From itdept at fractalweb.com Sat Sep 1 15:01:09 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Sat Sep 1 15:01:21 2007 Subject: Ping In-Reply-To: References: Message-ID: <46D970A5.4030209@fractalweb.com> Scott Silva wrote: > Quiet list? Or comm problems? > > I will soon see.... Testing... Pong! From MailScanner at ecs.soton.ac.uk Sat Sep 1 16:11:41 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Sep 1 16:12:03 2007 Subject: MailScanner ANNOUNCE: Stable release 4.63.7 Message-ID: <46D9812D.3090600@ecs.soton.ac.uk> I have just released the latest stable version 4.63.7. The major new changes this month are -- Support for F-Prot version 6, usable by specifying "Virus Scanners = f-prot-6". -- "Phishing Bad Sites File": this is a file which you are recommended to update hourly which contains a list of manually tested compromised web sites being actively used in phishing fraud attacks. This list is being continually modified. -- Improvements to the "SpamAssassin Rule Actions" so you can easily implement as many different levels of spam actions as you want, all in 1 line. -- "Include Binary Attachments In SpamAssassin" which can be used to tell SpamAssassin to search all attachments, including binary files such as Word documents. Off by default as it has a slight speed impact on SpamAssassin. -- "Check Filenames In Password-Protected Archives" so that the filename checks can be suppressed on encrypted archives to allow a few people to get exe's and other dangerous files for their job, without them having to suppress filename checks as well as allow password-protected archives. On by default. Download as usual from www.mailscanner.info. The full Change Log is this: * New Features and Improvements * 1 Improved init.d script, so that 'service MailScanner restart' or '/etc/init.d/MailScanner restart' runs faster. It pauses for just long enough for the old MailScanner to die gracefully, and starts up the new one as soon as the old one has died. Previously, it just waited for a fixed length of time which was much longer than needed for most people. 1 Improved tar installer so the directory created for MailScanner includes the build revision number as well as the main version number. 1 Improved phishing net logging to log entire real URL not just hostname. 1 Improvement to update_spamassassin to stop cron-generated mail. 1 New setting "Phishing Bad Sites File" which is a live continuously-updated list of known bad sites that have been reported to various mechanisms around the world. Please don't ask me for more information as I can't give it to you, but every site on the list has been manually tested and the list can be relied upon. Your installation should update this file every hour. NOTE: Run upgrade_languages_conf after installing this upgrade! 2 Reduce default "Restart Every" time to 2 hours so that updates to the known bad phishing sites list are re-read more frequently. 2 Added *.fdf to the list of dangerous filenames. Opening a .fdf file can cause the loading of any file on the internet into Adobe Acrobat. 2 Added 2 new variables to the sender reports: $size = size of message in bytes and $maxmessagesize = maximum allowed size of this message in bytes. 2 Added new setting "Check Filenames In Password-Protected Archives = yes" so that the filename checks can be suppressed on encrypted archives to allow a few people to get exe's and so on through the mail as part of their business needs. Normally leave this setting at "yes". 2 Added new setting "Include Binary Attachments In SpamAssassin = no" which can be used to tell SpamAssassin to look at all attachments, not just the ones containing text (or HTML, etc) which is its normal behaviour. Changing this setting to "yes" will have no effect without a patch to the SpamAssassin code, which you can fetch from http://www.mailscanner.info/mcp.html#patches It will slightly slow down SpamAssassin some of the time, and is therefore disabled by default. This can be very useful if you want to look for rude or derogatory content in messages, and do not want the huge speed impact of using MCP. It can successfully scan the content of Microsoft Word documents, for example. It won't be effective on PDF files however, as these are compressed internally so there is no readable text anywhere in the file. 3 Added a long $PATH to f-prot-autoupdate so we can find wget on most OS-es including Solaris. 3 Improved Sophos.install to disable the savupdate cron job and switch off the unwanted Sophos services. 3 Added a feature to the "SpamAssassin Rule Actions". You can now specify "SpamScore" and a number comparison, instead of just giving a SpamAssassin rule name. So you can say SpamAssassin Rule Actions = SpamScore>25=>delete and this will cause all messages scoring over 25 to be deleted. You can use this to set different actions at different spam scores, in addition to the normal spam actions and high-scoring spam actions. The numerical tests you can use are ">", ">=", "==", "<=" and "<". 4 The "action" in each "RULE=>action" in "SpamAssassin Rule Actions" can now be a comma-separated list of actions, so you can easily specify multiple actions per rule. 6 Added support for F-Prot version 6. Must be specified by "Virus Scanners = f-prot-6" in MailScanner.conf. * Fixes * 1 Improvement to phishing net to allow HTML tags with contents split over multiple lines. 1 Changed options to ClamAVmodule so it doesn't hit false positives with the phishing and scam email detection signatures. 1-2 Fixed bug where --lint gives "MailScanner.conf file not found" error. 2 Stopped writing a PID file when "MailScanner --lint" is run. 2 update_spamassassin no longer produces any output, so no crond email. 2 Fixed bug where clamavmodule scanner name wouldn't always be logged correctly. 2 Bugfix in ZMDiskStore.pm ZMailer support from Leonardo Helman. 3 Force installation of perl-Getopt-Long to try to solve the problems with command-line options producing 'config file not found' errors. 3 Commented out sample rules in max.message.size.rules file. 3 Fixed MailScanner.conf Sophos-specific settings for Sophos 5. 5 Fixed problem where MTA=sendmail would cause ruleset to not be used on Sendmail2 setting. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From doc at maddoc.net Sat Sep 1 19:16:13 2007 From: doc at maddoc.net (Doc Schneider) Date: Sat Sep 1 19:16:23 2007 Subject: error Message-ID: <46D9AC6D.6080405@maddoc.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 /etc/cron.hourly/update_virus_scanners: /usr/sbin/update_virus_scanners: line 39: /usr/lib/MailScanner/f-prot-6-wrapper: No such file or directory This is from the latest stable release. - -- - -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFG2axtqOEeBwEpgcsRAjkhAKCg+UDpZBrQCmc19hSk697wUizv+wCgqCLN UFEtHw5tUh6JoUN2Td6bqhI= =v9qe -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Sat Sep 1 23:05:51 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Sep 1 23:06:08 2007 Subject: error In-Reply-To: <46D9AC6D.6080405@maddoc.net> References: <46D9AC6D.6080405@maddoc.net> Message-ID: <46D9E23F.8060908@ecs.soton.ac.uk> Hopefully fixed. Please can you try downloading and installing 4.63.7-2. I forgot to add the new files to the RPM spec files. Doc Schneider wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > /etc/cron.hourly/update_virus_scanners: > > /usr/sbin/update_virus_scanners: line 39: > /usr/lib/MailScanner/f-prot-6-wrapper: No such file or directory > > This is from the latest stable release. > > - -- > - -Doc > Lincoln, NE. > http://www.genealogyforyou.com/ > http://www.cairnproductions.com/ > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.5 (GNU/Linux) > Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org > > iD8DBQFG2axtqOEeBwEpgcsRAjkhAKCg+UDpZBrQCmc19hSk697wUizv+wCgqCLN > UFEtHw5tUh6JoUN2Td6bqhI= > =v9qe > -----END PGP SIGNATURE----- > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From james at gray.net.au Sat Sep 1 23:41:21 2007 From: james at gray.net.au (James Gray) Date: Sat Sep 1 23:41:33 2007 Subject: MailScanner ANNOUNCE: Stable release 4.63.7 In-Reply-To: <46D9812D.3090600@ecs.soton.ac.uk> References: <46D9812D.3090600@ecs.soton.ac.uk> Message-ID: <5F0FDB0F-7A43-4D09-B3EF-A511526F26D1@gray.net.au> On 02/09/2007, at 1:11 AM, Julian Field wrote: > I have just released the latest stable version 4.63.7. Super! I downloaded the latest beta 24 hours ago...looks like another download for me :) > The full Change Log is this: > > * New Features and Improvements * > 1 Improved init.d script, so that 'service MailScanner restart' or > '/etc/init.d/MailScanner restart' runs faster. It pauses for just > long > enough for the old MailScanner to die gracefully, and starts up > the new one > as soon as the old one has died. Previously, it just waited for a > fixed > length of time which was much longer than needed for most people. I wrote an init script a while ago for slow machines that loops waiting for MailScanner children and parent to terminate with a configurable delay loop. If you're interested: http://files.gray.net.au/MailScanner/mailscanner-slow.sh I just had a look at it and it isn't the best shell script I've ever written, but in my defence, I wrote it years ago when I was relatively inexperienced at it. Still, the logic in it is sound, although there is no check for infinite loops in the delay loop. It wouldn't be hard to implement a counter though and after 'n' delay loops, do something other than keep waiting (bail with an error, attempt the SIGKILL the remaining PID's, whatever). Just thought this may be useful rather than an arbitrary delay period, to actually check to see if there are any MailScanner PID's still around. Cheers, James -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2417 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070902/585c83a3/smime.bin From doc at maddoc.net Sun Sep 2 02:46:56 2007 From: doc at maddoc.net (Doc Schneider) Date: Sun Sep 2 02:47:08 2007 Subject: error In-Reply-To: <46D9E23F.8060908@ecs.soton.ac.uk> References: <46D9AC6D.6080405@maddoc.net> <46D9E23F.8060908@ecs.soton.ac.uk> Message-ID: <46DA1610.1050205@maddoc.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > Hopefully fixed. > Please can you try downloading and installing 4.63.7-2. I forgot to add > the new files to the RPM spec files. Downloaded and installed. Seems to now have the files. And shame on you Jules! Forgetting to add t the .spec file! HAR! Have a great weekend. > Doc Schneider wrote: > /etc/cron.hourly/update_virus_scanners: > > /usr/sbin/update_virus_scanners: line 39: > /usr/lib/MailScanner/f-prot-6-wrapper: No such file or directory > > This is from the latest stable release. > > Jules - -- - -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFG2hYQqOEeBwEpgcsRAqlVAJ9MEHq34zpqGz2THv66f0ZHoux8xwCeKddt A0bnyOPmJHhOX5lZ/TryLYY= =LMKI -----END PGP SIGNATURE----- From grupolistas at gmail.com Sun Sep 2 13:21:24 2007 From: grupolistas at gmail.com (infolistas listas) Date: Sun Sep 2 13:21:31 2007 Subject: mailscanner automaticlly delete spam? Message-ID: <44c071aa0709020521gd3c87f7h7fcc0366cd79d689@mail.gmail.com> Hello mailscanner users, is it possible to automaticlly delete all mail flagged as spam?how? I'm using mailscanner, spamassassin, postfix,ldap Is it possible to create something like google or yahoo that locate the mail flagged as spam in a specific directory where the user will be able or to read it or delete it ? how? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070902/f6b22b90/attachment.html From list-mailscanner at linguaphone.com Sun Sep 2 13:32:29 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Sun Sep 2 13:32:34 2007 Subject: mailscanner automaticlly delete spam? In-Reply-To: <44c071aa0709020521gd3c87f7h7fcc0366cd79d689@mail.gmail.com> Message-ID: Yes in the spam or high scoring spam actions simply dont specify 'deliver'. Or you could use the custom spam actions rule to say that if the spam score is over x then non-deliver. To store mail flagged spam in a different directory then you need to be running an IMAP server such as CyrusIMAP and then use a procmail filter. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of infolistas listas Sent: 02 September 2007 13:21 To: MailScanner discussion Subject: mailscanner automaticlly delete spam? Hello mailscanner users, is it possible to automaticlly delete all mail flagged as spam?how? I'm using mailscanner, spamassassin, postfix,ldap Is it possible to create something like google or yahoo that locate the mail flagged as spam in a specific directory where the user will be able or to read it or delete it ? how? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070902/835a06f1/attachment.html From grupolistas at gmail.com Sun Sep 2 13:49:46 2007 From: grupolistas at gmail.com (infolistas listas) Date: Sun Sep 2 13:49:52 2007 Subject: mailscanner automaticlly delete spam? In-Reply-To: References: <44c071aa0709020521gd3c87f7h7fcc0366cd79d689@mail.gmail.com> Message-ID: <44c071aa0709020549x108720dbudb2c33d0fff947c6@mail.gmail.com> Could I simple use ? Spam Actions = delete High Scoring Spam Actions = delete 2007/9/2, Gareth : > > Yes in the spam or high scoring spam actions simply dont specify > 'deliver'. Or you could use the custom spam actions rule to say that if the > spam score is over x then non-deliver. > > To store mail flagged spam in a different directory then you need to be > running an IMAP server such as CyrusIMAP and then use a procmail filter. > > -----Original Message----- > *From:* mailscanner-bounces@lists.mailscanner.info [mailto: > mailscanner-bounces@lists.mailscanner.info]*On Behalf Of *infolistas > listas > *Sent:* 02 September 2007 13:21 > *To:* MailScanner discussion > *Subject:* mailscanner automaticlly delete spam? > > Hello mailscanner users, is it possible to automaticlly delete all mail > flagged as spam?how? > I'm using mailscanner, spamassassin, postfix,ldap > > Is it possible to create something like google or yahoo that locate the > mail flagged as spam in a specific directory where the user will be able or > to read it or delete it ? how? > > Thanks > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070902/833d23e6/attachment.html From glenn.steen at gmail.com Sun Sep 2 14:11:30 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Sep 2 14:11:32 2007 Subject: mailscanner automaticlly delete spam? In-Reply-To: <44c071aa0709020549x108720dbudb2c33d0fff947c6@mail.gmail.com> References: <44c071aa0709020521gd3c87f7h7fcc0366cd79d689@mail.gmail.com> <44c071aa0709020549x108720dbudb2c33d0fff947c6@mail.gmail.com> Message-ID: <223f97700709020611s3f2a3c68pbf5438f510b687f3@mail.gmail.com> On 02/09/07, infolistas listas wrote: > Could I simple use ? > Spam Actions = delete > High Scoring Spam Actions = delete Yes you could. Or, if you are afraid of false positives, you could have at least: Spam Actions = store delete ... That way it'd still be in the quarantine, releasable to the recipient(s). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Sun Sep 2 14:19:38 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Sep 2 14:19:55 2007 Subject: MailScanner ANNOUNCE: Stable release 4.63.7 In-Reply-To: <5F0FDB0F-7A43-4D09-B3EF-A511526F26D1@gray.net.au> References: <46D9812D.3090600@ecs.soton.ac.uk> <5F0FDB0F-7A43-4D09-B3EF-A511526F26D1@gray.net.au> Message-ID: <46DAB86A.20405@ecs.soton.ac.uk> James Gray wrote: > On 02/09/2007, at 1:11 AM, Julian Field wrote: > >> I have just released the latest stable version 4.63.7. > > Super! I downloaded the latest beta 24 hours ago...looks like another > download for me :) > >> The full Change Log is this: >> >> * New Features and Improvements * >> 1 Improved init.d script, so that 'service MailScanner restart' or >> '/etc/init.d/MailScanner restart' runs faster. It pauses for just long >> enough for the old MailScanner to die gracefully, and starts up the >> new one >> as soon as the old one has died. Previously, it just waited for a fixed >> length of time which was much longer than needed for most people. > > I wrote an init script a while ago for slow machines that loops > waiting for MailScanner children and parent to terminate with a > configurable delay loop. If you're interested: > http://files.gray.net.au/MailScanner/mailscanner-slow.sh > > I just had a look at it and it isn't the best shell script I've ever > written, but in my defence, I wrote it years ago when I was relatively > inexperienced at it. Still, the logic in it is sound, although there > is no check for infinite loops in the delay loop. It wouldn't be hard > to implement a counter though and after 'n' delay loops, do something > other than keep waiting (bail with an error, attempt the SIGKILL the > remaining PID's, whatever). > > Just thought this may be useful rather than an arbitrary delay period, > to actually check to see if there are any MailScanner PID's still around. But that's exactly what my improvement to my init.d script does. It doesn't wait for an arbitrary delay period, that's the point of my improvement. Please take a look at my script, the "stop" code does this: $0 stop echo -n 'Waiting for MailScanner to die gracefully ' while ( ps ax | grep -q '[M]ailScanner:' ) do echo -n . sleep 1 done echo ' dead.' sleep 1 $0 start Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From shuttlebox at gmail.com Sun Sep 2 14:21:24 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Sun Sep 2 14:21:26 2007 Subject: mailscanner automaticlly delete spam? In-Reply-To: <223f97700709020611s3f2a3c68pbf5438f510b687f3@mail.gmail.com> References: <44c071aa0709020521gd3c87f7h7fcc0366cd79d689@mail.gmail.com> <44c071aa0709020549x108720dbudb2c33d0fff947c6@mail.gmail.com> <223f97700709020611s3f2a3c68pbf5438f510b687f3@mail.gmail.com> Message-ID: <625385e30709020621h48e0928as8a5645aad31b3121@mail.gmail.com> On 9/2/07, Glenn Steen wrote: > Spam Actions = store delete ...or just store since delete is redundant in that case. -- /peter From MailScanner at ecs.soton.ac.uk Sun Sep 2 14:22:08 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Sep 2 14:23:07 2007 Subject: MailScanner ANNOUNCE: Stable release 4.63.7 In-Reply-To: <46DAB86A.20405@ecs.soton.ac.uk> References: <46D9812D.3090600@ecs.soton.ac.uk> <5F0FDB0F-7A43-4D09-B3EF-A511526F26D1@gray.net.au> <46DAB86A.20405@ecs.soton.ac.uk> Message-ID: <46DAB900.7010006@ecs.soton.ac.uk> Julian Field wrote: > > > James Gray wrote: >> On 02/09/2007, at 1:11 AM, Julian Field wrote: >> >>> I have just released the latest stable version 4.63.7. >> >> Super! I downloaded the latest beta 24 hours ago...looks like another >> download for me :) >> >>> The full Change Log is this: >>> >>> * New Features and Improvements * >>> 1 Improved init.d script, so that 'service MailScanner restart' or >>> '/etc/init.d/MailScanner restart' runs faster. It pauses for just long >>> enough for the old MailScanner to die gracefully, and starts up the >>> new one >>> as soon as the old one has died. Previously, it just waited for a >>> fixed >>> length of time which was much longer than needed for most people. >> >> I wrote an init script a while ago for slow machines that loops >> waiting for MailScanner children and parent to terminate with a >> configurable delay loop. If you're interested: >> http://files.gray.net.au/MailScanner/mailscanner-slow.sh >> >> I just had a look at it and it isn't the best shell script I've ever >> written, but in my defence, I wrote it years ago when I was >> relatively inexperienced at it. Still, the logic in it is sound, >> although there is no check for infinite loops in the delay loop. It >> wouldn't be hard to implement a counter though and after 'n' delay >> loops, do something other than keep waiting (bail with an error, >> attempt the SIGKILL the remaining PID's, whatever). >> >> Just thought this may be useful rather than an arbitrary delay >> period, to actually check to see if there are any MailScanner PID's >> still around. > But that's exactly what my improvement to my init.d script does. It > doesn't wait for an arbitrary delay period, that's the point of my > improvement. Please take a look at my script, the "stop" code does this: Sorry, I mean the "restart" code does this: > > $0 stop > echo -n 'Waiting for MailScanner to die gracefully ' > while ( ps ax | grep -q '[M]ailScanner:' ) > do > echo -n . > sleep 1 > done > echo ' dead.' > sleep 1 > $0 start > > Jules > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From shuttlebox at gmail.com Sun Sep 2 14:25:21 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Sun Sep 2 14:25:24 2007 Subject: MailScanner ANNOUNCE: Stable release 4.63.7 In-Reply-To: <46DAB86A.20405@ecs.soton.ac.uk> References: <46D9812D.3090600@ecs.soton.ac.uk> <5F0FDB0F-7A43-4D09-B3EF-A511526F26D1@gray.net.au> <46DAB86A.20405@ecs.soton.ac.uk> Message-ID: <625385e30709020625r629156efg9c4775411e4038f0@mail.gmail.com> On 9/2/07, Julian Field wrote: > But that's exactly what my improvement to my init.d script does. It > doesn't wait for an arbitrary delay period, that's the point of my > improvement. Please take a look at my script, the "stop" code does this: I think he just wanted to brag about doing that before you. ;-) Just kidding. :-) I took the liberty of implementing the same thing in the Blastwave release of 4.62. I will submit 4.63 tomorrow. Solaris users, look here: http://www.blastwave.org/packages/CSWmailscanner -- /peter From grupolistas at gmail.com Sun Sep 2 14:29:06 2007 From: grupolistas at gmail.com (infolistas listas) Date: Sun Sep 2 14:29:09 2007 Subject: mailscanner automaticlly delete spam? In-Reply-To: <625385e30709020621h48e0928as8a5645aad31b3121@mail.gmail.com> References: <44c071aa0709020521gd3c87f7h7fcc0366cd79d689@mail.gmail.com> <44c071aa0709020549x108720dbudb2c33d0fff947c6@mail.gmail.com> <223f97700709020611s3f2a3c68pbf5438f510b687f3@mail.gmail.com> <625385e30709020621h48e0928as8a5645aad31b3121@mail.gmail.com> Message-ID: <44c071aa0709020629s3f93d956t92a149bf8edd3724@mail.gmail.com> thanks. 2007/9/2, shuttlebox : > > On 9/2/07, Glenn Steen wrote: > > Spam Actions = store delete > > ...or just store since delete is redundant in that case. > > -- > /peter > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070902/e23006b8/attachment.html From grupolistas at gmail.com Sun Sep 2 14:45:40 2007 From: grupolistas at gmail.com (infolistas listas) Date: Sun Sep 2 14:45:44 2007 Subject: mailscanner automaticlly delete spam? In-Reply-To: <44c071aa0709020629s3f93d956t92a149bf8edd3724@mail.gmail.com> References: <44c071aa0709020521gd3c87f7h7fcc0366cd79d689@mail.gmail.com> <44c071aa0709020549x108720dbudb2c33d0fff947c6@mail.gmail.com> <223f97700709020611s3f2a3c68pbf5438f510b687f3@mail.gmail.com> <625385e30709020621h48e0928as8a5645aad31b3121@mail.gmail.com> <44c071aa0709020629s3f93d956t92a149bf8edd3724@mail.gmail.com> Message-ID: <44c071aa0709020645m63a1b090gd83cc07355918321@mail.gmail.com> where do these deleted mail go? Are they completlly descarted from the system or is it stored somewhere in mailscanner folder etc? 2007/9/2, infolistas listas : > > thanks. > > 2007/9/2, shuttlebox : > > > > On 9/2/07, Glenn Steen wrote: > > > Spam Actions = store delete > > > > ...or just store since delete is redundant in that case. > > > > -- > > /peter > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070902/fb143362/attachment.html From shuttlebox at gmail.com Sun Sep 2 15:03:20 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Sun Sep 2 15:03:24 2007 Subject: mailscanner automaticlly delete spam? In-Reply-To: <44c071aa0709020645m63a1b090gd83cc07355918321@mail.gmail.com> References: <44c071aa0709020521gd3c87f7h7fcc0366cd79d689@mail.gmail.com> <44c071aa0709020549x108720dbudb2c33d0fff947c6@mail.gmail.com> <223f97700709020611s3f2a3c68pbf5438f510b687f3@mail.gmail.com> <625385e30709020621h48e0928as8a5645aad31b3121@mail.gmail.com> <44c071aa0709020629s3f93d956t92a149bf8edd3724@mail.gmail.com> <44c071aa0709020645m63a1b090gd83cc07355918321@mail.gmail.com> Message-ID: <625385e30709020703s6098df4av3f8af771047df6@mail.gmail.com> On 9/2/07, infolistas listas wrote: > where do these deleted mail go? Are they completlly descarted from the > system or is it stored somewhere in mailscanner folder etc? It's pretty well described right there in MailScanner.conf. Delete is what it sounds like, the message is not sent on and it's not stored in any way. Store is also what it sounds like and maybe what you need here, the message gets stored in the quarantine which is also defined in MailScanner.conf. Note that each action does only one thing, you have to add more actions to do more things. -- /peter From tmartins at gmail.com Sun Sep 2 20:51:48 2007 From: tmartins at gmail.com (Thiago Martins) Date: Sun Sep 2 20:51:50 2007 Subject: MailScanner ANNOUNCE: Stable release 4.63.7 In-Reply-To: <625385e30709020625r629156efg9c4775411e4038f0@mail.gmail.com> References: <46D9812D.3090600@ecs.soton.ac.uk> <5F0FDB0F-7A43-4D09-B3EF-A511526F26D1@gray.net.au> <46DAB86A.20405@ecs.soton.ac.uk> <625385e30709020625r629156efg9c4775411e4038f0@mail.gmail.com> Message-ID: Thanks for another great release. There is a very good list of sites used in phishing fraud here: http://www.malware.com.br/ I use it on SA, but I will try it on MailScanner too. []'s Thiago On 9/2/07, shuttlebox wrote: > > On 9/2/07, Julian Field wrote: > > But that's exactly what my improvement to my init.d script does. It > > doesn't wait for an arbitrary delay period, that's the point of my > > improvement. Please take a look at my script, the "stop" code does this: > > I think he just wanted to brag about doing that before you. ;-) Just > kidding. :-) > > I took the liberty of implementing the same thing in the Blastwave > release of 4.62. I will submit 4.63 tomorrow. > > Solaris users, look here: http://www.blastwave.org/packages/CSWmailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070902/680d3dfb/attachment.html From mikej at rogers.com Sun Sep 2 21:00:12 2007 From: mikej at rogers.com (Mike Jakubik) Date: Sun Sep 2 21:00:16 2007 Subject: MailScanner ANNOUNCE: Stable release 4.63.7 In-Reply-To: <625385e30709020625r629156efg9c4775411e4038f0@mail.gmail.com> References: <46D9812D.3090600@ecs.soton.ac.uk> <5F0FDB0F-7A43-4D09-B3EF-A511526F26D1@gray.net.au> <46DAB86A.20405@ecs.soton.ac.uk> <625385e30709020625r629156efg9c4775411e4038f0@mail.gmail.com> Message-ID: <46DB164C.5060702@rogers.com> shuttlebox wrote: > On 9/2/07, Julian Field wrote: > >> But that's exactly what my improvement to my init.d script does. It >> doesn't wait for an arbitrary delay period, that's the point of my >> improvement. Please take a look at my script, the "stop" code does this: >> > > I think he just wanted to brag about doing that before you. ;-) Just > kidding. :-) > > I took the liberty of implementing the same thing in the Blastwave > release of 4.62. I will submit 4.63 tomorrow. > > Solaris users, look here: http://www.blastwave.org/packages/CSWmailscanner > > As long as everyone is bragging, id like to point out that this has already been done in the FreeBSD port, many releases ago :) From MailScanner at ecs.soton.ac.uk Sun Sep 2 21:13:43 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Sep 2 21:14:16 2007 Subject: MailScanner ANNOUNCE: Stable release 4.63.7 In-Reply-To: References: <46D9812D.3090600@ecs.soton.ac.uk> <5F0FDB0F-7A43-4D09-B3EF-A511526F26D1@gray.net.au> <46DAB86A.20405@ecs.soton.ac.uk> <625385e30709020625r629156efg9c4775411e4038f0@mail.gmail.com> Message-ID: <46DB1977.9040908@ecs.soton.ac.uk> No worries, hope you find it useful. My list of known bad phishing sites is provided by a company who are probably the largest sellers on the internet. I can't say any more as it is provided under a very strict NDA, and I don't want to spend my life in court :-) I have also added the Solaris Blastwave package to the downloads page, as this should make it a whole lot easier for Solaris users to get their system going. Thiago Martins wrote: > Thanks for another great release. > > There is a very good list of sites used in phishing fraud here: > http://www.malware.com.br/ > > I use it on SA, but I will try it on MailScanner too. > > []'s > Thiago > > On 9/2/07, *shuttlebox* > wrote: > > On 9/2/07, Julian Field > wrote: > > But that's exactly what my improvement to my init.d script does. It > > doesn't wait for an arbitrary delay period, that's the point of my > > improvement. Please take a look at my script, the "stop" code > does this: > > I think he just wanted to brag about doing that before you. ;-) Just > kidding. :-) > > I took the liberty of implementing the same thing in the Blastwave > release of 4.62. I will submit 4.63 tomorrow. > > Solaris users, look here: > http://www.blastwave.org/packages/CSWmailscanner > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Sun Sep 2 21:14:52 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Sep 2 21:15:08 2007 Subject: MailScanner ANNOUNCE: Stable release 4.63.7 In-Reply-To: <46DB164C.5060702@rogers.com> References: <46D9812D.3090600@ecs.soton.ac.uk> <5F0FDB0F-7A43-4D09-B3EF-A511526F26D1@gray.net.au> <46DAB86A.20405@ecs.soton.ac.uk> <625385e30709020625r629156efg9c4775411e4038f0@mail.gmail.com> <46DB164C.5060702@rogers.com> Message-ID: <46DB19BC.6010005@ecs.soton.ac.uk> Mike Jakubik wrote: > shuttlebox wrote: >> On 9/2/07, Julian Field wrote: >> >>> But that's exactly what my improvement to my init.d script does. It >>> doesn't wait for an arbitrary delay period, that's the point of my >>> improvement. Please take a look at my script, the "stop" code does >>> this: >>> >> >> I think he just wanted to brag about doing that before you. ;-) Just >> kidding. :-) >> >> I took the liberty of implementing the same thing in the Blastwave >> release of 4.62. I will submit 4.63 tomorrow. >> >> Solaris users, look here: >> http://www.blastwave.org/packages/CSWmailscanner >> >> > > As long as everyone is bragging, id like to point out that this has > already been done in the FreeBSD port, many releases ago :) > Shame they didn't get me to incorporate it into the main distributions when they wrote it... :-) Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From maillists at conactive.com Sun Sep 2 21:31:22 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Sep 2 21:31:24 2007 Subject: Heavy increase in spam influx this week? In-Reply-To: <46D855F5.70605@pa.net> References: <46D72A1A.5020701@slackadelic.com> <46D72D2E.10001@evi-inc.com> <46D855F5.70605@pa.net> Message-ID: Leland J. Steinke wrote on Fri, 31 Aug 2007 13:55:01 -0400: > smtpd_timeout? Thanks, that helped me find the relevant documentation on postfix.org :-) I've set this to 1m and also added a few other, newer options that our Postfix setups didn't have. This helped to reduce the hanging conenctions to a reasonable amount. