conf and do a 'service MailScanner restart' (assuming redhat/centos) Can you send us the output of : 'vmstat 5 10' (will take 50 seconds to execute) Did you check if memory was available for this system? If it is and if it is not too expensive, I'll add at least another 128 (more if you can). Ugo -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From damian at cht.com.ar Mon Oct 22 14:41:45 2007 From: damian at cht.com.ar (Damian Rivas) Date: Mon Oct 22 14:45:35 2007 Subject: Weird Problem with MailScanner Message-ID: <484E9B509664CA499A78F777A2D59A30027638@server6.chtnet.com.ar> It catches and accepts e-mails for our pack of domains: cht.com.ar, aaovyt.com.ar, skalbue.com.ar, hispanoamericana.com.ar, cieduc.com.ar and ci-educ.com.ar. The main problem is that domains like hispanoamericana are way too old and recieve lots of spam messages. The main domain, cht.com.ar recieves a lot of mails daily, the problem with this is that it is difficult for me to find a good filter policy, because as it is a Travel Agency it recieves mails from hotels and other agencies, so, if I put a strict filter of "if you are not in my Exchange contact list you cannot pass" this mails are not likely entering any way and that is not the idea. I'm following up some guidelines that UxBoD sent me in one of the links to accelerate MS, so I'll let you know if things go better. I think that a BackScatter attack is very likely to be happening. Until these last months, there was never a single problem, so something strange might have happened to increase the SPAM bombing and therefore to turn the old server useless. And about upgrading memory, I think that it would be cheaper (at least in Argentina PC100 Memories are very expensive as they aren't produced anymore) and have more sense to directly make an entire new server, with better processor and better memory. I was thinking in a 1Ghz processor, is it ok? Which are the minimum recommended requisites? ___________________________________________________ Dami?n Rivas Administrador de Hardware y Redes Departamento de Sistemas Consult House Turismo S.A. Tel: 4315-1900 email: damian@cht.com.ar web: www.cht.com.ar -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Jason Ede Enviado el: lunes, 22 de octubre de 2007 10:08 Para: MailScanner discussion Asunto: RE: RE: Weird Problem with MailScanner What domains do you accept email for? Are you sure its not operating as an open gateway? Jason From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas [damian@cht.com.ar] Sent: 22 October 2007 13:48 To: MailScanner discussion Subject: RE: Weird Problem with MailScanner Ok, here we go again. How was your weekend people? Ugo, here is the output you asked for: vmstat 5 10: procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu---- r b swpd free buff cache si so bi bo in cs us sy id wa 0 0 105712 46416 14388 53324 5 3 1 8 13 11 21 1 78 0 0 0 105712 46264 14392 53324 0 0 0 10 111 171 0 0 99 0 0 0 105712 46196 14408 53324 0 0 0 24 108 170 0 1 99 0 0 0 105712 46128 14448 53324 0 0 0 39 112 179 0 0 100 0 0 0 105712 46132 14456 53324 0 0 0 54 124 174 0 0 100 0 1 0 105712 44988 14496 53424 0 0 21 89 123 176 8 4 88 0 0 0 105712 45464 14512 53548 0 0 24 28 110 162 8 3 89 0 0 0 105712 45264 14628 53612 0 0 22 138 138 208 9 4 87 0 0 0 105712 46036 14668 53596 0 0 0 61 114 179 0 0 100 0 2 0 105712 46028 14676 53596 0 0 0 4 105 166 0 0 100 0 I'm also attaching a bit of the output of a tail -f /var/log/maillog for you to see, there's too much spam and false addresses which slowing down MS a lot. There are still about 28k messages!(on Friday there were 45k!!!!). UxBoD, you told me to run the init.d script to stop the MS, the problem is Slackware uses the traditional BSD Init, so I went to the 'rc.d' directory but couldn't found, or couldn't figure out were the script for stoping MS is, sorry for my ignorance again. As always thank you people for your valuable help. Regards.- -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Ugo Bellavance Enviado el: domingo, 21 de octubre de 2007 11:17 Para: mailscanner@lists.mailscanner.info Asunto: Re: Weird Problem with MailScanner Damian Rivas wrote: > 1) There are 3 MS childs running That is way too much. Your system is probably swapping like crazy. Set it to '1' in /etc/MailScanner/MailScanner.conf and do a 'service MailScanner restart' (assuming redhat/centos) Can you send us the output of : 'vmstat 5 10' (will take 50 seconds to execute) Did you check if memory was available for this system? If it is and if it is not too expensive, I'll add at least another 128 (more if you can). Ugo -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From J.Ede at birchenallhowden.co.uk Mon Oct 22 14:56:14 2007 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Mon Oct 22 14:59:50 2007 Subject: Weird Problem with MailScanner In-Reply-To: <484E9B509664CA499A78F777A2D59A30027638@server6.chtnet.com.ar> References: <484E9B509664CA499A78F777A2D59A30027638@server6.chtnet.com.ar> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C0714BEE6@server02.bhl.local> After you've tried optimising then... I'd consider using the spamhaus blacklists at the very least to reject mails at smtp level... Then try using recipient verification (also at smtp level...) (On postfix just reject_unverified_recipient) which checks if its deliverable to its destination servers... No point accepting it if you can't deliver it... Jason From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas [damian@cht.com.ar] Sent: 22 October 2007 14:41 To: MailScanner discussion Subject: RE: RE: Weird Problem with MailScanner It catches and accepts e-mails for our pack of domains: cht.com.ar, aaovyt.com.ar, skalbue.com.ar, hispanoamericana.com.ar, cieduc.com.ar and ci-educ.com.ar. The main problem is that domains like hispanoamericana are way too old and recieve lots of spam messages. The main domain, cht.com.ar recieves a lot of mails daily, the problem with this is that it is difficult for me to find a good filter policy, because as it is a Travel Agency it recieves mails from hotels and other agencies, so, if I put a strict filter of "if you are not in my Exchange contact list you cannot pass" this mails are not likely entering any way and that is not the idea. I'm following up some guidelines that UxBoD sent me in one of the links to accelerate MS, so I'll let you know if things go better. I think that a BackScatter attack is very likely to be happening. Until these last months, there was never a single problem, so something strange might have happened to increase the SPAM bombing and therefore to turn the old server useless. And about upgrading memory, I think that it would be cheaper (at least in Argentina PC100 Memories are very expensive as they aren't produced anymore) and have more sense to directly make an entire new server, with better processor and better memory. I was thinking in a 1Ghz processor, is it ok? Which are the minimum recommended requisites? ___________________________________________________ Dami?n Rivas Administrador de Hardware y Redes Departamento de Sistemas Consult House Turismo S.A. Tel: 4315-1900 email: damian@cht.com.ar web: www.cht.com.ar -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Jason Ede Enviado el: lunes, 22 de octubre de 2007 10:08 Para: MailScanner discussion Asunto: RE: RE: Weird Problem with MailScanner What domains do you accept email for? Are you sure its not operating as an open gateway? Jason From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas [damian@cht.com.ar] Sent: 22 October 2007 13:48 To: MailScanner discussion Subject: RE: Weird Problem with MailScanner Ok, here we go again. How was your weekend people? Ugo, here is the output you asked for: vmstat 5 10: procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu---- r b swpd free buff cache si so bi bo in cs us sy id wa 0 0 105712 46416 14388 53324 5 3 1 8 13 11 21 1 78 0 0 0 105712 46264 14392 53324 0 0 0 10 111 171 0 0 99 0 0 0 105712 46196 14408 53324 0 0 0 24 108 170 0 1 99 0 0 0 105712 46128 14448 53324 0 0 0 39 112 179 0 0 100 0 0 0 105712 46132 14456 53324 0 0 0 54 124 174 0 0 100 0 1 0 105712 44988 14496 53424 0 0 21 89 123 176 8 4 88 0 0 0 105712 45464 14512 53548 0 0 24 28 110 162 8 3 89 0 0 0 105712 45264 14628 53612 0 0 22 138 138 208 9 4 87 0 0 0 105712 46036 14668 53596 0 0 0 61 114 179 0 0 100 0 2 0 105712 46028 14676 53596 0 0 0 4 105 166 0 0 100 0 I'm also attaching a bit of the output of a tail -f /var/log/maillog for you to see, there's too much spam and false addresses which slowing down MS a lot. There are still about 28k messages!(on Friday there were 45k!!!!). UxBoD, you told me to run the init.d script to stop the MS, the problem is Slackware uses the traditional BSD Init, so I went to the 'rc.d' directory but couldn't found, or couldn't figure out were the script for stoping MS is, sorry for my ignorance again. As always thank you people for your valuable help. Regards.- -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Ugo Bellavance Enviado el: domingo, 21 de octubre de 2007 11:17 Para: mailscanner@lists.mailscanner.info Asunto: Re: Weird Problem with MailScanner Damian Rivas wrote: > 1) There are 3 MS childs running That is way too much. Your system is probably swapping like crazy. Set it to '1' in /etc/MailScanner/MailScanner.conf and do a 'service MailScanner restart' (assuming redhat/centos) Can you send us the output of : 'vmstat 5 10' (will take 50 seconds to execute) Did you check if memory was available for this system? If it is and if it is not too expensive, I'll add at least another 128 (more if you can). Ugo -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From damian at cht.com.ar Mon Oct 22 15:26:38 2007 From: damian at cht.com.ar (Damian Rivas) Date: Mon Oct 22 15:30:29 2007 Subject: Weird Problem with MailScanner Message-ID: <484E9B509664CA499A78F777A2D59A30027639@server6.chtnet.com.ar> Ok, I've stopped the service of MS directly killing the main PID. I've put MS in debug mode. I've attached the output. -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de UxBoD Enviado el: viernes, 19 de octubre de 2007 14:42 Para: MailScanner discussion Asunto: Re: Weird Problem with MailScanner Stop MS using the init.d script. Then run MailScanner --debug and see what it does Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Damian Rivas" To: "MailScanner discussion" Sent: Friday, October 19, 2007 5:38:52 PM (GMT) Africa/Casablanca Subject: RE: Weird Problem with MailScanner 1) There are 3 MS childs running 2) How do I run MS on debug mode? Sorry for the ignorance, I'm newbie yet. 3) Attached. 4) 2413 pts/0 S+ 0:00 \_ grep MailScanner CPLUS_INCLUDE_PATH=/usr/lib/qt/include MANPATH=/usr/local/man:/usr/man:/usr/X11R6/man:/usr/lib/java/man:/usr/li b/qt/doc/man:/usr/share/texmf/man HOSTNAME=ns4.cht.com.ar TERM=xterm SSH_CLIENT=200.55.14.250 58852 22 WINDOW_MANAGER=metacity OLDPWD=/etc QTDIR=/usr/lib/qt SSH_TTY=/dev/pts/0 USER=root LS_COLORS=no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd =40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM =01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL =01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz= 01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2 =01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01; 31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01; 35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=0 1;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a =01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3 =01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.O GG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif =01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm =01;35:*.xpm=01;35: SUDO_USER=daniel GDK_USE_XFT=1 SUDO_UID=1000 KDEDIR=/opt/kde T1LIB_CONFIG=/usr/share/t1lib/t1lib.config MINICOM=-c on PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin LC_COLLATE=C PWD=/home/daniel INPUTRC=/etc/inputrc JAVA_HOME=/usr/lib/java LANG=en_US PS1=\u@\h:\w\$ PS2=> HOME=/root SUDO_COMMAND=/bin/su SHLVL=2 LS_OPTIONS= --color=auto -F -b -T 0 LOGNAME=root LESS=-M SSH_CONNECTION=200.55.14.250 58852 200.55.14.251 22 LESSOPEN=|lesspipe.sh %s SUDO_GID=100 _=/bin/grep -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de UxBoD Enviado el: viernes, 19 de octubre de 2007 14:13 Para: MailScanner discussion Asunto: Re: Weird Problem with MailScanner Was there anything in /var/log/messages that showed a problem ? How many MS child processes were set to run ? Even with very little memory it should at least process some emails. What RBLs were you checking against ? Quite are few are no longer running so if you are trying to query them you will get a very long wait and timeouts which maybe where the problem is. IMHO you could try removing the RBL list from your MailScanner.conf so at least virri scanning is still performed, and see if that makes a difference. We really need to see the following :- 1) Number of MS child processes set to spawn 2) MS run in debug mode 3) A lint of your SA configuration 4) ps ef | grep MailScanner when the problem is occuring Hope we can help you. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Damian Rivas" To: "MailScanner discussion" Sent: Friday, October 19, 2007 4:37:35 PM (GMT) Africa/Casablanca Subject: RE: Weird Problem with MailScanner Mensaje Yeah, I was thinking in upgrading the hardware, but for me that means: installing an entirely new server. But I wanted to know if it can be a software error to fix the problem at least temporarily to give me time to install the new and upgraded server. Thanks for the data on memory minimun recommendation Gareth. -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Gareth Enviado el: viernes, 19 de octubre de 2007 13:32 Para: MailScanner discussion Asunto: RE: Weird Problem with MailScanner I would say it is seriously in need of a memory upgrade. The minimum recomendation is 1GB. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas Sent: 19 October 2007 17:22 To: mailscanner@lists.mailscanner.info Subject: Weird Problem with MailScanner Hi there, I'm having a really weird problem and as I am a n00b it gets a bit more difficult to find a solution. I'll explain the details first: Since 6 months ago, I am the System Administrator of a Tourism Agency. We use an E-mail Scanner in a server with the following characteristics: Processor: Pentium II 233 Mhz. RAM: 128 MB OS: Linux Slackware 9 MailScanner version: 4.55.10 This E-mail Scanner use the MailScanner with Sophos Antivirus and Spam Assasin to filter spam and scan incoming and outcoming mails for viruses which are then redirected to an internal MS Exchange Server or to the Internet, respectively by sendmail. One month ago, the server started behaving erratically. Instead of checking and sending mails as it normally did, it started queueing mails massively and therefore accumulating great quantities of them, it got up to 10000 mails queued up in a single day, therefore, no one recieved a single mail. After many pointless attempts to repair this problem and seeing that the Travel Agents were getting a bit mad, I decided to redirect the MX server of our domains in the DNS to the firewall, so that our E-Mail Scanner server didn't recieve more mail, which was only going to contribute to making the problem worse, more incoming mails, more queued mails. With this, the server started sending the queued mails and mail traffic was restored with the difference that mails weren't scanned at all(they were no longer passing through the MailScanner Server). When the mail queues were empty again, I tried to reestablish the scanning service, but the problem appeared again. I don't have a clear idea of what can be causing this problem. The machine is pretty old, but the former administrator told me that it had never had problems. I think that perhaps we are being Spam Bombed and perhaps the System poor processing capabilities cannot resists the increasing traffic and therefore it gets stuck and keeps enqueueing mails. Please if anyone can guide me I'll appreciate it, Sorry if my English is a bit rusty, it is not my native language, therefore if you need me to be more clear or try to give more details of something, don't hesitate to ask so. Thanks in advance! -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- Starting MailScanner... In Debugging mode, not forking... [18128] dbg: logger: adding facilities: all [18128] dbg: logger: logging level is DBG [18128] dbg: generic: SpamAssassin version 3.1.5 [18128] dbg: config: score set 0 chosen. [18128] dbg: util: running in taint mode? no [18128] dbg: message: ---- MIME PARSER START ---- [18128] dbg: message: main message type: text/plain [18128] dbg: message: parsing normal part [18128] dbg: message: added part, type: text/plain [18128] dbg: message: ---- MIME PARSER END ---- [18128] dbg: dns: is Net::DNS::Resolver available? no [18128] dbg: ignore: test message to precompile patterns and load modules [18128] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [18128] dbg: config: read file /etc/mail/spamassassin/init.pre [18128] dbg: config: read file /etc/mail/spamassassin/v310.pre [18128] dbg: config: read file /etc/mail/spamassassin/v312.pre [18128] dbg: config: using "/usr/share/spamassassin" for sys rules pre files [18128] dbg: config: using "/usr/share/spamassassin" for default rules dir [18128] dbg: config: read file /usr/share/spamassassin/10_misc.cf [18128] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf [18128] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf [18128] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf [18128] dbg: config: read file /usr/share/spamassassin/20_compensate.cf [18128] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf [18128] dbg: config: read file /usr/share/spamassassin/20_drugs.cf [18128] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf [18128] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf [18128] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf [18128] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf [18128] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf [18128] dbg: config: read file /usr/share/spamassassin/20_phrases.cf [18128] dbg: config: read file /usr/share/spamassassin/20_porn.cf [18128] dbg: config: read file /usr/share/spamassassin/20_ratware.cf [18128] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf [18128] dbg: config: read file /usr/share/spamassassin/23_bayes.cf [18128] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf [18128] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf [18128] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf [18128] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf [18128] dbg: config: read file /usr/share/spamassassin/25_dcc.cf [18128] dbg: config: read file /usr/share/spamassassin/25_dkim.cf [18128] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf [18128] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf [18128] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf [18128] dbg: config: read file /usr/share/spamassassin/25_razor2.cf [18128] dbg: config: read file /usr/share/spamassassin/25_replace.cf [18128] dbg: config: read file /usr/share/spamassassin/25_spf.cf [18128] dbg: config: read file /usr/share/spamassassin/25_textcat.cf [18128] dbg: config: read file /usr/share/spamassassin/25_uribl.cf [18128] dbg: config: read file /usr/share/spamassassin/30_text_de.cf [18128] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf [18128] dbg: config: read file /usr/share/spamassassin/30_text_it.cf [18128] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf [18128] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf [18128] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf [18128] dbg: config: read file /usr/share/spamassassin/50_scores.cf [18128] dbg: config: read file /usr/share/spamassassin/60_awl.cf [18128] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf [18128] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf [18128] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf [18128] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf [18128] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf [18128] dbg: config: using "/etc/mail/spamassassin" for site rules dir [18128] dbg: config: read file /etc/mail/spamassassin/local.cf [18128] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [18128] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x951 eba0) [18128] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC [18128] dbg: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x955 0460) [18128] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [18128] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x900edcc) [18128] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [18128] dbg: pyzor: network tests on, attempting Pyzor [18128] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0x957668 0) [18128] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [18128] dbg: razor2: razor2 is not available [18128] dbg: plugin: registered Mail::SpamAssassin::Plugin::Razor2=HASH(0x95533 24) [18128] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [18128] dbg: reporter: local tests only, disabling SpamCop [18128] dbg: plugin: registered Mail::SpamAssassin::Plugin::SpamCop=HASH(0x95cf 198) [18128] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [18128] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x9723cbc) [18128] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold fro m @INC [18128] dbg: plugin: registered Mail::SpamAssassin::Plugin::AutoLearnThreshold= HASH(0x972b880) [18128] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [18128] dbg: plugin: registered Mail::SpamAssassin::Plugin::WhiteListSubject=HA SH(0x9733dd4) [18128] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [18128] dbg: plugin: registered Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9 73c024) [18128] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [18128] dbg: plugin: registered Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x 97474ec) [18128] dbg: config: adding redirector regex: /^http:\/\/chkpt\.zdnet\.com\/chk pt\/\w+\/(.*)$/i [18128] dbg: config: adding redirector regex: /^http:\/\/www(?:\d+)?\.nate\.com \/r\/\w+\/(.*)$/i [18128] dbg: config: adding redirector regex: /^http:\/\/.+\.gov\/(?:.*\/)?exte rnalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i [18128] dbg: config: adding redirector regex: /^http:\/\/redir\.internet\.com\/ .+?\/.+?\/(.*)$/i [18128] dbg: config: adding redirector regex: /^http:\/\/(?:.*?\.)?adtech\.de\/ .*(?:;|\|)link=(.*?)(?:;|$)/i [18128] dbg: config: adding redirector regex: m'^http.*?/redirect\.php\?.*(?<=[ ?&])goto=(.*?)(?:$|[&\#])'i [18128] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.co m/r\.cfm.*?&r=(.*)'i [18128] dbg: config: adding redirector regex: m'/(?:index.php)?\?.*(?<=[?&])URL =(.*?)(?:$|[&\#])'i [18128] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w {2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&\#])'i [18128] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w {2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s +&\#])'i [18128] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w {2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22 |["\s+&\#])'i [18128] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w {2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&\#])'i [18128] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x97474ec) im plements 'finish_parsing_end' [18128] dbg: replacetags: replacing tags [18128] dbg: replacetags: done replacing tags [18128] dbg: bayes: no dbs present, cannot tie DB R/O: /home/daniel/.spamassass in/bayes_toks [18128] dbg: config: score set 1 chosen. [18128] dbg: message: ---- MIME PARSER START ---- [18128] dbg: message: main message type: text/plain [18128] dbg: message: parsing normal part [18128] dbg: message: added part, type: text/plain [18128] dbg: message: ---- MIME PARSER END ---- [18128] dbg: bayes: no dbs present, cannot tie DB R/O: /home/daniel/.spamassass in/bayes_toks [18128] dbg: dns: is Net::DNS::Resolver available? no [18128] dbg: dns: is DNS available? 0 [18128] dbg: metadata: X-Spam-Relays-Trusted: [18128] dbg: metadata: X-Spam-Relays-Untrusted: [18128] dbg: metadata: X-Spam-Relays-Internal: [18128] dbg: metadata: X-Spam-Relays-External: [18128] dbg: message: no encoding detected [18128] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x951eba0) imple ments 'parsed_metadata' [18128] dbg: check: running tests for priority: 0 [18128] dbg: rules: running header regexp tests; score so far=0 [18128] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [18128] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1193062 857" [18128] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1193062857. 66171@spamassassin_spamd_init> [18128] dbg: rules: " [18128] dbg: rules: ran header rule NO_REAL_NAME ======> got hit: "ignore@compi ling.spamassassin.taint.org [18128] dbg: rules: " [18128] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@spamassa ssin_spamd_init>" [18128] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org [18128] dbg: eval: all '*To' addrs: [18128] dbg: rules: ran eval rule NO_RELAYS ======> got hit [18128] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit [18128] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit [18128] dbg: rules: running body-text per-line regexp tests; score so far=0.738 [18128] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" [18128] dbg: uri: running uri tests; score so far=0.738 [18128] dbg: rules: running raw-body-text per-line regexp tests; score so far=0 .738 [18128] dbg: rules: running full-text regexp tests; score so far=0.738 [18128] dbg: util: current PATH is: /sbin:/bin:/usr/sbin:/usr/bin [18128] dbg: pyzor: pyzor is not available: no pyzor executable found [18128] dbg: pyzor: no pyzor found, disabling Pyzor [18128] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x951eba0) imple ments 'check_tick' [18128] dbg: check: running tests for priority: 500 [18128] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x951eba0) imple ments 'check_post_dnsbl' [18128] dbg: rules: running meta tests; score so far=0.738 [18128] info: rules: meta test DIGEST_MULTIPLE has undefined dependency 'DCC_CH ECK' [18128] dbg: rules: running header regexp tests; score so far=2.216 [18128] dbg: rules: running body-text per-line regexp tests; score so far=2.216 [18128] dbg: uri: running uri tests; score so far=2.216 [18128] dbg: rules: running raw-body-text per-line regexp tests; score so far=2 .216 [18128] dbg: rules: running full-text regexp tests; score so far=2.216 [18128] dbg: check: running tests for priority: 1000 [18128] dbg: rules: running meta tests; score so far=2.216 [18128] dbg: rules: running header regexp tests; score so far=2.216 [18128] dbg: locker: safe_lock: created /home/daniel/.spamassassin/auto-whiteli st.lock.ns4.cht.com.ar.18128 [18128] dbg: locker: safe_lock: trying to get lock on /home/daniel/.spamassassi n/auto-whitelist with 0 retries [18128] dbg: locker: safe_lock: link to /home/daniel/.spamassassin/auto-whiteli st.lock: link ok [18128] dbg: auto-whitelist: tie-ing to DB file of type DB_File R/W in /home/da niel/.spamassassin/auto-whitelist [18128] dbg: auto-whitelist: db-based ignore@compiling.spamassassin.taint.org|i p=none scores 0/0 [18128] dbg: auto-whitelist: AWL active, pre-score: 2.216, autolearn score: 2.2 16, mean: undef, IP: undef [18128] dbg: auto-whitelist: DB addr list: untie-ing and unlocking [18128] dbg: auto-whitelist: DB addr list: file locked, breaking lock [18128] dbg: locker: safe_unlock: unlink /home/daniel/.spamassassin/auto-whitel ist.lock [18128] dbg: auto-whitelist: post auto-whitelist score: 2.216 [18128] dbg: rules: running body-text per-line regexp tests; score so far=2.216 [18128] dbg: uri: running uri tests; score so far=2.216 [18128] dbg: rules: running raw-body-text per-line regexp tests; score so far=2 .216 [18128] dbg: rules: running full-text regexp tests; score so far=2.216 [18128] dbg: check: is spam? score=2.216 required=5 [18128] dbg: check: tests=MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEI VED,NO_RELAYS,TO_CC_NONE [18128] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NO NEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID Cannot create temporary Work Dir /var/spool/MailScanner/incoming/18128. Are the permissions and ownership of /var/spool/MailScanner/incoming correct? at /opt/ MailScanner/lib/MailScanner/WorkArea.pm line 152 From damian at cht.com.ar Mon Oct 22 15:27:44 2007 From: damian at cht.com.ar (Damian Rivas) Date: Mon Oct 22 15:31:34 2007 Subject: Weird Problem with MailScanner Message-ID: <484E9B509664CA499A78F777A2D59A3002763A@server6.chtnet.com.ar> Ok, i'll check that up, thanks for the tip Jason. -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Jason Ede Enviado el: lunes, 22 de octubre de 2007 10:56 Para: MailScanner discussion Asunto: RE: RE: RE: Weird Problem with MailScanner After you've tried optimising then... I'd consider using the spamhaus blacklists at the very least to reject mails at smtp level... Then try using recipient verification (also at smtp level...) (On postfix just reject_unverified_recipient) which checks if its deliverable to its destination servers... No point accepting it if you can't deliver it... Jason From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas [damian@cht.com.ar] Sent: 22 October 2007 14:41 To: MailScanner discussion Subject: RE: RE: Weird Problem with MailScanner It catches and accepts e-mails for our pack of domains: cht.com.ar, aaovyt.com.ar, skalbue.com.ar, hispanoamericana.com.ar, cieduc.com.ar and ci-educ.com.ar. The main problem is that domains like hispanoamericana are way too old and recieve lots of spam messages. The main domain, cht.com.ar recieves a lot of mails daily, the problem with this is that it is difficult for me to find a good filter policy, because as it is a Travel Agency it recieves mails from hotels and other agencies, so, if I put a strict filter of "if you are not in my Exchange contact list you cannot pass" this mails are not likely entering any way and that is not the idea. I'm following up some guidelines that UxBoD sent me in one of the links to accelerate MS, so I'll let you know if things go better. I think that a BackScatter attack is very likely to be happening. Until these last months, there was never a single problem, so something strange might have happened to increase the SPAM bombing and therefore to turn the old server useless. And about upgrading memory, I think that it would be cheaper (at least in Argentina PC100 Memories are very expensive as they aren't produced anymore) and have more sense to directly make an entire new server, with better processor and better memory. I was thinking in a 1Ghz processor, is it ok? Which are the minimum recommended requisites? ___________________________________________________ Dami?n Rivas Administrador de Hardware y Redes Departamento de Sistemas Consult House Turismo S.A. Tel: 4315-1900 email: damian@cht.com.ar web: www.cht.com.ar -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Jason Ede Enviado el: lunes, 22 de octubre de 2007 10:08 Para: MailScanner discussion Asunto: RE: RE: Weird Problem with MailScanner What domains do you accept email for? Are you sure its not operating as an open gateway? Jason From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas [damian@cht.com.ar] Sent: 22 October 2007 13:48 To: MailScanner discussion Subject: RE: Weird Problem with MailScanner Ok, here we go again. How was your weekend people? Ugo, here is the output you asked for: vmstat 5 10: procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu---- r b swpd free buff cache si so bi bo in cs us sy id wa 0 0 105712 46416 14388 53324 5 3 1 8 13 11 21 1 78 0 0 0 105712 46264 14392 53324 0 0 0 10 111 171 0 0 99 0 0 0 105712 46196 14408 53324 0 0 0 24 108 170 0 1 99 0 0 0 105712 46128 14448 53324 0 0 0 39 112 179 0 0 100 0 0 0 105712 46132 14456 53324 0 0 0 54 124 174 0 0 100 0 1 0 105712 44988 14496 53424 0 0 21 89 123 176 8 4 88 0 0 0 105712 45464 14512 53548 0 0 24 28 110 162 8 3 89 0 0 0 105712 45264 14628 53612 0 0 22 138 138 208 9 4 87 0 0 0 105712 46036 14668 53596 0 0 0 61 114 179 0 0 100 0 2 0 105712 46028 14676 53596 0 0 0 4 105 166 0 0 100 0 I'm also attaching a bit of the output of a tail -f /var/log/maillog for you to see, there's too much spam and false addresses which slowing down MS a lot. There are still about 28k messages!(on Friday there were 45k!!!!). UxBoD, you told me to run the init.d script to stop the MS, the problem is Slackware uses the traditional BSD Init, so I went to the 'rc.d' directory but couldn't found, or couldn't figure out were the script for stoping MS is, sorry for my ignorance again. As always thank you people for your valuable help. Regards.- -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Ugo Bellavance Enviado el: domingo, 21 de octubre de 2007 11:17 Para: mailscanner@lists.mailscanner.info Asunto: Re: Weird Problem with MailScanner Damian Rivas wrote: > 1) There are 3 MS childs running That is way too much. Your system is probably swapping like crazy. Set it to '1' in /etc/MailScanner/MailScanner.conf and do a 'service MailScanner restart' (assuming redhat/centos) Can you send us the output of : 'vmstat 5 10' (will take 50 seconds to execute) Did you check if memory was available for this system? If it is and if it is not too expensive, I'll add at least another 128 (more if you can). Ugo -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From damian at cht.com.ar Mon Oct 22 15:42:02 2007 From: damian at cht.com.ar (Damian Rivas) Date: Mon Oct 22 15:45:54 2007 Subject: Weird Problem with MailScanner Message-ID: <484E9B509664CA499A78F777A2D59A3002763B@server6.chtnet.com.ar> Paul Houselander: I forgot to answer you your question, yes there are lots of underivable messages, but they are not the most, the biggest portion of mails stuck are spam, however underivable messages are a considerable number and perhaps you are probably right and the server is under a backscatter attack. I'll check the documentation you sent me. There is no doubt, I'll have to implement a recipient checking at smtp level(as Jason has advised me). -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Paul Houselander Enviado el: viernes, 19 de octubre de 2007 13:52 Para: MailScanner discussion Asunto: RE: Weird Problem with MailScanner Were lots of the messages undeliverable messages? In which case it could be your domain was under a backscatter attack see - http://spamlinks.net/prevent-secure-backscatter.htm Ive had this happen to various customers where all of a sudden there incommg e-mail shoots up to ridiculous levels. The quickest form of defence would be to implement some sort of recipient verification - I use mimedefang to achieve this here (sendmail). Before sendmail accepts the e-mail it checks if the recipient is indeed a valid user on your exchange box. You need to be running at least Exchange 2003 and above and enable recipient filtering http://support.microsoft.com/kb/886208 If the messages were not lots of undeliverable messages and all to valid recipients I would agree with the other reply that your server sounds like it needs an upgrade to cope. Cheers Paul -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Gareth Sent: 19 October 2007 17:32 To: MailScanner discussion Subject: RE: Weird Problem with MailScanner {Scanned by Allteks Mailsafe} I would say it is seriously in need of a memory upgrade. The minimum recomendation is 1GB. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Damian Rivas Sent: 19 October 2007 17:22 To: mailscanner@lists.mailscanner.info Subject: Weird Problem with MailScanner Hi there, I'm having a really weird problem and as I am a n00b it gets a bit more difficult to find a solution. I'll explain the details first: Since 6 months ago, I am the System Administrator of a Tourism Agency. We use an E-mail Scanner in a server with the following characteristics: Processor: Pentium II 233 Mhz. RAM: 128 MB OS: Linux Slackware 9 MailScanner version: 4.55.10 This E-mail Scanner use the MailScanner with Sophos Antivirus and Spam Assasin to filter spam and scan incoming and outcoming mails for viruses which are then redirected to an internal MS Exchange Server or to the Internet, respectively by sendmail. One month ago, the server started behaving erratically. Instead of checking and sending mails as it normally did, it started queueing mails massively and therefore accumulating great quantities of them, it got up to 10000 mails queued up in a single day, therefore, no one recieved a single mail. After many pointless attempts to repair this problem and seeing that the Travel Agents were getting a bit mad, I decided to redirect the MX server of our domains in the DNS to the firewall, so that our E-Mail Scanner server didn't recieve more mail, which was only going to contribute to making the problem worse, more incoming mails, more queued mails. With this, the server started sending the queued mails and mail traffic was restored with the difference that mails weren't scanned at all(they were no longer passing through the MailScanner Server). When the mail queues were empty again, I tried to reestablish the scanning service, but the problem appeared again. I don't have a clear idea of what can be causing this problem. The machine is pretty old, but the former administrator told me that it had never had problems. I think that perhaps we are being Spam Bombed and perhaps the System poor processing capabilities cannot resists the increasing traffic and therefore it gets stuck and keeps enqueueing mails. Please if anyone can guide me I'll appreciate it, Sorry if my English is a bit rusty, it is not my native language, therefore if you need me to be more clear or try to give more details of something, don't hesitate to ask so. Thanks in advance! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071022/2cf0131a/attachment.html From mikael at syska.dk Mon Oct 22 15:58:15 2007 From: mikael at syska.dk (Mikael Syska) Date: Mon Oct 22 15:58:57 2007 Subject: Weird Problem with MailScanner In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C0714BEE6@server02.bhl.local> References: <484E9B509664CA499A78F777A2D59A30027638@server6.chtnet.com.ar> <4CAB0118AEC63A4FAAE77E6BCBDF760C0714BEE6@server02.bhl.local> Message-ID: <471CBA87.8090303@syska.dk> Hi Jason, A little offtopic maybe, but I hope people dont mind me jumping in here. You talk about recipient verification ....Can this be done to multiple hosts? Right now we have a mysql transport_maps_table witch tells where to deliver the mail .... would it be possible to verify recipient with external smtp hosts or would that maybe give a too big overhead of traffic vs just receive and scan .... ? But what happens if the smtp in the other end does not answer? Will the mail be dropped? or just try to verify later ? best regards Mikael Syska You just g Jason Ede wrote: > After you've tried optimising then... > > I'd consider using the spamhaus blacklists at the very least to reject mails at smtp level... > > Then try using recipient verification (also at smtp level...) (On postfix just reject_unverified_recipient) which checks if its deliverable to its destination servers... No point accepting it if you can't deliver it... > > Jason > > From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas [damian@cht.com.ar] > Sent: 22 October 2007 14:41 > To: MailScanner discussion > Subject: RE: RE: Weird Problem with MailScanner > > It catches and accepts e-mails for our pack of domains: cht.com.ar, aaovyt.com.ar, skalbue.com.ar, hispanoamericana.com.ar, cieduc.com.ar and ci-educ.com.ar. > > The main problem is that domains like hispanoamericana are way too old and recieve lots of spam messages. The main domain, cht.com.ar recieves a lot of mails daily, the problem with this is that it is difficult for me to find a good filter policy, because as it is a Travel Agency it recieves mails from hotels and other agencies, so, if I put a strict filter of "if you are not in my Exchange contact list you cannot pass" this mails are not likely entering any way and that is not the idea. > > I'm following up some guidelines that UxBoD sent me in one of the links to accelerate MS, so I'll let you know if things go better. > > I think that a BackScatter attack is very likely to be happening. Until these last months, there was never a single problem, so something strange might have happened to increase the SPAM bombing and therefore to turn the old server useless. > > And about upgrading memory, I think that it would be cheaper (at least in Argentina PC100 Memories are very expensive as they aren't produced anymore) and have more sense to directly make an entire new server, with better processor and better memory. I was thinking in a 1Ghz processor, is it ok? Which are the minimum recommended requisites? > > ___________________________________________________ > > Dami?n Rivas > Administrador de Hardware y Redes > Departamento de Sistemas > Consult House Turismo S.A. > Tel: 4315-1900 > email: damian@cht.com.ar > web: www.cht.com.ar > > > -----Mensaje original----- > De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Jason Ede > Enviado el: lunes, 22 de octubre de 2007 10:08 > Para: MailScanner discussion > Asunto: RE: RE: Weird Problem with MailScanner > > > What domains do you accept email for? Are you sure its not operating as an open gateway? > > Jason > > From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas [damian@cht.com.ar] > Sent: 22 October 2007 13:48 > To: MailScanner discussion > Subject: RE: Weird Problem with MailScanner > > Ok, here we go again. How was your weekend people? > > Ugo, here is the output you asked for: > > vmstat 5 10: > > procs -----------memory---------- ---swap-- -----io---- --system-- > ----cpu---- > r b swpd free buff cache si so bi bo in cs us sy > id wa > 0 0 105712 46416 14388 53324 5 3 1 8 13 11 21 1 > 78 0 > 0 0 105712 46264 14392 53324 0 0 0 10 111 171 0 0 > 99 0 > 0 0 105712 46196 14408 53324 0 0 0 24 108 170 0 1 > 99 0 > 0 0 105712 46128 14448 53324 0 0 0 39 112 179 0 0 > 100 0 > 0 0 105712 46132 14456 53324 0 0 0 54 124 174 0 0 > 100 0 > 1 0 105712 44988 14496 53424 0 0 21 89 123 176 8 4 > 88 0 > 0 0 105712 45464 14512 53548 0 0 24 28 110 162 8 3 > 89 0 > 0 0 105712 45264 14628 53612 0 0 22 138 138 208 9 4 > 87 0 > 0 0 105712 46036 14668 53596 0 0 0 61 114 179 0 0 > 100 0 > 2 0 105712 46028 14676 53596 0 0 0 4 105 166 0 0 > 100 0 > > I'm also attaching a bit of the output of a tail -f /var/log/maillog for you to see, there's too much spam and false addresses which slowing down MS a lot. There are still about 28k messages!(on Friday there were 45k!!!!). > > UxBoD, you told me to run the init.d script to stop the MS, the problem is Slackware uses the traditional BSD Init, so I went to the 'rc.d' directory but couldn't found, or couldn't figure out were the script for stoping MS is, sorry for my ignorance again. > > As always thank you people for your valuable help. > > Regards.- > > > -----Mensaje original----- > De: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Ugo Bellavance Enviado el: domingo, 21 de octubre de 2007 11:17 > Para: mailscanner@lists.mailscanner.info > Asunto: Re: Weird Problem with MailScanner > > > Damian Rivas wrote: > >> 1) There are 3 MS childs running >> > > That is way too much. Your system is probably swapping like crazy. Set it to '1' in /etc/MailScanner/MailScanner.conf and do a 'service MailScanner restart' (assuming redhat/centos) > > Can you send us the output of : > > 'vmstat 5 10' (will take 50 seconds to execute) > > Did you check if memory was available for this system? If it is and if it is not too expensive, I'll add at least another 128 (more if you can). > > Ugo > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From J.Ede at birchenallhowden.co.uk Mon Oct 22 16:14:42 2007 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Mon Oct 22 16:15:08 2007 Subject: Weird Problem with MailScanner In-Reply-To: <471CBA87.8090303@syska.dk> References: <484E9B509664CA499A78F777A2D59A30027638@server6.chtnet.com.ar> <4CAB0118AEC63A4FAAE77E6BCBDF760C0714BEE6@server02.bhl.local>, <471CBA87.8090303@syska.dk> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C0714BEE7@server02.bhl.local> We use postfix with recipient verification... After a bit of testing (couldn't find an answer in the docs) it appears that it uses the transport maps to verify the address to which it should deliver the email, which makes sense... if the mx record points to the MailScanner box (which it must if you receive email for that domain) then using that is not a good idea. A lot of the exchange servers we deliver to have firewalls configured to only accept email from our IP and the recipient verification works a treat on all of them so far... It doesn't work if you've a catch all on your server as it accepts all email to that domain then... Bear in mind that if you add a user that has previously been detected as invalid it may take a while to pick this up if you use a database to store the verification results (recommended) From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mikael Syska [mikael@syska.dk] Sent: 22 October 2007 15:58 To: MailScanner discussion Subject: Re: Weird Problem with MailScanner Hi Jason, A little offtopic maybe, but I hope people dont mind me jumping in here. You talk about recipient verification ....Can this be done to multiple hosts? Right now we have a mysql transport_maps_table witch tells where to deliver the mail .... would it be possible to verify recipient with external smtp hosts or would that maybe give a too big overhead of traffic vs just receive and scan .... ? But what happens if the smtp in the other end does not answer? Will the mail be dropped? or just try to verify later ? best regards Mikael Syska You just g Jason Ede wrote: > After you've tried optimising then... > > I'd consider using the spamhaus blacklists at the very least to reject mails at smtp level... > > Then try using recipient verification (also at smtp level...) (On postfix just reject_unverified_recipient) which checks if its deliverable to its destination servers... No point accepting it if you can't deliver it... > > Jason > > From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas [damian@cht.com.ar] > Sent: 22 October 2007 14:41 > To: MailScanner discussion > Subject: RE: RE: Weird Problem with MailScanner > > It catches and accepts e-mails for our pack of domains: cht.com.ar, aaovyt.com.ar, skalbue.com.ar, hispanoamericana.com.ar, cieduc.com.ar and ci-educ.com.ar. > > The main problem is that domains like hispanoamericana are way too old and recieve lots of spam messages. The main domain, cht.com.ar recieves a lot of mails daily, the problem with this is that it is difficult for me to find a good filter policy, because as it is a Travel Agency it recieves mails from hotels and other agencies, so, if I put a strict filter of "if you are not in my Exchange contact list you cannot pass" this mails are not likely entering any way and that is not the idea. > > I'm following up some guidelines that UxBoD sent me in one of the links to accelerate MS, so I'll let you know if things go better. > > I think that a BackScatter attack is very likely to be happening. Until these last months, there was never a single problem, so something strange might have happened to increase the SPAM bombing and therefore to turn the old server useless. > > And about upgrading memory, I think that it would be cheaper (at least in Argentina PC100 Memories are very expensive as they aren't produced anymore) and have more sense to directly make an entire new server, with better processor and better memory. I was thinking in a 1Ghz processor, is it ok? Which are the minimum recommended requisites? > > ___________________________________________________ > > Dami?n Rivas > Administrador de Hardware y Redes > Departamento de Sistemas > Consult House Turismo S.A. > Tel: 4315-1900 > email: damian@cht.com.ar > web: www.cht.com.ar > > > -----Mensaje original----- > De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Jason Ede > Enviado el: lunes, 22 de octubre de 2007 10:08 > Para: MailScanner discussion > Asunto: RE: RE: Weird Problem with MailScanner > > > What domains do you accept email for? Are you sure its not operating as an open gateway? > > Jason > > From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas [damian@cht.com.ar] > Sent: 22 October 2007 13:48 > To: MailScanner discussion > Subject: RE: Weird Problem with MailScanner > > Ok, here we go again. How was your weekend people? > > Ugo, here is the output you asked for: > > vmstat 5 10: > > procs -----------memory---------- ---swap-- -----io---- --system-- > ----cpu---- > r b swpd free buff cache si so bi bo in cs us sy > id wa > 0 0 105712 46416 14388 53324 5 3 1 8 13 11 21 1 > 78 0 > 0 0 105712 46264 14392 53324 0 0 0 10 111 171 0 0 > 99 0 > 0 0 105712 46196 14408 53324 0 0 0 24 108 170 0 1 > 99 0 > 0 0 105712 46128 14448 53324 0 0 0 39 112 179 0 0 > 100 0 > 0 0 105712 46132 14456 53324 0 0 0 54 124 174 0 0 > 100 0 > 1 0 105712 44988 14496 53424 0 0 21 89 123 176 8 4 > 88 0 > 0 0 105712 45464 14512 53548 0 0 24 28 110 162 8 3 > 89 0 > 0 0 105712 45264 14628 53612 0 0 22 138 138 208 9 4 > 87 0 > 0 0 105712 46036 14668 53596 0 0 0 61 114 179 0 0 > 100 0 > 2 0 105712 46028 14676 53596 0 0 0 4 105 166 0 0 > 100 0 > > I'm also attaching a bit of the output of a tail -f /var/log/maillog for you to see, there's too much spam and false addresses which slowing down MS a lot. There are still about 28k messages!(on Friday there were 45k!!!!). > > UxBoD, you told me to run the init.d script to stop the MS, the problem is Slackware uses the traditional BSD Init, so I went to the 'rc.d' directory but couldn't found, or couldn't figure out were the script for stoping MS is, sorry for my ignorance again. > > As always thank you people for your valuable help. > > Regards.- > > > -----Mensaje original----- > De: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Ugo Bellavance Enviado el: domingo, 21 de octubre de 2007 11:17 > Para: mailscanner@lists.mailscanner.info > Asunto: Re: Weird Problem with MailScanner > > > Damian Rivas wrote: > >> 1) There are 3 MS childs running >> > > That is way too much. Your system is probably swapping like crazy. Set it to '1' in /etc/MailScanner/MailScanner.conf and do a 'service MailScanner restart' (assuming redhat/centos) > > Can you send us the output of : > > 'vmstat 5 10' (will take 50 seconds to execute) > > Did you check if memory was available for this system? If it is and if it is not too expensive, I'll add at least another 128 (more if you can). > > Ugo > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From arturs at netvision.net.il Mon Oct 22 16:16:05 2007 From: arturs at netvision.net.il (Arthur Sherman) Date: Mon Oct 22 16:17:11 2007 Subject: Very long filenames Message-ID: <00d301c814be$77359080$0200000a@dell> Is this considered a long filename? Report: MailScanner: Very long filenames are good signs of attacks against Microsoft e-mail packages (B_17PCs9ezwrPX.wmv) Thanks! Arthur From J.Ede at birchenallhowden.co.uk Mon Oct 22 16:16:33 2007 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Mon Oct 22 16:20:13 2007 Subject: Weird Problem with MailScanner In-Reply-To: <471CBA87.8090303@syska.dk> References: <484E9B509664CA499A78F777A2D59A30027638@server6.chtnet.com.ar> <4CAB0118AEC63A4FAAE77E6BCBDF760C0714BEE6@server02.bhl.local>, <471CBA87.8090303@syska.dk> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C0714BEE8@server02.bhl.local> Oops... Forgot to address last point... If the address can't be verified then the email won't be accepted and will be rejected with a 550 (I think) user not found error... Normally if you use a cache then its not a problem for temporary outages as the verified recipients remain verified for a few days anyway (configurable) For more info read.... http://www.postfix.org/ADDRESS_VERIFICATION_README.html Jason From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mikael Syska [mikael@syska.dk] Sent: 22 October 2007 15:58 To: MailScanner discussion Subject: Re: Weird Problem with MailScanner Hi Jason, A little offtopic maybe, but I hope people dont mind me jumping in here. You talk about recipient verification ....Can this be done to multiple hosts? Right now we have a mysql transport_maps_table witch tells where to deliver the mail .... would it be possible to verify recipient with external smtp hosts or would that maybe give a too big overhead of traffic vs just receive and scan .... ? But what happens if the smtp in the other end does not answer? Will the mail be dropped? or just try to verify later ? best regards Mikael Syska You just g Jason Ede wrote: > After you've tried optimising then... > > I'd consider using the spamhaus blacklists at the very least to reject mails at smtp level... > > Then try using recipient verification (also at smtp level...) (On postfix just reject_unverified_recipient) which checks if its deliverable to its destination servers... No point accepting it if you can't deliver it... > > Jason > > From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas [damian@cht.com.ar] > Sent: 22 October 2007 14:41 > To: MailScanner discussion > Subject: RE: RE: Weird Problem with MailScanner > > It catches and accepts e-mails for our pack of domains: cht.com.ar, aaovyt.com.ar, skalbue.com.ar, hispanoamericana.com.ar, cieduc.com.ar and ci-educ.com.ar. > > The main problem is that domains like hispanoamericana are way too old and recieve lots of spam messages. The main domain, cht.com.ar recieves a lot of mails daily, the problem with this is that it is difficult for me to find a good filter policy, because as it is a Travel Agency it recieves mails from hotels and other agencies, so, if I put a strict filter of "if you are not in my Exchange contact list you cannot pass" this mails are not likely entering any way and that is not the idea. > > I'm following up some guidelines that UxBoD sent me in one of the links to accelerate MS, so I'll let you know if things go better. > > I think that a BackScatter attack is very likely to be happening. Until these last months, there was never a single problem, so something strange might have happened to increase the SPAM bombing and therefore to turn the old server useless. > > And about upgrading memory, I think that it would be cheaper (at least in Argentina PC100 Memories are very expensive as they aren't produced anymore) and have more sense to directly make an entire new server, with better processor and better memory. I was thinking in a 1Ghz processor, is it ok? Which are the minimum recommended requisites? > > ___________________________________________________ > > Dami?n Rivas > Administrador de Hardware y Redes > Departamento de Sistemas > Consult House Turismo S.A. > Tel: 4315-1900 > email: damian@cht.com.ar > web: www.cht.com.ar > > > -----Mensaje original----- > De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Jason Ede > Enviado el: lunes, 22 de octubre de 2007 10:08 > Para: MailScanner discussion > Asunto: RE: RE: Weird Problem with MailScanner > > > What domains do you accept email for? Are you sure its not operating as an open gateway? > > Jason > > From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas [damian@cht.com.ar] > Sent: 22 October 2007 13:48 > To: MailScanner discussion > Subject: RE: Weird Problem with MailScanner > > Ok, here we go again. How was your weekend people? > > Ugo, here is the output you asked for: > > vmstat 5 10: > > procs -----------memory---------- ---swap-- -----io---- --system-- > ----cpu---- > r b swpd free buff cache si so bi bo in cs us sy > id wa > 0 0 105712 46416 14388 53324 5 3 1 8 13 11 21 1 > 78 0 > 0 0 105712 46264 14392 53324 0 0 0 10 111 171 0 0 > 99 0 > 0 0 105712 46196 14408 53324 0 0 0 24 108 170 0 1 > 99 0 > 0 0 105712 46128 14448 53324 0 0 0 39 112 179 0 0 > 100 0 > 0 0 105712 46132 14456 53324 0 0 0 54 124 174 0 0 > 100 0 > 1 0 105712 44988 14496 53424 0 0 21 89 123 176 8 4 > 88 0 > 0 0 105712 45464 14512 53548 0 0 24 28 110 162 8 3 > 89 0 > 0 0 105712 45264 14628 53612 0 0 22 138 138 208 9 4 > 87 0 > 0 0 105712 46036 14668 53596 0 0 0 61 114 179 0 0 > 100 0 > 2 0 105712 46028 14676 53596 0 0 0 4 105 166 0 0 > 100 0 > > I'm also attaching a bit of the output of a tail -f /var/log/maillog for you to see, there's too much spam and false addresses which slowing down MS a lot. There are still about 28k messages!(on Friday there were 45k!!!!). > > UxBoD, you told me to run the init.d script to stop the MS, the problem is Slackware uses the traditional BSD Init, so I went to the 'rc.d' directory but couldn't found, or couldn't figure out were the script for stoping MS is, sorry for my ignorance again. > > As always thank you people for your valuable help. > > Regards.- > > > -----Mensaje original----- > De: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Ugo Bellavance Enviado el: domingo, 21 de octubre de 2007 11:17 > Para: mailscanner@lists.mailscanner.info > Asunto: Re: Weird Problem with MailScanner > > > Damian Rivas wrote: > >> 1) There are 3 MS childs running >> > > That is way too much. Your system is probably swapping like crazy. Set it to '1' in /etc/MailScanner/MailScanner.conf and do a 'service MailScanner restart' (assuming redhat/centos) > > Can you send us the output of : > > 'vmstat 5 10' (will take 50 seconds to execute) > > Did you check if memory was available for this system? If it is and if it is not too expensive, I'll add at least another 128 (more if you can). > > Ugo > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From prandal at herefordshire.gov.uk Mon Oct 22 16:30:17 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Oct 22 16:30:23 2007 Subject: Weird Problem with MailScanner In-Reply-To: <484E9B509664CA499A78F777A2D59A30027638@server6.chtnet.com.ar> References: <484E9B509664CA499A78F777A2D59A30027638@server6.chtnet.com.ar> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA01E0542C@HC-MBX02.herefordshire.gov.uk> Damian, Which version of Spamassassin are you running? Can you post the output of MailScanner -V Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Damian Rivas > Sent: 22 October 2007 14:42 > To: MailScanner discussion > Subject: RE: RE: Weird Problem with MailScanner > > It catches and accepts e-mails for our pack of domains: > cht.com.ar, aaovyt.com.ar, skalbue.com.ar, > hispanoamericana.com.ar, cieduc.com.ar and ci-educ.com.ar. > > The main problem is that domains like hispanoamericana are > way too old and recieve lots of spam messages. The main > domain, cht.com.ar recieves a lot of mails daily, the problem > with this is that it is difficult for me to find a good > filter policy, because as it is a Travel Agency it recieves > mails from hotels and other agencies, so, if I put a strict > filter of "if you are not in my Exchange contact list you > cannot pass" this mails are not likely entering any way and > that is not the idea. > > I'm following up some guidelines that UxBoD sent me in one of > the links to accelerate MS, so I'll let you know if things go better. > > I think that a BackScatter attack is very likely to be > happening. Until these last months, there was never a single > problem, so something strange might have happened to increase > the SPAM bombing and therefore to turn the old server useless. > > And about upgrading memory, I think that it would be cheaper > (at least in Argentina PC100 Memories are very expensive as > they aren't produced anymore) and have more sense to directly > make an entire new server, with better processor and better > memory. I was thinking in a 1Ghz processor, is it ok? Which > are the minimum recommended requisites? > > ___________________________________________________ > > Dami?n Rivas > Administrador de Hardware y Redes > Departamento de Sistemas > Consult House Turismo S.A. > Tel: 4315-1900 > email: damian@cht.com.ar > web: www.cht.com.ar > > > -----Mensaje original----- > De: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre > de Jason Ede > Enviado el: lunes, 22 de octubre de 2007 10:08 > Para: MailScanner discussion > Asunto: RE: RE: Weird Problem with MailScanner > > > What domains do you accept email for? Are you sure its not > operating as an open gateway? > > Jason > > From: mailscanner-bounces@lists.mailscanner.info > [mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Damian Rivas [damian@cht.com.ar] > Sent: 22 October 2007 13:48 > To: MailScanner discussion > Subject: RE: Weird Problem with MailScanner > > Ok, here we go again. How was your weekend people? > > Ugo, here is the output you asked for: > > vmstat 5 10: > > procs -----------memory---------- ---swap-- -----io---- --system-- > ----cpu---- > r b swpd free buff cache si so bi bo in > cs us sy > id wa > 0 0 105712 46416 14388 53324 5 3 1 8 13 > 11 21 1 > 78 0 > 0 0 105712 46264 14392 53324 0 0 0 10 111 > 171 0 0 > 99 0 > 0 0 105712 46196 14408 53324 0 0 0 24 108 > 170 0 1 > 99 0 > 0 0 105712 46128 14448 53324 0 0 0 39 112 > 179 0 0 > 100 0 > 0 0 105712 46132 14456 53324 0 0 0 54 124 > 174 0 0 > 100 0 > 1 0 105712 44988 14496 53424 0 0 21 89 123 > 176 8 4 > 88 0 > 0 0 105712 45464 14512 53548 0 0 24 28 110 > 162 8 3 > 89 0 > 0 0 105712 45264 14628 53612 0 0 22 138 138 > 208 9 4 > 87 0 > 0 0 105712 46036 14668 53596 0 0 0 61 114 > 179 0 0 > 100 0 > 2 0 105712 46028 14676 53596 0 0 0 4 105 > 166 0 0 > 100 0 > > I'm also attaching a bit of the output of a tail -f > /var/log/maillog for you to see, there's too much spam and > false addresses which slowing down MS a lot. There are still > about 28k messages!(on Friday there were 45k!!!!). > > UxBoD, you told me to run the init.d script to stop the MS, > the problem is Slackware uses the traditional BSD Init, so I > went to the 'rc.d' directory but couldn't found, or couldn't > figure out were the script for stoping MS is, sorry for my > ignorance again. > > As always thank you people for your valuable help. > > Regards.- > > > -----Mensaje original----- > De: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre > de Ugo Bellavance Enviado el: domingo, 21 de octubre de 2007 11:17 > Para: mailscanner@lists.mailscanner.info > Asunto: Re: Weird Problem with MailScanner > > > Damian Rivas wrote: > > 1) There are 3 MS childs running > > That is way too much. Your system is probably swapping like > crazy. Set it to '1' in /etc/MailScanner/MailScanner.conf > and do a 'service MailScanner restart' (assuming redhat/centos) > > Can you send us the output of : > > 'vmstat 5 10' (will take 50 seconds to execute) > > Did you check if memory was available for this system? If it > is and if it is not too expensive, I'll add at least another > 128 (more if you can). > > Ugo > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From damian at cht.com.ar Mon Oct 22 16:34:20 2007 From: damian at cht.com.ar (Damian Rivas) Date: Mon Oct 22 16:38:20 2007 Subject: Weird Problem with MailScanner Message-ID: <484E9B509664CA499A78F777A2D59A3002763C@server6.chtnet.com.ar> I have sendmail, not postfix as my MTA. I've been checking and I have to download some packages like access_db to prevent Backscattering. I'll explain how things work here so that you can give me more accurate advice: I have a MX Linux server on the outside which is the one experimenting the weird problem, caused surely by the backscattering. Then, I have an internal MS Exchange 2003 server which recieves the filtered and scanned mails and sends the mails via SMTP to the MX Linux Server to be scanned before being sent. I can activate SMTP filtering in Exchange but the problem is that it checks the contacts in AD, if I don't have that contact it doesn't send the mail. Why is it a problem? As I stated before, this is a Travel Agency and is constantly recieving mails from new hotels, airlines, agencies, etc. With "new" I mean that they were unknown contacts until the reception of their mail, therefore there domain is not identified as a trusted or real one. So, if I use the MS Exchange filtering this will likely block the answers to this new domains. So the filtering, in my opinion should be done only in the MailScanner server, the thing is that I want to know which is your recommendation to build the filtering on sendmail and if there can be a solution with the MS Exchange filtering, perhaps I misunderstood the documentation. Thanks in advance! Regards.- -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Jason Ede Enviado el: lunes, 22 de octubre de 2007 12:17 Para: MailScanner discussion Asunto: RE: Weird Problem with MailScanner Oops... Forgot to address last point... If the address can't be verified then the email won't be accepted and will be rejected with a 550 (I think) user not found error... Normally if you use a cache then its not a problem for temporary outages as the verified recipients remain verified for a few days anyway (configurable) For more info read.... http://www.postfix.org/ADDRESS_VERIFICATION_README.html Jason From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mikael Syska [mikael@syska.dk] Sent: 22 October 2007 15:58 To: MailScanner discussion Subject: Re: Weird Problem with MailScanner Hi Jason, A little offtopic maybe, but I hope people dont mind me jumping in here. You talk about recipient verification ....Can this be done to multiple hosts? Right now we have a mysql transport_maps_table witch tells where to deliver the mail .... would it be possible to verify recipient with external smtp hosts or would that maybe give a too big overhead of traffic vs just receive and scan .... ? But what happens if the smtp in the other end does not answer? Will the mail be dropped? or just try to verify later ? best regards Mikael Syska You just g Jason Ede wrote: > After you've tried optimising then... > > I'd consider using the spamhaus blacklists at the very least to reject > mails at smtp level... > > Then try using recipient verification (also at smtp level...) (On > postfix just reject_unverified_recipient) which checks if its > deliverable to its destination servers... No point accepting it if you > can't deliver it... > > Jason > > From: mailscanner-bounces@lists.mailscanner.info > [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas [damian@cht.com.ar] > Sent: 22 October 2007 14:41 > To: MailScanner discussion > Subject: RE: RE: Weird Problem with MailScanner > > It catches and accepts e-mails for our pack of domains: cht.com.ar, > aaovyt.com.ar, skalbue.com.ar, hispanoamericana.com.ar, cieduc.com.ar > and ci-educ.com.ar. > > The main problem is that domains like hispanoamericana are way too old > and recieve lots of spam messages. The main domain, cht.com.ar > recieves a lot of mails daily, the problem with this is that it is > difficult for me to find a good filter policy, because as it is a > Travel Agency it recieves mails from hotels and other agencies, so, if > I put a strict filter of "if you are not in my Exchange contact list > you cannot pass" this mails are not likely entering any way and that > is not the idea. > > I'm following up some guidelines that UxBoD sent me in one of the > links to accelerate MS, so I'll let you know if things go better. > > I think that a BackScatter attack is very likely to be happening. > Until these last months, there was never a single problem, so > something strange might have happened to increase the SPAM bombing and > therefore to turn the old server useless. > > And about upgrading memory, I think that it would be cheaper (at least > in Argentina PC100 Memories are very expensive as they aren't produced > anymore) and have more sense to directly make an entire new server, > with better processor and better memory. I was thinking in a 1Ghz > processor, is it ok? Which are the minimum recommended requisites? > > ___________________________________________________ > > Dami?n Rivas > Administrador de Hardware y Redes > Departamento de Sistemas > Consult House Turismo S.A. > Tel: 4315-1900 > email: damian@cht.com.ar > web: www.cht.com.ar > > > -----Mensaje original----- > De: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Jason > Ede Enviado el: lunes, 22 de octubre de 2007 10:08 > Para: MailScanner discussion > Asunto: RE: RE: Weird Problem with MailScanner > > > What domains do you accept email for? Are you sure its not operating > as an open gateway? > > Jason > > From: mailscanner-bounces@lists.mailscanner.info > [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas [damian@cht.com.ar] > Sent: 22 October 2007 13:48 > To: MailScanner discussion > Subject: RE: Weird Problem with MailScanner > > Ok, here we go again. How was your weekend people? > > Ugo, here is the output you asked for: > > vmstat 5 10: > > procs -----------memory---------- ---swap-- -----io---- --system-- > ----cpu---- > r b swpd free buff cache si so bi bo in cs us sy > id wa > 0 0 105712 46416 14388 53324 5 3 1 8 13 11 21 1 > 78 0 > 0 0 105712 46264 14392 53324 0 0 0 10 111 171 0 0 > 99 0 > 0 0 105712 46196 14408 53324 0 0 0 24 108 170 0 1 > 99 0 > 0 0 105712 46128 14448 53324 0 0 0 39 112 179 0 0 > 100 0 > 0 0 105712 46132 14456 53324 0 0 0 54 124 174 0 0 > 100 0 > 1 0 105712 44988 14496 53424 0 0 21 89 123 176 8 4 > 88 0 > 0 0 105712 45464 14512 53548 0 0 24 28 110 162 8 3 > 89 0 > 0 0 105712 45264 14628 53612 0 0 22 138 138 208 9 4 > 87 0 > 0 0 105712 46036 14668 53596 0 0 0 61 114 179 0 0 > 100 0 > 2 0 105712 46028 14676 53596 0 0 0 4 105 166 0 0 > 100 0 > > I'm also attaching a bit of the output of a tail -f /var/log/maillog > for you to see, there's too much spam and false addresses which > slowing down MS a lot. There are still about 28k messages!(on Friday > there were 45k!!!!). > > UxBoD, you told me to run the init.d script to stop the MS, the > problem is Slackware uses the traditional BSD Init, so I went to the > 'rc.d' directory but couldn't found, or couldn't figure out were the > script for stoping MS is, sorry for my ignorance again. > > As always thank you people for your valuable help. > > Regards.- > > > -----Mensaje original----- > De: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Ugo > Bellavance Enviado el: domingo, 21 de octubre de 2007 11:17 > Para: mailscanner@lists.mailscanner.info > Asunto: Re: Weird Problem with MailScanner > > > Damian Rivas wrote: > >> 1) There are 3 MS childs running >> > > That is way too much. Your system is probably swapping like crazy. > Set it to '1' in /etc/MailScanner/MailScanner.conf and do a 'service > MailScanner restart' (assuming redhat/centos) > > Can you send us the output of : > > 'vmstat 5 10' (will take 50 seconds to execute) > > Did you check if memory was available for this system? If it is and > if it is not too expensive, I'll add at least another 128 (more if you > can). > > Ugo > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From damian at cht.com.ar Mon Oct 22 16:37:08 2007 From: damian at cht.com.ar (Damian Rivas) Date: Mon Oct 22 16:40:59 2007 Subject: Weird Problem with MailScanner Message-ID: <484E9B509664CA499A78F777A2D59A3002763D@server6.chtnet.com.ar> Phil: The version of Spam Assassin is 3.1.5. Here is the output of MailScanner -v: Running on Linux ns4 2.4.26 #2 Mon Jun 14 19:05:05 PDT 2004 i686 unknown unknown GNU/Linux This is Perl version 5.008004 (5.8.4) This is MailScanner version 4.55.10 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.02 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.72 File::Basename 2.07 File::Copy 2.01 FileHandle 1.06 File::Path 0.16 File::Temp 0.90 Filesys::Df 1.23 HTML::Entities 3.26 HTML::Parser 2.24 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.03 MIME::QuotedPrint 5.420 MIME::Tools 0.11 Net::CIDR 1.08 POSIX 1.77 Socket 1.4 Sys::Hostname::Long 0.17 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.808 DB_File 1.13 DBD::SQLite 1.50 DBI 1.06 Digest missing Digest::HMAC 2.33 Digest::MD5 2.11 Digest::SHA1 missing Inline missing Mail::ClamAV 3.001005 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 1.24 Net::IP missing Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI 2.40 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced missing URI -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Randal, Phil Enviado el: lunes, 22 de octubre de 2007 12:30 Para: MailScanner discussion Asunto: RE: RE: Weird Problem with MailScanner Damian, Which version of Spamassassin are you running? Can you post the output of MailScanner -V Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Damian Rivas > Sent: 22 October 2007 14:42 > To: MailScanner discussion > Subject: RE: RE: Weird Problem with MailScanner > > It catches and accepts e-mails for our pack of domains: > cht.com.ar, aaovyt.com.ar, skalbue.com.ar, > hispanoamericana.com.ar, cieduc.com.ar and ci-educ.com.ar. > > The main problem is that domains like hispanoamericana are > way too old and recieve lots of spam messages. The main > domain, cht.com.ar recieves a lot of mails daily, the problem > with this is that it is difficult for me to find a good > filter policy, because as it is a Travel Agency it recieves > mails from hotels and other agencies, so, if I put a strict > filter of "if you are not in my Exchange contact list you > cannot pass" this mails are not likely entering any way and > that is not the idea. > > I'm following up some guidelines that UxBoD sent me in one of > the links to accelerate MS, so I'll let you know if things go better. > > I think that a BackScatter attack is very likely to be > happening. Until these last months, there was never a single > problem, so something strange might have happened to increase > the SPAM bombing and therefore to turn the old server useless. > > And about upgrading memory, I think that it would be cheaper > (at least in Argentina PC100 Memories are very expensive as > they aren't produced anymore) and have more sense to directly > make an entire new server, with better processor and better > memory. I was thinking in a 1Ghz processor, is it ok? Which > are the minimum recommended requisites? > > ___________________________________________________ > > Dami?n Rivas > Administrador de Hardware y Redes > Departamento de Sistemas > Consult House Turismo S.A. > Tel: 4315-1900 > email: damian@cht.com.ar > web: www.cht.com.ar > > > -----Mensaje original----- > De: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre > de Jason Ede > Enviado el: lunes, 22 de octubre de 2007 10:08 > Para: MailScanner discussion > Asunto: RE: RE: Weird Problem with MailScanner > > > What domains do you accept email for? Are you sure its not > operating as an open gateway? > > Jason > > From: mailscanner-bounces@lists.mailscanner.info > [mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Damian Rivas [damian@cht.com.ar] > Sent: 22 October 2007 13:48 > To: MailScanner discussion > Subject: RE: Weird Problem with MailScanner > > Ok, here we go again. How was your weekend people? > > Ugo, here is the output you asked for: > > vmstat 5 10: > > procs -----------memory---------- ---swap-- -----io---- --system-- > ----cpu---- > r b swpd free buff cache si so bi bo in > cs us sy > id wa > 0 0 105712 46416 14388 53324 5 3 1 8 13 > 11 21 1 > 78 0 > 0 0 105712 46264 14392 53324 0 0 0 10 111 > 171 0 0 > 99 0 > 0 0 105712 46196 14408 53324 0 0 0 24 108 > 170 0 1 > 99 0 > 0 0 105712 46128 14448 53324 0 0 0 39 112 > 179 0 0 > 100 0 > 0 0 105712 46132 14456 53324 0 0 0 54 124 > 174 0 0 > 100 0 > 1 0 105712 44988 14496 53424 0 0 21 89 123 > 176 8 4 > 88 0 > 0 0 105712 45464 14512 53548 0 0 24 28 110 > 162 8 3 > 89 0 > 0 0 105712 45264 14628 53612 0 0 22 138 138 > 208 9 4 > 87 0 > 0 0 105712 46036 14668 53596 0 0 0 61 114 > 179 0 0 > 100 0 > 2 0 105712 46028 14676 53596 0 0 0 4 105 > 166 0 0 > 100 0 > > I'm also attaching a bit of the output of a tail -f > /var/log/maillog for you to see, there's too much spam and > false addresses which slowing down MS a lot. There are still > about 28k messages!(on Friday there were 45k!!!!). > > UxBoD, you told me to run the init.d script to stop the MS, > the problem is Slackware uses the traditional BSD Init, so I > went to the 'rc.d' directory but couldn't found, or couldn't > figure out were the script for stoping MS is, sorry for my > ignorance again. > > As always thank you people for your valuable help. > > Regards.- > > > -----Mensaje original----- > De: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre > de Ugo Bellavance Enviado el: domingo, 21 de octubre de 2007 11:17 > Para: mailscanner@lists.mailscanner.info > Asunto: Re: Weird Problem with MailScanner > > > Damian Rivas wrote: > > 1) There are 3 MS childs running > > That is way too much. Your system is probably swapping like > crazy. Set it to '1' in /etc/MailScanner/MailScanner.conf > and do a 'service MailScanner restart' (assuming redhat/centos) > > Can you send us the output of : > > 'vmstat 5 10' (will take 50 seconds to execute) > > Did you check if memory was available for this system? If it > is and if it is not too expensive, I'll add at least another > 128 (more if you can). > > Ugo > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From shuttlebox at gmail.com Mon Oct 22 16:42:08 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Oct 22 16:42:14 2007 Subject: Very long filenames In-Reply-To: <00d301c814be$77359080$0200000a@dell> References: <00d301c814be$77359080$0200000a@dell> Message-ID: <625385e30710220842u44b2f1aeoace3f1099c9b5e55@mail.gmail.com> On 10/22/07, Arthur Sherman wrote: > > Is this considered a long filename? > > Report: MailScanner: Very long filenames are good signs of attacks against > Microsoft e-mail packages (B_17PCs9ezwrPX.wmv) The name is sanitized in the report, you can find the original name in the log. -- /peter From glenn.steen at gmail.com Mon Oct 22 18:07:55 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Oct 22 18:07:59 2007 Subject: Problem with Hebrew filenames In-Reply-To: <00ac01c814a8$aa46ff60$0200000a@dell> References: <00ac01c814a8$aa46ff60$0200000a@dell> Message-ID: <223f97700710221007w6a399a2cvd86f05b721ed9798@mail.gmail.com> On 22/10/2007, Arthur Sherman wrote: > > Although Hebrew is allowed in conf, MS blocks legit, quite short filenames: > > Report: MailScanner: Very long filenames are good signs of attacks against > Microsoft e-mail packages (%E4%F9%E5%F4%E8%FA %F9%EE%EE%F9%E9%EB%E4.doc) > > How can I fix this? > > TIA! > > Arthur > That is the sanitized filename, look in the log for the more... accurate.... name ... Or perhaps in the quarantined message. Some software, which we shall not name, nor point fingers (the one beside the index finger... no, not the thumb) at, have a nasty habit of using the first paragraph in a document as the filename.... Usually ending in things like .doc or .doc.pdf or whatnot... Might be your case... Educate your users, up the limit or just ... stand it:-):-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From hvdkooij at vanderkooij.org Mon Oct 22 19:07:32 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Oct 22 19:07:58 2007 Subject: Weird Problem with MailScanner In-Reply-To: <484E9B509664CA499A78F777A2D59A3002763C@server6.chtnet.com.ar> References: <484E9B509664CA499A78F777A2D59A3002763C@server6.chtnet.com.ar> Message-ID: <471CE6E4.2060602@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Damian Rivas wrote: > I have sendmail, not postfix as my MTA. I've been checking and I have to download some packages like access_db to prevent Backscattering. > > I'll explain how things work here so that you can give me more accurate advice: > > I have a MX Linux server on the outside which is the one experimenting the weird problem, caused surely by the backscattering. Then, I have an internal MS Exchange 2003 server which recieves the filtered and scanned mails and sends the mails via SMTP to the MX Linux Server to be scanned before being sent. > > I can activate SMTP filtering in Exchange but the problem is that it checks the contacts in AD, if I don't have that contact it doesn't send the mail. Why is it a problem? As I stated before, this is a Travel Agency and is constantly recieving mails from new hotels, airlines, agencies, etc. With "new" I mean that they were unknown contacts until the reception of their mail, therefore there domain is not identified as a trusted or real one. So, if I use the MS Exchange filtering this will likely block the answers to this new domains. > > So the filtering, in my opinion should be done only in the MailScanner server, the thing is that I want to know which is your recommendation to build the filtering on sendmail and if there can be a solution with the MS Exchange filtering, perhaps I misunderstood the documentation. You need to verify recipient addresses on the Exchange server. If you can make sure that Exchange will not accept dummy address on SMTP sessions you can use this to make sure you do not accept them on your sendmail server either. I can't quote the exact syntax for sendmail or the knob on the Exchange screens as I use neither. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHHObhBvzDRVjxmYERAuNnAJ97VVFwnwbKrA0XFkWwVXvDTZ8X6QCgouAD Xp0CneamcyCjtm1Xs8DzfYg= =7+mF -----END PGP SIGNATURE----- From jonas at vrt.dk Mon Oct 22 19:37:00 2007 From: jonas at vrt.dk (Jonas A. Larsen) Date: Mon Oct 22 19:37:01 2007 Subject: Weird Problem with MailScanner In-Reply-To: <471CE6E4.2060602@vanderkooij.org> References: <484E9B509664CA499A78F777A2D59A3002763C@server6.chtnet.com.ar> <471CE6E4.2060602@vanderkooij.org> Message-ID: <006b01c814da$889632f0$99c298d0$@dk> > > So the filtering, in my opinion should be done only in the MailScanner > server, the thing is that I want to know which is your recommendation to > build the filtering on sendmail and if there can be a solution with the > MS Exchange filtering, perhaps I misunderstood the documentation. > > You need to verify recipient addresses on the Exchange server. If you > can make sure that Exchange will not accept dummy address on SMTP > sessions you can use this to make sure you do not accept them on your > sendmail server either. I can't quote the exact syntax for sendmail or > the knob on the Exchange screens as I use neither. I use MS with exim which forwards to various exchange servers via smtp. I activate the recipient filter in exchange, so it only accept mail for recipients that actually exist. I then make exim do what it calls "callouts" meaning it connects via smtp to the exchange server when ever somebody tries to send mail to that site, it then checks if the recipient exists, if not it rejects the mail. I don't know how you do it in sendmail, but im sure it's possible. Atleast it's the best way to make sure u only scan mail for real recipients. Just my 5 cents. Jonas Larsen From Kevin_Miller at ci.juneau.ak.us Mon Oct 22 20:00:12 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Oct 22 19:59:34 2007 Subject: Weird Problem with MailScanner In-Reply-To: <484E9B509664CA499A78F777A2D59A3002763C@server6.chtnet.com.ar> References: <484E9B509664CA499A78F777A2D59A3002763C@server6.chtnet.com.ar> Message-ID: Damian Rivas wrote: > I have sendmail, not postfix as my MTA. I've been checking and I have > to download some packages like access_db to prevent Backscattering. > > I'll explain how things work here so that you can give me more > accurate advice: > > I have a MX Linux server on the outside which is the one > experimenting the weird problem, caused surely by the backscattering. > Then, I have an internal MS Exchange 2003 server which recieves the > filtered and scanned mails and sends the mails via SMTP to the MX > Linux Server to be scanned before being sent. > > I can activate SMTP filtering in Exchange but the problem is that it > checks the contacts in AD, if I don't have that contact it doesn't > send the mail. Why is it a problem? As I stated before, this is a > Travel Agency and is constantly recieving mails from new hotels, > airlines, agencies, etc. With "new" I mean that they were unknown > contacts until the reception of their mail, therefore there domain is > not identified as a trusted or real one. So, if I use the MS Exchange > filtering this will likely block the answers to this new domains. > > So the filtering, in my opinion should be done only in the > MailScanner server, the thing is that I want to know which is your > recommendation to build the filtering on sendmail and if there can be > a solution with the MS Exchange filtering, perhaps I misunderstood > the documentation. Hi Damian, I don't understand your problem with contacts above. Is it Exchange or MailScanner that is not trusting the new domain and blocking it? What rule does that? Guess I'm not doing smtp filtering in Exchange. That's what MailScanner is for. I'm set up in a similar manner here, with an Exchange 2003 server on the inside and MailScanner gateways doing the filtering. New people are constantly sending to us, and the mail comes in fine. Replies go out fine. One difference I'm doing is allowing the Exchange server to send directly rather than route outbound mail through MailScanner. I'm not an ISP, so can more or less trust my users not to be spammers. You may or may not have that luxury. But if you can do that, it will reduce the load on your MailScanner server. There's a couple things I'd do on the sendmail side if you haven't already. On is to activate the greet pause feature. Put this line in your sendmail.mc file (or enable it if it's already there but removing the dnl at the beginning of the line), then rebuild your sendmail.cf file. FEATURE(`greet_pause', `10000')dnl What it does, is tell the sending server to way for 10 seconds. Spammers usually won't wait and just drop the connection. Legitimate servers will. You can whitelist servers to not be greetpaused in your access file (/etc/mail/access). For example the following entries will cause connections from google.com and connections from the ip range 192.168.1.x to be accepted w/o delay. You'd typically put your own IP range in there, and any legitimate mail servers/domains that have a problem. Beyond a couple entries early on I haven't had any trouble with it. GreetPause:192.168.1 0 GreetPause:google.com 0 I'm also using a couple of milters: smf-sav and smf-spf (see http://smfs.sourceforge.net/smf-sav.html). Those are quite useful. You should set up spf records in your dns, then add the smf-spf milter to your sendmail. Then smf-sav will be particularly useful in that it does both sender and recipient verification. You will have to whitelist some domains if you use sender verification but I haven't found it problematic. You'll have tweak your Exchange server to filter out messages for non-existing users. Instructions here: http://www.fsl.com/support/Milter-Ahead-Exchange-Settings.pdf These things will let you block a lot of spam at the MTA level - that is, sendmail will drop the connection before anything is passed to MailScanner, thus saving a lot of CPU cycles. Hope this helps... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From ssilva at sgvwater.com Mon Oct 22 20:33:00 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Oct 22 20:33:14 2007 Subject: mp3 spam? In-Reply-To: <59a0f42281dfe04ebf5a3dfb3ba008ed@solidstatelogic.com> References: <4717E298.5060403@vanderkooij.org> <59a0f42281dfe04ebf5a3dfb3ba008ed@solidstatelogic.com> Message-ID: on 10/18/2007 11:30 PM Martin.Hepworth spake the following: > Heh > > Blocking MP3's (and PDF's/.xls etc) is not an option for us.. > > Right I'll off email now ;-) > I haven't seen one yet, so I must be catching them in RBL's, greetpause or the digests, or some other spamassassin rule. I don't have the time to search the spam archive for these mails, but no users have admitted to seeing them. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From dave.list at pixelhammer.com Mon Oct 22 21:58:23 2007 From: dave.list at pixelhammer.com (DAve) Date: Mon Oct 22 20:58:37 2007 Subject: OT: dot org domain resolution Message-ID: <471D0EEF.3030607@pixelhammer.com> This is the fastest response ML I am on, so I will bug you guys ;^) Currently we have some dot org domains as clients who now have no A or MX records cached locally so they cannot see their own websites, and are having mail issues as well. After much checking, and testing, and server log reviewing, we discovered this. Go to dnsstuff.org and run a ALL query on *any* dot org domain. Eventually the root server will refer to TLD1.ULTRADNS.NET, and nothing but NS records are returned. If the root server refers to AFILIAS-NST.org you get all records. We see this reslt for our client's domains as well openoffice.org, slashdot.org, freebsd.org. I called ultradns and they didn't seem too concerned, but said they would look into it. Am I crazy? DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From hvdkooij at vanderkooij.org Mon Oct 22 21:37:43 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Oct 22 21:38:15 2007 Subject: OT: dot org domain resolution In-Reply-To: <471D0EEF.3030607@pixelhammer.com> References: <471D0EEF.3030607@pixelhammer.com> Message-ID: <471D0A17.6000203@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 DAve wrote: > This is the fastest response ML I am on, so I will bug you guys ;^) > > Currently we have some dot org domains as clients who now have no A or > MX records cached locally so they cannot see their own websites, and are > having mail issues as well. After much checking, and testing, and server > log reviewing, we discovered this. > > Go to dnsstuff.org and run a ALL query on *any* dot org domain. > Eventually the root server will refer to TLD1.ULTRADNS.NET, and nothing > but NS records are returned. If the root server refers to > AFILIAS-NST.org you get all records. We see this reslt for our client's > domains as well openoffice.org, slashdot.org, freebsd.org. What is the bad things here? Are the root servers not supposed to hand out only NS records for the next level? They should not be used as global resolvers. My guess is that you got a local DNS issue to resolv here. So where do I find anything ORG. like? Let us just ask localy: $ dig org. any ;; QUESTION SECTION: ;org. IN ANY ;; ANSWER SECTION: org. 83204 IN NS tld1.ultradns.net. org. 83204 IN NS tld2.ultradns.net. org. 83204 IN NS a0.org.afilias-nst.info. org. 83204 IN NS b0.org.afilias-nst.org. org. 83204 IN NS c0.org.afilias-nst.info. org. 83204 IN NS d0.org.afilias-nst.org. Now where can I find anything VANDERKOOIJ.ORG. like? Let us ask tld1.ultradns.net. for this: $ dig vanderkooij.org. any @tld1.ultradns.net. ;; QUESTION SECTION: ;vanderkooij.org. IN ANY ;; ANSWER SECTION: vanderkooij.org. 86400 IN NS ns5.mydyndns.org. vanderkooij.org. 86400 IN NS ns4.mydyndns.org. vanderkooij.org. 86400 IN NS ns3.mydyndns.org. vanderkooij.org. 86400 IN NS ns2.mydyndns.org. vanderkooij.org. 86400 IN NS hvdkooij.xs4all.nl. Sounds to me like the way DNS is supposed to work. > I called ultradns and they didn't seem too concerned, but said they > would look into it. > > Am I crazy? You might. But it does not nescessarily have any bearing on the question at hand ;-) Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHHQoUBvzDRVjxmYERAs7iAJ9Qipr64k96FoUv/J0n/F2jhCRwvgCgrs0e YxpBAVs0Fm7LkzN2AhRrBfY= =GElx -----END PGP SIGNATURE----- From ssilva at sgvwater.com Mon Oct 22 21:48:57 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Oct 22 21:49:18 2007 Subject: Weird Problem with MailScanner In-Reply-To: <006b01c814da$889632f0$99c298d0$@dk> References: <484E9B509664CA499A78F777A2D59A3002763C@server6.chtnet.com.ar> <471CE6E4.2060602@vanderkooij.org> <006b01c814da$889632f0$99c298d0$@dk> Message-ID: on 10/22/2007 11:37 AM Jonas A. Larsen spake the following: >>> So the filtering, in my opinion should be done only in the MailScanner >> server, the thing is that I want to know which is your recommendation to >> build the filtering on sendmail and if there can be a solution with the >> MS Exchange filtering, perhaps I misunderstood the documentation. >> >> You need to verify recipient addresses on the Exchange server. If you >> can make sure that Exchange will not accept dummy address on SMTP >> sessions you can use this to make sure you do not accept them on your >> sendmail server either. I can't quote the exact syntax for sendmail or >> the knob on the Exchange screens as I use neither. > > > I use MS with exim which forwards to various exchange servers via smtp. I > activate the recipient filter in exchange, so it only accept mail for > recipients that actually exist. I then make exim do what it calls "callouts" > meaning it connects via smtp to the exchange server when ever somebody tries > to send mail to that site, it then checks if the recipient exists, if not it > rejects the mail. > > I don't know how you do it in sendmail, but im sure it's possible. Atleast > it's the best way to make sure u only scan mail for real recipients. > > Just my 5 cents. > > Jonas Larsen > Sendmail needs a milter to do it. But I think the existing server has too little memory to add anything to. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Oct 22 21:51:50 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Oct 22 21:57:26 2007 Subject: Weird Problem with MailScanner In-Reply-To: References: <484E9B509664CA499A78F777A2D59A3002763C@server6.chtnet.com.ar> Message-ID: on 10/22/2007 12:00 PM Kevin Miller spake the following: > Damian Rivas wrote: >> I have sendmail, not postfix as my MTA. I've been checking and I have >> to download some packages like access_db to prevent Backscattering. >> >> I'll explain how things work here so that you can give me more >> accurate advice: >> >> I have a MX Linux server on the outside which is the one >> experimenting the weird problem, caused surely by the backscattering. >> Then, I have an internal MS Exchange 2003 server which recieves the >> filtered and scanned mails and sends the mails via SMTP to the MX >> Linux Server to be scanned before being sent. >> >> I can activate SMTP filtering in Exchange but the problem is that it >> checks the contacts in AD, if I don't have that contact it doesn't >> send the mail. Why is it a problem? As I stated before, this is a >> Travel Agency and is constantly recieving mails from new hotels, >> airlines, agencies, etc. With "new" I mean that they were unknown >> contacts until the reception of their mail, therefore there domain is >> not identified as a trusted or real one. So, if I use the MS Exchange >> filtering this will likely block the answers to this new domains. >> >> So the filtering, in my opinion should be done only in the >> MailScanner server, the thing is that I want to know which is your >> recommendation to build the filtering on sendmail and if there can be >> a solution with the MS Exchange filtering, perhaps I misunderstood >> the documentation. > > Hi Damian, > > I don't understand your problem with contacts above. Is it Exchange or > MailScanner that is not trusting the new domain and blocking it? What > rule does that? Guess I'm not doing smtp filtering in Exchange. That's > what MailScanner is for. > > I'm set up in a similar manner here, with an Exchange 2003 server on the > inside and MailScanner gateways doing the filtering. New people are > constantly sending to us, and the mail comes in fine. Replies go out > fine. > > One difference I'm doing is allowing the Exchange server to send > directly rather than route outbound mail through MailScanner. I'm not > an ISP, so can more or less trust my users not to be spammers. You may > or may not have that luxury. But if you can do that, it will reduce the > load on your MailScanner server. > > There's a couple things I'd do on the sendmail side if you haven't > already. On is to activate the greet pause feature. Put this line in > your sendmail.mc file (or enable it if it's already there but removing > the dnl at the beginning of the line), then rebuild your sendmail.cf > file. > > FEATURE(`greet_pause', `10000')dnl > > What it does, is tell the sending server to way for 10 seconds. > Spammers usually won't wait and just drop the connection. Legitimate > servers will. You can whitelist servers to not be greetpaused in your > access file (/etc/mail/access). For example the following entries will > cause connections from google.com and connections from the ip range > 192.168.1.x to be accepted w/o delay. You'd typically put your own IP > range in there, and any legitimate mail servers/domains that have a > problem. Beyond a couple entries early on I haven't had any trouble > with it. > > GreetPause:192.168.1 0 > GreetPause:google.com 0 > > I'm also using a couple of milters: smf-sav and smf-spf (see > http://smfs.sourceforge.net/smf-sav.html). Those are quite useful. You > should set up spf records in your dns, then add the smf-spf milter to > your sendmail. Then smf-sav will be particularly useful in that it does > both sender and recipient verification. You will have to whitelist some > domains if you use sender verification but I haven't found it > problematic. > > You'll have tweak your Exchange server to filter out messages for > non-existing users. > Instructions here: > http://www.fsl.com/support/Milter-Ahead-Exchange-Settings.pdf > > These things will let you block a lot of spam at the MTA level - that > is, sendmail will drop the connection before anything is passed to > MailScanner, thus saving a lot of CPU cycles. > > Hope this helps... > > ...Kevin Slackware 9 has sendmail 8.12, so he won't have greetpause. That came out in 8.13. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Oct 22 21:54:28 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Oct 22 22:01:07 2007 Subject: MailScanner Digest, Vol 22, Issue 36 In-Reply-To: <471A274D.9050904@vanderkooij.org> References: <200710201100.l9KB0CVW029208@safir.blacknight.ie> <1B74CA8F7AB18445B7355100411C4E192F36325979@edenusa.ehads.edenhosting.net> <223f97700710200811g287f7493jc21d74b5d85aa3ef@mail.gmail.com> <471A274D.9050904@vanderkooij.org> Message-ID: on 10/20/2007 9:05 AM Hugo van der Kooij spake the following: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Glenn Steen wrote: >> On 20/10/2007, Bjorgen T. Eatinger wrote: >>> This mailing list is almost completely worthless, since it repeats everything over and over and over. Can you PLEASE upgrade to better list software? >>> >>> Bjorgen >>> >> (snip) >> What on earth (or perhaps .....:-) are you talking about? >> The disgest just "chunks" things together, yes. And peaple tend to not >> trim that well... You especially .... If you find that a problem, hy >> then just subscribe tho the list proper, not the digest. > > Jules: I would recommend to put a filter on the mailinglist so anyone > sending a message with the MailScanner Digest indication on the subject > line is blocked or at least held for moderation? To the best of my > knowledge that should be peanuts with mailman. > > Hugo. Too bad the digest can't be sent with a bad or different reply-to header. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From prandal at herefordshire.gov.uk Mon Oct 22 22:10:59 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Oct 22 22:11:09 2007 Subject: Weird Problem with MailScanner In-Reply-To: <484E9B509664CA499A78F777A2D59A3002763D@server6.chtnet.com.ar> References: <484E9B509664CA499A78F777A2D59A3002763D@server6.chtnet.com.ar> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03CF21@HC-MBX02.herefordshire.gov.uk> Is there any chance that you can upgrade to SA 3.1.9 and then do an sa-update? PhiL -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas Sent: 22 October 2007 16:37 To: MailScanner discussion Subject: RE: RE: Weird Problem with MailScanner Phil: The version of Spam Assassin is 3.1.5. Here is the output of MailScanner -v: Running on Linux ns4 2.4.26 #2 Mon Jun 14 19:05:05 PDT 2004 i686 unknown unknown GNU/Linux This is Perl version 5.008004 (5.8.4) This is MailScanner version 4.55.10 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.02 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.72 File::Basename 2.07 File::Copy 2.01 FileHandle 1.06 File::Path 0.16 File::Temp 0.90 Filesys::Df 1.23 HTML::Entities 3.26 HTML::Parser 2.24 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.03 MIME::QuotedPrint 5.420 MIME::Tools 0.11 Net::CIDR 1.08 POSIX 1.77 Socket 1.4 Sys::Hostname::Long 0.17 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.808 DB_File 1.13 DBD::SQLite 1.50 DBI 1.06 Digest missing Digest::HMAC 2.33 Digest::MD5 2.11 Digest::SHA1 missing Inline missing Mail::ClamAV 3.001005 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 1.24 Net::IP missing Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI 2.40 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced missing URI -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Randal, Phil Enviado el: lunes, 22 de octubre de 2007 12:30 Para: MailScanner discussion Asunto: RE: RE: Weird Problem with MailScanner Damian, Which version of Spamassassin are you running? Can you post the output of MailScanner -V Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Damian Rivas > Sent: 22 October 2007 14:42 > To: MailScanner discussion > Subject: RE: RE: Weird Problem with MailScanner > > It catches and accepts e-mails for our pack of domains: > cht.com.ar, aaovyt.com.ar, skalbue.com.ar, > hispanoamericana.com.ar, cieduc.com.ar and ci-educ.com.ar. > > The main problem is that domains like hispanoamericana are > way too old and recieve lots of spam messages. The main > domain, cht.com.ar recieves a lot of mails daily, the problem > with this is that it is difficult for me to find a good > filter policy, because as it is a Travel Agency it recieves > mails from hotels and other agencies, so, if I put a strict > filter of "if you are not in my Exchange contact list you > cannot pass" this mails are not likely entering any way and > that is not the idea. > > I'm following up some guidelines that UxBoD sent me in one of > the links to accelerate MS, so I'll let you know if things go better. > > I think that a BackScatter attack is very likely to be > happening. Until these last months, there was never a single > problem, so something strange might have happened to increase > the SPAM bombing and therefore to turn the old server useless. > > And about upgrading memory, I think that it would be cheaper > (at least in Argentina PC100 Memories are very expensive as > they aren't produced anymore) and have more sense to directly > make an entire new server, with better processor and better > memory. I was thinking in a 1Ghz processor, is it ok? Which > are the minimum recommended requisites? > > ___________________________________________________ > > Dami?n Rivas > Administrador de Hardware y Redes > Departamento de Sistemas > Consult House Turismo S.A. > Tel: 4315-1900 > email: damian@cht.com.ar > web: www.cht.com.ar > > > -----Mensaje original----- > De: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre > de Jason Ede > Enviado el: lunes, 22 de octubre de 2007 10:08 > Para: MailScanner discussion > Asunto: RE: RE: Weird Problem with MailScanner > > > What domains do you accept email for? Are you sure its not > operating as an open gateway? > > Jason > > From: mailscanner-bounces@lists.mailscanner.info > [mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Damian Rivas [damian@cht.com.ar] > Sent: 22 October 2007 13:48 > To: MailScanner discussion > Subject: RE: Weird Problem with MailScanner > > Ok, here we go again. How was your weekend people? > > Ugo, here is the output you asked for: > > vmstat 5 10: > > procs -----------memory---------- ---swap-- -----io---- --system-- > ----cpu---- > r b swpd free buff cache si so bi bo in > cs us sy > id wa > 0 0 105712 46416 14388 53324 5 3 1 8 13 > 11 21 1 > 78 0 > 0 0 105712 46264 14392 53324 0 0 0 10 111 > 171 0 0 > 99 0 > 0 0 105712 46196 14408 53324 0 0 0 24 108 > 170 0 1 > 99 0 > 0 0 105712 46128 14448 53324 0 0 0 39 112 > 179 0 0 > 100 0 > 0 0 105712 46132 14456 53324 0 0 0 54 124 > 174 0 0 > 100 0 > 1 0 105712 44988 14496 53424 0 0 21 89 123 > 176 8 4 > 88 0 > 0 0 105712 45464 14512 53548 0 0 24 28 110 > 162 8 3 > 89 0 > 0 0 105712 45264 14628 53612 0 0 22 138 138 > 208 9 4 > 87 0 > 0 0 105712 46036 14668 53596 0 0 0 61 114 > 179 0 0 > 100 0 > 2 0 105712 46028 14676 53596 0 0 0 4 105 > 166 0 0 > 100 0 > > I'm also attaching a bit of the output of a tail -f > /var/log/maillog for you to see, there's too much spam and > false addresses which slowing down MS a lot. There are still > about 28k messages!(on Friday there were 45k!!!!). > > UxBoD, you told me to run the init.d script to stop the MS, > the problem is Slackware uses the traditional BSD Init, so I > went to the 'rc.d' directory but couldn't found, or couldn't > figure out were the script for stoping MS is, sorry for my > ignorance again. > > As always thank you people for your valuable help. > > Regards.- > > > -----Mensaje original----- > De: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre > de Ugo Bellavance Enviado el: domingo, 21 de octubre de 2007 11:17 > Para: mailscanner@lists.mailscanner.info > Asunto: Re: Weird Problem with MailScanner > > > Damian Rivas wrote: > > 1) There are 3 MS childs running > > That is way too much. Your system is probably swapping like > crazy. Set it to '1' in /etc/MailScanner/MailScanner.conf > and do a 'service MailScanner restart' (assuming redhat/centos) > > Can you send us the output of : > > 'vmstat 5 10' (will take 50 seconds to execute) > > Did you check if memory was available for this system? If it > is and if it is not too expensive, I'll add at least another > 128 (more if you can). > > Ugo > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From dave.list at pixelhammer.com Mon Oct 22 23:23:53 2007 From: dave.list at pixelhammer.com (DAve) Date: Mon Oct 22 22:24:08 2007 Subject: OT: dot org domain resolution In-Reply-To: <471D0A17.6000203@vanderkooij.org> References: <471D0EEF.3030607@pixelhammer.com> <471D0A17.6000203@vanderkooij.org> Message-ID: <471D22F9.6050802@pixelhammer.com> Hugo van der Kooij wrote: > DAve wrote: >> This is the fastest response ML I am on, so I will bug you guys ;^) > >> Currently we have some dot org domains as clients who now have no A or >> MX records cached locally so they cannot see their own websites, and are >> having mail issues as well. After much checking, and testing, and server >> log reviewing, we discovered this. > >> Go to dnsstuff.org and run a ALL query on *any* dot org domain. >> Eventually the root server will refer to TLD1.ULTRADNS.NET, and nothing >> but NS records are returned. If the root server refers to >> AFILIAS-NST.org you get all records. We see this reslt for our client's >> domains as well openoffice.org, slashdot.org, freebsd.org. > > What is the bad things here? Are the root servers not supposed to hand > out only NS records for the next level? They should not be used as > global resolvers. I agree. My understanding has always been root-server -> tld-server -> authoritative-server which returns the requested record. Oddly some clients never query past ultradns after receiving the authoritative server for their request. Though, those same clients are doing a query if the response comes from AFILIAS-NST.org. DNSSTUFF seems to do that as well. Possibly because the ultradns server returns no SOA record? > > My guess is that you got a local DNS issue to resolv here. As I said above, "clients who now have no A or MX records cached locally". Our servers seem fine, only very clients have seen the issue. > > So where do I find anything ORG. like? Let us just ask localy: > > $ dig org. any > ;; QUESTION SECTION: > ;org. IN ANY > ;; ANSWER SECTION: > org. 83204 IN NS tld1.ultradns.net. > org. 83204 IN NS tld2.ultradns.net. > org. 83204 IN NS a0.org.afilias-nst.info. > org. 83204 IN NS b0.org.afilias-nst.org. > org. 83204 IN NS c0.org.afilias-nst.info. > org. 83204 IN NS d0.org.afilias-nst.org. > > Now where can I find anything VANDERKOOIJ.ORG. like? Let us ask > tld1.ultradns.net. for this: > > $ dig vanderkooij.org. any @tld1.ultradns.net. > ;; QUESTION SECTION: > ;vanderkooij.org. IN ANY > ;; ANSWER SECTION: > vanderkooij.org. 86400 IN NS ns5.mydyndns.org. > vanderkooij.org. 86400 IN NS ns4.mydyndns.org. > vanderkooij.org. 86400 IN NS ns3.mydyndns.org. > vanderkooij.org. 86400 IN NS ns2.mydyndns.org. > vanderkooij.org. 86400 IN NS hvdkooij.xs4all.nl. > > Sounds to me like the way DNS is supposed to work. Yep, I thought so as well. And org queries also resolve properly from all our name servers. > >> I called ultradns and they didn't seem too concerned, but said they >> would look into it. > >> Am I crazy? > > You might. But it does not nescessarily have any bearing on the question > at hand ;-) I can find nothing else in common between the clients with an issue except, A) every client has org for a TLD B) every client experiences the problem sporadicly C) ultradns is the only server not returning a SOA record. At this point I am unable to understand why they cannot get a MX record and mail does not arrive at the mailscanner servers. Or why they cannot get an A record and see their own website. Baffling... DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From Kevin_Miller at ci.juneau.ak.us Mon Oct 22 22:34:38 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Oct 22 22:34:06 2007 Subject: OT: dot org domain resolution In-Reply-To: <471D22F9.6050802@pixelhammer.com> References: <471D0EEF.3030607@pixelhammer.com><471D0A17.6000203@vanderkooij.org> <471D22F9.6050802@pixelhammer.com> Message-ID: DAve wrote: > At this point I am unable to understand why they cannot get a MX > record and mail does not arrive at the mailscanner servers. Or why > they cannot get an A record and see their own website. Um, that's weird. Are they pointing to their own domain server? I'm running a dns server and my clients point to it. If I do a query for anything in my own domain, my server is queried directly - no top level servers are involved. Thus I get any valid A or MX records that I have published. Is that not the case with you? Is /etc/resolv.conf set up right? ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From arturs at netvision.net.il Mon Oct 22 22:50:04 2007 From: arturs at netvision.net.il (Arthur Sherman) Date: Mon Oct 22 22:51:09 2007 Subject: Very long filenames In-Reply-To: <625385e30710220842u44b2f1aeoace3f1099c9b5e55@mail.gmail.com> Message-ID: <013b01c814f5$81009060$0200000a@dell> > > Is this considered a long filename? > > > > Report: MailScanner: Very long filenames are good signs of attacks > > against Microsoft e-mail packages (B_17PCs9ezwrPX.wmv) > > The name is sanitized in the report, you can find the > original name in the log. > > -- > /peter Oh, I see. Thanks a lot for the tip. Arthur From ka at pacific.net Mon Oct 22 23:00:01 2007 From: ka at pacific.net (Ken A) Date: Mon Oct 22 23:00:04 2007 Subject: OT: dot org domain resolution In-Reply-To: <471D22F9.6050802@pixelhammer.com> References: <471D0EEF.3030607@pixelhammer.com> <471D0A17.6000203@vanderkooij.org> <471D22F9.6050802@pixelhammer.com> Message-ID: <471D1D61.5060808@pacific.net> DAve wrote: > Hugo van der Kooij wrote: >> DAve wrote: >>> This is the fastest response ML I am on, so I will bug you guys ;^) >>> Currently we have some dot org domains as clients who now have no A or >>> MX records cached locally so they cannot see their own websites, and are >>> having mail issues as well. After much checking, and testing, and server >>> log reviewing, we discovered this. >>> Go to dnsstuff.org and run a ALL query on *any* dot org domain. >>> Eventually the root server will refer to TLD1.ULTRADNS.NET, and nothing >>> but NS records are returned. If the root server refers to >>> AFILIAS-NST.org you get all records. We see this reslt for our client's >>> domains as well openoffice.org, slashdot.org, freebsd.org. >> What is the bad things here? Are the root servers not supposed to hand >> out only NS records for the next level? They should not be used as >> global resolvers. > > I agree. My understanding has always been root-server -> tld-server -> > authoritative-server which returns the requested record. > > Oddly some clients never query past ultradns after receiving the > authoritative server for their request. Though, those same clients are > doing a query if the response comes from AFILIAS-NST.org. DNSSTUFF seems > to do that as well. > > Possibly because the ultradns server returns no SOA record? > >> My guess is that you got a local DNS issue to resolv here. > > As I said above, "clients who now have no A or MX records cached > locally". Our servers seem fine, only very clients have seen the issue. > >> So where do I find anything ORG. like? Let us just ask localy: >> >> $ dig org. any >> ;; QUESTION SECTION: >> ;org. IN ANY >> ;; ANSWER SECTION: >> org. 83204 IN NS tld1.ultradns.net. >> org. 83204 IN NS tld2.ultradns.net. >> org. 83204 IN NS a0.org.afilias-nst.info. >> org. 83204 IN NS b0.org.afilias-nst.org. >> org. 83204 IN NS c0.org.afilias-nst.info. >> org. 83204 IN NS d0.org.afilias-nst.org. >> >> Now where can I find anything VANDERKOOIJ.ORG. like? Let us ask >> tld1.ultradns.net. for this: >> >> $ dig vanderkooij.org. any @tld1.ultradns.net. >> ;; QUESTION SECTION: >> ;vanderkooij.org. IN ANY >> ;; ANSWER SECTION: >> vanderkooij.org. 86400 IN NS ns5.mydyndns.org. >> vanderkooij.org. 86400 IN NS ns4.mydyndns.org. >> vanderkooij.org. 86400 IN NS ns3.mydyndns.org. >> vanderkooij.org. 86400 IN NS ns2.mydyndns.org. >> vanderkooij.org. 86400 IN NS hvdkooij.xs4all.nl. >> >> Sounds to me like the way DNS is supposed to work. > > Yep, I thought so as well. And org queries also resolve properly from > all our name servers. > >>> I called ultradns and they didn't seem too concerned, but said they >>> would look into it. >>> Am I crazy? >> You might. But it does not nescessarily have any bearing on the question >> at hand ;-) > > I can find nothing else in common between the clients with an issue except, > A) every client has org for a TLD > B) every client experiences the problem sporadicly > C) ultradns is the only server not returning a SOA record. > > At this point I am unable to understand why they cannot get a MX record > and mail does not arrive at the mailscanner servers. Or why they cannot > get an A record and see their own website. > > Baffling... > > DAve .org sometimes = grant funded, microsoft domain server or sexchange configured to host the 'domain' .. sometimes.. it seems clueless admins setup their own domain on their own network and so can't reach the real one.. just a thought, but I've seen it a few times. Ken -- Ken Anderson Pacific.Net From itdept at fractalweb.com Tue Oct 23 00:11:44 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Tue Oct 23 00:11:51 2007 Subject: strange 550 error Message-ID: <471D2E30.1020606@fractalweb.com> Suddenly today, we're getting users complaining that when they do a send/receive in outlook, they get a message that says: "Sending reported error (0x800CCC69) The server responded 550 5.7.1 DSN or MDN for message that did not originate here" We haven't made any changes to the server for a couple of weeks. I'm not sure whether this would be an issue with MailScanner's watermarking feature or whether it would be Milter-null. In any case, does anyone have any ideas how to stop these strange messages? Thanks. From ka at pacific.net Tue Oct 23 00:32:20 2007 From: ka at pacific.net (Ken A) Date: Tue Oct 23 00:32:24 2007 Subject: strange 550 error In-Reply-To: <471D2E30.1020606@fractalweb.com> References: <471D2E30.1020606@fractalweb.com> Message-ID: <471D3304.6080807@pacific.net> Chris Yuzik wrote: > Suddenly today, we're getting users complaining that when they do a > send/receive in outlook, they get a message that says: > > "Sending reported error (0x800CCC69) The server responded 550 5.7.1 DSN > or MDN for message that did not originate here" > that's milter-null speak. > We haven't made any changes to the server for a couple of weeks. I'm not > sure whether this would be an issue with MailScanner's watermarking > feature or whether it would be Milter-null. In any case, does anyone > have any ideas how to stop these strange messages? Turn off milter null if you are running the MailScanner watermarking on incoming and outgoing mail. > > Thanks. -- Ken Anderson Pacific.Net From itdept at fractalweb.com Tue Oct 23 00:43:00 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Tue Oct 23 00:43:07 2007 Subject: strange 550 error In-Reply-To: <471D3304.6080807@pacific.net> References: <471D2E30.1020606@fractalweb.com> <471D3304.6080807@pacific.net> Message-ID: <471D3584.10307@fractalweb.com> Ken > that's milter-null speak. I figured. > Turn off milter null if you are running the MailScanner watermarking on > incoming and outgoing mail. Did that. It's strange that this only started happening today, yet nothing has changed on the server in weeks. I wonder if Microsoft sent down a patch to Outlook or something. Thanks, Chris From ka at pacific.net Tue Oct 23 00:59:30 2007 From: ka at pacific.net (Ken A) Date: Tue Oct 23 00:59:32 2007 Subject: strange 550 error In-Reply-To: <471D3584.10307@fractalweb.com> References: <471D2E30.1020606@fractalweb.com> <471D3304.6080807@pacific.net> <471D3584.10307@fractalweb.com> Message-ID: <471D3962.6090908@pacific.net> Chris Yuzik wrote: > Ken > >> that's milter-null speak. > > I figured. > >> Turn off milter null if you are running the MailScanner watermarking >> on incoming and outgoing mail. > > Did that. It's strange that this only started happening today, yet > nothing has changed on the server in weeks. I wonder if Microsoft sent > down a patch to Outlook or something. It wouldn't surprise me. Last week we had someone who's outlook was sending doubles of everything. They insisted that they "only clicked on send-receive once, so how could it be Outlook"? It's so hard to explain this stuff to users.. :-\ My guess is that M$ has made it easy to create complex filters that do strange stuff with email as a side effect. Ken > > > Thanks, > Chris -- Ken Anderson Pacific.Net From dave.list at pixelhammer.com Tue Oct 23 03:06:34 2007 From: dave.list at pixelhammer.com (DAve) Date: Tue Oct 23 02:06:49 2007 Subject: OT: dot org domain resolution In-Reply-To: References: <471D0EEF.3030607@pixelhammer.com><471D0A17.6000203@vanderkooij.org> <471D22F9.6050802@pixelhammer.com> Message-ID: <471D572A.40204@pixelhammer.com> Kevin Miller wrote: > DAve wrote: > >> At this point I am unable to understand why they cannot get a MX >> record and mail does not arrive at the mailscanner servers. Or why >> they cannot get an A record and see their own website. > > Um, that's weird. Are they pointing to their own domain server? I'm > running a dns server and my clients point to it. If I do a query for > anything in my own domain, my server is queried directly - no top level > servers are involved. Thus I get any valid A or MX records that I have > published. > > Is that not the case with you? Is /etc/resolv.conf set up right? > > ...Kevin Yes, the problem is when the client attempts to contact their server in our NOC. I am of the opinion it is AD not properly handling the response from ultradns. But I can't prove it, don't even know how to test it. I am so jaded against AD because it floods my server logs with attempts to update private IP addresses. If it were up to me our clients would have to turn off AD to use our network. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From dave.list at pixelhammer.com Tue Oct 23 03:08:36 2007 From: dave.list at pixelhammer.com (DAve) Date: Tue Oct 23 02:08:53 2007 Subject: OT: dot org domain resolution In-Reply-To: <471D1D61.5060808@pacific.net> References: <471D0EEF.3030607@pixelhammer.com> <471D0A17.6000203@vanderkooij.org> <471D22F9.6050802@pixelhammer.com> <471D1D61.5060808@pacific.net> Message-ID: <471D57A4.50407@pixelhammer.com> Ken A wrote: > DAve wrote: >> Hugo van der Kooij wrote: >>> DAve wrote: >>>> This is the fastest response ML I am on, so I will bug you guys ;^) >>>> Currently we have some dot org domains as clients who now have no A or >>>> MX records cached locally so they cannot see their own websites, and >>>> are >>>> having mail issues as well. After much checking, and testing, and >>>> server >>>> log reviewing, we discovered this. >>>> Go to dnsstuff.org and run a ALL query on *any* dot org domain. >>>> Eventually the root server will refer to TLD1.ULTRADNS.NET, and nothing >>>> but NS records are returned. If the root server refers to >>>> AFILIAS-NST.org you get all records. We see this reslt for our client's >>>> domains as well openoffice.org, slashdot.org, freebsd.org. >>> What is the bad things here? Are the root servers not supposed to hand >>> out only NS records for the next level? They should not be used as >>> global resolvers. >> >> I agree. My understanding has always been root-server -> tld-server -> >> authoritative-server which returns the requested record. >> >> Oddly some clients never query past ultradns after receiving the >> authoritative server for their request. Though, those same clients are >> doing a query if the response comes from AFILIAS-NST.org. DNSSTUFF seems >> to do that as well. >> >> Possibly because the ultradns server returns no SOA record? >> >>> My guess is that you got a local DNS issue to resolv here. >> >> As I said above, "clients who now have no A or MX records cached >> locally". Our servers seem fine, only very clients have seen the issue. >> >>> So where do I find anything ORG. like? Let us just ask localy: >>> >>> $ dig org. any >>> ;; QUESTION SECTION: >>> ;org. IN ANY >>> ;; ANSWER SECTION: >>> org. 83204 IN NS tld1.ultradns.net. >>> org. 83204 IN NS tld2.ultradns.net. >>> org. 83204 IN NS a0.org.afilias-nst.info. >>> org. 83204 IN NS b0.org.afilias-nst.org. >>> org. 83204 IN NS c0.org.afilias-nst.info. >>> org. 83204 IN NS d0.org.afilias-nst.org. >>> >>> Now where can I find anything VANDERKOOIJ.ORG. like? Let us ask >>> tld1.ultradns.net. for this: >>> >>> $ dig vanderkooij.org. any @tld1.ultradns.net. >>> ;; QUESTION SECTION: >>> ;vanderkooij.org. IN ANY >>> ;; ANSWER SECTION: >>> vanderkooij.org. 86400 IN NS ns5.mydyndns.org. >>> vanderkooij.org. 86400 IN NS ns4.mydyndns.org. >>> vanderkooij.org. 86400 IN NS ns3.mydyndns.org. >>> vanderkooij.org. 86400 IN NS ns2.mydyndns.org. >>> vanderkooij.org. 86400 IN NS hvdkooij.xs4all.nl. >>> >>> Sounds to me like the way DNS is supposed to work. >> >> Yep, I thought so as well. And org queries also resolve properly from >> all our name servers. >> >>>> I called ultradns and they didn't seem too concerned, but said they >>>> would look into it. >>>> Am I crazy? >>> You might. But it does not nescessarily have any bearing on the question >>> at hand ;-) >> >> I can find nothing else in common between the clients with an issue >> except, >> A) every client has org for a TLD >> B) every client experiences the problem sporadicly >> C) ultradns is the only server not returning a SOA record. >> >> At this point I am unable to understand why they cannot get a MX record >> and mail does not arrive at the mailscanner servers. Or why they cannot >> get an A record and see their own website. >> >> Baffling... >> >> DAve > > .org sometimes = grant funded, microsoft domain server or sexchange > configured to host the 'domain' .. sometimes.. it seems clueless admins > setup their own domain on their own network and so can't reach the real > one.. just a thought, but I've seen it a few times. > Ken > > That is becoming my current theory, the client AD failing to properly handle the ultradns response. The one difference I can point to is ultradns is the only service not providing a SOA record. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From neilw at dcdata.co.za Tue Oct 23 07:09:19 2007 From: neilw at dcdata.co.za (Neil Wilson) Date: Tue Oct 23 07:15:51 2007 Subject: Could not read executable /usr/sbin/sendmail Message-ID: <471D900F.2040700@dcdata.co.za> Hi guys, I'm seeing the following error when I start MS. Oct 23 08:08:45 mail MailScanner[7722]: MailScanner E-Mail Virus Scanner version 4.63.7 starting... Oct 23 08:08:45 mail MailScanner[7722]: Could not read executable /usr/sbin/sendmail Oct 23 08:08:45 mail MailScanner[7722]: Error in line 25, file "/usr/sbin/sendmail" for sendmail does not exist (or can not be read) I'm using postfix, so it's using the compatible sendmail binary, In my MailScanner.conf I have the following options set. MTA = postfix Sendmail = /usr/sbin/sendmail Sendmail2 = /usr/sbin/sendmail I'm running SLES10 PatchLevel 1, and I've removed the postfix RPM, and re-installed it, I've also tried using the sendmail RPM and this also gives the same error. If anyone has any ideas, I'd be most grateful. Thanks. Regards. Neil -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html From uxbod at splatnix.net Tue Oct 23 08:07:36 2007 From: uxbod at splatnix.net (UxBoD) Date: Tue Oct 23 08:14:33 2007 Subject: Could not read executable /usr/sbin/sendmail In-Reply-To: <471D900F.2040700@dcdata.co.za> Message-ID: <14417564.301193123256055.JavaMail.root@office.splatnix.net> What are the permissions on /usr/sbin/sendmail ? Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Neil Wilson" To: "MailScanner discussion" Sent: Tuesday, October 23, 2007 7:09:19 AM (GMT) Europe/London Subject: Could not read executable /usr/sbin/sendmail Hi guys, I'm seeing the following error when I start MS. Oct 23 08:08:45 mail MailScanner[7722]: MailScanner E-Mail Virus Scanner version 4.63.7 starting... Oct 23 08:08:45 mail MailScanner[7722]: Could not read executable /usr/sbin/sendmail Oct 23 08:08:45 mail MailScanner[7722]: Error in line 25, file "/usr/sbin/sendmail" for sendmail does not exist (or can not be read) I'm using postfix, so it's using the compatible sendmail binary, In my MailScanner.conf I have the following options set. MTA = postfix Sendmail = /usr/sbin/sendmail Sendmail2 = /usr/sbin/sendmail I'm running SLES10 PatchLevel 1, and I've removed the postfix RPM, and re-installed it, I've also tried using the sendmail RPM and this also gives the same error. If anyone has any ideas, I'd be most grateful. Thanks. Regards. Neil -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From neilw at dcdata.co.za Tue Oct 23 08:22:18 2007 From: neilw at dcdata.co.za (Neil Wilson) Date: Tue Oct 23 08:27:23 2007 Subject: Could not read executable /usr/sbin/sendmail In-Reply-To: <14417564.301193123256055.JavaMail.root@office.splatnix.net> References: <14417564.301193123256055.JavaMail.root@office.splatnix.net> Message-ID: <471DA12A.4090806@dcdata.co.za> Thanks for your reply. UxBoD wrote: > What are the permissions on /usr/sbin/sendmail ? -rwxr-xr-x 1 root root 18840 Jun 16 2006 /usr/sbin/sendmail Thanks. -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html From uxbod at splatnix.net Tue Oct 23 08:30:54 2007 From: uxbod at splatnix.net (UxBoD) Date: Tue Oct 23 08:37:49 2007 Subject: Could not read executable /usr/sbin/sendmail In-Reply-To: <471DA12A.4090806@dcdata.co.za> Message-ID: <3958082.331193124654399.JavaMail.root@office.splatnix.net> What happens if you try and run it yourself from the command line ? Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Neil Wilson" To: "MailScanner discussion" Sent: Tuesday, October 23, 2007 8:22:18 AM (GMT) Europe/London Subject: Re: Could not read executable /usr/sbin/sendmail Thanks for your reply. UxBoD wrote: > What are the permissions on /usr/sbin/sendmail ? -rwxr-xr-x 1 root root 18840 Jun 16 2006 /usr/sbin/sendmail Thanks. -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From neilw at dcdata.co.za Tue Oct 23 08:39:23 2007 From: neilw at dcdata.co.za (Neil Wilson) Date: Tue Oct 23 08:44:35 2007 Subject: Could not read executable /usr/sbin/sendmail In-Reply-To: <3958082.331193124654399.JavaMail.root@office.splatnix.net> References: <3958082.331193124654399.JavaMail.root@office.splatnix.net> Message-ID: <471DA52B.3090804@dcdata.co.za> UxBoD wrote: > What happens if you try and run it yourself from the command line ? It seems to function fine... mail:~ # /usr/sbin/sendmail -q Mail queue is empty mail:~ # /usr/sbin/sendmail --help sendmail: invalid option -- - sendmail: fatal: usage: sendmail [options] -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html From uxbod at splatnix.net Tue Oct 23 08:40:56 2007 From: uxbod at splatnix.net (UxBoD) Date: Tue Oct 23 08:47:53 2007 Subject: Could not read executable /usr/sbin/sendmail In-Reply-To: <471DA52B.3090804@dcdata.co.za> Message-ID: <18612290.361193125256417.JavaMail.root@office.splatnix.net> Hmmm, okay. Does MS run as a non root user ? If so, can you su to that user and try and run /usr/sbin/sendmail. Just to ensure permissions higher up the tree are okay. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Neil Wilson" To: "MailScanner discussion" Sent: Tuesday, October 23, 2007 8:39:23 AM (GMT) Europe/London Subject: Re: Could not read executable /usr/sbin/sendmail UxBoD wrote: > What happens if you try and run it yourself from the command line ? It seems to function fine... mail:~ # /usr/sbin/sendmail -q Mail queue is empty mail:~ # /usr/sbin/sendmail --help sendmail: invalid option -- - sendmail: fatal: usage: sendmail [options] -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From neilw at dcdata.co.za Tue Oct 23 08:56:03 2007 From: neilw at dcdata.co.za (Neil Wilson) Date: Tue Oct 23 09:01:11 2007 Subject: Could not read executable /usr/sbin/sendmail In-Reply-To: <18612290.361193125256417.JavaMail.root@office.splatnix.net> References: <18612290.361193125256417.JavaMail.root@office.splatnix.net> Message-ID: <471DA913.5040508@dcdata.co.za> UxBoD wrote: > Hmmm, okay. Does MS run as a non root user ? If so, can you su to that user and try and run /usr/sbin/sendmail. Just to ensure permissions higher up the tree are okay. mail:~ # su postfix postfix@mail:/root> /usr/sbin/sendmail bash: /usr/sbin/sendmail: Permission denied Hmmm, I've confirmed this on another system and I can access the file when running as postfix. Thanks will try and find out why I can't on this one now. Much appreciated. Regards. Neil. -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html From uxbod at splatnix.net Tue Oct 23 09:03:32 2007 From: uxbod at splatnix.net (UxBoD) Date: Tue Oct 23 09:10:26 2007 Subject: Could not read executable /usr/sbin/sendmail In-Reply-To: <471DA913.5040508@dcdata.co.za> Message-ID: <8507206.391193126612560.JavaMail.root@office.splatnix.net> Hi, Just check the permissions on /usr and /usr/sbin against your other system. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Neil Wilson" To: "MailScanner discussion" Sent: Tuesday, October 23, 2007 8:56:03 AM (GMT) Europe/London Subject: Re: Could not read executable /usr/sbin/sendmail UxBoD wrote: > Hmmm, okay. Does MS run as a non root user ? If so, can you su to that user and try and run /usr/sbin/sendmail. Just to ensure permissions higher up the tree are okay. mail:~ # su postfix postfix@mail:/root> /usr/sbin/sendmail bash: /usr/sbin/sendmail: Permission denied Hmmm, I've confirmed this on another system and I can access the file when running as postfix. Thanks will try and find out why I can't on this one now. Much appreciated. Regards. Neil. -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From J.Ede at birchenallhowden.co.uk Tue Oct 23 09:10:32 2007 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Tue Oct 23 09:11:34 2007 Subject: Could not read executable /usr/sbin/sendmail In-Reply-To: <471DA913.5040508@dcdata.co.za> References: <18612290.361193125256417.JavaMail.root@office.splatnix.net>, <471DA913.5040508@dcdata.co.za> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C0714BEE9@server02.bhl.local> It will almost certainly be permissions on /usr/sbin ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Neil Wilson [neilw@dcdata.co.za] Sent: 23 October 2007 08:56 To: MailScanner discussion Subject: Re: Could not read executable /usr/sbin/sendmail UxBoD wrote: > Hmmm, okay. Does MS run as a non root user ? If so, can you su to that user and try and run /usr/sbin/sendmail. Just to ensure permissions higher up the tree are okay. mail:~ # su postfix postfix@mail:/root> /usr/sbin/sendmail bash: /usr/sbin/sendmail: Permission denied Hmmm, I've confirmed this on another system and I can access the file when running as postfix. Thanks will try and find out why I can't on this one now. Much appreciated. Regards. Neil. -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ram at netcore.co.in Tue Oct 23 09:16:47 2007 From: ram at netcore.co.in (ram) Date: Tue Oct 23 09:17:01 2007 Subject: Performance on 64 bit Linux vs 32 Bit Message-ID: <1193127407.18816.4.camel@localhost.localdomain> I have been using MailScanner on 32 bit centos for quiet some time now on the ~25 Antispam servers which we have ( MailScanner + Postfix + Spamassassin + Custom spam engine ) Now I was trying to evaluate 64 bit Linux. Would Mailscanner perform any better on 64 bit linux. I personally have no first-hand experience of 64 bit linux, I thought of doing some research before I upgrade Thanks Ram From glenn.steen at gmail.com Tue Oct 23 09:33:26 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Oct 23 09:33:28 2007 Subject: OT: dot org domain resolution In-Reply-To: <471D1D61.5060808@pacific.net> References: <471D0EEF.3030607@pixelhammer.com> <471D0A17.6000203@vanderkooij.org> <471D22F9.6050802@pixelhammer.com> <471D1D61.5060808@pacific.net> Message-ID: <223f97700710230133l74461273k9f116140f96e3357@mail.gmail.com> On 23/10/2007, Ken A wrote: > DAve wrote: > > Hugo van der Kooij wrote: > >> DAve wrote: > >>> This is the fastest response ML I am on, so I will bug you guys ;^) > >>> Currently we have some dot org domains as clients who now have no A or > >>> MX records cached locally so they cannot see their own websites, and are > >>> having mail issues as well. After much checking, and testing, and server > >>> log reviewing, we discovered this. > >>> Go to dnsstuff.org and run a ALL query on *any* dot org domain. > >>> Eventually the root server will refer to TLD1.ULTRADNS.NET, and nothing > >>> but NS records are returned. If the root server refers to > >>> AFILIAS-NST.org you get all records. We see this reslt for our client's > >>> domains as well openoffice.org, slashdot.org, freebsd.org. > >> What is the bad things here? Are the root servers not supposed to hand > >> out only NS records for the next level? They should not be used as > >> global resolvers. > > > > I agree. My understanding has always been root-server -> tld-server -> > > authoritative-server which returns the requested record. > > > > Oddly some clients never query past ultradns after receiving the > > authoritative server for their request. Though, those same clients are > > doing a query if the response comes from AFILIAS-NST.org. DNSSTUFF seems > > to do that as well. > > > > Possibly because the ultradns server returns no SOA record? > > > >> My guess is that you got a local DNS issue to resolv here. > > > > As I said above, "clients who now have no A or MX records cached > > locally". Our servers seem fine, only very clients have seen the issue. > > > >> So where do I find anything ORG. like? Let us just ask localy: > >> > >> $ dig org. any > >> ;; QUESTION SECTION: > >> ;org. IN ANY > >> ;; ANSWER SECTION: > >> org. 83204 IN NS tld1.ultradns.net. > >> org. 83204 IN NS tld2.ultradns.net. > >> org. 83204 IN NS a0.org.afilias-nst.info. > >> org. 83204 IN NS b0.org.afilias-nst.org. > >> org. 83204 IN NS c0.org.afilias-nst.info. > >> org. 83204 IN NS d0.org.afilias-nst.org. > >> > >> Now where can I find anything VANDERKOOIJ.ORG. like? Let us ask > >> tld1.ultradns.net. for this: > >> > >> $ dig vanderkooij.org. any @tld1.ultradns.net. > >> ;; QUESTION SECTION: > >> ;vanderkooij.org. IN ANY > >> ;; ANSWER SECTION: > >> vanderkooij.org. 86400 IN NS ns5.mydyndns.org. > >> vanderkooij.org. 86400 IN NS ns4.mydyndns.org. > >> vanderkooij.org. 86400 IN NS ns3.mydyndns.org. > >> vanderkooij.org. 86400 IN NS ns2.mydyndns.org. > >> vanderkooij.org. 86400 IN NS hvdkooij.xs4all.nl. > >> > >> Sounds to me like the way DNS is supposed to work. > > > > Yep, I thought so as well. And org queries also resolve properly from > > all our name servers. > > > >>> I called ultradns and they didn't seem too concerned, but said they > >>> would look into it. > >>> Am I crazy? > >> You might. But it does not nescessarily have any bearing on the question > >> at hand ;-) > > > > I can find nothing else in common between the clients with an issue except, > > A) every client has org for a TLD > > B) every client experiences the problem sporadicly > > C) ultradns is the only server not returning a SOA record. > > > > At this point I am unable to understand why they cannot get a MX record > > and mail does not arrive at the mailscanner servers. Or why they cannot > > get an A record and see their own website. > > > > Baffling... > > > > DAve > > .org sometimes = grant funded, microsoft domain server or sexchange > configured to host the 'domain' .. sometimes.. it seems clueless admins > setup their own domain on their own network and so can't reach the real > one.. just a thought, but I've seen it a few times. > Ken If they've done that, they've probably set up an AD, which leads to having a local DNS setup, which leads to them needing to set it like a "split view DNS" thing... Which is very very easy to do, and has some distinct ... advantages (At least for the "BOFH within":-). They need take care when doing roadrunners, but apart from that... easy:-):-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From neilw at dcdata.co.za Tue Oct 23 09:28:34 2007 From: neilw at dcdata.co.za (Neil Wilson) Date: Tue Oct 23 09:33:59 2007 Subject: Could not read executable /usr/sbin/sendmail In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C0714BEE9@server02.bhl.local> References: <18612290.361193125256417.JavaMail.root@office.splatnix.net>, <471DA913.5040508@dcdata.co.za> <4CAB0118AEC63A4FAAE77E6BCBDF760C0714BEE9@server02.bhl.local> Message-ID: <471DB0B2.4040403@dcdata.co.za> Jason Ede wrote: > It will almost certainly be permissions on /usr/sbin Yip, there was no rx etc. for my group and other on /usr/sbin Thanks for the helps guys. Much appreciated. -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html From glenn.steen at gmail.com Tue Oct 23 09:45:59 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Oct 23 09:46:02 2007 Subject: Performance on 64 bit Linux vs 32 Bit In-Reply-To: <1193127407.18816.4.camel@localhost.localdomain> References: <1193127407.18816.4.camel@localhost.localdomain> Message-ID: <223f97700710230145s67b31f2i15bbcb3021d94254@mail.gmail.com> On 23/10/2007, ram wrote: > I have been using MailScanner on 32 bit centos for quiet some time now > on the ~25 Antispam servers which we have ( MailScanner + Postfix + > Spamassassin + Custom spam engine ) > > Now I was trying to evaluate 64 bit Linux. Would Mailscanner perform > any better on 64 bit linux. I personally have no first-hand experience > of 64 bit linux, I thought of doing some research before I upgrade > Perhaps not that much difference. For very large memory apps, it'd make a world of difference (RDBMS-type things), but MS likely won't benefit from this. Also take into account that most commercial AV-scanners aren't 64-bit, so ... will have to run in 32-bit... with a "slight" overhead. That said, there have been discussions about this a few years back (IIRC)... MS will run OK on Opterons and Intel x86-64 offerings. Do look in the archives, it was a while back, and my memory of that particular discussion is ... pretty vague:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From uxbod at splatnix.net Tue Oct 23 09:30:15 2007 From: uxbod at splatnix.net (UxBoD) Date: Tue Oct 23 09:55:37 2007 Subject: Performance on 64 bit Linux vs 32 Bit In-Reply-To: <1193127407.18816.4.camel@localhost.localdomain> Message-ID: <2344949.511193128215825.JavaMail.root@office.splatnix.net> How much memory do you have in your server ? What processors does the server have ? Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "ram" To: "MailScanner ML" Sent: Tuesday, October 23, 2007 9:16:47 AM (GMT) Europe/London Subject: Performance on 64 bit Linux vs 32 Bit I have been using MailScanner on 32 bit centos for quiet some time now on the ~25 Antispam servers which we have ( MailScanner + Postfix + Spamassassin + Custom spam engine ) Now I was trying to evaluate 64 bit Linux. Would Mailscanner perform any better on 64 bit linux. I personally have no first-hand experience of 64 bit linux, I thought of doing some research before I upgrade Thanks Ram -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From J.Ede at birchenallhowden.co.uk Tue Oct 23 09:54:17 2007 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Tue Oct 23 09:58:16 2007 Subject: Performance on 64 bit Linux vs 32 Bit In-Reply-To: <223f97700710230145s67b31f2i15bbcb3021d94254@mail.gmail.com> References: <1193127407.18816.4.camel@localhost.localdomain>, <223f97700710230145s67b31f2i15bbcb3021d94254@mail.gmail.com> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C0714BEEA@server02.bhl.local> One of our mail system is running on 64 bit Fedora core 7 and there doesn't really seem to be any difference in performance between the machines... Just need to be a bit more careful on the libraries you install and make sure you have the compatability libraries. Jason ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen [glenn.steen@gmail.com] Sent: 23 October 2007 09:45 To: MailScanner discussion Subject: Re: Performance on 64 bit Linux vs 32 Bit On 23/10/2007, ram wrote: > I have been using MailScanner on 32 bit centos for quiet some time now > on the ~25 Antispam servers which we have ( MailScanner + Postfix + > Spamassassin + Custom spam engine ) > > Now I was trying to evaluate 64 bit Linux. Would Mailscanner perform > any better on 64 bit linux. I personally have no first-hand experience > of 64 bit linux, I thought of doing some research before I upgrade > Perhaps not that much difference. For very large memory apps, it'd make a world of difference (RDBMS-type things), but MS likely won't benefit from this. Also take into account that most commercial AV-scanners aren't 64-bit, so ... will have to run in 32-bit... with a "slight" overhead. That said, there have been discussions about this a few years back (IIRC)... MS will run OK on Opterons and Intel x86-64 offerings. Do look in the archives, it was a while back, and my memory of that particular discussion is ... pretty vague:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From prandal at herefordshire.gov.uk Tue Oct 23 10:15:42 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Oct 23 10:15:48 2007 Subject: Performance on 64 bit Linux vs 32 Bit In-Reply-To: <1193127407.18816.4.camel@localhost.localdomain> References: <1193127407.18816.4.camel@localhost.localdomain> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA01E054B3@HC-MBX02.herefordshire.gov.uk> We're running it fine here on 64-bit CentOS 5. Dell 2950, 4GB RAM, quad-core Xeon, mirrored hard disks. Using a 64-bit build of McAfee's uvscan along with ClamAV. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of ram > Sent: 23 October 2007 09:17 > To: MailScanner ML > Subject: Performance on 64 bit Linux vs 32 Bit > > I have been using MailScanner on 32 bit centos for quiet some time now > on the ~25 Antispam servers which we have ( MailScanner + Postfix + > Spamassassin + Custom spam engine ) > > Now I was trying to evaluate 64 bit Linux. Would Mailscanner perform > any better on 64 bit linux. I personally have no first-hand experience > of 64 bit linux, I thought of doing some research before I upgrade > > > > > Thanks > Ram > > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ram at netcore.co.in Tue Oct 23 11:14:15 2007 From: ram at netcore.co.in (ram) Date: Tue Oct 23 11:14:26 2007 Subject: Performance on 64 bit Linux vs 32 Bit In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA01E054B3@HC-MBX02.herefordshire.gov.uk> References: <1193127407.18816.4.camel@localhost.localdomain> <7EF0EE5CB3B263488C8C18823239BEBA01E054B3@HC-MBX02.herefordshire.gov.uk> Message-ID: <1193134455.18816.25.camel@localhost.localdomain> On Tue, 2007-10-23 at 10:15 +0100, Randal, Phil wrote: > We're running it fine here on 64-bit CentOS 5. > > Dell 2950, 4GB RAM, quad-core Xeon, mirrored hard disks. > > Using a 64-bit build of McAfee's uvscan along with ClamAV. > > Cheers, > > Phil > On 32-bit Centos 4.4 ( 4GB Ram , 2 x dual core Xeons ) We get upto 20-35k mails hitting the server per hour We run caching DNS and rbldns zones for most "rsyncable" DNS lists for SA ( spamhaus , dsbl , dnswl , sorbs surbl etc ) Most connections , around 85% , get rejected by RBL checks at postfix. The rest of the mails get scanned with nearly 3-5 minutes delay. Though sometimes it oddly takes longer Can this be improved by upgrade to 64-bit. This is what I am looking for Thanks Ram From J.Ede at birchenallhowden.co.uk Tue Oct 23 11:22:04 2007 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Tue Oct 23 11:24:27 2007 Subject: Performance on 64 bit Linux vs 32 Bit In-Reply-To: <1193134455.18816.25.camel@localhost.localdomain> References: <1193127407.18816.4.camel@localhost.localdomain> <7EF0EE5CB3B263488C8C18823239BEBA01E054B3@HC-MBX02.herefordshire.gov.uk>, <1193134455.18816.25.camel@localhost.localdomain> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C0714BEEB@server02.bhl.local> Have you thought of adding greylisting to cut down on the MTA accepted spam further? sqlgrey intgrates nicely although needs mysql to run, but means that all your servers can share a common greylisting policy. ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of ram [ram@netcore.co.in] Sent: 23 October 2007 11:14 To: MailScanner discussion Subject: RE: Performance on 64 bit Linux vs 32 Bit On Tue, 2007-10-23 at 10:15 +0100, Randal, Phil wrote: > We're running it fine here on 64-bit CentOS 5. > > Dell 2950, 4GB RAM, quad-core Xeon, mirrored hard disks. > > Using a 64-bit build of McAfee's uvscan along with ClamAV. > > Cheers, > > Phil > On 32-bit Centos 4.4 ( 4GB Ram , 2 x dual core Xeons ) We get upto 20-35k mails hitting the server per hour We run caching DNS and rbldns zones for most "rsyncable" DNS lists for SA ( spamhaus , dsbl , dnswl , sorbs surbl etc ) Most connections , around 85% , get rejected by RBL checks at postfix. The rest of the mails get scanned with nearly 3-5 minutes delay. Though sometimes it oddly takes longer Can this be improved by upgrade to 64-bit. This is what I am looking for Thanks Ram -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Tue Oct 23 11:39:42 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Oct 23 11:39:45 2007 Subject: Performance on 64 bit Linux vs 32 Bit In-Reply-To: <1193134455.18816.25.camel@localhost.localdomain> References: <1193127407.18816.4.camel@localhost.localdomain> <7EF0EE5CB3B263488C8C18823239BEBA01E054B3@HC-MBX02.herefordshire.gov.uk> <1193134455.18816.25.camel@localhost.localdomain> Message-ID: <223f97700710230339j35c87152s8efa6eb507e1d446@mail.gmail.com> On 23/10/2007, ram wrote: > On Tue, 2007-10-23 at 10:15 +0100, Randal, Phil wrote: > > We're running it fine here on 64-bit CentOS 5. > > > > Dell 2950, 4GB RAM, quad-core Xeon, mirrored hard disks. > > > > Using a 64-bit build of McAfee's uvscan along with ClamAV. > > > > Cheers, > > > > Phil > > > > On 32-bit Centos 4.4 ( 4GB Ram , 2 x dual core Xeons ) > We get upto 20-35k mails hitting the server per hour > > > We run caching DNS and rbldns zones for most "rsyncable" DNS lists for > SA ( spamhaus , dsbl , dnswl , sorbs surbl etc ) > Most connections , around 85% , get rejected by RBL checks at postfix. > > The rest of the mails get scanned with nearly 3-5 minutes delay. Though > sometimes it oddly takes longer > > Can this be improved by upgrade to 64-bit. This is what I am looking > for > > Thanks > Ram That would depend on where your bottlenecks, if any, are... Likely not the "magic bullet" you're looking for though. Since Phil runs uvscan and clamav in 64-bit... He might be able to tell us if there is any measurable difference between a 32-bit and 64-bit incarnation of those two. With the incoming volume you cite, I imagine anything will make a noticeable difference... Heck, the fork/exec time of uvscan would probably be a problem:-). As with any performance tuning... the data you don't have to handle is better than handling data fast ... But I assume you've done what can be done to reduce the incoming volume before rbls... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ram at netcore.co.in Tue Oct 23 13:32:43 2007 From: ram at netcore.co.in (ram) Date: Tue Oct 23 13:36:21 2007 Subject: Performance on 64 bit Linux vs 32 Bit In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C0714BEEB@server02.bhl.local> References: <1193127407.18816.4.camel@localhost.localdomain> <7EF0EE5CB3B263488C8C18823239BEBA01E054B3@HC-MBX02.herefordshire.gov.uk> , <1193134455.18816.25.camel@localhost.localdomain> <4CAB0118AEC63A4FAAE77E6BCBDF760C0714BEEB@server02.bhl.local> Message-ID: <1193142763.18816.42.camel@localhost.localdomain> On Tue, 2007-10-23 at 11:22 +0100, Jason Ede wrote: > Have you thought of adding greylisting to cut down on the MTA accepted spam further? > > sqlgrey intgrates nicely although needs mysql to run, but means that all your servers can share a common greylisting policy. Greylisting has always been on my mind, But IMHO it is a small setup solution. We have ~25 servers behind load balancers. That too with multiple MX and different IDC's I cant see how I can use sqlgrey or any other with a common database efficiently. If any of my customers mails keeps getting "450 Try again" from different MXes , I dont think he is going to be happy. Nor will my boss be :-( Thanks Ram From uxbod at splatnix.net Tue Oct 23 13:38:08 2007 From: uxbod at splatnix.net (UxBoD) Date: Tue Oct 23 13:45:01 2007 Subject: Filename FP ? Message-ID: <19425577.841193143088689.JavaMail.root@office.splatnix.net> Hi, I am running the latest release of MS and noticed this morning that a file to one of our uses got blocked with the following :- MailScanner: Very long filenames are good signs of attacks against Microsoft e-mail packages (467-2007-Flexs.doc) >From what I can see the old thing that triggers this is in filename.rules.conf which has :- deny .{150,} Very long filename, possible OE attack Very long filenames are good signs of attacks against Microsoft e-mail packages Yet if run the following against that filename :- #!/usr/bin/perl $x = "467-2007-Flexs.doc"; if ($x =~ /.{150,}/ ) { print "YES"; } It does not get triggered. Any ideas ? I have looked at SweepOther.pm and nothing jumps out at me :( Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From R.Sterenborg at netsourcing.nl Tue Oct 23 13:57:50 2007 From: R.Sterenborg at netsourcing.nl (Rob Sterenborg) Date: Tue Oct 23 13:58:42 2007 Subject: Performance on 64 bit Linux vs 32 Bit In-Reply-To: <1193142763.18816.42.camel@localhost.localdomain> References: <1193127407.18816.4.camel@localhost.localdomain><7EF0EE5CB3B263488C8C18823239BEBA01E054B3@HC-MBX02.herefordshire.gov.uk>, <1193134455.18816.25.camel@localhost.localdomain><4CAB0118AEC63A4FAAE77E6BCBDF760C0714BEEB@server02.bhl.local> <1193142763.18816.42.camel@localhost.localdomain> Message-ID: <74ACEB3E6A055643A89B8CEC74C7BF2488E1AB@WISENT.dcyb.net> > I cant see how I can use sqlgrey or any other with a common database > efficiently. If any of my customers mails keeps getting "450 > Try again" from different MXes , I dont think he is going to be happy. > Nor will my boss be :-( You're using Postfix which can use Policyd. Policyd uses MySQL and you can setup MySQL in multi-master replication mode. That way each database shares the same information. We have a "slightly" smaller environment so we have only 2 MTA's and 2 MySQL servers (that replicate). It's working for ~10 months now with no problems so far. Grts, Rob From damian at cht.com.ar Tue Oct 23 13:56:55 2007 From: damian at cht.com.ar (Damian Rivas) Date: Tue Oct 23 14:00:49 2007 Subject: Weird Problem with MailScanner Message-ID: <484E9B509664CA499A78F777A2D59A30027640@server6.chtnet.com.ar> Yes Phil of course I can upgrade SA, I'll do that today. I'm following up a tutorial to stop backscattering in sendmail here: http://elqui.dcsc.utfsm.cl/util/email/backscatter.html The thing is that I don't understand how the following part in the access file works (sorry for my ignorance again): ###################### # Reject Forgery - Not requiered for Backscattering ###################### # FOR TEST USE: /usr/lib/sendmail -bt # check_mail --> ACCESS DENIED From:example.com REJECT # check_mail --> ACCESS DENIED From:my.org REJECT ###################### ## Reject Backscatter.... # reject unknown recipients, because SPAMMERS use this to spam other # domains through bounces messages (user unknown). # ############################################## # general rejection strings To:example.com error:5.1.1:"550 User unknown" To:my.org error:5.1.1:"550 User unknown" The first part seems to reject any address of example.com and my.org domains, that part confuses me. The second part, the part I'm really interested has no reject instruction so I'm getting even more confused. As I told you I'm a novice in open source world yet so I'm still getting used to this config files and their sintax. Many people in the inet said that the link I provided you is the definitive solution for sendmail, I hope it does. If someone can explain me those parts, it would be great!!! Thanks all for your tips and help! -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Randal, Phil Enviado el: lunes, 22 de octubre de 2007 18:11 Para: MailScanner discussion Asunto: RE: RE: Weird Problem with MailScanner Is there any chance that you can upgrade to SA 3.1.9 and then do an sa-update? PhiL -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas Sent: 22 October 2007 16:37 To: MailScanner discussion Subject: RE: RE: Weird Problem with MailScanner Phil: The version of Spam Assassin is 3.1.5. Here is the output of MailScanner -v: Running on Linux ns4 2.4.26 #2 Mon Jun 14 19:05:05 PDT 2004 i686 unknown unknown GNU/Linux This is Perl version 5.008004 (5.8.4) This is MailScanner version 4.55.10 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.02 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.72 File::Basename 2.07 File::Copy 2.01 FileHandle 1.06 File::Path 0.16 File::Temp 0.90 Filesys::Df 1.23 HTML::Entities 3.26 HTML::Parser 2.24 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.03 MIME::QuotedPrint 5.420 MIME::Tools 0.11 Net::CIDR 1.08 POSIX 1.77 Socket 1.4 Sys::Hostname::Long 0.17 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.808 DB_File 1.13 DBD::SQLite 1.50 DBI 1.06 Digest missing Digest::HMAC 2.33 Digest::MD5 2.11 Digest::SHA1 missing Inline missing Mail::ClamAV 3.001005 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 1.24 Net::IP missing Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI 2.40 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced missing URI -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Randal, Phil Enviado el: lunes, 22 de octubre de 2007 12:30 Para: MailScanner discussion Asunto: RE: RE: Weird Problem with MailScanner Damian, Which version of Spamassassin are you running? Can you post the output of MailScanner -V Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Damian Rivas > Sent: 22 October 2007 14:42 > To: MailScanner discussion > Subject: RE: RE: Weird Problem with MailScanner > > It catches and accepts e-mails for our pack of domains: cht.com.ar, > aaovyt.com.ar, skalbue.com.ar, hispanoamericana.com.ar, cieduc.com.ar > and ci-educ.com.ar. > > The main problem is that domains like hispanoamericana are way too old > and recieve lots of spam messages. The main domain, cht.com.ar > recieves a lot of mails daily, the problem with this is that it is > difficult for me to find a good filter policy, because as it is a > Travel Agency it recieves mails from hotels and other agencies, so, if > I put a strict filter of "if you are not in my Exchange contact list > you cannot pass" this mails are not likely entering any way and > that is not the idea. > > I'm following up some guidelines that UxBoD sent me in one of the > links to accelerate MS, so I'll let you know if things go better. > > I think that a BackScatter attack is very likely to be happening. > Until these last months, there was never a single problem, so > something strange might have happened to increase the SPAM bombing and > therefore to turn the old server useless. > > And about upgrading memory, I think that it would be cheaper (at least > in Argentina PC100 Memories are very expensive as they aren't produced > anymore) and have more sense to directly make an entire new server, > with better processor and better memory. I was thinking in a 1Ghz > processor, is it ok? Which are the minimum recommended requisites? > > ___________________________________________________ > > Dami?n Rivas > Administrador de Hardware y Redes > Departamento de Sistemas > Consult House Turismo S.A. > Tel: 4315-1900 > email: damian@cht.com.ar > web: www.cht.com.ar > > > -----Mensaje original----- > De: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre > de Jason Ede > Enviado el: lunes, 22 de octubre de 2007 10:08 > Para: MailScanner discussion > Asunto: RE: RE: Weird Problem with MailScanner > > > What domains do you accept email for? Are you sure its not operating > as an open gateway? > > Jason > > From: mailscanner-bounces@lists.mailscanner.info > [mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Damian Rivas [damian@cht.com.ar] > Sent: 22 October 2007 13:48 > To: MailScanner discussion > Subject: RE: Weird Problem with MailScanner > > Ok, here we go again. How was your weekend people? > > Ugo, here is the output you asked for: > > vmstat 5 10: > > procs -----------memory---------- ---swap-- -----io---- --system-- > ----cpu---- > r b swpd free buff cache si so bi bo in > cs us sy > id wa > 0 0 105712 46416 14388 53324 5 3 1 8 13 > 11 21 1 > 78 0 > 0 0 105712 46264 14392 53324 0 0 0 10 111 > 171 0 0 > 99 0 > 0 0 105712 46196 14408 53324 0 0 0 24 108 > 170 0 1 > 99 0 > 0 0 105712 46128 14448 53324 0 0 0 39 112 > 179 0 0 > 100 0 > 0 0 105712 46132 14456 53324 0 0 0 54 124 > 174 0 0 > 100 0 > 1 0 105712 44988 14496 53424 0 0 21 89 123 > 176 8 4 > 88 0 > 0 0 105712 45464 14512 53548 0 0 24 28 110 > 162 8 3 > 89 0 > 0 0 105712 45264 14628 53612 0 0 22 138 138 > 208 9 4 > 87 0 > 0 0 105712 46036 14668 53596 0 0 0 61 114 > 179 0 0 > 100 0 > 2 0 105712 46028 14676 53596 0 0 0 4 105 > 166 0 0 > 100 0 > > I'm also attaching a bit of the output of a tail -f /var/log/maillog > for you to see, there's too much spam and false addresses which > slowing down MS a lot. There are still about 28k messages!(on Friday > there were 45k!!!!). > > UxBoD, you told me to run the init.d script to stop the MS, the > problem is Slackware uses the traditional BSD Init, so I went to the > 'rc.d' directory but couldn't found, or couldn't figure out were the > script for stoping MS is, sorry for my ignorance again. > > As always thank you people for your valuable help. > > Regards.- > > > -----Mensaje original----- > De: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Ugo > Bellavance Enviado el: domingo, 21 de octubre de 2007 11:17 > Para: mailscanner@lists.mailscanner.info > Asunto: Re: Weird Problem with MailScanner > > > Damian Rivas wrote: > > 1) There are 3 MS childs running > > That is way too much. Your system is probably swapping like crazy. > Set it to '1' in /etc/MailScanner/MailScanner.conf and do a 'service > MailScanner restart' (assuming redhat/centos) > > Can you send us the output of : > > 'vmstat 5 10' (will take 50 seconds to execute) > > Did you check if memory was available for this system? If it is and > if it is not too expensive, I'll add at least another 128 (more if you > can). > > Ugo > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From uxbod at splatnix.net Tue Oct 23 13:57:21 2007 From: uxbod at splatnix.net (UxBoD) Date: Tue Oct 23 14:04:12 2007 Subject: Filename FP ? In-Reply-To: <19425577.841193143088689.JavaMail.root@office.splatnix.net> Message-ID: <23747305.901193144241661.JavaMail.root@office.splatnix.net> Hmmm, I have checked maillog and the actual filename which triggered the message was :- Filename Checks: Very long filename, possible OE attack (BCF9B7CF36C.A54BD =?iso-8859-1?Q?467-2007-Flexsys-Substitui=E7=E3o_de_L=E2mpadas=2C_Pusch_B?= =?iso-8859-1?Q?ottoun_e_Chave_de_2_Posi=E7=F5es_em_4_Pain=E9is_na_=E1rea_?= =?iso-8859-1?Q?do_Pastilhamento.doc?=) Is it down to the remote encoding that has caused this to happen ? Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "UxBoD" To: mailscanner@lists.mailscanner.info Sent: Tuesday, October 23, 2007 1:38:08 PM (GMT) Europe/London Subject: Filename FP ? Hi, I am running the latest release of MS and noticed this morning that a file to one of our uses got blocked with the following :- MailScanner: Very long filenames are good signs of attacks against Microsoft e-mail packages (467-2007-Flexs.doc) >From what I can see the old thing that triggers this is in filename.rules.conf which has :- deny .{150,} Very long filename, possible OE attack Very long filenames are good signs of attacks against Microsoft e-mail packages Yet if run the following against that filename :- #!/usr/bin/perl $x = "467-2007-Flexs.doc"; if ($x =~ /.{150,}/ ) { print "YES"; } It does not get triggered. Any ideas ? I have looked at SweepOther.pm and nothing jumps out at me :( Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From prandal at herefordshire.gov.uk Tue Oct 23 14:08:16 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Oct 23 14:08:23 2007 Subject: Weird Problem with MailScanner In-Reply-To: <484E9B509664CA499A78F777A2D59A30027640@server6.chtnet.com.ar> References: <484E9B509664CA499A78F777A2D59A30027640@server6.chtnet.com.ar> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA01E05574@HC-MBX02.herefordshire.gov.uk> The key thing is to do the sa-update (or sa-update -D) after upgrading to SA 3.1.9 Don't try to go to 3.2.3 - it will be much slower on your hardware. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Damian Rivas > Sent: 23 October 2007 13:57 > To: MailScanner discussion > Subject: RE: RE: Weird Problem with MailScanner > > Yes Phil of course I can upgrade SA, I'll do that today. > > I'm following up a tutorial to stop backscattering in > sendmail here: http://elqui.dcsc.utfsm.cl/util/email/backscatter.html > > The thing is that I don't understand how the following part > in the access file works (sorry for my ignorance again): > > ###################### > # Reject Forgery - Not requiered for Backscattering > ###################### > # FOR TEST USE: /usr/lib/sendmail -bt > # check_mail --> ACCESS DENIED > From:example.com REJECT > # check_mail --> ACCESS DENIED > From:my.org REJECT > > > ###################### > ## Reject Backscatter.... > # reject unknown recipients, because SPAMMERS use this to spam other > # domains through bounces messages (user unknown). > # > ############################################## > # general rejection strings > To:example.com error:5.1.1:"550 User unknown" > To:my.org error:5.1.1:"550 User unknown" > > > The first part seems to reject any address of example.com and > my.org domains, that part confuses me. > The second part, the part I'm really interested has no reject > instruction so I'm getting even more confused. As I told you > I'm a novice in open source world yet so I'm still getting > used to this config files and their sintax. > > Many people in the inet said that the link I provided you is > the definitive solution for sendmail, I hope it does. If > someone can explain me those parts, it would be great!!! > > Thanks all for your tips and help! > > > > > -----Mensaje original----- > De: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre > de Randal, Phil > Enviado el: lunes, 22 de octubre de 2007 18:11 > Para: MailScanner discussion > Asunto: RE: RE: Weird Problem with MailScanner > > > Is there any chance that you can upgrade to SA 3.1.9 and then > do an sa-update? > > PhiL > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Damian Rivas > Sent: 22 October 2007 16:37 > To: MailScanner discussion > Subject: RE: RE: Weird Problem with MailScanner > > Phil: > > The version of Spam Assassin is 3.1.5. > > Here is the output of MailScanner -v: > > Running on > Linux ns4 2.4.26 #2 Mon Jun 14 19:05:05 PDT 2004 i686 unknown > unknown GNU/Linux This is Perl version 5.008004 (5.8.4) > > This is MailScanner version 4.55.10 > Module versions are: > 1.00 AnyDBM_File > 1.14 Archive::Zip > 1.02 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.72 File::Basename > 2.07 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.16 File::Temp > 0.90 Filesys::Df > 1.23 HTML::Entities > 3.26 HTML::Parser > 2.24 HTML::TokeParser > 1.21 IO > 1.10 IO::File > 1.123 IO::Pipe > 1.50 Mail::Header > 3.05 MIME::Base64 > 5.420 MIME::Decoder > 5.420 MIME::Decoder::UU > 5.420 MIME::Head > 5.420 MIME::Parser > 3.03 MIME::QuotedPrint > 5.420 MIME::Tools > 0.11 Net::CIDR > 1.08 POSIX > 1.77 Socket > 1.4 Sys::Hostname::Long > 0.17 Sys::Syslog > 1.86 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 0.17 Convert::TNEF > 1.808 DB_File > 1.13 DBD::SQLite > 1.50 DBI > 1.06 Digest > missing Digest::HMAC > 2.33 Digest::MD5 > 2.11 Digest::SHA1 > missing Inline > missing Mail::ClamAV > 3.001005 Mail::SpamAssassin > missing Mail::SPF::Query > missing Net::CIDR::Lite > 1.24 Net::IP > missing Net::DNS > missing Net::LDAP > missing Parse::RecDescent > missing SAVI > 2.40 Test::Harness > 0.47 Test::Simple > 1.95 Text::Balanced > missing URI > > > -----Mensaje original----- > De: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre > de Randal, Phil Enviado el: lunes, 22 de octubre de 2007 12:30 > Para: MailScanner discussion > Asunto: RE: RE: Weird Problem with MailScanner > > > Damian, > > Which version of Spamassassin are you running? > > Can you post the output of > > MailScanner -V > > Cheers, > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Damian Rivas > > Sent: 22 October 2007 14:42 > > To: MailScanner discussion > > Subject: RE: RE: Weird Problem with MailScanner > > > > It catches and accepts e-mails for our pack of domains: cht.com.ar, > > aaovyt.com.ar, skalbue.com.ar, hispanoamericana.com.ar, > cieduc.com.ar > > and ci-educ.com.ar. > > > > The main problem is that domains like hispanoamericana are > way too old > > and recieve lots of spam messages. The main domain, cht.com.ar > > recieves a lot of mails daily, the problem with this is that it is > > difficult for me to find a good filter policy, because as it is a > > Travel Agency it recieves mails from hotels and other > agencies, so, if > > I put a strict filter of "if you are not in my Exchange > contact list > > you cannot pass" this mails are not likely entering any way and > > that is not the idea. > > > > I'm following up some guidelines that UxBoD sent me in one of the > > links to accelerate MS, so I'll let you know if things go better. > > > > I think that a BackScatter attack is very likely to be happening. > > Until these last months, there was never a single problem, so > > something strange might have happened to increase the SPAM > bombing and > > therefore to turn the old server useless. > > > > And about upgrading memory, I think that it would be > cheaper (at least > > in Argentina PC100 Memories are very expensive as they > aren't produced > > anymore) and have more sense to directly make an entire new server, > > with better processor and better memory. I was thinking in a 1Ghz > > processor, is it ok? Which are the minimum recommended requisites? > > > > ___________________________________________________ > > > > Dami?n Rivas > > Administrador de Hardware y Redes > > Departamento de Sistemas > > Consult House Turismo S.A. > > Tel: 4315-1900 > > email: damian@cht.com.ar > > web: www.cht.com.ar > > > > > > -----Mensaje original----- > > De: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre > > de Jason Ede > > Enviado el: lunes, 22 de octubre de 2007 10:08 > > Para: MailScanner discussion > > Asunto: RE: RE: Weird Problem with MailScanner > > > > > > What domains do you accept email for? Are you sure its not > operating > > as an open gateway? > > > > Jason > > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > Damian Rivas [damian@cht.com.ar] > > Sent: 22 October 2007 13:48 > > To: MailScanner discussion > > Subject: RE: Weird Problem with MailScanner > > > > Ok, here we go again. How was your weekend people? > > > > Ugo, here is the output you asked for: > > > > vmstat 5 10: > > > > procs -----------memory---------- ---swap-- -----io---- --system-- > > ----cpu---- > > r b swpd free buff cache si so bi bo in > > cs us sy > > id wa > > 0 0 105712 46416 14388 53324 5 3 1 8 13 > > 11 21 1 > > 78 0 > > 0 0 105712 46264 14392 53324 0 0 0 10 111 > > 171 0 0 > > 99 0 > > 0 0 105712 46196 14408 53324 0 0 0 24 108 > > 170 0 1 > > 99 0 > > 0 0 105712 46128 14448 53324 0 0 0 39 112 > > 179 0 0 > > 100 0 > > 0 0 105712 46132 14456 53324 0 0 0 54 124 > > 174 0 0 > > 100 0 > > 1 0 105712 44988 14496 53424 0 0 21 89 123 > > 176 8 4 > > 88 0 > > 0 0 105712 45464 14512 53548 0 0 24 28 110 > > 162 8 3 > > 89 0 > > 0 0 105712 45264 14628 53612 0 0 22 138 138 > > 208 9 4 > > 87 0 > > 0 0 105712 46036 14668 53596 0 0 0 61 114 > > 179 0 0 > > 100 0 > > 2 0 105712 46028 14676 53596 0 0 0 4 105 > > 166 0 0 > > 100 0 > > > > I'm also attaching a bit of the output of a tail -f > /var/log/maillog > > for you to see, there's too much spam and false addresses which > > slowing down MS a lot. There are still about 28k > messages!(on Friday > > there were 45k!!!!). > > > > UxBoD, you told me to run the init.d script to stop the MS, the > > problem is Slackware uses the traditional BSD Init, so I > went to the > > 'rc.d' directory but couldn't found, or couldn't figure out > were the > > script for stoping MS is, sorry for my ignorance again. > > > > As always thank you people for your valuable help. > > > > Regards.- > > > > > > -----Mensaje original----- > > De: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] En > nombre de Ugo > > Bellavance Enviado el: domingo, 21 de octubre de 2007 11:17 > > Para: mailscanner@lists.mailscanner.info > > Asunto: Re: Weird Problem with MailScanner > > > > > > Damian Rivas wrote: > > > 1) There are 3 MS childs running > > > > That is way too much. Your system is probably swapping like crazy. > > Set it to '1' in /etc/MailScanner/MailScanner.conf and do a > 'service > > MailScanner restart' (assuming redhat/centos) > > > > Can you send us the output of : > > > > 'vmstat 5 10' (will take 50 seconds to execute) > > > > Did you check if memory was available for this system? If > it is and > > if it is not too expensive, I'll add at least another 128 > (more if you > > can). > > > > Ugo > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From J.Ede at birchenallhowden.co.uk Tue Oct 23 14:08:07 2007 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Tue Oct 23 14:10:06 2007 Subject: Performance on 64 bit Linux vs 32 Bit In-Reply-To: <74ACEB3E6A055643A89B8CEC74C7BF2488E1AB@WISENT.dcyb.net> References: <1193127407.18816.4.camel@localhost.localdomain><7EF0EE5CB3B263488C8C18823239BEBA01E054B3@HC-MBX02.herefordshire.gov.uk>, <1193134455.18816.25.camel@localhost.localdomain><4CAB0118AEC63A4FAAE77E6BCBDF760C0714BEEB@server02.bhl.local> <1193142763.18816.42.camel@localhost.localdomain>, <74ACEB3E6A055643A89B8CEC74C7BF2488E1AB@WISENT.dcyb.net> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C0714BEEC@server02.bhl.local> Although this is a little off topic I don't suppose you have any info on how to set mysql up that way? Currently we just have a central mysql sqlgrey server, but it doesn't tend to like it much when it loses the mysql connection. ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rob Sterenborg [R.Sterenborg@netsourcing.nl] Sent: 23 October 2007 13:57 To: MailScanner discussion Subject: RE: Performance on 64 bit Linux vs 32 Bit > I cant see how I can use sqlgrey or any other with a common database > efficiently. If any of my customers mails keeps getting "450 > Try again" from different MXes , I dont think he is going to be happy. > Nor will my boss be :-( You're using Postfix which can use Policyd. Policyd uses MySQL and you can setup MySQL in multi-master replication mode. That way each database shares the same information. We have a "slightly" smaller environment so we have only 2 MTA's and 2 MySQL servers (that replicate). It's working for ~10 months now with no problems so far. Grts, Rob -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From damian at cht.com.ar Tue Oct 23 14:38:36 2007 From: damian at cht.com.ar (Damian Rivas) Date: Tue Oct 23 14:42:31 2007 Subject: Weird Problem with MailScanner Message-ID: <484E9B509664CA499A78F777A2D59A30027642@server6.chtnet.com.ar> I'm getting this message when trying to perform sa-update: Can't locate Net/DNS.pm in @INC (@INC contains: /usr/lib/perl5/site_perl/5.8.4/i486-linux /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/5.8.4/i486-linux /usr/lib/perl5/5.8.4 /usr/lib/perl5/site_perl) at /usr/bin/sa-update line 88. BEGIN failed--compilation aborted at /usr/bin/sa-update line 88. Could it be my Perl version? ___________________________________________________ Dami?n Rivas Administrador de Hardware y Redes Departamento de Sistemas Consult House Turismo S.A. Tel: 4315-1900 email: damian@cht.com.ar web: www.cht.com.ar -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Randal, Phil Enviado el: martes, 23 de octubre de 2007 10:08 Para: MailScanner discussion Asunto: RE: RE: Weird Problem with MailScanner The key thing is to do the sa-update (or sa-update -D) after upgrading to SA 3.1.9 Don't try to go to 3.2.3 - it will be much slower on your hardware. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Damian Rivas > Sent: 23 October 2007 13:57 > To: MailScanner discussion > Subject: RE: RE: Weird Problem with MailScanner > > Yes Phil of course I can upgrade SA, I'll do that today. > > I'm following up a tutorial to stop backscattering in > sendmail here: http://elqui.dcsc.utfsm.cl/util/email/backscatter.html > > The thing is that I don't understand how the following part > in the access file works (sorry for my ignorance again): > > ###################### > # Reject Forgery - Not requiered for Backscattering > ###################### > # FOR TEST USE: /usr/lib/sendmail -bt > # check_mail --> ACCESS DENIED > From:example.com REJECT > # check_mail --> ACCESS DENIED > From:my.org REJECT > > > ###################### > ## Reject Backscatter.... > # reject unknown recipients, because SPAMMERS use this to spam other # > domains through bounces messages (user unknown). # > ############################################## > # general rejection strings > To:example.com error:5.1.1:"550 User unknown" > To:my.org error:5.1.1:"550 User unknown" > > > The first part seems to reject any address of example.com and > my.org domains, that part confuses me. > The second part, the part I'm really interested has no reject > instruction so I'm getting even more confused. As I told you > I'm a novice in open source world yet so I'm still getting > used to this config files and their sintax. > > Many people in the inet said that the link I provided you is > the definitive solution for sendmail, I hope it does. If > someone can explain me those parts, it would be great!!! > > Thanks all for your tips and help! > > > > > -----Mensaje original----- > De: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre > de Randal, Phil > Enviado el: lunes, 22 de octubre de 2007 18:11 > Para: MailScanner discussion > Asunto: RE: RE: Weird Problem with MailScanner > > > Is there any chance that you can upgrade to SA 3.1.9 and then > do an sa-update? > > PhiL > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Damian Rivas > Sent: 22 October 2007 16:37 > To: MailScanner discussion > Subject: RE: RE: Weird Problem with MailScanner > > Phil: > > The version of Spam Assassin is 3.1.5. > > Here is the output of MailScanner -v: > > Running on > Linux ns4 2.4.26 #2 Mon Jun 14 19:05:05 PDT 2004 i686 unknown > unknown GNU/Linux This is Perl version 5.008004 (5.8.4) > > This is MailScanner version 4.55.10 > Module versions are: > 1.00 AnyDBM_File > 1.14 Archive::Zip > 1.02 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.72 File::Basename > 2.07 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.16 File::Temp > 0.90 Filesys::Df > 1.23 HTML::Entities > 3.26 HTML::Parser > 2.24 HTML::TokeParser > 1.21 IO > 1.10 IO::File > 1.123 IO::Pipe > 1.50 Mail::Header > 3.05 MIME::Base64 > 5.420 MIME::Decoder > 5.420 MIME::Decoder::UU > 5.420 MIME::Head > 5.420 MIME::Parser > 3.03 MIME::QuotedPrint > 5.420 MIME::Tools > 0.11 Net::CIDR > 1.08 POSIX > 1.77 Socket > 1.4 Sys::Hostname::Long > 0.17 Sys::Syslog > 1.86 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 0.17 Convert::TNEF > 1.808 DB_File > 1.13 DBD::SQLite > 1.50 DBI > 1.06 Digest > missing Digest::HMAC > 2.33 Digest::MD5 > 2.11 Digest::SHA1 > missing Inline > missing Mail::ClamAV > 3.001005 Mail::SpamAssassin > missing Mail::SPF::Query > missing Net::CIDR::Lite > 1.24 Net::IP > missing Net::DNS > missing Net::LDAP > missing Parse::RecDescent > missing SAVI > 2.40 Test::Harness > 0.47 Test::Simple > 1.95 Text::Balanced > missing URI > > > -----Mensaje original----- > De: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre > de Randal, Phil Enviado el: lunes, 22 de octubre de 2007 12:30 > Para: MailScanner discussion > Asunto: RE: RE: Weird Problem with MailScanner > > > Damian, > > Which version of Spamassassin are you running? > > Can you post the output of > > MailScanner -V > > Cheers, > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > Damian Rivas > > Sent: 22 October 2007 14:42 > > To: MailScanner discussion > > Subject: RE: RE: Weird Problem with MailScanner > > > > It catches and accepts e-mails for our pack of domains: cht.com.ar, > > aaovyt.com.ar, skalbue.com.ar, hispanoamericana.com.ar, > cieduc.com.ar > > and ci-educ.com.ar. > > > > The main problem is that domains like hispanoamericana are > way too old > > and recieve lots of spam messages. The main domain, cht.com.ar > > recieves a lot of mails daily, the problem with this is that it is > > difficult for me to find a good filter policy, because as it is a > > Travel Agency it recieves mails from hotels and other > agencies, so, if > > I put a strict filter of "if you are not in my Exchange > contact list > > you cannot pass" this mails are not likely entering any way and that > > is not the idea. > > > > I'm following up some guidelines that UxBoD sent me in one of the > > links to accelerate MS, so I'll let you know if things go better. > > > > I think that a BackScatter attack is very likely to be happening. > > Until these last months, there was never a single problem, so > > something strange might have happened to increase the SPAM > bombing and > > therefore to turn the old server useless. > > > > And about upgrading memory, I think that it would be > cheaper (at least > > in Argentina PC100 Memories are very expensive as they > aren't produced > > anymore) and have more sense to directly make an entire new server, > > with better processor and better memory. I was thinking in a 1Ghz > > processor, is it ok? Which are the minimum recommended requisites? > > > > ___________________________________________________ > > > > Dami?n Rivas > > Administrador de Hardware y Redes > > Departamento de Sistemas > > Consult House Turismo S.A. > > Tel: 4315-1900 > > email: damian@cht.com.ar > > web: www.cht.com.ar > > > > > > -----Mensaje original----- > > De: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de > > Jason Ede Enviado el: lunes, 22 de octubre de 2007 10:08 > > Para: MailScanner discussion > > Asunto: RE: RE: Weird Problem with MailScanner > > > > > > What domains do you accept email for? Are you sure its not > operating > > as an open gateway? > > > > Jason > > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian > > Rivas [damian@cht.com.ar] > > Sent: 22 October 2007 13:48 > > To: MailScanner discussion > > Subject: RE: Weird Problem with MailScanner > > > > Ok, here we go again. How was your weekend people? > > > > Ugo, here is the output you asked for: > > > > vmstat 5 10: > > > > procs -----------memory---------- ---swap-- -----io---- --system-- > > ----cpu---- > > r b swpd free buff cache si so bi bo in > > cs us sy > > id wa > > 0 0 105712 46416 14388 53324 5 3 1 8 13 > > 11 21 1 > > 78 0 > > 0 0 105712 46264 14392 53324 0 0 0 10 111 > > 171 0 0 > > 99 0 > > 0 0 105712 46196 14408 53324 0 0 0 24 108 > > 170 0 1 > > 99 0 > > 0 0 105712 46128 14448 53324 0 0 0 39 112 > > 179 0 0 > > 100 0 > > 0 0 105712 46132 14456 53324 0 0 0 54 124 > > 174 0 0 > > 100 0 > > 1 0 105712 44988 14496 53424 0 0 21 89 123 > > 176 8 4 > > 88 0 > > 0 0 105712 45464 14512 53548 0 0 24 28 110 > > 162 8 3 > > 89 0 > > 0 0 105712 45264 14628 53612 0 0 22 138 138 > > 208 9 4 > > 87 0 > > 0 0 105712 46036 14668 53596 0 0 0 61 114 > > 179 0 0 > > 100 0 > > 2 0 105712 46028 14676 53596 0 0 0 4 105 > > 166 0 0 > > 100 0 > > > > I'm also attaching a bit of the output of a tail -f > /var/log/maillog > > for you to see, there's too much spam and false addresses which > > slowing down MS a lot. There are still about 28k > messages!(on Friday > > there were 45k!!!!). > > > > UxBoD, you told me to run the init.d script to stop the MS, the > > problem is Slackware uses the traditional BSD Init, so I > went to the > > 'rc.d' directory but couldn't found, or couldn't figure out > were the > > script for stoping MS is, sorry for my ignorance again. > > > > As always thank you people for your valuable help. > > > > Regards.- > > > > > > -----Mensaje original----- > > De: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] En > nombre de Ugo > > Bellavance Enviado el: domingo, 21 de octubre de 2007 11:17 > > Para: mailscanner@lists.mailscanner.info > > Asunto: Re: Weird Problem with MailScanner > > > > > > Damian Rivas wrote: > > > 1) There are 3 MS childs running > > > > That is way too much. Your system is probably swapping like crazy. > > Set it to '1' in /etc/MailScanner/MailScanner.conf and do a > 'service > > MailScanner restart' (assuming redhat/centos) > > > > Can you send us the output of : > > > > 'vmstat 5 10' (will take 50 seconds to execute) > > > > Did you check if memory was available for this system? If > it is and > > if it is not too expensive, I'll add at least another 128 > (more if you > > can). > > > > Ugo > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From R.Sterenborg at netsourcing.nl Tue Oct 23 14:55:59 2007 From: R.Sterenborg at netsourcing.nl (Rob Sterenborg) Date: Tue Oct 23 14:56:57 2007 Subject: Performance on 64 bit Linux vs 32 Bit In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C0714BEEC@server02.bhl.local> References: <1193127407.18816.4.camel@localhost.localdomain><7EF0EE5CB3B263488C8C18823239BEBA01E054B3@HC-MBX02.herefordshire.gov.uk>, <1193134455.18816.25.camel@localhost.localdomain><4CAB0118AEC63A4FAAE77E6BCBDF760C0714BEEB@server02.bhl.local><1193142763.18816.42.camel@localhost.localdomain>, <74ACEB3E6A055643A89B8CEC74C7BF2488E1AB@WISENT.dcyb.net> <4CAB0118AEC63A4FAAE77E6BCBDF760C0714BEEC@server02.bhl.local> Message-ID: <74ACEB3E6A055643A89B8CEC74C7BF2488E1AC@WISENT.dcyb.net> mailscanner-bounces@lists.mailscanner.info wrote: > Although this is a little off topic I don't suppose you have Yes it is.. ;-) > any info on how to set mysql up that way? Currently we just > have a central mysql sqlgrey server, but it doesn't tend to > like it much when it loses the mysql connection. I don't know if it'll solve that problem: you'd have to be able to configure SQLGrey for multiple MySQL servers. A MySQL cluster where each server replicates it's data but behaves as 1 would be more suitable. I don't know if that's possible. If you want details on our config anyway, please email me privately. Grts, Rob From prandal at herefordshire.gov.uk Tue Oct 23 15:56:53 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Oct 23 15:57:00 2007 Subject: Weird Problem with MailScanner In-Reply-To: <484E9B509664CA499A78F777A2D59A30027642@server6.chtnet.com.ar> References: <484E9B509664CA499A78F777A2D59A30027642@server6.chtnet.com.ar> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA01E055B3@HC-MBX02.herefordshire.gov.uk> You need to install the perl Net::DNS module from CPAN (or by other means). Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Damian Rivas > Sent: 23 October 2007 14:39 > To: MailScanner discussion > Subject: RE: RE: Weird Problem with MailScanner > > I'm getting this message when trying to perform sa-update: > > Can't locate Net/DNS.pm in @INC (@INC contains: > /usr/lib/perl5/site_perl/5.8.4/i486-linux > /usr/lib/perl5/site_perl/5.8.4 > /usr/lib/perl5/5.8.4/i486-linux /usr/lib/perl5/5.8.4 > /usr/lib/perl5/site_perl) at /usr/bin/sa-update line 88. > BEGIN failed--compilation aborted at /usr/bin/sa-update line 88. > > Could it be my Perl version? > > ___________________________________________________ > > Dami?n Rivas > Administrador de Hardware y Redes > Departamento de Sistemas > Consult House Turismo S.A. > Tel: 4315-1900 > email: damian@cht.com.ar > web: www.cht.com.ar > > > -----Mensaje original----- > De: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre > de Randal, Phil > Enviado el: martes, 23 de octubre de 2007 10:08 > Para: MailScanner discussion > Asunto: RE: RE: Weird Problem with MailScanner > > > The key thing is to do the sa-update (or sa-update -D) after > upgrading to SA 3.1.9 > > Don't try to go to 3.2.3 - it will be much slower on your hardware. > > Cheers, > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Damian Rivas > > Sent: 23 October 2007 13:57 > > To: MailScanner discussion > > Subject: RE: RE: Weird Problem with MailScanner > > > > Yes Phil of course I can upgrade SA, I'll do that today. > > > > I'm following up a tutorial to stop backscattering in > > sendmail here: > http://elqui.dcsc.utfsm.cl/util/email/backscatter.html > > > > The thing is that I don't understand how the following part > > in the access file works (sorry for my ignorance again): > > > > ###################### > > # Reject Forgery - Not requiered for Backscattering > > ###################### > > # FOR TEST USE: /usr/lib/sendmail -bt > > # check_mail --> ACCESS DENIED > > From:example.com REJECT > > # check_mail --> ACCESS DENIED > > From:my.org REJECT > > > > > > ###################### > > ## Reject Backscatter.... > > # reject unknown recipients, because SPAMMERS use this to > spam other # > > domains through bounces messages (user unknown). # > > ############################################## > > # general rejection strings > > To:example.com error:5.1.1:"550 User unknown" > > To:my.org error:5.1.1:"550 User unknown" > > > > > > The first part seems to reject any address of example.com and > > my.org domains, that part confuses me. > > The second part, the part I'm really interested has no reject > > instruction so I'm getting even more confused. As I told you > > I'm a novice in open source world yet so I'm still getting > > used to this config files and their sintax. > > > > Many people in the inet said that the link I provided you is > > the definitive solution for sendmail, I hope it does. If > > someone can explain me those parts, it would be great!!! > > > > Thanks all for your tips and help! > > > > > > > > > > -----Mensaje original----- > > De: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre > > de Randal, Phil > > Enviado el: lunes, 22 de octubre de 2007 18:11 > > Para: MailScanner discussion > > Asunto: RE: RE: Weird Problem with MailScanner > > > > > > Is there any chance that you can upgrade to SA 3.1.9 and then > > do an sa-update? > > > > PhiL > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Damian Rivas > > Sent: 22 October 2007 16:37 > > To: MailScanner discussion > > Subject: RE: RE: Weird Problem with MailScanner > > > > Phil: > > > > The version of Spam Assassin is 3.1.5. > > > > Here is the output of MailScanner -v: > > > > Running on > > Linux ns4 2.4.26 #2 Mon Jun 14 19:05:05 PDT 2004 i686 unknown > > unknown GNU/Linux This is Perl version 5.008004 (5.8.4) > > > > This is MailScanner version 4.55.10 > > Module versions are: > > 1.00 AnyDBM_File > > 1.14 Archive::Zip > > 1.02 Carp > > 1.119 Convert::BinHex > > 1.00 DirHandle > > 1.05 Fcntl > > 2.72 File::Basename > > 2.07 File::Copy > > 2.01 FileHandle > > 1.06 File::Path > > 0.16 File::Temp > > 0.90 Filesys::Df > > 1.23 HTML::Entities > > 3.26 HTML::Parser > > 2.24 HTML::TokeParser > > 1.21 IO > > 1.10 IO::File > > 1.123 IO::Pipe > > 1.50 Mail::Header > > 3.05 MIME::Base64 > > 5.420 MIME::Decoder > > 5.420 MIME::Decoder::UU > > 5.420 MIME::Head > > 5.420 MIME::Parser > > 3.03 MIME::QuotedPrint > > 5.420 MIME::Tools > > 0.11 Net::CIDR > > 1.08 POSIX > > 1.77 Socket > > 1.4 Sys::Hostname::Long > > 0.17 Sys::Syslog > > 1.86 Time::HiRes > > 1.02 Time::localtime > > > > Optional module versions are: > > 0.17 Convert::TNEF > > 1.808 DB_File > > 1.13 DBD::SQLite > > 1.50 DBI > > 1.06 Digest > > missing Digest::HMAC > > 2.33 Digest::MD5 > > 2.11 Digest::SHA1 > > missing Inline > > missing Mail::ClamAV > > 3.001005 Mail::SpamAssassin > > missing Mail::SPF::Query > > missing Net::CIDR::Lite > > 1.24 Net::IP > > missing Net::DNS > > missing Net::LDAP > > missing Parse::RecDescent > > missing SAVI > > 2.40 Test::Harness > > 0.47 Test::Simple > > 1.95 Text::Balanced > > missing URI > > > > > > -----Mensaje original----- > > De: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre > > de Randal, Phil Enviado el: lunes, 22 de octubre de 2007 12:30 > > Para: MailScanner discussion > > Asunto: RE: RE: Weird Problem with MailScanner > > > > > > Damian, > > > > Which version of Spamassassin are you running? > > > > Can you post the output of > > > > MailScanner -V > > > > Cheers, > > > > Phil > > > > -- > > Phil Randal > > Network Engineer > > Herefordshire Council > > Hereford, UK > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > > Damian Rivas > > > Sent: 22 October 2007 14:42 > > > To: MailScanner discussion > > > Subject: RE: RE: Weird Problem with MailScanner > > > > > > It catches and accepts e-mails for our pack of domains: > cht.com.ar, > > > aaovyt.com.ar, skalbue.com.ar, hispanoamericana.com.ar, > > cieduc.com.ar > > > and ci-educ.com.ar. > > > > > > The main problem is that domains like hispanoamericana are > > way too old > > > and recieve lots of spam messages. The main domain, cht.com.ar > > > recieves a lot of mails daily, the problem with this is > that it is > > > difficult for me to find a good filter policy, because as it is a > > > Travel Agency it recieves mails from hotels and other > > agencies, so, if > > > I put a strict filter of "if you are not in my Exchange > > contact list > > > you cannot pass" this mails are not likely entering any > way and that > > > is not the idea. > > > > > > I'm following up some guidelines that UxBoD sent me in one of the > > > links to accelerate MS, so I'll let you know if things go better. > > > > > > I think that a BackScatter attack is very likely to be happening. > > > Until these last months, there was never a single problem, so > > > something strange might have happened to increase the SPAM > > bombing and > > > therefore to turn the old server useless. > > > > > > And about upgrading memory, I think that it would be > > cheaper (at least > > > in Argentina PC100 Memories are very expensive as they > > aren't produced > > > anymore) and have more sense to directly make an entire > new server, > > > with better processor and better memory. I was thinking in a 1Ghz > > > processor, is it ok? Which are the minimum recommended requisites? > > > > > > ___________________________________________________ > > > > > > Dami?n Rivas > > > Administrador de Hardware y Redes > > > Departamento de Sistemas > > > Consult House Turismo S.A. > > > Tel: 4315-1900 > > > email: damian@cht.com.ar > > > web: www.cht.com.ar > > > > > > > > > -----Mensaje original----- > > > De: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de > > > Jason Ede Enviado el: lunes, 22 de octubre de 2007 10:08 > > > Para: MailScanner discussion > > > Asunto: RE: RE: Weird Problem with MailScanner > > > > > > > > > What domains do you accept email for? Are you sure its not > > operating > > > as an open gateway? > > > > > > Jason > > > > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian > > > Rivas [damian@cht.com.ar] > > > Sent: 22 October 2007 13:48 > > > To: MailScanner discussion > > > Subject: RE: Weird Problem with MailScanner > > > > > > Ok, here we go again. How was your weekend people? > > > > > > Ugo, here is the output you asked for: > > > > > > vmstat 5 10: > > > > > > procs -----------memory---------- ---swap-- -----io---- --system-- > > > ----cpu---- > > > r b swpd free buff cache si so bi bo in > > > cs us sy > > > id wa > > > 0 0 105712 46416 14388 53324 5 3 1 8 13 > > > 11 21 1 > > > 78 0 > > > 0 0 105712 46264 14392 53324 0 0 0 10 111 > > > 171 0 0 > > > 99 0 > > > 0 0 105712 46196 14408 53324 0 0 0 24 108 > > > 170 0 1 > > > 99 0 > > > 0 0 105712 46128 14448 53324 0 0 0 39 112 > > > 179 0 0 > > > 100 0 > > > 0 0 105712 46132 14456 53324 0 0 0 54 124 > > > 174 0 0 > > > 100 0 > > > 1 0 105712 44988 14496 53424 0 0 21 89 123 > > > 176 8 4 > > > 88 0 > > > 0 0 105712 45464 14512 53548 0 0 24 28 110 > > > 162 8 3 > > > 89 0 > > > 0 0 105712 45264 14628 53612 0 0 22 138 138 > > > 208 9 4 > > > 87 0 > > > 0 0 105712 46036 14668 53596 0 0 0 61 114 > > > 179 0 0 > > > 100 0 > > > 2 0 105712 46028 14676 53596 0 0 0 4 105 > > > 166 0 0 > > > 100 0 > > > > > > I'm also attaching a bit of the output of a tail -f > > /var/log/maillog > > > for you to see, there's too much spam and false addresses which > > > slowing down MS a lot. There are still about 28k > > messages!(on Friday > > > there were 45k!!!!). > > > > > > UxBoD, you told me to run the init.d script to stop the MS, the > > > problem is Slackware uses the traditional BSD Init, so I > > went to the > > > 'rc.d' directory but couldn't found, or couldn't figure out > > were the > > > script for stoping MS is, sorry for my ignorance again. > > > > > > As always thank you people for your valuable help. > > > > > > Regards.- > > > > > > > > > -----Mensaje original----- > > > De: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] En > > nombre de Ugo > > > Bellavance Enviado el: domingo, 21 de octubre de 2007 11:17 > > > Para: mailscanner@lists.mailscanner.info > > > Asunto: Re: Weird Problem with MailScanner > > > > > > > > > Damian Rivas wrote: > > > > 1) There are 3 MS childs running > > > > > > That is way too much. Your system is probably swapping like crazy. > > > Set it to '1' in /etc/MailScanner/MailScanner.conf and do a > > 'service > > > MailScanner restart' (assuming redhat/centos) > > > > > > Can you send us the output of : > > > > > > 'vmstat 5 10' (will take 50 seconds to execute) > > > > > > Did you check if memory was available for this system? If > > it is and > > > if it is not too expensive, I'll add at least another 128 > > (more if you > > > can). > > > > > > Ugo > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From damian at cht.com.ar Tue Oct 23 15:57:59 2007 From: damian at cht.com.ar (Damian Rivas) Date: Tue Oct 23 16:01:50 2007 Subject: Weird Problem with MailScanner Message-ID: <484E9B509664CA499A78F777A2D59A30027648@server6.chtnet.com.ar> Ok I finally understand what this tutorial(http://elqui.dcsc.utfsm.cl/util/email/backscatter.html) means in the parts I pasted before. According to that document you have to specify the valid addresses one by one and the backscattering filter just catch all the rest and throw them to trash. ###################### ## Reject Backscatter.... # reject unknown recipients, because SPAMMERS use this to spam other # domains through bounces messages (user unknown). # ############################################## # general rejection strings To:example.com error:5.1.1:"550 User unknown" To:my.org error:5.1.1:"550 User unknown" # ################################################ # Valid internal EMAIL addresses # To:john.doe@example.com RELAY To:jane.joe@my.org RELAY To:postmaster@example.com RELAY etc... The problem with this is that I have too many addresses and it would be really tedious to write them all, aren't there a more human and nice way? Oh and by the way, thanks Kevin I've managed to configured filtering in my MS Exchange server, thanks for the documentation! My sendmail is 8.12.11, greet pause was released only for 8.13 versions or are there some for the latest 8.12? From damian at cht.com.ar Tue Oct 23 16:01:23 2007 From: damian at cht.com.ar (Damian Rivas) Date: Tue Oct 23 16:05:15 2007 Subject: Weird Problem with MailScanner Message-ID: <484E9B509664CA499A78F777A2D59A30027649@server6.chtnet.com.ar> Yeah, I've realized that. There are other files missing, so I'm searching libraries and more libraries. -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Randal, Phil Enviado el: martes, 23 de octubre de 2007 11:57 Para: MailScanner discussion Asunto: RE: RE: Weird Problem with MailScanner You need to install the perl Net::DNS module from CPAN (or by other means). Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK From J.Ede at birchenallhowden.co.uk Tue Oct 23 16:39:47 2007 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Tue Oct 23 16:40:57 2007 Subject: Weird Problem with MailScanner In-Reply-To: <484E9B509664CA499A78F777A2D59A30027642@server6.chtnet.com.ar> References: <484E9B509664CA499A78F777A2D59A30027642@server6.chtnet.com.ar> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C0714BEED@server02.bhl.local> try yum install perl-Net-DNS (if you have yum installed) ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas [damian@cht.com.ar] Sent: 23 October 2007 14:38 To: MailScanner discussion Subject: RE: RE: Weird Problem with MailScanner I'm getting this message when trying to perform sa-update: Can't locate Net/DNS.pm in @INC (@INC contains: /usr/lib/perl5/site_perl/5.8.4/i486-linux /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/5.8.4/i486-linux /usr/lib/perl5/5.8.4 /usr/lib/perl5/site_perl) at /usr/bin/sa-update line 88. BEGIN failed--compilation aborted at /usr/bin/sa-update line 88. Could it be my Perl version? ___________________________________________________ Dami?n Rivas Administrador de Hardware y Redes Departamento de Sistemas Consult House Turismo S.A. Tel: 4315-1900 email: damian@cht.com.ar web: www.cht.com.ar -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Randal, Phil Enviado el: martes, 23 de octubre de 2007 10:08 Para: MailScanner discussion Asunto: RE: RE: Weird Problem with MailScanner The key thing is to do the sa-update (or sa-update -D) after upgrading to SA 3.1.9 Don't try to go to 3.2.3 - it will be much slower on your hardware. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Damian Rivas > Sent: 23 October 2007 13:57 > To: MailScanner discussion > Subject: RE: RE: Weird Problem with MailScanner > > Yes Phil of course I can upgrade SA, I'll do that today. > > I'm following up a tutorial to stop backscattering in > sendmail here: http://elqui.dcsc.utfsm.cl/util/email/backscatter.html > > The thing is that I don't understand how the following part > in the access file works (sorry for my ignorance again): > > ###################### > # Reject Forgery - Not requiered for Backscattering > ###################### > # FOR TEST USE: /usr/lib/sendmail -bt > # check_mail --> ACCESS DENIED > From:example.com REJECT > # check_mail --> ACCESS DENIED > From:my.org REJECT > > > ###################### > ## Reject Backscatter.... > # reject unknown recipients, because SPAMMERS use this to spam other # > domains through bounces messages (user unknown). # > ############################################## > # general rejection strings > To:example.com error:5.1.1:"550 User unknown" > To:my.org error:5.1.1:"550 User unknown" > > > The first part seems to reject any address of example.com and > my.org domains, that part confuses me. > The second part, the part I'm really interested has no reject > instruction so I'm getting even more confused. As I told you > I'm a novice in open source world yet so I'm still getting > used to this config files and their sintax. > > Many people in the inet said that the link I provided you is > the definitive solution for sendmail, I hope it does. If > someone can explain me those parts, it would be great!!! > > Thanks all for your tips and help! > > > > > -----Mensaje original----- > De: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre > de Randal, Phil > Enviado el: lunes, 22 de octubre de 2007 18:11 > Para: MailScanner discussion > Asunto: RE: RE: Weird Problem with MailScanner > > > Is there any chance that you can upgrade to SA 3.1.9 and then > do an sa-update? > > PhiL > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Damian Rivas > Sent: 22 October 2007 16:37 > To: MailScanner discussion > Subject: RE: RE: Weird Problem with MailScanner > > Phil: > > The version of Spam Assassin is 3.1.5. > > Here is the output of MailScanner -v: > > Running on > Linux ns4 2.4.26 #2 Mon Jun 14 19:05:05 PDT 2004 i686 unknown > unknown GNU/Linux This is Perl version 5.008004 (5.8.4) > > This is MailScanner version 4.55.10 > Module versions are: > 1.00 AnyDBM_File > 1.14 Archive::Zip > 1.02 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.72 File::Basename > 2.07 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.16 File::Temp > 0.90 Filesys::Df > 1.23 HTML::Entities > 3.26 HTML::Parser > 2.24 HTML::TokeParser > 1.21 IO > 1.10 IO::File > 1.123 IO::Pipe > 1.50 Mail::Header > 3.05 MIME::Base64 > 5.420 MIME::Decoder > 5.420 MIME::Decoder::UU > 5.420 MIME::Head > 5.420 MIME::Parser > 3.03 MIME::QuotedPrint > 5.420 MIME::Tools > 0.11 Net::CIDR > 1.08 POSIX > 1.77 Socket > 1.4 Sys::Hostname::Long > 0.17 Sys::Syslog > 1.86 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 0.17 Convert::TNEF > 1.808 DB_File > 1.13 DBD::SQLite > 1.50 DBI > 1.06 Digest > missing Digest::HMAC > 2.33 Digest::MD5 > 2.11 Digest::SHA1 > missing Inline > missing Mail::ClamAV > 3.001005 Mail::SpamAssassin > missing Mail::SPF::Query > missing Net::CIDR::Lite > 1.24 Net::IP > missing Net::DNS > missing Net::LDAP > missing Parse::RecDescent > missing SAVI > 2.40 Test::Harness > 0.47 Test::Simple > 1.95 Text::Balanced > missing URI > > > -----Mensaje original----- > De: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre > de Randal, Phil Enviado el: lunes, 22 de octubre de 2007 12:30 > Para: MailScanner discussion > Asunto: RE: RE: Weird Problem with MailScanner > > > Damian, > > Which version of Spamassassin are you running? > > Can you post the output of > > MailScanner -V > > Cheers, > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > Damian Rivas > > Sent: 22 October 2007 14:42 > > To: MailScanner discussion > > Subject: RE: RE: Weird Problem with MailScanner > > > > It catches and accepts e-mails for our pack of domains: cht.com.ar, > > aaovyt.com.ar, skalbue.com.ar, hispanoamericana.com.ar, > cieduc.com.ar > > and ci-educ.com.ar. > > > > The main problem is that domains like hispanoamericana are > way too old > > and recieve lots of spam messages. The main domain, cht.com.ar > > recieves a lot of mails daily, the problem with this is that it is > > difficult for me to find a good filter policy, because as it is a > > Travel Agency it recieves mails from hotels and other > agencies, so, if > > I put a strict filter of "if you are not in my Exchange > contact list > > you cannot pass" this mails are not likely entering any way and that > > is not the idea. > > > > I'm following up some guidelines that UxBoD sent me in one of the > > links to accelerate MS, so I'll let you know if things go better. > > > > I think that a BackScatter attack is very likely to be happening. > > Until these last months, there was never a single problem, so > > something strange might have happened to increase the SPAM > bombing and > > therefore to turn the old server useless. > > > > And about upgrading memory, I think that it would be > cheaper (at least > > in Argentina PC100 Memories are very expensive as they > aren't produced > > anymore) and have more sense to directly make an entire new server, > > with better processor and better memory. I was thinking in a 1Ghz > > processor, is it ok? Which are the minimum recommended requisites? > > > > ___________________________________________________ > > > > Dami?n Rivas > > Administrador de Hardware y Redes > > Departamento de Sistemas > > Consult House Turismo S.A. > > Tel: 4315-1900 > > email: damian@cht.com.ar > > web: www.cht.com.ar > > > > > > -----Mensaje original----- > > De: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de > > Jason Ede Enviado el: lunes, 22 de octubre de 2007 10:08 > > Para: MailScanner discussion > > Asunto: RE: RE: Weird Problem with MailScanner > > > > > > What domains do you accept email for? Are you sure its not > operating > > as an open gateway? > > > > Jason > > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian > > Rivas [damian@cht.com.ar] > > Sent: 22 October 2007 13:48 > > To: MailScanner discussion > > Subject: RE: Weird Problem with MailScanner > > > > Ok, here we go again. How was your weekend people? > > > > Ugo, here is the output you asked for: > > > > vmstat 5 10: > > > > procs -----------memory---------- ---swap-- -----io---- --system-- > > ----cpu---- > > r b swpd free buff cache si so bi bo in > > cs us sy > > id wa > > 0 0 105712 46416 14388 53324 5 3 1 8 13 > > 11 21 1 > > 78 0 > > 0 0 105712 46264 14392 53324 0 0 0 10 111 > > 171 0 0 > > 99 0 > > 0 0 105712 46196 14408 53324 0 0 0 24 108 > > 170 0 1 > > 99 0 > > 0 0 105712 46128 14448 53324 0 0 0 39 112 > > 179 0 0 > > 100 0 > > 0 0 105712 46132 14456 53324 0 0 0 54 124 > > 174 0 0 > > 100 0 > > 1 0 105712 44988 14496 53424 0 0 21 89 123 > > 176 8 4 > > 88 0 > > 0 0 105712 45464 14512 53548 0 0 24 28 110 > > 162 8 3 > > 89 0 > > 0 0 105712 45264 14628 53612 0 0 22 138 138 > > 208 9 4 > > 87 0 > > 0 0 105712 46036 14668 53596 0 0 0 61 114 > > 179 0 0 > > 100 0 > > 2 0 105712 46028 14676 53596 0 0 0 4 105 > > 166 0 0 > > 100 0 > > > > I'm also attaching a bit of the output of a tail -f > /var/log/maillog > > for you to see, there's too much spam and false addresses which > > slowing down MS a lot. There are still about 28k > messages!(on Friday > > there were 45k!!!!). > > > > UxBoD, you told me to run the init.d script to stop the MS, the > > problem is Slackware uses the traditional BSD Init, so I > went to the > > 'rc.d' directory but couldn't found, or couldn't figure out > were the > > script for stoping MS is, sorry for my ignorance again. > > > > As always thank you people for your valuable help. > > > > Regards.- > > > > > > -----Mensaje original----- > > De: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] En > nombre de Ugo > > Bellavance Enviado el: domingo, 21 de octubre de 2007 11:17 > > Para: mailscanner@lists.mailscanner.info > > Asunto: Re: Weird Problem with MailScanner > > > > > > Damian Rivas wrote: > > > 1) There are 3 MS childs running > > > > That is way too much. Your system is probably swapping like crazy. > > Set it to '1' in /etc/MailScanner/MailScanner.conf and do a > 'service > > MailScanner restart' (assuming redhat/centos) > > > > Can you send us the output of : > > > > 'vmstat 5 10' (will take 50 seconds to execute) > > > > Did you check if memory was available for this system? If > it is and > > if it is not too expensive, I'll add at least another 128 > (more if you > > can). > > > > Ugo > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From damian at cht.com.ar Tue Oct 23 16:40:59 2007 From: damian at cht.com.ar (Damian Rivas) Date: Tue Oct 23 16:44:49 2007 Subject: Weird Problem with MailScanner Message-ID: <484E9B509664CA499A78F777A2D59A3002764A@server6.chtnet.com.ar> People: I've finally updated SA after installing all the perl modules which were missing. Now what is left to finish this is the Backscattering filter on sendmail. If you know a better way than inserting every single valid address for each domain in the access file for relay and catching the rest, please let me know because it would be a real pain to write every single mail address. Thank you all for everything, you've helped me a lot, I've learned a lot of stuff thanks to you. Regards.- Damian From housey at sme-ecom.co.uk Tue Oct 23 17:11:07 2007 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Tue Oct 23 17:11:13 2007 Subject: Weird Problem with MailScanner {Scanned by Allteks Mailsafe} In-Reply-To: <484E9B509664CA499A78F777A2D59A3002764A@server6.chtnet.com.ar> Message-ID: Hi Damian Take a look at mimedefang - www.mimedefang.org - its what I use here and works really well, no need to keep maps of all the users, just the domain and IP address of the destination mailserver, it will then do a call ahead check to see if the user is valid (assuming the destination mailserver will respond with a 550 user not found) Theres an example of a mimedefang filter that does exactly what you want here http://www.mimedefang.org/kwiki/index.cgi?RelayCheckAddresses Cheers Paul > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Damian > Rivas > Sent: 23 October 2007 16:41 > To: MailScanner discussion > Subject: RE: RE: Weird Problem with MailScanner {Scanned by Allteks > Mailsafe} > > > People: > > I've finally updated SA after installing all the perl modules which were > missing. Now what is left to finish this is the Backscattering filter on > sendmail. > > If you know a better way than inserting every single valid address for > each domain in the access file for relay and catching the rest, please > let me know because it would be a real pain to write every single mail > address. > > Thank you all for everything, you've helped me a lot, I've learned a lot > of stuff thanks to you. > > Regards.- > > Damian > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > This message has been scanned by the Allteks Mailsafe Service > > > From ssilva at sgvwater.com Tue Oct 23 17:12:35 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Oct 23 17:15:06 2007 Subject: Weird Problem with MailScanner In-Reply-To: <484E9B509664CA499A78F777A2D59A3002764A@server6.chtnet.com.ar> References: <484E9B509664CA499A78F777A2D59A3002764A@server6.chtnet.com.ar> Message-ID: on 10/23/2007 8:40 AM Damian Rivas spake the following: > People: > > I've finally updated SA after installing all the perl modules which were > missing. Now what is left to finish this is the Backscattering filter on > sendmail. > > If you know a better way than inserting every single valid address for > each domain in the access file for relay and catching the rest, please > let me know because it would be a real pain to write every single mail > address. > > Thank you all for everything, you've helped me a lot, I've learned a lot > of stuff thanks to you. > > Regards.- > > Damian You can try a milter like smf-sav,(http://smfs.sourceforge.net/smf-sav.html) but your system is fairly well taxed. You might get away with it if you use one less child. It will call to the exchange server as each message comes in and basically see if the user exists before accepting the full message. No user, dropped connection. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From martinh at solidstatelogic.com Tue Oct 23 17:17:51 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Oct 23 17:17:55 2007 Subject: Weird Problem with MailScanner {Scanned by Allteks Mailsafe} In-Reply-To: Message-ID: <72895dc6037d5f448eb50c3064047138@solidstatelogic.com> Theres also http://smfs.sourceforge.net/smf-sav.html and http://www.milter.info/sendmail/milter-ahead/ which can do a similar job of look-ahead.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Paul Houselander > Sent: 23 October 2007 17:11 > To: MailScanner discussion > Subject: RE: RE: Weird Problem with MailScanner {Scanned by Allteks > Mailsafe} > > Hi Damian > > Take a look at mimedefang - www.mimedefang.org - its what I use here and > works really well, no need to keep maps of all the users, just the domain > and IP address of the destination mailserver, it will then do a call ahead > check to see if the user is valid (assuming the destination mailserver > will > respond with a 550 user not found) > > Theres an example of a mimedefang filter that does exactly what you want > here http://www.mimedefang.org/kwiki/index.cgi?RelayCheckAddresses > > Cheers > > Paul > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Damian > > Rivas > > Sent: 23 October 2007 16:41 > > To: MailScanner discussion > > Subject: RE: RE: Weird Problem with MailScanner {Scanned by Allteks > > Mailsafe} > > > > > > People: > > > > I've finally updated SA after installing all the perl modules which were > > missing. Now what is left to finish this is the Backscattering filter on > > sendmail. > > > > If you know a better way than inserting every single valid address for > > each domain in the access file for relay and catching the rest, please > > let me know because it would be a real pain to write every single mail > > address. > > > > Thank you all for everything, you've helped me a lot, I've learned a lot > > of stuff thanks to you. > > > > Regards.- > > > > Damian > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > This message has been scanned by the Allteks Mailsafe Service > > > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From ssilva at sgvwater.com Tue Oct 23 17:20:02 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Oct 23 17:20:30 2007 Subject: Performance on 64 bit Linux vs 32 Bit In-Reply-To: <223f97700710230145s67b31f2i15bbcb3021d94254@mail.gmail.com> References: <1193127407.18816.4.camel@localhost.localdomain> <223f97700710230145s67b31f2i15bbcb3021d94254@mail.gmail.com> Message-ID: on 10/23/2007 1:45 AM Glenn Steen spake the following: > On 23/10/2007, ram wrote: >> I have been using MailScanner on 32 bit centos for quiet some time now >> on the ~25 Antispam servers which we have ( MailScanner + Postfix + >> Spamassassin + Custom spam engine ) >> >> Now I was trying to evaluate 64 bit Linux. Would Mailscanner perform >> any better on 64 bit linux. I personally have no first-hand experience >> of 64 bit linux, I thought of doing some research before I upgrade >> > Perhaps not that much difference. For very large memory apps, it'd > make a world of difference (RDBMS-type things), but MS likely won't > benefit from this. Also take into account that most commercial > AV-scanners aren't 64-bit, so ... will have to run in 32-bit... with a > "slight" overhead. > That said, there have been discussions about this a few years back > (IIRC)... MS will run OK on Opterons and Intel x86-64 offerings. Do > look in the archives, it was a while back, and my memory of that > particular discussion is ... pretty vague:-). > > Cheers I'm running on 32 and 64 bit linux and don't see that much difference. But a 64 bit kernel seems to run somewhat faster on memory over 4 gigs than a PAE kernel. I will soon be relegating the old 32 bit server to a backup target in the next few weeks, but only because of its age and speed. "A good piece of hardware is a terrible thing to waste!" -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From prandal at herefordshire.gov.uk Tue Oct 23 17:20:19 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Oct 23 17:20:31 2007 Subject: Weird Problem with MailScanner In-Reply-To: <484E9B509664CA499A78F777A2D59A3002764A@server6.chtnet.com.ar> References: <484E9B509664CA499A78F777A2D59A3002764A@server6.chtnet.com.ar> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA01E055DC@HC-MBX02.herefordshire.gov.uk> Now for the $64,000 question. Is it performing better or worse after doing that? Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Damian Rivas > Sent: 23 October 2007 16:41 > To: MailScanner discussion > Subject: RE: RE: Weird Problem with MailScanner > > People: > > I've finally updated SA after installing all the perl modules > which were > missing. Now what is left to finish this is the > Backscattering filter on > sendmail. > > If you know a better way than inserting every single valid address for > each domain in the access file for relay and catching the rest, please > let me know because it would be a real pain to write every single mail > address. > > Thank you all for everything, you've helped me a lot, I've > learned a lot > of stuff thanks to you. > > Regards.- > > Damian > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ssilva at sgvwater.com Tue Oct 23 17:24:45 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Oct 23 17:30:15 2007 Subject: Filename FP ? In-Reply-To: <23747305.901193144241661.JavaMail.root@office.splatnix.net> References: <19425577.841193143088689.JavaMail.root@office.splatnix.net> <23747305.901193144241661.JavaMail.root@office.splatnix.net> Message-ID: on 10/23/2007 5:57 AM UxBoD spake the following: > Hmmm, I have checked maillog and the actual filename which triggered the message was :- > > Filename Checks: Very long filename, possible OE attack (BCF9B7CF36C.A54BD =?iso-8859-1?Q?467-2007-Flexsys-Substitui=E7=E3o_de_L=E2mpadas=2C_Pusch_B?= =?iso-8859-1?Q?ottoun_e_Chave_de_2_Posi=E7=F5es_em_4_Pain=E9is_na_=E1rea_?= =?iso-8859-1?Q?do_Pastilhamento.doc?=) > > Is it down to the remote encoding that has caused this to happen ? > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > From: "UxBoD" > To: mailscanner@lists.mailscanner.info > Sent: Tuesday, October 23, 2007 1:38:08 PM (GMT) Europe/London > Subject: Filename FP ? > > Hi, > > I am running the latest release of MS and noticed this morning that a file to one of our uses got blocked with the following :- > > MailScanner: Very long filenames are good signs of attacks against Microsoft e-mail packages (467-2007-Flexs.doc) > >>From what I can see the old thing that triggers this is in filename.rules.conf which has :- > > deny .{150,} Very long filename, possible OE attack Very long filenames are good signs of attacks against Microsoft e-mail packages > > Yet if run the following against that filename :- > > #!/usr/bin/perl > > $x = "467-2007-Flexs.doc"; > if ($x =~ /.{150,}/ ) { print "YES"; } > > It does not get triggered. Any ideas ? I have looked at SweepOther.pm and nothing jumps out at me :( > > Regards, > That filename does look like it would trigger the filename check. The log usually shows the filename as mailscanner sees it. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From Kevin_Miller at ci.juneau.ak.us Tue Oct 23 17:33:53 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Oct 23 17:33:20 2007 Subject: Weird Problem with MailScanner In-Reply-To: References: <484E9B509664CA499A78F777A2D59A3002764A@server6.chtnet.com.ar> Message-ID: Scott Silva wrote: > You can try a milter like > smf-sav,(http://smfs.sourceforge.net/smf-sav.html) but your system is > fairly well taxed. You might get away with it if you use one less > child. It will call to the exchange server as each message comes in > and basically see if the user exists before accepting the full > message. No user, dropped connection. On my chief mailscanner 'ps aux' shows a memory footprint of about 108696. Not that big really, and I would suspect that he's see a net gain since a lot of connections would be dropped before ever even downloading the message. More memory would be good of course, if he can go that route... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From damian at cht.com.ar Tue Oct 23 17:33:08 2007 From: damian at cht.com.ar (Damian Rivas) Date: Tue Oct 23 17:36:59 2007 Subject: Weird Problem with MailScanner Message-ID: <484E9B509664CA499A78F777A2D59A3002764B@server6.chtnet.com.ar> Well I can't tell for sure it it performing better since the SA update, because there are lots of backscatting mails and there are no mails entering the server, remember that I moved them so they can pass through another location? (without been scanned). What it is true, is that the 28k+ mails that were queued yesterday are all off now! The modified configurations, turn the MS childs to 1, etc. made the server accelerate and increase performance. Now I'll check the links you people sent me to see if I can put an end to the backscatting and therefore turn this server operational once again, at least until I get the hardware to install a new and optimized one. I'll let you know if there are any news. Thanks! Damian -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Randal, Phil Enviado el: martes, 23 de octubre de 2007 13:20 Para: MailScanner discussion Asunto: RE: RE: Weird Problem with MailScanner Now for the $64,000 question. Is it performing better or worse after doing that? Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Damian Rivas > Sent: 23 October 2007 16:41 > To: MailScanner discussion > Subject: RE: RE: Weird Problem with MailScanner > > People: > > I've finally updated SA after installing all the perl modules > which were > missing. Now what is left to finish this is the > Backscattering filter on > sendmail. > > If you know a better way than inserting every single valid address for > each domain in the access file for relay and catching the rest, please > let me know because it would be a real pain to write every single mail > address. > > Thank you all for everything, you've helped me a lot, I've > learned a lot > of stuff thanks to you. > > Regards.- > > Damian > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Kevin_Miller at ci.juneau.ak.us Tue Oct 23 17:38:13 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Oct 23 17:37:32 2007 Subject: Weird Problem with MailScanner In-Reply-To: <484E9B509664CA499A78F777A2D59A3002764A@server6.chtnet.com.ar> References: <484E9B509664CA499A78F777A2D59A3002764A@server6.chtnet.com.ar> Message-ID: Damian Rivas wrote: > People: > > I've finally updated SA after installing all the perl modules which > were missing. Now what is left to finish this is the Backscattering > filter on sendmail. > > If you know a better way than inserting every single valid address for > each domain in the access file for relay and catching the rest, please > let me know because it would be a real pain to write every single mail > address. Use smf-sav. It queries the Exchange server for a valid address using LDAP so you don't have to update the access list every time you add a new user. Pretty easy to set up too, although it is a little vague in a couple spots - but that's what we're all here for. :-) It also caches the result, so if something comes in for joe@yourdomain.com it remembers that joe is a valid user and doesn't have to do a new lookup until it times out some hours later. You can adjust the timeouts. Naturally it remembers invalid users as well... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From J.Ede at birchenallhowden.co.uk Tue Oct 23 16:55:55 2007 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Tue Oct 23 17:56:35 2007 Subject: Weird Problem with MailScanner In-Reply-To: <484E9B509664CA499A78F777A2D59A3002764A@server6.chtnet.com.ar> References: <484E9B509664CA499A78F777A2D59A3002764A@server6.chtnet.com.ar> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C0714BEEE@server02.bhl.local> You could try using the watermarking feature in the latest version of MailScanner instead? Jason ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Damian Rivas [damian@cht.com.ar] Sent: 23 October 2007 16:40 To: MailScanner discussion Subject: RE: RE: Weird Problem with MailScanner People: I've finally updated SA after installing all the perl modules which were missing. Now what is left to finish this is the Backscattering filter on sendmail. If you know a better way than inserting every single valid address for each domain in the access file for relay and catching the rest, please let me know because it would be a real pain to write every single mail address. Thank you all for everything, you've helped me a lot, I've learned a lot of stuff thanks to you. Regards.- Damian -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Kevin_Miller at ci.juneau.ak.us Tue Oct 23 18:30:30 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Oct 23 18:29:53 2007 Subject: Weird Problem with MailScanner In-Reply-To: <484E9B509664CA499A78F777A2D59A3002764B@server6.chtnet.com.ar> References: <484E9B509664CA499A78F777A2D59A3002764B@server6.chtnet.com.ar> Message-ID: Damian Rivas wrote: > Well I can't tell for sure it it performing better since the SA > update, because there are lots of backscatting mails and there are no > mails entering the server, remember that I moved them so they can > pass through another location? (without been scanned). What it is > true, is that the 28k+ mails that were queued yesterday are all off > now! The modified configurations, turn the MS childs to 1, etc. made > the server accelerate and increase performance. > > Now I'll check the links you people sent me to see if I can put an end > to the backscatting and therefore turn this server operational once > again, at least until I get the hardware to install a new and > optimized one. I'll let you know if there are any news. One thing you can do pretty easily is to add a new mx record to your dns, pointing to mxtest.yourdomain - then set up MS and associated programs the way you think they should work. Then just send yourself messages to damian@mxtest.cht.com.ar from the outside. You'll be able to make sure everything is flowing w/o having to worry about legitimate mail getting held up or clobbered. When all seems to go in and out properly, roll your regular mail over and watch the results... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From uxbod at splatnix.net Tue Oct 23 18:36:52 2007 From: uxbod at splatnix.net (UxBoD) Date: Tue Oct 23 18:43:39 2007 Subject: Filename FP ? In-Reply-To: Message-ID: <31825788.1351193161012700.JavaMail.root@office.splatnix.net> Hi Scott, Yeah I guessed as much, just odd how it ends up properly formated in MailWatch. I have disabled the rule anyway as we are a Lotus Notes site. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Scott Silva" To: mailscanner@lists.mailscanner.info Sent: Tuesday, October 23, 2007 5:24:45 PM (GMT) Europe/London Subject: Re: Filename FP ? on 10/23/2007 5:57 AM UxBoD spake the following: > Hmmm, I have checked maillog and the actual filename which triggered the message was :- > > Filename Checks: Very long filename, possible OE attack (BCF9B7CF36C.A54BD =?iso-8859-1?Q?467-2007-Flexsys-Substitui=E7=E3o_de_L=E2mpadas=2C_Pusch_B?= =?iso-8859-1?Q?ottoun_e_Chave_de_2_Posi=E7=F5es_em_4_Pain=E9is_na_=E1rea_?= =?iso-8859-1?Q?do_Pastilhamento.doc?=) > > Is it down to the remote encoding that has caused this to happen ? > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > From: "UxBoD" > To: mailscanner@lists.mailscanner.info > Sent: Tuesday, October 23, 2007 1:38:08 PM (GMT) Europe/London > Subject: Filename FP ? > > Hi, > > I am running the latest release of MS and noticed this morning that a file to one of our uses got blocked with the following :- > > MailScanner: Very long filenames are good signs of attacks against Microsoft e-mail packages (467-2007-Flexs.doc) > >>From what I can see the old thing that triggers this is in filename.rules.conf which has :- > > deny .{150,} Very long filename, possible OE attack Very long filenames are good signs of attacks against Microsoft e-mail packages > > Yet if run the following against that filename :- > > #!/usr/bin/perl > > $x = "467-2007-Flexs.doc"; > if ($x =~ /.{150,}/ ) { print "YES"; } > > It does not get triggered. Any ideas ? I have looked at SweepOther.pm and nothing jumps out at me :( > > Regards, > That filename does look like it would trigger the filename check. The log usually shows the filename as mailscanner sees it. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From davejones70 at gmail.com Tue Oct 23 19:50:56 2007 From: davejones70 at gmail.com (Dave Jones) Date: Tue Oct 23 19:50:58 2007 Subject: Disable MCP notification based on SA rule hit Message-ID: <67a55ed50710231150l125d8526x94cfe2666dbfe6fc@mail.gmail.com> We have MCP working properly to check some basic profanity in email and notify without delivery. Now I have a need to check for some keywords in the subject or body then not deliver or notify. Can this be done with a rules file? I only see some keywords like "From:", "To:", and "Virus:" for the rules and I think I would need something like "Rule:" with the desired SA rule as an argument. It looks like the "SpamAssassin Rule Actions =" is designed for this in the non-MCP run of SA. Is there an equivalent in the MCP section toward the bottom on the MailScanner.conf? Any recommendations are greatly appreciated. -- Dave Jones -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071023/eb465e90/attachment.html From gmane at tippingmar.com Tue Oct 23 20:06:19 2007 From: gmane at tippingmar.com (Mark Nienberg) Date: Tue Oct 23 20:06:34 2007 Subject: Performance on 64 bit Linux vs 32 Bit In-Reply-To: <1193127407.18816.4.camel@localhost.localdomain> References: <1193127407.18816.4.camel@localhost.localdomain> Message-ID: ram wrote: > I have been using MailScanner on 32 bit centos for quiet some time now > on the ~25 Antispam servers which we have ( MailScanner + Postfix + > Spamassassin + Custom spam engine ) > > Now I was trying to evaluate 64 bit Linux. Would Mailscanner perform > any better on 64 bit linux. I personally have no first-hand experience > of 64 bit linux, I thought of doing some research before I upgrade Here is a response from the archives: Matt Kettler wrote: > Mark Nienberg wrote: >> I've seen comments on this list that the x86_64 didn't seem to make much >> difference and I admit it is simpler to use the plain x86 version, but >> it bothers me a little to intentionally not use the software that is >> specifically configured for the chip. > > Why does it bother you? > > Theoretically x86-64 should be slightly slower for most uses unless you: > > 1) have a process that needs > 4gb of virtual address space > -or- > 2) does a lot of 64 bit math that can't be performed with SSE > > The ability to have huge processes and large amounts of physical ram is the > primary benefit of using a 64 bit computing architecture. The drawback is that > pointers become larger, taking up more memory, and causing more memory I/O than > would be needed if the app was 32bit. Unless you're actually using the larger > memory space you're increasing overhead without any benefit whatsoever. Very few > apps have such large memory footprints outside the realm of scientific > simulation or massive database crunching. > > > The other benefit of a 64bit computing architecture is the ability to do 64 bit > math operations in one instruction instead of a series of 32 bit operations. > However, very few applications regularly have any use for 64 bit operations > outside of crypto, some games, and high-end engineering/physics. Even these > regularly get their needs filled by using SSE, so the 64-bit math benefit is > very limited. > > There's some benefit here to apps using 64-bit file offsets or 64 bit time > format, but I've never seen a "regular" application where either kind of > calculation was performed often enough to have a noticeable impact on > performance. Some scientific simulations may do a lot of 64bit time > calculations, but most of those could readily use SSE for it. From mailscanner at PDSCC.COM Wed Oct 24 01:34:34 2007 From: mailscanner at PDSCC.COM (Harondel J. Sibble) Date: Wed Oct 24 01:34:31 2007 Subject: attach disclaimer to outgoing email In-Reply-To: <471709CF.8080401@clh.org.uk> References: <200710180507.l9I574Wb006532@sinclaire.sibble.net>, <471709CF.8080401@clh.org.uk> Message-ID: <200710240034.l9O0YPVx008492@sinclaire.sibble.net> On 18 Oct 2007 at 8:22, Chris Hardy wrote: > Morning :) > > You also need to set 'Sign Clean Messages' to yes for it to work > > You could write a ruleset so that outgoings are tagged with one message, > and incomings are with another if you want to be clever :) Hmm, tried that, only want outbound messages signed, used the info from the Examples file in the rules directory, which gives me this From: 10.12.13. yes FromOrTo: default no Inline Text Signature = /etc/MailScanner/reports/inline.sig.text Inline HTML Signature = /etc/MailScanner/reports/inline.sig.html Both in and outbound are still signed. What am I missing. MS is also complaining about a syntax error on line 7, specifically the FromOrTo line.... -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From jan-peter at koopmann.eu Wed Oct 24 16:52:33 2007 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Wed Oct 24 16:51:33 2007 Subject: Performance on 64 bit Linux vs 32 Bit In-Reply-To: <1193142763.18816.42.camel@localhost.localdomain> References: <1193127407.18816.4.camel@localhost.localdomain><7EF0EE5CB3B263488C8C18823239BEBA01E054B3@HC-MBX02.herefordshire.gov.uk>, <1193134455.18816.25.camel@localhost.localdomain><4CAB0118AEC63A4FAAE77E6BCBDF760C0714BEEB@server02.bhl.local> <1193142763.18816.42.camel@localhost.localdomain> Message-ID: > Greylisting has always been on my mind, But IMHO it is a small setup > solution. We have ~25 servers behind load balancers. That too with > multiple MX and different IDC's > > I cant see how I can use sqlgrey or any other with a common database > efficiently. If any of my customers mails keeps getting "450 Try again" > from different MXes , I dont think he is going to be happy. Nor will my > boss be :-( Consider using BarricadeMX or at least give it a try. It is using multicast for cache management so even 25 servers are not a problem. However I am willing to bet that with BarricadeMX you will not need to have 25 servers for smtp. Look at their stats. Some of their sites are handling a few million mails/connections a day with simply three servers. Regards, JP From jaearick at colby.edu Wed Oct 24 16:58:58 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Oct 24 16:59:08 2007 Subject: clamd CPU problems? Message-ID: Gang, I've noticed in the last couple of days that the load has shot up on my mailscanner system for extended periods, and clamd is the process sucking down the CPU cycles. If I stop mailscanner and clamd, and then restart both, the load goes back to normal. I've seen this in the syslogs during these periods: Oct 24 11:31:16 localhost MailScanner[29416]: Commercial scanner clamd timed out! Oct 24 11:31:16 localhost MailScanner[29416]: clamd: Failed to complete, timed out My Setup: Solaris 10, clamav-0.91.2, dcc-1.3.66, MailScanner 4.64.3-2, sophos-av 4.21. Anybody else seeing this? I wonder if there is some bad AV signature that has been added in the last couple of days... Jeff Earickson Colby College From uxbod at splatnix.net Wed Oct 24 18:54:58 2007 From: uxbod at splatnix.net (UxBoD) Date: Wed Oct 24 19:00:58 2007 Subject: clamd CPU problems? In-Reply-To: Message-ID: <8012292.2441193248498533.JavaMail.root@office.splatnix.net> are you using any other signatures with Clam ? Have you tried clearing the main and daily directories and letting clam pull the signatures down again ? Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Jeff A. Earickson" To: "mailscanner mailing list" Sent: Wednesday, October 24, 2007 4:58:58 PM (GMT) Europe/London Subject: clamd CPU problems? Gang, I've noticed in the last couple of days that the load has shot up on my mailscanner system for extended periods, and clamd is the process sucking down the CPU cycles. If I stop mailscanner and clamd, and then restart both, the load goes back to normal. I've seen this in the syslogs during these periods: Oct 24 11:31:16 localhost MailScanner[29416]: Commercial scanner clamd timed out! Oct 24 11:31:16 localhost MailScanner[29416]: clamd: Failed to complete, timed out My Setup: Solaris 10, clamav-0.91.2, dcc-1.3.66, MailScanner 4.64.3-2, sophos-av 4.21. Anybody else seeing this? I wonder if there is some bad AV signature that has been added in the last couple of days... Jeff Earickson Colby College -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Wed Oct 24 18:59:37 2007 From: uxbod at splatnix.net (UxBoD) Date: Wed Oct 24 19:05:33 2007 Subject: Performance on 64 bit Linux vs 32 Bit In-Reply-To: Message-ID: <21756079.2471193248777595.JavaMail.root@office.splatnix.net> I have installed policyd at work and it is proving very good. using PCRE in Postfix I only invoke greylisting for dialup accounts or unknowns. Using the MailWatch database I have already populated with known mailservers so the impact of 450s is minimal. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Jan-Peter Koopmann" To: "MailScanner discussion" Sent: Wednesday, October 24, 2007 4:52:33 PM (GMT) Europe/London Subject: RE: Performance on 64 bit Linux vs 32 Bit > Greylisting has always been on my mind, But IMHO it is a small setup > solution. We have ~25 servers behind load balancers. That too with > multiple MX and different IDC's > > I cant see how I can use sqlgrey or any other with a common database > efficiently. If any of my customers mails keeps getting "450 Try again" > from different MXes , I dont think he is going to be happy. Nor will my > boss be :-( Consider using BarricadeMX or at least give it a try. It is using multicast for cache management so even 25 servers are not a problem. However I am willing to bet that with BarricadeMX you will not need to have 25 servers for smtp. Look at their stats. Some of their sites are handling a few million mails/connections a day with simply three servers. Regards, JP -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jaearick at colby.edu Wed Oct 24 19:12:20 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Oct 24 19:12:31 2007 Subject: clamd CPU problems? In-Reply-To: <8012292.2441193248498533.JavaMail.root@office.splatnix.net> References: <8012292.2441193248498533.JavaMail.root@office.splatnix.net> Message-ID: Hi, Ah, thank you! Cleaning house and rerunning the update gave: ClamAV update process started at Wed Oct 24 14:07:11 2007 Downloading main.cvd [100%] main.cvd updated (version: 44, sigs: 133163, f-level: 20, builder: sven) WARNING: Removing corrupted incremental directory daily.inc Downloading daily.cvd [100%] daily.cvd updated (version: 4590, sigs: 28009, f-level: 21, builder: sven) Database updated (161172 signatures) from db.us.clamav.net (IP: 128.121.60.235) So something was corrupted. Off and running again. Thanks. Jeff Earickson Colby College On Wed, 24 Oct 2007, UxBoD wrote: > Date: Wed, 24 Oct 2007 18:54:58 +0100 (BST) > From: UxBoD > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: clamd CPU problems? > > are you using any other signatures with Clam ? Have you tried clearing the main and daily directories and letting clam pull the signatures down again ? > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > From: "Jeff A. Earickson" > To: "mailscanner mailing list" > Sent: Wednesday, October 24, 2007 4:58:58 PM (GMT) Europe/London > Subject: clamd CPU problems? > > Gang, > > I've noticed in the last couple of days that the load has > shot up on my mailscanner system for extended periods, and > clamd is the process sucking down the CPU cycles. If I stop > mailscanner and clamd, and then restart both, the load goes > back to normal. I've seen this in the syslogs during these > periods: > > Oct 24 11:31:16 localhost MailScanner[29416]: Commercial scanner clamd timed out! > Oct 24 11:31:16 localhost MailScanner[29416]: clamd: Failed to complete, timed out > > My Setup: Solaris 10, clamav-0.91.2, dcc-1.3.66, MailScanner > 4.64.3-2, sophos-av 4.21. > > Anybody else seeing this? I wonder if there is some bad AV > signature that has been added in the last couple of days... > > Jeff Earickson > Colby College > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From uxbod at splatnix.net Wed Oct 24 19:42:06 2007 From: uxbod at splatnix.net (UxBoD) Date: Wed Oct 24 19:48:00 2007 Subject: clamd CPU problems? In-Reply-To: Message-ID: <12425040.2551193251326299.JavaMail.root@office.splatnix.net> cool :D even sorted a problem after a nice bottle of red ;) Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Jeff A. Earickson" To: "MailScanner discussion" Sent: Wednesday, October 24, 2007 7:12:20 PM (GMT) Europe/London Subject: Re: clamd CPU problems? Hi, Ah, thank you! Cleaning house and rerunning the update gave: ClamAV update process started at Wed Oct 24 14:07:11 2007 Downloading main.cvd [100%] main.cvd updated (version: 44, sigs: 133163, f-level: 20, builder: sven) WARNING: Removing corrupted incremental directory daily.inc Downloading daily.cvd [100%] daily.cvd updated (version: 4590, sigs: 28009, f-level: 21, builder: sven) Database updated (161172 signatures) from db.us.clamav.net (IP: 128.121.60.235) So something was corrupted. Off and running again. Thanks. Jeff Earickson Colby College On Wed, 24 Oct 2007, UxBoD wrote: > Date: Wed, 24 Oct 2007 18:54:58 +0100 (BST) > From: UxBoD > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: clamd CPU problems? > > are you using any other signatures with Clam ? Have you tried clearing the main and daily directories and letting clam pull the signatures down again ? > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > From: "Jeff A. Earickson" > To: "mailscanner mailing list" > Sent: Wednesday, October 24, 2007 4:58:58 PM (GMT) Europe/London > Subject: clamd CPU problems? > > Gang, > > I've noticed in the last couple of days that the load has > shot up on my mailscanner system for extended periods, and > clamd is the process sucking down the CPU cycles. If I stop > mailscanner and clamd, and then restart both, the load goes > back to normal. I've seen this in the syslogs during these > periods: > > Oct 24 11:31:16 localhost MailScanner[29416]: Commercial scanner clamd timed out! > Oct 24 11:31:16 localhost MailScanner[29416]: clamd: Failed to complete, timed out > > My Setup: Solaris 10, clamav-0.91.2, dcc-1.3.66, MailScanner > 4.64.3-2, sophos-av 4.21. > > Anybody else seeing this? I wonder if there is some bad AV > signature that has been added in the last couple of days... > > Jeff Earickson > Colby College > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkercher at nfsmith.com Wed Oct 24 20:00:16 2007 From: mkercher at nfsmith.com (Mike Kercher) Date: Wed Oct 24 20:03:01 2007 Subject: clamd CPU problems? In-Reply-To: <12425040.2551193251326299.JavaMail.root@office.splatnix.net> References: <12425040.2551193251326299.JavaMail.root@office.splatnix.net> Message-ID: <224FA7E11EA39E45843E11CEBBD3A36F41CE62@HOUPEX01.nfsmith.info> Kool-Aid *does* work miracles! :) -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of UxBoD Sent: Wednesday, October 24, 2007 1:42 PM To: MailScanner discussion Subject: Re: clamd CPU problems? cool :D even sorted a problem after a nice bottle of red ;) Regards, --[ UxBoD ]-- From gordon at itnt.co.za Thu Oct 25 08:14:39 2007 From: gordon at itnt.co.za (Gordon Colyn) Date: Thu Oct 25 08:14:49 2007 Subject: Mandriva 2007 Mailscanner installation error Message-ID: <006001c816d6$b55220d0$0a02a8c0@gordon> ITNT Banner When I run the installation I get an rpm-build error. I get around it by changing the following lines; elif [ -d /usr/src/RPM ]; then echo Okay, you have /usr/src/RPM. RPMROOT=/usr/src/RPM to elif [ -d /usr/src/rpm ]; then echo Okay, you have /usr/src/RPM. RPMROOT=/usr/src/rpm Can you cater for this in future releases? Thanks Gordon Colyn Office : 086 123 ITNT (4868) Cell : 083 296 7534 Fax : 086 520 0885 InTheNet Technologies www.itnt.co.za MSN:gordoncolyn@hotmail.com SKYPE:gordoncolyn Confidentiality: This e-mail including any attachments is intended for the above named addressee(s) only and contains confidential information. If you have received this email in error you must take no action based on its contents, nor must you reproduce or show the e-mail or any attachments or any part thereof or communicate the contents to anyone; please reply to the sender of this e-mail informing them of the error. Viruses: We recommend that in keeping with good computing practice the recipient should ensure that e-mails received are virus free before opening. From glenn.steen at gmail.com Thu Oct 25 09:51:12 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Oct 25 09:51:15 2007 Subject: Mandriva 2007 Mailscanner installation error In-Reply-To: <006001c816d6$b55220d0$0a02a8c0@gordon> References: <006001c816d6$b55220d0$0a02a8c0@gordon> Message-ID: <223f97700710250151k6dcb7641ia719ce71c1a015dd@mail.gmail.com> On 25/10/2007, Gordon Colyn wrote: > ITNT Banner > When I run the installation I get an rpm-build error. I get around it by > changing the following lines; > > elif [ -d /usr/src/RPM ]; then > echo Okay, you have /usr/src/RPM. > RPMROOT=/usr/src/RPM > > to > > elif [ -d /usr/src/rpm ]; then > echo Okay, you have /usr/src/RPM. > RPMROOT=/usr/src/rpm > > Can you cater for this in future releases? > > Thanks > Hmmmm. I don't recall doing this, but a simple symbolic link would fix this.... Lets see: # ls /usr/src/ linux@ linux-2.6.17-5mdv/ rpm/ RPM@ # cat /etc/mandriva-release Mandriva Linux release 2007.0 (Official) for i586 # rpm -qf /usr/src/RPM filen /usr/src/RPM tillh??r inget paket # rpm -qf /usr/src/rpm rpm-build-4.4.6-10.1mdv2007.0 # ... so either "something" or "someone" (like... me:-) has created that link (ln -s ....). Fixing up the script to handle both case should be trivial though, so ... why not:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Oct 25 09:55:17 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Oct 25 09:55:21 2007 Subject: Mandriva 2007 Mailscanner installation error In-Reply-To: <223f97700710250151k6dcb7641ia719ce71c1a015dd@mail.gmail.com> References: <006001c816d6$b55220d0$0a02a8c0@gordon> <223f97700710250151k6dcb7641ia719ce71c1a015dd@mail.gmail.com> Message-ID: <223f97700710250155r2eab02b9nd5ff13211c4a0010@mail.gmail.com> On 25/10/2007, Glenn Steen wrote: (snip) Replying to myself, just proving that I'm still using Postfix:-):-) > # rpm -qf /usr/src/RPM > filen /usr/src/RPM tillh??r inget paket For those of you who aren't native to Swedish, or perhaps don't like mangled utf.... The string "filen /usr/src/RPM tillh?r inget paket" would loosely translate to "the file /usr/src/RPM isn't part of any package"...:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From azen at izb.net Thu Oct 25 09:55:41 2007 From: azen at izb.net (Alexander Zenger) Date: Thu Oct 25 09:55:45 2007 Subject: Shared Mailqueue Message-ID: <20071025085541.GM50406@izb.net> Hi, i've an question on how to implement our now mailgateways. The should be 3 gateways which freebsd+postfix+mailscanner+clamav+postgrey+spamassasin. This works already good for us, but we want to improve something when we implement the new infrastructur. At the moment this looks so: 1. mail comes in one of the 3 mailer 2. mail goes in hold queue and mailscanner is scanning 3. mailscanner puts the mail in the out queue of postfix 4. postfix delivers the scanned message The main problem at the moment is that if 1 machine fails, the mails hang around and were deferred. So i need a possibility to have access to all mails from all machines. One of the idea i have is the following: 1. mail comes in one of the 3 mailer 2. mail goes to the in queue of postfix which is shared over all mailers 3. mailscanner picks some mails out and move them to his working dir 4. mailscanner puts the scanned mails in the out queue of postfix 5. postfix delivers the scanned message In my first test this failed, because mailscanner doesn't moved the mails and than the mails were doubled. Has anybody an idea on how to fix this or other ideas how this could work? thx in advance greetz alex p.s.: mail queus are shared over nfs, working dir of mailscanner is localdiks/tmpfs From damian at cht.com.ar Thu Oct 25 17:00:59 2007 From: damian at cht.com.ar (Damian Rivas) Date: Thu Oct 25 17:04:52 2007 Subject: Weird Problem with MailScanner {Scanned by Allteks Mailsafe} Message-ID: <484E9B509664CA499A78F777A2D59A30027652@server6.chtnet.com.ar> Hi there people: I've made some little upgrades to this poor old server: 1. I've added 128 MB more which I found in another old unused pc. So at least the server now has 256 MB, it's still very low, but it is surely better than before, I'll check the "pc cemetery" again to see if I can find another unused DIMM PC100 memory. 2. I've upgraded sendmail to version 8.13.8 and added the GreetPause function. 3. I've downloaded MIMEDefang and installed it, and then configured it taking a look at the guide Paul sent me. I've used the first function described there as what I want is to ask the Exchange server. Is that function enough to prevent the Backscatter? Another thing, more important than anything, I'm getting this error when trying to start the MIMEDefang service with the rc.d script(remember I use Slackware 9): root@ns4:/etc/mail# . /etc/rc.d/rc.mimedefang start bash: /etc/rc.d/rc.mimedefang: line 346: unexpected EOF while looking for matching ``' bash: /etc/rc.d/rc.mimedefang: line 366: syntax error: unexpected end of file That is a script which was included with the program package, I've copied it to the rc.d directory, and then renamed it as rc.mimedefang. Do the rc.d scripts use a different sintax? All guides were based on init.d scripts, as far as I know, which is not too much yet, as you know, there shouldn't be a problem, or should it be? Please if you can help me it will be great, I'm really close to solving this problem (I have to make some test first of course). If I cannot start the mimedefang service is the same as nothing... Sorry for my ignorance once again! Thanks in advance! Regards.- Damian -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Paul Houselander Enviado el: martes, 23 de octubre de 2007 13:11 Para: MailScanner discussion Asunto: RE: RE: Weird Problem with MailScanner {Scanned by Allteks Mailsafe} Hi Damian Take a look at mimedefang - www.mimedefang.org - its what I use here and works really well, no need to keep maps of all the users, just the domain and IP address of the destination mailserver, it will then do a call ahead check to see if the user is valid (assuming the destination mailserver will respond with a 550 user not found) Theres an example of a mimedefang filter that does exactly what you want here http://www.mimedefang.org/kwiki/index.cgi?RelayCheckAddresses Cheers Paul > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Damian > Rivas > Sent: 23 October 2007 16:41 > To: MailScanner discussion > Subject: RE: RE: Weird Problem with MailScanner {Scanned by Allteks > Mailsafe} > > > People: > > I've finally updated SA after installing all the perl modules which > were missing. Now what is left to finish this is the Backscattering > filter on sendmail. > > If you know a better way than inserting every single valid address for > each domain in the access file for relay and catching the rest, please > let me know because it would be a real pain to write every single mail > address. > > Thank you all for everything, you've helped me a lot, I've learned a > lot of stuff thanks to you. > > Regards.- > > Damian > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > This message has been scanned by the Allteks Mailsafe Service > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ka at pacific.net Thu Oct 25 17:35:42 2007 From: ka at pacific.net (Ken A) Date: Thu Oct 25 17:35:48 2007 Subject: O.T. question - how to deal with choicemail c/r spam Message-ID: <4720C5DE.402@pacific.net> How do you all deal with this C/R stuff, when it's one of your customers using it? Choicemail is some kind of outlook plugin that bounces back all mail - doing the usual C/R thing - but directly from the MUA. I guess it's time to re-write the anti-spam policy one more time to rule out any kind of spam bouncing. How have you dealt with this? Do you filter outgoing mail that is from this sort of software (choicemail, mailwasher, etc..) ? -- Ken Anderson Pacific.Net From damian at cht.com.ar Thu Oct 25 18:50:30 2007 From: damian at cht.com.ar (Damian Rivas) Date: Thu Oct 25 18:54:22 2007 Subject: Weird Problem with MailScanner {Scanned by Allteks Mailsafe} Message-ID: <484E9B509664CA499A78F777A2D59A30027653@server6.chtnet.com.ar> Problem solved, there was a missing character in line 236, it is a known bug, so now it is running, I'll start testing and tell you if I have any news. -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Damian Rivas Enviado el: jueves, 25 de octubre de 2007 13:01 Para: MailScanner discussion Asunto: RE: RE: Weird Problem with MailScanner {Scanned by Allteks Mailsafe} Hi there people: I've made some little upgrades to this poor old server: 1. I've added 128 MB more which I found in another old unused pc. So at least the server now has 256 MB, it's still very low, but it is surely better than before, I'll check the "pc cemetery" again to see if I can find another unused DIMM PC100 memory. 2. I've upgraded sendmail to version 8.13.8 and added the GreetPause function. 3. I've downloaded MIMEDefang and installed it, and then configured it taking a look at the guide Paul sent me. I've used the first function described there as what I want is to ask the Exchange server. Is that function enough to prevent the Backscatter? Another thing, more important than anything, I'm getting this error when trying to start the MIMEDefang service with the rc.d script(remember I use Slackware 9): root@ns4:/etc/mail# . /etc/rc.d/rc.mimedefang start bash: /etc/rc.d/rc.mimedefang: line 346: unexpected EOF while looking for matching ``' bash: /etc/rc.d/rc.mimedefang: line 366: syntax error: unexpected end of file That is a script which was included with the program package, I've copied it to the rc.d directory, and then renamed it as rc.mimedefang. Do the rc.d scripts use a different sintax? All guides were based on init.d scripts, as far as I know, which is not too much yet, as you know, there shouldn't be a problem, or should it be? Please if you can help me it will be great, I'm really close to solving this problem (I have to make some test first of course). If I cannot start the mimedefang service is the same as nothing... Sorry for my ignorance once again! Thanks in advance! Regards.- Damian -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Paul Houselander Enviado el: martes, 23 de octubre de 2007 13:11 Para: MailScanner discussion Asunto: RE: RE: Weird Problem with MailScanner {Scanned by Allteks Mailsafe} Hi Damian Take a look at mimedefang - www.mimedefang.org - its what I use here and works really well, no need to keep maps of all the users, just the domain and IP address of the destination mailserver, it will then do a call ahead check to see if the user is valid (assuming the destination mailserver will respond with a 550 user not found) Theres an example of a mimedefang filter that does exactly what you want here http://www.mimedefang.org/kwiki/index.cgi?RelayCheckAddresses Cheers Paul > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Damian > Rivas > Sent: 23 October 2007 16:41 > To: MailScanner discussion > Subject: RE: RE: Weird Problem with MailScanner {Scanned by Allteks > Mailsafe} > > > People: > > I've finally updated SA after installing all the perl modules which > were missing. Now what is left to finish this is the Backscattering > filter on sendmail. > > If you know a better way than inserting every single valid address for > each domain in the access file for relay and catching the rest, please > let me know because it would be a real pain to write every single mail > address. > > Thank you all for everything, you've helped me a lot, I've learned a > lot of stuff thanks to you. > > Regards.- > > Damian > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > This message has been scanned by the Allteks Mailsafe Service > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From rpoe at plattesheriff.org Fri Oct 26 06:18:38 2007 From: rpoe at plattesheriff.org (Rob Poe) Date: Fri Oct 26 06:19:07 2007 Subject: Need help -- script (someone had this!) Message-ID: <4721325E020000A200007393@platteco-2.plattesheriff.org> Someone had made an install script for Linux that installed a lot of things automagically on a linux box .. i must have misplaced this .. and I'd like to find it again.. thanks! From hvdkooij at vanderkooij.org Fri Oct 26 06:47:33 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Oct 26 06:47:55 2007 Subject: Mandriva 2007 Mailscanner installation error In-Reply-To: <223f97700710250155r2eab02b9nd5ff13211c4a0010@mail.gmail.com> References: <006001c816d6$b55220d0$0a02a8c0@gordon> <223f97700710250151k6dcb7641ia719ce71c1a015dd@mail.gmail.com> <223f97700710250155r2eab02b9nd5ff13211c4a0010@mail.gmail.com> Message-ID: <47217F75.6070908@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: >> filen /usr/src/RPM tillh??r inget paket > For those of you who aren't native to Swedish, or perhaps don't like > mangled utf.... The string "filen /usr/src/RPM tillh?r inget paket" > would loosely translate to "the file /usr/src/RPM isn't part of any > package"...:-) Everyone who saw every episode of the muppetshow should understand Swedish by now ;-) Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHIX90BvzDRVjxmYERAgUqAKCik/Aq7DqvcR8qOdh6TbDGXEdycQCgjohd EYij31ZmaG7OruDJzpssAos= =AA59 -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Fri Oct 26 06:50:35 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Oct 26 06:50:52 2007 Subject: O.T. question - how to deal with choicemail c/r spam In-Reply-To: <4720C5DE.402@pacific.net> References: <4720C5DE.402@pacific.net> Message-ID: <4721802B.8020606@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ken A wrote: > How do you all deal with this C/R stuff, when it's one of your customers > using it? > > Choicemail is some kind of outlook plugin that bounces back all mail - > doing the usual C/R thing - but directly from the MUA. > > I guess it's time to re-write the anti-spam policy one more time to rule > out any kind of spam bouncing. > > How have you dealt with this? Do you filter outgoing mail that is from > this sort of software (choicemail, mailwasher, etc..) ? MUA's are suposed to talk to the MTA's only. Anything else and the firewall gets real cranky. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHIYAqBvzDRVjxmYERArZrAKCCBwVS26KkacGJxFcyE2xlLhk2qgCfTt0q 1NxQqWaSiobLFWn8n5s9s5g= =HrjW -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Fri Oct 26 06:53:23 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Oct 26 06:53:40 2007 Subject: Need help -- script (someone had this!) In-Reply-To: <4721325E020000A200007393@platteco-2.plattesheriff.org> References: <4721325E020000A200007393@platteco-2.plattesheriff.org> Message-ID: <472180D3.2090606@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rob Poe wrote: > Someone had made an install script for Linux that installed a lot of things automagically on a linux box .. i must have misplaced this .. and I'd like to find it again.. Take s ip of coffee, thea, .... Check the MailScanner installation directory and the installation document. It should tell you all because it is part of the MailScanner package you downloaded. If you need further assistence you should include more information. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHIYDRBvzDRVjxmYERAoMyAJwOAVuHLB6LsHOSvkgpsZi1Isr4rwCfWfEs KOgQhMoXjG93lj2B+XEvso8= =rcu9 -----END PGP SIGNATURE----- From martinh at solidstatelogic.com Fri Oct 26 08:37:03 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Oct 26 08:37:11 2007 Subject: http://www.mailscanner.eu/phishing.bad.sites.conf.master disappeared Message-ID: <822c98cee600e0419c5a7a8b54cc3a2d@solidstatelogic.com> Jules Not sure if you're about, but above link doesn't work. Can't seem to get to domain name??? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From glenn.steen at gmail.com Fri Oct 26 09:37:32 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Oct 26 09:37:39 2007 Subject: Mandriva 2007 Mailscanner installation error In-Reply-To: <47217F75.6070908@vanderkooij.org> References: <006001c816d6$b55220d0$0a02a8c0@gordon> <223f97700710250151k6dcb7641ia719ce71c1a015dd@mail.gmail.com> <223f97700710250155r2eab02b9nd5ff13211c4a0010@mail.gmail.com> <47217F75.6070908@vanderkooij.org> Message-ID: <223f97700710260137q18df89a2x35e9fbb209a85e3a@mail.gmail.com> On 26/10/2007, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Glenn Steen wrote: > >> filen /usr/src/RPM tillh??r inget paket > > For those of you who aren't native to Swedish, or perhaps don't like > > mangled utf.... The string "filen /usr/src/RPM tillh?r inget paket" > > would loosely translate to "the file /usr/src/RPM isn't part of any > > package"...:-) > > Everyone who saw every episode of the muppetshow should understand > Swedish by now ;-) > > Hugo. > Search the archives Hugo.... Look for repeated use of "bork"...:-). Yes, we've had that discussion already;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From prandal at herefordshire.gov.uk Fri Oct 26 10:17:25 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Oct 26 10:17:34 2007 Subject: http://www.mailscanner.eu/phishing.bad.sites.conf.master disappeared In-Reply-To: <822c98cee600e0419c5a7a8b54cc3a2d@solidstatelogic.com> References: <822c98cee600e0419c5a7a8b54cc3a2d@solidstatelogic.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA01E0588F@HC-MBX02.herefordshire.gov.uk> Works for me right now: # # This file is copyright Julian Field and is part of MailScanner. # This file must not be distributed except as part of MailScanner. # This file was generated at Fri Oct 26 10:05:03 BST 2007 # Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Martin.Hepworth > Sent: 26 October 2007 08:37 > To: MailScanner discussion > Subject: > http://www.mailscanner.eu/phishing.bad.sites.conf.master disappeared > > Jules > > Not sure if you're about, but above link doesn't work. Can't > seem to get to domain name??? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are > intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. > We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From atobisch at trustinternational.com Fri Oct 26 10:21:42 2007 From: atobisch at trustinternational.com (Alexander Tobisch) Date: Fri Oct 26 10:22:38 2007 Subject: Thank you for your eMail. Message-ID: <10710261121.AA17377@trustinternational.com> Thank you for your eMail. I am currently out of the office with no access to my eMails. Your mail will be forwarded to Michael G?rlich (mgoerlich@trustinternational.com). Best regards, Alexander Tobisch System Administrator TRUST International by Travelport TRUST International Hotel Reservation Services GmbH Lyoner Strasse 40, 60528 Frankfurt, Germany Telephone: +49 (069) 664 089 1757 Fax: +49 (069) 665 664 089 1760 e: atobisch@trustinternational.com www.trustinternational.com & www.travelport.com Sitz/Place of business: Frankfurt am Main, Germany Registerinformationen/Registry information: AG Frankfurt am Main HRB 30120 Gesch?ftsf?hrer/Managing Directors: Bryan Conway, Richard Wiegmann, Marius Nasta Please see our disclaimer via link http://www.trustinternational.com/home/disclaimer.html From martinh at solidstatelogic.com Fri Oct 26 10:24:19 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Oct 26 10:24:25 2007 Subject: http://www.mailscanner.eu/phishing.bad.sites.conf.master disappeared In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA01E0588F@HC-MBX02.herefordshire.gov.uk> Message-ID: Hmm yeah it's back.