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From rwahyudi at gmail.com Sun Sep 2 22:01:47 2007 From: rwahyudi at gmail.com (R Wahyudi) Date: Sun Sep 2 22:01:50 2007 Subject: MailScanner rulesets lookup table Message-ID: <9173fd7e0709021401k647dedcbkb1ab8359cac0c979@mail.gmail.com> Hi, Does mailscanner has some option to specify ruleset lookup method ? ie . with postfix you can do lookup using flat file, cdb, pcre, , mysql, ldap etc .. Rianto Wahyudi From v at vladville.com Sun Sep 2 23:05:49 2007 From: v at vladville.com (Vlad Mazek) Date: Sun Sep 2 23:05:54 2007 Subject: Heavy increase in spam influx this week? In-Reply-To: References: <46D855F5.70605@pa.net> Message-ID: How do you manage concurrent connections in Sendmail? I know about confCONNECTION_RATE_THROTTLE and WINDOW_SIZE but is there anything that will limit the number of concurrent connections from a single IP address? -Vlad On 8/31/07, Gareth wrote: > > cat /var/log/maillog | grep -E "(connection count|concurrency)" > Looking through my logs there have been the odd one or two IP addresses in > the past with about 10 active connections at once but starting from the > 27th > I started to see connection of over 20 concurrent. > > I have dropped the concurrent connections per IP from 50 down to 5. We > only > have a 1Mbps internet connection so if any genuine person tries to send us > more than that at the same time I would prefer to limit it to conserve > bandwidth anyway. > > I think I'll do what you did and reduce the smptd_timeout aswell. > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Leland > > J. Steinke > > Sent: 31 August 2007 18:55 > > To: MailScanner discussion > > Subject: Re: Heavy increase in spam influx this week? > > > > > > Kai Schaetzl wrote: > > > > > My Postfix machines still suffer from the backlog of bots, as I > > haven't checked yet > > > if Postfix provides similar time-out options. Anyone knows? > > > > smtpd_timeout? > > > > I started reducing this from 300s to 120s several moments ago, after > > catching up on my email after a particularly long meeting discussing, > > among other things, requirements for new spam/virus filtering servers... > > > > > > Leland > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -Vlad -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070902/dbd9d2ec/attachment.html From mike at vesol.com Mon Sep 3 00:34:56 2007 From: mike at vesol.com (Mike Kercher) Date: Mon Sep 3 00:39:44 2007 Subject: Heavy increase in spam influx this week? In-Reply-To: References: <46D855F5.70605@pa.net> Message-ID: <6115482898C59848B35DB9D491C9A28E04BBEB@srv1.home.middlefinger.net> http://technoids.org/dossed.html ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Vlad Mazek Sent: Sunday, September 02, 2007 5:06 PM To: MailScanner discussion Subject: Re: Heavy increase in spam influx this week? How do you manage concurrent connections in Sendmail? I know about confCONNECTION_RATE_THROTTLE and WINDOW_SIZE but is there anything that will limit the number of concurrent connections from a single IP address? -Vlad On 8/31/07, Gareth wrote: cat /var/log/maillog | grep -E "(connection count|concurrency)" Looking through my logs there have been the odd one or two IP addresses in the past with about 10 active connections at once but starting from the 27th I started to see connection of over 20 concurrent. I have dropped the concurrent connections per IP from 50 down to 5. We only have a 1Mbps internet connection so if any genuine person tries to send us more than that at the same time I would prefer to limit it to conserve bandwidth anyway. I think I'll do what you did and reduce the smptd_timeout aswell. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Leland > J. Steinke > Sent: 31 August 2007 18:55 > To: MailScanner discussion > Subject: Re: Heavy increase in spam influx this week? > > > Kai Schaetzl wrote: > > > My Postfix machines still suffer from the backlog of bots, as I > haven't checked yet > > if Postfix provides similar time-out options. Anyone knows? > > smtpd_timeout? > > I started reducing this from 300s to 120s several moments ago, after > catching up on my email after a particularly long meeting discussing, > among other things, requirements for new spam/virus filtering servers... > > > Leland > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- -Vlad From michael at dilworth.net Mon Sep 3 00:55:12 2007 From: michael at dilworth.net (Michael R. Dilworth) Date: Mon Sep 3 00:55:29 2007 Subject: Heavy increase in spam, (now lingering connections to sendmail/etc.) In-Reply-To: Message-ID: <037501c7edbc$b39c2da0$5713cc40@OCEANII> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Vlad Mazek Sent: Sunday, September 02, 2007 3:06 PM To: MailScanner discussion Subject: Re: Heavy increase in spam influx this week? How do you manage concurrent connections in Sendmail? I know about confCONNECTION_RATE_THROTTLE and WINDOW_SIZE but is there anything that will limit the number of concurrent connections from a single IP address? -Vlad On 8/31/07, Gareth wrote: cat /var/log/maillog | grep -E "(connection count|concurrency)" Looking through my logs there have been the odd one or two IP addresses in the past with about 10 active connections at once but starting from the 27th I started to see connection of over 20 concurrent. I have dropped the concurrent connections per IP from 50 down to 5. We only have a 1Mbps internet connection so if any genuine person tries to send us more than that at the same time I would prefer to limit it to conserve bandwidth anyway. I think I'll do what you did and reduce the smptd_timeout aswell. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Leland > J. Steinke > Sent: 31 August 2007 18:55 > To: MailScanner discussion > Subject: Re: Heavy increase in spam influx this week? > > > Kai Schaetzl wrote: > > > My Postfix machines still suffer from the backlog of bots, as I > haven't checked yet > > if Postfix provides similar time-out options. Anyone knows? > > smtpd_timeout? > > I started reducing this from 300s to 120s several moments ago, after > catching up on my email after a particularly long meeting discussing, > among other things, requirements for new spam/virus filtering servers... > > > Leland > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > Not from a single IP, "that I know of", however as stated earlier in the thread: Setting: define(`confTO_COMMAND',`??m') and: define(`confMAX_DAEMON_CHILDREN', ???) Will help/solve the current problem, I agree with other's, it is a broken bot that leaves the connection open, causing one of two things in sendmail: A: wastes a lot of memory for an hour until the connection times out ( default setting) B: hits your Max Daemon Children setting and start's rejecting connections. As for exact numbers It does depend on your setup, I'm running 15m for Command and 512 for children. Question from ME! what does sendmail respond with in the B case? Reject or TempFail? This problem started on Tuesday of last week for me. I was not paying attention, and the server did recover. (after an hour or so). Note to self: don't delete threads automatically based on subject. Also a request, when the "subject" changes drastically such as this one has, Maintain the thread or not, but please change/alter the subject. From v at vladville.com Mon Sep 3 03:39:24 2007 From: v at vladville.com (Vlad Mazek) Date: Mon Sep 3 03:39:28 2007 Subject: Heavy increase in spam influx this week? In-Reply-To: <6115482898C59848B35DB9D491C9A28E04BBEB@srv1.home.middlefinger.net> References: <46D855F5.70605@pa.net> <6115482898C59848B35DB9D491C9A28E04BBEB@srv1.home.middlefinger.net> Message-ID: Aaah. So reading TFM helps :) Thanks Mike, that did it. -Vlad On 9/2/07, Mike Kercher wrote: > > http://technoids.org/dossed.html > > > > ________________________________ > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Vlad > Mazek > Sent: Sunday, September 02, 2007 5:06 PM > To: MailScanner discussion > Subject: Re: Heavy increase in spam influx this week? > > > How do you manage concurrent connections in Sendmail? I know > about confCONNECTION_RATE_THROTTLE and WINDOW_SIZE but is there > anything that will limit the number of concurrent connections from a > single IP address? > > -Vlad > > > On 8/31/07, Gareth wrote: > > cat /var/log/maillog | grep -E "(connection > count|concurrency)" > Looking through my logs there have been the odd one or > two IP addresses in > the past with about 10 active connections at once but > starting from the 27th > I started to see connection of over 20 concurrent. > > I have dropped the concurrent connections per IP from 50 > down to 5. We only > have a 1Mbps internet connection so if any genuine > person tries to send us > more than that at the same time I would prefer to limit > it to conserve > bandwidth anyway. > > I think I'll do what you did and reduce the > smptd_timeout aswell. > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info]On > Behalf Of Leland > > J. Steinke > > Sent: 31 August 2007 18:55 > > To: MailScanner discussion > > Subject: Re: Heavy increase in spam influx this week? > > > > > > Kai Schaetzl wrote: > > > > > My Postfix machines still suffer from the backlog of > bots, as I > > haven't checked yet > > > if Postfix provides similar time-out options. Anyone > knows? > > > > smtpd_timeout? > > > > I started reducing this from 300s to 120s several > moments ago, after > > catching up on my email after a particularly long > meeting discussing, > > among other things, requirements for new spam/virus > filtering servers... > > > > > > Leland > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read > http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the > website! > > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read > http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > > > > > > -- > -Vlad > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -Vlad -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070902/31ac25e6/attachment-0001.html From mike at vesol.com Mon Sep 3 05:12:11 2007 From: mike at vesol.com (Mike Kercher) Date: Mon Sep 3 05:15:55 2007 Subject: Heavy increase in spam influx this week? In-Reply-To: References: <46D855F5.70605@pa.net><6115482898C59848B35DB9D491C9A28E04BBEB@srv1.home.middlefinger.net> Message-ID: <6115482898C59848B35DB9D491C9A28E04BBEF@srv1.home.middlefinger.net> Glad to help! :) ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Vlad Mazek Sent: Sunday, September 02, 2007 9:39 PM To: MailScanner discussion Subject: Re: Heavy increase in spam influx this week? Aaah. So reading TFM helps :) Thanks Mike, that did it. -Vlad On 9/2/07, Mike Kercher wrote: http://technoids.org/dossed.html ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto: mailscanner-bounces@lists.mailscanner.info ] On Behalf Of Vlad Mazek Sent: Sunday, September 02, 2007 5:06 PM To: MailScanner discussion Subject: Re: Heavy increase in spam influx this week? How do you manage concurrent connections in Sendmail? I know about confCONNECTION_RATE_THROTTLE and WINDOW_SIZE but is there anything that will limit the number of concurrent connections from a single IP address? -Vlad On 8/31/07, Gareth wrote: cat /var/log/maillog | grep -E "(connection count|concurrency)" Looking through my logs there have been the odd one or two IP addresses in the past with about 10 active connections at once but starting from the 27th I started to see connection of over 20 concurrent. I have dropped the concurrent connections per IP from 50 down to 5. We only have a 1Mbps internet connection so if any genuine person tries to send us more than that at the same time I would prefer to limit it to conserve bandwidth anyway. I think I'll do what you did and reduce the smptd_timeout aswell. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info ]On Behalf Of Leland > J. Steinke > Sent: 31 August 2007 18:55 > To: MailScanner discussion > Subject: Re: Heavy increase in spam influx this week? > > > Kai Schaetzl wrote: > > > My Postfix machines still suffer from the backlog of bots, as I > haven't checked yet > > if Postfix provides similar time-out options. Anyone knows? > > smtpd_timeout? > > I started reducing this from 300s to 120s several moments ago, after > catching up on my email after a particularly long meeting discussing, > among other things, requirements for new spam/virus filtering servers... > > > Leland > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- -Vlad -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- -Vlad From maillists at conactive.com Mon Sep 3 09:31:27 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Sep 3 09:31:30 2007 Subject: Heavy increase in spam, (now lingering connections to sendmail/etc.) In-Reply-To: <037501c7edbc$b39c2da0$5713cc40@OCEANII> References: <037501c7edbc$b39c2da0$5713cc40@OCEANII> Message-ID: Michael R. Dilworth wrote on Sun, 2 Sep 2007 16:55:12 -0700: > Not from a single IP, "that I know of", If you are running 8.13 or newer then you can do that. There is a new directive conncontrol that limits the concurrent connections per IP. > Question from ME! what does sendmail respond with in the B case? It tempfails. > Note to self: don't delete threads automatically based on subject. > Also a request, when the "subject" changes drastically such as > this one has, Maintain the thread or not, but please change/alter > the subject. Actually, the subject didn't change "drastically", it didn't change at all. It's still about "Heavy increase in spam". > x-dilworth.net-mailscanner-information: remove the ".", it's not allowed there. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Mon Sep 3 11:48:55 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 3 11:49:14 2007 Subject: MailScanner rulesets lookup table In-Reply-To: <9173fd7e0709021401k647dedcbkb1ab8359cac0c979@mail.gmail.com> References: <9173fd7e0709021401k647dedcbkb1ab8359cac0c979@mail.gmail.com> Message-ID: <46DBE697.3030001@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 No, there isn't. A rule is a triple of direction, address, and result. As such it doesn't lend itself to storage in cdb or other simple key/value lookup tables. R Wahyudi wrote: > Hi, > > Does mailscanner has some option to specify ruleset lookup method ? > > ie . with postfix you can do lookup using flat file, cdb, pcre, , > mysql, ldap etc .. > > > Rianto Wahyudi > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFG2+aYEfZZRxQVtlQRAlqmAKDs+vYVdcE6+nIj5x/7KbCZ9+qTJwCgwsus QUp5Ya3IvFVY44BJsW0DI7U= =N1Pb -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From list-mailscanner at linguaphone.com Mon Sep 3 11:51:41 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Sep 3 11:51:50 2007 Subject: Prombel with rule actions Message-ID: <1188816701.17617.6.camel@gblades-suse.linguaphone-intranet.co.uk> I have just upgraded and have set the following in the configuration :- SpamAssassin Rule Actions = SpamScore>=25=>store,non-deliver It correctly does not deliver the mail but it does not seem to be putting it in the quaranteen directory. I would like it to quaranteen the mail in the same way that it does a virus so that it shows up in the quaranteen when I use mailscanner. Have I made a mistake with the syntax or it is saving the file somewhere else? Thanks Gareth From viralert at fadalto.com Mon Sep 3 11:54:39 2007 From: viralert at fadalto.com (Phil) Date: Mon Sep 3 11:54:57 2007 Subject: HELP ME PLEASE: MCP In-Reply-To: <46D1E2A5.4090500@ecs.soton.ac.uk> References: <200708261100.l7QB02E8013272@safir.blacknight.ie> <000801c7e81e$953686b0$cc01a8c0@Dual> <46D1E2A5.4090500@ecs.soton.ac.uk> Message-ID: <20070903105205.M86793@yatta-it.com> Hi all, I'm using now new MailScanner-4.63.7-2. The problem is the same and I'm go crazy. MCP messages are not forwarded to my spam trash user. Even if I configure MS to deliver MCP messages, they disappear and will not deliver. My configuration sectio is: Non MCP Actions = deliver MCP Actions = store forward spammy@yatta-it.com High Scoring MCP Actions = store spammy@yatta-it.com Bounce MCP As Attachment = no Please, please, I'm begging you, could you please help me? Many thanks to all! Phil From list-mailscanner at linguaphone.com Mon Sep 3 12:28:56 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Sep 3 12:29:06 2007 Subject: mailscanner.conf correction Message-ID: <1188818936.17619.9.camel@gblades-suse.linguaphone-intranet.co.uk> # You can also trigger actions on the spam score of the message. You can # compare the spam score with a number and cause this to trigger an action. # For example, instead of a SA_RULENAME you can specify # SpamScore>number or SpamScore>=number or SpamScore==number or # SpamScore25=>delete The last line should be # SpamScore>25=>delete From MailScanner at ecs.soton.ac.uk Mon Sep 3 12:32:47 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 3 12:34:00 2007 Subject: Prombel with rule actions In-Reply-To: <1188816701.17617.6.camel@gblades-suse.linguaphone-intranet.co.uk> References: <1188816701.17617.6.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <46DBF0DF.70601@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gareth wrote: > I have just upgraded and have set the following in the configuration :- > > SpamAssassin Rule Actions = SpamScore>=25=>store,non-deliver > > It correctly does not deliver the mail but it does not seem to be > putting it in the quaranteen directory. I would like it to quaranteen > the mail in the same way that it does a virus so that it shows up in the > quaranteen when I use mailscanner. > It should go in the spam quarantine. Have you checked there? > Have I made a mistake with the syntax or it is saving the file somewhere > else? > > Thanks > Gareth > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFG2/DfEfZZRxQVtlQRAh/0AKCY3rh9qdRCItaWif0YafKbbVmwLACgkkJB ceG7/KnEo/F74nQTHVXe1zA= =YsDX -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From list-mailscanner at linguaphone.com Mon Sep 3 12:40:17 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Sep 3 12:40:25 2007 Subject: Prombem with rule actions In-Reply-To: <46DBF0DF.70601@ecs.soton.ac.uk> References: <1188816701.17617.6.camel@gblades-suse.linguaphone-intranet.co.uk> <46DBF0DF.70601@ecs.soton.ac.uk> Message-ID: <1188819617.17622.13.camel@gblades-suse.linguaphone-intranet.co.uk> On Mon, 2007-09-03 at 12:32, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Gareth wrote: > > I have just upgraded and have set the following in the configuration :- > > > > SpamAssassin Rule Actions = SpamScore>=25=>store,non-deliver > > > > It correctly does not deliver the mail but it does not seem to be > > putting it in the quaranteen directory. I would like it to quaranteen > > the mail in the same way that it does a virus so that it shows up in the > > quaranteen when I use mailscanner. > > > It should go in the spam quarantine. Have you checked there? Where is that? I would like it put in /var/spool/MailScanner/quarantine/yymmdd/ which is where the viruses and other blocked messages are stored. The problem I am having is that if there is a virus with a high score then it gets put somewhere else and mailwatch cannot show me the headers or even show what virus it was infected with. > > Have I made a mistake with the syntax or it is saving the file somewhere > > else? > > > > Thanks > > Gareth > > > > > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.3 (Build 3017) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFG2/DfEfZZRxQVtlQRAh/0AKCY3rh9qdRCItaWif0YafKbbVmwLACgkkJB > ceG7/KnEo/F74nQTHVXe1zA= > =YsDX > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk From davidj at synaq.com Mon Sep 3 12:49:10 2007 From: davidj at synaq.com (David Jacobson) Date: Mon Sep 3 12:49:19 2007 Subject: HELP ME PLEASE: MCP In-Reply-To: <20070903105205.M86793@yatta-it.com> References: <200708261100.l7QB02E8013272@safir.blacknight.ie> Message-ID: <1188820150.7202.26.camel@localhost> Hi, See comments inline. On Mon, 2007-09-03 at 12:54 +0200, Phil wrote: > Hi all, > > I'm using now new MailScanner-4.63.7-2. > > The problem is the same and I'm go crazy. > > MCP messages are not forwarded to my spam trash user. > > Even if I configure MS to deliver MCP messages, they disappear and will not deliver. > > My configuration sectio is: > > Non MCP Actions = deliver > MCP Actions = store forward spammy@yatta-it.com > High Scoring MCP Actions = store spammy@yatta-it.com This should be store forward spammy@yatta-it.com you have left out the forward. Your MCP action is probably reaching the High scoring threshold therefore not forwarding. > > Bounce MCP As Attachment = no > > > > > Please, please, I'm begging you, could you please help me? > > Many thanks to all! > > Phil > -- Regards, David Jacobson Technical Director SYNAQ (Pty) Ltd Tel: 011 245 5888 Direct: 011 245 5889 Fax: 011 783 9275 Cell: 083 235 0760 Mail: davidj@synaq.com Web: http://www.synaq.com Key Fingerprint 8246 FCE1 3C22 7EFB E61B 18DF 6E8B 65E8 BD50 78A1 From support-lists at petdoctors.co.uk Mon Sep 3 13:15:44 2007 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Mon Sep 3 13:16:56 2007 Subject: MailScanner ANNOUNCE: Stable release 4.63.7 In-Reply-To: <46DB1977.9040908@ecs.soton.ac.uk> Message-ID: <000001c7ee24$27835420$3c65a8c0@support01> > > >No worries, hope you find it useful. My list of known bad phishing sites >is provided by a company who are probably the largest sellers on the >internet. You got it from a porn company?! From viralert at fadalto.com Mon Sep 3 13:47:28 2007 From: viralert at fadalto.com (Phil) Date: Mon Sep 3 13:47:42 2007 Subject: HELP ME PLEASE: MCP In-Reply-To: <1188820150.7202.26.camel@localhost> References: <20070903105205.M86793@yatta-it.com> <1188820150.7202.26.camel@localhost> Message-ID: <20070903124728.M16375@fadalto.com> Ok, Sorry. Copying the conf the "forward" keys has been deleted. The config I'm using is: MCP Header = X-%org-name%-MailScanner-MCPCheck: Non MCP Actions = deliver MCP Actions = store forward spammy@yatta-it.com High Scoring MCP Actions = store forward spammy@yatta-it.com Bounce MCP As Attachment = no And, since I'm doing test, I'm sure I'm testing the MCP and not the HIGH-MCP :) Sincere thanks for the answer Phil ---------- Original Message ----------- From: David Jacobson To: MailScanner discussion Sent: Mon, 3 Sep 2007 13:49:10 +0200 Subject: Re: HELP ME PLEASE: MCP > Hi, > > See comments inline. > > On Mon, 2007-09-03 at 12:54 +0200, Phil wrote: > > Hi all, > > > > I'm using now new MailScanner-4.63.7-2. > > > > The problem is the same and I'm go crazy. > > > > MCP messages are not forwarded to my spam trash user. > > > > Even if I configure MS to deliver MCP messages, they disappear and will not deliver. > > > > My configuration sectio is: > > > > Non MCP Actions = deliver > > MCP Actions = store forward spammy@yatta-it.com > > High Scoring MCP Actions = store spammy@yatta-it.com > > This should be store forward spammy@yatta-it.com you have left out the > forward. Your MCP action is probably reaching the High scoring > threshold therefore not forwarding. > > > > > Bounce MCP As Attachment = no > > > > > > > > > > Please, please, I'm begging you, could you please help me? > > > > Many thanks to all! > > > > Phil > > > -- > Regards, > > David Jacobson > Technical Director > SYNAQ (Pty) Ltd > > Tel: 011 245 5888 > Direct: 011 245 5889 > Fax: 011 783 9275 > Cell: 083 235 0760 > Mail: davidj@synaq.com > Web: http://www.synaq.com > > Key Fingerprint > 8246 FCE1 3C22 7EFB E61B 18DF 6E8B 65E8 BD50 78A1 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ------- End of Original Message ------- From maillists at conactive.com Mon Sep 3 14:31:26 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Sep 3 14:31:31 2007 Subject: MailScanner ANNOUNCE: Stable release 4.63.7 In-Reply-To: <000001c7ee24$27835420$3c65a8c0@support01> References: <000001c7ee24$27835420$3c65a8c0@support01> Message-ID: Nigel Kendrick wrote on Mon, 3 Sep 2007 13:15:44 +0100: > You got it from a porn company?! Amazon would be the largest single seller on the net. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From shuttlebox at gmail.com Mon Sep 3 14:48:43 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Sep 3 14:48:55 2007 Subject: MailScanner ANNOUNCE: Stable release 4.63.7 In-Reply-To: <46DB1977.9040908@ecs.soton.ac.uk> References: <46D9812D.3090600@ecs.soton.ac.uk> <5F0FDB0F-7A43-4D09-B3EF-A511526F26D1@gray.net.au> <46DAB86A.20405@ecs.soton.ac.uk> <625385e30709020625r629156efg9c4775411e4038f0@mail.gmail.com> <46DB1977.9040908@ecs.soton.ac.uk> Message-ID: <625385e30709030648l3e30035aw8daada81ae97acba@mail.gmail.com> On 9/2/07, Julian Field wrote: > I have also added the Solaris Blastwave package to the downloads page, > as this should make it a whole lot easier for Solaris users to get their > system going. Thank you for that! Feels much more official now. :-) I have submitted 4.63 now but it will probably take around two days before it is approved and propagated to all mirrors. -- /peter From shuttlebox at gmail.com Mon Sep 3 16:18:30 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Sep 3 16:18:34 2007 Subject: Two minor fixes? Message-ID: <625385e30709030818r2b7dee17sba854e1148483864@mail.gmail.com> I have some small problems I would like looked at if possible. First is the method of finding out the PID of MS in the check_mailscanner script. It doesn't always work in Solaris since the output gets truncated and depending on your path the whole string MailScanner might not be available. This is what happens on Blastwave installs, the path doesn't contain MailScanner with uppercase M and S and the process itself gets truncated: # ps -ef | grep Mail root 8174 1 0 15:38:34 ? 0:00 /opt/csw/bin/perl -I/opt/csw/mailscanner/lib /opt/csw/mailscanner/bin/MailScann # /usr/ucb/ps auxww | egrep /opt/csw/mailscanner/bin/MailScanner'|'MailScanner'[:]' | grep -v grep | awk '{print $2}' # pgrep MailScanner 8174 Note that the first method returns nothing but pgrep works fine. I would suggest this simpler method, pgrep has been around since at least Solaris 8 so it should be safe to use: --- check_mailscanner Wed Aug 15 11:09:25 2007 +++ check_mailscanner.orig Wed Aug 15 11:20:29 2007 @@ -54,4 +54,5 @@ FGREP=fgrep EGREP=egrep +PGREP=pgrep PS=ps UNAME='uname -a' @@ -71,8 +72,5 @@ if $UNAME | $FGREP "SunOS" >/dev/null ; then # Version for Solaris/SysV systems: - pid=`/usr/ucb/ps auxww | - egrep $msbindir/$process'|'$process'[:]' | - grep -v grep | - awk '{print $2}'` + pid=`$PGREP $process` elif $UNAME | $FGREP "HP" >/dev/null ; then # Version for HP-UX The next one (also minor) is about Perl modules when running MailScanner -v. Date::Parse (TimeDate) seems to be required but it's not listed at all. -- /peter From MailScanner at ecs.soton.ac.uk Mon Sep 3 16:54:46 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 3 16:55:03 2007 Subject: Two minor fixes? In-Reply-To: <625385e30709030818r2b7dee17sba854e1148483864@mail.gmail.com> References: <625385e30709030818r2b7dee17sba854e1148483864@mail.gmail.com> Message-ID: <46DC2E46.6010406@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 shuttlebox wrote: > I have some small problems I would like looked at if possible. First > is the method of finding out the PID of MS in the check_mailscanner > script. It doesn't always work in Solaris since the output gets > truncated and depending on your path the whole string MailScanner > might not be available. This is what happens on Blastwave installs, > the path doesn't contain MailScanner with uppercase M and S and the > process itself gets truncated: > > # ps -ef | grep Mail > root 8174 1 0 15:38:34 ? 0:00 /opt/csw/bin/perl > -I/opt/csw/mailscanner/lib /opt/csw/mailscanner/bin/MailScann > # /usr/ucb/ps auxww | egrep > /opt/csw/mailscanner/bin/MailScanner'|'MailScanner'[:]' | grep -v grep > | awk '{print $2}' > # pgrep MailScanner > 8174 > > Note that the first method returns nothing but pgrep works fine. I > would suggest this simpler method, pgrep has been around since at > least Solaris 8 so it should be safe to use: > > --- check_mailscanner Wed Aug 15 11:09:25 2007 > +++ check_mailscanner.orig Wed Aug 15 11:20:29 2007 > @@ -54,4 +54,5 @@ > FGREP=fgrep > EGREP=egrep > +PGREP=pgrep > PS=ps > UNAME='uname -a' > @@ -71,8 +72,5 @@ > if $UNAME | $FGREP "SunOS" >/dev/null ; then > # Version for Solaris/SysV systems: > - pid=`/usr/ucb/ps auxww | > - egrep $msbindir/$process'|'$process'[:]' | > - grep -v grep | > - awk '{print $2}'` > + pid=`$PGREP $process` > What do the Blastwave guys think about using pgrep? Okay with you? > elif $UNAME | $FGREP "HP" >/dev/null ; then > # Version for HP-UX > > The next one (also minor) is about Perl modules when running > MailScanner -v. Date::Parse (TimeDate) seems to be required but it's > not listed at all. > TimeDate should be installed as part of the normal MailScanner install. Is it missing from Blastwave? Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFG3C5GEfZZRxQVtlQRAmdKAJsG613+NCZS+b+Dg+lYwWQcLzTitwCgoZjT qo9VyjD674Rm4IzCxxbvlfw= =GcQK -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From shuttlebox at gmail.com Mon Sep 3 17:45:11 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Sep 3 17:45:20 2007 Subject: Two minor fixes? In-Reply-To: <46DC2E46.6010406@ecs.soton.ac.uk> References: <625385e30709030818r2b7dee17sba854e1148483864@mail.gmail.com> <46DC2E46.6010406@ecs.soton.ac.uk> Message-ID: <625385e30709030945rf41618etc0ee537e6287cb15@mail.gmail.com> On 9/3/07, Julian Field wrote: > What do the Blastwave guys think about using pgrep? Okay with you? Yes, we support Solaris 8 as the oldest release so it's OK. > TimeDate should be installed as part of the normal MailScanner install. > Is it missing from Blastwave? No, I just meant it was missing from "MailScanner -v" output. Told you it was minor. :-) -- /peter From list-mailscanner at linguaphone.com Mon Sep 3 17:52:45 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Sep 3 17:52:47 2007 Subject: Prombem with rule actions In-Reply-To: <1188819617.17622.13.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: Any idea on this? I tried searching for where the 'store' option might be saving the files instead but I could not find anything. What option would I need to specify in order for them to be saved in the same place as quaranteened viruses and blocked attachments? > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Gareth > Sent: 03 September 2007 12:40 > To: MailScanner discussion > Subject: Re: Prombem with rule actions > > > On Mon, 2007-09-03 at 12:32, Julian Field wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > > > > Gareth wrote: > > > I have just upgraded and have set the following in the > configuration :- > > > > > > SpamAssassin Rule Actions = SpamScore>=25=>store,non-deliver > > > > > > It correctly does not deliver the mail but it does not seem to be > > > putting it in the quaranteen directory. I would like it to quaranteen > > > the mail in the same way that it does a virus so that it > shows up in the > > > quaranteen when I use mailscanner. > > > > > It should go in the spam quarantine. Have you checked there? > Where is that? > > I would like it put in /var/spool/MailScanner/quarantine/yymmdd/ which > is where the viruses and other blocked messages are stored. > > The problem I am having is that if there is a virus with a high score > then it gets put somewhere else and mailwatch cannot show me the headers > or even show what virus it was infected with. > > > > Have I made a mistake with the syntax or it is saving the > file somewhere > > > else? > > > > > > Thanks > > > Gareth > > > > > > > > > > Jules > > > > - -- > > Julian Field MEng CITP > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > Need help customising MailScanner? > > Contact me! > > Need help fixing or optimising your systems? > > Contact me! > > Need help getting you started solving new requirements from your boss? > > Contact me! > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP Desktop 9.6.3 (Build 3017) > > Comment: (pgp-secured) > > Charset: ISO-8859-1 > > > > wj8DBQFG2/DfEfZZRxQVtlQRAh/0AKCY3rh9qdRCItaWif0YafKbbVmwLACgkkJB > > ceG7/KnEo/F74nQTHVXe1zA= > > =YsDX > > -----END PGP SIGNATURE----- > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From MailScanner at ecs.soton.ac.uk Mon Sep 3 18:14:54 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 3 18:15:14 2007 Subject: Two minor fixes? In-Reply-To: <625385e30709030945rf41618etc0ee537e6287cb15@mail.gmail.com> References: <625385e30709030818r2b7dee17sba854e1148483864@mail.gmail.com> <46DC2E46.6010406@ecs.soton.ac.uk> <625385e30709030945rf41618etc0ee537e6287cb15@mail.gmail.com> Message-ID: <46DC410E.4040307@ecs.soton.ac.uk> Both will be in the next release. Thanks for reporting them. shuttlebox wrote: > On 9/3/07, Julian Field wrote: > >> What do the Blastwave guys think about using pgrep? Okay with you? >> > > Yes, we support Solaris 8 as the oldest release so it's OK. > > >> TimeDate should be installed as part of the normal MailScanner install. >> Is it missing from Blastwave? >> > > No, I just meant it was missing from "MailScanner -v" output. Told you > it was minor. :-) > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Mon Sep 3 18:16:14 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 3 18:16:38 2007 Subject: Prombem with rule actions In-Reply-To: References: Message-ID: <46DC415E.3060107@ecs.soton.ac.uk> # store - store the message in the (spam) quarantine # store-nonmcp - store the message in the non-MCP quarantine # store-mcp - store the message in the MCP quarantine # store-nonspam - store the message in the non-spam quarantine # store-spam - store the message in the spam quarantine Straight out of MailScanner.conf. Gareth wrote: > Any idea on this? > > I tried searching for where the 'store' option might be saving the files > instead but I could not find anything. What option would I need to specify > in order for them to be saved in the same place as quaranteened viruses and > blocked attachments? > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Gareth >> Sent: 03 September 2007 12:40 >> To: MailScanner discussion >> Subject: Re: Prombem with rule actions >> >> >> On Mon, 2007-09-03 at 12:32, Julian Field wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> >>> >>> Gareth wrote: >>> >>>> I have just upgraded and have set the following in the >>>> >> configuration :- >> >>>> SpamAssassin Rule Actions = SpamScore>=25=>store,non-deliver >>>> >>>> It correctly does not deliver the mail but it does not seem to be >>>> putting it in the quaranteen directory. I would like it to quaranteen >>>> the mail in the same way that it does a virus so that it >>>> >> shows up in the >> >>>> quaranteen when I use mailscanner. >>>> >>>> >>> It should go in the spam quarantine. Have you checked there? >>> >> Where is that? >> >> I would like it put in /var/spool/MailScanner/quarantine/yymmdd/ which >> is where the viruses and other blocked messages are stored. >> >> The problem I am having is that if there is a virus with a high score >> then it gets put somewhere else and mailwatch cannot show me the headers >> or even show what virus it was infected with. >> >> >>>> Have I made a mistake with the syntax or it is saving the >>>> >> file somewhere >> >>>> else? >>>> >>>> Thanks >>>> Gareth >>>> >>>> >>>> >>> Jules >>> >>> - -- >>> Julian Field MEng CITP >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> Need help customising MailScanner? >>> Contact me! >>> Need help fixing or optimising your systems? >>> Contact me! >>> Need help getting you started solving new requirements from your boss? >>> Contact me! >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: PGP Desktop 9.6.3 (Build 3017) >>> Comment: (pgp-secured) >>> Charset: ISO-8859-1 >>> >>> wj8DBQFG2/DfEfZZRxQVtlQRAh/0AKCY3rh9qdRCItaWif0YafKbbVmwLACgkkJB >>> ceG7/KnEo/F74nQTHVXe1zA= >>> =YsDX >>> -----END PGP SIGNATURE----- >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> For all your IT requirements visit www.transtec.co.uk >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> >> > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From list-mailscanner at linguaphone.com Mon Sep 3 18:39:06 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Sep 3 18:39:09 2007 Subject: Prombem with rule actions In-Reply-To: <46DC415E.3060107@ecs.soton.ac.uk> Message-ID: Understood but where are these quarantines? I have /var/spool/mailscanner/quaranteen which contains directories like 20070803 and within that directories named according to the mail ID with the message and any attachments within it. Where do each of these store options actually try to save the files? > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > Field > Sent: 03 September 2007 18:16 > To: MailScanner discussion > Subject: Re: Prombem with rule actions > > > # store - store the message in the (spam) quarantine > # store-nonmcp - store the message in the non-MCP quarantine > # store-mcp - store the message in the MCP quarantine > # store-nonspam - store the message in the non-spam > quarantine > # store-spam - store the message in the spam quarantine > > Straight out of MailScanner.conf. > > Gareth wrote: > > Any idea on this? > > > > I tried searching for where the 'store' option might be saving the files > > instead but I could not find anything. What option would I need > to specify > > in order for them to be saved in the same place as quaranteened > viruses and > > blocked attachments? > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Gareth > >> Sent: 03 September 2007 12:40 > >> To: MailScanner discussion > >> Subject: Re: Prombem with rule actions > >> > >> > >> On Mon, 2007-09-03 at 12:32, Julian Field wrote: > >> > >>> -----BEGIN PGP SIGNED MESSAGE----- > >>> Hash: SHA1 > >>> > >>> > >>> > >>> Gareth wrote: > >>> > >>>> I have just upgraded and have set the following in the > >>>> > >> configuration :- > >> > >>>> SpamAssassin Rule Actions = SpamScore>=25=>store,non-deliver > >>>> > >>>> It correctly does not deliver the mail but it does not seem to be > >>>> putting it in the quaranteen directory. I would like it to quaranteen > >>>> the mail in the same way that it does a virus so that it > >>>> > >> shows up in the > >> > >>>> quaranteen when I use mailscanner. > >>>> > >>>> > >>> It should go in the spam quarantine. Have you checked there? > >>> > >> Where is that? > >> > >> I would like it put in /var/spool/MailScanner/quarantine/yymmdd/ which > >> is where the viruses and other blocked messages are stored. > >> > >> The problem I am having is that if there is a virus with a high score > >> then it gets put somewhere else and mailwatch cannot show me > the headers > >> or even show what virus it was infected with. > >> > >> > >>>> Have I made a mistake with the syntax or it is saving the > >>>> > >> file somewhere > >> > >>>> else? > >>>> > >>>> Thanks > >>>> Gareth > >>>> > >>>> > >>>> > >>> Jules > >>> > >>> - -- > >>> Julian Field MEng CITP > >>> www.MailScanner.info > >>> Buy the MailScanner book at www.MailScanner.info/store > >>> > >>> Need help customising MailScanner? > >>> Contact me! > >>> Need help fixing or optimising your systems? > >>> Contact me! > >>> Need help getting you started solving new requirements from your boss? > >>> Contact me! > >>> > >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>> > >>> > >>> -----BEGIN PGP SIGNATURE----- > >>> Version: PGP Desktop 9.6.3 (Build 3017) > >>> Comment: (pgp-secured) > >>> Charset: ISO-8859-1 > >>> > >>> wj8DBQFG2/DfEfZZRxQVtlQRAh/0AKCY3rh9qdRCItaWif0YafKbbVmwLACgkkJB > >>> ceG7/KnEo/F74nQTHVXe1zA= > >>> =YsDX > >>> -----END PGP SIGNATURE----- > >>> > >>> -- > >>> This message has been scanned for viruses and > >>> dangerous content by MailScanner, and is > >>> believed to be clean. > >>> For all your IT requirements visit www.transtec.co.uk > >>> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > >> > >> > >> > > > > > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From steve.freegard at fsl.com Mon Sep 3 18:48:19 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Mon Sep 3 18:48:20 2007 Subject: Prombem with rule actions In-Reply-To: References: <46DC415E.3060107@ecs.soton.ac.uk> Message-ID: <46DC48E3.5090703@fsl.com> Gareth wrote: > Understood but where are these quarantines? > > I have /var/spool/mailscanner/quaranteen which contains directories like > 20070803 and within that directories named according to the mail ID with the > message and any attachments within it. > > Where do each of these store options actually try to save the files? > >> # store - store the message in the (spam) quarantine %quarantine-dir%/<>/spam/<> >> # store-nonmcp - store the message in the non-MCP quarantine %quarantine-dir%/<>/nonmcp/<> >> # store-mcp - store the message in the MCP quarantine %quarantine-dir%/<>/mcp/<> >> # store-nonspam - store the message in the non-spam quarantine %quarantine-dir%/<>/nonspam/<> >> # store-spam - store the message in the spam quarantine %quarantine-dir%/<>/spam/<> If you are having trobule with MailWatch reading these then make sure your permissions settings are correct (Quarantine Perms = 0660 and Quarantine Group = <>) and that you are storing quarantined items in RFC822 format (e.g. Quarantine Messages As Queue Files = No) as these are the most common causes of problems. Cheers, Steve. From MailScanner at ecs.soton.ac.uk Mon Sep 3 18:56:03 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 3 18:56:22 2007 Subject: Prombem with rule actions In-Reply-To: References: Message-ID: <46DC4AB3.8030905@ecs.soton.ac.uk> In directories such as "spam" in there. /var/spool/MailScanner/quarantine/20070903/nonspam/ Gareth wrote: > Understood but where are these quarantines? > > I have /var/spool/mailscanner/quaranteen which contains directories like > 20070803 and within that directories named according to the mail ID with the > message and any attachments within it. > > Where do each of these store options actually try to save the files? > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian >> Field >> Sent: 03 September 2007 18:16 >> To: MailScanner discussion >> Subject: Re: Prombem with rule actions >> >> >> # store - store the message in the (spam) quarantine >> # store-nonmcp - store the message in the non-MCP quarantine >> # store-mcp - store the message in the MCP quarantine >> # store-nonspam - store the message in the non-spam >> quarantine >> # store-spam - store the message in the spam quarantine >> >> Straight out of MailScanner.conf. >> >> Gareth wrote: >> >>> Any idea on this? >>> >>> I tried searching for where the 'store' option might be saving the files >>> instead but I could not find anything. What option would I need >>> >> to specify >> >>> in order for them to be saved in the same place as quaranteened >>> >> viruses and >> >>> blocked attachments? >>> >>> >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Gareth >>>> Sent: 03 September 2007 12:40 >>>> To: MailScanner discussion >>>> Subject: Re: Prombem with rule actions >>>> >>>> >>>> On Mon, 2007-09-03 at 12:32, Julian Field wrote: >>>> >>>> >>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>> Hash: SHA1 >>>>> >>>>> >>>>> >>>>> Gareth wrote: >>>>> >>>>> >>>>>> I have just upgraded and have set the following in the >>>>>> >>>>>> >>>> configuration :- >>>> >>>> >>>>>> SpamAssassin Rule Actions = SpamScore>=25=>store,non-deliver >>>>>> >>>>>> It correctly does not deliver the mail but it does not seem to be >>>>>> putting it in the quaranteen directory. I would like it to quaranteen >>>>>> the mail in the same way that it does a virus so that it >>>>>> >>>>>> >>>> shows up in the >>>> >>>> >>>>>> quaranteen when I use mailscanner. >>>>>> >>>>>> >>>>>> >>>>> It should go in the spam quarantine. Have you checked there? >>>>> >>>>> >>>> Where is that? >>>> >>>> I would like it put in /var/spool/MailScanner/quarantine/yymmdd/ which >>>> is where the viruses and other blocked messages are stored. >>>> >>>> The problem I am having is that if there is a virus with a high score >>>> then it gets put somewhere else and mailwatch cannot show me >>>> >> the headers >> >>>> or even show what virus it was infected with. >>>> >>>> >>>> >>>>>> Have I made a mistake with the syntax or it is saving the >>>>>> >>>>>> >>>> file somewhere >>>> >>>> >>>>>> else? >>>>>> >>>>>> Thanks >>>>>> Gareth >>>>>> >>>>>> >>>>>> >>>>>> >>>>> Jules >>>>> >>>>> - -- >>>>> Julian Field MEng CITP >>>>> www.MailScanner.info >>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>> >>>>> Need help customising MailScanner? >>>>> Contact me! >>>>> Need help fixing or optimising your systems? >>>>> Contact me! >>>>> Need help getting you started solving new requirements from your boss? >>>>> Contact me! >>>>> >>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>> >>>>> >>>>> -----BEGIN PGP SIGNATURE----- >>>>> Version: PGP Desktop 9.6.3 (Build 3017) >>>>> Comment: (pgp-secured) >>>>> Charset: ISO-8859-1 >>>>> >>>>> wj8DBQFG2/DfEfZZRxQVtlQRAh/0AKCY3rh9qdRCItaWif0YafKbbVmwLACgkkJB >>>>> ceG7/KnEo/F74nQTHVXe1zA= >>>>> =YsDX >>>>> -----END PGP SIGNATURE----- >>>>> >>>>> -- >>>>> This message has been scanned for viruses and >>>>> dangerous content by MailScanner, and is >>>>> believed to be clean. >>>>> For all your IT requirements visit www.transtec.co.uk >>>>> >>>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>> >>> >> Jules >> >> -- >> Julian Field MEng CITP >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> For all your IT requirements visit www.transtec.co.uk >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> For all your IT requirements visit www.transtec.co.uk >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> >> > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From list-mailscanner at linguaphone.com Mon Sep 3 19:06:57 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Sep 3 19:06:58 2007 Subject: Prombem with rule actions In-Reply-To: <46DC48E3.5090703@fsl.com> Message-ID: In MailScanner.conf I have :- Quarantine Dir = /var/spool/MailScanner/quarantine Quarantine User = root Quarantine Group = apache Quarantine Permissions = 0660 However all quarantine entries are stored in the format :- %quarantine-dir%/<>/<> and they are viruses and blocked attachments. I am assuming this is correct for the virus quaranteen? If that is the case then MailScanner does not seem to be creating the additional 'spam' etc... subdirectories for some reason. Are you sure the format is not %quarantine-dir%/spam/<>/<> as if that was the case it could just be the issue that the spam directory does not exist. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Steve > Freegard > Sent: 03 September 2007 18:48 > To: MailScanner discussion > Subject: Re: Prombem with rule actions > > > Gareth wrote: > > Understood but where are these quarantines? > > > > I have /var/spool/mailscanner/quaranteen which contains directories like > > 20070803 and within that directories named according to the > mail ID with the > > message and any attachments within it. > > > > Where do each of these store options actually try to save the files? > > > > >> # store - store the message in the (spam) > quarantine > > > %quarantine-dir%/<>/spam/<> > > > >> # store-nonmcp - store the message in the > non-MCP quarantine > > %quarantine-dir%/<>/nonmcp/<> > > >> # store-mcp - store the message in the MCP quarantine > > %quarantine-dir%/<>/mcp/<> > > >> # store-nonspam - store the message in the > non-spam quarantine > > %quarantine-dir%/<>/nonspam/<> > > >> # store-spam - store the message in the spam quarantine > > %quarantine-dir%/<>/spam/<> > > > If you are having trobule with MailWatch reading these then make sure > your permissions settings are correct (Quarantine Perms = 0660 and > Quarantine Group = <>) and that you are storing > quarantined items in RFC822 format (e.g. Quarantine Messages As Queue > Files = No) as these are the most common causes of problems. > > Cheers, > Steve. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From list-mailscanner at linguaphone.com Mon Sep 3 19:09:44 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Sep 3 19:09:46 2007 Subject: Prombem with rule actions In-Reply-To: <46DC4AB3.8030905@ecs.soton.ac.uk> Message-ID: No those directories are not being created. I have lots of directories within /var/spool/mailscanner/quaranteen/20070803 with names like DF142AA0092.E2D31 containing the virus quaranteened files bo no directories like nonspam. Are the virus quaranteened files being saved in the correct place or are they wrong aswell? I cant figure out why the files are not being saved. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > Field > Sent: 03 September 2007 18:56 > To: MailScanner discussion > Subject: Re: Prombem with rule actions > > > In directories such as "spam" in there. > /var/spool/MailScanner/quarantine/20070903/nonspam/ > > Gareth wrote: > > Understood but where are these quarantines? > > > > I have /var/spool/mailscanner/quaranteen which contains directories like > > 20070803 and within that directories named according to the > mail ID with the > > message and any attachments within it. > > > > Where do each of these store options actually try to save the files? > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > >> Field > >> Sent: 03 September 2007 18:16 > >> To: MailScanner discussion > >> Subject: Re: Prombem with rule actions > >> > >> > >> # store - store the message in the (spam) > quarantine > >> # store-nonmcp - store the message in the > non-MCP quarantine > >> # store-mcp - store the message in the MCP quarantine > >> # store-nonspam - store the message in the non-spam > >> quarantine > >> # store-spam - store the message in the spam quarantine > >> > >> Straight out of MailScanner.conf. > >> > >> Gareth wrote: > >> > >>> Any idea on this? > >>> > >>> I tried searching for where the 'store' option might be > saving the files > >>> instead but I could not find anything. What option would I need > >>> > >> to specify > >> > >>> in order for them to be saved in the same place as quaranteened > >>> > >> viruses and > >> > >>> blocked attachments? > >>> > >>> > >>> > >>>> -----Original Message----- > >>>> From: mailscanner-bounces@lists.mailscanner.info > >>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf > Of Gareth > >>>> Sent: 03 September 2007 12:40 > >>>> To: MailScanner discussion > >>>> Subject: Re: Prombem with rule actions > >>>> > >>>> > >>>> On Mon, 2007-09-03 at 12:32, Julian Field wrote: > >>>> > >>>> > >>>>> -----BEGIN PGP SIGNED MESSAGE----- > >>>>> Hash: SHA1 > >>>>> > >>>>> > >>>>> > >>>>> Gareth wrote: > >>>>> > >>>>> > >>>>>> I have just upgraded and have set the following in the > >>>>>> > >>>>>> > >>>> configuration :- > >>>> > >>>> > >>>>>> SpamAssassin Rule Actions = SpamScore>=25=>store,non-deliver > >>>>>> > >>>>>> It correctly does not deliver the mail but it does not seem to be > >>>>>> putting it in the quaranteen directory. I would like it to > quaranteen > >>>>>> the mail in the same way that it does a virus so that it > >>>>>> > >>>>>> > >>>> shows up in the > >>>> > >>>> > >>>>>> quaranteen when I use mailscanner. > >>>>>> > >>>>>> > >>>>>> > >>>>> It should go in the spam quarantine. Have you checked there? > >>>>> > >>>>> > >>>> Where is that? > >>>> > >>>> I would like it put in > /var/spool/MailScanner/quarantine/yymmdd/ which > >>>> is where the viruses and other blocked messages are stored. > >>>> > >>>> The problem I am having is that if there is a virus with a high score > >>>> then it gets put somewhere else and mailwatch cannot show me > >>>> > >> the headers > >> > >>>> or even show what virus it was infected with. > >>>> > >>>> > >>>> > >>>>>> Have I made a mistake with the syntax or it is saving the > >>>>>> > >>>>>> > >>>> file somewhere > >>>> > >>>> > >>>>>> else? > >>>>>> > >>>>>> Thanks > >>>>>> Gareth > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>> Jules > >>>>> > >>>>> - -- > >>>>> Julian Field MEng CITP > >>>>> www.MailScanner.info > >>>>> Buy the MailScanner book at www.MailScanner.info/store > >>>>> > >>>>> Need help customising MailScanner? > >>>>> Contact me! > >>>>> Need help fixing or optimising your systems? > >>>>> Contact me! > >>>>> Need help getting you started solving new requirements from > your boss? > >>>>> Contact me! > >>>>> > >>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>>>> > >>>>> > >>>>> -----BEGIN PGP SIGNATURE----- > >>>>> Version: PGP Desktop 9.6.3 (Build 3017) > >>>>> Comment: (pgp-secured) > >>>>> Charset: ISO-8859-1 > >>>>> > >>>>> wj8DBQFG2/DfEfZZRxQVtlQRAh/0AKCY3rh9qdRCItaWif0YafKbbVmwLACgkkJB > >>>>> ceG7/KnEo/F74nQTHVXe1zA= > >>>>> =YsDX > >>>>> -----END PGP SIGNATURE----- > >>>>> > >>>>> -- > >>>>> This message has been scanned for viruses and > >>>>> dangerous content by MailScanner, and is > >>>>> believed to be clean. > >>>>> For all your IT requirements visit www.transtec.co.uk > >>>>> > >>>>> > >>>> -- > >>>> MailScanner mailing list > >>>> mailscanner@lists.mailscanner.info > >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>> > >>>> Before posting, read http://wiki.mailscanner.info/posting > >>>> > >>>> Support MailScanner development - buy the book off the website! > >>>> > >>>> > >>>> > >>>> > >>>> > >>> > >> Jules > >> > >> -- > >> Julian Field MEng CITP > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> > >> MailScanner customisation, or any advanced system administration help? > >> Contact me at Jules@Jules.FM > >> > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> For all your IT requirements visit www.transtec.co.uk > >> > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> For all your IT requirements visit www.transtec.co.uk > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > >> > >> > >> > > > > > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From MailScanner at ecs.soton.ac.uk Mon Sep 3 19:14:00 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 3 19:14:20 2007 Subject: Prombem with rule actions In-Reply-To: References: Message-ID: <46DC4EE8.9050605@ecs.soton.ac.uk> Gareth wrote: > In MailScanner.conf I have :- > Quarantine Dir = /var/spool/MailScanner/quarantine > Quarantine User = root > Quarantine Group = apache > Quarantine Permissions = 0660 > > However all quarantine entries are stored in the format :- > %quarantine-dir%/<>/<> and they are viruses and blocked > attachments. > I am assuming this is correct for the virus quaranteen? > Yes, correct. > If that is the case then MailScanner does not seem to be creating the > additional 'spam' etc... subdirectories for some reason. > It should always try to create them. Try creating them by hand and see if it puts anything in them. Make sure you give them permissions which are generous enough. > Are you sure the format is not %quarantine-dir%/spam/<>/<> as > if that was the case it could just be the issue that the spam directory does > not exist. > Yes, sure :-) > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Steve >> Freegard >> Sent: 03 September 2007 18:48 >> To: MailScanner discussion >> Subject: Re: Prombem with rule actions >> >> >> Gareth wrote: >> >>> Understood but where are these quarantines? >>> >>> I have /var/spool/mailscanner/quaranteen which contains directories like >>> 20070803 and within that directories named according to the >>> >> mail ID with the >> >>> message and any attachments within it. >>> >>> Where do each of these store options actually try to save the files? >>> >>> >>>> # store - store the message in the (spam) >>>> >> quarantine >> >> >> %quarantine-dir%/<>/spam/<> >> >> >> >>>> # store-nonmcp - store the message in the >>>> >> non-MCP quarantine >> >> %quarantine-dir%/<>/nonmcp/<> >> >> >>>> # store-mcp - store the message in the MCP quarantine >>>> >> %quarantine-dir%/<>/mcp/<> >> >> >>>> # store-nonspam - store the message in the >>>> >> non-spam quarantine >> >> %quarantine-dir%/<>/nonspam/<> >> >> >>>> # store-spam - store the message in the spam quarantine >>>> >> %quarantine-dir%/<>/spam/<> >> >> >> If you are having trobule with MailWatch reading these then make sure >> your permissions settings are correct (Quarantine Perms = 0660 and >> Quarantine Group = <>) and that you are storing >> quarantined items in RFC822 format (e.g. Quarantine Messages As Queue >> Files = No) as these are the most common causes of problems. >> >> Cheers, >> Steve. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> >> > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Mon Sep 3 19:16:06 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 3 19:16:25 2007 Subject: Prombem with rule actions In-Reply-To: References: Message-ID: <46DC4F66.3050904@ecs.soton.ac.uk> Gareth wrote: > No those directories are not being created. I have lots of directories > within /var/spool/mailscanner/quaranteen/20070803 with names like > DF142AA0092.E2D31 containing the virus quaranteened files bo no directories > like nonspam. > > Are the virus quaranteened files being saved in the correct place or are > they wrong aswell? > They are right. > I cant figure out why the files are not being saved. > Add "store" to your non-spam actions or SpamAssassin Rule Actions so you should start generating lots of files straightaway. If it doesn't create the 'spam' directory then try creating it by hand to see if it starts using it, and the problem is just creating it. > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian >> Field >> Sent: 03 September 2007 18:56 >> To: MailScanner discussion >> Subject: Re: Prombem with rule actions >> >> >> In directories such as "spam" in there. >> /var/spool/MailScanner/quarantine/20070903/nonspam/ >> >> Gareth wrote: >> >>> Understood but where are these quarantines? >>> >>> I have /var/spool/mailscanner/quaranteen which contains directories like >>> 20070803 and within that directories named according to the >>> >> mail ID with the >> >>> message and any attachments within it. >>> >>> Where do each of these store options actually try to save the files? >>> >>> >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian >>>> Field >>>> Sent: 03 September 2007 18:16 >>>> To: MailScanner discussion >>>> Subject: Re: Prombem with rule actions >>>> >>>> >>>> # store - store the message in the (spam) >>>> >> quarantine >> >>>> # store-nonmcp - store the message in the >>>> >> non-MCP quarantine >> >>>> # store-mcp - store the message in the MCP quarantine >>>> # store-nonspam - store the message in the non-spam >>>> quarantine >>>> # store-spam - store the message in the spam quarantine >>>> >>>> Straight out of MailScanner.conf. >>>> >>>> Gareth wrote: >>>> >>>> >>>>> Any idea on this? >>>>> >>>>> I tried searching for where the 'store' option might be >>>>> >> saving the files >> >>>>> instead but I could not find anything. What option would I need >>>>> >>>>> >>>> to specify >>>> >>>> >>>>> in order for them to be saved in the same place as quaranteened >>>>> >>>>> >>>> viruses and >>>> >>>> >>>>> blocked attachments? >>>>> >>>>> >>>>> >>>>> >>>>>> -----Original Message----- >>>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf >>>>>> >> Of Gareth >> >>>>>> Sent: 03 September 2007 12:40 >>>>>> To: MailScanner discussion >>>>>> Subject: Re: Prombem with rule actions >>>>>> >>>>>> >>>>>> On Mon, 2007-09-03 at 12:32, Julian Field wrote: >>>>>> >>>>>> >>>>>> >>>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>>> Hash: SHA1 >>>>>>> >>>>>>> >>>>>>> >>>>>>> Gareth wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>>> I have just upgraded and have set the following in the >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> configuration :- >>>>>> >>>>>> >>>>>> >>>>>>>> SpamAssassin Rule Actions = SpamScore>=25=>store,non-deliver >>>>>>>> >>>>>>>> It correctly does not deliver the mail but it does not seem to be >>>>>>>> putting it in the quaranteen directory. I would like it to >>>>>>>> >> quaranteen >> >>>>>>>> the mail in the same way that it does a virus so that it >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> shows up in the >>>>>> >>>>>> >>>>>> >>>>>>>> quaranteen when I use mailscanner. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> It should go in the spam quarantine. Have you checked there? >>>>>>> >>>>>>> >>>>>>> >>>>>> Where is that? >>>>>> >>>>>> I would like it put in >>>>>> >> /var/spool/MailScanner/quarantine/yymmdd/ which >> >>>>>> is where the viruses and other blocked messages are stored. >>>>>> >>>>>> The problem I am having is that if there is a virus with a high score >>>>>> then it gets put somewhere else and mailwatch cannot show me >>>>>> >>>>>> >>>> the headers >>>> >>>> >>>>>> or even show what virus it was infected with. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>> Have I made a mistake with the syntax or it is saving the >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> file somewhere >>>>>> >>>>>> >>>>>> >>>>>>>> else? >>>>>>>> >>>>>>>> Thanks >>>>>>>> Gareth >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> Jules >>>>>>> >>>>>>> - -- >>>>>>> Julian Field MEng CITP >>>>>>> www.MailScanner.info >>>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>>> >>>>>>> Need help customising MailScanner? >>>>>>> Contact me! >>>>>>> Need help fixing or optimising your systems? >>>>>>> Contact me! >>>>>>> Need help getting you started solving new requirements from >>>>>>> >> your boss? >> >>>>>>> Contact me! >>>>>>> >>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>>> >>>>>>> >>>>>>> -----BEGIN PGP SIGNATURE----- >>>>>>> Version: PGP Desktop 9.6.3 (Build 3017) >>>>>>> Comment: (pgp-secured) >>>>>>> Charset: ISO-8859-1 >>>>>>> >>>>>>> wj8DBQFG2/DfEfZZRxQVtlQRAh/0AKCY3rh9qdRCItaWif0YafKbbVmwLACgkkJB >>>>>>> ceG7/KnEo/F74nQTHVXe1zA= >>>>>>> =YsDX >>>>>>> -----END PGP SIGNATURE----- >>>>>>> >>>>>>> -- >>>>>>> This message has been scanned for viruses and >>>>>>> dangerous content by MailScanner, and is >>>>>>> believed to be clean. >>>>>>> For all your IT requirements visit www.transtec.co.uk >>>>>>> >>>>>>> >>>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>> Jules >>>> >>>> -- >>>> Julian Field MEng CITP >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> >>>> MailScanner customisation, or any advanced system administration help? >>>> Contact me at Jules@Jules.FM >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> For all your IT requirements visit www.transtec.co.uk >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> For all your IT requirements visit www.transtec.co.uk >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>> >>> >> Jules >> >> -- >> Julian Field MEng CITP >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> For all your IT requirements visit www.transtec.co.uk >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> For all your IT requirements visit www.transtec.co.uk >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> >> > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From list-mailscanner at linguaphone.com Mon Sep 3 19:37:56 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Sep 3 19:38:05 2007 Subject: Prombem with rule actions In-Reply-To: <46DC4EE8.9050605@ecs.soton.ac.uk> Message-ID: I have a custom rule action :- SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver I received 2 emails. One was identified as a virus by sanesecurity signatures and a spam score of around 17. You can see it being logged. The other message (E1D42AA0090.C4C0E) had a spam score of 34 but nothing got saved to the spam folder and there is nothing in the log saying it tried to save it. [root@mailscanner 20070903]# pwd /var/spool/MailScanner/quarantine/20070903 [root@mailscanner 20070903]# ls -l total 1776 drwxrwx--- 2 postfix apache 4096 Sep 3 01:36 00703AA0092.84CA8 ... drwxrwx--- 2 postfix apache 4096 Sep 3 04:27 F392AAA0090.3C632 drwxrwx--- 2 postfix apache 4096 Sep 3 19:19 spam Sep 3 19:26:29 mailscanner MailScanner[7702]: New Batch: Scanning 1 messages, 1583 bytes Sep 3 19:26:36 mailscanner MailScanner[7723]: New Batch: Found 2 messages waiting Sep 3 19:26:36 mailscanner MailScanner[7723]: New Batch: Scanning 1 messages, 10944 bytes Sep 3 19:26:43 mailscanner MailScanner[7702]: Spam Checks: Found 1 spam messages Sep 3 19:26:43 mailscanner MailScanner[7702]: Virus and Content Scanning: Starting Sep 3 19:26:48 mailscanner MailScanner[7723]: Spam Checks: Found 1 spam messages Sep 3 19:26:48 mailscanner MailScanner[7723]: Virus and Content Scanning: Starting Sep 3 19:26:48 mailscanner MailScanner[7723]: ClamAV Module::INFECTED:: MSRBL-Images/0-0-wgr6:: ./7AB3CAA0092.0CAE9/ Sep 3 19:26:48 mailscanner MailScanner[7723]: ClamAV Module::INFECTED:: MSRBL-Images/0-0-wgr6:: ./7AB3CAA0092.0CAE9/GVauoBZVdM.gif Sep 3 19:26:48 mailscanner MailScanner[7723]: ClamAV Module::INFECTED:: MSRBL-Images/0-0-wgr4:: ./7AB3CAA0092.0CAE9/rOiW6mkZar.gif Sep 3 19:26:48 mailscanner MailScanner[7702]: Logging message E1D42AA0090.C4C0E to SQL Sep 3 19:26:48 mailscanner MailScanner[7681]: E1D42AA0090.C4C0E: Logged to MailWatch SQL Sep 3 19:26:49 mailscanner MailScanner[7723]: Virus Scanning: ClamAV Module found 3 infections Sep 3 19:26:52 mailscanner MailScanner[7723]: Virus Scanning: Bitdefender found 3 infections Sep 3 19:26:52 mailscanner MailScanner[7723]: Infected message 7AB3CAA0092.0CAE9 came from 193.238.209.194 Sep 3 19:26:52 mailscanner MailScanner[7723]: Virus Scanning: Found 3 viruses Sep 3 19:26:52 mailscanner MailScanner[7723]: Saved entire message to /var/spool/MailScanner/quarantine/20070903/7AB3CAA0092.0CAE9 Sep 3 19:26:52 mailscanner MailScanner[7723]: Saved infected "GVauoBZVdM.gif" to /var/spool/MailScanner/quarantine/20070903/7AB3CAA0092.0CAE9 Sep 3 19:26:52 mailscanner MailScanner[7723]: Saved infected "rOiW6mkZar.gif" to /var/spool/MailScanner/quarantine/20070903/7AB3CAA0092.0CAE9 Sep 3 19:26:52 mailscanner MailScanner[7723]: Logging message 7AB3CAA0092.0CAE9 to SQL Sep 3 19:26:52 mailscanner MailScanner[7681]: 7AB3CAA0092.0CAE9: Logged to MailWatch SQL > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > Field > Sent: 03 September 2007 19:14 > To: MailScanner discussion > Subject: Re: Prombem with rule actions > > > > > Gareth wrote: > > In MailScanner.conf I have :- > > Quarantine Dir = /var/spool/MailScanner/quarantine > > Quarantine User = root > > Quarantine Group = apache > > Quarantine Permissions = 0660 > > > > However all quarantine entries are stored in the format :- > > %quarantine-dir%/<>/<> and they are viruses and blocked > > attachments. > > I am assuming this is correct for the virus quaranteen? > > > Yes, correct. > > If that is the case then MailScanner does not seem to be creating the > > additional 'spam' etc... subdirectories for some reason. > > > It should always try to create them. Try creating them by hand and see > if it puts anything in them. Make sure you give them permissions which > are generous enough. > > Are you sure the format is not > %quarantine-dir%/spam/<>/<> as > > if that was the case it could just be the issue that the spam > directory does > > not exist. > > > Yes, sure :-) > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Steve > >> Freegard > >> Sent: 03 September 2007 18:48 > >> To: MailScanner discussion > >> Subject: Re: Prombem with rule actions > >> > >> > >> Gareth wrote: > >> > >>> Understood but where are these quarantines? > >>> > >>> I have /var/spool/mailscanner/quaranteen which contains > directories like > >>> 20070803 and within that directories named according to the > >>> > >> mail ID with the > >> > >>> message and any attachments within it. > >>> > >>> Where do each of these store options actually try to save the files? > >>> > >>> > >>>> # store - store the message in the (spam) > >>>> > >> quarantine > >> > >> > >> %quarantine-dir%/<>/spam/<> > >> > >> > >> > >>>> # store-nonmcp - store the message in the > >>>> > >> non-MCP quarantine > >> > >> %quarantine-dir%/<>/nonmcp/<> > >> > >> > >>>> # store-mcp - store the message in the MCP > quarantine > >>>> > >> %quarantine-dir%/<>/mcp/<> > >> > >> > >>>> # store-nonspam - store the message in the > >>>> > >> non-spam quarantine > >> > >> %quarantine-dir%/<>/nonspam/<> > >> > >> > >>>> # store-spam - store the message in the spam > quarantine > >>>> > >> %quarantine-dir%/<>/spam/<> > >> > >> > >> If you are having trobule with MailWatch reading these then make sure > >> your permissions settings are correct (Quarantine Perms = 0660 and > >> Quarantine Group = <>) and that you are storing > >> quarantined items in RFC822 format (e.g. Quarantine Messages As Queue > >> Files = No) as these are the most common causes of problems. > >> > >> Cheers, > >> Steve. > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > >> > >> > >> > > > > > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From MailScanner at ecs.soton.ac.uk Mon Sep 3 19:52:43 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 3 19:52:59 2007 Subject: Prombem with rule actions In-Reply-To: References: Message-ID: <46DC57FB.4050808@ecs.soton.ac.uk> I probably need to add more logging to the SpamAssassin Rule Actions code. Gareth wrote: > I have a custom rule action :- > SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver > > I received 2 emails. One was identified as a virus by sanesecurity > signatures and a spam score of around 17. You can see it being logged. The > other message (E1D42AA0090.C4C0E) had a spam score of 34 but nothing got > saved to the spam folder and there is nothing in the log saying it tried to > save it. > > [root@mailscanner 20070903]# pwd > /var/spool/MailScanner/quarantine/20070903 > [root@mailscanner 20070903]# ls -l > total 1776 > drwxrwx--- 2 postfix apache 4096 Sep 3 01:36 00703AA0092.84CA8 > ... > drwxrwx--- 2 postfix apache 4096 Sep 3 04:27 F392AAA0090.3C632 > drwxrwx--- 2 postfix apache 4096 Sep 3 19:19 spam > > Sep 3 19:26:29 mailscanner MailScanner[7702]: New Batch: Scanning 1 > messages, 1583 bytes > Sep 3 19:26:36 mailscanner MailScanner[7723]: New Batch: Found 2 messages > waiting > Sep 3 19:26:36 mailscanner MailScanner[7723]: New Batch: Scanning 1 > messages, 10944 bytes > Sep 3 19:26:43 mailscanner MailScanner[7702]: Spam Checks: Found 1 spam > messages > Sep 3 19:26:43 mailscanner MailScanner[7702]: Virus and Content Scanning: > Starting > Sep 3 19:26:48 mailscanner MailScanner[7723]: Spam Checks: Found 1 spam > messages > Sep 3 19:26:48 mailscanner MailScanner[7723]: Virus and Content Scanning: > Starting > Sep 3 19:26:48 mailscanner MailScanner[7723]: ClamAV Module::INFECTED:: > MSRBL-Images/0-0-wgr6:: ./7AB3CAA0092.0CAE9/ > Sep 3 19:26:48 mailscanner MailScanner[7723]: ClamAV Module::INFECTED:: > MSRBL-Images/0-0-wgr6:: ./7AB3CAA0092.0CAE9/GVauoBZVdM.gif > Sep 3 19:26:48 mailscanner MailScanner[7723]: ClamAV Module::INFECTED:: > MSRBL-Images/0-0-wgr4:: ./7AB3CAA0092.0CAE9/rOiW6mkZar.gif > Sep 3 19:26:48 mailscanner MailScanner[7702]: Logging message > E1D42AA0090.C4C0E to SQL > Sep 3 19:26:48 mailscanner MailScanner[7681]: E1D42AA0090.C4C0E: Logged to > MailWatch SQL > Sep 3 19:26:49 mailscanner MailScanner[7723]: Virus Scanning: ClamAV Module > found 3 infections > Sep 3 19:26:52 mailscanner MailScanner[7723]: Virus Scanning: Bitdefender > found 3 infections > Sep 3 19:26:52 mailscanner MailScanner[7723]: Infected message > 7AB3CAA0092.0CAE9 came from 193.238.209.194 > Sep 3 19:26:52 mailscanner MailScanner[7723]: Virus Scanning: Found 3 > viruses > Sep 3 19:26:52 mailscanner MailScanner[7723]: Saved entire message to > /var/spool/MailScanner/quarantine/20070903/7AB3CAA0092.0CAE9 > Sep 3 19:26:52 mailscanner MailScanner[7723]: Saved infected > "GVauoBZVdM.gif" to > /var/spool/MailScanner/quarantine/20070903/7AB3CAA0092.0CAE9 > Sep 3 19:26:52 mailscanner MailScanner[7723]: Saved infected > "rOiW6mkZar.gif" to > /var/spool/MailScanner/quarantine/20070903/7AB3CAA0092.0CAE9 > Sep 3 19:26:52 mailscanner MailScanner[7723]: Logging message > 7AB3CAA0092.0CAE9 to SQL > Sep 3 19:26:52 mailscanner MailScanner[7681]: 7AB3CAA0092.0CAE9: Logged to > MailWatch SQL > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian >> Field >> Sent: 03 September 2007 19:14 >> To: MailScanner discussion >> Subject: Re: Prombem with rule actions >> >> >> >> >> Gareth wrote: >> >>> In MailScanner.conf I have :- >>> Quarantine Dir = /var/spool/MailScanner/quarantine >>> Quarantine User = root >>> Quarantine Group = apache >>> Quarantine Permissions = 0660 >>> >>> However all quarantine entries are stored in the format :- >>> %quarantine-dir%/<>/<> and they are viruses and blocked >>> attachments. >>> I am assuming this is correct for the virus quaranteen? >>> >>> >> Yes, correct. >> >>> If that is the case then MailScanner does not seem to be creating the >>> additional 'spam' etc... subdirectories for some reason. >>> >>> >> It should always try to create them. Try creating them by hand and see >> if it puts anything in them. Make sure you give them permissions which >> are generous enough. >> >>> Are you sure the format is not >>> >> %quarantine-dir%/spam/<>/<> as >> >>> if that was the case it could just be the issue that the spam >>> >> directory does >> >>> not exist. >>> >>> >> Yes, sure :-) >> >> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Steve >>>> Freegard >>>> Sent: 03 September 2007 18:48 >>>> To: MailScanner discussion >>>> Subject: Re: Prombem with rule actions >>>> >>>> >>>> Gareth wrote: >>>> >>>> >>>>> Understood but where are these quarantines? >>>>> >>>>> I have /var/spool/mailscanner/quaranteen which contains >>>>> >> directories like >> >>>>> 20070803 and within that directories named according to the >>>>> >>>>> >>>> mail ID with the >>>> >>>> >>>>> message and any attachments within it. >>>>> >>>>> Where do each of these store options actually try to save the files? >>>>> >>>>> >>>>> >>>>>> # store - store the message in the (spam) >>>>>> >>>>>> >>>> quarantine >>>> >>>> >>>> %quarantine-dir%/<>/spam/<> >>>> >>>> >>>> >>>> >>>>>> # store-nonmcp - store the message in the >>>>>> >>>>>> >>>> non-MCP quarantine >>>> >>>> %quarantine-dir%/<>/nonmcp/<> >>>> >>>> >>>> >>>>>> # store-mcp - store the message in the MCP >>>>>> >> quarantine >> >>>> %quarantine-dir%/<>/mcp/<> >>>> >>>> >>>> >>>>>> # store-nonspam - store the message in the >>>>>> >>>>>> >>>> non-spam quarantine >>>> >>>> %quarantine-dir%/<>/nonspam/<> >>>> >>>> >>>> >>>>>> # store-spam - store the message in the spam >>>>>> >> quarantine >> >>>> %quarantine-dir%/<>/spam/<> >>>> >>>> >>>> If you are having trobule with MailWatch reading these then make sure >>>> your permissions settings are correct (Quarantine Perms = 0660 and >>>> Quarantine Group = <>) and that you are storing >>>> quarantined items in RFC822 format (e.g. Quarantine Messages As Queue >>>> Files = No) as these are the most common causes of problems. >>>> >>>> Cheers, >>>> Steve. >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>> >>> >> Jules >> >> -- >> Julian Field MEng CITP >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> For all your IT requirements visit www.transtec.co.uk >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> For all your IT requirements visit www.transtec.co.uk >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> >> > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From list-mailscanner at linguaphone.com Mon Sep 3 19:58:25 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Sep 3 19:58:34 2007 Subject: Prombem with rule actions In-Reply-To: <46DC57FB.4050808@ecs.soton.ac.uk> Message-ID: Thanks for your help so far. I am just off out this evening so I will pick up on the thread again tomorrow morning. Incase it helps diagnosing the problem if there is a virus with a high spam score then nothing is saved either. Not even to the normal virus quaranteen. Thanks Gareth > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > Field > Sent: 03 September 2007 19:53 > To: MailScanner discussion > Subject: Re: Prombem with rule actions > > > I probably need to add more logging to the SpamAssassin Rule Actions code. > > Gareth wrote: > > I have a custom rule action :- > > SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver > > > > I received 2 emails. One was identified as a virus by sanesecurity > > signatures and a spam score of around 17. You can see it being > logged. The > > other message (E1D42AA0090.C4C0E) had a spam score of 34 but nothing got > > saved to the spam folder and there is nothing in the log saying > it tried to > > save it. > > > > [root@mailscanner 20070903]# pwd > > /var/spool/MailScanner/quarantine/20070903 > > [root@mailscanner 20070903]# ls -l > > total 1776 > > drwxrwx--- 2 postfix apache 4096 Sep 3 01:36 00703AA0092.84CA8 > > ... > > drwxrwx--- 2 postfix apache 4096 Sep 3 04:27 F392AAA0090.3C632 > > drwxrwx--- 2 postfix apache 4096 Sep 3 19:19 spam > > > > Sep 3 19:26:29 mailscanner MailScanner[7702]: New Batch: Scanning 1 > > messages, 1583 bytes > > Sep 3 19:26:36 mailscanner MailScanner[7723]: New Batch: Found > 2 messages > > waiting > > Sep 3 19:26:36 mailscanner MailScanner[7723]: New Batch: Scanning 1 > > messages, 10944 bytes > > Sep 3 19:26:43 mailscanner MailScanner[7702]: Spam Checks: Found 1 spam > > messages > > Sep 3 19:26:43 mailscanner MailScanner[7702]: Virus and > Content Scanning: > > Starting > > Sep 3 19:26:48 mailscanner MailScanner[7723]: Spam Checks: Found 1 spam > > messages > > Sep 3 19:26:48 mailscanner MailScanner[7723]: Virus and > Content Scanning: > > Starting > > Sep 3 19:26:48 mailscanner MailScanner[7723]: ClamAV Module::INFECTED:: > > MSRBL-Images/0-0-wgr6:: ./7AB3CAA0092.0CAE9/ > > Sep 3 19:26:48 mailscanner MailScanner[7723]: ClamAV Module::INFECTED:: > > MSRBL-Images/0-0-wgr6:: ./7AB3CAA0092.0CAE9/GVauoBZVdM.gif > > Sep 3 19:26:48 mailscanner MailScanner[7723]: ClamAV Module::INFECTED:: > > MSRBL-Images/0-0-wgr4:: ./7AB3CAA0092.0CAE9/rOiW6mkZar.gif > > Sep 3 19:26:48 mailscanner MailScanner[7702]: Logging message > > E1D42AA0090.C4C0E to SQL > > Sep 3 19:26:48 mailscanner MailScanner[7681]: > E1D42AA0090.C4C0E: Logged to > > MailWatch SQL > > Sep 3 19:26:49 mailscanner MailScanner[7723]: Virus Scanning: > ClamAV Module > > found 3 infections > > Sep 3 19:26:52 mailscanner MailScanner[7723]: Virus Scanning: > Bitdefender > > found 3 infections > > Sep 3 19:26:52 mailscanner MailScanner[7723]: Infected message > > 7AB3CAA0092.0CAE9 came from 193.238.209.194 > > Sep 3 19:26:52 mailscanner MailScanner[7723]: Virus Scanning: Found 3 > > viruses > > Sep 3 19:26:52 mailscanner MailScanner[7723]: Saved entire message to > > /var/spool/MailScanner/quarantine/20070903/7AB3CAA0092.0CAE9 > > Sep 3 19:26:52 mailscanner MailScanner[7723]: Saved infected > > "GVauoBZVdM.gif" to > > /var/spool/MailScanner/quarantine/20070903/7AB3CAA0092.0CAE9 > > Sep 3 19:26:52 mailscanner MailScanner[7723]: Saved infected > > "rOiW6mkZar.gif" to > > /var/spool/MailScanner/quarantine/20070903/7AB3CAA0092.0CAE9 > > Sep 3 19:26:52 mailscanner MailScanner[7723]: Logging message > > 7AB3CAA0092.0CAE9 to SQL > > Sep 3 19:26:52 mailscanner MailScanner[7681]: > 7AB3CAA0092.0CAE9: Logged to > > MailWatch SQL > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > >> Field > >> Sent: 03 September 2007 19:14 > >> To: MailScanner discussion > >> Subject: Re: Prombem with rule actions > >> > >> > >> > >> > >> Gareth wrote: > >> > >>> In MailScanner.conf I have :- > >>> Quarantine Dir = /var/spool/MailScanner/quarantine > >>> Quarantine User = root > >>> Quarantine Group = apache > >>> Quarantine Permissions = 0660 > >>> > >>> However all quarantine entries are stored in the format :- > >>> %quarantine-dir%/<>/<> and they are viruses and blocked > >>> attachments. > >>> I am assuming this is correct for the virus quaranteen? > >>> > >>> > >> Yes, correct. > >> > >>> If that is the case then MailScanner does not seem to be creating the > >>> additional 'spam' etc... subdirectories for some reason. > >>> > >>> > >> It should always try to create them. Try creating them by hand and see > >> if it puts anything in them. Make sure you give them permissions which > >> are generous enough. > >> > >>> Are you sure the format is not > >>> > >> %quarantine-dir%/spam/<>/<> as > >> > >>> if that was the case it could just be the issue that the spam > >>> > >> directory does > >> > >>> not exist. > >>> > >>> > >> Yes, sure :-) > >> > >> > >>>> -----Original Message----- > >>>> From: mailscanner-bounces@lists.mailscanner.info > >>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Steve > >>>> Freegard > >>>> Sent: 03 September 2007 18:48 > >>>> To: MailScanner discussion > >>>> Subject: Re: Prombem with rule actions > >>>> > >>>> > >>>> Gareth wrote: > >>>> > >>>> > >>>>> Understood but where are these quarantines? > >>>>> > >>>>> I have /var/spool/mailscanner/quaranteen which contains > >>>>> > >> directories like > >> > >>>>> 20070803 and within that directories named according to the > >>>>> > >>>>> > >>>> mail ID with