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Randal, Phil > Sent: 26 October 2007 10:17 > To: MailScanner discussion > Subject: RE: http://www.mailscanner.eu/phishing.bad.sites.conf.master > disappeared > > Works for me right now: > > # > # This file is copyright Julian Field and is part of MailScanner. > # This file must not be distributed except as part of MailScanner. > # This file was generated at Fri Oct 26 10:05:03 BST 2007 > # > > Cheers, > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Martin.Hepworth > > Sent: 26 October 2007 08:37 > > To: MailScanner discussion > > Subject: > > http://www.mailscanner.eu/phishing.bad.sites.conf.master disappeared > > > > Jules > > > > Not sure if you're about, but above link doesn't work. Can't > > seem to get to domain name??? > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are > > intended for the > > addressee only and may be confidential. If they come to you in error > > you must take no action based on them, nor must you copy or show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data corruption. > > We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales > > (Company No:5362730) > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > United Kingdom > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From atobisch at trustinternational.com Fri Oct 26 10:29:30 2007 From: atobisch at trustinternational.com (Alexander Tobisch) Date: Fri Oct 26 10:29:44 2007 Subject: Thank you for your eMail. Message-ID: <10710261129.AA17554@trustinternational.com> Thank you for your eMail. I am currently out of the office with no access to my eMails. Your mail will be forwarded to Michael G?rlich (mgoerlich@trustinternational.com). Best regards, Alexander Tobisch System Administrator TRUST International by Travelport TRUST International Hotel Reservation Services GmbH Lyoner Strasse 40, 60528 Frankfurt, Germany Telephone: +49 (069) 664 089 1757 Fax: +49 (069) 665 664 089 1760 e: atobisch@trustinternational.com www.trustinternational.com & www.travelport.com Sitz/Place of business: Frankfurt am Main, Germany Registerinformationen/Registry information: AG Frankfurt am Main HRB 30120 Gesch?ftsf?hrer/Managing Directors: Bryan Conway, Richard Wiegmann, Marius Nasta Please see our disclaimer via link http://www.trustinternational.com/home/disclaimer.html From edward.prendergast at netring.co.uk Fri Oct 26 12:21:59 2007 From: edward.prendergast at netring.co.uk (Edward Prendergast) Date: Fri Oct 26 12:21:54 2007 Subject: updates required for mailscanner.info/fsl.com? Message-ID: <01d801c817c2$6f98ac70$4eca0550$@prendergast@netring.co.uk> Hi, There's a link here: http://www.mailscanner.info/install_guides.html To here: http://www.fsl.com/support/ (third link down) Which contains a number of dead links, such as: http://www.sng.ecs.soton.ac.uk/mailscanner/install/ http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/1.html Just thought I'd ping the list in case the relevant people were looking at it. Regards, Edward ************ The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any action taken or omitted to be taken in reliance on it, any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this E-mail message is strictly prohibited and may be unlawful. If you have received this E-mail message in error, please notify us immediately. Please also destroy and delete the message from your computer. ************ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071026/0b3adaf5/attachment.html From martinh at solidstatelogic.com Fri Oct 26 12:27:45 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Oct 26 12:28:01 2007 Subject: updates required for mailscanner.info/fsl.com? In-Reply-To: <01d801c817c2$6f98ac70$4eca0550$@prendergast@netring.co.uk> Message-ID: Hmm should really be pointing at the wiki for the install guides... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Edward Prendergast > Sent: 26 October 2007 12:22 > To: mailscanner@lists.mailscanner.info > Subject: updates required for mailscanner.info/fsl.com? > > Hi, > > > > There's a link here: http://www.mailscanner.info/install_guides.html > > > > To here: http://www.fsl.com/support/ (third link down) > > > > Which contains a number of dead links, such as: > > > > http://www.sng.ecs.soton.ac.uk/mailscanner/install/ > > http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/1.html > > > > > > Just thought I'd ping the list in case the relevant people were looking at > it. > > > > Regards, > > Edward > > > > The information in this email is confidential and may be legally > privileged. It is intended solely for the addressee. Access to this email > by anyone else is unauthorised. If you are not the intended recipient, any > action taken or omitted to be taken in reliance on it, any form of > reproduction, dissemination, copying, disclosure, modification, > distribution and/or publication of this E-mail message is strictly > prohibited and may be unlawful. If you have received this E-mail message > in error, please notify us immediately. Please also destroy and delete the > message from your computer. ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From atobisch at trustinternational.com Fri Oct 26 12:28:57 2007 From: atobisch at trustinternational.com (Alexander Tobisch) Date: Fri Oct 26 12:29:58 2007 Subject: Thank you for your eMail. Message-ID: <10710261328.AA20722@trustinternational.com> Thank you for your eMail. I am currently out of the office with no access to my eMails. Your mail will be forwarded to Michael G?rlich (mgoerlich@trustinternational.com). Best regards, Alexander Tobisch System Administrator TRUST International by Travelport TRUST International Hotel Reservation Services GmbH Lyoner Strasse 40, 60528 Frankfurt, Germany Telephone: +49 (069) 664 089 1757 Fax: +49 (069) 665 664 089 1760 e: atobisch@trustinternational.com www.trustinternational.com & www.travelport.com Sitz/Place of business: Frankfurt am Main, Germany Registerinformationen/Registry information: AG Frankfurt am Main HRB 30120 Gesch?ftsf?hrer/Managing Directors: Bryan Conway, Richard Wiegmann, Marius Nasta Please see our disclaimer via link http://www.trustinternational.com/home/disclaimer.html From atobisch at trustinternational.com Fri Oct 26 12:32:15 2007 From: atobisch at trustinternational.com (Alexander Tobisch) Date: Fri Oct 26 12:32:24 2007 Subject: Thank you for your eMail. Message-ID: <10710261332.AA20785@trustinternational.com> Thank you for your eMail. I am currently out of the office with no access to my eMails. Your mail will be forwarded to Michael G?rlich (mgoerlich@trustinternational.com). Best regards, Alexander Tobisch System Administrator TRUST International by Travelport TRUST International Hotel Reservation Services GmbH Lyoner Strasse 40, 60528 Frankfurt, Germany Telephone: +49 (069) 664 089 1757 Fax: +49 (069) 665 664 089 1760 e: atobisch@trustinternational.com www.trustinternational.com & www.travelport.com Sitz/Place of business: Frankfurt am Main, Germany Registerinformationen/Registry information: AG Frankfurt am Main HRB 30120 Gesch?ftsf?hrer/Managing Directors: Bryan Conway, Richard Wiegmann, Marius Nasta Please see our disclaimer via link http://www.trustinternational.com/home/disclaimer.html From sandrews at andrewscompanies.com Fri Oct 26 12:41:01 2007 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Fri Oct 26 12:41:08 2007 Subject: Need help -- script (someone had this!) In-Reply-To: <4721325E020000A200007393@platteco-2.plattesheriff.org> References: <4721325E020000A200007393@platteco-2.plattesheriff.org> Message-ID: <1964AAFBC212F742958F9275BF63DBB05B4328@winchester.andrewscompanies.com> Are you talking about one that builds a box from base OS to working ms/mailwatch? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rob Poe Sent: Friday, October 26, 2007 1:19 AM To: mailscanner@lists.mailscanner.info Subject: Need help -- script (someone had this!) Someone had made an install script for Linux that installed a lot of things automagically on a linux box .. i must have misplaced this .. and I'd like to find it again.. thanks! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From atobisch at trustinternational.com Fri Oct 26 12:44:45 2007 From: atobisch at trustinternational.com (Alexander Tobisch) Date: Fri Oct 26 12:46:00 2007 Subject: Thank you for your eMail. Message-ID: <10710261344.AA21063@trustinternational.com> Thank you for your eMail. I am currently out of the office with no access to my eMails. Your mail will be forwarded to Michael G?rlich (mgoerlich@trustinternational.com). Best regards, Alexander Tobisch System Administrator TRUST International by Travelport TRUST International Hotel Reservation Services GmbH Lyoner Strasse 40, 60528 Frankfurt, Germany Telephone: +49 (069) 664 089 1757 Fax: +49 (069) 665 664 089 1760 e: atobisch@trustinternational.com www.trustinternational.com & www.travelport.com Sitz/Place of business: Frankfurt am Main, Germany Registerinformationen/Registry information: AG Frankfurt am Main HRB 30120 Gesch?ftsf?hrer/Managing Directors: Bryan Conway, Richard Wiegmann, Marius Nasta Please see our disclaimer via link http://www.trustinternational.com/home/disclaimer.html From alex at nkpanama.com Fri Oct 26 13:38:20 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Oct 26 13:38:33 2007 Subject: Thank you for your eMail. In-Reply-To: <10710261344.AA21063@trustinternational.com> References: <10710261344.AA21063@trustinternational.com> Message-ID: <4721DFBC.8020306@nkpanama.com> I hope noone sends an e-mail "from" him and "to" him. His autoreply doesn't seem to be too smart. Alexander Tobisch wrote: > Thank you for your eMail. > > I am currently out of the office with no access to my eMails. > > Your mail will be forwarded to Michael G?rlich (mgoerlich@trustinternational.com). > > Best regards, > > Alexander Tobisch > > System Administrator > > TRUST International by Travelport > > TRUST International Hotel Reservation Services GmbH > > Lyoner Strasse 40, 60528 Frankfurt, Germany > > Telephone: +49 (069) 664 089 1757 > > Fax: +49 (069) 665 664 089 1760 > > e: atobisch@trustinternational.com > > www.trustinternational.com & www.travelport.com > > Sitz/Place of business: Frankfurt am Main, Germany > > Registerinformationen/Registry information: AG Frankfurt am Main HRB 30120 > > Gesch?ftsf?hrer/Managing Directors: Bryan Conway, Richard Wiegmann, Marius Nasta > > Please see our disclaimer via link > > http://www.trustinternational.com/home/disclaimer.html > > > From davejones70 at gmail.com Fri Oct 26 13:39:14 2007 From: davejones70 at gmail.com (Dave Jones) Date: Fri Oct 26 13:39:15 2007 Subject: MCP score counting everything twice in HTML emails Message-ID: <67a55ed50710260539h2a66159crc10214a18a2ebebe@mail.gmail.com> I am using the SA rule keyword "tflags [SOME_RULE_NAME] multiple" to get SA to count multiple occurrences of the same word. An interesting side effect is that emails with HTML count everything twice so if there is really only 1 instance of a word, we get 2 hits -- one for the plain text part of the email and one for the HTML part of the email. Is there any way to only scan the HTML portion if it exists then fallback to the text only if it is not an HTML email? We really need to accurately score multiple words without getting double scored. -- Dave Jones -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071026/73eaa445/attachment.html From damian at cht.com.ar Fri Oct 26 15:28:51 2007 From: damian at cht.com.ar (Damian Rivas) Date: Fri Oct 26 15:32:45 2007 Subject: Weird Problem with MailScanner {Scanned by Allteks Mailsafe} Message-ID: <484E9B509664CA499A78F777A2D59A30027656@server6.chtnet.com.ar> Hi people, it seems this is a never ending story... Yesterday I've installed and configured the MIMEDefang, today I started making some tests on the server but the MIMEDefang is assigning "User Unknown" status to addresses that are actually known. I think the problem is in the function to filter recipients some on you sent me on this link: http://www.mimedefang.org/kwiki/index.cgi?RelayCheckAddresses This is the function posted there: Larry Starr's version: "" - should be the name of the machine that you are relaying for i.e. "internalserver.mydomain.com" The RE for setting $relay should be your mail domain "mydom.com" should, of course be your domain "\bmydomain\.com\b" "myfqdn" should be the name of the server running mimedefang i.e "mail.mydomain.com" Hope this helps someone. sub filter_recipient { my($recip, $sender, $ip, $host, $first, $helo, $rcpt_mailer, $rcpt_host, $rcpt_addr) = @_; my $relay = undef; $relay = "" if ($recip =~ /\bmydom\.com\b/); if ($relay) { return md_check_against_smtp_server($sender, $recip, "myfqdn", $relay); } return('CONTINUE', "OK"); # accept recipient if dont find relay } And this is my custom function based on the above one: #customized function to filter recipients: sub filter_recipient { my($recip, $sender, $ip, $host, $first, $helo, $rcpt_mailer, $rcpt_host, $rcpt_addr) = @_; my $relay = undef; $relay = "172.16.48.19" if ($recip =~ /\bcht\.com\.ar\b/) or ($recip =~ /\ baaovyt\.com\.ar\b/) or ($recip =~ /\bskalbue\.com\.ar\b/) or ($recip =~ /\bci-e duc\.com\.ar\b/) or ($recip =~ /\hispanoamericana\.com\.ar\b/) or ($recip =~ /\b consulthouse\.travel\b/) or ($recip =~ /\bconsul\.travel\b/); if ($relay) { return md_check_against_smtp_server($sender, $recip, "ns2.cht.com.ar", $relay); } return('CONTINUE', "OK"); # accept recipient if dont find relay } Perhaps I'm misunderstanding some of the aliases this guy uses or something like that. Please if you can point me where my error is I'll be really grateful. Regards Damian From ka at pacific.net Fri Oct 26 15:35:09 2007 From: ka at pacific.net (Ken A) Date: Fri Oct 26 15:35:15 2007 Subject: O.T. question - how to deal with choicemail c/r spam In-Reply-To: <4721802B.8020606@vanderkooij.org> References: <4720C5DE.402@pacific.net> <4721802B.8020606@vanderkooij.org> Message-ID: <4721FB1D.6080201@pacific.net> Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Ken A wrote: >> How do you all deal with this C/R stuff, when it's one of your customers >> using it? >> >> Choicemail is some kind of outlook plugin that bounces back all mail - >> doing the usual C/R thing - but directly from the MUA. >> >> I guess it's time to re-write the anti-spam policy one more time to rule >> out any kind of spam bouncing. >> >> How have you dealt with this? Do you filter outgoing mail that is from >> this sort of software (choicemail, mailwasher, etc..) ? > > MUA's are suposed to talk to the MTA's only. Anything else and the > firewall gets real cranky. > good firewalls make good neighbors, yes.. I guess I didn't explain it properly. choicemail is a plugin or add-on that simply auto-responds to all email with a challenge that directs senders to a link on the choicemail website. The mail goes out through the MTA (us). But this this is a different architecture than other C/R systems that are responsible for their own outgoing mail. Instead of a proxy, or a separate MX that filters and does the C/R, WE ARE NOW sending this junk out through our MTAs. So, we're putting a stop to it, but I just wondered if anyone out there had experienced the crossfire of choicemail or other crapware that auto bounces everything or nearly everything, and what you did to deal with it. Ken > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFHIYAqBvzDRVjxmYERArZrAKCCBwVS26KkacGJxFcyE2xlLhk2qgCfTt0q > 1NxQqWaSiobLFWn8n5s9s5g= > =HrjW > -----END PGP SIGNATURE----- -- Ken Anderson Pacific.Net From ka at pacific.net Fri Oct 26 15:38:12 2007 From: ka at pacific.net (Ken A) Date: Fri Oct 26 15:38:17 2007 Subject: Thank you for your eMail. In-Reply-To: <4721DFBC.8020306@nkpanama.com> References: <10710261344.AA21063@trustinternational.com> <4721DFBC.8020306@nkpanama.com> Message-ID: <4721FBD4.5060207@pacific.net> Alex Neuman van der Hans wrote: > I hope noone sends an e-mail "from" him and "to" him. His autoreply > doesn't seem to be too smart. oh, nobody would do THAT! At least the disclaimer is a link. I imagine it's about 30 pages long.. Ken > > Alexander Tobisch wrote: >> Thank you for your eMail. >> >> I am currently out of the office with no access to my eMails. >> >> Your mail will be forwarded to Michael G?rlich >> (mgoerlich@trustinternational.com). >> >> Best regards, >> >> Alexander Tobisch >> >> System Administrator >> >> TRUST International by Travelport >> >> TRUST International Hotel Reservation Services GmbH >> >> Lyoner Strasse 40, 60528 Frankfurt, Germany >> >> Telephone: +49 (069) 664 089 1757 >> >> Fax: +49 (069) 665 664 089 1760 >> >> e: atobisch@trustinternational.com >> >> www.trustinternational.com & www.travelport.com >> >> Sitz/Place of business: Frankfurt am Main, Germany >> >> Registerinformationen/Registry information: AG Frankfurt am Main HRB >> 30120 >> >> Gesch?ftsf?hrer/Managing Directors: Bryan Conway, Richard Wiegmann, >> Marius Nasta >> >> Please see our disclaimer via link >> >> http://www.trustinternational.com/home/disclaimer.html >> >> >> > -- Ken Anderson Pacific.Net From alex at nkpanama.com Fri Oct 26 16:29:30 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Oct 26 16:29:46 2007 Subject: O.T. question - how to deal with choicemail c/r spam In-Reply-To: <4721FB1D.6080201@pacific.net> References: <4720C5DE.402@pacific.net> <4721802B.8020606@vanderkooij.org> <4721FB1D.6080201@pacific.net> Message-ID: <472207DA.7020505@nkpanama.com> If there is *any* way of parsing *anything* on the message, let us know. Someone could write an MCP rule so you could probably quarantine (or just "get rid of") all that choicemail and other C/R crap. Ken A wrote: > Hugo van der Kooij wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Ken A wrote: >>> How do you all deal with this C/R stuff, when it's one of your customers >>> using it? >>> >>> Choicemail is some kind of outlook plugin that bounces back all mail - >>> doing the usual C/R thing - but directly from the MUA. >>> >>> I guess it's time to re-write the anti-spam policy one more time to rule >>> out any kind of spam bouncing. >>> >>> How have you dealt with this? Do you filter outgoing mail that is from >>> this sort of software (choicemail, mailwasher, etc..) ? >> >> MUA's are suposed to talk to the MTA's only. Anything else and the >> firewall gets real cranky. >> > > good firewalls make good neighbors, yes.. I guess I didn't explain it > properly. choicemail is a plugin or add-on that simply auto-responds to > all email with a challenge that directs senders to a link on the > choicemail website. The mail goes out through the MTA (us). But this > this is a different architecture than other C/R systems that are > responsible for their own outgoing mail. Instead of a proxy, or a > separate MX that filters and does the C/R, WE ARE NOW sending this junk > out through our MTAs. > > So, we're putting a stop to it, but I just wondered if anyone out there > had experienced the crossfire of choicemail or other crapware that auto > bounces everything or nearly everything, and what you did to deal with it. > > Ken > > >> Hugo. >> >> - -- >> hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ >> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc >> >> A: Yes. >> >Q: Are you sure? >> >>A: Because it reverses the logical flow of conversation. >> >>>Q: Why is top posting frowned upon? >> >> Bored? Click on http://spamornot.org/ and rate those images. >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.7 (GNU/Linux) >> >> iD8DBQFHIYAqBvzDRVjxmYERArZrAKCCBwVS26KkacGJxFcyE2xlLhk2qgCfTt0q >> 1NxQqWaSiobLFWn8n5s9s5g= >> =HrjW >> -----END PGP SIGNATURE----- > > From uxbod at splatnix.net Fri Oct 26 16:43:51 2007 From: uxbod at splatnix.net (UxBoD) Date: Fri Oct 26 16:52:28 2007 Subject: OT: Ubuntu Message-ID: <24230975.01193413431767.JavaMail.root@office.splatnix.net> Hi, Is anybody running MS on Ubuntu ? I am thinking about switching from Gentoo too Ubuntu 7.10 for me home server as I don't really have time to work on it, and if it does die it would certainly be quicker to get it up and running again (yes, I am running hardware RAID just incase :) ) Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From housey at sme-ecom.co.uk Fri Oct 26 16:54:35 2007 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Fri Oct 26 16:54:43 2007 Subject: Weird Problem with MailScanner {Scanned by Allteks Mailsafe} In-Reply-To: <484E9B509664CA499A78F777A2D59A30027656@server6.chtnet.com.ar> Message-ID: Hi When I used to use that script I did multiple domains like this $relay = "172.16.48.19" if ($recip =~ /\bcht\.com\.ar\b/); $relay = "172.16.48.19" if ($recip =~ /\baaovyt\.com\.ar\b/); $relay = "172.16.48.19" if ($recip =~ /\bskalbue\.com\.ar\b/); $relay = "172.16.48.19" if ($recip =~ /\bci-educ\.com\.ar\b/); $relay = "172.16.48.19" if ($recip =~ /\hispanoamericana\.com\.ar\b/); $relay = "172.16.48.19" if ($recip =~ /\bconsulthouse\.travel\b/); $relay = "172.16.48.19" if ($recip =~ /\bconsul\.travel\b/); You also need to check that mimedefang is aware that it should be using the recipient checking, on a redhat based system you set it in the init script /etc/rc.d/init.d/mimedefang - look for MX_RECIPIENT_CHECK - make sure its set to yes See if thats a difference. I would possibly post these questions to the mimedefang list as its not really relavant to MailScanner. CHeers Paul > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Damian > Rivas > Sent: 26 October 2007 15:29 > To: MailScanner discussion > Subject: RE:Weird Problem with MailScanner {Scanned by Allteks Mailsafe} > > > Hi people, it seems this is a never ending story... > > Yesterday I've installed and configured the MIMEDefang, today I started > making some tests on the server but the MIMEDefang is assigning "User > Unknown" status to addresses that are actually known. > > I think the problem is in the function to filter recipients some on you > sent me on this link: > http://www.mimedefang.org/kwiki/index.cgi?RelayCheckAddresses > > This is the function posted there: > > Larry Starr's version: > "" - should be the name of the machine that you are > relaying for i.e. "internalserver.mydomain.com" > The RE for setting $relay should be your mail domain "mydom.com" should, > of course be your domain "\bmydomain\.com\b" > "myfqdn" should be the name of the server running mimedefang i.e > "mail.mydomain.com" > > Hope this helps someone. > sub filter_recipient > { > my($recip, $sender, $ip, $host, $first, $helo, > $rcpt_mailer, $rcpt_host, $rcpt_addr) = @_; > > my $relay = undef; > $relay = "" if ($recip =~ /\bmydom\.com\b/); > if ($relay) > { > return md_check_against_smtp_server($sender, $recip, > "myfqdn", $relay); > } > > return('CONTINUE', "OK"); # accept recipient if dont find relay > } > > And this is my custom function based on the above one: > > #customized function to filter recipients: > sub filter_recipient > { > my($recip, $sender, $ip, $host, $first, $helo, > $rcpt_mailer, $rcpt_host, $rcpt_addr) = @_; > > my $relay = undef; > $relay = "172.16.48.19" if ($recip =~ /\bcht\.com\.ar\b/) or > ($recip =~ /\ > baaovyt\.com\.ar\b/) or ($recip =~ /\bskalbue\.com\.ar\b/) or ($recip =~ > /\bci-e > duc\.com\.ar\b/) or ($recip =~ /\hispanoamericana\.com\.ar\b/) or > ($recip =~ /\b > consulthouse\.travel\b/) or ($recip =~ /\bconsul\.travel\b/); > > if ($relay) > { > return md_check_against_smtp_server($sender, $recip, > "ns2.cht.com.ar", $relay); > } > > return('CONTINUE', "OK"); # accept recipient if dont find relay > } > > Perhaps I'm misunderstanding some of the aliases this guy uses or > something like that. Please if you can point me where my error is I'll > be really grateful. > > Regards > > Damian > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > This message has been scanned by the Allteks Mailsafe Service > > > From prandal at herefordshire.gov.uk Fri Oct 26 17:01:29 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Oct 26 17:01:37 2007 Subject: O.T. question - how to deal with choicemail c/r spam In-Reply-To: <4721FB1D.6080201@pacific.net> References: <4720C5DE.402@pacific.net> <4721802B.8020606@vanderkooij.org> <4721FB1D.6080201@pacific.net> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA01E05928@HC-MBX02.herefordshire.gov.uk> Why the heck are end users installing software on their PCs? This is best dealt with by appropriate "conditions of use" policies backed up by management who are not scared to invoke disciplinary procedures. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken A > Sent: 26 October 2007 15:35 > To: MailScanner discussion > Subject: Re: O.T. question - how to deal with choicemail c/r spam > > Hugo van der Kooij wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Ken A wrote: > >> How do you all deal with this C/R stuff, when it's one of > your customers > >> using it? > >> > >> Choicemail is some kind of outlook plugin that bounces > back all mail - > >> doing the usual C/R thing - but directly from the MUA. > >> > >> I guess it's time to re-write the anti-spam policy one > more time to rule > >> out any kind of spam bouncing. > >> > >> How have you dealt with this? Do you filter outgoing mail > that is from > >> this sort of software (choicemail, mailwasher, etc..) ? > > > > MUA's are suposed to talk to the MTA's only. Anything else and the > > firewall gets real cranky. > > > > good firewalls make good neighbors, yes.. I guess I didn't explain it > properly. choicemail is a plugin or add-on that simply > auto-responds to > all email with a challenge that directs senders to a link on the > choicemail website. The mail goes out through the MTA (us). But this > this is a different architecture than other C/R systems that are > responsible for their own outgoing mail. Instead of a proxy, or a > separate MX that filters and does the C/R, WE ARE NOW sending > this junk > out through our MTAs. > > So, we're putting a stop to it, but I just wondered if anyone > out there > had experienced the crossfire of choicemail or other crapware > that auto > bounces everything or nearly everything, and what you did to > deal with it. > > Ken > > > > Hugo. > > > > - -- > > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > > > A: Yes. > > >Q: Are you sure? > > >>A: Because it reverses the logical flow of conversation. > > >>>Q: Why is top posting frowned upon? > > > > Bored? Click on http://spamornot.org/ and rate those images. > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.7 (GNU/Linux) > > > > iD8DBQFHIYAqBvzDRVjxmYERArZrAKCCBwVS26KkacGJxFcyE2xlLhk2qgCfTt0q > > 1NxQqWaSiobLFWn8n5s9s5g= > > =HrjW > > -----END PGP SIGNATURE----- > > > -- > Ken Anderson > Pacific.Net > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ka at pacific.net Fri Oct 26 17:03:58 2007 From: ka at pacific.net (Ken A) Date: Fri Oct 26 17:04:02 2007 Subject: O.T. question - how to deal with choicemail c/r spam In-Reply-To: <472207DA.7020505@nkpanama.com> References: <4720C5DE.402@pacific.net> <4721802B.8020606@vanderkooij.org> <4721FB1D.6080201@pacific.net> <472207DA.7020505@nkpanama.com> Message-ID: <47220FEE.7000005@pacific.net> Alex Neuman van der Hans wrote: > If there is *any* way of parsing *anything* on the message, let us know. > Someone could write an MCP rule so you could probably quarantine (or > just "get rid of") all that choicemail and other C/R crap. The "X-ChoiceMail-Registration-Request" header is present in choicemail auto-responses, so an SA rule is easy. However, I'm leaning towards using milter-regex to reject rather than quarantine. I don't want anyone to think they can whitelist this junk. Ken > > Ken A wrote: >> Hugo van der Kooij wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Ken A wrote: >>>> How do you all deal with this C/R stuff, when it's one of your >>>> customers >>>> using it? >>>> >>>> Choicemail is some kind of outlook plugin that bounces back all mail - >>>> doing the usual C/R thing - but directly from the MUA. >>>> >>>> I guess it's time to re-write the anti-spam policy one more time to >>>> rule >>>> out any kind of spam bouncing. >>>> >>>> How have you dealt with this? Do you filter outgoing mail that is from >>>> this sort of software (choicemail, mailwasher, etc..) ? >>> >>> MUA's are suposed to talk to the MTA's only. Anything else and the >>> firewall gets real cranky. >>> >> >> good firewalls make good neighbors, yes.. I guess I didn't explain it >> properly. choicemail is a plugin or add-on that simply auto-responds >> to all email with a challenge that directs senders to a link on the >> choicemail website. The mail goes out through the MTA (us). But this >> this is a different architecture than other C/R systems that are >> responsible for their own outgoing mail. Instead of a proxy, or a >> separate MX that filters and does the C/R, WE ARE NOW sending this >> junk out through our MTAs. >> >> So, we're putting a stop to it, but I just wondered if anyone out >> there had experienced the crossfire of choicemail or other crapware >> that auto bounces everything or nearly everything, and what you did to >> deal with it. >> >> Ken >> >> >>> Hugo. >>> >>> - -- >>> hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ >>> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc >>> >>> A: Yes. >>> >Q: Are you sure? >>> >>A: Because it reverses the logical flow of conversation. >>> >>>Q: Why is top posting frowned upon? >>> >>> Bored? Click on http://spamornot.org/ and rate those images. >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1.4.7 (GNU/Linux) >>> >>> iD8DBQFHIYAqBvzDRVjxmYERArZrAKCCBwVS26KkacGJxFcyE2xlLhk2qgCfTt0q >>> 1NxQqWaSiobLFWn8n5s9s5g= >>> =HrjW >>> -----END PGP SIGNATURE----- >> >> > -- Ken Anderson Pacific.Net From ka at pacific.net Fri Oct 26 17:29:09 2007 From: ka at pacific.net (Ken A) Date: Fri Oct 26 17:29:14 2007 Subject: O.T. question - how to deal with choicemail c/r spam In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA01E05928@HC-MBX02.herefordshire.gov.uk> References: <4720C5DE.402@pacific.net> <4721802B.8020606@vanderkooij.org> <4721FB1D.6080201@pacific.net> <7EF0EE5CB3B263488C8C18823239BEBA01E05928@HC-MBX02.herefordshire.gov.uk> Message-ID: <472215D5.6020109@pacific.net> Randal, Phil wrote: > Why the heck are end users installing software on their PCs? > > This is best dealt with by appropriate "conditions of use" policies > backed up by management who are not scared to invoke disciplinary > procedures. I'd love to slap our users around once in a while, but we're an ISP, so they slap us around more often, but it does pay the bills. :-) Ken > > Cheers, > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken A >> Sent: 26 October 2007 15:35 >> To: MailScanner discussion >> Subject: Re: O.T. question - how to deal with choicemail c/r spam >> >> Hugo van der Kooij wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Ken A wrote: >>>> How do you all deal with this C/R stuff, when it's one of >> your customers >>>> using it? >>>> >>>> Choicemail is some kind of outlook plugin that bounces >> back all mail - >>>> doing the usual C/R thing - but directly from the MUA. >>>> >>>> I guess it's time to re-write the anti-spam policy one >> more time to rule >>>> out any kind of spam bouncing. >>>> >>>> How have you dealt with this? Do you filter outgoing mail >> that is from >>>> this sort of software (choicemail, mailwasher, etc..) ? >>> MUA's are suposed to talk to the MTA's only. Anything else and the >>> firewall gets real cranky. >>> >> good firewalls make good neighbors, yes.. I guess I didn't explain it >> properly. choicemail is a plugin or add-on that simply >> auto-responds to >> all email with a challenge that directs senders to a link on the >> choicemail website. The mail goes out through the MTA (us). But this >> this is a different architecture than other C/R systems that are >> responsible for their own outgoing mail. Instead of a proxy, or a >> separate MX that filters and does the C/R, WE ARE NOW sending >> this junk >> out through our MTAs. >> >> So, we're putting a stop to it, but I just wondered if anyone >> out there >> had experienced the crossfire of choicemail or other crapware >> that auto >> bounces everything or nearly everything, and what you did to >> deal with it. >> >> Ken >> >> >>> Hugo. >>> >>> - -- >>> hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ >>> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc >>> >>> A: Yes. >>> >Q: Are you sure? >>> >>A: Because it reverses the logical flow of conversation. >>> >>>Q: Why is top posting frowned upon? >>> >>> Bored? Click on http://spamornot.org/ and rate those images. >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1.4.7 (GNU/Linux) >>> >>> iD8DBQFHIYAqBvzDRVjxmYERArZrAKCCBwVS26KkacGJxFcyE2xlLhk2qgCfTt0q >>> 1NxQqWaSiobLFWn8n5s9s5g= >>> =HrjW >>> -----END PGP SIGNATURE----- >> >> -- >> Ken Anderson >> Pacific.Net >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> -- Ken Anderson Pacific.Net From ssilva at sgvwater.com Fri Oct 26 17:59:22 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Oct 26 18:03:26 2007 Subject: Thank you for your eMail. In-Reply-To: <4721FBD4.5060207@pacific.net> References: <10710261344.AA21063@trustinternational.com> <4721DFBC.8020306@nkpanama.com> <4721FBD4.5060207@pacific.net> Message-ID: on 10/26/2007 7:38 AM Ken A spake the following: > Alex Neuman van der Hans wrote: >> I hope noone sends an e-mail "from" him and "to" him. His autoreply >> doesn't seem to be too smart. > > oh, nobody would do THAT! At least the disclaimer is a link. I imagine > it's about 30 pages long.. > Ken Think of the poor guy who is getting all his forwards! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Fri Oct 26 18:02:44 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Oct 26 18:05:39 2007 Subject: updates required for mailscanner.info/fsl.com? In-Reply-To: References: <01d801c817c2$6f98ac70$4eca0550$@prendergast@netring.co.uk> Message-ID: on 10/26/2007 4:27 AM Martin.Hepworth spake the following: > Hmm should really be pointing at the wiki for the install guides... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Edward Prendergast >> Sent: 26 October 2007 12:22 >> To: mailscanner@lists.mailscanner.info >> Subject: updates required for mailscanner.info/fsl.com? >> >> Hi, >> >> >> >> There's a link here: http://www.mailscanner.info/install_guides.html >> >> >> >> To here: http://www.fsl.com/support/ (third link down) >> >> >> >> Which contains a number of dead links, such as: >> >> >> >> http://www.sng.ecs.soton.ac.uk/mailscanner/install/ >> >> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/1.html >> >> >> >> >> >> Just thought I'd ping the list in case the relevant people were looking at >> it. >> >> >> Steve S. or one of his evil minions are usually lurking around the list... ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From glenn.steen at gmail.com Fri Oct 26 18:15:51 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Oct 26 18:15:54 2007 Subject: OT: Ubuntu In-Reply-To: <24230975.01193413431767.JavaMail.root@office.splatnix.net> References: <24230975.01193413431767.JavaMail.root@office.splatnix.net> Message-ID: <223f97700710261015leec9212pec724312538ffc8d@mail.gmail.com> On 26/10/2007, UxBoD wrote: > Hi, > > Is anybody running MS on Ubuntu ? I am thinking about switching from Gentoo too Ubuntu 7.10 for me home server as I don't really have time to work on it, and if it does die it would certainly be quicker to get it up and running again (yes, I am running hardware RAID just incase :) ) > > Regards, > Although I don't use Ubuntu for that (I do have some box or other running 7.10... Just not MS:-), I do think I recall some posts indicating that someone is indeed running MS on Ubuntu. Shouldn't be much different from any Debian. Why not go for LTS server? To ... moldy...? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From doc at maddoc.net Fri Oct 26 18:19:18 2007 From: doc at maddoc.net (Doc Schneider) Date: Fri Oct 26 18:19:28 2007 Subject: updates required for mailscanner.info/fsl.com? In-Reply-To: References: <01d801c817c2$6f98ac70$4eca0550$@prendergast@netring.co.uk> Message-ID: <47222196.3020809@maddoc.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > on 10/26/2007 4:27 AM Martin.Hepworth spake the following: >> Hmm should really be pointing at the wiki for the install guides... >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Edward Prendergast >>> Sent: 26 October 2007 12:22 >>> To: mailscanner@lists.mailscanner.info >>> Subject: updates required for mailscanner.info/fsl.com? >>> >>> Hi, >>> >>> >>> >>> There's a link here: http://www.mailscanner.info/install_guides.html >>> >>> >>> >>> To here: http://www.fsl.com/support/ (third link down) >>> >>> >>> >>> Which contains a number of dead links, such as: >>> >>> >>> >>> http://www.sng.ecs.soton.ac.uk/mailscanner/install/ >>> >>> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/1.html >>> >>> >>> >>> >>> >>> Just thought I'd ping the list in case the relevant people were >>> looking at >>> it. >>> >>> >>> > Steve S. or one of his evil minions are usually lurking around the > list... ;-P > > Some of us do resemble that remark Scott. HAR! - -- - -Doc Lincoln, NE. http://www.fsl.com/ http://www.genealogyforyou.com/ http://www.cairnproductions.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFHIiGWqOEeBwEpgcsRAuZuAKCBHZjjpwJEakRaoIvtl9gx5MLxogCgpv2D u5S0psInZ7TTmpsQwhOVTH8= =cyCx -----END PGP SIGNATURE----- From glenn.steen at gmail.com Fri Oct 26 18:20:22 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Oct 26 18:20:25 2007 Subject: updates required for mailscanner.info/fsl.com? In-Reply-To: References: Message-ID: <223f97700710261020j35b9ac7t32b20898b78e0b7c@mail.gmail.com> On 26/10/2007, Scott Silva wrote: > on 10/26/2007 4:27 AM Martin.Hepworth spake the following: > > Hmm should really be pointing at the wiki for the install guides... > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Edward Prendergast > >> Sent: 26 October 2007 12:22 > >> To: mailscanner@lists.mailscanner.info > >> Subject: updates required for mailscanner.info/fsl.com? > >> > >> Hi, > >> > >> > >> > >> There's a link here: http://www.mailscanner.info/install_guides.html > >> > >> > >> > >> To here: http://www.fsl.com/support/ (third link down) > >> > >> > >> > >> Which contains a number of dead links, such as: > >> > >> > >> > >> http://www.sng.ecs.soton.ac.uk/mailscanner/install/ > >> > >> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/1.html > >> > >> > >> > >> > >> > >> Just thought I'd ping the list in case the relevant people were looking at > >> it. > >> > >> > >> > Steve S. or one of his evil minions are usually lurking around the list... ;-P > Evil minions? Would that be Satay and Steve F and .., Jules...? :-):-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From lists at sequestered.net Fri Oct 26 19:27:25 2007 From: lists at sequestered.net (Jay Chandler) Date: Fri Oct 26 19:27:30 2007 Subject: O.T. question - how to deal with choicemail c/r spam In-Reply-To: <47220FEE.7000005@pacific.net> References: <4720C5DE.402@pacific.net> <4721802B.8020606@vanderkooij.org> <4721FB1D.6080201@pacific.net> <472207DA.7020505@nkpanama.com> <47220FEE.7000005@pacific.net> Message-ID: <4722318D.9000301@sequestered.net> Ken A wrote: > Alex Neuman van der Hans wrote: >> If there is *any* way of parsing *anything* on the message, let us >> know. Someone could write an MCP rule so you could probably quarantine >> (or just "get rid of") all that choicemail and other C/R crap. > > > The "X-ChoiceMail-Registration-Request" header is present in choicemail > auto-responses, so an SA rule is easy. However, I'm leaning towards > using milter-regex to reject rather than quarantine. I don't want anyone > to think they can whitelist this junk. > > Ken > If you're on Postfix (I am) I'd suggest just using a header_check and avoiding the milter entirely... -- Jay Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: network packets travelling uphill (use a carrier pigeon) From sailer at bnl.gov Fri Oct 26 19:51:42 2007 From: sailer at bnl.gov (Tim Sailer) Date: Fri Oct 26 19:51:52 2007 Subject: OT: Ubuntu In-Reply-To: <24230975.01193413431767.JavaMail.root@office.splatnix.net> References: <24230975.01193413431767.JavaMail.root@office.splatnix.net> Message-ID: <20071026185142.GA27199@bnl.gov> On Fri, Oct 26, 2007 at 04:43:51PM +0100, UxBoD wrote: > Hi, > > Is anybody running MS on Ubuntu ? I am thinking about switching from Gentoo too Ubuntu 7.10 for me home server as I don't really have time to work on it, and if it does die it would certainly be quicker to get it up and running again (yes, I am running hardware RAID just incase :) ) I'm running it on Ubuntu (many versions including 7.10) with Exim4 as the MTA. It's the same as my Debian boxen. Works great! Tim From lists at sequestered.net Fri Oct 26 19:31:48 2007 From: lists at sequestered.net (Jay Chandler) Date: Fri Oct 26 20:18:52 2007 Subject: Thank you for your eMail. In-Reply-To: <4721FBD4.5060207@pacific.net> References: <10710261344.AA21063@trustinternational.com> <4721DFBC.8020306@nkpanama.com> <4721FBD4.5060207@pacific.net> Message-ID: <47223294.4040002@sequestered.net> Ken A wrote: > Alex Neuman van der Hans wrote: >> I hope noone sends an e-mail "from" him and "to" him. His autoreply >> doesn't seem to be too smart. > > oh, nobody would do THAT! Of course I... er... they wouldn't. *mumbles, changes subject* -- Jay Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: network packets travelling uphill (use a carrier pigeon) From mkettler at evi-inc.com Fri Oct 26 20:27:53 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Oct 26 20:28:14 2007 Subject: FSL's copy of RulesDuJour outdated? Message-ID: <47223FB9.7070607@evi-inc.com> In FSL's "resources" page, they have a link to download RDJ: http://www.fsl.com/resources.html However, the RDJ script contained there is out-of-date, containing Version 1.28. The current release of RDJ is Version 1.30, as distributed at: sandgnat.com/rdj/rules_du_jour (Note: sandgnat.com is run by Chris Thielen, the original author of RDJ. He doesn't have exit0.us anymore, so he hosts it at sandgnat.com). I point the problem out because the version of RDJ distributed by FSL still supports fetching antidrug.cf from comcast.net. Although not enabled by default, someone might be misled into enabling it. I no longer have control of the account on comcast that the script points to, which would make it a very bad thing if someone tries to fetch antidrug from there. Any spammer might be the next person who has control of that comcast account, and they could publish any config file they wanted there, possibly including one with a regex designed to exploit SpamAssassin itself.. Running untrusted rules as root could possibly be dangerous... Can someone at FSL either remove or update their RDJ packages? You might also want to keep on top of it, as the SA devs have been trying to encourage Chris to comment-out the support for Will Stearns's blacklist and blacklist-uri as well. (They're interesting for research, but are also sure-fire ways to kill SpamAssassin due to their size. About once a week we see someone asking why SA is so slow and it turns out they have enabled this ruleset in RDJ..). From steve.swaney at fsl.com Fri Oct 26 20:46:46 2007 From: steve.swaney at fsl.com (Stephen Swaney) Date: Fri Oct 26 20:46:22 2007 Subject: FSL's copy of RulesDuJour outdated? In-Reply-To: <47223FB9.7070607@evi-inc.com> References: <47223FB9.7070607@evi-inc.com> Message-ID: <038601c81808$f1728b80$d457a280$@swaney@fsl.com> Matt, Thanks for pointing that out. We do need to update. We're actually not using the rules_du_jour script anymore but rather, updating SARE rules using the new SA update mechanism. I'll try and remove the old material and update the links. Thanks, Steve Steve Swaney steve@fsl.com > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Matt Kettler > Sent: Friday, October 26, 2007 3:28 PM > To: MailScanner discussion > Subject: FSL's copy of RulesDuJour outdated? > > In FSL's "resources" page, they have a link to download RDJ: > > http://www.fsl.com/resources.html > > However, the RDJ script contained there is out-of-date, containing > Version 1.28. > > The current release of RDJ is Version 1.30, as distributed at: > > sandgnat.com/rdj/rules_du_jour > > (Note: sandgnat.com is run by Chris Thielen, the original author of > RDJ. He > doesn't have exit0.us anymore, so he hosts it at sandgnat.com). > > I point the problem out because the version of RDJ distributed by FSL > still > supports fetching antidrug.cf from comcast.net. Although not enabled by > default, > someone might be misled into enabling it. > > I no longer have control of the account on comcast that the script > points to, > which would make it a very bad thing if someone tries to fetch antidrug > from > there. Any spammer might be the next person who has control of that > comcast > account, and they could publish any config file they wanted there, > possibly > including one with a regex designed to exploit SpamAssassin itself.. > Running > untrusted rules as root could possibly be dangerous... > > Can someone at FSL either remove or update their RDJ packages? > > You might also want to keep on top of it, as the SA devs have been > trying to > encourage Chris to comment-out the support for Will Stearns's blacklist > and > blacklist-uri as well. > > (They're interesting for research, but are also sure-fire ways to kill > SpamAssassin due to their size. About once a week we see someone asking > why SA > is so slow and it turns out they have enabled this ruleset in RDJ..). > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From alex at nkpanama.com Fri Oct 26 21:07:47 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Oct 26 21:08:02 2007 Subject: O.T. question - how to deal with choicemail c/r spam In-Reply-To: <472215D5.6020109@pacific.net> References: <4720C5DE.402@pacific.net> <4721802B.8020606@vanderkooij.org> <4721FB1D.6080201@pacific.net> <7EF0EE5CB3B263488C8C18823239BEBA01E05928@HC-MBX02.herefordshire.gov.uk> <472215D5.6020109@pacific.net> Message-ID: <47224913.5040908@nkpanama.com> Ken A wrote: > Randal, Phil wrote: >> Why the heck are end users installing software on their PCs? >> >> This is best dealt with by appropriate "conditions of use" policies >> backed up by management who are not scared to invoke disciplinary >> procedures. > > I'd love to slap our users around once in a while, but we're an ISP, so > they slap us around more often, but it does pay the bills. :-) > Ken But ISP's all over the world have "redirected" such "e-mails" to a special folder called /dev/null since the dawn of time! :-) > > >> >> Cheers, >> >> Phil >> >> -- >> Phil Randal >> Network Engineer >> Herefordshire Council >> Hereford, UK >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken A >>> Sent: 26 October 2007 15:35 >>> To: MailScanner discussion >>> Subject: Re: O.T. question - how to deal with choicemail c/r spam >>> >>> Hugo van der Kooij wrote: >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> Ken A wrote: >>>>> How do you all deal with this C/R stuff, when it's one of >>> your customers >>>>> using it? >>>>> >>>>> Choicemail is some kind of outlook plugin that bounces >>> back all mail - >>>>> doing the usual C/R thing - but directly from the MUA. >>>>> >>>>> I guess it's time to re-write the anti-spam policy one >>> more time to rule >>>>> out any kind of spam bouncing. >>>>> >>>>> How have you dealt with this? Do you filter outgoing mail >>> that is from >>>>> this sort of software (choicemail, mailwasher, etc..) ? >>>> MUA's are suposed to talk to the MTA's only. Anything else and the >>>> firewall gets real cranky. >>>> >>> good firewalls make good neighbors, yes.. I guess I didn't explain it >>> properly. choicemail is a plugin or add-on that simply auto-responds >>> to all email with a challenge that directs senders to a link on the >>> choicemail website. The mail goes out through the MTA (us). But this >>> this is a different architecture than other C/R systems that are >>> responsible for their own outgoing mail. Instead of a proxy, or a >>> separate MX that filters and does the C/R, WE ARE NOW sending this >>> junk out through our MTAs. >>> >>> So, we're putting a stop to it, but I just wondered if anyone out >>> there had experienced the crossfire of choicemail or other crapware >>> that auto bounces everything or nearly everything, and what you did >>> to deal with it. >>> >>> Ken >>> >>> >>>> Hugo. >>>> >>>> - -- >>>> hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ >>>> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc >>>> >>>> A: Yes. >>>> >Q: Are you sure? >>>> >>A: Because it reverses the logical flow of conversation. >>>> >>>Q: Why is top posting frowned upon? >>>> >>>> Bored? Click on http://spamornot.org/ and rate those images. >>>> >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: GnuPG v1.4.7 (GNU/Linux) >>>> >>>> iD8DBQFHIYAqBvzDRVjxmYERArZrAKCCBwVS26KkacGJxFcyE2xlLhk2qgCfTt0q >>>> 1NxQqWaSiobLFWn8n5s9s5g= >>>> =HrjW >>>> -----END PGP SIGNATURE----- >>> >>> -- >>> Ken Anderson >>> Pacific.Net >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! > > From ka at pacific.net Fri Oct 26 21:13:22 2007 From: ka at pacific.net (Ken A) Date: Fri Oct 26 21:13:26 2007 Subject: O.T. question - how to deal with choicemail c/r spam In-Reply-To: <47224913.5040908@nkpanama.com> References: <4720C5DE.402@pacific.net> <4721802B.8020606@vanderkooij.org> <4721FB1D.6080201@pacific.net> <7EF0EE5CB3B263488C8C18823239BEBA01E05928@HC-MBX02.herefordshire.gov.uk> <472215D5.6020109@pacific.net> <47224913.5040908@nkpanama.com> Message-ID: <47224A62.1070303@pacific.net> Alex Neuman van der Hans wrote: > Ken A wrote: >> Randal, Phil wrote: >>> Why the heck are end users installing software on their PCs? >>> >>> This is best dealt with by appropriate "conditions of use" policies >>> backed up by management who are not scared to invoke disciplinary >>> procedures. >> >> I'd love to slap our users around once in a while, but we're an ISP, >> so they slap us around more often, but it does pay the bills. :-) >> Ken > > But ISP's all over the world have "redirected" such "e-mails" to a > special folder called /dev/null since the dawn of time! :-) But my coworker Devlin Null would never cop to that on a public mailing list ;-) Ken >> >> >>> >>> Cheers, >>> >>> Phil >>> >>> -- >>> Phil Randal >>> Network Engineer >>> Herefordshire Council >>> Hereford, UK >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ken A >>>> Sent: 26 October 2007 15:35 >>>> To: MailScanner discussion >>>> Subject: Re: O.T. question - how to deal with choicemail c/r spam >>>> >>>> Hugo van der Kooij wrote: >>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>> Hash: SHA1 >>>>> >>>>> Ken A wrote: >>>>>> How do you all deal with this C/R stuff, when it's one of >>>> your customers >>>>>> using it? >>>>>> >>>>>> Choicemail is some kind of outlook plugin that bounces >>>> back all mail - >>>>>> doing the usual C/R thing - but directly from the MUA. >>>>>> >>>>>> I guess it's time to re-write the anti-spam policy one >>>> more time to rule >>>>>> out any kind of spam bouncing. >>>>>> >>>>>> How have you dealt with this? Do you filter outgoing mail >>>> that is from >>>>>> this sort of software (choicemail, mailwasher, etc..) ? >>>>> MUA's are suposed to talk to the MTA's only. Anything else and the >>>>> firewall gets real cranky. >>>>> >>>> good firewalls make good neighbors, yes.. I guess I didn't explain >>>> it properly. choicemail is a plugin or add-on that simply >>>> auto-responds to all email with a challenge that directs senders to >>>> a link on the choicemail website. The mail goes out through the MTA >>>> (us). But this this is a different architecture than other C/R >>>> systems that are responsible for their own outgoing mail. Instead of >>>> a proxy, or a separate MX that filters and does the C/R, WE ARE NOW >>>> sending this junk out through our MTAs. >>>> >>>> So, we're putting a stop to it, but I just wondered if anyone out >>>> there had experienced the crossfire of choicemail or other crapware >>>> that auto bounces everything or nearly everything, and what you did >>>> to deal with it. >>>> >>>> Ken >>>> >>>> >>>>> Hugo. >>>>> >>>>> - -- >>>>> hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ >>>>> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc >>>>> >>>>> A: Yes. >>>>> >Q: Are you sure? >>>>> >>A: Because it reverses the logical flow of conversation. >>>>> >>>Q: Why is top posting frowned upon? >>>>> >>>>> Bored? Click on http://spamornot.org/ and rate those images. >>>>> >>>>> -----BEGIN PGP SIGNATURE----- >>>>> Version: GnuPG v1.4.7 (GNU/Linux) >>>>> >>>>> iD8DBQFHIYAqBvzDRVjxmYERArZrAKCCBwVS26KkacGJxFcyE2xlLhk2qgCfTt0q >>>>> 1NxQqWaSiobLFWn8n5s9s5g= >>>>> =HrjW >>>>> -----END PGP SIGNATURE----- >>>> >>>> -- >>>> Ken Anderson >>>> Pacific.Net >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >> >> > -- Ken Anderson Pacific.Net From mikes at hartwellcorp.com Fri Oct 26 21:48:48 2007 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Fri Oct 26 23:00:44 2007 Subject: Deny host based on detected spam? Message-ID: <3BF93070B3D1B047BA7ABF612958950D018FBE8A@hcex.hartwellcorp.com> Is there a way to make an entry in the /etc/hosts.deny table based on reaching a specified threshold of spam activity? From ssilva at sgvwater.com Fri Oct 26 23:23:34 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Oct 26 23:23:45 2007 Subject: updates required for mailscanner.info/fsl.com? In-Reply-To: <223f97700710261020j35b9ac7t32b20898b78e0b7c@mail.gmail.com> References: <223f97700710261020j35b9ac7t32b20898b78e0b7c@mail.gmail.com> Message-ID: on 10/26/2007 10:20 AM Glenn Steen spake the following: > On 26/10/2007, Scott Silva wrote: >> on 10/26/2007 4:27 AM Martin.Hepworth spake the following: >>> Hmm should really be pointing at the wiki for the install guides... >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>>> bounces@lists.mailscanner.info] On Behalf Of Edward Prendergast >>>> Sent: 26 October 2007 12:22 >>>> To: mailscanner@lists.mailscanner.info >>>> Subject: updates required for mailscanner.info/fsl.com? >>>> >>>> Hi, >>>> >>>> >>>> >>>> There's a link here: http://www.mailscanner.info/install_guides.html >>>> >>>> >>>> >>>> To here: http://www.fsl.com/support/ (third link down) >>>> >>>> >>>> >>>> Which contains a number of dead links, such as: >>>> >>>> >>>> >>>> http://www.sng.ecs.soton.ac.uk/mailscanner/install/ >>>> >>>> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/1.html >>>> >>>> >>>> >>>> >>>> >>>> Just thought I'd ping the list in case the relevant people were looking at >>>> it. >>>> >>>> >>>> >> Steve S. or one of his evil minions are usually lurking around the list... ;-P >> > Evil minions? Would that be Satay and Steve F and .., Jules...? :-):-) > > Cheers This list seems too quiet with no evil bunny around! ;-D -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Fri Oct 26 23:30:01 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Oct 26 23:30:15 2007 Subject: Deny host based on detected spam? In-Reply-To: <3BF93070B3D1B047BA7ABF612958950D018FBE8A@hcex.hartwellcorp.com> References: <3BF93070B3D1B047BA7ABF612958950D018FBE8A@hcex.hartwellcorp.com> Message-ID: on 10/26/2007 1:48 PM Michael St. Laurent spake the following: > Is there a way to make an entry in the /etc/hosts.deny table based on > reaching a specified threshold of spam activity? Vispan will mod either the access file or iptables. http://www.while.org.uk/content/view/9/5/ -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ka at pacific.net Fri Oct 26 23:31:37 2007 From: ka at pacific.net (Ken A) Date: Fri Oct 26 23:31:40 2007 Subject: Deny host based on detected spam? In-Reply-To: <3BF93070B3D1B047BA7ABF612958950D018FBE8A@hcex.hartwellcorp.com> References: <3BF93070B3D1B047BA7ABF612958950D018FBE8A@hcex.hartwellcorp.com> Message-ID: <47226AC9.8030900@pacific.net> Michael St. Laurent wrote: > Is there a way to make an entry in the /etc/hosts.deny table based on > reaching a specified threshold of spam activity? check out http://ossec.net IDS. It supports MailScanner and does active response to block connections with hosts.deny table entries, or firewall rules, or both. It'll also block based on a lot of other email metrics. Ken -- Ken Anderson Pacific.Net From glenn.steen at gmail.com Sat Oct 27 08:05:31 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Oct 27 08:05:34 2007 Subject: updates required for mailscanner.info/fsl.com? In-Reply-To: References: <223f97700710261020j35b9ac7t32b20898b78e0b7c@mail.gmail.com> Message-ID: <223f97700710270005r734321f4ya041613666ef1249@mail.gmail.com> On 27/10/2007, Scott Silva wrote: > on 10/26/2007 10:20 AM Glenn Steen spake the following: > > On 26/10/2007, Scott Silva wrote: > >> on 10/26/2007 4:27 AM Martin.Hepworth spake the following: > >>> Hmm should really be pointing at the wiki for the install guides... > >>> > >>> -- > >>> Martin Hepworth > >>> Snr Systems Administrator > >>> Solid State Logic > >>> Tel: +44 (0)1865 842300 > >>> > >>>> -----Original Message----- > >>>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >>>> bounces@lists.mailscanner.info] On Behalf Of Edward Prendergast > >>>> Sent: 26 October 2007 12:22 > >>>> To: mailscanner@lists.mailscanner.info > >>>> Subject: updates required for mailscanner.info/fsl.com? > >>>> > >>>> Hi, > >>>> > >>>> > >>>> > >>>> There's a link here: http://www.mailscanner.info/install_guides.html > >>>> > >>>> > >>>> > >>>> To here: http://www.fsl.com/support/ (third link down) > >>>> > >>>> > >>>> > >>>> Which contains a number of dead links, such as: > >>>> > >>>> > >>>> > >>>> http://www.sng.ecs.soton.ac.uk/mailscanner/install/ > >>>> > >>>> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/1.html > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> Just thought I'd ping the list in case the relevant people were looking at > >>>> it. > >>>> > >>>> > >>>> > >> Steve S. or one of his evil minions are usually lurking around the list... ;-P > >> > > Evil minions? Would that be Satay and Steve F and .., Jules...? :-):-) > > > > Cheers > This list seems too quiet with no evil bunny around! ;-D Yeah, I know... I hear from Noel (Res) from time to time... Still the same ol' nice guy with the same "rough exterior"....:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From hvdkooij at vanderkooij.org Sat Oct 27 09:52:31 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Oct 27 09:52:43 2007 Subject: Deny host based on detected spam? In-Reply-To: <3BF93070B3D1B047BA7ABF612958950D018FBE8A@hcex.hartwellcorp.com> References: <3BF93070B3D1B047BA7ABF612958950D018FBE8A@hcex.hartwellcorp.com> Message-ID: <4722FC4F.8080202@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael St. Laurent wrote: > Is there a way to make an entry in the /etc/hosts.deny table based on > reaching a specified threshold of spam activity? If you deny the TCP connection there is a reasonable change the system will go to your fallback MX. Only stop them at TCP level if they use 100s of TCP connections at the same time. In other cases reject them a the SMTP level. Hugo - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD4DBQFHIvxNBvzDRVjxmYERAo9cAJdXsG31FCAyP7UxNoiZyAJgv0HHAKCU7pcx m26Fe/NwPaXlFSybkkjefg== =TrFW -----END PGP SIGNATURE----- From micoots at yahoo.com Sun Oct 28 00:25:25 2007 From: micoots at yahoo.com (Michael Mansour) Date: Sun Oct 28 00:25:28 2007 Subject: Increase score for an RBL hit Message-ID: <396141.38380.qm@web33315.mail.mud.yahoo.com> Hi, I just started using the APEWS RBL and got some hits on it for IP ranges from some well known Australian ISP's (which some of my friends and family use). Because their emails got hit in that RBL, then they were blocked. Is there a way I can configure that a hit in an RBL increases the SA score instead of blocking the email entirely? Thanks. Michael. --------------------------------- Sick of deleting your inbox? Yahoo!7 Mail has free unlimited storage. Get it now. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071028/cda7db9c/attachment.html From shuttlebox at gmail.com Sun Oct 28 01:04:13 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Sun Oct 28 01:04:15 2007 Subject: Increase score for an RBL hit In-Reply-To: <396141.38380.qm@web33315.mail.mud.yahoo.com> References: <396141.38380.qm@web33315.mail.mud.yahoo.com> Message-ID: <625385e30710271804t1ecc686dp47c2b27b30b08442@mail.gmail.com> On 10/28/07, Michael Mansour wrote: > Is there a way I can configure that a hit in an RBL increases the SA score > instead of blocking the email entirely? In MTA:s one RBL hit is enough to block a message, in MS you can define how many hits it takes to block a message. You don't want to use either of those methods but to define a rule in SA instead. Look at the rules for other RBL:s like SpamCop and make your own for APEWS. -- /peter From lists at sequestered.net Sun Oct 28 05:44:37 2007 From: lists at sequestered.net (Jay Chandler) Date: Sun Oct 28 05:44:40 2007 Subject: Increase score for an RBL hit In-Reply-To: <396141.38380.qm@web33315.mail.mud.yahoo.com> References: <396141.38380.qm@web33315.mail.mud.yahoo.com> Message-ID: <472421C5.8060104@sequestered.net> Michael Mansour wrote: > Hi, > > I just started using the APEWS RBL and got some hits on it for IP ranges from some well known Australian ISP's (which some of my friends and family use). > > Because their emails got hit in that RBL, then they were blocked. > > Is there a way I can configure that a hit in an RBL increases the SA score instead of blocking the email entirely? > > Thanks. > > Michael. > > > > --------------------------------- > Sick of deleting your inbox? Yahoo!7 Mail has free unlimited storage. Get it now. > For the record, APEWS isn't a great list to use for a number of reasons. I hate spam with a passion, but wouldn't dream of using APEWS for anything even approaching a serious production system. They block something like 38% of all netspace, or did a couple months back... -- Jay Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: network packets travelling uphill (use a carrier pigeon) From raymond at prolocation.net Sun Oct 28 10:03:06 2007 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Sun Oct 28 10:03:06 2007 Subject: Increase score for an RBL hit In-Reply-To: <396141.38380.qm@web33315.mail.mud.yahoo.com> References: <396141.38380.qm@web33315.mail.mud.yahoo.com> Message-ID: Hi! > I just started using the APEWS RBL and got some hits on it for IP > ranges from some well known Australian ISP's (which some of my friends > and family use). You are seriously -using- APEWS? Eeks. I would stronly advise not to even consider using that list. > Is there a way I can configure that a hit in an RBL increases the SA > score instead of blocking the email entirely? Just add it in SA , if you wanna use it. Bye, Raymond. From micoots at yahoo.com Sun Oct 28 13:49:22 2007 From: micoots at yahoo.com (Michael Mansour) Date: Sun Oct 28 13:49:36 2007 Subject: Increase score for an RBL hit In-Reply-To: Message-ID: <605764.10957.qm@web33305.mail.mud.yahoo.com> Hi, Raymond Dijkxhoorn wrote: Hi! > I just started using the APEWS RBL and got some hits on it for IP > ranges from some well known Australian ISP's (which some of my friends > and family use). You are seriously -using- APEWS? Eeks. I would stronly advise not to even consider using that list. > Is there a way I can configure that a hit in an RBL increases the SA > score instead of blocking the email entirely? Just add it in SA , if you wanna use it. Forgive me for asking a possibly very simple question, but how do I add an RBL to SA? I've previously gone through: http://wiki.apache.org/spamassassin/DnsBlocklists and the Mail::SpamAssassin::Conf documentation and it isn't really covered well (or covered so it's simple to understand). I've gone through the: /usr/share/spamassassin/20_dnsbl_tests.cf file and also my local.cf. I'm thinking if I defined in my local.cf the following (for arguments sake I'll stick with APEWS): header RCVD_IN_APEWSL2 eval:check_rbl('apewsl2', 'l2.apews.org.') describe RCVD_IN_APEWSL2 APEWSL2 some description tflags RCVD_IN_APEWSL2 net score RCVD_IN_APEWSL2 2.0 ?? Thanks again. Michael. Bye, Raymond. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! --------------------------------- Sick of deleting your inbox? Yahoo!7 Mail has free unlimited storage. Get it now. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071029/eacf2884/attachment.html From MailScanner at ecs.soton.ac.uk Sun Oct 28 21:58:22 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Oct 28 21:59:00 2007 Subject: MailScanner Digest, Vol 22, Issue 36 In-Reply-To: <471A274D.9050904@vanderkooij.org> References: <200710201100.l9KB0CVW029208@safir.blacknight.ie> <1B74CA8F7AB18445B7355100411C4E192F36325979@edenusa.ehads.edenhosting.net> <223f97700710200811g287f7493jc21d74b5d85aa3ef@mail.gmail.com> <471A274D.9050904@vanderkooij.org> Message-ID: <472505FE.3050109@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Can you tell me how? I'm a user of mailman and a list owner, I don't run the installation. Michele and his crew over at Blacknight do all that for me. Hugo van der Kooij wrote: > Glenn Steen wrote: >> On 20/10/2007, Bjorgen T. Eatinger >> wrote: >>> This mailing list is almost completely worthless, since it > repeats everything over and over and over. Can you PLEASE upgrade > to better list software? >>> >>> Bjorgen >>> >> (snip) What on earth (or perhaps .....:-) are you talking about? >> The disgest just "chunks" things together, yes. And peaple tend >> to not trim that well... You especially .... If you find that a >> problem, hy then just subscribe tho the list proper, not the >> digest. > > Jules: I would recommend to put a filter on the mailinglist so > anyone sending a message with the MailScanner Digest indication on > the subject line is blocked or at least held for moderation? To the > best of my knowledge that should be peanuts with mailman. > > Hugo. > Jules - -- Julian Field MBCS CITP jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJQX+EfZZRxQVtlQRAjbAAJ4qLmLXfcT8sBol0C3XUvvt5l+lOwCg2PvD TzjOYRONiL8TODX5S8ttEy4= =EWUs -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Sun Oct 28 22:01:01 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Oct 28 22:01:26 2007 Subject: Problem with Hebrew filenames In-Reply-To: <00ac01c814a8$aa46ff60$0200000a@dell> References: <00ac01c814a8$aa46ff60$0200000a@dell> Message-ID: <4725069D.4050604@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Edit the filename.rules.conf and change the rule that makes this trap, and multiply the number in it by 3 to allow for 3 ascii characters per hebrew character. Arthur Sherman wrote: > Although Hebrew is allowed in conf, MS blocks legit, quite short > filenames: > > Report: MailScanner: Very long filenames are good signs of attacks > against Microsoft e-mail packages (%E4%F9%E5%F4%E8%FA > %F9%EE%EE%F9%E9%EB%E4.doc) > > How can I fix this? > > TIA! > > Arthur > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJQadEfZZRxQVtlQRAm58AJ0YdrveDMxJNqvFoVtXsFaSONCagQCg7wcA F98cVbF4Qhv6nNv9y1kmHMU= =VGMI -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Sun Oct 28 22:01:16 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Oct 28 22:01:34 2007 Subject: Bad Link In-Reply-To: <22710388.3631192816051529.JavaMail.root@office.splatnix.net> References: <22710388.3631192816051529.JavaMail.root@office.splatnix.net> Message-ID: <472506AC.1010004@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fixed. UxBoD wrote: > Jules, > > The link to your book on the documentation page comes back with :- > > CafePress.com Product Not Found > > > Regards, > > --[ UxBoD ]-- // PGP Key: "curl -s > https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: > C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: > www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP > Phone: uxbod@sip.splatnix.net > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJQarEfZZRxQVtlQRAm6uAKDLS5QdzTXvuwGZ8pVUzn80CWS93ACeKch7 moO64ozlkFNVLwQgwRia4Ek= =uo6Y -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Sun Oct 28 22:02:52 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Oct 28 22:03:08 2007 Subject: Very long filenames In-Reply-To: <00d301c814be$77359080$0200000a@dell> References: <00d301c814be$77359080$0200000a@dell> Message-ID: <4725070C.4000709@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It always shows a "sanitised" version of the filename, which will be shorter than the original if it was very long. I never put the original, potentially nasty, filename in a report out to the users. The original filename will have been a lot longer than this. Arthur Sherman wrote: > Is this considered a long filename? > > Report: MailScanner: Very long filenames are good signs of attacks > against Microsoft e-mail packages (B_17PCs9ezwrPX.wmv) > > Thanks! > > Arthur > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJQcLEfZZRxQVtlQRAg3EAKCQ1WNZ4QuXPPust1u3L+pp0SqSyACg8k6R FzrBnpKKt0d16YIkVeKULzg= =LHPV -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Sun Oct 28 22:29:06 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Oct 28 22:29:22 2007 Subject: Disable MCP notification based on SA rule hit In-Reply-To: <67a55ed50710231150l125d8526x94cfe2666dbfe6fc@mail.gmail.com> References: <67a55ed50710231150l125d8526x94cfe2666dbfe6fc@mail.gmail.com> Message-ID: <47250D32.4070902@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave Jones wrote: > We have MCP working properly to check some basic profanity in email > and notify without delivery. Now I have a need to check for some > keywords in the subject or body then not deliver or notify. Can > this be done with a rules file? I only see some keywords like > "From:", "To:", and "Virus:" for the rules and I think I would need > something like "Rule:" with the desired SA rule as an argument. > > It looks like the "SpamAssassin Rule Actions =" is designed for > this in the non-MCP run of SA. Is there an equivalent in the MCP > section toward the bottom on the MailScanner.conf? No there isn't an equivalent for the MCP section, but I don't see the need for one. Just write some SpamAssassin rules with a 0.01 score and use things like SpamAssassin Rule Actions = MY_RULE_1=>notdeliver,notnotify, MY_RULE_2=>notdeliver and stuff like that. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJQ0yEfZZRxQVtlQRAlhAAJ9or3zuORZIsKIhDHmXds1Yii1ECQCeJKOi axcFDqbDY10HinNZkmCBL6s= =mgK2 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Sun Oct 28 22:45:34 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Oct 28 22:45:52 2007 Subject: Mandriva 2007 Mailscanner installation error In-Reply-To: <223f97700710250155r2eab02b9nd5ff13211c4a0010@mail.gmail.com> References: <006001c816d6$b55220d0$0a02a8c0@gordon> <223f97700710250151k6dcb7641ia719ce71c1a015dd@mail.gmail.com> <223f97700710250155r2eab02b9nd5ff13211c4a0010@mail.gmail.com> Message-ID: <4725110E.1010304@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Done. It will be in the next release. Glenn Steen wrote: > On 25/10/2007, Glenn Steen wrote: (snip) > Replying to myself, just proving that I'm still using Postfix:-):-) > >> # rpm -qf /usr/src/RPM filen /usr/src/RPM tillh??r inget paket > For those of you who aren't native to Swedish, or perhaps don't > like mangled utf.... The string "filen /usr/src/RPM tillh?r inget > paket" would loosely translate to "the file /usr/src/RPM isn't part > of any package"...:-) > > Cheers Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJREOEfZZRxQVtlQRAol5AJ9tAXkpzhZme7yVKOoTRi7VyTwIQQCfdSRq QUreNOMvgII17OXAQT7wUvk= =SGQr -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Sun Oct 28 22:51:43 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Oct 28 22:51:59 2007 Subject: http://www.mailscanner.eu/phishing.bad.sites.conf.master disappeared In-Reply-To: <822c98cee600e0419c5a7a8b54cc3a2d@solidstatelogic.com> References: <822c98cee600e0419c5a7a8b54cc3a2d@solidstatelogic.com> Message-ID: <4725127F.1000802@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Our webserver is having trouble. The version of the file you have now will do you for a while. Is it back up and running now? It's working for me. Martin.Hepworth wrote: > Jules > > Not sure if you're about, but above link doesn't work. Can't seem > to get to domain name??? > > -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: > +44 (0)1865 842300 > > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for > the addressee only and may be confidential. If they come to you in > error you must take no action based on them, nor must you copy or > show them to anyone. Please advise the sender by replying to this > e-mail immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those > of the author and unless specifically stated to the contrary, are > not necessarily those of the author's employer. Security Warning : > Internet e-mail is not necessarily a secure communications medium > and can be subject to data corruption. We advise that you consider > this fact when e-mailing us. Viruses : We have taken steps to > ensure that this e-mail and any attachments are free from known > viruses but in keeping with good computing practice, you should > ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic Registered as a limited > company in England and Wales (Company No:5362730) Registered > Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United > Kingdom > ********************************************************************** > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJRJ/EfZZRxQVtlQRAmBsAJ9EFRrnFyNi59tLQk5JRxGUKi8u0gCgqOJn KysqjAojb8EO8hMEf5MjKkc= =HTWx -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From hvdkooij at vanderkooij.org Sun Oct 28 22:54:38 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Oct 28 22:54:32 2007 Subject: MailScanner Digest, Vol 22, Issue 36 In-Reply-To: <472505FE.3050109@ecs.soton.ac.uk> References: <200710201100.l9KB0CVW029208@safir.blacknight.ie> <1B74CA8F7AB18445B7355100411C4E192F36325979@edenusa.ehads.edenhosting.net> <223f97700710200811g287f7493jc21d74b5d85aa3ef@mail.gmail.com> <471A274D.9050904@vanderkooij.org> <472505FE.3050109@ecs.soton.ac.uk> Message-ID: <4725132E.7030100@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > Can you tell me how? I'm a user of mailman and a list owner, I don't > run the installation. Michele and his crew over at Blacknight do all > that for me. Login as admin/owner to the list (webbased) ==> Privacy options ==> Spam filters I think the regular expressions should be peanuts for you ;-) Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHJRMsBvzDRVjxmYERArTMAKCtx5Dt/vtMDCA8eSRQQFhbh/XFegCdECVV HNzSlXsNfw/q+U3191y+Jhs= =vxkN -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Sun Oct 28 23:15:50 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Oct 28 23:15:53 2007 Subject: Spam from "spam protected" sites Message-ID: <47251826.9070500@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I seem to find that quite a few samples of spam I get are from sites which seem to indicate they fight spam. But from the other headers I have strong doubts they do a good job at all. This one was from an abused script from the looks of it. > Return-Path: > X-Original-To: hugo@vanderkooij.org > Delivered-To: hugo@vanderkooij.org > Received: from titanium.dnsprotect.com (titanium.dnsprotect.com [72.9.235.98]) > by balin.waakhond.net (Postfix) with ESMTP id B104C17E90BC > for ; Sun, 28 Oct 2007 23:05:47 +0100 (CET) > Received: from [127.0.0.1] (helo=localhost) > by titanium.dnsprotect.com with esmtpa (Exim 4.68) > (envelope-from ) > id 1ImFw6-0007IW-DS; Sun, 28 Oct 2007 17:44:46 -0400 > Received: from 38.99.101.133 ([38.99.101.133]) by www.ktharos.com (Horde > MIME library) with HTTP; Sun, 28 Oct 2007 17:44:44 -0400 > Message-ID: <20071028174444.jbrc4fj2yooo80wg@www.ktharos.com> > Date: Sun, 28 Oct 2007 17:44:44 -0400 > From: McLean Peters > Reply-to: mcpeters@pc.nu > To: undisclosed-recipients:; > Subject: [SPAM] Re: Request For Investment > MIME-Version: 1.0 > Content-Type: text/plain; > charset=ISO-8859-1; > DelSp="Yes"; > format="flowed" > Content-Disposition: inline > Content-Transfer-Encoding: 7bit > User-Agent: Internet Messaging Program (IMP) H3 (4.1.3) > X-AntiAbuse: This header was added to track abuse, please include it with any abuse report > X-AntiAbuse: Primary Hostname - titanium.dnsprotect.com > X-AntiAbuse: Original Domain - vanderkooij.org > X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] > X-AntiAbuse: Sender Address Domain - gala.net > X-Source: > X-Source-Args: > X-Source-Dir: Any thoughts on the subject? Hugo. PS: Did anyone ever write a SA rule to give points where the From: and Reply-To: domains differ? - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHJRgjBvzDRVjxmYERAsMJAJ9iyO072ADbxsvQ20AJjiPtTQbPiACdFPJ+ f++A/m+zpzQPzQ4xOIxwLg8= =r7Sz -----END PGP SIGNATURE----- From blazek at lake-coe.k12.ca.us Mon Oct 29 05:55:49 2007 From: blazek at lake-coe.k12.ca.us (Blaze King) Date: Mon Oct 29 05:54:25 2007 Subject: Too many attachements / e-mail bouncing? Message-ID: Ok I've searched a bit, but can't find exactly why this is happening. I have a user that frequently gets blocked by mailscanner for this reason: "Too many attachments in message". Thing is, they have only a few attachments, but here's what the log says: Oct 28 09:16:54 mail MailScanner[8054]: Too many attachments (299) in l9SGGbLU015119 If I view the message (in MailWatch or cat the file directly), it appears that the message repeats over and over again. The message is sent using Squirrelmail, and MailScanner 4.64.1. This occurs for the user when sending messages to the same domain (same server), and to outside (Earthlink) e-mail servers. I can't find a problem in the message headers, and I'm not sure where else to look Any ideas? Thanks! Blaze King Lake County Office of Education (707) 262-4147 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071028/f28a4740/attachment.html From hvdkooij at vanderkooij.org Mon Oct 29 06:25:29 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Oct 29 06:25:29 2007 Subject: Too many attachements / e-mail bouncing? In-Reply-To: References: Message-ID: <47257CD9.5080003@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Blaze King wrote: > Ok I've searched a bit, but can't find exactly why this is happening. I > have a user that frequently gets blocked by mailscanner for this > reason: "Too many attachments in message". Thing is, they have only a > few attachments, but here's what the log says: > > Oct 28 09:16:54 mail MailScanner[8054]: Too many attachments (299) in > l9SGGbLU015119 > > If I view the message (in MailWatch or cat the file directly), it > appears that the message repeats over and over again. The message is > sent using Squirrelmail, and MailScanner 4.64.1. This occurs for the > user when sending messages to the same domain (same server), and to > outside (Earthlink) e-mail servers. I can't find a problem in the > message headers, and I'm not sure where else to look Any ideas? Thanks! It seems to me you need to raise this to the faulty software mailinglist. In this case it seems squirrelmail is the culprit. But I must admit we use Squirrelmail for a few family members and no one reported this issue. So I guess it related to the way you handle your total setup that results in these messages. With the current (lack of) information there is very little to investigate. Check logs, show the message in full, ..... Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHJXzXBvzDRVjxmYERAqFCAKCGkYB1PR3HL4nfufjj602yJMI50QCdHcrC CJb932iacJw0mUqCSjmZmao= =E4yA -----END PGP SIGNATURE----- From chris at clh.org.uk Mon Oct 29 07:03:21 2007 From: chris at clh.org.uk (Chris Hardy) Date: Mon Oct 29 07:04:34 2007 Subject: Mandriva 2007 Mailscanner installation error In-Reply-To: <4725110E.1010304@ecs.soton.ac.uk> References: <006001c816d6$b55220d0$0a02a8c0@gordon> <223f97700710250151k6dcb7641ia719ce71c1a015dd@mail.gmail.com> <223f97700710250155r2eab02b9nd5ff13211c4a0010@mail.gmail.com> <4725110E.1010304@ecs.soton.ac.uk> Message-ID: <472585B9.9050604@clh.org.uk> as an addition to Mandriva issues - mandriva installs /usr/src/rpm - MailScanner want /usr/src/RPM I have to put a soft link between the two ln -s rpm RPM for it to work happily :) I can confirm this is the case in both 2007 and 2008 - can't remember for 2006 :) Chris Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Done. It will be in the next release. > > Glenn Steen wrote: > >> On 25/10/2007, Glenn Steen wrote: (snip) >> Replying to myself, just proving that I'm still using Postfix:-):-) >> >> >>> # rpm -qf /usr/src/RPM filen /usr/src/RPM tillh??r inget paket >>> >> For those of you who aren't native to Swedish, or perhaps don't >> like mangled utf.... The string "filen /usr/src/RPM tillh?r inget >> paket" would loosely translate to "the file /usr/src/RPM isn't part >> of any package"...:-) >> >> Cheers >> > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFHJREOEfZZRxQVtlQRAol5AJ9tAXkpzhZme7yVKOoTRi7VyTwIQQCfdSRq > QUreNOMvgII17OXAQT7wUvk= > =SGQr > -----END PGP SIGNATURE----- > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From J.Ede at birchenallhowden.co.uk Mon Oct 29 07:43:03 2007 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Mon Oct 29 07:43:46 2007 Subject: Very long filenames Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C0A3E5037@server02.bhl.local> Is it worth putting that the filename has been sanitised/shortened on the report then to stop the confusion? Or something like 'original length XXX characters'? -----Original Message----- From: Julian Field Sent: 28 October 2007 22:20 To: MailScanner discussion Subject: Re: Very long filenames -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It always shows a "sanitised" version of the filename, which will be shorter than the original if it was very long. I never put the original, potentially nasty, filename in a report out to the users. The original filename will have been a lot longer than this. Arthur Sherman wrote: > Is this considered a long filename? > > Report: MailScanner: Very long filenames are good signs of attacks > against Microsoft e-mail packages (B_17PCs9ezwrPX.wmv) > > Thanks! > > Arthur > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJQcLEfZZRxQVtlQRAg3EAKCQ1WNZ4QuXPPust1u3L+pp0SqSyACg8k6R FzrBnpKKt0d16YIkVeKULzg= =LHPV -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From shuttlebox at gmail.com Mon Oct 29 08:09:53 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Oct 29 08:10:13 2007 Subject: Very long filenames In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C0A3E5037@server02.bhl.local> References: <4CAB0118AEC63A4FAAE77E6BCBDF760C0A3E5037@server02.bhl.local> Message-ID: <625385e30710290109g35027c77m3aeaa7045c07e8e5@mail.gmail.com> On 10/29/07, Jason Ede wrote: > Is it worth putting that the filename has been sanitised/shortened on the report then to stop the confusion? Or something like 'original length XXX characters'? Wouldn't be much protection if the original name was used. ;-) You could add something like "(original name longer than 150 characters)" somewhere in the string. I did that and no more questions about that. -- /peter From lists at sequestered.net Mon Oct 29 08:47:26 2007 From: lists at sequestered.net (Jay Chandler) Date: Mon Oct 29 08:47:29 2007 Subject: Too many attachements / e-mail bouncing? In-Reply-To: References: Message-ID: <47259E1E.8070300@sequestered.net> Blaze King wrote: > Ok I've searched a bit, but can't find exactly why this is happening. I have a user that frequently gets blocked by mailscanner for this reason: "Too many attachments in message". Thing is, they have only a few attachments, but here's what the log says: > > Oct 28 09:16:54 mail MailScanner[8054]: Too many attachments (299) in l9SGGbLU015119 > > If I view the message (in MailWatch or cat the file directly), it appears that the message repeats over and over again. The message is sent using Squirrelmail, and MailScanner 4.64.1. This occurs for the user when sending messages to the same domain (same server), and to outside (Earthlink) e-mail servers. I can't find a problem in the message headers, and I'm not sure where else to look Any ideas? Thanks! > > Blaze King > Lake County Office of Education > (707) 262-4147 > > I seem to recall a similar issue back when we were running a particular version of ClamAV that was soon patched to fix this. Can you verify that you're running the latest ClamAV (or not running it at all, as the case may be!)? -- Jay Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: Domain controller not responding From martinh at solidstatelogic.com Mon Oct 29 09:27:08 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Oct 29 09:27:13 2007 Subject: http://www.mailscanner.eu/phishing.bad.sites.conf.master disappeared In-Reply-To: <4725127F.1000802@ecs.soton.ac.uk> Message-ID: <59babd95b7f2da4ca01347013e099c3e@solidstatelogic.com> Julian After been out for most of the weekend it does indeed seem to have started working Sunday evening (uk time). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 28 October 2007 22:52 > To: MailScanner discussion > Subject: Re: http://www.mailscanner.eu/phishing.bad.sites.conf.master > disappeared > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Our webserver is having trouble. The version of the file you have now > will do you for a while. Is it back up and running now? It's working > for me. > > Martin.Hepworth wrote: > > Jules > > > > Not sure if you're about, but above link doesn't work. Can't seem > > to get to domain name??? > > > > -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: > > +44 (0)1865 842300 > > > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are intended for > > the addressee only and may be confidential. If they come to you in > > error you must take no action based on them, nor must you copy or > > show them to anyone. Please advise the sender by replying to this > > e-mail immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those > > of the author and unless specifically stated to the contrary, are > > not necessarily those of the author's employer. Security Warning : > > Internet e-mail is not necessarily a secure communications medium > > and can be subject to data corruption. We advise that you consider > > this fact when e-mailing us. Viruses : We have taken steps to > > ensure that this e-mail and any attachments are free from known > > viruses but in keeping with good computing practice, you should > > ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic Registered as a limited > > company in England and Wales (Company No:5362730) Registered > > Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United > > Kingdom > > ********************************************************************** > > > > > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFHJRJ/EfZZRxQVtlQRAmBsAJ9EFRrnFyNi59tLQk5JRxGUKi8u0gCgqOJn > KysqjAojb8EO8hMEf5MjKkc= > =HTWx > -----END PGP SIGNATURE----- > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From glenn.steen at gmail.com Mon Oct 29 09:46:23 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Oct 29 09:46:27 2007 Subject: Mandriva 2007 Mailscanner installation error In-Reply-To: <472585B9.9050604@clh.org.uk> References: <006001c816d6$b55220d0$0a02a8c0@gordon> <223f97700710250151k6dcb7641ia719ce71c1a015dd@mail.gmail.com> <223f97700710250155r2eab02b9nd5ff13211c4a0010@mail.gmail.com> <4725110E.1010304@ecs.soton.ac.uk> <472585B9.9050604@clh.org.uk> Message-ID: <223f97700710290246y2357ba37ka3c18ba292899ec4@mail.gmail.com> On 29/10/2007, Chris Hardy wrote: > as an addition to Mandriva issues - mandriva installs /usr/src/rpm - "> MailScanner want /usr/src/RPM > > I have to put a soft link between the two ln -s rpm RPM for it to work > happily :) > > I can confirm this is the case in both 2007 and 2008 - can't remember > for 2006 :) IIRC -06 didn't have that issue. -- Glenn > Chris > > Julian Field wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Done. It will be in the next release. > > > > Glenn Steen wrote: > > > >> On 25/10/2007, Glenn Steen wrote: (snip) > >> Replying to myself, just proving that I'm still using Postfix:-):-) > >> > >> > >>> # rpm -qf /usr/src/RPM filen /usr/src/RPM tillh??r inget paket > >>> > >> For those of you who aren't native to Swedish, or perhaps don't > >> like mangled utf.... The string "filen /usr/src/RPM tillh?r inget > >> paket" would loosely translate to "the file /usr/src/RPM isn't part > >> of any package"...:-) > >> > >> Cheers > >> > > > > Jules > > > > - -- > > Julian Field MEng CITP > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > MailScanner customisation, or any advanced system administration help? > > Contact me at Jules@Jules.FM > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > For all your IT requirements visit www.transtec.co.uk > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.7 (Darwin) > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > > > iD8DBQFHJREOEfZZRxQVtlQRAol5AJ9tAXkpzhZme7yVKOoTRi7VyTwIQQCfdSRq > > QUreNOMvgII17OXAQT7wUvk= > > =SGQr > > -----END PGP SIGNATURE----- > > > > > > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Mon Oct 29 12:03:08 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Oct 29 12:03:28 2007 Subject: MailScanner Digest, Vol 22, Issue 36 In-Reply-To: <4725132E.7030100@vanderkooij.org> References: <200710201100.l9KB0CVW029208@safir.blacknight.ie> <1B74CA8F7AB18445B7355100411C4E192F36325979@edenusa.ehads.edenhosting.net> <223f97700710200811g287f7493jc21d74b5d85aa3ef@mail.gmail.com> <471A274D.9050904@vanderkooij.org> <472505FE.3050109@ecs.soton.ac.uk> <4725132E.7030100@vanderkooij.org> Message-ID: <4725CBFC.5070508@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Let's see if I've got it right. Hugo van der Kooij wrote: > Julian Field wrote: >> Can you tell me how? I'm a user of mailman and a list owner, I >> don't run the installation. Michele and his crew over at >> Blacknight do all that for me. > > Login as admin/owner to the list (webbased) ==> Privacy options ==> > Spam filters > > I think the regular expressions should be peanuts for you ;-) > > Hugo. > Jules - -- Julian Field MBCS CITP jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJcv8EfZZRxQVtlQRAkz2AJ97sR2+5MPMp8blHEZTbUmu5ZKO9gCgyXix 15uz4gUq59WQGRTfHu+uHew= =hdCm -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From blazek at lake-coe.k12.ca.us Mon Oct 29 15:27:18 2007 From: blazek at lake-coe.k12.ca.us (Blaze King) Date: Mon Oct 29 15:25:51 2007 Subject: Too many attachements / e-mail bouncing? In-Reply-To: <47259E1E.8070300@sequestered.net> References: <47259E1E.8070300@sequestered.net> Message-ID: Thanks for the responses; forgot to mention a couple of things... We're running Sendmail 8.13.8, the ClamAV that came with Julian's script (0.91.2), and SquirrelMail 1.4.8. And I'd like to post the entire message details, but because of all the bounces, these messages are >10MB. Here's the header info with a few details removed: Return-Path: Received: from mail.lake-coe.k12.ca.us (mail.lake-coe.k12.ca.us [127.0.0.1]) by mail.lake-coe.k12.ca.us (8.13.8/8.13.8) with ESMTP id l9SGHS4j015210 for <(removed)>; Sun, 28 Oct 2007 09:17:28 -0700 Full-Name: (removed) Received: (from apache@localhost) by mail.lake-coe.k12.ca.us (8.13.8/8.12.11/Submit) id l9SGHP58015208; Sun, 28 Oct 2007 09:17:25 -0700 X-Authentication-Warning: mail.lake-coe.k12.ca.us: apache set sender to (removed) using -f Received: from (removed) (SquirrelMail authenticated user (removed)) by mail.lake-coe.k12.ca.us with HTTP; Sun, 28 Oct 2007 09:17:25 -0700 (PDT) Message-ID: <4867.12.202.54.169.1193588245.squirrel@mail.lake-coe.k12.ca.us> Date: Sun, 28 Oct 2007 09:17:25 -0700 (PDT) Subject: [Fwd: Power and telcom meeting] From: "(removed)" <(removed)> To: (removed) User-Agent: SquirrelMail/1.4.8 MIME-Version: 1.0 Content-Type: multipart/mixed;boundary="----=_20071028091725_44518" X-Priority: 1 (Highest) Importance: High Blaze King -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jay Chandler Sent: Monday, October 29, 2007 1:47 AM To: MailScanner discussion Subject: Re: Too many attachements / e-mail bouncing? Blaze King wrote: > Ok I've searched a bit, but can't find exactly why this is happening. I have a user that frequently gets blocked by mailscanner for this reason: "Too many attachments in message". Thing is, they have only a few attachments, but here's what the log says: > > Oct 28 09:16:54 mail MailScanner[8054]: Too many attachments (299) in l9SGGbLU015119 > > If I view the message (in MailWatch or cat the file directly), it appears that the message repeats over and over again. The message is sent using Squirrelmail, and MailScanner 4.64.1. This occurs for the user when sending messages to the same domain (same server), and to outside (Earthlink) e-mail servers. I can't find a problem in the message headers, and I'm not sure where else to look Any ideas? Thanks! > > Blaze King > Lake County Office of Education > (707) 262-4147 > > I seem to recall a similar issue back when we were running a particular version of ClamAV that was soon patched to fix this. Can you verify that you're running the latest ClamAV (or not running it at all, as the case may be!)? -- Jay Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: Domain controller not responding -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From remeryspam at cfl.rr.com Mon Oct 29 15:36:10 2007 From: remeryspam at cfl.rr.com (remeryspam@cfl.rr.com) Date: Mon Oct 29 15:36:12 2007 Subject: Error after postfix upgrade Message-ID: <456653.558141193672170178.JavaMail.root@cdptpa-web12-z01> I have been running an Ubuntu 6.06 LTS server for the past 6 months with postfix and mailscanner installed from the repositories. Everything has been working great! Yesterday, I ran the updates on the server, which updated postfix from 2.2.10-1ubuntu0.1 to 2.4.5-3build1~dapper1 (mailscanner is at 4.46.2-3). After the update, mail wasn't being delivered and I noticed this message in the logs every time mailscanner runs: postfix: Process did not exit cleanly, returned 255 with signal 0 If I run postfix without mailscanner, it runs without logging errors. I switched mailscanner to run with debug = yes, and ran check_mailscanner, and got this message: Can't call method "DropFromBatch" on unblessed reference at /usr/share/MailScanner/MailScanner/Postfix.pm line 332. The code there is: # If the data offset is 0 then Postfix definitely hasn't finished # writing the message. unless ($DataOffset+0 > 10) { # 10 == arbitrarily small number $message->DropFromBatch(); return 0; } I am a programmer, but am not at all familiar with Perl, so am not sure what the problem is. Any thoughts/advice? Thanks in advance, Rick From list-mailscanner at linguaphone.com Mon Oct 29 17:51:52 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Oct 29 17:52:04 2007 Subject: Deny host based on detected spam? In-Reply-To: <3BF93070B3D1B047BA7ABF612958950D018FBE8A@hcex.hartwellcorp.com> Message-ID: Have a look at this script I wrote. You need to have mailwatch logging but it will create a database table, custom file, or a rbl file you can integrate with your MTA to reject them. http://www.gbnetwork.co.uk/mailscanner/mailwatch2rbl/index.html > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Michael > St. Laurent > Sent: 26 October 2007 21:49 > To: MailScanner discussion > Subject: Deny host based on detected spam? > > > Is there a way to make an entry in the /etc/hosts.deny table based on > reaching a specified threshold of spam activity? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From ssilva at sgvwater.com Mon Oct 29 17:55:19 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Oct 29 17:55:33 2007 Subject: Sendmail and Unexpected EOM Message-ID: I'm getting a lot of collect: premature EOM: unexpected close errors from certain servers, and a google gives me much conflicting info. Running CentOS 4 and current stable MailScanner. I have tried decreasing the MTU on the external interface, and only succeeded in stopping all traffic. Tried disabling window scaling, and that also had no effect. Could the default be to set no-fragment on packets from CentOS 4? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From uxbod at splatnix.net Mon Oct 29 18:18:51 2007 From: uxbod at splatnix.net (UxBoD) Date: Mon Oct 29 18:24:29 2007 Subject: Sendmail and Unexpected EOM In-Reply-To: Message-ID: <21003500.831193681931581.JavaMail.root@office.splatnix.net> this may be of help ? http://www.outofcontrol.ca/2007/02/28/sendmail-collect-premature-eom-unexpected-close-solution/ Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Scott Silva" To: mailscanner@lists.mailscanner.info Sent: Monday, October 29, 2007 5:55:19 PM (GMT) Europe/London Subject: Sendmail and Unexpected EOM I'm getting a lot of collect: premature EOM: unexpected close errors from certain servers, and a google gives me much conflicting info. Running CentOS 4 and current stable MailScanner. I have tried decreasing the MTU on the external interface, and only succeeded in stopping all traffic. Tried disabling window scaling, and that also had no effect. Could the default be to set no-fragment on packets from CentOS 4? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Mon Oct 29 18:36:29 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Oct 29 18:36:17 2007 Subject: Too many attachements / e-mail bouncing? In-Reply-To: References: <47259E1E.8070300@sequestered.net> Message-ID: <4726282D.9070002@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Blaze King wrote: > Thanks for the responses; forgot to mention a couple of things... > > We're running Sendmail 8.13.8, the ClamAV that came with Julian's script (0.91.2), and SquirrelMail 1.4.8. And I'd like to post the entire message details, but because of all the bounces, these messages are >10MB. Here's the header info with a few details removed: ..... > MIME-Version: 1.0 > Content-Type: multipart/mixed;boundary="----=_20071028091725_44518" The MIME header indicates it is a multipart header. But to know how many "attachments" there are one need to see the full message. Or at least you need to count all the occurances for this or any other bounderies in your message. And the other part is of course your MailScanner config. How many attachments are 'too many' in your config? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHJigrBvzDRVjxmYERAvknAKCOuvDmkGMLyuFgE2t7W2olMZVHuACdE9IM cbw2gKV3ekeki3dgFcQCals= =1oXe -----END PGP SIGNATURE----- From ssilva at sgvwater.com Mon Oct 29 18:43:10 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Oct 29 18:43:37 2007 Subject: Sendmail and Unexpected EOM In-Reply-To: <21003500.831193681931581.JavaMail.root@office.splatnix.net> References: <21003500.831193681931581.JavaMail.root@office.splatnix.net> Message-ID: on 10/29/2007 11:18 AM UxBoD spake the following: > this may be of help ? http://www.outofcontrol.ca/2007/02/28/sendmail-collect-premature-eom-unexpected-close-solution/ > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > From: "Scott Silva" > To: mailscanner@lists.mailscanner.info > Sent: Monday, October 29, 2007 5:55:19 PM (GMT) Europe/London > Subject: Sendmail and Unexpected EOM > > I'm getting a lot of collect: premature EOM: unexpected close > errors from certain servers, and a google gives me much conflicting info. > > Running CentOS 4 and current stable MailScanner. > > I have tried decreasing the MTU on the external interface, and only > succeeded in stopping all traffic. Tried disabling window scaling, and that > also had no effect. Could the default be to set no-fragment on packets from > CentOS 4? > Only using zen list at the moment, and my usage is way under what they consider to be needing a feed. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From blazek at lake-coe.k12.ca.us Mon Oct 29 18:59:31 2007 From: blazek at lake-coe.k12.ca.us (Blaze King) Date: Mon Oct 29 18:58:03 2007 Subject: Too many attachements / e-mail bouncing? In-Reply-To: <4726282D.9070002@vanderkooij.org> References: <47259E1E.8070300@sequestered.net> <4726282D.9070002@vanderkooij.org> Message-ID: MailScanner is configured to allow 200 attachments. It said this message had 299, when really it was only a couple. One of these messages had 7834 boundaries. Blaze King -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Hugo van der Kooij Sent: Monday, October 29, 2007 11:36 AM To: MailScanner discussion Subject: Re: Too many attachements / e-mail bouncing? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Blaze King wrote: > Thanks for the responses; forgot to mention a couple of things... > > We're running Sendmail 8.13.8, the ClamAV that came with Julian's script (0.91.2), and SquirrelMail 1.4.8. And I'd like to post the entire message details, but because of all the bounces, these messages are >10MB. Here's the header info with a few details removed: ..... > MIME-Version: 1.0 > Content-Type: multipart/mixed;boundary="----=_20071028091725_44518" The MIME header indicates it is a multipart header. But to know how many "attachments" there are one need to see the full message. Or at least you need to count all the occurances for this or any other bounderies in your message. And the other part is of course your MailScanner config. How many attachments are 'too many' in your config? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHJigrBvzDRVjxmYERAvknAKCOuvDmkGMLyuFgE2t7W2olMZVHuACdE9IM cbw2gKV3ekeki3dgFcQCals= =1oXe -----END PGP SIGNATURE----- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From campbell at cnpapers.com Mon Oct 29 20:27:51 2007 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Oct 29 20:28:00 2007 Subject: My boss wants to try out a service provider for spam Message-ID: <47264247.4080601@cnpapers.com> My boss informed me that we might want to try out a provider of spam content blocking. Has anyone ever dealt with ContentCatcher? Thanks for any ideas, experiences, and the like. Steve Campbell From do.not.eat.yellow.snow at gmail.com Tue Oct 30 00:15:26 2007 From: do.not.eat.yellow.snow at gmail.com (Martin Strand) Date: Tue Oct 30 00:15:34 2007 Subject: %variable% ruleset Message-ID: I'm trying to get localized reports for certain recipient tlds: %report-dir% = %rules-dir%/report_dir.rules To: /\.se$/ /etc/MailScanner/reports/se To: /\.fi$/ /etc/MailScanner/reports/fi To: /\.no$/ /etc/MailScanner/reports/no ... FromOrTo: default /etc/MailScanner/reports/en but it doesn't work. Is it even possible to use rulesets for %variables% ? Martin From martinh at solidstatelogic.com Tue Oct 30 08:48:10 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Oct 30 08:48:35 2007 Subject: My boss wants to try out a service provider for spam In-Reply-To: <47264247.4080601@cnpapers.com> Message-ID: <3ae61fd012fcba448936aabb87ebbb87@solidstatelogic.com> Steve If you're looking for managed hosting the two I'd suggest are Postini (now owned by google) and Messagelabs. Never heard of content catcher. Fsl.com also do an appliance/software based installer that's based on MailScanner. Again this is managed by them so there little for you to worry about. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Steve Campbell > Sent: 29 October 2007 20:28 > To: mailscanner@lists.mailscanner.info > Subject: My boss wants to try out a service provider for spam > > My boss informed me that we might want to try out a provider of spam > content blocking. Has anyone ever dealt with ContentCatcher? > > Thanks for any ideas, experiences, and the like. > > Steve Campbell > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From martinh at solidstatelogic.com Tue Oct 30 08:57:28 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Oct 30 08:57:31 2007 Subject: My boss wants to try out a service provider for spam In-Reply-To: <3ae61fd012fcba448936aabb87ebbb87@solidstatelogic.com> Message-ID: <92c86bb59add194ca5b74d3921168c3b@solidstatelogic.com> Steve Hmm looks like cotentcatcher ONLY does spam - no mention whatsoever of viruses! -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth > Sent: 30 October 2007 08:48 > To: MailScanner discussion > Subject: RE: My boss wants to try out a service provider for spam > > Steve > > If you're looking for managed hosting the two I'd suggest are Postini (now > owned by google) and Messagelabs. > > Never heard of content catcher. > > Fsl.com also do an appliance/software based installer that's based on > MailScanner. Again this is managed by them so there little for you to > worry about. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Steve Campbell > > Sent: 29 October 2007 20:28 > > To: mailscanner@lists.mailscanner.info > > Subject: My boss wants to try out a service provider for spam > > > > My boss informed me that we might want to try out a provider of spam > > content blocking. Has anyone ever dealt with ContentCatcher? > > > > Thanks for any ideas, experiences, and the like. > > > > Steve Campbell > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From gerard at seibercom.net Tue Oct 30 10:05:51 2007 From: gerard at seibercom.net (Gerard Seibert) Date: Tue Oct 30 10:05:37 2007 Subject: Error after postfix upgrade In-Reply-To: <456653.558141193672170178.JavaMail.root@cdptpa-web12-z01> References: <456653.558141193672170178.JavaMail.root@cdptpa-web12-z01> Message-ID: <20071030060541.BFFC.GERARD@seibercom.net> On Monday October 29, 2007 at 11:36:10 (AM) remeryspam wrote: > I have been running an Ubuntu 6.06 LTS server for the past 6 months with > postfix and mailscanner installed from the repositories. Everything has been > working great! > > Yesterday, I ran the updates on the server, which updated postfix from > 2.2.10-1ubuntu0.1 to 2.4.5-3build1~dapper1 (mailscanner is at 4.46.2-3). > After the update, mail wasn't being delivered and I noticed this message in the logs > every time mailscanner runs: > > postfix: Process did not exit cleanly, returned 255 with signal 0 > > If I run postfix without mailscanner, it runs without logging errors. I > switched mailscanner to run with debug = yes, and ran check_mailscanner, and > got this message: > > Can't call method "DropFromBatch" on unblessed reference at > /usr/share/MailScanner/MailScanner/Postfix.pm line 332. > > The code there is: > > # If the data offset is 0 then Postfix definitely hasn't finished > # writing the message. > unless ($DataOffset+0 > 10) { # 10 == arbitrarily small number > $message->DropFromBatch(); > return 0; > } > > I am a programmer, but am not at all familiar with Perl, so am not sure what > the problem is. > > Any thoughts/advice? You made a major update from version 2.2.x to 2.4.x in one hop. There have been major changes in Postfix, especially with SSL/TLS, etc. You might want to familiarize yourself with the updated documentation. Many of the original statements in the main.cf file have changed. I am not sure specifically what is causing your problem; however, I would recommend that you start there, Posting the output of postconf -n might also be enlightening. -- Gerard From glenn.steen at gmail.com Tue Oct 30 10:27:46 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Oct 30 10:27:49 2007 Subject: Error after postfix upgrade In-Reply-To: <20071030060541.BFFC.GERARD@seibercom.net> References: <456653.558141193672170178.JavaMail.root@cdptpa-web12-z01> <20071030060541.BFFC.GERARD@seibercom.net> Message-ID: <223f97700710300327j19450dcalba84031fc219894a@mail.gmail.com> On 30/10/2007, Gerard Seibert wrote: > On Monday October 29, 2007 at 11:36:10 (AM) remeryspam wrote: > > > I have been running an Ubuntu 6.06 LTS server for the past 6 months with > > postfix and mailscanner installed from the repositories. Everything has been > > working great! > > > > Yesterday, I ran the updates on the server, which updated postfix from > > 2.2.10-1ubuntu0.1 to 2.4.5-3build1~dapper1 (mailscanner is at 4.46.2-3). > > After the update, mail wasn't being delivered and I noticed this message in the logs > > every time mailscanner runs: > > > > postfix: Process did not exit cleanly, returned 255 with signal 0 > > > > If I run postfix without mailscanner, it runs without logging errors. I > > switched mailscanner to run with debug = yes, and ran check_mailscanner, and > > got this message: > > > > Can't call method "DropFromBatch" on unblessed reference at > > /usr/share/MailScanner/MailScanner/Postfix.pm line 332. > > > > The code there is: > > > > # If the data offset is 0 then Postfix definitely hasn't finished > > # writing the message. > > unless ($DataOffset+0 > 10) { # 10 == arbitrarily small number > > $message->DropFromBatch(); > > return 0; > > } > > > > I am a programmer, but am not at all familiar with Perl, so am not sure what > > the problem is. > > > > Any thoughts/advice? > > > You made a major update from version 2.2.x to 2.4.x in one hop. There have > been major changes in Postfix, especially with SSL/TLS, etc. You might want to > familiarize yourself with the updated documentation. Many of the original > statements in the main.cf file have changed. > > I am not sure specifically what is causing your problem; however, I would > recommend that you start there, Posting the output of postconf -n might also > be enlightening. > One might also add that there have been quite a bit of change done to MailScanner, to fully support Postfix 2.3/2.4, so an update from that rather old version you have... wouldn't be a bad thing either. I don't recall if the queue depth thing was a problem with that version... Memory gone bad:-):-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martinh at solidstatelogic.com Tue Oct 30 10:46:25 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Oct 30 10:46:40 2007 Subject: Error after postfix upgrade In-Reply-To: <223f97700710300327j19450dcalba84031fc219894a@mail.gmail.com> Message-ID: <397bac7d1c08f343bf148b1947fd2e43@solidstatelogic.com> Hmm One thing that changed recently (postfix 2.3??) was the queue layout default change. Before it was of the style /var/spool/postfix/hold/[0-9a-f]/..., now it's /var/spool/postfix/hold/... Not sure when this happened off hand, was either 2.2 or 2.3... Also looking at the MS changelog the P record support now in PF 2.3/4 isn't fully handled till MS 40.60.8, so given you're running quite and old version of MS I would upgrade MS as Glenn suggests. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Glenn Steen > Sent: 30 October 2007 10:28 > To: MailScanner discussion > Subject: Re: Error after postfix upgrade > > On 30/10/2007, Gerard Seibert wrote: > > On Monday October 29, 2007 at 11:36:10 (AM) remeryspam wrote: > > > > > I have been running an Ubuntu 6.06 LTS server for the past 6 months > with > > > postfix and mailscanner installed from the repositories. Everything > has been > > > working great! > > > > > > Yesterday, I ran the updates on the server, which updated postfix from > > > 2.2.10-1ubuntu0.1 to 2.4.5-3build1~dapper1 (mailscanner is at 4.46.2- > 3). > > > After the update, mail wasn't being delivered and I noticed this > message in the logs > > > every time mailscanner runs: > > > > > > postfix: Process did not exit cleanly, returned 255 with signal 0 > > > > > > If I run postfix without mailscanner, it runs without logging errors. > I > > > switched mailscanner to run with debug = yes, and ran > check_mailscanner, and > > > got this message: > > > > > > Can't call method "DropFromBatch" on unblessed reference at > > > /usr/share/MailScanner/MailScanner/Postfix.pm line 332. > > > > > > The code there is: > > > > > > # If the data offset is 0 then Postfix definitely hasn't finished > > > # writing the message. > > > unless ($DataOffset+0 > 10) { # 10 == arbitrarily small number > > > $message->DropFromBatch(); > > > return 0; > > > } > > > > > > I am a programmer, but am not at all familiar with Perl, so am not > sure what > > > the problem is. > > > > > > Any thoughts/advice? > > > > > > You made a major update from version 2.2.x to 2.4.x in one hop. There > have > > been major changes in Postfix, especially with SSL/TLS, etc. You might > want to > > familiarize yourself with the updated documentation. Many of the > original > > statements in the main.cf file have changed. > > > > I am not sure specifically what is causing your problem; however, I > would > > recommend that you start there, Posting the output of postconf -n might > also > > be enlightening. > > > One might also add that there have been quite a bit of change done to > MailScanner, to fully support Postfix 2.3/2.4, so an update from that > rather old version you have... wouldn't be a bad thing either. > I don't recall if the queue depth thing was a problem with that > version... Memory gone bad:-):-). > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From micoots at yahoo.com Tue Oct 30 12:31:23 2007 From: micoots at yahoo.com (Michael Mansour) Date: Tue Oct 30 12:31:26 2007 Subject: rulesets for org-name, org-long-name and web-site Message-ID: <326727.57124.qm@web33311.mail.mud.yahoo.com> Hi, Is it possible the following could be supported by a ruleset please: %org-name% %org-long-name% %web-site% Thanks. Michael. --------------------------------- National Bingo Night. Play along for the chance to win $10,000 every week. Download your gamecard now at Yahoo!7 TV. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071030/b1008186/attachment.html From campbell at cnpapers.com Tue Oct 30 13:04:20 2007 From: campbell at cnpapers.com (Steve Campbell) Date: Tue Oct 30 13:05:06 2007 Subject: My boss wants to try out a service provider for spam In-Reply-To: <92c86bb59add194ca5b74d3921168c3b@solidstatelogic.com> References: <92c86bb59add194ca5b74d3921168c3b@solidstatelogic.com> Message-ID: <47272BD4.2090501@cnpapers.com> Thanks, Martin. I'm sort of trying to convince whoever is behind this that giving up control of our spam and virus checking is a bad idea. We're a newspaper, and actually publish two papers, a morning and evening paper. Not only do the reporters get information by email, but advertisers send ads in using email. The deadlines issue just won't fly with offsite email management. At least that's what I've been trying to tell them everytime this crops up. Either I'm doing a very bad job of handling this, or they just want me for something else around here. I fight this about once every 6 months. Steve Martin.Hepworth wrote: > Steve > > Hmm looks like cotentcatcher ONLY does spam - no mention whatsoever of viruses! > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth >> Sent: 30 October 2007 08:48 >> To: MailScanner discussion >> Subject: RE: My boss wants to try out a service provider for spam >> >> Steve >> >> If you're looking for managed hosting the two I'd suggest are Postini (now >> owned by google) and Messagelabs. >> >> Never heard of content catcher. >> >> Fsl.com also do an appliance/software based installer that's based on >> MailScanner. Again this is managed by them so there little for you to >> worry about. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Steve Campbell >>> Sent: 29 October 2007 20:28 >>> To: mailscanner@lists.mailscanner.info >>> Subject: My boss wants to try out a service provider for spam >>> >>> My boss informed me that we might want to try out a provider of spam >>> content blocking. Has anyone ever dealt with ContentCatcher? >>> >>> Thanks for any ideas, experiences, and the like. >>> >>> Steve Campbell >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> ********************************************************************** >> Confidentiality : This e-mail and any attachments are intended for the >> addressee only and may be confidential. If they come to you in error >> you must take no action based on them, nor must you copy or show them >> to anyone. Please advise the sender by replying to this e-mail >> immediately and then delete the original from your computer. >> Opinion : Any opinions expressed in this e-mail are entirely those of >> the author and unless specifically stated to the contrary, are not >> necessarily those of the author's employer. >> Security Warning : Internet e-mail is not necessarily a secure >> communications medium and can be subject to data corruption. We advise >> that you consider this fact when e-mailing us. >> Viruses : We have taken steps to ensure that this e-mail and any >> attachments are free from known viruses but in keeping with good >> computing practice, you should ensure that they are virus free. >> >> Red Lion 49 Ltd T/A Solid State Logic >> Registered as a limited company in England and Wales >> (Company No:5362730) >> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >> United Kingdom >> ********************************************************************** >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > From mailscanner at slackadelic.com Tue Oct 30 13:12:18 2007 From: mailscanner at slackadelic.com (Matt Hayes) Date: Tue Oct 30 13:12:24 2007 Subject: My boss wants to try out a service provider for spam In-Reply-To: <47272BD4.2090501@cnpapers.com> References: <92c86bb59add194ca5b74d3921168c3b@solidstatelogic.com> <47272BD4.2090501@cnpapers.com> Message-ID: <47272DB2.30308@slackadelic.com> Steve, Where I work we do email scanning for spam and viruses. We do this for quite a few clients. We do it for email domains we host and we do it for email domains that just want the scanning done then hand it off to their host. Works quite well. -Matt Steve Campbell wrote: > Thanks, Martin. > > I'm sort of trying to convince whoever is behind this that giving up > control of our spam and virus checking is a bad idea. We're a newspaper, > and actually publish two papers, a morning and evening paper. Not only > do the reporters get information by email, but advertisers send ads in > using email. The deadlines issue just won't fly with offsite email > management. At least that's what I've been trying to tell them everytime > this crops up. > > Either I'm doing a very bad job of handling this, or they just want me > for something else around here. I fight this about once every 6 months. > > Steve > > Martin.Hepworth wrote: >> Steve >> >> Hmm looks like cotentcatcher ONLY does spam - no mention whatsoever of >> viruses! >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth >>> Sent: 30 October 2007 08:48 >>> To: MailScanner discussion >>> Subject: RE: My boss wants to try out a service provider for spam >>> >>> Steve >>> >>> If you're looking for managed hosting the two I'd suggest are Postini >>> (now >>> owned by google) and Messagelabs. >>> >>> Never heard of content catcher. >>> >>> Fsl.com also do an appliance/software based installer that's based on >>> MailScanner. Again this is managed by them so there little for you to >>> worry about. >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>>> bounces@lists.mailscanner.info] On Behalf Of Steve Campbell >>>> Sent: 29 October 2007 20:28 >>>> To: mailscanner@lists.mailscanner.info >>>> Subject: My boss wants to try out a service provider for spam >>>> >>>> My boss informed me that we might want to try out a provider of spam >>>> content blocking. Has anyone ever dealt with ContentCatcher? >>>> >>>> Thanks for any ideas, experiences, and the like. >>>> >>>> Steve Campbell >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> >>> ********************************************************************** >>> Confidentiality : This e-mail and any attachments are intended for the >>> addressee only and may be confidential. If they come to you in error >>> you must take no action based on them, nor must you copy or show them >>> to anyone. Please advise the sender by replying to this e-mail >>> immediately and then delete the original from your computer. >>> Opinion : Any opinions expressed in this e-mail are entirely those of >>> the author and unless specifically stated to the contrary, are not >>> necessarily those of the author's employer. >>> Security Warning : Internet e-mail is not necessarily a secure >>> communications medium and can be subject to data corruption. We advise >>> that you consider this fact when e-mailing us. >>> Viruses : We have taken steps to ensure that this e-mail and any >>> attachments are free from known viruses but in keeping with good >>> computing practice, you should ensure that they are virus free. >>> >>> Red Lion 49 Ltd T/A Solid State Logic >>> Registered as a limited company in England and Wales >>> (Company No:5362730) >>> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >>> United Kingdom >>> ********************************************************************** >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> >> >> ********************************************************************** >> Confidentiality : This e-mail and any attachments are intended for the >> addressee only and may be confidential. If they come to you in error >> you must take no action based on them, nor must you copy or show them >> to anyone. Please advise the sender by replying to this e-mail >> immediately and then delete the original from your computer. >> Opinion : Any opinions expressed in this e-mail are entirely those of >> the author and unless specifically stated to the contrary, are not >> necessarily those of the author's employer. >> Security Warning : Internet e-mail is not necessarily a secure >> communications medium and can be subject to data corruption. We advise >> that you consider this fact when e-mailing us. Viruses : We have taken >> steps to ensure that this e-mail and any attachments are free from >> known viruses but in keeping with good computing practice, you should >> ensure that they are virus free. >> >> Red Lion 49 Ltd T/A Solid State Logic >> Registered as a limited company in England and Wales (Company No:5362730) >> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >> United Kingdom >> ********************************************************************** >> >> > From MailScanner at ecs.soton.ac.uk Tue Oct 30 13:43:19 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Oct 30 13:43:38 2007 Subject: Error after postfix upgrade In-Reply-To: <456653.558141193672170178.JavaMail.root@cdptpa-web12-z01> References: <456653.558141193672170178.JavaMail.root@cdptpa-web12-z01> Message-ID: <472734F7.2020206@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Upgrade your MailScanner (I'll be releasing a new version tomorrow morning, so wait until then). This code is commented out in the latest version, it has been re-implemented differently. remeryspam@cfl.rr.com wrote: > I have been running an Ubuntu 6.06 LTS server for the past 6 months > with postfix and mailscanner installed from the repositories. > Everything has been working great! > > Yesterday, I ran the updates on the server, which updated postfix > from 2.2.10-1ubuntu0.1 to 2.4.5-3build1~dapper1 (mailscanner is at > 4.46.2-3). After the update, mail wasn't being delivered and I > noticed this message in the logs every time mailscanner runs: > > postfix: Process did not exit cleanly, returned 255 with signal 0 > > If I run postfix without mailscanner, it runs without logging > errors. I switched mailscanner to run with debug = yes, and ran > check_mailscanner, and got this message: > > Can't call method "DropFromBatch" on unblessed reference at > /usr/share/MailScanner/MailScanner/Postfix.pm line 332. > > The code there is: > > # If the data offset is 0 then Postfix definitely hasn't finished # > writing the message. unless ($DataOffset+0 > 10) { # 10 == > arbitrarily small number $message->DropFromBatch(); return 0; } > > I am a programmer, but am not at all familiar with Perl, so am not > sure what the problem is. > > Any thoughts/advice? > > Thanks in advance, Rick Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJzT3EfZZRxQVtlQRAnynAJ40oCrXElbNgScZ2epgC36URLKYIgCguHlQ CrI0Ru4UXAcUT3pxfAO/VzU= =FimQ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Tue Oct 30 13:46:59 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Oct 30 13:48:15 2007 Subject: %variable% ruleset In-Reply-To: References: Message-ID: <472735D3.5070903@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 No it's not, sorry. Martin Strand wrote: > I'm trying to get localized reports for certain recipient tlds: > > %report-dir% = %rules-dir%/report_dir.rules > > > To: /\.se$/ /etc/MailScanner/reports/se To: > /\.fi$/ /etc/MailScanner/reports/fi To: /\.no$/ > /etc/MailScanner/reports/no ... FromOrTo: default > /etc/MailScanner/reports/en > > > but it doesn't work. Is it even possible to use rulesets for > %variables% ? > > Martin Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJzXSEfZZRxQVtlQRAjAwAJ47/K+DxQNn+GcDXf8Itq5d3PV7kwCeNcV5 iCt0R0VAYXIdFLxaRw2ttVk= =lBkt -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From campbell at cnpapers.com Tue Oct 30 13:49:03 2007 From: campbell at cnpapers.com (Steve Campbell) Date: Tue Oct 30 13:49:57 2007 Subject: My boss wants to try out a service provider for spam In-Reply-To: <47272DB2.30308@slackadelic.com> References: <92c86bb59add194ca5b74d3921168c3b@solidstatelogic.com> <47272BD4.2090501@cnpapers.com> <47272DB2.30308@slackadelic.com> Message-ID: <4727364F.6080106@cnpapers.com> Matt, Same here. We do both newspaper domains, the main corporation domain, a few outside domains which want it all or just part of it. We have used MS/SA for quite some time now. Every once in a while, a chance to save a few dollars pops up, and because it is cheaper than some other offer they have looked into, they think they are getting a bargain.They keep forgetting they don't pay me that much. I just don't think they are really thinking this through very well. Of course, I'm getting pretty old, I don't have any backup here, and they might be thinking down the road a little. Steve Matt Hayes wrote: > Steve, > > Where I work we do email scanning for spam and viruses. We do this for > quite a few clients. We do it for email domains we host and we do it > for email domains that just want the scanning done then hand it off to > their host. > > Works quite well. > > -Matt > > Steve Campbell wrote: > >> Thanks, Martin. >> >> I'm sort of trying to convince whoever is behind this that giving up >> control of our spam and virus checking is a bad idea. We're a newspaper, >> and actually publish two papers, a morning and evening paper. Not only >> do the reporters get information by email, but advertisers send ads in >> using email. The deadlines issue just won't fly with offsite email >> management. At least that's what I've been trying to tell them everytime >> this crops up. >> >> Either I'm doing a very bad job of handling this, or they just want me >> for something else around here. I fight this about once every 6 months. >> >> Steve >> >> Martin.Hepworth wrote: >> >>> Steve >>> >>> Hmm looks like cotentcatcher ONLY does spam - no mention whatsoever of >>> viruses! >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>>> bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth >>>> Sent: 30 October 2007 08:48 >>>> To: MailScanner discussion >>>> Subject: RE: My boss wants to try out a service provider for spam >>>> >>>> Steve >>>> >>>> If you're looking for managed hosting the two I'd suggest are Postini >>>> (now >>>> owned by google) and Messagelabs. >>>> >>>> Never heard of content catcher. >>>> >>>> Fsl.com also do an appliance/software based installer that's based on >>>> MailScanner. Again this is managed by them so there little for you to >>>> worry about. >>>> >>>> -- >>>> Martin Hepworth >>>> Snr Systems Administrator >>>> Solid State Logic >>>> Tel: +44 (0)1865 842300 >>>> >>>> >>>> >>>>> -----Original Message----- >>>>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>>>> bounces@lists.mailscanner.info] On Behalf Of Steve Campbell >>>>> Sent: 29 October 2007 20:28 >>>>> To: mailscanner@lists.mailscanner.info >>>>> Subject: My boss wants to try out a service provider for spam >>>>> >>>>> My boss informed me that we might want to try out a provider of spam >>>>> content blocking. Has anyone ever dealt with ContentCatcher? >>>>> >>>>> Thanks for any ideas, experiences, and the like. >>>>> >>>>> Steve Campbell >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>> ********************************************************************** >>>> Confidentiality : This e-mail and any attachments are intended for the >>>> addressee only and may be confidential. If they come to you in error >>>> you must take no action based on them, nor must you copy or show them >>>> to anyone. Please advise the sender by replying to this e-mail >>>> immediately and then delete the original from your computer. >>>> Opinion : Any opinions expressed in this e-mail are entirely those of >>>> the author and unless specifically stated to the contrary, are not >>>> necessarily those of the author's employer. >>>> Security Warning : Internet e-mail is not necessarily a secure >>>> communications medium and can be subject to data corruption. We advise >>>> that you consider this fact when e-mailing us. >>>> Viruses : We have taken steps to ensure that this e-mail and any >>>> attachments are free from known viruses but in keeping with good >>>> computing practice, you should ensure that they are virus free. >>>> >>>> Red Lion 49 Ltd T/A Solid State Logic >>>> Registered as a limited company in England and Wales >>>> (Company No:5362730) >>>> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >>>> United Kingdom >>>> ********************************************************************** >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> >>> ********************************************************************** >>> Confidentiality : This e-mail and any attachments are intended for the >>> addressee only and may be confidential. If they come to you in error >>> you must take no action based on them, nor must you copy or show them >>> to anyone. Please advise the sender by replying to this e-mail >>> immediately and then delete the original from your computer. >>> Opinion : Any opinions expressed in this e-mail are entirely those of >>> the author and unless specifically stated to the contrary, are not >>> necessarily those of the author's employer. >>> Security Warning : Internet e-mail is not necessarily a secure >>> communications medium and can be subject to data corruption. We advise >>> that you consider this fact when e-mailing us. Viruses : We have taken >>> steps to ensure that this e-mail and any attachments are free from >>> known viruses but in keeping with good computing practice, you should >>> ensure that they are virus free. >>> >>> Red Lion 49 Ltd T/A Solid State Logic >>> Registered as a limited company in England and Wales (Company No:5362730) >>> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >>> United Kingdom >>> ********************************************************************** >>> >>> >>> > > From MailScanner at ecs.soton.ac.uk Tue Oct 30 13:50:37 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Oct 30 13:50:59 2007 Subject: My boss wants to try out a service provider for spam In-Reply-To: <47272DB2.30308@slackadelic.com> References: <92c86bb59add194ca5b74d3921168c3b@solidstatelogic.com> <47272BD4.2090501@cnpapers.com> <47272DB2.30308@slackadelic.com> Message-ID: <472736AD.3090804@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As do the excellent Blacknight Solutions as well. They will happily have MailScanner scan your incoming mail feed for you, and at a fraction of the price of people like MessageLabs too. Give them a look at www.blacknight.ie or talk to Michele (nickname blacknight on the MailScanner IRC channel). I'm sure they could put a quote together for your boss. Matt Hayes wrote: > Steve, > > Where I work we do email scanning for spam and viruses. We do this > for quite a few clients. We do it for email domains we host and we > do it for email domains that just want the scanning done then hand > it off to their host. > > Works quite well. > > -Matt > > Steve Campbell wrote: >> Thanks, Martin. >> >> I'm sort of trying to convince whoever is behind this that giving >> up control of our spam and virus checking is a bad idea. We're a >> newspaper, and actually publish two papers, a morning and evening >> paper. Not only do the reporters get information by email, but >> advertisers send ads in using email. The deadlines issue just >> won't fly with offsite email management. At least that's what >> I've been trying to tell them everytime this crops up. >> >> Either I'm doing a very bad job of handling this, or they just >> want me for something else around here. I fight this about once >> every 6 months. >> >> Steve >> >> Martin.Hepworth wrote: >>> Steve >>> >>> Hmm looks like cotentcatcher ONLY does spam - no mention >>> whatsoever of viruses! >>> >>> -- Martin Hepworth Snr Systems Administrator Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>>> -----Original Message----- From: >>>> mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner- bounces@lists.mailscanner.info] On >>>> Behalf Of Martin.Hepworth Sent: 30 October 2007 08:48 To: >>>> MailScanner discussion Subject: RE: My boss wants to try out >>>> a service provider for spam >>>> >>>> Steve >>>> >>>> If you're looking for managed hosting the two I'd suggest are >>>> Postini (now owned by google) and Messagelabs. >>>> >>>> Never heard of content catcher. >>>> >>>> Fsl.com also do an appliance/software based installer that's >>>> based on MailScanner. Again this is managed by them so there >>>> little for you to worry about. >>>> >>>> -- Martin Hepworth Snr Systems Administrator Solid State >>>> Logic Tel: +44 (0)1865 842300 >>>> >>>> >>>>> -----Original Message----- From: >>>>> mailscanner-bounces@lists.mailscanner.info >>>>> [mailto:mailscanner- bounces@lists.mailscanner.info] On >>>>> Behalf Of Steve Campbell Sent: 29 October 2007 20:28 To: >>>>> mailscanner@lists.mailscanner.info Subject: My boss wants >>>>> to try out a service provider for spam >>>>> >>>>> My boss informed me that we might want to try out a >>>>> provider of spam content blocking. Has anyone ever dealt >>>>> with ContentCatcher? >>>>> >>>>> Thanks for any ideas, experiences, and the like. >>>>> >>>>> Steve Campbell >>>>> >>>>> -- MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the >>>>> website! >>>>> >>>> >>>> ********************************************************************** >>>> Confidentiality : This e-mail and any attachments are >>>> intended for the addressee only and may be confidential. If >>>> they come to you in error you must take no action based on >>>> them, nor must you copy or show them to anyone. Please advise >>>> the sender by replying to this e-mail immediately and then >>>> delete the original from your computer. Opinion : Any >>>> opinions expressed in this e-mail are entirely those of the >>>> author and unless specifically stated to the contrary, are >>>> not necessarily those of the author's employer. Security >>>> Warning : Internet e-mail is not necessarily a secure >>>> communications medium and can be subject to data corruption. >>>> We advise that you consider this fact when e-mailing us. >>>> Viruses : We have taken steps to ensure that this e-mail and >>>> any attachments are free from known viruses but in keeping >>>> with good computing practice, you should ensure that they are >>>> virus free. >>>> >>>> Red Lion 49 Ltd T/A Solid State Logic Registered as a limited >>>> company in England and Wales (Company No:5362730) Registered >>>> Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United >>>> Kingdom >>>> ********************************************************************** >>>> >>>> >>>> -- MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the >>>> website! >>>> >>> >>> >>> >>> ********************************************************************** >>> Confidentiality : This e-mail and any attachments are intended >>> for the addressee only and may be confidential. If they come to >>> you in error you must take no action based on them, nor must >>> you copy or show them to anyone. Please advise the sender by >>> replying to this e-mail immediately and then delete the >>> original from your computer. Opinion : Any opinions expressed >>> in this e-mail are entirely those of the author and unless >>> specifically stated to the contrary, are not necessarily those >>> of the author's employer. Security Warning : Internet e-mail is >>> not necessarily a secure communications medium and can be >>> subject to data corruption. We advise that you consider this >>> fact when e-mailing us. Viruses : We have taken steps to ensure >>> that this e-mail and any attachments are free from known >>> viruses but in keeping with good computing practice, you should >>> ensure that they are virus free. >>> >>> Red Lion 49 Ltd T/A Solid State Logic Registered as a limited >>> company in England and Wales (Company No:5362730) Registered >>> Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United >>> Kingdom >>> ********************************************************************** >>> >>> >>> > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJzasEfZZRxQVtlQRAhQoAKDxlnceIrhmhoQGN9td0BxBCpNgzQCdEKhp xJwSrv6vb/WBGF0kJ8B1q1U= =uoim -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From root at doctor.nl2k.ab.ca Tue Oct 30 13:59:25 2007 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Tue Oct 30 14:00:55 2007 Subject: Up and coming release Message-ID: <20071030135924.GG7683@doctor.nl2k.ab.ca> Julian what is the next release of MailScanner? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Oct 30 14:15:47 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Oct 30 14:16:28 2007 Subject: Up and coming release In-Reply-To: <20071030135924.GG7683@doctor.nl2k.ab.ca> References: <20071030135924.GG7683@doctor.nl2k.ab.ca> Message-ID: <47273C93.1080702@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tomorrow. There are very few changes since the last release, it's been a very quiet month. The Change Log looks like this: * New Features and Improvements * 1 Added support for F-Secure version 5.5. In virus.scanners.conf, set the path to "/opt/f-secure/fssp". 2 Added log output when bad watermark causes raise in spam score. 2 RedHat RPM-based install.sh no longer forces installation of anything on RedHat 5, CentOS 5 or hopefully some clones thereof. No change on Fedora. 2 Improvement to upgrade_MailScanner_conf and upgrade_languages_conf so that if either is run when there is no .rpmnew file (and hence you don't need to run it) then no harm will be done, the .conf will be copied to the .new file. 3 Improved install.sh support for Mandriva which has /usr/src/rpm not .../RPM. * Fixes * 2 Fixed bug with "notify" action in "SpamAssassin Rule Actions" setting. 2 Fixed RBL check return address for anti-spam.org.cn's weird blacklist. 2 Fixed "MailScanner --value=..." (for testing rulesets), when MTA is not sendmail. Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > Julian what is the next release of MailScanner? > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJzySEfZZRxQVtlQRAqtfAJ9aqMsEANUZY4jE1p978BGKhjWoLgCgpDgH u2k2m/J9BeFNAw/2zd0G13c= =XxEc -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From prandal at herefordshire.gov.uk Tue Oct 30 14:25:28 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Oct 30 14:25:37 2007 Subject: Up and coming release In-Reply-To: <47273C93.1080702@ecs.soton.ac.uk> References: <20071030135924.GG7683@doctor.nl2k.ab.ca> <47273C93.1080702@ecs.soton.ac.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA01FD0086@HC-MBX02.herefordshire.gov.uk> Julian, 2 Fixed "MailScanner --value=..." (for testing rulesets), when MTA is not sendmail. It didn't work here even when the MTA was sendmail. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: 30 October 2007 14:16 > To: MailScanner discussion > Subject: Re: Up and coming release > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Tomorrow. There are very few changes since the last release, it's been > a very quiet month. The Change Log looks like this: > > * New Features and Improvements * > 1 Added support for F-Secure version 5.5. > In virus.scanners.conf, set the path to "/opt/f-secure/fssp". > 2 Added log output when bad watermark causes raise in spam score. > 2 RedHat RPM-based install.sh no longer forces installation > of anything on > RedHat 5, CentOS 5 or hopefully some clones thereof. No change on > Fedora. > 2 Improvement to upgrade_MailScanner_conf and upgrade_languages_conf > so that > if either is run when there is no .rpmnew file (and hence you don't > need to > run it) then no harm will be done, the .conf will be copied to the > .new file. > 3 Improved install.sh support for Mandriva which has /usr/src/rpm not > .../RPM. > > * Fixes * > 2 Fixed bug with "notify" action in "SpamAssassin Rule > Actions" setting. > 2 Fixed RBL check return address for anti-spam.org.cn's weird > blacklist. > 2 Fixed "MailScanner --value=..." (for testing rulesets), > when MTA is not > sendmail. > > > Dave Shariff Yadallee - System Administrator a.k.a. The Root of the > Problem wrote: > > Julian what is the next release of MailScanner? > > > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFHJzySEfZZRxQVtlQRAqtfAJ9aqMsEANUZY4jE1p978BGKhjWoLgCgpDgH > u2k2m/J9BeFNAw/2zd0G13c= > =XxEc > -----END PGP SIGNATURE----- > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From campbell at cnpapers.com Tue Oct 30 14:30:43 2007 From: campbell at cnpapers.com (Steve Campbell) Date: Tue Oct 30 14:30:57 2007 Subject: My boss wants to try out a service provider for spam In-Reply-To: <472736AD.3090804@ecs.soton.ac.uk> References: <92c86bb59add194ca5b74d3921168c3b@solidstatelogic.com> <47272BD4.2090501@cnpapers.com> <47272DB2.30308@slackadelic.com> <472736AD.3090804@ecs.soton.ac.uk> Message-ID: <47274013.4070300@cnpapers.com> Gosh, I must be really bad at this. Everyone is trying to switch us from home-managed to someone else managed;-) Thanks for all the help so far (I think) steve Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > As do the excellent Blacknight Solutions as well. They will happily > have MailScanner scan your incoming mail feed for you, and at a > fraction of the price of people like MessageLabs too. Give them a look > at www.blacknight.ie or talk to Michele (nickname blacknight on the > MailScanner IRC channel). > > I'm sure they could put a quote together for your boss. > > Matt Hayes wrote: > >> Steve, >> >> Where I work we do email scanning for spam and viruses. We do this >> for quite a few clients. We do it for email domains we host and we >> do it for email domains that just want the scanning done then hand >> it off to their host. >> >> Works quite well. >> >> -Matt >> >> Steve Campbell wrote: >> >>> Thanks, Martin. >>> >>> I'm sort of trying to convince whoever is behind this that giving >>> up control of our spam and virus checking is a bad idea. We're a >>> newspaper, and actually publish two papers, a morning and evening >>> paper. Not only do the reporters get information by email, but >>> advertisers send ads in using email. The deadlines issue just >>> won't fly with offsite email management. At least that's what >>> I've been trying to tell them everytime this crops up. >>> >>> Either I'm doing a very bad job of handling this, or they just >>> want me for something else around here. I fight this about once >>> every 6 months. >>> >>> Steve >>> >>> Martin.Hepworth wrote: >>> >>>> Steve >>>> >>>> Hmm looks like cotentcatcher ONLY does spam - no mention >>>> whatsoever of viruses! >>>> >>>> -- Martin Hepworth Snr Systems Administrator Solid State Logic >>>> Tel: +44 (0)1865 842300 >>>> >>>> >>>> >>>>> -----Original Message----- From: >>>>> mailscanner-bounces@lists.mailscanner.info >>>>> [mailto:mailscanner- bounces@lists.mailscanner.info] On >>>>> Behalf Of Martin.Hepworth Sent: 30 October 2007 08:48 To: >>>>> MailScanner discussion Subject: RE: My boss wants to try out >>>>> a service provider for spam >>>>> >>>>> Steve >>>>> >>>>> If you're looking for managed hosting the two I'd suggest are >>>>> Postini (now owned by google) and Messagelabs. >>>>> >>>>> Never heard of content catcher. >>>>> >>>>> Fsl.com also do an appliance/software based installer that's >>>>> based on MailScanner. Again this is managed by them so there >>>>> little for you to worry about. >>>>> >>>>> -- Martin Hepworth Snr Systems Administrator Solid State >>>>> Logic Tel: +44 (0)1865 842300 >>>>> >>>>> >>>>> >>>>>> -----Original Message----- From: >>>>>> mailscanner-bounces@lists.mailscanner.info >>>>>> [mailto:mailscanner- bounces@lists.mailscanner.info] On >>>>>> Behalf Of Steve Campbell Sent: 29 October 2007 20:28 To: >>>>>> mailscanner@lists.mailscanner.info Subject: My boss wants >>>>>> to try out a service provider for spam >>>>>> >>>>>> My boss informed me that we might want to try out a >>>>>> provider of spam content blocking. Has anyone ever dealt >>>>>> with ContentCatcher? >>>>>> >>>>>> Thanks for any ideas, experiences, and the like. >>>>>> >>>>>> Steve Campbell >>>>>> >>>>>> -- MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the >>>>>> website! >>>>>> >>>>>> >>>>> ********************************************************************** >>>>> Confidentiality : This e-mail and any attachments are >>>>> intended for the addressee only and may be confidential. If >>>>> they come to you in error you must take no action based on >>>>> them, nor must you copy or show them to anyone. Please advise >>>>> the sender by replying to this e-mail immediately and then >>>>> delete the original from your computer. Opinion : Any >>>>> opinions expressed in this e-mail are entirely those of the >>>>> author and unless specifically stated to the contrary, are >>>>> not necessarily those of the author's employer. Security >>>>> Warning : Internet e-mail is not necessarily a secure >>>>> communications medium and can be subject to data corruption. >>>>> We advise that you consider this fact when e-mailing us. >>>>> Viruses : We have taken steps to ensure that this e-mail and >>>>> any attachments are free from known viruses but in keeping >>>>> with good computing practice, you should ensure that they are >>>>> virus free. >>>>> >>>>> Red Lion 49 Ltd T/A Solid State Logic Registered as a limited >>>>> company in England and Wales (Company No:5362730) Registered >>>>> Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United >>>>> Kingdom >>>>> ********************************************************************** >>>>> >>>>> >>>>> -- MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the >>>>> website! >>>>> >>>>> >>>> >>>> ********************************************************************** >>>> Confidentiality : This e-mail and any attachments are intended >>>> for the addressee only and may be confidential. If they come to >>>> you in error you must take no action based on them, nor must >>>> you copy or show them to anyone. Please advise the sender by >>>> replying to this e-mail immediately and then delete the >>>> original from your computer. Opinion : Any opinions expressed >>>> in this e-mail are entirely those of the author and unless >>>> specifically stated to the contrary, are not necessarily those >>>> of the author's employer. Security Warning : Internet e-mail is >>>> not necessarily a secure communications medium and can be >>>> subject to data corruption. We advise that you consider this >>>> fact when e-mailing us. Viruses : We have taken steps to ensure >>>> that this e-mail and any attachments are free from known >>>> viruses but in keeping with good computing practice, you should >>>> ensure that they are virus free. >>>> >>>> Red Lion 49 Ltd T/A Solid State Logic Registered as a limited >>>> company in England and Wales (Company No:5362730) Registered >>>> Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United >>>> Kingdom >>>> ********************************************************************** >>>> >>>> >>>> >>>> > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFHJzasEfZZRxQVtlQRAhQoAKDxlnceIrhmhoQGN9td0BxBCpNgzQCdEKhp > xJwSrv6vb/WBGF0kJ8B1q1U= > =uoim > -----END PGP SIGNATURE----- > > > From rstarr at grantstream.com Tue Oct 30 14:40:05 2007 From: rstarr at grantstream.com (Rob Starr) Date: Tue Oct 30 14:40:12 2007 Subject: Configuration file not being read? Message-ID: <20071030143831.2CD9682009D@web01.tidc.grantstream.com> Hi there, I'm using MailScanner 4.64.3 + Postfix + SpamAssassin 3.2.3. I believe this is a MailScanner configuration problem. My issue is that spamassassin rules from sa-update are not being used (and I've verified they exist in /var/lib/spamassassin/3.002003). A MailScanner lint test reports no issues. A SpamAssassin lint test also reports no issues, and shows the sa-update rules being used. Spamassassin -t /tmp/spam.sample shows the rules being used. "MailScanner --debug --debug-sa": --------------------------------- In Debugging mode, not forking... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp debug: Score set 0 chosen. debug: running in taint mode? no debug: ignore: test message to precompile patterns and load modules debug: using "/usr/share/spamassassin" for default rules dir debug: using "/etc/mail/spamassassin" for site rules dir debug: using "/var/spool/postfix/.spamassassin/user_prefs" for user prefs file ... /etc/MailScanner/MailScanner.conf snippet: ----------------------------------------- SpamAssassin Site Rules Dir = /etc/mail/spamassassin SpamAssassin Local Rules Dir = SpamAssassin Local State Dir = /var/lib/spamassassin SpamAssassin Default Rules Dir = It seems MailScanner is using a different config file than the one I'm looking at... ? I've also verified that: /etc/init.d/MailScanner is using /etc/sysconfig/MailScanner AND /etc/sysconfig/MailScanner is using /etc/MailScanner/MailScanner.conf What am I missing here? Thanks, Rob Starr From paul.hutchings at mira.co.uk Tue Oct 30 14:45:17 2007 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Tue Oct 30 14:45:24 2007 Subject: Centos5 - update problems after MailScanner install Message-ID: Any suggestions on the below, which is what I get when doing a "yum update" on centos5 after installing MailScanner 4.65.3.2? The updates in questions are: perl-Test-Simple noarch 0.72-1.el5.rf rpmforge and perl-MIME-Base64 x86_64 3.07-1.el5.rf rpmforge Running Transaction Test Finished Transaction Test Transaction Check Error: file /usr/share/man/man3/Test::Builder.3pm.gz from install of perl-Test-Simple-0.72-1.el5.rf conflicts with file from package perl-5.8.8-10 file /usr/share/man/man3/Test::Builder::Module.3pm.gz from install of perl-Test-Simple-0.72-1.el5.rf conflicts with file from package perl-5.8.8-10 file /usr/share/man/man3/Test::Builder::Tester.3pm.gz from install of perl-Test-Simple-0.72-1.el5.rf conflicts with file from package perl-5.8.8-10 file /usr/share/man/man3/Test::Builder::Tester::Color.3pm.gz from install of perl-Test-Simple-0.72-1.el5.rf conflicts with file from package perl-5.8.8-10 file /usr/share/man/man3/Test::More.3pm.gz from install of perl-Test-Simple-0.72-1.el5.rf conflicts with file from package perl-5.8.8-10 file /usr/share/man/man3/Test::Simple.3pm.gz from install of perl-Test-Simple-0.72-1.el5.rf conflicts with file from package perl-5.8.8-10 file /usr/share/man/man3/Test::Tutorial.3pm.gz from install of perl-Test-Simple-0.72-1.el5.rf conflicts with file from package perl-5.8.8-10 Error Summary ------------- And Running Transaction Test Finished Transaction Test Transaction Check Error: file /usr/share/man/man3/MIME::Base64.3pm.gz from install of perl-MIME-Base64-3.07-1.el5.rf conflicts with file from package perl-5.8.8-10 file /usr/share/man/man3/MIME::QuotedPrint.3pm.gz from install of perl-MIME-Base64-3.07-1.el5.rf conflicts with file from package perl-5.8.8-10 Error Summary ------------- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 44 (0)24 7635 5378 Fax: 44 (0)24 7635 8378 mailto:paul.hutchings@mira.co.uk -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From MailScanner at ecs.soton.ac.uk Tue Oct 30 14:48:11 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Oct 30 14:48:34 2007 Subject: My boss wants to try out a service provider for spam In-Reply-To: <47274013.4070300@cnpapers.com> References: <92c86bb59add194ca5b74d3921168c3b@solidstatelogic.com> <47272BD4.2090501@cnpapers.com> <47272DB2.30308@slackadelic.com> <472736AD.3090804@ecs.soton.ac.uk> <47274013.4070300@cnpapers.com> Message-ID: <4727442B.6090404@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We're just trying to ensure that even if you are pushed down the out-sourcing track, you still end up with a decent service for your users. I hope you get to keep it all in-house, but the PHBs don't always see it our way :-( Jules. Steve Campbell wrote: > Gosh, I must be really bad at this. Everyone is trying to switch us > from home-managed to someone else managed;-) > > Thanks for all the help so far (I think) > > steve > > Julian Field wrote: As do the excellent Blacknight Solutions as > well. They will happily have MailScanner scan your incoming mail > feed for you, and at a fraction of the price of people like > MessageLabs too. Give them a look at www.blacknight.ie or talk to > Michele (nickname blacknight on the MailScanner IRC channel). > > I'm sure they could put a quote together for your boss. > > Matt Hayes wrote: > >>>> Steve, >>>> >>>> Where I work we do email scanning for spam and viruses. We >>>> do this for quite a few clients. We do it for email domains >>>> we host and we do it for email domains that just want the >>>> scanning done then hand it off to their host. >>>> >>>> Works quite well. >>>> >>>> -Matt >>>> >>>> Steve Campbell wrote: >>>> >>>>> Thanks, Martin. >>>>> >>>>> I'm sort of trying to convince whoever is behind this that >>>>> giving up control of our spam and virus checking is a bad >>>>> idea. We're a newspaper, and actually publish two papers, a >>>>> morning and evening paper. Not only do the reporters get >>>>> information by email, but advertisers send ads in using >>>>> email. The deadlines issue just won't fly with offsite >>>>> email management. At least that's what I've been trying to >>>>> tell them everytime this crops up. >>>>> >>>>> Either I'm doing a very bad job of handling this, or they >>>>> just want me for something else around here. I fight this >>>>> about once every 6 months. >>>>> >>>>> Steve >>>>> >>>>> Martin.Hepworth wrote: >>>>> >>>>>> Steve >>>>>> >>>>>> Hmm looks like cotentcatcher ONLY does spam - no mention >>>>>> whatsoever of viruses! >>>>>> >>>>>> -- Martin Hepworth Snr Systems Administrator Solid State >>>>>> Logic Tel: +44 (0)1865 842300 >>>>>> >>>>>> >>>>>> >>>>>>> -----Original Message----- From: >>>>>>> mailscanner-bounces@lists.mailscanner.info >>>>>>> [mailto:mailscanner- bounces@lists.mailscanner.info] On >>>>>>> Behalf Of Martin.Hepworth Sent: 30 October 2007 08:48 >>>>>>> To: MailScanner discussion Subject: RE: My boss wants >>>>>>> to try out a service provider for spam >>>>>>> >>>>>>> Steve >>>>>>> >>>>>>> If you're looking for managed hosting the two I'd >>>>>>> suggest are Postini (now owned by google) and >>>>>>> Messagelabs. >>>>>>> >>>>>>> Never heard of content catcher. >>>>>>> >>>>>>> Fsl.com also do an appliance/software based installer >>>>>>> that's based on MailScanner. Again this is managed by >>>>>>> them so there little for you to worry about. >>>>>>> >>>>>>> -- Martin Hepworth Snr Systems Administrator Solid >>>>>>> State Logic Tel: +44 (0)1865 842300 >>>>>>> >>>>>>> >>>>>>> >>>>>>>> -----Original Message----- From: >>>>>>>> mailscanner-bounces@lists.mailscanner.info >>>>>>>> [mailto:mailscanner- bounces@lists.mailscanner.info] >>>>>>>> On Behalf Of Steve Campbell Sent: 29 October 2007 >>>>>>>> 20:28 To: mailscanner@lists.mailscanner.info Subject: >>>>>>>> My boss wants to try out a service provider for spam >>>>>>>> >>>>>>>> My boss informed me that we might want to try out a >>>>>>>> provider of spam content blocking. Has anyone ever >>>>>>>> dealt with ContentCatcher? >>>>>>>> >>>>>>>> Thanks for any ideas, experiences, and the like. >>>>>>>> >>>>>>>> Steve Campbell >>>>>>>> >>>>>>>> -- MailScanner mailing list >>>>>>>> mailscanner@lists.mailscanner.info >>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>>> >>>>>>>> >>>>>>>> Before posting, read >>>>>>>> http://wiki.mailscanner.info/posting >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off >>>>>>>> the website! >>>>>>>> >>>>>>>> >>>>>>> > ********************************************************************** > >>>>>>> >>>>>>> Confidentiality : This e-mail and any attachments are >>>>>>> intended for the addressee only and may be >>>>>>> confidential. If they come to you in error you must >>>>>>> take no action based on them, nor must you copy or show >>>>>>> them to anyone. Please advise the sender by replying to >>>>>>> this e-mail immediately and then delete the original >>>>>>> from your computer. Opinion : Any opinions expressed in >>>>>>> this e-mail are entirely those of the author and unless >>>>>>> specifically stated to the contrary, are not >>>>>>> necessarily those of the author's employer. Security >>>>>>> Warning : Internet e-mail is not necessarily a secure >>>>>>> communications medium and can be subject to data >>>>>>> corruption. We advise that you consider this fact when >>>>>>> e-mailing us. Viruses : We have taken steps to ensure >>>>>>> that this e-mail and any attachments are free from >>>>>>> known viruses but in keeping with good computing >>>>>>> practice, you should ensure that they are virus free. >>>>>>> >>>>>>> Red Lion 49 Ltd T/A Solid State Logic Registered as a >>>>>>> limited company in England and Wales (Company >>>>>>> No:5362730) Registered Office: 25 Spring Hill Road, >>>>>>> Begbroke, Oxford OX5 1RU, United Kingdom >>>>>>> > ********************************************************************** > >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- MailScanner mailing list >>>>>>> mailscanner@lists.mailscanner.info >>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>> >>>>>>> >>>>>>> Before posting, read >>>>>>> http://wiki.mailscanner.info/posting >>>>>>> >>>>>>> Support MailScanner development - buy the book off the >>>>>>> website! >>>>>>> >>>>>>> >>>>>> >>>>>> > ********************************************************************** > >>>>>> >>>>>> Confidentiality : This e-mail and any attachments are >>>>>> intended for the addressee only and may be confidential. >>>>>> If they come to you in error you must take no action >>>>>> based on them, nor must you copy or show them to anyone. >>>>>> Please advise the sender by replying to this e-mail >>>>>> immediately and then delete the original from your >>>>>> computer. Opinion : Any opinions expressed in this e-mail >>>>>> are entirely those of the author and unless specifically >>>>>> stated to the contrary, are not necessarily those of the >>>>>> author's employer. Security Warning : Internet e-mail is >>>>>> not necessarily a secure communications medium and can be >>>>>> subject to data corruption. We advise that you consider >>>>>> this fact when e-mailing us. Viruses : We have taken >>>>>> steps to ensure that this e-mail and any attachments are >>>>>> free from known viruses but in keeping with good >>>>>> computing practice, you should ensure that they are virus >>>>>> free. >>>>>> >>>>>> Red Lion 49 Ltd T/A Solid State Logic Registered as a >>>>>> limited company in England and Wales (Company No:5362730) >>>>>> Registered Office: 25 Spring Hill Road, Begbroke, Oxford >>>>>> OX5 1RU, United Kingdom >>>>>> > ********************************************************************** > >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> > > Jules > >> >> Jules - -- Julian Field MBCS CITP jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJ0QqEfZZRxQVtlQRAgCIAKDKbAk9O3DP9uWlA/KwJCgJ4dSwdACfRg6R 45DXDjn49JEvSh26AZ7NIaI= =OV0H -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From prandal at herefordshire.gov.uk Tue Oct 30 14:52:47 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Oct 30 14:52:59 2007 Subject: Centos5 - update problems after MailScanner install In-Reply-To: References: Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA01FD00A1@HC-MBX02.herefordshire.gov.uk> The workaround is to add in /etc/yum.repos.d/rpmforge.repo the following line: exclude=perl-MIME-Base64 perl-Test-Simple Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Paul Hutchings > Sent: 30 October 2007 14:45 > To: MailScanner discussion > Subject: Centos5 - update problems after MailScanner install > > Any suggestions on the below, which is what I get when doing a "yum > update" on centos5 after installing MailScanner 4.65.3.2? > > The updates in questions are: > > perl-Test-Simple noarch 0.72-1.el5.rf rpmforge > > and > > perl-MIME-Base64 x86_64 3.07-1.el5.rf rpmforge > > > Running Transaction Test > Finished Transaction Test > > > Transaction Check Error: > file /usr/share/man/man3/Test::Builder.3pm.gz from install of > perl-Test-Simple-0.72-1.el5.rf conflicts with file from package > perl-5.8.8-10 > file /usr/share/man/man3/Test::Builder::Module.3pm.gz from > install of > perl-Test-Simple-0.72-1.el5.rf conflicts with file from package > perl-5.8.8-10 > file /usr/share/man/man3/Test::Builder::Tester.3pm.gz from > install of > perl-Test-Simple-0.72-1.el5.rf conflicts with file from package > perl-5.8.8-10 > file /usr/share/man/man3/Test::Builder::Tester::Color.3pm.gz from > install of perl-Test-Simple-0.72-1.el5.rf conflicts with file from > package perl-5.8.8-10 > file /usr/share/man/man3/Test::More.3pm.gz from install of > perl-Test-Simple-0.72-1.el5.rf conflicts with file from package > perl-5.8.8-10 > file /usr/share/man/man3/Test::Simple.3pm.gz from install of > perl-Test-Simple-0.72-1.el5.rf conflicts with file from package > perl-5.8.8-10 > file /usr/share/man/man3/Test::Tutorial.3pm.gz from install of > perl-Test-Simple-0.72-1.el5.rf conflicts with file from package > perl-5.8.8-10 > > Error Summary > ------------- > > And > > Running Transaction Test > Finished Transaction Test > > > Transaction Check Error: > file /usr/share/man/man3/MIME::Base64.3pm.gz from install of > perl-MIME-Base64-3.07-1.el5.rf conflicts with file from package > perl-5.8.8-10 > file /usr/share/man/man3/MIME::QuotedPrint.3pm.gz from install of > perl-MIME-Base64-3.07-1.el5.rf conflicts with file from package > perl-5.8.8-10 > > Error Summary > ------------- > > > Paul Hutchings > Network Administrator, MIRA Ltd. > Tel: 44 (0)24 7635 5378 > Fax: 44 (0)24 7635 8378 > mailto:paul.hutchings@mira.co.uk > > > -- > MIRA Ltd > > Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. > > Registered in England and Wales No. 402570 > VAT Registration GB 114 5409 96 > > The contents of this e-mail are confidential and are solely > for the use of the intended recipient. > If you receive this e-mail in error, please delete it and > notify us either by e-mail, telephone or fax. > You should not copy, forward or otherwise disclose the > content of the e-mail as this is prohibited. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Tue Oct 30 14:56:59 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Oct 30 14:57:22 2007 Subject: Configuration file not being read? In-Reply-To: <20071030143831.2CD9682009D@web01.tidc.grantstream.com> References: <20071030143831.2CD9682009D@web01.tidc.grantstream.com> Message-ID: <4727463B.90605@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rob Starr wrote: > Hi there, > > I'm using MailScanner 4.64.3 + Postfix + SpamAssassin 3.2.3. > > I believe this is a MailScanner configuration problem. My issue is > that spamassassin rules from sa-update are not being used (and I've > verified they exist in /var/lib/spamassassin/3.002003). > > A MailScanner lint test reports no issues. A SpamAssassin lint > test also reports no issues, and shows the sa-update rules being > used. Spamassassin -t /tmp/spam.sample shows the rules being used. > > > "MailScanner --debug --debug-sa": --------------------------------- > In Debugging mode, not forking... SpamAssassin temp dir = > /var/spool/MailScanner/incoming/SpamAssassin-Temp debug: Score set > 0 chosen. debug: running in taint mode? no debug: ignore: test > message to precompile patterns and load modules debug: using > "/usr/share/spamassassin" for default rules dir debug: using > "/etc/mail/spamassassin" for site rules dir debug: using > "/var/spool/postfix/.spamassassin/user_prefs" for user prefs file > ... > > /etc/MailScanner/MailScanner.conf snippet: > ----------------------------------------- SpamAssassin Site Rules > Dir = /etc/mail/spamassassin SpamAssassin Local Rules Dir = > SpamAssassin Local State Dir = /var/lib/spamassassin SpamAssassin > Default Rules Dir = Set all those 4 settings to blank. It should pick up the right places automatically anyway. Also, remember that the "last accessed" datestamp on a file can be used to tell you if a config file is being used. A "ls -lu" will show the last-accessed instead of last-modified stamps on each file, so you can see if it is updated (and hence the file was read) by any particular command. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJ0Y6EfZZRxQVtlQRArKpAKD7mdw6IEUQxnFV+l4CT0bPSGBJiQCgmwIm XY9y+OMPSl+epiPYYySMV5U= =Sni7 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From Kevin_Miller at ci.juneau.ak.us Tue Oct 30 15:26:41 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Oct 30 15:26:01 2007 Subject: My boss wants to try out a service provider for spam In-Reply-To: <47272BD4.2090501@cnpapers.com> References: <92c86bb59add194ca5b74d3921168c3b@solidstatelogic.com> <47272BD4.2090501@cnpapers.com> Message-ID: Steve Campbell wrote: > Either I'm doing a very bad job of handling this, or they just want me > for something else around here. I fight this about once every 6 > months. Well, if they want a commercial offering, point them to FSL (www.fsl.com) and get them to buy you a DefenderMX or BarricadeMX. Good old MailScanner technology on steroids with a phone number attached. You'll get a nifty appliance doing what you're already doing and they get to sleep nights because they spent money. If it costs it must be good, right? You don't have to tell 'em that you're already doing most of what it does for free. I'm sure it wouldn't hurt Jule's or Steve's feelings if they sold another unit either! ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From rstarr at grantstream.com Tue Oct 30 16:16:16 2007 From: rstarr at grantstream.com (Rob Starr) Date: Tue Oct 30 16:16:26 2007 Subject: Configuration file not being read? In-Reply-To: <4727463B.90605@ecs.soton.ac.uk> Message-ID: <20071030161441.BCC5782009D@web01.tidc.grantstream.com> Thanks Julian, I've set those 4 setting to blank but "MailScanner --debug --debug-sa" still shows "/usr/share/spamassassin" for default rules dir. My understanding is that this line should say "/var/lib/spamassassin/3.002003", right? Also, ls -lu shows my MailScanner.conf file is indeed being accessed. When I set this: SpamAssassin Default Rules Dir = /var/lib/spamassassin/3.002003 I get these errors: debug: Failed to parse line in SpamAssassin configuration, skipping: include updates_spamassassin_org/10_default_prefs.cf debug: Failed to parse line in SpamAssassin configuration, skipping: include updates_spamassassin_org/20_advance_fee.cf ... Rob Starr B.Eng -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: October-30-07 10:57 AM To: MailScanner discussion Subject: Re: Configuration file not being read? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rob Starr wrote: > Hi there, > > I'm using MailScanner 4.64.3 + Postfix + SpamAssassin 3.2.3. > > I believe this is a MailScanner configuration problem. My issue is > that spamassassin rules from sa-update are not being used (and I've > verified they exist in /var/lib/spamassassin/3.002003). > > A MailScanner lint test reports no issues. A SpamAssassin lint > test also reports no issues, and shows the sa-update rules being > used. Spamassassin -t /tmp/spam.sample shows the rules being used. > > > "MailScanner --debug --debug-sa": --------------------------------- > In Debugging mode, not forking... SpamAssassin temp dir = > /var/spool/MailScanner/incoming/SpamAssassin-Temp debug: Score set > 0 chosen. debug: running in taint mode? no debug: ignore: test > message to precompile patterns and load modules debug: using > "/usr/share/spamassassin" for default rules dir debug: using > "/etc/mail/spamassassin" for site rules dir debug: using > "/var/spool/postfix/.spamassassin/user_prefs" for user prefs file > ... > > /etc/MailScanner/MailScanner.conf snippet: > ----------------------------------------- SpamAssassin Site Rules > Dir = /etc/mail/spamassassin SpamAssassin Local Rules Dir = > SpamAssassin Local State Dir = /var/lib/spamassassin SpamAssassin > Default Rules Dir = Set all those 4 settings to blank. It should pick up the right places automatically anyway. Also, remember that the "last accessed" datestamp on a file can be used to tell you if a config file is being used. A "ls -lu" will show the last-accessed instead of last-modified stamps on each file, so you can see if it is updated (and hence the file was read) by any particular command. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJ0Y6EfZZRxQVtlQRArKpAKD7mdw6IEUQxnFV+l4CT0bPSGBJiQCgmwIm XY9y+OMPSl+epiPYYySMV5U= =Sni7 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From prandal at herefordshire.gov.uk Tue Oct 30 16:46:28 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Oct 30 16:46:35 2007 Subject: Configuration file not being read? In-Reply-To: <20071030161441.BCC5782009D@web01.tidc.grantstream.com> References: <4727463B.90605@ecs.soton.ac.uk> <20071030161441.BCC5782009D@web01.tidc.grantstream.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA01FD0109@HC-MBX02.herefordshire.gov.uk> Rob, Is it at all possible that you're still somehow running an ancient version of MailScanner which isn't passing SpamAssassin Local State Dir to SA? The key setting is SpamAssassin Local State Dir = /var/lib/spamassassin (pre SA 3.1.4 (I think, too lazy to look up my previous posts on this subject, it would have been /var/lib) Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Rob Starr > Sent: 30 October 2007 16:16 > To: 'MailScanner discussion' > Subject: RE: Configuration file not being read? > > Thanks Julian, > > I've set those 4 setting to blank but "MailScanner --debug > --debug-sa" still > shows "/usr/share/spamassassin" for default rules dir. My > understanding is > that this line should say "/var/lib/spamassassin/3.002003", right? > > Also, ls -lu shows my MailScanner.conf file is indeed being accessed. > > When I set this: > SpamAssassin Default Rules Dir = /var/lib/spamassassin/3.002003 > > I get these errors: > debug: Failed to parse line in SpamAssassin configuration, > skipping: include > updates_spamassassin_org/10_default_prefs.cf > debug: Failed to parse line in SpamAssassin configuration, > skipping: include > updates_spamassassin_org/20_advance_fee.cf > ... > > > Rob Starr B.Eng > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian > Field > Sent: October-30-07 10:57 AM > To: MailScanner discussion > Subject: Re: Configuration file not being read? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Rob Starr wrote: > > Hi there, > > > > I'm using MailScanner 4.64.3 + Postfix + SpamAssassin 3.2.3. > > > > I believe this is a MailScanner configuration problem. My issue is > > that spamassassin rules from sa-update are not being used (and I've > > verified they exist in /var/lib/spamassassin/3.002003). > > > > A MailScanner lint test reports no issues. A SpamAssassin lint > > test also reports no issues, and shows the sa-update rules being > > used. Spamassassin -t /tmp/spam.sample shows the rules being used. > > > > > > "MailScanner --debug --debug-sa": --------------------------------- > > In Debugging mode, not forking... SpamAssassin temp dir = > > /var/spool/MailScanner/incoming/SpamAssassin-Temp debug: Score set > > 0 chosen. debug: running in taint mode? no debug: ignore: test > > message to precompile patterns and load modules debug: using > > "/usr/share/spamassassin" for default rules dir debug: using > > "/etc/mail/spamassassin" for site rules dir debug: using > > "/var/spool/postfix/.spamassassin/user_prefs" for user prefs file > > ... > > > > /etc/MailScanner/MailScanner.conf snippet: > > ----------------------------------------- SpamAssassin Site Rules > > Dir = /etc/mail/spamassassin SpamAssassin Local Rules Dir = > > SpamAssassin Local State Dir = /var/lib/spamassassin SpamAssassin > > Default Rules Dir = > Set all those 4 settings to blank. It should pick up the right places > automatically anyway. > > Also, remember that the "last accessed" datestamp on a file can be > used to tell you if a config file is being used. A "ls -lu" will show > the last-accessed instead of last-modified stamps on each file, so you > can see if it is updated (and hence the file was read) by any > particular command. > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFHJ0Y6EfZZRxQVtlQRArKpAKD7mdw6IEUQxnFV+l4CT0bPSGBJiQCgmwIm > XY9y+OMPSl+epiPYYySMV5U= > =Sni7 > -----END PGP SIGNATURE----- > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Tue Oct 30 16:46:51 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Oct 30 16:47:22 2007 Subject: My boss wants to try out a service provider for spam In-Reply-To: References: <92c86bb59add194ca5b74d3921168c3b@solidstatelogic.com> <47272BD4.2090501@cnpapers.com> Message-ID: <47275FFB.6080002@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kevin Miller wrote: > Steve Campbell wrote: > >> Either I'm doing a very bad job of handling this, or they just >> want me for something else around here. I fight this about once >> every 6 months. > > Well, if they want a commercial offering, point them to FSL > (www.fsl.com) and get them to buy you a DefenderMX or BarricadeMX. > Good old MailScanner technology on steroids with a phone number > attached. You'll get a nifty appliance doing what you're already > doing and they get to sleep nights because they spent money. If it > costs it must be good, right? You don't have to tell 'em that > you're already doing most of what it does for free. BarricadeMX is very much more than what "you're already doing"! Well worth the investment, it will save you having to replace your hardware as mail volumes continue to grow. Jules > > I'm sure it wouldn't hurt Jule's or Steve's feelings if they sold > another unit either! > > ...Kevin Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJ1/7EfZZRxQVtlQRAvfhAKD+KRD0NE4n8l7V2TLq6a84bZAW3gCg7QZ7 PZF8dPZQ0jI34OVXN96vp1Q= =IY4Z -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Tue Oct 30 16:48:27 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Oct 30 16:49:39 2007 Subject: Configuration file not being read? In-Reply-To: <20071030161441.BCC5782009D@web01.tidc.grantstream.com> References: <20071030161441.BCC5782009D@web01.tidc.grantstream.com> Message-ID: <4727605B.8040109@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rob Starr wrote: > Thanks Julian, > > I've set those 4 setting to blank but "MailScanner --debug > --debug-sa" still shows "/usr/share/spamassassin" for default rules > dir. My understanding is that this line should say > "/var/lib/spamassassin/3.002003", right? No, just leave it alone to let it work it out for itself. > > Also, ls -lu shows my MailScanner.conf file is indeed being > accessed. > > When I set this: SpamAssassin Default Rules Dir = > /var/lib/spamassassin/3.002003 > > I get these errors: debug: Failed to parse line in SpamAssassin > configuration, skipping: include > updates_spamassassin_org/10_default_prefs.cf debug: Failed to parse > line in SpamAssassin configuration, skipping: include > updates_spamassassin_org/20_advance_fee.cf So don't set it then! :-) > ... > > > Rob Starr B.Eng > > -----Original Message----- From: > mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Julian Field Sent: October-30-07 10:57 AM To: MailScanner > discussion Subject: Re: Configuration file not being read? > > > > Rob Starr wrote: >> Hi there, > >> I'm using MailScanner 4.64.3 + Postfix + SpamAssassin 3.2.3. > >> I believe this is a MailScanner configuration problem. My issue >> is that spamassassin rules from sa-update are not being used (and >> I've verified they exist in /var/lib/spamassassin/3.002003). > >> A MailScanner lint test reports no issues. A SpamAssassin lint >> test also reports no issues, and shows the sa-update rules being >> used. Spamassassin -t /tmp/spam.sample shows the rules being >> used. > > >> "MailScanner --debug --debug-sa": >> --------------------------------- In Debugging mode, not >> forking... SpamAssassin temp dir = >> /var/spool/MailScanner/incoming/SpamAssassin-Temp debug: Score >> set 0 chosen. debug: running in taint mode? no debug: ignore: >> test message to precompile patterns and load modules debug: using >> "/usr/share/spamassassin" for default rules dir debug: using >> "/etc/mail/spamassassin" for site rules dir debug: using >> "/var/spool/postfix/.spamassassin/user_prefs" for user prefs file >> ... > >> /etc/MailScanner/MailScanner.conf snippet: >> ----------------------------------------- SpamAssassin Site Rules >> Dir = /etc/mail/spamassassin SpamAssassin Local Rules Dir = >> SpamAssassin Local State Dir = /var/lib/spamassassin SpamAssassin >> Default Rules Dir = > Set all those 4 settings to blank. It should pick up the right > places automatically anyway. > > Also, remember that the "last accessed" datestamp on a file can be > used to tell you if a config file is being used. A "ls -lu" will > show the last-accessed instead of last-modified stamps on each > file, so you can see if it is updated (and hence the file was read) > by any particular command. > > Jules > Jules - -- Julian Field MBCS CITP jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJ2BaEfZZRxQVtlQRAvGMAKC18m2vfm6pJ4/N8T8eBbiUKcavFQCfazoW aXX8xDjONBPwGkRE4K2ELmI= =JDxG -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From cornelius.koelbel at gmx.de Tue Oct 30 16:53:01 2007 From: cornelius.koelbel at gmx.de (=?ISO-8859-15?Q?Cornelius_K=F6lbel?=) Date: Tue Oct 30 16:53:24 2007 Subject: meta rules not working Message-ID: <4727616D.7090405@gmx.de> Hello, I tried adding some meta rules to /etc/Mailscanner/spam.assassin.prefs.conf (think this is the right location) like header __LOCAL_CKO_SEX1 Subject =~ /real/i header __LOCAL_CKO_SEX2 Subject =~ /Sex/i body __LOCAL_CKO_SEX3 /\bSex\b/ meta LOCAL_CKO_SEX ( __LOCAL_CKO_SEX1 && __LOCAL_CKO_SEX2 ) score LOCAL_CKO_SEX 4.0 but it seams these rules do not work out. What am I doing wrong? I am running mailscanner 4.57.6 on an ubuntu machine with mailwatch. Kind regards Cornelius -- Diese Nachricht wurde auf Viren und andere gef?hrliche Inhalte untersucht und ist - aktuelle Virenscanner vorausgesetzt - sauber. For all your IT requirements visit: http://www.transtec.co.uk From ka at pacific.net Tue Oct 30 17:46:12 2007 From: ka at pacific.net (Ken A) Date: Tue Oct 30 17:46:19 2007 Subject: My boss wants to try out a service provider for spam In-Reply-To: <47274013.4070300@cnpapers.com> References: <92c86bb59add194ca5b74d3921168c3b@solidstatelogic.com> <47272BD4.2090501@cnpapers.com> <47272DB2.30308@slackadelic.com> <472736AD.3090804@ecs.soton.ac.uk> <47274013.4070300@cnpapers.com> Message-ID: <47276DE4.9050807@pacific.net> Steve Campbell wrote: > Gosh, I must be really bad at this. Everyone is trying to switch us from > home-managed to someone else managed;-) > > Thanks for all the help so far (I think) Yeah, back to your old paper route! :-) If you have more than one domain, let them test it on a less used domain and see how it goes. Send it some spammy looking attachments that you've received, send it some real spam, etc. Try to whitelist something. Try to get funny filenames through like "this is the attachment i promised.doc.pdf". Then try to get it released from quarantine. There's nothing like proof. Ken > > steve > > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> As do the excellent Blacknight Solutions as well. They will happily >> have MailScanner scan your incoming mail feed for you, and at a >> fraction of the price of people like MessageLabs too. Give them a look >> at www.blacknight.ie or talk to Michele (nickname blacknight on the >> MailScanner IRC channel). >> >> I'm sure they could put a quote together for your boss. >> >> Matt Hayes wrote: >> >>> Steve, >>> >>> Where I work we do email scanning for spam and viruses. We do this >>> for quite a few clients. We do it for email domains we host and we >>> do it for email domains that just want the scanning done then hand >>> it off to their host. >>> >>> Works quite well. >>> >>> -Matt >>> >>> Steve Campbell wrote: >>> >>>> Thanks, Martin. >>>> >>>> I'm sort of trying to convince whoever is behind this that giving >>>> up control of our spam and virus checking is a bad idea. We're a >>>> newspaper, and actually publish two papers, a morning and evening >>>> paper. Not only do the reporters get information by email, but >>>> advertisers send ads in using email. The deadlines issue just >>>> won't fly with offsite email management. At least that's what >>>> I've been trying to tell them everytime this crops up. >>>> >>>> Either I'm doing a very bad job of handling this, or they just >>>> want me for something else around here. I fight this about once >>>> every 6 months. >>>> >>>> Steve >>>> >>>> Martin.Hepworth wrote: >>>> >>>>> Steve >>>>> >>>>> Hmm looks like cotentcatcher ONLY does spam - no mention >>>>> whatsoever of viruses! >>>>> >>>>> -- Martin Hepworth Snr Systems Administrator Solid State Logic >>>>> Tel: +44 (0)1865 842300 >>>>> >>>>> >>>>> >>>>>> -----Original Message----- From: >>>>>> mailscanner-bounces@lists.mailscanner.info >>>>>> [mailto:mailscanner- bounces@lists.mailscanner.info] On >>>>>> Behalf Of Martin.Hepworth Sent: 30 October 2007 08:48 To: >>>>>> MailScanner discussion Subject: RE: My boss wants to try out >>>>>> a service provider for spam >>>>>> >>>>>> Steve >>>>>> >>>>>> If you're looking for managed hosting the two I'd suggest are >>>>>> Postini (now owned by google) and Messagelabs. >>>>>> >>>>>> Never heard of content catcher. >>>>>> >>>>>> Fsl.com also do an appliance/software based installer that's >>>>>> based on MailScanner. Again this is managed by them so there >>>>>> little for you to worry about. >>>>>> >>>>>> -- Martin Hepworth Snr Systems Administrator Solid State >>>>>> Logic Tel: +44 (0)1865 842300 >>>>>> >>>>>> >>>>>> >>>>>>> -----Original Message----- From: >>>>>>> mailscanner-bounces@lists.mailscanner.info >>>>>>> [mailto:mailscanner- bounces@lists.mailscanner.info] On >>>>>>> Behalf Of Steve Campbell Sent: 29 October 2007 20:28 To: >>>>>>> mailscanner@lists.mailscanner.info Subject: My boss wants >>>>>>> to try out a service provider for spam >>>>>>> >>>>>>> My boss informed me that we might want to try out a >>>>>>> provider of spam content blocking. Has anyone ever dealt >>>>>>> with ContentCatcher? >>>>>>> >>>>>>> Thanks for any ideas, experiences, and the like. >>>>>>> >>>>>>> Steve Campbell >>>>>>> >>>>>>> -- MailScanner mailing list >>>>>>> mailscanner@lists.mailscanner.info >>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>> >>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>> >>>>>>> Support MailScanner development - buy the book off the >>>>>>> website! >>>>>>> >>>>>>> >>>>>> ********************************************************************** >>>>>> >>>>>> Confidentiality : This e-mail and any attachments are >>>>>> intended for the addressee only and may be confidential. If >>>>>> they come to you in error you must take no action based on >>>>>> them, nor must you copy or show them to anyone. Please advise >>>>>> the sender by replying to this e-mail immediately and then >>>>>> delete the original from your computer. Opinion : Any >>>>>> opinions expressed in this e-mail are entirely those of the >>>>>> author and unless specifically stated to the contrary, are >>>>>> not necessarily those of the author's employer. Security >>>>>> Warning : Internet e-mail is not necessarily a secure >>>>>> communications medium and can be subject to data corruption. >>>>>> We advise that you consider this fact when e-mailing us. >>>>>> Viruses : We have taken steps to ensure that this e-mail and >>>>>> any attachments are free from known viruses but in keeping >>>>>> with good computing practice, you should ensure that they are >>>>>> virus free. >>>>>> >>>>>> Red Lion 49 Ltd T/A Solid State Logic Registered as a limited >>>>>> company in England and Wales (Company No:5362730) Registered >>>>>> Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United >>>>>> Kingdom >>>>>> ********************************************************************** >>>>>> >>>>>> >>>>>> >>>>>> -- MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the >>>>>> website! >>>>>> >>>>>> >>>>> >>>>> ********************************************************************** >>>>> Confidentiality : This e-mail and any attachments are intended >>>>> for the addressee only and may be confidential. If they come to >>>>> you in error you must take no action based on them, nor must >>>>> you copy or show them to anyone. Please advise the sender by >>>>> replying to this e-mail immediately and then delete the >>>>> original from your computer. Opinion : Any opinions expressed >>>>> in this e-mail are entirely those of the author and unless >>>>> specifically stated to the contrary, are not necessarily those >>>>> of the author's employer. Security Warning : Internet e-mail is >>>>> not necessarily a secure communications medium and can be >>>>> subject to data corruption. We advise that you consider this >>>>> fact when e-mailing us. Viruses : We have taken steps to ensure >>>>> that this e-mail and any attachments are free from known >>>>> viruses but in keeping with good computing practice, you should >>>>> ensure that they are virus free. >>>>> >>>>> Red Lion 49 Ltd T/A Solid State Logic Registered as a limited >>>>> company in England and Wales (Company No:5362730) Registered >>>>> Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United >>>>> Kingdom >>>>> ********************************************************************** >>>>> >>>>> >>>>> >>>>> >> >> Jules >> >> - -- >> Julian Field MEng CITP >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> For all your IT requirements visit www.transtec.co.uk >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.7 (Darwin) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org >> >> iD8DBQFHJzasEfZZRxQVtlQRAhQoAKDxlnceIrhmhoQGN9td0BxBCpNgzQCdEKhp >> xJwSrv6vb/WBGF0kJ8B1q1U= >> =uoim >> -----END PGP SIGNATURE----- >> >> >> > -- Ken Anderson Pacific.Net From uxbod at splatnix.net Tue Oct 30 18:01:56 2007 From: uxbod at splatnix.net (UxBoD) Date: Tue Oct 30 18:06:30 2007 Subject: meta rules not working In-Reply-To: <4727616D.7090405@gmx.de> Message-ID: <18420548.1941193767316636.JavaMail.root@office.splatnix.net> why are you adding them into that file? just create a local_rules.cf file and put in your SA rules directory. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Cornelius K?lbel" To: "MailScanner discussion" Sent: Tuesday, October 30, 2007 4:53:01 PM (GMT) Europe/London Subject: meta rules not working Hello, I tried adding some meta rules to /etc/Mailscanner/spam.assassin.prefs.conf (think this is the right location) like header __LOCAL_CKO_SEX1 Subject =~ /real/i header __LOCAL_CKO_SEX2 Subject =~ /Sex/i body __LOCAL_CKO_SEX3 /\bSex\b/ meta LOCAL_CKO_SEX ( __LOCAL_CKO_SEX1 && __LOCAL_CKO_SEX2 ) score LOCAL_CKO_SEX 4.0 but it seams these rules do not work out. What am I doing wrong? I am running mailscanner 4.57.6 on an ubuntu machine with mailwatch. Kind regards Cornelius -- Diese Nachricht wurde auf Viren und andere gef?hrliche Inhalte untersucht und ist - aktuelle Virenscanner vorausgesetzt - sauber. For all your IT requirements visit: http://www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Oct 30 18:28:52 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Oct 30 18:29:53 2007 Subject: meta rules not working In-Reply-To: <18420548.1941193767316636.JavaMail.root@office.splatnix.net> References: <18420548.1941193767316636.JavaMail.root@office.splatnix.net> Message-ID: <472777E4.7020003@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 UxBoD wrote: > why are you adding them into that file? just create a > local_rules.cf file and put in your SA rules directory. which is probably /etc/mail/spamassassin. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJ3fkEfZZRxQVtlQRAlcvAKCbi+aII4LSOxLTlZDnypOAOMjBYQCeLNCM 9E21Pucn2ursUSV8aTV4qLo= =pSHP -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From Kevin_Miller at ci.juneau.ak.us Tue Oct 30 18:48:39 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Oct 30 18:48:02 2007 Subject: My boss wants to try out a service provider for spam In-Reply-To: <47275FFB.6080002@ecs.soton.ac.uk> References: <92c86bb59add194ca5b74d3921168c3b@solidstatelogic.com> <47272BD4.2090501@cnpapers.com> <47275FFB.6080002@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > BarricadeMX is very much more than what "you're already doing"! > Well worth the investment, it will save you having to replace your > hardware as mail volumes continue to grow. Yes, I should have been clearer. DefenderMX was what I was thinking of primarily... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From Jeff.Mills at versacold.com.au Wed Oct 31 00:25:04 2007 From: Jeff.Mills at versacold.com.au (Jeff Mills) Date: Wed Oct 31 00:25:22 2007 Subject: Mailscanner seg fault Message-ID: I just noticed that one of my mailscanner processes keeps segfaulting. I have done a debug, but I cannot find anything valuable. It appears to fault after auto-learn. Anyone know where I can look next to work this out? [7219] dbg: check: tests=BOTNET,BOTNET_CLIENT,BOTNET_IPINHOSTNAME,RDNS_DYNAMIC [7219] dbg: check: subtests=__CT,__CTYPE_HAS_BOUNDARY,__DOS_BODY_WED,__DOS_HAS_ANY_URI,__DO S_RCVD_WED,__DOS_REF_TODAY,__DOS_RELAYED_EXT,__FB_S_PRICE,__FM_MY_PRICE, __HAS_ANY_EMAIL,__HAS_ANY_URI,__HAS_MSGID,__HAS_RCVD,__HAS_SUBJECT,__HAS _X_MAILER,__HS_SUBJ_UC_FW,__LAST_UNTRUSTED_RELAY_NO_AUTH,__MIME_ATTACHME NT,__MIME_QP,__MIME_VERSION,__MISSING_REF,__MSGID_OK_HEX,__MSGID_OK_HOST ,__NONEMPTY_BODY,__PART_STOCK_CD_F,__RDNS_DYNAMIC_IPADDR,__SANE_MSGID,__ SARE_BODY_BLANKS_5_100,__SARE_BODY_BLNK_5_100,__SARE_HEAD_MIME_VALID,__S ARE_HTML_URR_MAILTO,__SARE_META_MURTY3,__SARE_SUB_OBFU_USCORE,__SARE_URI _ANY,__SARE_WHITELIST_FLAG,__TOCC_EXISTS,__TVD_BODY,__TVD_MIME_ATT_TP,__ TVD_MIME_CT_MM,__XM_MS_IN_GENERAL [7219] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=3.12, head-points=3.12, learned-points=0 [7219] dbg: learn: auto-learn? no: inside auto-learn thresholds, not considered ham or spam Segmentation fault From Jeff.Mills at versacold.com.au Wed Oct 31 00:45:46 2007 From: Jeff.Mills at versacold.com.au (Jeff Mills) Date: Wed Oct 31 00:46:01 2007 Subject: Mailscanner seg fault Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Jeff Mills > Sent: Wednesday, 31 October 2007 11:25 AM > To: MailScanner discussion > Subject: Mailscanner seg fault > > I just noticed that one of my mailscanner processes keeps segfaulting. > I have done a debug, but I cannot find anything valuable. > It appears to fault after auto-learn. > > Anyone know where I can look next to work this out? For future reference, fixed by clearing spamassassin cache. From glenn.steen at gmail.com Wed Oct 31 00:51:41 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Oct 31 00:51:44 2007 Subject: Mailscanner seg fault In-Reply-To: References: Message-ID: <223f97700710301751p632bcb4bue2492572b8b73ae3@mail.gmail.com> On 31/10/2007, Jeff Mills wrote: > I just noticed that one of my mailscanner processes keeps segfaulting. > I have done a debug, but I cannot find anything valuable. > It appears to fault after auto-learn. > > Anyone know where I can look next to work this out? > > > [7219] dbg: check: > tests=BOTNET,BOTNET_CLIENT,BOTNET_IPINHOSTNAME,RDNS_DYNAMIC > [7219] dbg: check: > subtests=__CT,__CTYPE_HAS_BOUNDARY,__DOS_BODY_WED,__DOS_HAS_ANY_URI,__DO > S_RCVD_WED,__DOS_REF_TODAY,__DOS_RELAYED_EXT,__FB_S_PRICE,__FM_MY_PRICE, > __HAS_ANY_EMAIL,__HAS_ANY_URI,__HAS_MSGID,__HAS_RCVD,__HAS_SUBJECT,__HAS > _X_MAILER,__HS_SUBJ_UC_FW,__LAST_UNTRUSTED_RELAY_NO_AUTH,__MIME_ATTACHME > NT,__MIME_QP,__MIME_VERSION,__MISSING_REF,__MSGID_OK_HEX,__MSGID_OK_HOST > ,__NONEMPTY_BODY,__PART_STOCK_CD_F,__RDNS_DYNAMIC_IPADDR,__SANE_MSGID,__ > SARE_BODY_BLANKS_5_100,__SARE_BODY_BLNK_5_100,__SARE_HEAD_MIME_VALID,__S > ARE_HTML_URR_MAILTO,__SARE_META_MURTY3,__SARE_SUB_OBFU_USCORE,__SARE_URI > _ANY,__SARE_WHITELIST_FLAG,__TOCC_EXISTS,__TVD_BODY,__TVD_MIME_ATT_TP,__ > TVD_MIME_CT_MM,__XM_MS_IN_GENERAL > [7219] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=3.12, > head-points=3.12, learned-points=0 > [7219] dbg: learn: auto-learn? no: inside auto-learn thresholds, not > considered ham or spam > Segmentation fault > Check the validity of your bayes db, perhaps start by dumping magic... As with all sigsegv errors... could be anything... even RAM gone bad.... but if it is consistent, check the obvious culprits first. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Oct 31 00:53:32 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Oct 31 00:53:35 2007 Subject: Mailscanner seg fault In-Reply-To: References: Message-ID: <223f97700710301753q6fa063b2g94d40a4c36c80ac1@mail.gmail.com> On 31/10/2007, Jeff Mills wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Jeff Mills > > Sent: Wednesday, 31 October 2007 11:25 AM > > To: MailScanner discussion > > Subject: Mailscanner seg fault > > > > I just noticed that one of my mailscanner processes keeps segfaulting. > > I have done a debug, but I cannot find anything valuable. > > It appears to fault after auto-learn. > > > > Anyone know where I can look next to work this out? > > For future reference, fixed by clearing spamassassin cache. Ah. Another "obvious culprit";-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From donpool at gmail.com Wed Oct 31 03:51:29 2007 From: donpool at gmail.com (Paul Bernal) Date: Wed Oct 31 03:54:38 2007 Subject: Receive - scan and forward to other domain name Message-ID: <4727FBC1.2060704@gmail.com> Hi everyone, I readed this http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:setup_a_gateway setup a gateway explanation on how to receive - scan and forward an email sent to some domain... But what I need is: * Receive an email to sameuser@onedomain.com on a MailScanner box * MailScan this message * Forward it to sameuser@otherdomain.com where otherdomain.com it's an extra local-box expecting to receive emails to anyuser@otherdomain.com There's a way to do this ? Thank's in advance don pool From mailscanner at mckerrs.net Wed Oct 31 05:12:46 2007 From: mailscanner at mckerrs.net (Mailscanner) Date: Wed Oct 31 05:12:53 2007 Subject: Receive - scan and forward to other domain name In-Reply-To: <4727FBC1.2060704@gmail.com> Message-ID: <14183598.111193807566742.JavaMail.root@zimbra.mckerrs.net> ----- Original Message ----- From: "Paul Bernal" To: mailscanner@lists.mailscanner.info Sent: Wednesday, October 31, 2007 1:51:29 PM (GMT+1000) Australia/Brisbane Subject: Receive - scan and forward to other domain name Hi everyone, I readed this http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:setup_a_gateway setup a gateway explanation on how to receive - scan and forward an email sent to some domain... But what I need is: * Receive an email to sameuser@onedomain.com on a MailScanner box * MailScan this message * Forward it to sameuser@otherdomain.com where otherdomain.com it's an extra local-box expecting to receive emails to anyuser@otherdomain.com There's a way to do this ? Thank's in advance don pool -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! I'm not sure I understand why you would want to do this. I'm guessing you have the MX records for the 'otherdomain.com' pointing at the same server as 'onedomain.com' ? or do you only advertise 1 domain with an MX record ? I'm not sure what value there is in having 2 domains to do this as there is only really one in use ? Wouldn't you be better to just have 1 advertised domain and reduce the complexity by only have one final mail server for that domain ? I must be missing something. As far as your question goes...........I dont think you can do this with mailscanner, it is more of an MTA function. I use postfix and it can do all sort of address rewriting (as I'm sure most decent MTAs can). I use a transport map to direct any email destined for a certain domain to be routed to that domains email server. Which MTA are you using ? Cheers. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071031/0fdbae14/attachment.html From hvdkooij at vanderkooij.org Wed Oct 31 06:27:47 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Oct 31 06:27:30 2007 Subject: Mailscanner seg fault In-Reply-To: <223f97700710301751p632bcb4bue2492572b8b73ae3@mail.gmail.com> References: <223f97700710301751p632bcb4bue2492572b8b73ae3@mail.gmail.com> Message-ID: <47282063.5090501@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: > Check the validity of your bayes db, perhaps start by dumping magic... > As with all sigsegv errors... could be anything... even RAM gone > bad.... but if it is consistent, check the obvious culprits first. Glenn, Do you, or some one else, happen to have the list of usual suspects? I noticed there isn't one on the MailScanner wiki pages. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHKCBgBvzDRVjxmYERAmfJAJ9U7dLpMLgJGglAQVxwqI+7dSBrPACgmwOK GgKwA293ArzYIwuT8gCAVJE= =HCH4 -----END PGP SIGNATURE----- From glenn.steen at gmail.com Wed Oct 31 07:51:36 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Oct 31 07:51:39 2007 Subject: Mailscanner seg fault In-Reply-To: <47282063.5090501@vanderkooij.org> References: <223f97700710301751p632bcb4bue2492572b8b73ae3@mail.gmail.com> <47282063.5090501@vanderkooij.org> Message-ID: <223f97700710310051k47de9fd2kc07948694982c86@mail.gmail.com> On 31/10/2007, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Glenn Steen wrote: > > > Check the validity of your bayes db, perhaps start by dumping magic... > > As with all sigsegv errors... could be anything... even RAM gone > > bad.... but if it is consistent, check the obvious culprits first. > > Glenn, > > Do you, or some one else, happen to have the list of usual suspects? > I noticed there isn't one on the MailScanner wiki pages. > > Hugo. > Only in my head:-). There is some info in the troubleshooting section, but nothing that specific... We'll just have to do something about that;-). Will perhaps have time to look at starting a stub page later today. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Q.G.Campbell at newcastle.ac.uk Wed Oct 31 08:22:06 2007 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Wed Oct 31 08:30:33 2007 Subject: INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: .... Message-ID: <4165CF7A7F12DE4B96622CCBB90586470BFEB06C@largo.campus.ncl.ac.uk> I am running eight mail gateways with MailScanner-4.62.9-2 using 'clamavmodule' (Mail-ClamAV-0.20 & ClamAV 0.91.2). However only seeing "INFECTED:: Phishing.Heuristics.Email.SpoofedDomain::" on two of them and many of these look like false positives. Cannot see why only two systems doing this as all eight gateways are equal preference MX hosts for our domains and share the same type of mail traffic. Any pointers to where else I might look would be appreciated. Thanks Quentin --- PHONE: +44 191 222 8209??? Information Systems and Services (ISS), ?????????????????????????? Newcastle University, ?????????????????????????? Newcastle upon Tyne, FAX:?? +44 191 222 8765??? United Kingdom, NE1 7RU. ------------------------------------------------------------------------ From list-mailscanner at linguaphone.com Wed Oct 31 09:23:20 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Oct 31 09:23:25 2007 Subject: INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: .... In-Reply-To: <4165CF7A7F12DE4B96622CCBB90586470BFEB06C@largo.campus.ncl.ac.uk> References: <4165CF7A7F12DE4B96622CCBB90586470BFEB06C@largo.campus.ncl.ac.uk> Message-ID: <1193822600.12272.1.camel@gblades-suse.linguaphone-intranet.co.uk> Its caused by a new feature in clamav with an incorrect default setting. You need to either update MailScanner to include the new scanning option or switch to clamd. On Wed, 2007-10-31 at 08:22, Quentin Campbell wrote: > I am running eight mail gateways with MailScanner-4.62.9-2 using 'clamavmodule' (Mail-ClamAV-0.20 & ClamAV 0.91.2). > > However only seeing "INFECTED:: Phishing.Heuristics.Email.SpoofedDomain::" on two of them and many of these look like false positives. > > Cannot see why only two systems doing this as all eight gateways are equal preference MX hosts for our domains and share the same type of mail traffic. > > Any pointers to where else I might look would be appreciated. > > Thanks > > Quentin > --- > PHONE: +44 191 222 8209 Information Systems and Services (ISS), > Newcastle University, > Newcastle upon Tyne, > FAX: +44 191 222 8765 United Kingdom, NE1 7RU. > ------------------------------------------------------------------------ From Q.G.Campbell at newcastle.ac.uk Wed Oct 31 10:11:09 2007 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Wed Oct 31 10:11:57 2007 Subject: INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: .... In-Reply-To: <1193822600.12272.1.camel@gblades-suse.linguaphone-intranet.co.uk> References: <4165CF7A7F12DE4B96622CCBB90586470BFEB06C@largo.campus.ncl.ac.uk> <1193822600.12272.1.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <4165CF7A7F12DE4B96622CCBB90586470BFEB0B7@largo.campus.ncl.ac.uk> Gareth If that is the problem is does not account for why I only see it on 2 out of 8 otherwise identical MX hosts, all running with the same version of MS, ClamAV-Module, ndb files in /usr/local/share/clamav, etc. I will install the latest BETA version of MS on one of the 2 machines and see what happens. Thanks Quentin >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >bounces@lists.mailscanner.info] On Behalf Of Gareth >Sent: 31 October 2007 09:23 >To: MailScanner discussion >Subject: RE: INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: .... > >Its caused by a new feature in clamav with an incorrect default setting. >You need to either update MailScanner to include the new scanning option >or switch to clamd. > >On Wed, 2007-10-31 at 08:22, Quentin Campbell wrote: >> I am running eight mail gateways with MailScanner-4.62.9-2 using >'clamavmodule' (Mail-ClamAV-0.20 & ClamAV 0.91.2). >> >> However only seeing "INFECTED:: >Phishing.Heuristics.Email.SpoofedDomain::" on two of them and many of >these look like false positives. >> >> Cannot see why only two systems doing this as all eight gateways are >equal preference MX hosts for our domains and share the same type of >mail traffic. >> >> Any pointers to where else I might look would be appreciated. >> >> Thanks >> >> Quentin >> --- >> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> Newcastle University, >> Newcastle upon Tyne, >> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >> ---------------------------------------------------------------------- >-- > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From list-mailscanner at linguaphone.com Wed Oct 31 10:26:38 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Oct 31 10:26:50 2007 Subject: INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: .... In-Reply-To: <4165CF7A7F12DE4B96622CCBB90586470BFEB0B7@largo.campus.ncl.ac.uk> References: <4165CF7A7F12DE4B96622CCBB90586470BFEB06C@largo.campus.ncl.ac.uk> <1193822600.12272.1.camel@gblades-suse.linguaphone-intranet.co.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB0B7@largo.campus.ncl.ac.uk> Message-ID: <1193826398.12275.7.camel@gblades-suse.linguaphone-intranet.co.uk> The fault is equivilent to scanning mail with the --no-phishing-restrictedscan clamscan option. The update to mailscanner disabled this option as the author of the clamavmodule made an error and had this option enabled as the default option. I am not 100% sure whether the mailscanner fix came out in 4.62 or 4.63 but I believe it was the latter. On Wed, 2007-10-31 at 10:11, Quentin Campbell wrote: > Gareth > > If that is the problem is does not account for why I only see it on 2 > out of 8 otherwise identical MX hosts, all running with the same version > of MS, ClamAV-Module, ndb files in /usr/local/share/clamav, etc. > > I will install the latest BETA version of MS on one of the 2 machines > and see what happens. > > Thanks > > Quentin > > >-----Original Message----- > >From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >bounces@lists.mailscanner.info] On Behalf Of Gareth > >Sent: 31 October 2007 09:23 > >To: MailScanner discussion > >Subject: RE: INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: .... > > > >Its caused by a new feature in clamav with an incorrect default > setting. > >You need to either update MailScanner to include the new scanning > option > >or switch to clamd. > > > >On Wed, 2007-10-31 at 08:22, Quentin Campbell wrote: > >> I am running eight mail gateways with MailScanner-4.62.9-2 using > >'clamavmodule' (Mail-ClamAV-0.20 & ClamAV 0.91.2). > >> > >> However only seeing "INFECTED:: > >Phishing.Heuristics.Email.SpoofedDomain::" on two of them and many of > >these look like false positives. > >> > >> Cannot see why only two systems doing this as all eight gateways are > >equal preference MX hosts for our domains and share the same type of > >mail traffic. > >> > >> Any pointers to where else I might look would be appreciated. > >> > >> Thanks > >> > >> Quentin > >> --- > >> PHONE: +44 191 222 8209 Information Systems and Services (ISS), > >> Newcastle University, > >> Newcastle upon Tyne, > >> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. > >> > ---------------------------------------------------------------------- > >-- > > > >-- > >MailScanner mailing list > >mailscanner@lists.mailscanner.info > >http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > >Before posting, read http://wiki.mailscanner.info/posting > > > >Support MailScanner development - buy the book off the website! From Q.G.Campbell at newcastle.ac.uk Wed Oct 31 11:28:50 2007 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Wed Oct 31 11:36:10 2007 Subject: INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: .... In-Reply-To: <1193826398.12275.7.camel@gblades-suse.linguaphone-intranet.co.uk> References: <4165CF7A7F12DE4B96622CCBB90586470BFEB06C@largo.campus.ncl.ac.uk><1193822600.12272.1.camel@gblades-suse.linguaphone-intranet.co.uk><4165CF7A7F12DE4B96622CCBB90586470BFEB0B7@largo.campus.ncl.ac.uk> <1193826398.12275.7.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <4165CF7A7F12DE4B96622CCBB90586470BFEB0F3@largo.campus.ncl.ac.uk> Gareth I have upgraded to MS BETA 4.65.1-1 one of the 2 hosts that were generating the "INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: ...." records. In place of the Oct 31 10:12:37 cheviot2 MailScanner[31346]: INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: ./l9VACFW4011070/ records I now get (although fewer of them so far) Oct 31 11:01:16 cheviot2 MailScanner[18379]: ClamAV Module::INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: ./l9VB0vFK005532/ records. I assume this means that I am getting far fewer false positives now? Quentin >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >bounces@lists.mailscanner.info] On Behalf Of Gareth >Sent: 31 October 2007 10:27 >To: MailScanner discussion >Subject: RE: INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: .... > >The fault is equivilent to scanning mail with the >--no-phishing-restrictedscan clamscan option. The update to mailscanner >disabled this option as the author of the clamavmodule made an error and >had this option enabled as the default option. > >I am not 100% sure whether the mailscanner fix came out in 4.62 or 4.63 >but I believe it was the latter. > >On Wed, 2007-10-31 at 10:11, Quentin Campbell wrote: >> Gareth >> >> If that is the problem is does not account for why I only see it on 2 >> out of 8 otherwise identical MX hosts, all running with the same >version >> of MS, ClamAV-Module, ndb files in /usr/local/share/clamav, etc. >> >> I will install the latest BETA version of MS on one of the 2 machines >> and see what happens. >> >> Thanks >> >> Quentin >> >> >-----Original Message----- >> >From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> >bounces@lists.mailscanner.info] On Behalf Of Gareth >> >Sent: 31 October 2007 09:23 >> >To: MailScanner discussion >> >Subject: RE: INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: >.... >> > >> >Its caused by a new feature in clamav with an incorrect default >> setting. >> >You need to either update MailScanner to include the new scanning >> option >> >or switch to clamd. >> > >> >On Wed, 2007-10-31 at 08:22, Quentin Campbell wrote: >> >> I am running eight mail gateways with MailScanner-4.62.9-2 using >> >'clamavmodule' (Mail-ClamAV-0.20 & ClamAV 0.91.2). >> >> >> >> However only seeing "INFECTED:: >> >Phishing.Heuristics.Email.SpoofedDomain::" on two of them and many of >> >these look like false positives. >> >> >> >> Cannot see why only two systems doing this as all eight gateways >are >> >equal preference MX hosts for our domains and share the same type of >> >mail traffic. >> >> >> >> Any pointers to where else I might look would be appreciated. >> >> >> >> Thanks >> >> >> >> Quentin >> >> --- >> >> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >> >> Newcastle University, >> >> Newcastle upon Tyne, >> >> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >> >> >> ---------------------------------------------------------------------- >> >-- >> > >> >-- >> >MailScanner mailing list >> >mailscanner@lists.mailscanner.info >> >http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> >Before posting, read http://wiki.mailscanner.info/posting >> > >> >Support MailScanner development - buy the book off the website! > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From rstarr at grantstream.com Wed Oct 31 12:02:55 2007 From: rstarr at grantstream.com (Rob Starr) Date: Wed Oct 31 12:03:25 2007 Subject: Configuration file not being read? In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA01FD0109@HC-MBX02.herefordshire.gov.uk> Message-ID: <20071031120117.E09488200A1@web01.tidc.grantstream.com> Hi Phil, Turns out that there was an old version of SpamAssassin being used by MailScanner causing the issue. Once I installed SpamAssassin 3.2.3 from a tarball, things are working again. Thanks for you help! _____________________________ Rob Starr B.Eng -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal, Phil Sent: October-30-07 12:46 PM To: MailScanner discussion Subject: RE: Configuration file not being read? Rob, Is it at all possible that you're still somehow running an ancient version of MailScanner which isn't passing SpamAssassin Local State Dir to SA? The key setting is SpamAssassin Local State Dir = /var/lib/spamassassin (pre SA 3.1.4 (I think, too lazy to look up my previous posts on this subject, it would have been /var/lib) Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Rob Starr > Sent: 30 October 2007 16:16 > To: 'MailScanner discussion' > Subject: RE: Configuration file not being read? > > Thanks Julian, > > I've set those 4 setting to blank but "MailScanner --debug > --debug-sa" still > shows "/usr/share/spamassassin" for default rules dir. My > understanding is > that this line should say "/var/lib/spamassassin/3.002003", right? > > Also, ls -lu shows my MailScanner.conf file is indeed being accessed. > > When I set this: > SpamAssassin Default Rules Dir = /var/lib/spamassassin/3.002003 > > I get these errors: > debug: Failed to parse line in SpamAssassin configuration, > skipping: include > updates_spamassassin_org/10_default_prefs.cf > debug: Failed to parse line in SpamAssassin configuration, > skipping: include > updates_spamassassin_org/20_advance_fee.cf > ... > > > Rob Starr B.Eng > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian > Field > Sent: October-30-07 10:57 AM > To: MailScanner discussion > Subject: Re: Configuration file not being read? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Rob Starr wrote: > > Hi there, > > > > I'm using MailScanner 4.64.3 + Postfix + SpamAssassin 3.2.3. > > > > I believe this is a MailScanner configuration problem. My issue is > > that spamassassin rules from sa-update are not being used (and I've > > verified they exist in /var/lib/spamassassin/3.002003). > > > > A MailScanner lint test reports no issues. A SpamAssassin lint > > test also reports no issues, and shows the sa-update rules being > > used. Spamassassin -t /tmp/spam.sample shows the rules being used. > > > > > > "MailScanner --debug --debug-sa": --------------------------------- > > In Debugging mode, not forking... SpamAssassin temp dir = > > /var/spool/MailScanner/incoming/SpamAssassin-Temp debug: Score set > > 0 chosen. debug: running in taint mode? no debug: ignore: test > > message to precompile patterns and load modules debug: using > > "/usr/share/spamassassin" for default rules dir debug: using > > "/etc/mail/spamassassin" for site rules dir debug: using > > "/var/spool/postfix/.spamassassin/user_prefs" for user prefs file > > ... > > > > /etc/MailScanner/MailScanner.conf snippet: > > ----------------------------------------- SpamAssassin Site Rules > > Dir = /etc/mail/spamassassin SpamAssassin Local Rules Dir = > > SpamAssassin Local State Dir = /var/lib/spamassassin SpamAssassin > > Default Rules Dir = > Set all those 4 settings to blank. It should pick up the right places > automatically anyway. > > Also, remember that the "last accessed" datestamp on a file can be > used to tell you if a config file is being used. A "ls -lu" will show > the last-accessed instead of last-modified stamps on each file, so you > can see if it is updated (and hence the file was read) by any > particular command. > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFHJ0Y6EfZZRxQVtlQRArKpAKD7mdw6IEUQxnFV+l4CT0bPSGBJiQCgmwIm > XY9y+OMPSl+epiPYYySMV5U= > =Sni7 > -----END PGP SIGNATURE----- > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From list-mailscanner at linguaphone.com Wed Oct 31 11:47:39 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Oct 31 12:20:09 2007 Subject: INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: .... In-Reply-To: <4165CF7A7F12DE4B96622CCBB90586470BFEB0F3@largo.campus.ncl.ac.uk> References: <4165CF7A7F12DE4B96622CCBB90586470BFEB06C@largo.campus.ncl.ac.uk> <1193822600.12272.1.camel@gblades-suse.linguaphone-intranet.co.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB0B7@largo.campus.ncl.ac.uk> <1193826398.12275.7.camel@gblades-suse.linguaphone-intranet.co.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB0F3@largo.campus.ncl.ac.uk> Message-ID: <1193831259.12273.10.camel@gblades-suse.linguaphone-intranet.co.uk> Yes that looks better. It should now be looking for spoofed domains from certain domains only and not all. I get about 2 of these hits in approx 500 spams a day so some hits are normal. On Wed, 2007-10-31 at 11:28, Quentin Campbell wrote: > Gareth > > I have upgraded to MS BETA 4.65.1-1 one of the 2 hosts that were > generating the "INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: > ...." records. > > In place of the > > Oct 31 10:12:37 cheviot2 MailScanner[31346]: INFECTED:: > Phishing.Heuristics.Email.SpoofedDomain:: ./l9VACFW4011070/ > > records I now get (although fewer of them so far) > > Oct 31 11:01:16 cheviot2 MailScanner[18379]: ClamAV Module::INFECTED:: > Phishing.Heuristics.Email.SpoofedDomain:: ./l9VB0vFK005532/ > > records. I assume this means that I am getting far fewer false positives > now? > > Quentin > > >-----Original Message----- > >From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >bounces@lists.mailscanner.info] On Behalf Of Gareth > >Sent: 31 October 2007 10:27 > >To: MailScanner discussion > >Subject: RE: INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: .... > > > >The fault is equivilent to scanning mail with the > >--no-phishing-restrictedscan clamscan option. The update to mailscanner > >disabled this option as the author of the clamavmodule made an error > and > >had this option enabled as the default option. > > > >I am not 100% sure whether the mailscanner fix came out in 4.62 or 4.63 > >but I believe it was the latter. > > > >On Wed, 2007-10-31 at 10:11, Quentin Campbell wrote: > >> Gareth > >> > >> If that is the problem is does not account for why I only see it on 2 > >> out of 8 otherwise identical MX hosts, all running with the same > >version > >> of MS, ClamAV-Module, ndb files in /usr/local/share/clamav, etc. > >> > >> I will install the latest BETA version of MS on one of the 2 machines > >> and see what happens. > >> > >> Thanks > >> > >> Quentin > >> > >> >-----Original Message----- > >> >From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > >> >bounces@lists.mailscanner.info] On Behalf Of Gareth > >> >Sent: 31 October 2007 09:23 > >> >To: MailScanner discussion > >> >Subject: RE: INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: > >.... > >> > > >> >Its caused by a new feature in clamav with an incorrect default > >> setting. > >> >You need to either update MailScanner to include the new scanning > >> option > >> >or switch to clamd. > >> > > >> >On Wed, 2007-10-31 at 08:22, Quentin Campbell wrote: > >> >> I am running eight mail gateways with MailScanner-4.62.9-2 using > >> >'clamavmodule' (Mail-ClamAV-0.20 & ClamAV 0.91.2). > >> >> > >> >> However only seeing "INFECTED:: > >> >Phishing.Heuristics.Email.SpoofedDomain::" on two of them and many > of > >> >these look like false positives. > >> >> > >> >> Cannot see why only two systems doing this as all eight gateways > >are > >> >equal preference MX hosts for our domains and share the same type of > >> >mail traffic. > >> >> > >> >> Any pointers to where else I might look would be appreciated. > >> >> > >> >> Thanks > >> >> > >> >> Quentin > >> >> --- > >> >> PHONE: +44 191 222 8209 Information Systems and Services (ISS), > >> >> Newcastle University, > >> >> Newcastle upon Tyne, > >> >> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. > >> >> > >> > ---------------------------------------------------------------------- > >> >-- > >> > > >> >-- > >> >MailScanner mailing list > >> >mailscanner@lists.mailscanner.info > >> >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > > >> >Before posting, read http://wiki.mailscanner.info/posting > >> > > >> >Support MailScanner development - buy the book off the website! > > > >-- > >MailScanner mailing list > >mailscanner@lists.mailscanner.info > >http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > >Before posting, read http://wiki.mailscanner.info/posting > > > >Support MailScanner development - buy the book off the website! From Q.G.Campbell at newcastle.ac.uk Wed Oct 31 13:45:31 2007 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Wed Oct 31 13:49:52 2007 Subject: Warning: MS log record format changes in 4.65.1 BETA In-Reply-To: <4165CF7A7F12DE4B96622CCBB90586470BFEB0F3@largo.campus.ncl.ac.uk> References: <4165CF7A7F12DE4B96622CCBB90586470BFEB06C@largo.campus.ncl.ac.uk><1193822600.12272.1.camel@gblades-suse.linguaphone-intranet.co.uk><4165CF7A7F12DE4B96622CCBB90586470BFEB0B7@largo.campus.ncl.ac.uk><1193826398.12275.7.camel@gblades-suse.linguaphone-intranet.co.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB0F3@largo.campus.ncl.ac.uk> Message-ID: <4165CF7A7F12DE4B96622CCBB90586470BFEB158@largo.campus.ncl.ac.uk> Julian It appears that 4.65.1-1 changes the format of log records for ClamAV Module. I suspect this will catch out log processing scripts. In 4.62.9-2 and earlier I saw records similar to: Oct 27 16:58:31 cheviot4 MailScanner[12044]: INFECTED:: MSRBL-Images/3-0-whep:: ./l9RFw72q032134/pills.gif Oct 27 17:10:20 cheviot4 MailScanner[3195]: INFECTED:: Email.Phishing.RB-1802:: ./l9RG9t87003928/ Oct 27 17:10:41 cheviot4 MailScanner[3215]: INFECTED:: Html.Phishing.Bank.Sanesecurity.06030707:: ./l9RGAQeq004535/ or going back a few months Jun 11 12:12:59 cheviot4 MailScanner[28551]: ClamAVModule::INFECTED:: Worm.Mydoom.M:: ./l5BBChGt030131/ATTACHMENT.SCR With 4.65.1-1 BETA, I now see the last few fields moved right one place because the phrase "ClamAVModule::INFECTED::" is now split as in Oct 31 11:37:06 cheviot2 MailScanner[9758]: ClamAV Module::INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: ./l9VBaefJ002190/ Oct 31 11:07:55 cheviot4 MailScanner[30204]: ClamAV Module::INFECTED:: Worm.Bagle.GV:: ./l9VB7b0K018893/latest_price31-Oct-2007.zip Quentin >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >bounces@lists.mailscanner.info] On Behalf Of Quentin Campbell >Sent: 31 October 2007 11:29 >To: MailScanner discussion >Subject: RE: INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: .... > >Gareth > >I have upgraded to MS BETA 4.65.1-1 one of the 2 hosts that were >generating the "INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: >...." records. > >In place of the > >Oct 31 10:12:37 cheviot2 MailScanner[31346]: INFECTED:: >Phishing.Heuristics.Email.SpoofedDomain:: ./l9VACFW4011070/ > >records I now get (although fewer of them so far) > >Oct 31 11:01:16 cheviot2 MailScanner[18379]: ClamAV Module::INFECTED:: >Phishing.Heuristics.Email.SpoofedDomain:: ./l9VB0vFK005532/ > >records. I assume this means that I am getting far fewer false positives >now? > >Quentin > >>-----Original Message----- >>From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>bounces@lists.mailscanner.info] On Behalf Of Gareth >>Sent: 31 October 2007 10:27 >>To: MailScanner discussion >>Subject: RE: INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: .... >> >>The fault is equivilent to scanning mail with the >>--no-phishing-restrictedscan clamscan option. The update to mailscanner >>disabled this option as the author of the clamavmodule made an error >and >>had this option enabled as the default option. >> >>I am not 100% sure whether the mailscanner fix came out in 4.62 or 4.63 >>but I believe it was the latter. >> >>On Wed, 2007-10-31 at 10:11, Quentin Campbell wrote: >>> Gareth >>> >>> If that is the problem is does not account for why I only see it on 2 >>> out of 8 otherwise identical MX hosts, all running with the same >>version >>> of MS, ClamAV-Module, ndb files in /usr/local/share/clamav, etc. >>> >>> I will install the latest BETA version of MS on one of the 2 machines >>> and see what happens. >>> >>> Thanks >>> >>> Quentin >>> >>> >-----Original Message----- >>> >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner- >>> >bounces@lists.mailscanner.info] On Behalf Of Gareth >>> >Sent: 31 October 2007 09:23 >>> >To: MailScanner discussion >>> >Subject: RE: INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: >>.... >>> > >>> >Its caused by a new feature in clamav with an incorrect default >>> setting. >>> >You need to either update MailScanner to include the new scanning >>> option >>> >or switch to clamd. >>> > >>> >On Wed, 2007-10-31 at 08:22, Quentin Campbell wrote: >>> >> I am running eight mail gateways with MailScanner-4.62.9-2 using >>> >'clamavmodule' (Mail-ClamAV-0.20 & ClamAV 0.91.2). >>> >> >>> >> However only seeing "INFECTED:: >>> >Phishing.Heuristics.Email.SpoofedDomain::" on two of them and many >of >>> >these look like false positives. >>> >> >>> >> Cannot see why only two systems doing this as all eight gateways >>are >>> >equal preference MX hosts for our domains and share the same type of >>> >mail traffic. >>> >> >>> >> Any pointers to where else I might look would be appreciated. >>> >> >>> >> Thanks >>> >> >>> >> Quentin >>> >> --- >>> >> PHONE: +44 191 222 8209 Information Systems and Services (ISS), >>> >> Newcastle University, >>> >> Newcastle upon Tyne, >>> >> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>> >> >>> >---------------------------------------------------------------------- >>> >-- >>> > >>> >-- >>> >MailScanner mailing list >>> >mailscanner@lists.mailscanner.info >>> >http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> > >>> >Before posting, read http://wiki.mailscanner.info/posting >>> > >>> >Support MailScanner development - buy the book off the website! >> >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From list-mailscanner at linguaphone.com Wed Oct 31 13:58:14 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Oct 31 13:58:28 2007 Subject: Warning: MS log record format changes in 4.65.1 BETA In-Reply-To: <4165CF7A7F12DE4B96622CCBB90586470BFEB158@largo.campus.ncl.ac.uk> References: <4165CF7A7F12DE4B96622CCBB90586470BFEB06C@largo.campus.ncl.ac.uk> <1193822600.12272.1.camel@gblades-suse.linguaphone-intranet.co.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB0B7@largo.campus.ncl.ac.uk> <1193826398.12275.7.camel@gblades-suse.linguaphone-intranet.co.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB0F3@largo.campus.ncl.ac.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB158@largo.campus.ncl.ac.uk> Message-ID: <1193839094.12266.12.camel@gblades-suse.linguaphone-intranet.co.uk> That was introduced in 4.63 I believe. On Wed, 2007-10-31 at 13:45, Quentin Campbell wrote: > Julian > > It appears that 4.65.1-1 changes the format of log records for ClamAV > Module. I suspect this will catch out log processing scripts. > > In 4.62.9-2 and earlier I saw records similar to: > > Oct 27 16:58:31 cheviot4 MailScanner[12044]: INFECTED:: > MSRBL-Images/3-0-whep:: ./l9RFw72q032134/pills.gif > > Oct 27 17:10:20 cheviot4 MailScanner[3195]: INFECTED:: > Email.Phishing.RB-1802:: ./l9RG9t87003928/ > > Oct 27 17:10:41 cheviot4 MailScanner[3215]: INFECTED:: > Html.Phishing.Bank.Sanesecurity.06030707:: ./l9RGAQeq004535/ > > or going back a few months > > Jun 11 12:12:59 cheviot4 MailScanner[28551]: ClamAVModule::INFECTED:: > Worm.Mydoom.M:: ./l5BBChGt030131/ATTACHMENT.SCR > > With 4.65.1-1 BETA, I now see the last few fields moved right one place > because the phrase "ClamAVModule::INFECTED::" is now split as in > > Oct 31 11:37:06 cheviot2 MailScanner[9758]: ClamAV Module::INFECTED:: > Phishing.Heuristics.Email.SpoofedDomain:: ./l9VBaefJ002190/ > > Oct 31 11:07:55 cheviot4 MailScanner[30204]: ClamAV Module::INFECTED:: > Worm.Bagle.GV:: ./l9VB7b0K018893/latest_price31-Oct-2007.zip > > Quentin > > > >-----Original Message----- > >From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >bounces@lists.mailscanner.info] On Behalf Of Quentin Campbell > >Sent: 31 October 2007 11:29 > >To: MailScanner discussion > >Subject: RE: INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: .... > > > >Gareth > > > >I have upgraded to MS BETA 4.65.1-1 one of the 2 hosts that were > >generating the "INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: > >...." records. > > > >In place of the > > > >Oct 31 10:12:37 cheviot2 MailScanner[31346]: INFECTED:: > >Phishing.Heuristics.Email.SpoofedDomain:: ./l9VACFW4011070/ > > > >records I now get (although fewer of them so far) > > > >Oct 31 11:01:16 cheviot2 MailScanner[18379]: ClamAV Module::INFECTED:: > >Phishing.Heuristics.Email.SpoofedDomain:: ./l9VB0vFK005532/ > > > >records. I assume this means that I am getting far fewer false > positives > >now? > > > >Quentin > > > >>-----Original Message----- > >>From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >>bounces@lists.mailscanner.info] On Behalf Of Gareth > >>Sent: 31 October 2007 10:27 > >>To: MailScanner discussion > >>Subject: RE: INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: .... > >> > >>The fault is equivilent to scanning mail with the > >>--no-phishing-restrictedscan clamscan option. The update to > mailscanner > >>disabled this option as the author of the clamavmodule made an error > >and > >>had this option enabled as the default option. > >> > >>I am not 100% sure whether the mailscanner fix came out in 4.62 or > 4.63 > >>but I believe it was the latter. > >> > >>On Wed, 2007-10-31 at 10:11, Quentin Campbell wrote: > >>> Gareth > >>> > >>> If that is the problem is does not account for why I only see it on > 2 > >>> out of 8 otherwise identical MX hosts, all running with the same > >>version > >>> of MS, ClamAV-Module, ndb files in /usr/local/share/clamav, etc. > >>> > >>> I will install the latest BETA version of MS on one of the 2 > machines > >>> and see what happens. > >>> > >>> Thanks > >>> > >>> Quentin > >>> > >>> >-----Original Message----- > >>> >From: mailscanner-bounces@lists.mailscanner.info > >[mailto:mailscanner- > >>> >bounces@lists.mailscanner.info] On Behalf Of Gareth > >>> >Sent: 31 October 2007 09:23 > >>> >To: MailScanner discussion > >>> >Subject: RE: INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: > >>.... > >>> > > >>> >Its caused by a new feature in clamav with an incorrect default > >>> setting. > >>> >You need to either update MailScanner to include the new scanning > >>> option > >>> >or switch to clamd. > >>> > > >>> >On Wed, 2007-10-31 at 08:22, Quentin Campbell wrote: > >>> >> I am running eight mail gateways with MailScanner-4.62.9-2 using > >>> >'clamavmodule' (Mail-ClamAV-0.20 & ClamAV 0.91.2). > >>> >> > >>> >> However only seeing "INFECTED:: > >>> >Phishing.Heuristics.Email.SpoofedDomain::" on two of them and many > >of > >>> >these look like false positives. > >>> >> > >>> >> Cannot see why only two systems doing this as all eight gateways > >>are > >>> >equal preference MX hosts for our domains and share the same type > of > >>> >mail traffic. > >>> >> > >>> >> Any pointers to where else I might look would be appreciated. > >>> >> > >>> >> Thanks > >>> >> > >>> >> Quentin > >>> >> --- > >>> >> PHONE: +44 191 222 8209 Information Systems and Services > (ISS), > >>> >> Newcastle University, > >>> >> Newcastle upon Tyne, > >>> >> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. > >>> >> > >>> > >---------------------------------------------------------------------- > >>> >-- > >>> > > >>> >-- > >>> >MailScanner mailing list > >>> >mailscanner@lists.mailscanner.info > >>> >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>> > > >>> >Before posting, read http://wiki.mailscanner.info/posting > >>> > > >>> >Support MailScanner development - buy the book off the website! > >> > >>-- > >>MailScanner mailing list > >>mailscanner@lists.mailscanner.info > >>http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >>Before posting, read http://wiki.mailscanner.info/posting > >> > >>Support MailScanner development - buy the book off the website! > >-- > >MailScanner mailing list > >mailscanner@lists.mailscanner.info > >http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > >Before posting, read http://wiki.mailscanner.info/posting > > > >Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Oct 31 14:09:29 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 31 14:09:45 2007 Subject: Warning: MS log record format changes in 4.65.1 BETA In-Reply-To: <1193839094.12266.12.camel@gblades-suse.linguaphone-intranet.co.uk> References: <4165CF7A7F12DE4B96622CCBB90586470BFEB06C@largo.campus.ncl.ac.uk> <1193822600.12272.1.camel@gblades-suse.linguaphone-intranet.co.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB0B7@largo.campus.ncl.ac.uk> <1193826398.12275.7.camel@gblades-suse.linguaphone-intranet.co.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB0F3@largo.campus.ncl.ac.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB158@largo.campus.ncl.ac.uk> <1193839094.12266.12.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <47288C99.80200@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gareth wrote: > That was introduced in 4.63 I believe. > > On Wed, 2007-10-31 at 13:45, Quentin Campbell wrote: >> Julian >> >> It appears that 4.65.1-1 changes the format of log records for ClamAV >> Module. I suspect this will catch out log processing scripts. >> >> In 4.62.9-2 and earlier I saw records similar to: >> >> Oct 27 16:58:31 cheviot4 MailScanner[12044]: INFECTED:: >> MSRBL-Images/3-0-whep:: ./l9RFw72q032134/pills.gif >> >> Oct 27 17:10:20 cheviot4 MailScanner[3195]: INFECTED:: >> Email.Phishing.RB-1802:: ./l9RG9t87003928/ >> >> Oct 27 17:10:41 cheviot4 MailScanner[3215]: INFECTED:: >> Html.Phishing.Bank.Sanesecurity.06030707:: ./l9RGAQeq004535/ >> >> or going back a few months >> >> Jun 11 12:12:59 cheviot4 MailScanner[28551]: ClamAVModule::INFECTED:: >> Worm.Mydoom.M:: ./l5BBChGt030131/ATTACHMENT.SCR >> >> With 4.65.1-1 BETA, I now see the last few fields moved right one place >> because the phrase "ClamAVModule::INFECTED::" is now split as in But these following examples look like the ones from 4.62.9-2 that you posted above. Surely it's better that it logs which scanner found the infection? >> >> Oct 31 11:37:06 cheviot2 MailScanner[9758]: ClamAV Module::INFECTED:: >> Phishing.Heuristics.Email.SpoofedDomain:: ./l9VBaefJ002190/ >> >> Oct 31 11:07:55 cheviot4 MailScanner[30204]: ClamAV Module::INFECTED:: >> Worm.Bagle.GV:: ./l9VB7b0K018893/latest_price31-Oct-2007.zip >> >> Quentin >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Quentin Campbell >>> Sent: 31 October 2007 11:29 >>> To: MailScanner discussion >>> Subject: RE: INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: .... >>> >>> Gareth >>> >>> I have upgraded to MS BETA 4.65.1-1 one of the 2 hosts that were >>> generating the "INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: >>> ...." records. >>> >>> In place of the >>> >>> Oct 31 10:12:37 cheviot2 MailScanner[31346]: INFECTED:: >>> Phishing.Heuristics.Email.SpoofedDomain:: ./l9VACFW4011070/ >>> >>> records I now get (although fewer of them so far) >>> >>> Oct 31 11:01:16 cheviot2 MailScanner[18379]: ClamAV Module::INFECTED:: >>> Phishing.Heuristics.Email.SpoofedDomain:: ./l9VB0vFK005532/ >>> >>> records. I assume this means that I am getting far fewer false >> positives >>> now? >>> >>> Quentin >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>>> bounces@lists.mailscanner.info] On Behalf Of Gareth >>>> Sent: 31 October 2007 10:27 >>>> To: MailScanner discussion >>>> Subject: RE: INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: .... >>>> >>>> The fault is equivilent to scanning mail with the >>>> --no-phishing-restrictedscan clamscan option. The update to >> mailscanner >>>> disabled this option as the author of the clamavmodule made an error >>> and >>>> had this option enabled as the default option. >>>> >>>> I am not 100% sure whether the mailscanner fix came out in 4.62 or >> 4.63 >>>> but I believe it was the latter. >>>> >>>> On Wed, 2007-10-31 at 10:11, Quentin Campbell wrote: >>>>> Gareth >>>>> >>>>> If that is the problem is does not account for why I only see it on >> 2 >>>>> out of 8 otherwise identical MX hosts, all running with the same >>>> version >>>>> of MS, ClamAV-Module, ndb files in /usr/local/share/clamav, etc. >>>>> >>>>> I will install the latest BETA version of MS on one of the 2 >> machines >>>>> and see what happens. >>>>> >>>>> Thanks >>>>> >>>>> Quentin >>>>> >>>>>> -----Original Message----- >>>>>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner- >>>>>> bounces@lists.mailscanner.info] On Behalf Of Gareth >>>>>> Sent: 31 October 2007 09:23 >>>>>> To: MailScanner discussion >>>>>> Subject: RE: INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: >>>> .... >>>>>> Its caused by a new feature in clamav with an incorrect default >>>>> setting. >>>>>> You need to either update MailScanner to include the new scanning >>>>> option >>>>>> or switch to clamd. >>>>>> >>>>>> On Wed, 2007-10-31 at 08:22, Quentin Campbell wrote: >>>>>>> I am running eight mail gateways with MailScanner-4.62.9-2 using >>>>>> 'clamavmodule' (Mail-ClamAV-0.20 & ClamAV 0.91.2). >>>>>>> However only seeing "INFECTED:: >>>>>> Phishing.Heuristics.Email.SpoofedDomain::" on two of them and many >>> of >>>>>> these look like false positives. >>>>>>> Cannot see why only two systems doing this as all eight gateways >>>> are >>>>>> equal preference MX hosts for our domains and share the same type >> of >>>>>> mail traffic. >>>>>>> Any pointers to where else I might look would be appreciated. >>>>>>> >>>>>>> Thanks >>>>>>> >>>>>>> Quentin >>>>>>> --- >>>>>>> PHONE: +44 191 222 8209 Information Systems and Services >> (ISS), >>>>>>> Newcastle University, >>>>>>> Newcastle upon Tyne, >>>>>>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU. >>>>>>> >>> ---------------------------------------------------------------------- >>>>>> -- >>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! > Jules Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHKIyYEfZZRxQVtlQRAu4EAJ9jKvPyORaiNilNRvc5J0AI6ljx1ACeNo7E 0r02K9LsunyJBr2T2+RxKNA= =QrT+ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Wed Oct 31 14:53:42 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 31 14:54:09 2007 Subject: INFECTED:: Phishing.Heuristics.Email.SpoofedDomain:: .... In-Reply-To: <4165CF7A7F12DE4B96622CCBB90586470BFEB0B7@largo.campus.ncl.ac.uk> References: <4165CF7A7F12DE4B96622CCBB90586470BFEB06C@largo.campus.ncl.ac.uk> <1193822600.12272.1.camel@gblades-suse.linguaphone-intranet.co.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB0B7@largo.campus.ncl.ac.uk> Message-ID: on 10/31/2007 3:11 AM Quentin Campbell spake the following: > Gareth > > If that is the problem is does not account for why I only see it on 2 > out of 8 otherwise identical MX hosts, all running with the same version > of MS, ClamAV-Module, ndb files in /usr/local/share/clamav, etc. > > I will install the latest BETA version of MS on one of the 2 machines > and see what happens. > > Thanks > > Quentin And remember... spammers don't usually honor MX advertisements. Unless the boxes are behind a load balancer, the spammers can target any box they want by IP. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From Q.G.Campbell at newcastle.ac.uk Wed Oct 31 15:20:57 2007 From: Q.G.Campbell at newcastle.ac.uk (Quentin Campbell) Date: Wed Oct 31 15:22:59 2007 Subject: Warning: MS log record format changes in 4.65.1 BETA In-Reply-To: <47288C99.80200@ecs.soton.ac.uk> References: <4165CF7A7F12DE4B96622CCBB90586470BFEB06C@largo.campus.ncl.ac.uk> <1193822600.12272.1.camel@gblades-suse.linguaphone-intranet.co.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB0B7@largo.campus.ncl.ac.uk> <1193826398.12275.7.camel@gblades-suse.linguaphone-intranet.co.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB0F3@largo.campus.ncl.ac.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB158@largo.campus.ncl.ac.uk><1193839094.12266.12.camel@gblades-suse.linguaphone-intranet.co.uk> <47288C99.80200@ecs.soton.ac.uk> Message-ID: <4165CF7A7F12DE4B96622CCBB90586470BFEB1AF@largo.campus.ncl.ac.uk> >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >bounces@lists.mailscanner.info] On Behalf Of Julian Field >Sent: 31 October 2007 14:09 >To: MailScanner discussion >Subject: Re: Warning: MS log record format changes in 4.65.1 BETA [snip] >>> Jun 11 12:12:59 cheviot4 MailScanner[28551]: ClamAVModule::INFECTED:: >>> Worm.Mydoom.M:: ./l5BBChGt030131/ATTACHMENT.SCR >>> >>> With 4.65.1-1 BETA, I now see the last few fields moved right one place >>> because the phrase "ClamAVModule::INFECTED::" is now split as in > >But these following examples look like the ones from 4.62.9-2 that you >posted above. >Surely it's better that it logs which scanner found the infection? > >>> >>> Oct 31 11:37:06 cheviot2 MailScanner[9758]: ClamAV Module::INFECTED:: >>> Phishing.Heuristics.Email.SpoofedDomain:: ./l9VBaefJ002190/ >>> Julian Of course it is better to log which scanner found them. My point was about consistency in the way you do this. :-) If in one version of MailScanner you label as ... ClamAVModule::INFECTED::... and in a later version change the label to ... ClamAV Module::INFECTED::... [Note the space] then scripts that process these records will be confused. The second record format has, in Perl 'split' command terms, an extra field. As it happens it is the last two fields that my scripts are primarily interested in. :-( Quentin From Kevin_Miller at ci.juneau.ak.us Wed Oct 31 15:24:48 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Oct 31 15:24:07 2007 Subject: Receive - scan and forward to other domain name In-Reply-To: <4727FBC1.2060704@gmail.com> References: <4727FBC1.2060704@gmail.com> Message-ID: Paul Bernal wrote: > Hi everyone, > > I readed this > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta :sendmail:how_to:setup_a_gateway > setup a gateway explanation on how to receive - scan and forward an > email sent to some domain... > > But what I need is: > > * Receive an email to sameuser@onedomain.com on a MailScanner box > * MailScan this message > * Forward it to sameuser@otherdomain.com where otherdomain.com it's an > extra local-box expecting to receive emails to anyuser@otherdomain.com > > There's a way to do this ? > > Thank's in advance Hi Don, Hmmm. I do something similar, but not exactly the same. I'm using sendmail, so don't know the drill on other email systems, but I accept mail for several different domains. What I did was this: 1: Publish the appropriate MX record so mail knows to come to your mail server 2: Edit /etc/mail/mailertable so sendmail knows where to send mail after it's done with it. Something like: mydomain1.com esmtp:[192.168.1.100] mydomain2.com esmtp:[192.168.2.101] Don't forget to do the makemap thing on mailertable 3: Edit relay-domains so it knows what domains it's OK to relay to: mydomain1.com mydomain2.com I think that should about do it. You may have to edit /etc/mail/access too, but I'm not sure. On my setup, mail will come in any of several domains, sendmail accepts the mail, MailScanner scans it, hands it back to sendmail which then forwards it to the appropriate internal email server. I'm not actually rewriting the to address. Since you want to have the MailScanner box change the address from sameuser@onedomain.com to sameuser@otherdomain.com I think I'd look at the aliases file, or possibly virtuser and genericstable files. I haven't used those though, so can't provide details. Hope this helps... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From ugob at lubik.ca Wed Oct 31 15:25:53 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Wed Oct 31 15:26:16 2007 Subject: Receive - scan and forward to other domain name In-Reply-To: <4727FBC1.2060704@gmail.com> References: <4727FBC1.2060704@gmail.com> Message-ID: Paul Bernal wrote: > Hi everyone, > > I readed this > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:setup_a_gateway > setup a gateway explanation on how to receive - scan and forward an > email sent to some domain... > > But what I need is: > > * Receive an email to sameuser@onedomain.com on a MailScanner box > * MailScan this message > * Forward it to sameuser@otherdomain.com where otherdomain.com it's an > extra local-box expecting to receive emails to anyuser@otherdomain.com > > There's a way to do this ? > > Thank's in advance > don pool Do you mean adress rewriting? Si that user1@onedomain.com is redirected to user1@onedomain.com and user2@onedomain.com to user2@otherdomain.com, or you only need to do it for a couple of users? Ugo From remeryspam at cfl.rr.com Wed Oct 31 15:24:33 2007 From: remeryspam at cfl.rr.com (Rick Emery) Date: Wed Oct 31 15:29:38 2007 Subject: Error after postfix upgrade In-Reply-To: <472734F7.2020206@ecs.soton.ac.uk> References: <456653.558141193672170178.JavaMail.root@cdptpa-web12-z01> <472734F7.2020206@ecs.soton.ac.uk> Message-ID: <20071031112433.21444exyk1vddjqc@www.emery.homelinux.net> Quoting Julian Field : > Upgrade your MailScanner (I'll be releasing a new version tomorrow > morning, so wait until then). This code is commented out in the latest > version, it has been re-implemented differently. Here's the (admittedly stupid) thing I did to get email working again. I downloaded the latest version of MailScanner and compared the Postfix.pm file. There's a comment there that specifically addresses this situation, so I checked the other differences and decided to just copy the new Postfix.pm file over the old one. Mail is working, though I get some different errors that I've worked around. I was trying to stay within Ubuntu's package management. I knew I wouldn't have the latest and greatest code, but I at least thought they wouldn't upgrade a package without upgrading other related packages (or at least keeping them compatible). Obviously, I was wrong. The "right" thing to do would probably be to remove the MailScanner package and install from the latest tarball from the MailScanner site, but I had really hoped to stick with the distribution's package manager :-( Thanks, everybody, for the tips. Rick From ssilva at sgvwater.com Wed Oct 31 15:42:08 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 31 15:42:28 2007 Subject: Error after postfix upgrade In-Reply-To: <20071031112433.21444exyk1vddjqc@www.emery.homelinux.net> References: <456653.558141193672170178.JavaMail.root@cdptpa-web12-z01> <472734F7.2020206@ecs.soton.ac.uk> <20071031112433.21444exyk1vddjqc@www.emery.homelinux.net> Message-ID: on 10/31/2007 8:24 AM Rick Emery spake the following: > Quoting Julian Field : > >> Upgrade your MailScanner (I'll be releasing a new version tomorrow >> morning, so wait until then). This code is commented out in the latest >> version, it has been re-implemented differently. > > Here's the (admittedly stupid) thing I did to get email working again. > > I downloaded the latest version of MailScanner and compared the > Postfix.pm file. There's a comment there that specifically addresses > this situation, so I checked the other differences and decided to just > copy the new Postfix.pm file over the old one. Mail is working, though I > get some different errors that I've worked around. > > I was trying to stay within Ubuntu's package management. I knew I > wouldn't have the latest and greatest code, but I at least thought they > wouldn't upgrade a package without upgrading other related packages (or > at least keeping them compatible). Obviously, I was wrong. > > The "right" thing to do would probably be to remove the MailScanner > package and install from the latest tarball from the MailScanner site, > but I had really hoped to stick with the distribution's package manager :-( > > Thanks, everybody, for the tips. > > Rick That is the main catch to package managed systems. Somebody has to build and host the packages. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Wed Oct 31 15:51:35 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 31 15:52:02 2007 Subject: Warning: MS log record format changes in 4.65.1 BETA In-Reply-To: <4165CF7A7F12DE4B96622CCBB90586470BFEB1AF@largo.campus.ncl.ac.uk> References: <4165CF7A7F12DE4B96622CCBB90586470BFEB06C@largo.campus.ncl.ac.uk> <1193822600.12272.1.camel@gblades-suse.linguaphone-intranet.co.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB0B7@largo.campus.ncl.ac.uk> <1193826398.12275.7.camel@gblades-suse.linguaphone-intranet.co.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB0F3@largo.campus.ncl.ac.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB158@largo.campus.ncl.ac.uk><1193839094.12266.12.camel@gblades-suse.linguaphone-intranet.co.uk> <47288C99.80200@ecs.soton.ac.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB1AF@largo.campus.ncl.ac.uk> Message-ID: <4728A487.7060702@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ah, okay, it's all about the space. I didn't spot that. Would it be better if all the virus scanner names in the log lines were 1 word? How much will that upset MailWatch for starters? It will affect ClamAVModule F-Prot 6 Quentin Campbell wrote: >> -----Original Message----- From: >> mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: >> 31 October 2007 14:09 To: MailScanner discussion Subject: Re: >> Warning: MS log record format changes in 4.65.1 BETA > [snip] > > >>>> Jun 11 12:12:59 cheviot4 MailScanner[28551]: > ClamAVModule::INFECTED:: >>>> Worm.Mydoom.M:: ./l5BBChGt030131/ATTACHMENT.SCR >>>> >>>> With 4.65.1-1 BETA, I now see the last few fields moved right >>>> one > place >>>> because the phrase "ClamAVModule::INFECTED::" is now split as >>>> in >> But these following examples look like the ones from 4.62.9-2 >> that you posted above. Surely it's better that it logs which >> scanner found the infection? >> >>>> Oct 31 11:37:06 cheviot2 MailScanner[9758]: ClamAV > Module::INFECTED:: >>>> Phishing.Heuristics.Email.SpoofedDomain:: ./l9VBaefJ002190/ >>>> > > Julian > > Of course it is better to log which scanner found them. My point > was about consistency in the way you do this. :-) > > If in one version of MailScanner you label as > > ... ClamAVModule::INFECTED::... > > and in a later version change the label to > > ... ClamAV Module::INFECTED::... [Note the space] > > then scripts that process these records will be confused. The > second record format has, in Perl 'split' command terms, an extra > field. As it happens it is the last two fields that my scripts are > primarily interested in. :-( > > Quentin > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHKKSHEfZZRxQVtlQRApZMAKCRa+ivLl1XbPAZhlsIqTVoFsP49ACg78t8 okJZ9hlYGq1tcwJMqMRVTf0= =k9UV -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From list-mailscanner at linguaphone.com Wed Oct 31 15:59:44 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Oct 31 15:59:57 2007 Subject: Warning: MS log record format changes in 4.65.1 BETA In-Reply-To: <4728A487.7060702@ecs.soton.ac.uk> References: <4165CF7A7F12DE4B96622CCBB90586470BFEB06C@largo.campus.ncl.ac.uk> <1193822600.12272.1.camel@gblades-suse.linguaphone-intranet.co.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB0B7@largo.campus.ncl.ac.uk> <1193826398.12275.7.camel@gblades-suse.linguaphone-intranet.co.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB0F3@largo.campus.ncl.ac.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB158@largo.campus.ncl.ac.uk> <1193839094.12266.12.camel@gblades-suse.linguaphone-intranet.co.uk> <47288C99.80200@ecs.soton.ac.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB1AF@largo.campus.ncl.ac.uk> <4728A487.7060702@ecs.soton.ac.uk> Message-ID: <1193846384.12272.15.camel@gblades-suse.linguaphone-intranet.co.uk> It wont affect mailwatch at all as it continued to work fine during the recent changes for me. The only thing it really affects is logwatch but that is a very easily fixed. On Wed, 2007-10-31 at 15:51, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Ah, okay, it's all about the space. I didn't spot that. > Would it be better if all the virus scanner names in the log lines > were 1 word? > How much will that upset MailWatch for starters? > > It will affect > ClamAVModule > F-Prot 6 > > > Quentin Campbell wrote: > >> -----Original Message----- From: > >> mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: > >> 31 October 2007 14:09 To: MailScanner discussion Subject: Re: > >> Warning: MS log record format changes in 4.65.1 BETA > > [snip] > > > > > >>>> Jun 11 12:12:59 cheviot4 MailScanner[28551]: > > ClamAVModule::INFECTED:: > >>>> Worm.Mydoom.M:: ./l5BBChGt030131/ATTACHMENT.SCR > >>>> > >>>> With 4.65.1-1 BETA, I now see the last few fields moved right > >>>> one > > place > >>>> because the phrase "ClamAVModule::INFECTED::" is now split as > >>>> in > >> But these following examples look like the ones from 4.62.9-2 > >> that you posted above. Surely it's better that it logs which > >> scanner found the infection? > >> > >>>> Oct 31 11:37:06 cheviot2 MailScanner[9758]: ClamAV > > Module::INFECTED:: > >>>> Phishing.Heuristics.Email.SpoofedDomain:: ./l9VBaefJ002190/ > >>>> > > > > Julian > > > > Of course it is better to log which scanner found them. My point > > was about consistency in the way you do this. :-) > > > > If in one version of MailScanner you label as > > > > ... ClamAVModule::INFECTED::... > > > > and in a later version change the label to > > > > ... ClamAV Module::INFECTED::... [Note the space] > > > > then scripts that process these records will be confused. The > > second record format has, in Perl 'split' command terms, an extra > > field. As it happens it is the last two fields that my scripts are > > primarily interested in. :-( > > > > Quentin > > > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFHKKSHEfZZRxQVtlQRApZMAKCRa+ivLl1XbPAZhlsIqTVoFsP49ACg78t8 > okJZ9hlYGq1tcwJMqMRVTf0= > =k9UV > -----END PGP SIGNATURE----- > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk From shuttlebox at gmail.com Wed Oct 31 16:14:38 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Oct 31 16:14:39 2007 Subject: Warning: MS log record format changes in 4.65.1 BETA In-Reply-To: <4728A487.7060702@ecs.soton.ac.uk> References: <4165CF7A7F12DE4B96622CCBB90586470BFEB06C@largo.campus.ncl.ac.uk> <1193822600.12272.1.camel@gblades-suse.linguaphone-intranet.co.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB0B7@largo.campus.ncl.ac.uk> <1193826398.12275.7.camel@gblades-suse.linguaphone-intranet.co.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB0F3@largo.campus.ncl.ac.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB158@largo.campus.ncl.ac.uk> <1193839094.12266.12.camel@gblades-suse.linguaphone-intranet.co.uk> <47288C99.80200@ecs.soton.ac.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB1AF@largo.campus.ncl.ac.uk> <4728A487.7060702@ecs.soton.ac.uk> Message-ID: <625385e30710310914v1f111346w8b47338ffb3d32e9@mail.gmail.com> On 10/31/07, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Ah, okay, it's all about the space. I didn't spot that. > Would it be better if all the virus scanner names in the log lines > were 1 word? > How much will that upset MailWatch for starters? > > It will affect > ClamAVModule > F-Prot 6 Vispan uses this string to identify viruses so it will work if you change it to one word. String => 'ClamAVModule::INFECTED::(.*)::' -- /peter From MailScanner at ecs.soton.ac.uk Wed Oct 31 16:27:19 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 31 16:27:39 2007 Subject: Warning: MS log record format changes in 4.65.1 BETA In-Reply-To: <625385e30710310914v1f111346w8b47338ffb3d32e9@mail.gmail.com> References: <4165CF7A7F12DE4B96622CCBB90586470BFEB06C@largo.campus.ncl.ac.uk> <1193822600.12272.1.camel@gblades-suse.linguaphone-intranet.co.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB0B7@largo.campus.ncl.ac.uk> <1193826398.12275.7.camel@gblades-suse.linguaphone-intranet.co.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB0F3@largo.campus.ncl.ac.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB158@largo.campus.ncl.ac.uk> <1193839094.12266.12.camel@gblades-suse.linguaphone-intranet.co.uk> <47288C99.80200@ecs.soton.ac.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB1AF@largo.campus.ncl.ac.uk> <4728A487.7060702@ecs.soton.ac.uk> <625385e30710310914v1f111346w8b47338ffb3d32e9@mail.gmail.com> Message-ID: <4728ACE7.1040909@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 shuttlebox wrote: > On 10/31/07, Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> Ah, okay, it's all about the space. I didn't spot that. Would it >> be better if all the virus scanner names in the log lines were 1 >> word? How much will that upset MailWatch for starters? >> >> It will affect ClamAVModule F-Prot 6 > > Vispan uses this string to identify viruses so it will work if you > change it to one word. > > String => 'ClamAVModule::INFECTED::(.*)::' I have changed 'F-Prot 6' to 'F-Prot6' and 'ClamAV Module' to 'ClamAVModule' in the syslog output. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHKKznEfZZRxQVtlQRAqAqAJ9leeYA0+2m6JBs9+LulTD6+PJLCQCbBN2O B+lMiwZJ9GgK8njZGge8teM= =JDzE -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Wed Oct 31 16:27:31 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Oct 31 16:30:07 2007 Subject: Warning: MS log record format changes in 4.65.1 BETA In-Reply-To: <4728A487.7060702@ecs.soton.ac.uk> References: <4165CF7A7F12DE4B96622CCBB90586470BFEB06C@largo.campus.ncl.ac.uk> <1193822600.12272.1.camel@gblades-suse.linguaphone-intranet.co.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB0B7@largo.campus.ncl.ac.uk> <1193826398.12275.7.camel@gblades-suse.linguaphone-intranet.co.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB0F3@largo.campus.ncl.ac.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB158@largo.campus.ncl.ac.uk><1193839094.12266.12.camel@gblades-suse.linguaphone-intranet.co.uk> <47288C99.80200@ecs.soton.ac.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB1AF@largo.campus.ncl.ac.uk> <4728A487.7060702@ecs.soton.ac.uk> Message-ID: on 10/31/2007 8:51 AM Julian Field spake the following: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Ah, okay, it's all about the space. I didn't spot that. > Would it be better if all the virus scanner names in the log lines > were 1 word? > How much will that upset MailWatch for starters? > > It will affect > ClamAVModule > F-Prot 6 I think it was more a problem that it changed, and not that it has or doesn't have a space. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Wed Oct 31 16:44:30 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Oct 31 16:44:46 2007 Subject: Warning: MS log record format changes in 4.65.1 BETA In-Reply-To: References: <4165CF7A7F12DE4B96622CCBB90586470BFEB06C@largo.campus.ncl.ac.uk> <1193822600.12272.1.camel@gblades-suse.linguaphone-intranet.co.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB0B7@largo.campus.ncl.ac.uk> <1193826398.12275.7.camel@gblades-suse.linguaphone-intranet.co.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB0F3@largo.campus.ncl.ac.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB158@largo.campus.ncl.ac.uk><1193839094.12266.12.camel@gblades-suse.linguaphone-intranet.co.uk> <47288C99.80200@ecs.soton.ac.uk> <4165CF7A7F12DE4B96622CCBB90586470BFEB1AF@largo.campus.ncl.ac.uk> <4728A487.7060702@ecs.soton.ac.uk> Message-ID: <4728B0EE.6070902@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > on 10/31/2007 8:51 AM Julian Field spake the following: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> Ah, okay, it's all about the space. I didn't spot that. Would it >> be better if all the virus scanner names in the log lines were 1 >> word? How much will that upset MailWatch for starters? >> >> It will affect ClamAVModule F-Prot 6 > I think it was more a problem that it changed, and not that it has > or doesn't have a space. > Well it's going to change again :-) This time it will be one word, which should make parsing easier for everyone involved, now and in the future. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHKLDuEfZZRxQVtlQRAsSaAJ9/NVWhriAtZU6a29oZoN9/uKb7hQCcCODT MPnf1iSBJDqg64f+eJeLbRc= =PS+h -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From jtm.koekkoek at home.nl Wed Oct 31 17:31:20 2007 From: jtm.koekkoek at home.nl (Jeroen Koekkoek) Date: Wed Oct 31 17:31:25 2007 Subject: Error after postfix upgrade In-Reply-To: <20071031112433.21444exyk1vddjqc@www.emery.homelinux.net> References: <456653.558141193672170178.JavaMail.root@cdptpa-web12-z01> <472734F7.2020206@ecs.soton.ac.uk> <20071031112433.21444exyk1vddjqc@www.emery.homelinux.net> Message-ID: <4728BBE8.4060705@home.nl> Rick Emery wrote: > Quoting Julian Field : > >> Upgrade your MailScanner (I'll be releasing a new version tomorrow >> morning, so wait until then). This code is commented out in the latest >> version, it has been re-implemented differently. > > Here's the (admittedly stupid) thing I did to get email working again. > > I downloaded the latest version of MailScanner and compared the > Postfix.pm file. There's a comment there that specifically addresses > this situation, so I checked the other differences and decided to just > copy the new Postfix.pm file over the old one. Mail is working, though > I get some different errors that I've worked around. > > I was trying to stay within Ubuntu's package management. I knew I > wouldn't have the latest and greatest code, but I at least thought > they wouldn't upgrade a package without upgrading other related > packages (or at least keeping them compatible). Obviously, I was wrong. > > The "right" thing to do would probably be to remove the MailScanner > package and install from the latest tarball from the MailScanner site, > but I had really hoped to stick with the distribution's package > manager :-( > > Thanks, everybody, for the tips. > > Rick Hi Rick, There's a debian source package here: http://mentors.debian.net/debian/pool/main/m/mailscanner. It's the latest stable of MailScanner. Of course you could always create your own debian package. But this should do, it's packaged by the same person who also build the 4.58 version you're using right now. Jeroen From donpool at gmail.com Wed Oct 31 22:36:31 2007 From: donpool at gmail.com (Paul Bernal) Date: Wed Oct 31 22:39:44 2007 Subject: Receive - scan and forward to other domain name In-Reply-To: References: <4727FBC1.2060704@gmail.com> Message-ID: <4729036F.60803@gmail.com> Ugo Bellavance escribi?: > Paul Bernal wrote: >> Hi everyone, >> >> I readed this >> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:setup_a_gateway >> >> setup a gateway explanation on how to receive - scan and forward an >> email sent to some domain... >> >> But what I need is: >> >> * Receive an email to sameuser@onedomain.com on a MailScanner box >> * MailScan this message >> * Forward it to sameuser@otherdomain.com where otherdomain.com it's an >> extra local-box expecting to receive emails to anyuser@otherdomain.com >> >> There's a way to do this ? >> >> Thank's in advance >> don pool > > Do you mean adress rewriting? Si that user1@onedomain.com is > redirected to user1@onedomain.com and user2@onedomain.com to > user2@otherdomain.com, or you only need to do it for a couple of users? > > Ugo > Yes Ugo, What I want is rewrite all adresses, the thing is, the internat (non MailScanner) box understands only emails sent to @otherdomain.com since this is a "closed" box and can't customize it! and it's critical to be used like it is now! Thanks for your time! don pool From donpool at gmail.com Wed Oct 31 22:40:42 2007 From: donpool at gmail.com (Paul Bernal) Date: Wed Oct 31 22:43:57 2007 Subject: Receive - scan and forward to other domain name In-Reply-To: References: <4727FBC1.2060704@gmail.com> Message-ID: <4729046A.1040002@gmail.com> Kevin Miller escribi?: > Paul Bernal wrote: > >> Hi everyone, >> >> I readed this >> >> > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta > :sendmail:how_to:setup_a_gateway > >> setup a gateway explanation on how to receive - scan and forward an >> email sent to some domain... >> >> But what I need is: >> >> * Receive an email to sameuser@onedomain.com on a MailScanner box >> * MailScan this message >> * Forward it to sameuser@otherdomain.com where otherdomain.com it's an >> extra local-box expecting to receive emails to anyuser@otherdomain.com >> >> There's a way to do this ? >> >> Thank's in advance >> > > Hi Don, > > Hmmm. I do something similar, but not exactly the same. I'm using > sendmail, so don't know the drill on other email systems, but I accept > mail for several different domains. What I did was this: > > 1: Publish the appropriate MX record so mail knows to come to your mail > server > 2: Edit /etc/mail/mailertable so sendmail knows where to send mail after > it's done with it. Something like: > mydomain1.com esmtp:[192.168.1.100] > mydomain2.com esmtp:[192.168.2.101] > Don't forget to do the makemap thing on mailertable > 3: Edit relay-domains so it knows what domains it's OK to relay to: > mydomain1.com > mydomain2.com > > I think that should about do it. You may have to edit /etc/mail/access > too, but I'm not sure. > > On my setup, mail will come in any of several domains, sendmail accepts > the mail, MailScanner scans it, hands it back to sendmail which then > forwards it to the appropriate internal email server. I'm not actually > rewriting the to address. > Since you want to have the MailScanner box change the address from > sameuser@onedomain.com to sameuser@otherdomain.com I think I'd look at > the aliases file, or possibly virtuser and genericstable files. I > haven't used those though, so can't provide details. Hope this helps... > > > ...Kevin > Thanks a lot Kevin, I've already tried the fist (mailertable) thing, but didn't combined around with aliases, virtuser and genericstable files... hope this help me to rewrite the @onedomain.com to @otherdomain.com on all incomming mails! I'll give it a try and let you know! Regards don pool