the > >>>> > >>>> > >>>>> message and any attachments within it. > >>>>> > >>>>> Where do each of these store options actually try to save the files? > >>>>> > >>>>> > >>>>> > >>>>>> # store - store the message in the (spam) > >>>>>> > >>>>>> > >>>> quarantine > >>>> > >>>> > >>>> %quarantine-dir%/<>/spam/<> > >>>> > >>>> > >>>> > >>>> > >>>>>> # store-nonmcp - store the message in the > >>>>>> > >>>>>> > >>>> non-MCP quarantine > >>>> > >>>> %quarantine-dir%/<>/nonmcp/<> > >>>> > >>>> > >>>> > >>>>>> # store-mcp - store the message in the MCP > >>>>>> > >> quarantine > >> > >>>> %quarantine-dir%/<>/mcp/<> > >>>> > >>>> > >>>> > >>>>>> # store-nonspam - store the message in the > >>>>>> > >>>>>> > >>>> non-spam quarantine > >>>> > >>>> %quarantine-dir%/<>/nonspam/<> > >>>> > >>>> > >>>> > >>>>>> # store-spam - store the message in the spam > >>>>>> > >> quarantine > >> > >>>> %quarantine-dir%/<>/spam/<> > >>>> > >>>> > >>>> If you are having trobule with MailWatch reading these then make sure > >>>> your permissions settings are correct (Quarantine Perms = 0660 and > >>>> Quarantine Group = <>) and that you are storing > >>>> quarantined items in RFC822 format (e.g. Quarantine Messages As Queue > >>>> Files = No) as these are the most common causes of problems. > >>>> > >>>> Cheers, > >>>> Steve. > >>>> -- > >>>> MailScanner mailing list > >>>> mailscanner@lists.mailscanner.info > >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>> > >>>> Before posting, read http://wiki.mailscanner.info/posting > >>>> > >>>> Support MailScanner development - buy the book off the website! > >>>> > >>>> > >>>> > >>>> > >>>> > >>> > >> Jules > >> > >> -- > >> Julian Field MEng CITP > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> > >> MailScanner customisation, or any advanced system administration help? > >> Contact me at Jules@Jules.FM > >> > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> For all your IT requirements visit www.transtec.co.uk > >> > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> For all your IT requirements visit www.transtec.co.uk > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > >> > >> > >> > > > > > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From alex at nkpanama.com Mon Sep 3 20:17:56 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Sep 3 20:19:04 2007 Subject: Archive Ruleset Question Message-ID: <46DC5DE4.7010107@nkpanama.com> Regarding the use of rulesets for the "Archive Mail" function - if I have something like: From: 127. server-originated-messages@somewhereelse.com To: certainuser@mydomain.com /some/where/mailboxfile # (which is an existing filename that RFC822-formatted messages get added to) How do I add a default that essentially "does nothing"? In my ignorance I believe the desired effect could be achieved with: FromOrTo: default /dev/null But I don't know if there is a more elegant way to do it. Thanks in advance... From shuttlebox at gmail.com Mon Sep 3 20:29:30 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Sep 3 20:29:33 2007 Subject: Archive Ruleset Question In-Reply-To: <46DC5DE4.7010107@nkpanama.com> References: <46DC5DE4.7010107@nkpanama.com> Message-ID: <625385e30709031229p3e64e017q581f01d4a93299f2@mail.gmail.com> On 9/3/07, Alex Neuman van der Hans wrote: > Regarding the use of rulesets for the "Archive Mail" function - if I > have something like: > > From: 127. server-originated-messages@somewhereelse.com > To: certainuser@mydomain.com /some/where/mailboxfile # (which is an > existing filename that RFC822-formatted messages get added to) > > How do I add a default that essentially "does nothing"? In my ignorance > I believe the desired effect could be achieved with: > > FromOrTo: default /dev/null > > But I don't know if there is a more elegant way to do it. You don't need a default line for the archive ruleset. Just add lines for the stuff to be archived and it will work. -- /peter From MailScanner at ecs.soton.ac.uk Mon Sep 3 20:30:45 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 3 20:32:00 2007 Subject: Archive Ruleset Question In-Reply-To: <46DC5DE4.7010107@nkpanama.com> References: <46DC5DE4.7010107@nkpanama.com> Message-ID: <46DC60E5.4010205@ecs.soton.ac.uk> Alex Neuman van der Hans wrote: > Regarding the use of rulesets for the "Archive Mail" function - if I > have something like: > > From: 127. server-originated-messages@somewhereelse.com > To: certainuser@mydomain.com /some/where/mailboxfile # (which is > an existing filename that RFC822-formatted messages get added to) > > How do I add a default that essentially "does nothing"? In my > ignorance I believe the desired effect could be achieved with: > > FromOrTo: default /dev/null > > But I don't know if there is a more elegant way to do it. > > Thanks in advance... You should be able to do it by just specifying a blank default: Fromorto default on a line by itself should do the trick. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From alex at nkpanama.com Mon Sep 3 20:33:19 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Sep 3 20:34:18 2007 Subject: Archive Ruleset Question In-Reply-To: <625385e30709031229p3e64e017q581f01d4a93299f2@mail.gmail.com> References: <46DC5DE4.7010107@nkpanama.com> <625385e30709031229p3e64e017q581f01d4a93299f2@mail.gmail.com> Message-ID: <46DC617F.4040604@nkpanama.com> So if there is *no* default, then the default becomes "take no action"? Sounds logical. How does this affect other ruleset-based settings? shuttlebox wrote: > On 9/3/07, Alex Neuman van der Hans wrote: > >> Regarding the use of rulesets for the "Archive Mail" function - if I >> have something like: >> >> From: 127. server-originated-messages@somewhereelse.com >> To: certainuser@mydomain.com /some/where/mailboxfile # (which is an >> existing filename that RFC822-formatted messages get added to) >> >> How do I add a default that essentially "does nothing"? In my ignorance >> I believe the desired effect could be achieved with: >> >> FromOrTo: default /dev/null >> >> But I don't know if there is a more elegant way to do it. >> > > You don't need a default line for the archive ruleset. Just add lines > for the stuff to be archived and it will work. > > From alex at nkpanama.com Mon Sep 3 20:34:44 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Sep 3 20:35:36 2007 Subject: Archive Ruleset Question In-Reply-To: <46DC60E5.4010205@ecs.soton.ac.uk> References: <46DC5DE4.7010107@nkpanama.com> <46DC60E5.4010205@ecs.soton.ac.uk> Message-ID: <46DC61D4.6050404@nkpanama.com> Julian Field wrote: > Alex Neuman van der Hans wrote: >> Regarding the use of rulesets for the "Archive Mail" function - if I >> have something like: >> >> From: 127. server-originated-messages@somewhereelse.com >> To: certainuser@mydomain.com /some/where/mailboxfile # (which is >> an existing filename that RFC822-formatted messages get added to) >> >> How do I add a default that essentially "does nothing"? In my >> ignorance I believe the desired effect could be achieved with: >> >> FromOrTo: default /dev/null >> >> But I don't know if there is a more elegant way to do it. >> >> Thanks in advance... > You should be able to do it by just specifying a blank default: > Fromorto default > on a line by itself should do the trick. > > Jules > Even better! Thanks... From MailScanner at ecs.soton.ac.uk Mon Sep 3 20:37:09 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 3 20:37:27 2007 Subject: Archive Ruleset Question In-Reply-To: <46DC617F.4040604@nkpanama.com> References: <46DC5DE4.7010107@nkpanama.com> <625385e30709031229p3e64e017q581f01d4a93299f2@mail.gmail.com> <46DC617F.4040604@nkpanama.com> Message-ID: <46DC6265.9050006@ecs.soton.ac.uk> I don't publish or guarantee the default behaviour if you don't specify one. It will tend to do the logical thing, however. Alex Neuman van der Hans wrote: > So if there is *no* default, then the default becomes "take no > action"? Sounds logical. > > How does this affect other ruleset-based settings? > > shuttlebox wrote: >> On 9/3/07, Alex Neuman van der Hans wrote: >> >>> Regarding the use of rulesets for the "Archive Mail" function - if I >>> have something like: >>> >>> From: 127. server-originated-messages@somewhereelse.com >>> To: certainuser@mydomain.com /some/where/mailboxfile # (which is an >>> existing filename that RFC822-formatted messages get added to) >>> >>> How do I add a default that essentially "does nothing"? In my ignorance >>> I believe the desired effect could be achieved with: >>> >>> FromOrTo: default /dev/null >>> >>> But I don't know if there is a more elegant way to do it. >>> >> >> You don't need a default line for the archive ruleset. Just add lines >> for the stuff to be archived and it will work. >> >> > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From grupolistas at gmail.com Mon Sep 3 20:45:43 2007 From: grupolistas at gmail.com (infolistas listas) Date: Mon Sep 3 20:45:47 2007 Subject: block attachment per user In-Reply-To: <46D465A9.4040105@ecs.soton.ac.uk> References: <44c071aa0708271203lfaeb870p8a3d8aa0c1b3dffd@mail.gmail.com> <46D32286.40203@ecs.soton.ac.uk> <44c071aa0708281040x27c36f76g17a26ea14cc9aa97@mail.gmail.com> <46D465A9.4040105@ecs.soton.ac.uk> Message-ID: <44c071aa0709031245t3e2e876fmdbe87f2843412713@mail.gmail.com> Ok last one how can I allow all types of attachments to be send only on my domain? 2007/8/28, Julian Field : > > > > infolistas listas wrote: > > Thanks julian worked perfectly, just following this rules managements > > is there a way to block these attachments for these specific users > > from sending mail to another domain that isnt mine, and allow them to > > attach when sending mail to own domain? > > EX: > > > > john may send mail to mydomain but he may not send to yahoo > From: john@mydomain.com And To: mydomain.com -1 > From: john@mydomain.com 0 > > > > > maria may send mail to mydomain and to yahoo > > > > Is it possible? > > > > > > 2007/8/27, Julian Field < MailScanner@ecs.soton.ac.uk > > >: > > > > Just use a ruleset with the Maximum Attachment Size setting in > > MailScanner.conf. > > > > Put this in MailScanner.conf: > > Maximum Attachment Size = %rules-dir%/max.attach.size.rules > > > > and in /etc/MailScanner/rules/max.attach.size.rules put this: > > from: john@yourdomain.com -1 > > from: bob@yourdomain.com -1 > > from: joseph@yourdomain.com -1 > > from: paul@yourdomain.com 0 > > from: patrick@yourdomain.com 0 > > from: maria@yourdomain.com 0 > > fromorto: default -1 > > > > Note the last line sets the default to -1 which is "no limit" for > this > > setting. > > > > Then "service MailScanner reload" or (if that command doesn't work) > > "/etc/init.d/MailScanner reload". > > > > MailScanner rulesets are documented at length in the wiki and in > > the Book. > > > > > > infolistas listas wrote: > > > Hi all is it possible to block some users from attaching files in > > > mailscanner? > > > EX: john, bob and joseph are allow to send attachments but paul, > > > patrick and maria are not allowed. > > > Thanks > > > > Jules > > > > -- > > Julian Field MEng CITP > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > > > MailScanner customisation, or any advanced system administration > help? > > Contact me at Jules@Jules.FM > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > For all your IT requirements visit www.transtec.co.uk > > > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > For all your IT requirements visit www.transtec.co.uk > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070903/f03ad4ac/attachment.html From shuttlebox at gmail.com Mon Sep 3 20:53:27 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Sep 3 20:53:32 2007 Subject: Archive Ruleset Question In-Reply-To: <46DC6265.9050006@ecs.soton.ac.uk> References: <46DC5DE4.7010107@nkpanama.com> <625385e30709031229p3e64e017q581f01d4a93299f2@mail.gmail.com> <46DC617F.4040604@nkpanama.com> <46DC6265.9050006@ecs.soton.ac.uk> Message-ID: <625385e30709031253g40acc2b1o40e706197df46b37@mail.gmail.com> On 9/3/07, Julian Field wrote: > I don't publish or guarantee the default behaviour if you don't specify > one. It will tend to do the logical thing, however. I guess I couldn't think of what to put there and didn't ask either, I just tried without the default line and it has worked for years. :-) Now back to upgrading MailScanner servers... -- /peter From hvdkooij at vanderkooij.org Mon Sep 3 21:52:44 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Sep 3 21:52:59 2007 Subject: Prombem with rule actions In-Reply-To: <46DC4EE8.9050605@ecs.soton.ac.uk> References: <46DC4EE8.9050605@ecs.soton.ac.uk> Message-ID: On Mon, 3 Sep 2007, Julian Field wrote: > Gareth wrote: >> In MailScanner.conf I have :- >> Quarantine Dir = /var/spool/MailScanner/quarantine >> Quarantine User = root >> Quarantine Group = apache >> Quarantine Permissions = 0660 >> >> However all quarantine entries are stored in the format :- >> %quarantine-dir%/<>/<> and they are viruses and blocked >> attachments. >> I am assuming this is correct for the virus quaranteen? >> > Yes, correct. >> If that is the case then MailScanner does not seem to be creating the >> additional 'spam' etc... subdirectories for some reason. >> > It should always try to create them. Try creating them by hand and see if it > puts anything in them. Make sure you give them permissions which are generous > enough. >> Are you sure the format is not %quarantine-dir%/spam/<>/<> as >> if that was the case it could just be the issue that the spam directory >> does >> not exist. >> > Yes, sure :-) If one can create a %quarantine-dir%/<>/<> directory with contect I fail to see what permission is able to prevent one from creating a %quarantine-dir%/spam/<>/<> directory. My suggestion is to find the exact lines in the log describing all steps taken to handle a message and see if anything is in fact classified as spam and put in quarantine. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From MailScanner at ecs.soton.ac.uk Mon Sep 3 22:00:19 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 3 22:00:37 2007 Subject: block attachment per user In-Reply-To: <44c071aa0709031245t3e2e876fmdbe87f2843412713@mail.gmail.com> References: <44c071aa0708271203lfaeb870p8a3d8aa0c1b3dffd@mail.gmail.com> <46D32286.40203@ecs.soton.ac.uk> <44c071aa0708281040x27c36f76g17a26ea14cc9aa97@mail.gmail.com> <46D465A9.4040105@ecs.soton.ac.uk> <44c071aa0709031245t3e2e876fmdbe87f2843412713@mail.gmail.com> Message-ID: <46DC75E3.9080201@ecs.soton.ac.uk> In MailScanner.conf, put Filename Rules = %rules-dir%/filename.rules And then in filename.rules file put To: onedomain.com FromOrTo: default /etc/MailScanner/filename.rules.conf And do likewise for Filetype Rules as well. Should do the trick. No rules ==> Allow anything. infolistas listas wrote: > Ok last one how can I allow all types of attachments to be send only > on my domain? > > 2007/8/28, Julian Field >: > > > > infolistas listas wrote: > > Thanks julian worked perfectly, just following this rules > managements > > is there a way to block these attachments for these specific users > > from sending mail to another domain that isnt mine, and allow > them to > > attach when sending mail to own domain? > > EX: > > > > john may send mail to mydomain but he may not send to yahoo > From: john@mydomain.com And To: > mydomain.com -1 > From: john@mydomain.com 0 > > > > > maria may send mail to mydomain and to yahoo > > > > Is it possible? > > > > > > 2007/8/27, Julian Field < MailScanner@ecs.soton.ac.uk > > > >>: > > > > Just use a ruleset with the Maximum Attachment Size setting in > > MailScanner.conf . > > > > Put this in MailScanner.conf: > > Maximum Attachment Size = %rules-dir%/max.attach.size.rules > > > > and in /etc/MailScanner/rules/max.attach.size.rules put this: > > from: john@yourdomain.com > > -1 > > from: bob@yourdomain.com > > -1 > > from: joseph@yourdomain.com > > -1 > > from: paul@yourdomain.com > > 0 > > from: patrick@yourdomain.com > > 0 > > from: maria@yourdomain.com > > 0 > > fromorto: default -1 > > > > Note the last line sets the default to -1 which is "no > limit" for this > > setting. > > > > Then "service MailScanner reload" or (if that command > doesn't work) > > "/etc/init.d/MailScanner reload". > > > > MailScanner rulesets are documented at length in the wiki and in > > the Book. > > > > > > infolistas listas wrote: > > > Hi all is it possible to block some users from attaching > files in > > > mailscanner? > > > EX: john, bob and joseph are allow to send attachments but > paul, > > > patrick and maria are not allowed. > > > Thanks > > > > Jules > > > > -- > > Julian Field MEng CITP > > www.MailScanner.info > > > Buy the MailScanner book at www.MailScanner.info/store > > > > > > > MailScanner customisation, or any advanced system > administration help? > > Contact me at Jules@Jules.FM > > > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 > B654 > > For all your IT requirements visit www.transtec.co.uk > > > > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > For all your IT requirements visit www.transtec.co.uk > > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > < http://wiki.mailscanner.info/posting> > > > > Support MailScanner development - buy the book off the website! > > > > > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From alex at nkpanama.com Mon Sep 3 22:02:29 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Sep 3 22:03:17 2007 Subject: block attachment per user In-Reply-To: <44c071aa0709031245t3e2e876fmdbe87f2843412713@mail.gmail.com> References: <44c071aa0708271203lfaeb870p8a3d8aa0c1b3dffd@mail.gmail.com> <46D32286.40203@ecs.soton.ac.uk> <44c071aa0708281040x27c36f76g17a26ea14cc9aa97@mail.gmail.com> <46D465A9.4040105@ecs.soton.ac.uk> <44c071aa0709031245t3e2e876fmdbe87f2843412713@mail.gmail.com> Message-ID: <46DC7665.4080301@nkpanama.com> infolistas listas wrote: > Ok last one how can I allow all types of attachments to be send only > on my domain? > Depends. If by "my domain" you mean "anybody who *says* they come from whatever@mydomain.com" then anybody can send anything anywhere as long as they fake the "from:" address. This is easily done with a ruleset that says: From: *@mydomain.com whateveractionyouwanthere It's safer if you can filter on something people can fake less easily, like an IP address. Even more so if you can match more than one. For example, I have some clients set up as: From: *@mydomain.com and From: 192.168. whateveractiontheyneed From: *@mydomain.com and From: 127. samethinghere So that it only matches "@mydomain.com" if it comes from "within" the network (this applies to VPN connections from the outside as well). That way anything that comes in through an unrestricted network (unless sent using the secured webmail service) has different (ie: tighter) restrictions. One thing that would be nice to have (but difficult IMHO since it's more of an MTA thing) would be to be able to apply rulesets on messages depending on whether or not they are authenticated users. The only way I could see that happening would be to do something like this: 1. Messages from non-authenticated users (for example, messages from the outside coming towards our domain) come in through one sendmail process on port 25 and wind up on a queue in /var/spool/mqueue.in for processing as usual 2. Messages from authenticated users enter through the same process on a different queue (don't know how I would be able to do that) or a different process listening on another port or IP address, and get processed by a different copy of MailScanner or some sort of ruleset. While I'm sure I could probably create some sort of Rube Goldberg solution, it would be interesting to know what the enlightened minds that frequent this list might think. I'm sure they could throw in a few ideas... > 2007/8/28, Julian Field >: > > > > infolistas listas wrote: > > Thanks julian worked perfectly, just following this rules > managements > > is there a way to block these attachments for these specific users > > from sending mail to another domain that isnt mine, and allow > them to > > attach when sending mail to own domain? > > EX: > > > > john may send mail to mydomain but he may not send to yahoo > From: john@mydomain.com And To: > mydomain.com -1 > From: john@mydomain.com 0 > > > > > maria may send mail to mydomain and to yahoo > > > > Is it possible? > > > > > > 2007/8/27, Julian Field < MailScanner@ecs.soton.ac.uk > > > >>: > > > > Just use a ruleset with the Maximum Attachment Size setting in > > MailScanner.conf . > > > > Put this in MailScanner.conf: > > Maximum Attachment Size = %rules-dir%/max.attach.size.rules > > > > and in /etc/MailScanner/rules/max.attach.size.rules put this: > > from: john@yourdomain.com > > -1 > > from: bob@yourdomain.com > > -1 > > from: joseph@yourdomain.com > > -1 > > from: paul@yourdomain.com > > 0 > > from: patrick@yourdomain.com > > 0 > > from: maria@yourdomain.com > > 0 > > fromorto: default -1 > > > > Note the last line sets the default to -1 which is "no > limit" for this > > setting. > > > > Then "service MailScanner reload" or (if that command > doesn't work) > > "/etc/init.d/MailScanner reload". > > > > MailScanner rulesets are documented at length in the wiki and in > > the Book. > > > > > > infolistas listas wrote: > > > Hi all is it possible to block some users from attaching > files in > > > mailscanner? > > > EX: john, bob and joseph are allow to send attachments but > paul, > > > patrick and maria are not allowed. > > > Thanks > > > > Jules > > > > -- > > Julian Field MEng CITP > > www.MailScanner.info > > > Buy the MailScanner book at www.MailScanner.info/store > > > > > > > MailScanner customisation, or any advanced system > administration help? > > Contact me at Jules@Jules.FM > > > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 > B654 > > For all your IT requirements visit www.transtec.co.uk > > > > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > For all your IT requirements visit www.transtec.co.uk > > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > < http://wiki.mailscanner.info/posting> > > > > Support MailScanner development - buy the book off the website! > > > > > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From hvdkooij at vanderkooij.org Mon Sep 3 22:18:46 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Sep 3 22:19:03 2007 Subject: block attachment per user In-Reply-To: <46DC75E3.9080201@ecs.soton.ac.uk> References: <44c071aa0708271203lfaeb870p8a3d8aa0c1b3dffd@mail.gmail.com> <46D32286.40203@ecs.soton.ac.uk> <44c071aa0708281040x27c36f76g17a26ea14cc9aa97@mail.gmail.com> <46D465A9.4040105@ecs.soton.ac.uk> <44c071aa0709031245t3e2e876fmdbe87f2843412713@mail.gmail.com> <46DC75E3.9080201@ecs.soton.ac.uk> Message-ID: On Mon, 3 Sep 2007, Julian Field wrote: > In MailScanner.conf, put > Filename Rules = %rules-dir%/filename.rules > > And then in filename.rules file put > To: onedomain.com > FromOrTo: default /etc/MailScanner/filename.rules.conf > > And do likewise for Filetype Rules as well. > Should do the trick. No rules ==> Allow anything. So one can create recursive rule sets. To what level will this work? Just curious I guess because something like this can get out of hand very easily. I think I would stop at the indicated two steps here. And can one use the variables again? So instad of the absolute path /etc/MailScanner/filename.rules.conf use something like %rules-dir%/filename.default.rules Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From glenn.steen at gmail.com Tue Sep 4 09:51:04 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Sep 4 09:51:06 2007 Subject: Prombem with rule actions In-Reply-To: References: <46DC48E3.5090703@fsl.com> Message-ID: <223f97700709040151x6e79870ao83485b94905bfb3@mail.gmail.com> On 03/09/07, Gareth wrote: > In MailScanner.conf I have :- > Quarantine Dir = /var/spool/MailScanner/quarantine > Quarantine User = root > Quarantine Group = apache > Quarantine Permissions = 0660 Hm, Uer set to root.... What MTA are you using Gareth? I thought you were a postmixer like me:-)... In which case that isn't very likely to be correct... Then again... > However all quarantine entries are stored in the format :- > %quarantine-dir%/<>/<> and they are viruses and blocked > attachments. ... that this works indicate that the settings are correct for your setup (either another MTA, or PF run as root, I presume... Or some sticky bit magic:). I presume you've linted a few times, without any real errors? > I am assuming this is correct for the virus quaranteen? Yes. > If that is the case then MailScanner does not seem to be creating the > additional 'spam' etc... subdirectories for some reason. Seems so, yes. > Are you sure the format is not %quarantine-dir%/spam/<>/<> as > if that was the case it could just be the issue that the spam directory does > not exist. Yes we're sure that isn't the case. Steve and Jules know this pretty ... intimately:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Tue Sep 4 09:55:17 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 4 09:56:22 2007 Subject: block attachment per user In-Reply-To: References: <44c071aa0708271203lfaeb870p8a3d8aa0c1b3dffd@mail.gmail.com> <46D32286.40203@ecs.soton.ac.uk> <44c071aa0708281040x27c36f76g17a26ea14cc9aa97@mail.gmail.com> <46D465A9.4040105@ecs.soton.ac.uk> <44c071aa0709031245t3e2e876fmdbe87f2843412713@mail.gmail.com> <46DC75E3.9080201@ecs.soton.ac.uk> Message-ID: <46DD1D75.9060102@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hugo van der Kooij wrote: > On Mon, 3 Sep 2007, Julian Field wrote: > >> In MailScanner.conf, put >> Filename Rules = %rules-dir%/filename.rules >> >> And then in filename.rules file put >> To: onedomain.com >> FromOrTo: default /etc/MailScanner/filename.rules.conf >> >> And do likewise for Filetype Rules as well. >> Should do the trick. No rules ==> Allow anything. > > So one can create recursive rule sets. To what level will this work? This isn't a recursive ruleset, and you can't create them. It's just an example of using a ruleset with the "Filename Rules" configuration setting, which is *not* a ruleset. > > Just curious I guess because something like this can get out of hand > very easily. I think I would stop at the indicated two steps here. > > And can one use the variables again? So instad of the absolute path > /etc/MailScanner/filename.rules.conf use something like > %rules-dir%/filename.default.rules Should be able to, yes. > > Hugo. > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFG3R13EfZZRxQVtlQRAiIWAKDMSFkO0rnvGz8D2xARX6/f95tcGgCdE6i8 cQ74RQ9OUORIAcLCipKj4do= =ce5o -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From list-mailscanner at linguaphone.com Tue Sep 4 12:22:01 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue Sep 4 12:22:26 2007 Subject: Prombem with rule actions In-Reply-To: <223f97700709040151x6e79870ao83485b94905bfb3@mail.gmail.com> References: <46DC48E3.5090703@fsl.com> <223f97700709040151x6e79870ao83485b94905bfb3@mail.gmail.com> Message-ID: <1188904921.20808.141.camel@gblades-suse.linguaphone-intranet.co.uk> Thanks for that. I have changed it to postfix but I dont think it makes any real difference since it is already running as postfix so it could not change the user to root anyway. I changed my high scoring spam actions to add the deliver option and an incoming high scoring spam and virus was detected and copies were saved in the following places :- 20070904/spam/CF509AA0090.2CC09 20070904/CF509AA0090.2CC09/message i.e it worked fine and two copies of the message was saved. That is fine with me. I then switched to using SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver A few spams with a score of >20 came in and they were not delivered but still were not logged in the spam directory. Previously when I had a spam with score >20 which was also identified as a virus then nothing was stored also not even to the virus store which seems very wrong. On Tue, 2007-09-04 at 09:51, Glenn Steen wrote: > On 03/09/07, Gareth wrote: > > In MailScanner.conf I have :- > > Quarantine Dir = /var/spool/MailScanner/quarantine > > Quarantine User = root > > Quarantine Group = apache > > Quarantine Permissions = 0660 > > Hm, Uer set to root.... What MTA are you using Gareth? I thought you > were a postmixer like me:-)... In which case that isn't very likely to > be correct... Then again... > > > However all quarantine entries are stored in the format :- > > %quarantine-dir%/<>/<> and they are viruses and blocked > > attachments. > ... that this works indicate that the settings are correct for your > setup (either another MTA, or PF run as root, I presume... Or some > sticky bit magic:). I presume you've linted a few times, without any > real errors? > > > I am assuming this is correct for the virus quaranteen? > Yes. > > > If that is the case then MailScanner does not seem to be creating the > > additional 'spam' etc... subdirectories for some reason. > Seems so, yes. > > > Are you sure the format is not %quarantine-dir%/spam/<>/<> as > > if that was the case it could just be the issue that the spam directory does > > not exist. > Yes we're sure that isn't the case. Steve and Jules know this pretty > ... intimately:-). > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se From dgottsc at emory.edu Tue Sep 4 13:12:35 2007 From: dgottsc at emory.edu (Gottschalk, David) Date: Tue Sep 4 13:12:50 2007 Subject: HELP ME PLEASE: MCP In-Reply-To: <20070903124728.M16375@fadalto.com> References: <20070903105205.M86793@yatta-it.com> <1188820150.7202.26.camel@localhost> <20070903124728.M16375@fadalto.com> Message-ID: <8D2EFA3D9FD29C45BCEC3B532F0E2308413391EB2B@RDPEXCH2.Eu.Emory.Edu> Try... First Check = spam I had this same problem, and that resolved it for me. David Gottschalk -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Phil Sent: Monday, September 03, 2007 8:47 AM To: MailScanner discussion Subject: Re: HELP ME PLEASE: MCP Ok, Sorry. Copying the conf the "forward" keys has been deleted. The config I'm using is: MCP Header = X-%org-name%-MailScanner-MCPCheck: Non MCP Actions = deliver MCP Actions = store forward spammy@yatta-it.com High Scoring MCP Actions = store forward spammy@yatta-it.com Bounce MCP As Attachment = no And, since I'm doing test, I'm sure I'm testing the MCP and not the HIGH-MCP :) Sincere thanks for the answer Phil ---------- Original Message ----------- From: David Jacobson To: MailScanner discussion Sent: Mon, 3 Sep 2007 13:49:10 +0200 Subject: Re: HELP ME PLEASE: MCP > Hi, > > See comments inline. > > On Mon, 2007-09-03 at 12:54 +0200, Phil wrote: > > Hi all, > > > > I'm using now new MailScanner-4.63.7-2. > > > > The problem is the same and I'm go crazy. > > > > MCP messages are not forwarded to my spam trash user. > > > > Even if I configure MS to deliver MCP messages, they disappear and will not deliver. > > > > My configuration sectio is: > > > > Non MCP Actions = deliver > > MCP Actions = store forward spammy@yatta-it.com > > High Scoring MCP Actions = store spammy@yatta-it.com > > This should be store forward spammy@yatta-it.com you have left out the > forward. Your MCP action is probably reaching the High scoring > threshold therefore not forwarding. > > > > > Bounce MCP As Attachment = no > > > > > > > > > > Please, please, I'm begging you, could you please help me? > > > > Many thanks to all! > > > > Phil > > > -- > Regards, > > David Jacobson > Technical Director > SYNAQ (Pty) Ltd > > Tel: 011 245 5888 > Direct: 011 245 5889 > Fax: 011 783 9275 > Cell: 083 235 0760 > Mail: davidj@synaq.com > Web: http://www.synaq.com > > Key Fingerprint > 8246 FCE1 3C22 7EFB E61B 18DF 6E8B 65E8 BD50 78A1 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ------- End of Original Message ------- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From list-mailscanner at linguaphone.com Tue Sep 4 13:37:26 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue Sep 4 13:37:38 2007 Subject: Prombem with rule actions In-Reply-To: <1188904921.20808.141.camel@gblades-suse.linguaphone-intranet.co.uk> References: <46DC48E3.5090703@fsl.com> <223f97700709040151x6e79870ao83485b94905bfb3@mail.gmail.com> <1188904921.20808.141.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <1188909446.20818.143.camel@gblades-suse.linguaphone-intranet.co.uk> I tried the following aswell as an alternative and it didn't store the message either. SpamAssassin Rule Actions = BAYES_99=>store,non-deliver On Tue, 2007-09-04 at 12:22, Gareth wrote: > Thanks for that. I have changed it to postfix but I dont think it makes > any real difference since it is already running as postfix so it could > not change the user to root anyway. > > I changed my high scoring spam actions to add the deliver option and an > incoming high scoring spam and virus was detected and copies were saved > in the following places :- > 20070904/spam/CF509AA0090.2CC09 > 20070904/CF509AA0090.2CC09/message > i.e it worked fine and two copies of the message was saved. That is fine > with me. > > I then switched to using > SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver > > A few spams with a score of >20 came in and they were not delivered but > still were not logged in the spam directory. > > Previously when I had a spam with score >20 which was also identified as > a virus then nothing was stored also not even to the virus store which > seems very wrong. > > On Tue, 2007-09-04 at 09:51, Glenn Steen wrote: > > On 03/09/07, Gareth wrote: > > > In MailScanner.conf I have :- > > > Quarantine Dir = /var/spool/MailScanner/quarantine > > > Quarantine User = root > > > Quarantine Group = apache > > > Quarantine Permissions = 0660 > > > > Hm, Uer set to root.... What MTA are you using Gareth? I thought you > > were a postmixer like me:-)... In which case that isn't very likely to > > be correct... Then again... > > > > > However all quarantine entries are stored in the format :- > > > %quarantine-dir%/<>/<> and they are viruses and blocked > > > attachments. > > ... that this works indicate that the settings are correct for your > > setup (either another MTA, or PF run as root, I presume... Or some > > sticky bit magic:). I presume you've linted a few times, without any > > real errors? > > > > > I am assuming this is correct for the virus quaranteen? > > Yes. > > > > > If that is the case then MailScanner does not seem to be creating the > > > additional 'spam' etc... subdirectories for some reason. > > Seems so, yes. > > > > > Are you sure the format is not %quarantine-dir%/spam/<>/<> as > > > if that was the case it could just be the issue that the spam directory does > > > not exist. > > Yes we're sure that isn't the case. Steve and Jules know this pretty > > ... intimately:-). > > > > Cheers > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se From grupolistas at gmail.com Tue Sep 4 15:06:33 2007 From: grupolistas at gmail.com (infolistas listas) Date: Tue Sep 4 15:06:36 2007 Subject: queue time Message-ID: <44c071aa0709040706j637b84ccm667f45b956544d73@mail.gmail.com> Hello mailscanner users I'm having a serious problem here al mail are beeing queued and none are delivered? Any ideia how to solve this? I use postfix, ldap, mailscanner, spamassassin, courier-imap Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070904/e48816e2/attachment.html From list-mailscanner at linguaphone.com Tue Sep 4 15:38:57 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue Sep 4 15:39:13 2007 Subject: queue time In-Reply-To: <44c071aa0709040706j637b84ccm667f45b956544d73@mail.gmail.com> References: <44c071aa0709040706j637b84ccm667f45b956544d73@mail.gmail.com> Message-ID: <1188916737.20814.150.camel@gblades-suse.linguaphone-intranet.co.uk> What versions are you running? Try running "MailScanner --lint" and see if it gives any errors Have a look at the mail log (/var/log/mailllog) and see if there are any errors appearing in it. On Tue, 2007-09-04 at 15:06, infolistas listas wrote: > Hello mailscanner users > I'm having a serious problem here al mail are beeing queued and none > are delivered? Any ideia how to solve this? > I use postfix, ldap, mailscanner, spamassassin, courier-imap > > Thanks > > ______________________________________________________________________ > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From grupolistas at gmail.com Tue Sep 4 15:52:14 2007 From: grupolistas at gmail.com (infolistas listas) Date: Tue Sep 4 15:52:17 2007 Subject: queue time In-Reply-To: <1188916737.20814.150.camel@gblades-suse.linguaphone-intranet.co.uk> References: <44c071aa0709040706j637b84ccm667f45b956544d73@mail.gmail.com> <1188916737.20814.150.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <44c071aa0709040752k11b2900ay676beeff94417b8f@mail.gmail.com> right now I have a mail that is queue ( spam for about ) 10 minutes 755557FFC5 Tue Sep 4 11:45:57 postmaster@public.zz.ha.cn vzfkpt@mail.mfplan.com.br 3.25 kB connect to mail.mfplan.com.br[200.209.187.5]: Connection timed out E44BB7FFC1 Tue Sep 4 11:41:32 MAILER-DAEMON otych@mail.mfplan.com.br 6.71 kB connect to mail.mfplan.com.br[200.209.187.5]: Connection timed out # MailScanner --lint Read 759 hostnames from the phishing whitelist MailScanner setting GID to (1001) MailScanner setting UID to (1001) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database config: failed to parse, now a plugin, skipping: ok_languages pt SpamAssassin reported no errors. Using locktype = flock MailScanner.conf says "Virus Scanners = auto" Found these virus scanners installed: clamav 2007/9/4, Gareth : > > What versions are you running? > > Try running "MailScanner --lint" and see if it gives any errors > > Have a look at the mail log (/var/log/mailllog) and see if there are any > errors appearing in it. > > On Tue, 2007-09-04 at 15:06, infolistas listas wrote: > > Hello mailscanner users > > I'm having a serious problem here al mail are beeing queued and none > > are delivered? Any ideia how to solve this? > > I use postfix, ldap, mailscanner, spamassassin, courier-imap > > > > Thanks > > > > ______________________________________________________________________ > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070904/02a67fc4/attachment.html From list-mailscanner at linguaphone.com Tue Sep 4 16:14:16 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue Sep 4 16:14:27 2007 Subject: {Disarmed} Re: queue time In-Reply-To: <44c071aa0709040752k11b2900ay676beeff94417b8f@mail.gmail.com> References: <44c071aa0709040706j637b84ccm667f45b956544d73@mail.gmail.com> <1188916737.20814.150.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709040752k11b2900ay676beeff94417b8f@mail.gmail.com> Message-ID: <1188918856.20818.156.camel@gblades-suse.linguaphone-intranet.co.uk> Postfix is trying to connect to mail.mfplan.com.br to send the mail but it is not getting a response back from the server. On Tue, 2007-09-04 at 15:52, infolistas listas wrote: > right now I have a mail that is queue ( spam for about ) 10 minutes > > MailScanner has detected a possible fraud attempt from "10.10.10.5:10000" claiming to be755557FFC5 > Tue Sep 4 > 11:45:57 > postmaster@public.zz.ha.cn > vzfkpt@mail.mfplan.com.br > 3.25 kB > connect to > mail.mfplan.com.br[MailScanner warning: numerical links are often malicious:200.209.187.5]: Connection timed out > > MailScanner has detected a possible fraud attempt from "10.10.10.5:10000" claiming to beE44BB7FFC1 > Tue Sep 4 > 11:41:32 > MAILER-DAEMON > otych@mail.mfplan.com.br > 6.71 kB > connect to > mail.mfplan.com.br[MailScanner warning: numerical links are often malicious:200.209.187.5]: Connection timed out > > # MailScanner --lint > Read 759 hostnames from the phishing whitelist > MailScanner setting GID to (1001) > MailScanner setting UID to (1001) > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > config: failed to parse, now a plugin, skipping: ok_languages pt > SpamAssassin reported no errors. > Using locktype = flock > MailScanner.conf says "Virus Scanners = auto" > Found these virus scanners installed: clamav > > > 2007/9/4, Gareth : > What versions are you running? > > Try running "MailScanner --lint" and see if it gives any > errors > > Have a look at the mail log (/var/log/mailllog) and see if > there are any > errors appearing in it. > > On Tue, 2007-09-04 at 15:06, infolistas listas wrote: > > Hello mailscanner users > > I'm having a serious problem here al mail are beeing queued > and none > > are delivered? Any ideia how to solve this? > > I use postfix, ldap, mailscanner, spamassassin, courier-imap > > > > Thanks > > > > > ______________________________________________________________________ > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the > website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > > > > ______________________________________________________________________ > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From list-mailscanner at linguaphone.com Tue Sep 4 19:05:19 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue Sep 4 19:05:28 2007 Subject: Prombem with rule actions In-Reply-To: <1188909446.20818.143.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: Jules, Could this be a bug? As it works when I put the store option in the high scoring rules but wont work as part of a rules actions line I cant think of any cause other that a problem with the rule actioon line itself or a bug somewhere. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Gareth > Sent: 04 September 2007 13:37 > To: MailScanner discussion > Subject: Re: Prombem with rule actions > > > I tried the following aswell as an alternative and it didn't store the > message either. > > SpamAssassin Rule Actions = BAYES_99=>store,non-deliver > > On Tue, 2007-09-04 at 12:22, Gareth wrote: > > Thanks for that. I have changed it to postfix but I dont think it makes > > any real difference since it is already running as postfix so it could > > not change the user to root anyway. > > > > I changed my high scoring spam actions to add the deliver option and an > > incoming high scoring spam and virus was detected and copies were saved > > in the following places :- > > 20070904/spam/CF509AA0090.2CC09 > > 20070904/CF509AA0090.2CC09/message > > i.e it worked fine and two copies of the message was saved. That is fine > > with me. > > > > I then switched to using > > SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver > > > > A few spams with a score of >20 came in and they were not delivered but > > still were not logged in the spam directory. > > > > Previously when I had a spam with score >20 which was also identified as > > a virus then nothing was stored also not even to the virus store which > > seems very wrong. > > > > On Tue, 2007-09-04 at 09:51, Glenn Steen wrote: > > > On 03/09/07, Gareth wrote: > > > > In MailScanner.conf I have :- > > > > Quarantine Dir = /var/spool/MailScanner/quarantine > > > > Quarantine User = root > > > > Quarantine Group = apache > > > > Quarantine Permissions = 0660 > > > > > > Hm, Uer set to root.... What MTA are you using Gareth? I thought you > > > were a postmixer like me:-)... In which case that isn't very likely to > > > be correct... Then again... > > > > > > > However all quarantine entries are stored in the format :- > > > > %quarantine-dir%/<>/<> and they are viruses and blocked > > > > attachments. > > > ... that this works indicate that the settings are correct for your > > > setup (either another MTA, or PF run as root, I presume... Or some > > > sticky bit magic:). I presume you've linted a few times, without any > > > real errors? > > > > > > > I am assuming this is correct for the virus quaranteen? > > > Yes. > > > > > > > If that is the case then MailScanner does not seem to be > creating the > > > > additional 'spam' etc... subdirectories for some reason. > > > Seems so, yes. > > > > > > > Are you sure the format is not > %quarantine-dir%/spam/<>/<> as > > > > if that was the case it could just be the issue that the > spam directory does > > > > not exist. > > > Yes we're sure that isn't the case. Steve and Jules know this pretty > > > ... intimately:-). > > > > > > Cheers > > > -- > > > -- Glenn > > > email: glenn < dot > steen < at > gmail < dot > com > > > work: glenn < dot > steen < at > ap1 < dot > se > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From MailScanner at ecs.soton.ac.uk Tue Sep 4 19:30:40 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 4 19:30:57 2007 Subject: Prombem with rule actions In-Reply-To: References: Message-ID: <46DDA450.8050307@ecs.soton.ac.uk> Gareth wrote: > Jules, Could this be a bug? > > As it works when I put the store option in the high scoring rules but wont > work as part of a rules actions line I cant think of any cause other that a > problem with the rule actioon line itself or a bug somewhere. > I have this lot set: Required SpamAssassin Score = 6 Non Spam Actions = deliver header "X-Spam-Status: No" Spam Actions = deliver header "X-Spam-Status: Yes" High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" SpamAssassin Rule Actions = FROM_BOSS_WIFE=>forward secretary@domain.com, SpamScore>=6=>forward spam.score@greater6.com,store,non-deliver, SpamScore<100=>store,forward spam.score@less100.com, store, SpamScore>100=>deliver,store And I get everything stored in the "nonspam" archive. So it appears to work for me. So I don't quite see why it doesn't for you. It sets all the spam actions first, long before it does anything about them. So it shouldn't be possible for the action to work in one setting and not in another. > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Gareth >> Sent: 04 September 2007 13:37 >> To: MailScanner discussion >> Subject: Re: Prombem with rule actions >> >> >> I tried the following aswell as an alternative and it didn't store the >> message either. >> >> SpamAssassin Rule Actions = BAYES_99=>store,non-deliver >> >> On Tue, 2007-09-04 at 12:22, Gareth wrote: >> >>> Thanks for that. I have changed it to postfix but I dont think it makes >>> any real difference since it is already running as postfix so it could >>> not change the user to root anyway. >>> >>> I changed my high scoring spam actions to add the deliver option and an >>> incoming high scoring spam and virus was detected and copies were saved >>> in the following places :- >>> 20070904/spam/CF509AA0090.2CC09 >>> 20070904/CF509AA0090.2CC09/message >>> i.e it worked fine and two copies of the message was saved. That is fine >>> with me. >>> >>> I then switched to using >>> SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver >>> >>> A few spams with a score of >20 came in and they were not delivered but >>> still were not logged in the spam directory. >>> >>> Previously when I had a spam with score >20 which was also identified as >>> a virus then nothing was stored also not even to the virus store which >>> seems very wrong. >>> >>> On Tue, 2007-09-04 at 09:51, Glenn Steen wrote: >>> >>>> On 03/09/07, Gareth wrote: >>>> >>>>> In MailScanner.conf I have :- >>>>> Quarantine Dir = /var/spool/MailScanner/quarantine >>>>> Quarantine User = root >>>>> Quarantine Group = apache >>>>> Quarantine Permissions = 0660 >>>>> >>>> Hm, Uer set to root.... What MTA are you using Gareth? I thought you >>>> were a postmixer like me:-)... In which case that isn't very likely to >>>> be correct... Then again... >>>> >>>> >>>>> However all quarantine entries are stored in the format :- >>>>> %quarantine-dir%/<>/<> and they are viruses and blocked >>>>> attachments. >>>>> >>>> ... that this works indicate that the settings are correct for your >>>> setup (either another MTA, or PF run as root, I presume... Or some >>>> sticky bit magic:). I presume you've linted a few times, without any >>>> real errors? >>>> >>>> >>>>> I am assuming this is correct for the virus quaranteen? >>>>> >>>> Yes. >>>> >>>> >>>>> If that is the case then MailScanner does not seem to be >>>>> >> creating the >> >>>>> additional 'spam' etc... subdirectories for some reason. >>>>> >>>> Seems so, yes. >>>> >>>> >>>>> Are you sure the format is not >>>>> >> %quarantine-dir%/spam/<>/<> as >> >>>>> if that was the case it could just be the issue that the >>>>> >> spam directory does >> >>>>> not exist. >>>>> >>>> Yes we're sure that isn't the case. Steve and Jules know this pretty >>>> ... intimately:-). >>>> >>>> Cheers >>>> -- >>>> -- Glenn >>>> email: glenn < dot > steen < at > gmail < dot > com >>>> work: glenn < dot > steen < at > ap1 < dot > se >>>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> >> > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From hvdkooij at vanderkooij.org Tue Sep 4 19:43:39 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Sep 4 19:43:52 2007 Subject: Prombem with rule actions In-Reply-To: <46DDA450.8050307@ecs.soton.ac.uk> References: <46DDA450.8050307@ecs.soton.ac.uk> Message-ID: On Tue, 4 Sep 2007, Julian Field wrote: > SpamAssassin Rule Actions = FROM_BOSS_WIFE=>forward secretary@domain.com, > SpamScore>=6=>forward spam.score@greater6.com,store,non-deliver, > SpamScore<100=>store,forward spam.score@less100.com, store, > SpamScore>100=>deliver,store I assume it is safe to make this slightly more readable? Like: SpamAssassin Rule Actions = \ FROM_BOSS_WIFE=>forward secretary@domain.com, \ SpamScore>=6=>forward spam.score@greater6.com,store,non-deliver, \ SpamScore<100=>store,forward spam.score@less100.com, store, \ SpamScore>100=>deliver,store I most definitly have a problem with reading long lines in a configuration file. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From butler at globeserver.com Tue Sep 4 20:16:48 2007 From: butler at globeserver.com (Philip Butler) Date: Tue Sep 4 20:24:41 2007 Subject: MCP stopped working on upgrade.... Message-ID: Hi all, I have noticed that MCP has stopped working when I upgraded to MS 4.62.9-3 / SpamAssassin 3.2.3 - not sure which one is where I should be looking. On searching some of the archives, I came across a message on how to test MCP: ------ spamassassin --config-file=/etc/mailscanner/ mcp.spam.assassin.prefs.conf --siteconfigpath=/etc/mailscanner/mcp - p /etc/mailscanner/mcp.spam.assassin.prefs.conf -t -D < /testfile 2>&1 | less -e ------ where /testfile contains the word vi_gra (with an a vs. _). I get the following output.... ------ [3750] dbg: config: read file /etc/mailscanner/mcp/10_example.cf [3750] dbg: config: read file /etc/mailscanner/mcp/mcp_rules.cf [3750] dbg: config: using "/root/.spamassassin" for user state dir [3750] dbg: config: using "/etc/mailscanner/ mcp.spam.assassin.prefs.conf" for user prefs file [3750] dbg: config: read file /etc/mailscanner/ mcp.spam.assassin.prefs.conf [3750] info: config: failed to parse line, skipping, in "/etc/ mailscanner/mcp.spam.assassin.prefs.conf": use_dcc 0 [3750] info: config: failed to parse line, skipping, in "/etc/ mailscanner/mcp.spam.assassin.prefs.conf": use_pyzor 0 [3750] info: config: failed to parse line, skipping, in "/etc/ mailscanner/mcp.spam.assassin.prefs.conf": use_razor1 0 [3750] info: config: failed to parse line, skipping, in "/etc/ mailscanner/mcp.spam.assassin.prefs.conf": use_razor2 0 [3750] info: config: failed to parse line, skipping, in "/etc/ mailscanner/mcp.spam.assassin.prefs.conf": decode_attachments 1 [3750] info: config: failed to parse line, skipping, in "/etc/ mailscanner/mcp.spam.assassin.prefs.conf": use_dcc 0 [3750] info: config: failed to parse line, skipping, in "/etc/ mailscanner/mcp.spam.assassin.prefs.conf": use_pyzor 0 [3750] info: config: failed to parse line, skipping, in "/etc/ mailscanner/mcp.spam.assassin.prefs.conf": use_razor1 0 [3750] info: config: failed to parse line, skipping, in "/etc/ mailscanner/mcp.spam.assassin.prefs.conf": use_razor2 0 [3750] info: config: failed to parse line, skipping, in "/etc/ mailscanner/mcp.spam.assassin.prefs.conf": decode_attachments 1 [3750] info: config: failed to parse line, skipping, in "/etc/ mailscanner/mcp.spam.assassin.prefs.conf": use_dcc 0 [3750] info: config: failed to parse line, skipping, in "/etc/ mailscanner/mcp.spam.assassin.prefs.conf": use_pyzor 0 [3750] info: config: failed to parse line, skipping, in "/etc/ mailscanner/mcp.spam.assassin.prefs.conf": use_razor1 0 [3750] info: config: failed to parse line, skipping, in "/etc/ mailscanner/mcp.spam.assassin.prefs.conf": use_razor2 0 [3750] info: config: failed to parse line, skipping, in "/etc/ mailscanner/mcp.spam.assassin.prefs.conf": decode_attachments 1 [3750] dbg: conf: finish parsing [3750] dbg: config: score set 1 chosen. [3750] dbg: message: main message type: text/plain check: no loaded plugin implements 'check_main': cannot scan! at /usr/ local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 164. ------ The last one puzzles me since I am not a perl guru. Also, the warnings (use_dcc , etc) - what should the syntax for this be ?? I know that's not the problem, but want to clean up the syntax to be proper. Anyone know if the "no loaded plugin implements 'check_main'" is the problem with MCP - and if so, what to do to fix it ?? Thanks, Phil From grupolistas at gmail.com Tue Sep 4 20:35:22 2007 From: grupolistas at gmail.com (infolistas listas) Date: Tue Sep 4 20:35:26 2007 Subject: doesnt release from hold Message-ID: <44c071aa0709041235m150952f7v533ba6f1f0087a35@mail.gmail.com> Guys I think mail scanner isnt releasing my mail that are on queue and its stopping all mail to go out and in c logs http://rapido.mfplan.com.br -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070904/69f413a8/attachment.html From list-mailscanner at linguaphone.com Tue Sep 4 20:35:40 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue Sep 4 20:35:46 2007 Subject: Prombem with rule actions In-Reply-To: <46DDA450.8050307@ecs.soton.ac.uk> Message-ID: SpamAssassin Rule Actions = BAYES_99=>store,non-deliver SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver non-deliver option works but store does not SpamAssassin Rule Actions = SpamScore>=20=>forward test@cdlive.co.uk,store,non-deliver non-deliver works but store and forward dont SpamAssassin Rule Actions = SpamScore>=20=>forward test@cdlive.co.uk,store store works! but foward doesnt I am beginning to see a pattern here... SpamAssassin Rule Actions = SpamScore>=20=>forward test@cdlive.co.uk,non-deliver,store store works non-deliver doesn't It looks to me that only the last option works. Lets try it a little bit different SpamAssassin Rule Actions = SpamScore>=20=>non-deliver, SpamScore>=20=>store Not delivered and stored - SUCCESS! It looks like there may be a parsing bug. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > Field > Sent: 04 September 2007 19:31 > To: MailScanner discussion > Subject: Re: Prombem with rule actions > > > > > Gareth wrote: > > Jules, Could this be a bug? > > > > As it works when I put the store option in the high scoring > rules but wont > > work as part of a rules actions line I cant think of any cause > other that a > > problem with the rule actioon line itself or a bug somewhere. > > > I have this lot set: > > Required SpamAssassin Score = 6 > Non Spam Actions = deliver header "X-Spam-Status: No" > Spam Actions = deliver header "X-Spam-Status: Yes" > High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" > > SpamAssassin Rule Actions = FROM_BOSS_WIFE=>forward > secretary@domain.com, SpamScore>=6=>forward > spam.score@greater6.com,store,non-deliver, SpamScore<100=>store,forward > spam.score@less100.com, store, SpamScore>100=>deliver,store > > And I get everything stored in the "nonspam" archive. > > So it appears to work for me. So I don't quite see why it doesn't for > you. It sets all the spam actions first, long before it does anything > about them. So it shouldn't be possible for the action to work in one > setting and not in another. > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Gareth > >> Sent: 04 September 2007 13:37 > >> To: MailScanner discussion > >> Subject: Re: Prombem with rule actions > >> > >> > >> I tried the following aswell as an alternative and it didn't store the > >> message either. > >> > >> SpamAssassin Rule Actions = BAYES_99=>store,non-deliver > >> > >> On Tue, 2007-09-04 at 12:22, Gareth wrote: > >> > >>> Thanks for that. I have changed it to postfix but I dont > think it makes > >>> any real difference since it is already running as postfix so it could > >>> not change the user to root anyway. > >>> > >>> I changed my high scoring spam actions to add the deliver > option and an > >>> incoming high scoring spam and virus was detected and copies > were saved > >>> in the following places :- > >>> 20070904/spam/CF509AA0090.2CC09 > >>> 20070904/CF509AA0090.2CC09/message > >>> i.e it worked fine and two copies of the message was saved. > That is fine > >>> with me. > >>> > >>> I then switched to using > >>> SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver > >>> > >>> A few spams with a score of >20 came in and they were not > delivered but > >>> still were not logged in the spam directory. > >>> > >>> Previously when I had a spam with score >20 which was also > identified as > >>> a virus then nothing was stored also not even to the virus store which > >>> seems very wrong. > >>> > >>> On Tue, 2007-09-04 at 09:51, Glenn Steen wrote: > >>> > >>>> On 03/09/07, Gareth wrote: > >>>> > >>>>> In MailScanner.conf I have :- > >>>>> Quarantine Dir = /var/spool/MailScanner/quarantine > >>>>> Quarantine User = root > >>>>> Quarantine Group = apache > >>>>> Quarantine Permissions = 0660 > >>>>> > >>>> Hm, Uer set to root.... What MTA are you using Gareth? I thought you > >>>> were a postmixer like me:-)... In which case that isn't very > likely to > >>>> be correct... Then again... > >>>> > >>>> > >>>>> However all quarantine entries are stored in the format :- > >>>>> %quarantine-dir%/<>/<> and they are viruses and blocked > >>>>> attachments. > >>>>> > >>>> ... that this works indicate that the settings are correct for your > >>>> setup (either another MTA, or PF run as root, I presume... Or some > >>>> sticky bit magic:). I presume you've linted a few times, without any > >>>> real errors? > >>>> > >>>> > >>>>> I am assuming this is correct for the virus quaranteen? > >>>>> > >>>> Yes. > >>>> > >>>> > >>>>> If that is the case then MailScanner does not seem to be > >>>>> > >> creating the > >> > >>>>> additional 'spam' etc... subdirectories for some reason. > >>>>> > >>>> Seems so, yes. > >>>> > >>>> > >>>>> Are you sure the format is not > >>>>> > >> %quarantine-dir%/spam/<>/<> as > >> > >>>>> if that was the case it could just be the issue that the > >>>>> > >> spam directory does > >> > >>>>> not exist. > >>>>> > >>>> Yes we're sure that isn't the case. Steve and Jules know this pretty > >>>> ... intimately:-). > >>>> > >>>> Cheers > >>>> -- > >>>> -- Glenn > >>>> email: glenn < dot > steen < at > gmail < dot > com > >>>> work: glenn < dot > steen < at > ap1 < dot > se > >>>> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > >> > >> > >> > > > > > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From MailScanner at ecs.soton.ac.uk Tue Sep 4 20:44:39 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 4 20:44:56 2007 Subject: Prombem with rule actions In-Reply-To: References: <46DDA450.8050307@ecs.soton.ac.uk> Message-ID: <46DDB5A7.6020003@ecs.soton.ac.uk> Hugo van der Kooij wrote: > On Tue, 4 Sep 2007, Julian Field wrote: > >> SpamAssassin Rule Actions = FROM_BOSS_WIFE=>forward >> secretary@domain.com, SpamScore>=6=>forward >> spam.score@greater6.com,store,non-deliver, >> SpamScore<100=>store,forward spam.score@less100.com, store, >> SpamScore>100=>deliver,store > > I assume it is safe to make this slightly more readable? Like: > > SpamAssassin Rule Actions = \ > FROM_BOSS_WIFE=>forward secretary@domain.com, \ > SpamScore>=6=>forward spam.score@greater6.com,store,non-deliver, \ > SpamScore<100=>store,forward spam.score@less100.com, store, \ > SpamScore>100=>deliver,store > > I most definitly have a problem with reading long lines in a > configuration file. I don't remember implementing anything to allow multi-line configuration entries, so you probably can't do this. Sorry. > > Hugo. > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From list-mailscanner at linguaphone.com Tue Sep 4 20:47:19 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue Sep 4 20:47:21 2007 Subject: Prombem with rule actions In-Reply-To: Message-ID: > Lets try it a little bit different > SpamAssassin Rule Actions = SpamScore>=20=>non-deliver, > SpamScore>=20=>store > Not delivered and stored - SUCCESS! Doh! I made a mistake. The store works but the non-deliver doesnt From MailScanner at ecs.soton.ac.uk Tue Sep 4 20:47:19 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 4 20:47:37 2007 Subject: MCP stopped working on upgrade.... In-Reply-To: References: Message-ID: <46DDB647.3080302@ecs.soton.ac.uk> Philip Butler wrote: > Hi all, > > I have noticed that MCP has stopped working when I upgraded to MS > 4.62.9-3 / SpamAssassin 3.2.3 - not sure which one is where I should > be looking. > > On searching some of the archives, I came across a message on how to > test MCP: > > ------ > spamassassin > --config-file=/etc/mailscanner/mcp.spam.assassin.prefs.conf > --siteconfigpath=/etc/mailscanner/mcp -p > /etc/mailscanner/mcp.spam.assassin.prefs.conf -t -D < /testfile 2>&1 | > less -e > ------ > > where /testfile contains the word vi_gra (with an a vs. _). I get the > following output.... > > ------ > [3750] dbg: config: read file /etc/mailscanner/mcp/10_example.cf > [3750] dbg: config: read file /etc/mailscanner/mcp/mcp_rules.cf > [3750] dbg: config: using "/root/.spamassassin" for user state dir > [3750] dbg: config: using > "/etc/mailscanner/mcp.spam.assassin.prefs.conf" for user prefs file > [3750] dbg: config: read file > /etc/mailscanner/mcp.spam.assassin.prefs.conf > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_dcc 0 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_pyzor 0 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_razor1 0 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_razor2 0 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": decode_attachments 1 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_dcc 0 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_pyzor 0 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_razor1 0 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_razor2 0 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": decode_attachments 1 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_dcc 0 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_pyzor 0 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_razor1 0 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_razor2 0 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": decode_attachments 1 > [3750] dbg: conf: finish parsing > [3750] dbg: config: score set 1 chosen. > [3750] dbg: message: main message type: text/plain > check: no loaded plugin implements 'check_main': cannot scan! at > /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm > line 164. > ------ > > The last one puzzles me since I am not a perl guru. Also, the > warnings (use_dcc , etc) - what should the syntax for this be ?? I > know that's not the problem, but want to clean up the syntax to be > proper. > > Anyone know if the "no loaded plugin implements 'check_main'" is the > problem with MCP - and if so, what to do to fix it ?? Make sure there is a v320.pre in /etc/MailScanner/mcp or else you don't be loading the main "Check" plugin which implements the main scanning functionality. It should say this: [root@alegria mcp]# cat /etc/MailScanner/mcp/v320.pre # Check - Provides main check functionality # loadplugin Mail::SpamAssassin::Plugin::Check [root@alegria mcp]# > > Thanks, > > Phil > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From glenn.steen at gmail.com Tue Sep 4 20:49:12 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Sep 4 20:49:14 2007 Subject: Prombem with rule actions In-Reply-To: References: <46DDA450.8050307@ecs.soton.ac.uk> Message-ID: <223f97700709041249t1d59b08tcfe50de2de08f530@mail.gmail.com> On 04/09/07, Gareth wrote: > SpamAssassin Rule Actions = BAYES_99=>store,non-deliver > SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver > non-deliver option works but store does not > > SpamAssassin Rule Actions = SpamScore>=20=>forward > test@cdlive.co.uk,store,non-deliver > non-deliver works but store and forward dont > > SpamAssassin Rule Actions = SpamScore>=20=>forward test@cdlive.co.uk,store > store works! > but foward doesnt > > I am beginning to see a pattern here... > > SpamAssassin Rule Actions = SpamScore>=20=>forward > test@cdlive.co.uk,non-deliver,store > store works > non-deliver doesn't > > > It looks to me that only the last option works. > > Lets try it a little bit different > SpamAssassin Rule Actions = SpamScore>=20=>non-deliver, SpamScore>=20=>store > Not delivered and stored - SUCCESS! > > > It looks like there may be a parsing bug. > I'm sure you've mentioned it before, but what version of MailScanner are you running Gareth? IIRC, what you describe is more or less the original function of the feature...:-):-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Tue Sep 4 20:51:12 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Sep 4 20:51:24 2007 Subject: MCP stopped working on upgrade.... In-Reply-To: References: Message-ID: Philip Butler spake the following on 9/4/2007 12:16 PM: > Hi all, > > I have noticed that MCP has stopped working when I upgraded to MS > 4.62.9-3 / SpamAssassin 3.2.3 - not sure which one is where I should be > looking. > > On searching some of the archives, I came across a message on how to > test MCP: > > ------ > spamassassin --config-file=/etc/mailscanner/mcp.spam.assassin.prefs.conf > --siteconfigpath=/etc/mailscanner/mcp -p > /etc/mailscanner/mcp.spam.assassin.prefs.conf -t -D < /testfile 2>&1 | > less -e > ------ > > where /testfile contains the word vi_gra (with an a vs. _). I get the > following output.... > > ------ > [3750] dbg: config: read file /etc/mailscanner/mcp/10_example.cf > [3750] dbg: config: read file /etc/mailscanner/mcp/mcp_rules.cf > [3750] dbg: config: using "/root/.spamassassin" for user state dir > [3750] dbg: config: using > "/etc/mailscanner/mcp.spam.assassin.prefs.conf" for user prefs file > [3750] dbg: config: read file /etc/mailscanner/mcp.spam.assassin.prefs.conf > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_dcc 0 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_pyzor 0 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_razor1 0 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_razor2 0 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": decode_attachments 1 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_dcc 0 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_pyzor 0 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_razor1 0 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_razor2 0 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": decode_attachments 1 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_dcc 0 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_pyzor 0 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_razor1 0 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_razor2 0 > [3750] info: config: failed to parse line, skipping, in > "/etc/mailscanner/mcp.spam.assassin.prefs.conf": decode_attachments 1 > [3750] dbg: conf: finish parsing > [3750] dbg: config: score set 1 chosen. > [3750] dbg: message: main message type: text/plain > check: no loaded plugin implements 'check_main': cannot scan! at > /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm > line 164. > ------ > > The last one puzzles me since I am not a perl guru. Also, the warnings > (use_dcc , etc) - what should the syntax for this be ?? I know that's > not the problem, but want to clean up the syntax to be proper. > > Anyone know if the "no loaded plugin implements 'check_main'" is the > problem with MCP - and if so, what to do to fix it ?? > > Thanks, > > Phil > > In your /etc/mailscanner/mcp directory you need a v320.pre file and add the following content to it; --cut-- # Check - Provides main check functionality # loadplugin Mail::SpamAssassin::Plugin::Check --cut-- -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From list-mailscanner at linguaphone.com Tue Sep 4 20:52:57 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue Sep 4 20:53:05 2007 Subject: Prombem with rule actions In-Reply-To: <223f97700709041249t1d59b08tcfe50de2de08f530@mail.gmail.com> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Glenn > Steen > Sent: 04 September 2007 20:49 > To: MailScanner discussion > Subject: Re: Prombem with rule actions > > > On 04/09/07, Gareth wrote: > > SpamAssassin Rule Actions = BAYES_99=>store,non-deliver > > SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver > > non-deliver option works but store does not > > > > SpamAssassin Rule Actions = SpamScore>=20=>forward > > test@cdlive.co.uk,store,non-deliver > > non-deliver works but store and forward dont > > > > SpamAssassin Rule Actions = SpamScore>=20=>forward > test@cdlive.co.uk,store > > store works! > > but foward doesnt > > > > I am beginning to see a pattern here... > > > > SpamAssassin Rule Actions = SpamScore>=20=>forward > > test@cdlive.co.uk,non-deliver,store > > store works > > non-deliver doesn't > > > > > > It looks to me that only the last option works. > > > > Lets try it a little bit different > > SpamAssassin Rule Actions = SpamScore>=20=>non-deliver, > SpamScore>=20=>store > > Not delivered and stored - SUCCESS! > > > > > > It looks like there may be a parsing bug. > > > I'm sure you've mentioned it before, but what version of MailScanner > are you running Gareth? IIRC, what you describe is more or less the > original function of the feature...:-):-) mailscanner-4.63.7-2 From MailScanner at ecs.soton.ac.uk Tue Sep 4 20:54:15 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 4 20:54:33 2007 Subject: Prombem with rule actions In-Reply-To: References: Message-ID: <46DDB7E7.6030100@ecs.soton.ac.uk> Around line 1020 of /usr/lib/MailScanner/MailScanner/Message.pm, there should be a big comment in a block of '#' characters that says "SpamAssassin Rule Actions ends here". Just after that comment, add this line: print STDERR "Actions are: " . join(',',keys %actions) . "\n"; And then run "MailScanner --debug". Please tell me if it just prints the last action or all of them. Gareth wrote: > SpamAssassin Rule Actions = BAYES_99=>store,non-deliver > SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver > non-deliver option works but store does not > > SpamAssassin Rule Actions = SpamScore>=20=>forward > test@cdlive.co.uk,store,non-deliver > non-deliver works but store and forward dont > > SpamAssassin Rule Actions = SpamScore>=20=>forward test@cdlive.co.uk,store > store works! > but foward doesnt > > I am beginning to see a pattern here... > > SpamAssassin Rule Actions = SpamScore>=20=>forward > test@cdlive.co.uk,non-deliver,store > store works > non-deliver doesn't > > > It looks to me that only the last option works. > > Lets try it a little bit different > SpamAssassin Rule Actions = SpamScore>=20=>non-deliver, SpamScore>=20=>store > Not delivered and stored - SUCCESS! > > > It looks like there may be a parsing bug. > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian >> Field >> Sent: 04 September 2007 19:31 >> To: MailScanner discussion >> Subject: Re: Prombem with rule actions >> >> >> >> >> Gareth wrote: >> >>> Jules, Could this be a bug? >>> >>> As it works when I put the store option in the high scoring >>> >> rules but wont >> >>> work as part of a rules actions line I cant think of any cause >>> >> other that a >> >>> problem with the rule actioon line itself or a bug somewhere. >>> >>> >> I have this lot set: >> >> Required SpamAssassin Score = 6 >> Non Spam Actions = deliver header "X-Spam-Status: No" >> Spam Actions = deliver header "X-Spam-Status: Yes" >> High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" >> >> SpamAssassin Rule Actions = FROM_BOSS_WIFE=>forward >> secretary@domain.com, SpamScore>=6=>forward >> spam.score@greater6.com,store,non-deliver, SpamScore<100=>store,forward >> spam.score@less100.com, store, SpamScore>100=>deliver,store >> >> And I get everything stored in the "nonspam" archive. >> >> So it appears to work for me. So I don't quite see why it doesn't for >> you. It sets all the spam actions first, long before it does anything >> about them. So it shouldn't be possible for the action to work in one >> setting and not in another. >> >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Gareth >>>> Sent: 04 September 2007 13:37 >>>> To: MailScanner discussion >>>> Subject: Re: Prombem with rule actions >>>> >>>> >>>> I tried the following aswell as an alternative and it didn't store the >>>> message either. >>>> >>>> SpamAssassin Rule Actions = BAYES_99=>store,non-deliver >>>> >>>> On Tue, 2007-09-04 at 12:22, Gareth wrote: >>>> >>>> >>>>> Thanks for that. I have changed it to postfix but I dont >>>>> >> think it makes >> >>>>> any real difference since it is already running as postfix so it could >>>>> not change the user to root anyway. >>>>> >>>>> I changed my high scoring spam actions to add the deliver >>>>> >> option and an >> >>>>> incoming high scoring spam and virus was detected and copies >>>>> >> were saved >> >>>>> in the following places :- >>>>> 20070904/spam/CF509AA0090.2CC09 >>>>> 20070904/CF509AA0090.2CC09/message >>>>> i.e it worked fine and two copies of the message was saved. >>>>> >> That is fine >> >>>>> with me. >>>>> >>>>> I then switched to using >>>>> SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver >>>>> >>>>> A few spams with a score of >20 came in and they were not >>>>> >> delivered but >> >>>>> still were not logged in the spam directory. >>>>> >>>>> Previously when I had a spam with score >20 which was also >>>>> >> identified as >> >>>>> a virus then nothing was stored also not even to the virus store which >>>>> seems very wrong. >>>>> >>>>> On Tue, 2007-09-04 at 09:51, Glenn Steen wrote: >>>>> >>>>> >>>>>> On 03/09/07, Gareth wrote: >>>>>> >>>>>> >>>>>>> In MailScanner.conf I have :- >>>>>>> Quarantine Dir = /var/spool/MailScanner/quarantine >>>>>>> Quarantine User = root >>>>>>> Quarantine Group = apache >>>>>>> Quarantine Permissions = 0660 >>>>>>> >>>>>>> >>>>>> Hm, Uer set to root.... What MTA are you using Gareth? I thought you >>>>>> were a postmixer like me:-)... In which case that isn't very >>>>>> >> likely to >> >>>>>> be correct... Then again... >>>>>> >>>>>> >>>>>> >>>>>>> However all quarantine entries are stored in the format :- >>>>>>> %quarantine-dir%/<>/<> and they are viruses and blocked >>>>>>> attachments. >>>>>>> >>>>>>> >>>>>> ... that this works indicate that the settings are correct for your >>>>>> setup (either another MTA, or PF run as root, I presume... Or some >>>>>> sticky bit magic:). I presume you've linted a few times, without any >>>>>> real errors? >>>>>> >>>>>> >>>>>> >>>>>>> I am assuming this is correct for the virus quaranteen? >>>>>>> >>>>>>> >>>>>> Yes. >>>>>> >>>>>> >>>>>> >>>>>>> If that is the case then MailScanner does not seem to be >>>>>>> >>>>>>> >>>> creating the >>>> >>>> >>>>>>> additional 'spam' etc... subdirectories for some reason. >>>>>>> >>>>>>> >>>>>> Seems so, yes. >>>>>> >>>>>> >>>>>> >>>>>>> Are you sure the format is not >>>>>>> >>>>>>> >>>> %quarantine-dir%/spam/<>/<> as >>>> >>>> >>>>>>> if that was the case it could just be the issue that the >>>>>>> >>>>>>> >>>> spam directory does >>>> >>>> >>>>>>> not exist. >>>>>>> >>>>>>> >>>>>> Yes we're sure that isn't the case. Steve and Jules know this pretty >>>>>> ... intimately:-). >>>>>> >>>>>> Cheers >>>>>> -- >>>>>> -- Glenn >>>>>> email: glenn < dot > steen < at > gmail < dot > com >>>>>> work: glenn < dot > steen < at > ap1 < dot > se >>>>>> >>>>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>> >>> >> Jules >> >> -- >> Julian Field MEng CITP >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> For all your IT requirements visit www.transtec.co.uk >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> For all your IT requirements visit www.transtec.co.uk >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> >> > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Tue Sep 4 20:54:42 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Sep 4 20:55:05 2007 Subject: doesnt release from hold In-Reply-To: <44c071aa0709041235m150952f7v533ba6f1f0087a35@mail.gmail.com> References: <44c071aa0709041235m150952f7v533ba6f1f0087a35@mail.gmail.com> Message-ID: infolistas listas spake the following on 9/4/2007 12:35 PM: > Guys I think mail scanner isnt releasing my mail that are on queue and > its stopping all mail to go out and in > > c logs http://rapido.mfplan.com.br > It looks like it is choking on your bayes rebuild. Look in your bayes directory for a bunch of files with expire in their name. You might need to run an expiry run with mailscanner stopped as the mailscanner user. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Tue Sep 4 20:56:04 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 4 20:56:22 2007 Subject: MCP stopped working on upgrade.... In-Reply-To: <46DDB647.3080302@ecs.soton.ac.uk> References: <46DDB647.3080302@ecs.soton.ac.uk> Message-ID: <46DDB854.7000709@ecs.soton.ac.uk> But the v320.pre file is in the RPM, so it should be there. Do rpm -ql mailscanner | grep mcp and you should see it listed. Julian Field wrote: > > > Philip Butler wrote: >> Hi all, >> >> I have noticed that MCP has stopped working when I upgraded to MS >> 4.62.9-3 / SpamAssassin 3.2.3 - not sure which one is where I should >> be looking. >> >> On searching some of the archives, I came across a message on how to >> test MCP: >> >> ------ >> spamassassin >> --config-file=/etc/mailscanner/mcp.spam.assassin.prefs.conf >> --siteconfigpath=/etc/mailscanner/mcp -p >> /etc/mailscanner/mcp.spam.assassin.prefs.conf -t -D < /testfile 2>&1 >> | less -e >> ------ >> >> where /testfile contains the word vi_gra (with an a vs. _). I get >> the following output.... >> >> ------ >> [3750] dbg: config: read file /etc/mailscanner/mcp/10_example.cf >> [3750] dbg: config: read file /etc/mailscanner/mcp/mcp_rules.cf >> [3750] dbg: config: using "/root/.spamassassin" for user state dir >> [3750] dbg: config: using >> "/etc/mailscanner/mcp.spam.assassin.prefs.conf" for user prefs file >> [3750] dbg: config: read file >> /etc/mailscanner/mcp.spam.assassin.prefs.conf >> [3750] info: config: failed to parse line, skipping, in >> "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_dcc 0 >> [3750] info: config: failed to parse line, skipping, in >> "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_pyzor 0 >> [3750] info: config: failed to parse line, skipping, in >> "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_razor1 0 >> [3750] info: config: failed to parse line, skipping, in >> "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_razor2 0 >> [3750] info: config: failed to parse line, skipping, in >> "/etc/mailscanner/mcp.spam.assassin.prefs.conf": decode_attachments 1 >> [3750] info: config: failed to parse line, skipping, in >> "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_dcc 0 >> [3750] info: config: failed to parse line, skipping, in >> "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_pyzor 0 >> [3750] info: config: failed to parse line, skipping, in >> "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_razor1 0 >> [3750] info: config: failed to parse line, skipping, in >> "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_razor2 0 >> [3750] info: config: failed to parse line, skipping, in >> "/etc/mailscanner/mcp.spam.assassin.prefs.conf": decode_attachments 1 >> [3750] info: config: failed to parse line, skipping, in >> "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_dcc 0 >> [3750] info: config: failed to parse line, skipping, in >> "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_pyzor 0 >> [3750] info: config: failed to parse line, skipping, in >> "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_razor1 0 >> [3750] info: config: failed to parse line, skipping, in >> "/etc/mailscanner/mcp.spam.assassin.prefs.conf": use_razor2 0 >> [3750] info: config: failed to parse line, skipping, in >> "/etc/mailscanner/mcp.spam.assassin.prefs.conf": decode_attachments 1 >> [3750] dbg: conf: finish parsing >> [3750] dbg: config: score set 1 chosen. >> [3750] dbg: message: main message type: text/plain >> check: no loaded plugin implements 'check_main': cannot scan! at >> /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm >> line 164. >> ------ >> >> The last one puzzles me since I am not a perl guru. Also, the >> warnings (use_dcc , etc) - what should the syntax for this be ?? I >> know that's not the problem, but want to clean up the syntax to be >> proper. >> >> Anyone know if the "no loaded plugin implements 'check_main'" is the >> problem with MCP - and if so, what to do to fix it ?? > Make sure there is a v320.pre in /etc/MailScanner/mcp or else you > don't be loading the main "Check" plugin which implements the main > scanning functionality. It should say this: > > [root@alegria mcp]# cat /etc/MailScanner/mcp/v320.pre > # Check - Provides main check functionality > # > loadplugin Mail::SpamAssassin::Plugin::Check > > [root@alegria mcp]# > >> >> Thanks, >> >> Phil >> >> > > Jules > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Tue Sep 4 20:57:01 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Sep 4 21:00:15 2007 Subject: Prombem with rule actions In-Reply-To: References: <46DDA450.8050307@ecs.soton.ac.uk> Message-ID: Gareth spake the following on 9/4/2007 12:35 PM: > SpamAssassin Rule Actions = BAYES_99=>store,non-deliver > SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver > non-deliver option works but store does not > > SpamAssassin Rule Actions = SpamScore>=20=>forward > test@cdlive.co.uk,store,non-deliver > non-deliver works but store and forward dont > > SpamAssassin Rule Actions = SpamScore>=20=>forward test@cdlive.co.uk,store > store works! > but foward doesnt > > I am beginning to see a pattern here... > > SpamAssassin Rule Actions = SpamScore>=20=>forward > test@cdlive.co.uk,non-deliver,store > store works > non-deliver doesn't > > > It looks to me that only the last option works. > > Lets try it a little bit different > SpamAssassin Rule Actions = SpamScore>=20=>non-deliver, SpamScore>=20=>store > Not delivered and stored - SUCCESS! > > > It looks like there may be a parsing bug. > Is there a "non-deliver" option? I haven't had a chance to read the changelog for the new release yet. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Tue Sep 4 21:07:47 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 4 21:08:22 2007 Subject: Prombem with rule actions In-Reply-To: References: <46DDA450.8050307@ecs.soton.ac.uk> Message-ID: <46DDBB13.8070102@ecs.soton.ac.uk> Scott Silva wrote: > Gareth spake the following on 9/4/2007 12:35 PM: >> SpamAssassin Rule Actions = BAYES_99=>store,non-deliver >> SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver >> non-deliver option works but store does not >> >> SpamAssassin Rule Actions = SpamScore>=20=>forward >> test@cdlive.co.uk,store,non-deliver >> non-deliver works but store and forward dont >> >> SpamAssassin Rule Actions = SpamScore>=20=>forward >> test@cdlive.co.uk,store >> store works! >> but foward doesnt >> >> I am beginning to see a pattern here... >> >> SpamAssassin Rule Actions = SpamScore>=20=>forward >> test@cdlive.co.uk,non-deliver,store >> store works >> non-deliver doesn't >> >> >> It looks to me that only the last option works. >> >> Lets try it a little bit different >> SpamAssassin Rule Actions = SpamScore>=20=>non-deliver, >> SpamScore>=20=>store >> Not delivered and stored - SUCCESS! >> >> >> It looks like there may be a parsing bug. >> > Is there a "non-deliver" option? I haven't had a chance to read the > changelog for the new release yet. Yes, you can put "non-" or "not-" or anything similar on the front of a spam action name here. It's documented in the MailScanner.conf file. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From list-mailscanner at linguaphone.com Tue Sep 4 21:09:47 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue Sep 4 21:09:52 2007 Subject: Prombem with rule actions In-Reply-To: <46DDB7E7.6030100@ecs.soton.ac.uk> Message-ID: For normal ham I get :- Actions are: deliver,header For spam with a rule of :- SpamAssassin Rule Actions = SpamScore>=5=>store,non-deliver I get :- Actions are: attachment,header > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > Field > Sent: 04 September 2007 20:54 > To: MailScanner discussion > Subject: Re: Prombem with rule actions > > > Around line 1020 of /usr/lib/MailScanner/MailScanner/Message.pm, there > should be a big comment in a block of '#' characters that says > "SpamAssassin Rule Actions ends here". > Just after that comment, add this line: > > print STDERR "Actions are: " . join(',',keys %actions) . "\n"; > > And then run "MailScanner --debug". > Please tell me if it just prints the last action or all of them. > > Gareth wrote: > > SpamAssassin Rule Actions = BAYES_99=>store,non-deliver > > SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver > > non-deliver option works but store does not > > > > SpamAssassin Rule Actions = SpamScore>=20=>forward > > test@cdlive.co.uk,store,non-deliver > > non-deliver works but store and forward dont > > > > SpamAssassin Rule Actions = SpamScore>=20=>forward > test@cdlive.co.uk,store > > store works! > > but foward doesnt > > > > I am beginning to see a pattern here... > > > > SpamAssassin Rule Actions = SpamScore>=20=>forward > > test@cdlive.co.uk,non-deliver,store > > store works > > non-deliver doesn't > > > > > > It looks to me that only the last option works. > > > > Lets try it a little bit different > > SpamAssassin Rule Actions = SpamScore>=20=>non-deliver, > SpamScore>=20=>store > > Not delivered and stored - SUCCESS! > > > > > > It looks like there may be a parsing bug. > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > >> Field > >> Sent: 04 September 2007 19:31 > >> To: MailScanner discussion > >> Subject: Re: Prombem with rule actions > >> > >> > >> > >> > >> Gareth wrote: > >> > >>> Jules, Could this be a bug? > >>> > >>> As it works when I put the store option in the high scoring > >>> > >> rules but wont > >> > >>> work as part of a rules actions line I cant think of any cause > >>> > >> other that a > >> > >>> problem with the rule actioon line itself or a bug somewhere. > >>> > >>> > >> I have this lot set: > >> > >> Required SpamAssassin Score = 6 > >> Non Spam Actions = deliver header "X-Spam-Status: No" > >> Spam Actions = deliver header "X-Spam-Status: Yes" > >> High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" > >> > >> SpamAssassin Rule Actions = FROM_BOSS_WIFE=>forward > >> secretary@domain.com, SpamScore>=6=>forward > >> spam.score@greater6.com,store,non-deliver, SpamScore<100=>store,forward > >> spam.score@less100.com, store, SpamScore>100=>deliver,store > >> > >> And I get everything stored in the "nonspam" archive. > >> > >> So it appears to work for me. So I don't quite see why it doesn't for > >> you. It sets all the spam actions first, long before it does anything > >> about them. So it shouldn't be possible for the action to work in one > >> setting and not in another. > >> > >>> > >>>> -----Original Message----- > >>>> From: mailscanner-bounces@lists.mailscanner.info > >>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf > Of Gareth > >>>> Sent: 04 September 2007 13:37 > >>>> To: MailScanner discussion > >>>> Subject: Re: Prombem with rule actions > >>>> > >>>> > >>>> I tried the following aswell as an alternative and it didn't > store the > >>>> message either. > >>>> > >>>> SpamAssassin Rule Actions = BAYES_99=>store,non-deliver > >>>> > >>>> On Tue, 2007-09-04 at 12:22, Gareth wrote: > >>>> > >>>> > >>>>> Thanks for that. I have changed it to postfix but I dont > >>>>> > >> think it makes > >> > >>>>> any real difference since it is already running as postfix > so it could > >>>>> not change the user to root anyway. > >>>>> > >>>>> I changed my high scoring spam actions to add the deliver > >>>>> > >> option and an > >> > >>>>> incoming high scoring spam and virus was detected and copies > >>>>> > >> were saved > >> > >>>>> in the following places :- > >>>>> 20070904/spam/CF509AA0090.2CC09 > >>>>> 20070904/CF509AA0090.2CC09/message > >>>>> i.e it worked fine and two copies of the message was saved. > >>>>> > >> That is fine > >> > >>>>> with me. > >>>>> > >>>>> I then switched to using > >>>>> SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver > >>>>> > >>>>> A few spams with a score of >20 came in and they were not > >>>>> > >> delivered but > >> > >>>>> still were not logged in the spam directory. > >>>>> > >>>>> Previously when I had a spam with score >20 which was also > >>>>> > >> identified as > >> > >>>>> a virus then nothing was stored also not even to the virus > store which > >>>>> seems very wrong. > >>>>> > >>>>> On Tue, 2007-09-04 at 09:51, Glenn Steen wrote: > >>>>> > >>>>> > >>>>>> On 03/09/07, Gareth wrote: > >>>>>> > >>>>>> > >>>>>>> In MailScanner.conf I have :- > >>>>>>> Quarantine Dir = /var/spool/MailScanner/quarantine > >>>>>>> Quarantine User = root > >>>>>>> Quarantine Group = apache > >>>>>>> Quarantine Permissions = 0660 > >>>>>>> > >>>>>>> > >>>>>> Hm, Uer set to root.... What MTA are you using Gareth? I > thought you > >>>>>> were a postmixer like me:-)... In which case that isn't very > >>>>>> > >> likely to > >> > >>>>>> be correct... Then again... > >>>>>> > >>>>>> > >>>>>> > >>>>>>> However all quarantine entries are stored in the format :- > >>>>>>> %quarantine-dir%/<>/<> and they are viruses > and blocked > >>>>>>> attachments. > >>>>>>> > >>>>>>> > >>>>>> ... that this works indicate that the settings are correct for your > >>>>>> setup (either another MTA, or PF run as root, I presume... Or some > >>>>>> sticky bit magic:). I presume you've linted a few times, > without any > >>>>>> real errors? > >>>>>> > >>>>>> > >>>>>> > >>>>>>> I am assuming this is correct for the virus quaranteen? > >>>>>>> > >>>>>>> > >>>>>> Yes. > >>>>>> > >>>>>> > >>>>>> > >>>>>>> If that is the case then MailScanner does not seem to be > >>>>>>> > >>>>>>> > >>>> creating the > >>>> > >>>> > >>>>>>> additional 'spam' etc... subdirectories for some reason. > >>>>>>> > >>>>>>> > >>>>>> Seems so, yes. > >>>>>> > >>>>>> > >>>>>> > >>>>>>> Are you sure the format is not > >>>>>>> > >>>>>>> > >>>> %quarantine-dir%/spam/<>/<> as > >>>> > >>>> > >>>>>>> if that was the case it could just be the issue that the > >>>>>>> > >>>>>>> > >>>> spam directory does > >>>> > >>>> > >>>>>>> not exist. > >>>>>>> > >>>>>>> > >>>>>> Yes we're sure that isn't the case. Steve and Jules know > this pretty > >>>>>> ... intimately:-). > >>>>>> > >>>>>> Cheers > >>>>>> -- > >>>>>> -- Glenn > >>>>>> email: glenn < dot > steen < at > gmail < dot > com > >>>>>> work: glenn < dot > steen < at > ap1 < dot > se > >>>>>> > >>>>>> > >>>> -- > >>>> MailScanner mailing list > >>>> mailscanner@lists.mailscanner.info > >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>> > >>>> Before posting, read http://wiki.mailscanner.info/posting > >>>> > >>>> Support MailScanner development - buy the book off the website! > >>>> > >>>> > >>>> > >>>> > >>>> > >>> > >> Jules > >> > >> -- > >> Julian Field MEng CITP > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> > >> MailScanner customisation, or any advanced system administration help? > >> Contact me at Jules@Jules.FM > >> > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> For all your IT requirements visit www.transtec.co.uk > >> > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> For all your IT requirements visit www.transtec.co.uk > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > >> > >> > >> > > > > > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From butler at globeserver.com Tue Sep 4 21:23:52 2007 From: butler at globeserver.com (Philip Butler) Date: Tue Sep 4 21:24:28 2007 Subject: MCP stopped working on upgrade.... In-Reply-To: <46DDB854.7000709@ecs.soton.ac.uk> References: <46DDB647.3080302@ecs.soton.ac.uk> <46DDB854.7000709@ecs.soton.ac.uk> Message-ID: Yes it is there - and I have now copied it over to my /etc/ mailscanner/mcp directory and all is well again !! I have the release files in a separate area - perhaps I should re- evaluate this. Many thanks to Julian and Scott !! Phil On Sep 4, 2007, at 3:56 PM, Julian Field wrote: > But the v320.pre file is in the RPM, so it should be there. Do > rpm -ql mailscanner | grep mcp > and you should see it listed. > > Julian Field wrote: >> >> >> Philip Butler wrote: >>> Hi all, >>> >>> I have noticed that MCP has stopped working when I upgraded to MS >>> 4.62.9-3 / SpamAssassin 3.2.3 - not sure which one is where I >>> should be looking. >>> >>> On searching some of the archives, I came across a message on how >>> to test MCP: >>> >>> ------ >>> spamassassin --config-file=/etc/mailscanner/ >>> mcp.spam.assassin.prefs.conf --siteconfigpath=/etc/mailscanner/ >>> mcp -p /etc/mailscanner/mcp.spam.assassin.prefs.conf -t -D < / >>> testfile 2>&1 | less -e >>> ------ >>> >>> where /testfile contains the word vi_gra (with an a vs. _). I >>> get the following output.... >>> >>> ------ >>> [3750] dbg: config: read file /etc/mailscanner/mcp/10_example.cf >>> [3750] dbg: config: read file /etc/mailscanner/mcp/mcp_rules.cf >>> [3750] dbg: config: using "/root/.spamassassin" for user state dir >>> [3750] dbg: config: using "/etc/mailscanner/ >>> mcp.spam.assassin.prefs.conf" for user prefs file >>> [3750] dbg: config: read file /etc/mailscanner/ >>> mcp.spam.assassin.prefs.conf >>> [3750] info: config: failed to parse line, skipping, in "/etc/ >>> mailscanner/mcp.spam.assassin.prefs.conf": use_dcc 0 >>> [3750] info: config: failed to parse line, skipping, in "/etc/ >>> mailscanner/mcp.spam.assassin.prefs.conf": use_pyzor 0 >>> [3750] info: config: failed to parse line, skipping, in "/etc/ >>> mailscanner/mcp.spam.assassin.prefs.conf": use_razor1 0 >>> [3750] info: config: failed to parse line, skipping, in "/etc/ >>> mailscanner/mcp.spam.assassin.prefs.conf": use_razor2 0 >>> [3750] info: config: failed to parse line, skipping, in "/etc/ >>> mailscanner/mcp.spam.assassin.prefs.conf": decode_attachments 1 >>> [3750] info: config: failed to parse line, skipping, in "/etc/ >>> mailscanner/mcp.spam.assassin.prefs.conf": use_dcc 0 >>> [3750] info: config: failed to parse line, skipping, in "/etc/ >>> mailscanner/mcp.spam.assassin.prefs.conf": use_pyzor 0 >>> [3750] info: config: failed to parse line, skipping, in "/etc/ >>> mailscanner/mcp.spam.assassin.prefs.conf": use_razor1 0 >>> [3750] info: config: failed to parse line, skipping, in "/etc/ >>> mailscanner/mcp.spam.assassin.prefs.conf": use_razor2 0 >>> [3750] info: config: failed to parse line, skipping, in "/etc/ >>> mailscanner/mcp.spam.assassin.prefs.conf": decode_attachments 1 >>> [3750] info: config: failed to parse line, skipping, in "/etc/ >>> mailscanner/mcp.spam.assassin.prefs.conf": use_dcc 0 >>> [3750] info: config: failed to parse line, skipping, in "/etc/ >>> mailscanner/mcp.spam.assassin.prefs.conf": use_pyzor 0 >>> [3750] info: config: failed to parse line, skipping, in "/etc/ >>> mailscanner/mcp.spam.assassin.prefs.conf": use_razor1 0 >>> [3750] info: config: failed to parse line, skipping, in "/etc/ >>> mailscanner/mcp.spam.assassin.prefs.conf": use_razor2 0 >>> [3750] info: config: failed to parse line, skipping, in "/etc/ >>> mailscanner/mcp.spam.assassin.prefs.conf": decode_attachments 1 >>> [3750] dbg: conf: finish parsing >>> [3750] dbg: config: score set 1 chosen. >>> [3750] dbg: message: main message type: text/plain >>> check: no loaded plugin implements 'check_main': cannot scan! at / >>> usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/ >>> PerMsgStatus.pm line 164. >>> ------ >>> >>> The last one puzzles me since I am not a perl guru. Also, the >>> warnings (use_dcc , etc) - what should the syntax for this be ?? >>> I know that's not the problem, but want to clean up the syntax to >>> be proper. >>> >>> Anyone know if the "no loaded plugin implements 'check_main'" is >>> the problem with MCP - and if so, what to do to fix it ?? >> Make sure there is a v320.pre in /etc/MailScanner/mcp or else you >> don't be loading the main "Check" plugin which implements the main >> scanning functionality. It should say this: >> >> [root@alegria mcp]# cat /etc/MailScanner/mcp/v320.pre >> # Check - Provides main check functionality >> # >> loadplugin Mail::SpamAssassin::Plugin::Check >> >> [root@alegria mcp]# >> >>> >>> Thanks, >>> >>> Phil >>> >>> >> >> Jules >> > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mailadmin at baladia.gov.kw Tue Sep 4 21:28:03 2007 From: mailadmin at baladia.gov.kw (Mail Administrator) Date: Tue Sep 4 21:28:58 2007 Subject: query regarding qurantine release Message-ID: <3463.62.150.152.226.1188937683.squirrel@webmail.baladia.gov.kw> Dear All, I have the following setup on my server 1) Centos Primary Mail server Primary dns server Mailscanner Webmail server most of the users use their browser to login to the above server for sending and checking their mails everything is been workin perfectly i installed mailwatch so that i could release quarantine mails at my decision i then followed the exact steps as mentioned in the FAQ http://mailwatch.sourceforge.net/doku.php?id=mailwatch:faq and now i tried to test i sent a mail with attachment from my Yahoo account to my local mail server and it was blocked my mailscanner whcih is perfect n i logged in mailwatch and i could release the attachment and after i released if went perfectly to my mailbox. thats grt now i sent a mail with attachemnt from my local account using webmail to my yahoo account and it went perfectly fine and in my mailwatch details .. status as whitelist spam score 0.00 since 127.0.0.1 is white listed as per the rules.. So i see that Mailscanner n mailwatch works jus perfect for the mails received its grt but i have queries regading mail sent by users using the browser with webmail 1) does mailscanner do a virus n spam check on the mails sent since i see in mailwatch the status is status as whitelist spam score 0.00 cause if this does not happen then the users pc inefcted will cause the mail server to spam or send infected mails out 2) obviously i would like mailscanner to scan and block any attachments sent by my users via webmail and they should only be sent when released from quarantine with mailwatch how do i the above .. setup rules for doin that basically i see that after i implemented the steps in FAQ regarding the release of quarantine mails i see that it works perfect for mails with attachment received and not for mails sent really wd apprecite your help Regards Simon -- Network ADMIN: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Sep 4 21:32:22 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 4 21:32:39 2007 Subject: Prombem with rule actions In-Reply-To: References: Message-ID: <46DDC0D6.9070102@ecs.soton.ac.uk> What were your Spam Actions set to (all 3 of non-spam, spam, and high-scoring spam). And what version are you running? Gareth wrote: > For normal ham I get :- > > Actions are: deliver,header > > For spam with a rule of :- > SpamAssassin Rule Actions = SpamScore>=5=>store,non-deliver > I get :- > Actions are: attachment,header > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian >> Field >> Sent: 04 September 2007 20:54 >> To: MailScanner discussion >> Subject: Re: Prombem with rule actions >> >> >> Around line 1020 of /usr/lib/MailScanner/MailScanner/Message.pm, there >> should be a big comment in a block of '#' characters that says >> "SpamAssassin Rule Actions ends here". >> Just after that comment, add this line: >> >> print STDERR "Actions are: " . join(',',keys %actions) . "\n"; >> >> And then run "MailScanner --debug". >> Please tell me if it just prints the last action or all of them. >> >> Gareth wrote: >> >>> SpamAssassin Rule Actions = BAYES_99=>store,non-deliver >>> SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver >>> non-deliver option works but store does not >>> >>> SpamAssassin Rule Actions = SpamScore>=20=>forward >>> test@cdlive.co.uk,store,non-deliver >>> non-deliver works but store and forward dont >>> >>> SpamAssassin Rule Actions = SpamScore>=20=>forward >>> >> test@cdlive.co.uk,store >> >>> store works! >>> but foward doesnt >>> >>> I am beginning to see a pattern here... >>> >>> SpamAssassin Rule Actions = SpamScore>=20=>forward >>> test@cdlive.co.uk,non-deliver,store >>> store works >>> non-deliver doesn't >>> >>> >>> It looks to me that only the last option works. >>> >>> Lets try it a little bit different >>> SpamAssassin Rule Actions = SpamScore>=20=>non-deliver, >>> >> SpamScore>=20=>store >> >>> Not delivered and stored - SUCCESS! >>> >>> >>> It looks like there may be a parsing bug. >>> >>> >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian >>>> Field >>>> Sent: 04 September 2007 19:31 >>>> To: MailScanner discussion >>>> Subject: Re: Prombem with rule actions >>>> >>>> >>>> >>>> >>>> Gareth wrote: >>>> >>>> >>>>> Jules, Could this be a bug? >>>>> >>>>> As it works when I put the store option in the high scoring >>>>> >>>>> >>>> rules but wont >>>> >>>> >>>>> work as part of a rules actions line I cant think of any cause >>>>> >>>>> >>>> other that a >>>> >>>> >>>>> problem with the rule actioon line itself or a bug somewhere. >>>>> >>>>> >>>>> >>>> I have this lot set: >>>> >>>> Required SpamAssassin Score = 6 >>>> Non Spam Actions = deliver header "X-Spam-Status: No" >>>> Spam Actions = deliver header "X-Spam-Status: Yes" >>>> High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" >>>> >>>> SpamAssassin Rule Actions = FROM_BOSS_WIFE=>forward >>>> secretary@domain.com, SpamScore>=6=>forward >>>> spam.score@greater6.com,store,non-deliver, SpamScore<100=>store,forward >>>> spam.score@less100.com, store, SpamScore>100=>deliver,store >>>> >>>> And I get everything stored in the "nonspam" archive. >>>> >>>> So it appears to work for me. So I don't quite see why it doesn't for >>>> you. It sets all the spam actions first, long before it does anything >>>> about them. So it shouldn't be possible for the action to work in one >>>> setting and not in another. >>>> >>>> >>>>>> -----Original Message----- >>>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf >>>>>> >> Of Gareth >> >>>>>> Sent: 04 September 2007 13:37 >>>>>> To: MailScanner discussion >>>>>> Subject: Re: Prombem with rule actions >>>>>> >>>>>> >>>>>> I tried the following aswell as an alternative and it didn't >>>>>> >> store the >> >>>>>> message either. >>>>>> >>>>>> SpamAssassin Rule Actions = BAYES_99=>store,non-deliver >>>>>> >>>>>> On Tue, 2007-09-04 at 12:22, Gareth wrote: >>>>>> >>>>>> >>>>>> >>>>>>> Thanks for that. I have changed it to postfix but I dont >>>>>>> >>>>>>> >>>> think it makes >>>> >>>> >>>>>>> any real difference since it is already running as postfix >>>>>>> >> so it could >> >>>>>>> not change the user to root anyway. >>>>>>> >>>>>>> I changed my high scoring spam actions to add the deliver >>>>>>> >>>>>>> >>>> option and an >>>> >>>> >>>>>>> incoming high scoring spam and virus was detected and copies >>>>>>> >>>>>>> >>>> were saved >>>> >>>> >>>>>>> in the following places :- >>>>>>> 20070904/spam/CF509AA0090.2CC09 >>>>>>> 20070904/CF509AA0090.2CC09/message >>>>>>> i.e it worked fine and two copies of the message was saved. >>>>>>> >>>>>>> >>>> That is fine >>>> >>>> >>>>>>> with me. >>>>>>> >>>>>>> I then switched to using >>>>>>> SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver >>>>>>> >>>>>>> A few spams with a score of >20 came in and they were not >>>>>>> >>>>>>> >>>> delivered but >>>> >>>> >>>>>>> still were not logged in the spam directory. >>>>>>> >>>>>>> Previously when I had a spam with score >20 which was also >>>>>>> >>>>>>> >>>> identified as >>>> >>>> >>>>>>> a virus then nothing was stored also not even to the virus >>>>>>> >> store which >> >>>>>>> seems very wrong. >>>>>>> >>>>>>> On Tue, 2007-09-04 at 09:51, Glenn Steen wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>>> On 03/09/07, Gareth wrote: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> In MailScanner.conf I have :- >>>>>>>>> Quarantine Dir = /var/spool/MailScanner/quarantine >>>>>>>>> Quarantine User = root >>>>>>>>> Quarantine Group = apache >>>>>>>>> Quarantine Permissions = 0660 >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> Hm, Uer set to root.... What MTA are you using Gareth? I >>>>>>>> >> thought you >> >>>>>>>> were a postmixer like me:-)... In which case that isn't very >>>>>>>> >>>>>>>> >>>> likely to >>>> >>>> >>>>>>>> be correct... Then again... >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> However all quarantine entries are stored in the format :- >>>>>>>>> %quarantine-dir%/<>/<> and they are viruses >>>>>>>>> >> and blocked >> >>>>>>>>> attachments. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> ... that this works indicate that the settings are correct for your >>>>>>>> setup (either another MTA, or PF run as root, I presume... Or some >>>>>>>> sticky bit magic:). I presume you've linted a few times, >>>>>>>> >> without any >> >>>>>>>> real errors? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> I am assuming this is correct for the virus quaranteen? >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> Yes. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> If that is the case then MailScanner does not seem to be >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>> creating the >>>>>> >>>>>> >>>>>> >>>>>>>>> additional 'spam' etc... subdirectories for some reason. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> Seems so, yes. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> Are you sure the format is not >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>> %quarantine-dir%/spam/<>/<> as >>>>>> >>>>>> >>>>>> >>>>>>>>> if that was the case it could just be the issue that the >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>> spam directory does >>>>>> >>>>>> >>>>>> >>>>>>>>> not exist. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> Yes we're sure that isn't the case. Steve and Jules know >>>>>>>> >> this pretty >> >>>>>>>> ... intimately:-). >>>>>>>> >>>>>>>> Cheers >>>>>>>> -- >>>>>>>> -- Glenn >>>>>>>> email: glenn < dot > steen < at > gmail < dot > com >>>>>>>> work: glenn < dot > steen < at > ap1 < dot > se >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>> Jules >>>> >>>> -- >>>> Julian Field MEng CITP >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> >>>> MailScanner customisation, or any advanced system administration help? >>>> Contact me at Jules@Jules.FM >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> For all your IT requirements visit www.transtec.co.uk >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> For all your IT requirements visit www.transtec.co.uk >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>> >>> >> Jules >> >> -- >> Julian Field MEng CITP >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> For all your IT requirements visit www.transtec.co.uk >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> For all your IT requirements visit www.transtec.co.uk >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> >> > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From list-mailscanner at linguaphone.com Tue Sep 4 21:34:05 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue Sep 4 21:34:19 2007 Subject: query regarding qurantine release In-Reply-To: <3463.62.150.152.226.1188937683.squirrel@webmail.baladia.gov.kw> Message-ID: How does your webmail send the mail? Does it make a smtp connection or run sendmail locally? If it makes a SMTP connection then you could probably configure it to connect to the servers real IP address and not 127.0.0.1 and then it should work. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of > Mail Administrator > Sent: 04 September 2007 21:28 > To: MailScanner discussion > Subject: query regarding qurantine release > > > Dear All, > > > I have the following setup on my server > > 1) Centos > Primary Mail server > Primary dns server > Mailscanner > Webmail server > > most of the users use their browser to login to the above server for > sending and checking their mails > everything is been workin perfectly > > i installed mailwatch so that i could release quarantine mails at > my decision > > i then followed the exact steps as mentioned in the FAQ > > http://mailwatch.sourceforge.net/doku.php?id=mailwatch:faq > > and now i tried to test > > i sent a mail with attachment from my Yahoo account to my local mail > server and it was blocked my mailscanner whcih is perfect > n i logged in mailwatch and i could release the attachment and after i > released if went perfectly to my mailbox. thats grt > > now i sent a mail with attachemnt from my local account using webmail to > my yahoo account and it went perfectly fine > > and in my mailwatch details .. > status as whitelist > spam score 0.00 > > since 127.0.0.1 is white listed as per the rules.. > > So i see that Mailscanner n mailwatch works jus perfect for the mails > received its grt > > but i have queries regading mail sent by users using the browser > with webmail > > 1) does mailscanner do a virus n spam check on the mails sent since i see > in mailwatch the status is > > status as whitelist > spam score 0.00 > cause if this does not happen then the users pc inefcted will cause the > mail server to spam or send infected mails out > > 2) obviously i would like mailscanner to scan and block any attachments > sent by my users via webmail and they should only be sent when released > from quarantine with mailwatch > > how do i the above .. setup rules for doin that > > basically i see that after i implemented the steps in FAQ regarding the > release of quarantine mails i see that it works perfect for mails with > attachment received and not for mails sent > > > really wd apprecite your help > > > Regards > > Simon > > > > > > > > > > > > > > -- > Network ADMIN: > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From list-mailscanner at linguaphone.com Tue Sep 4 21:36:46 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue Sep 4 21:36:50 2007 Subject: Prombem with rule actions In-Reply-To: <46DDC0D6.9070102@ecs.soton.ac.uk> Message-ID: Spam Actions = deliver attachment header "X-Spam-Flag: YES" High Scoring Spam Actions = %rules-dir%/deliver.high.scoring.spam.rules Non Spam Actions = deliver header "X-lgdeltd-MailScanner-Spam-Status: No" [root@mailscanner MailScanner]# cat /etc/MailScanner/rules/deliver.high.scoring.spam.rules To: mis@linguaphone.co.uk delete To: mis@linguaphone-intranet.co.uk delete To: mis@linguaphone.com delete FromOrTo: default deliver attachment header "X-Spam-Flag: YES" currently running MailScanner-4.63.7-2 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > Field > Sent: 04 September 2007 21:32 > To: MailScanner discussion > Subject: Re: Prombem with rule actions > > > What were your Spam Actions set to (all 3 of non-spam, spam, and > high-scoring spam). > > And what version are you running? > > Gareth wrote: > > For normal ham I get :- > > > > Actions are: deliver,header > > > > For spam with a rule of :- > > SpamAssassin Rule Actions = SpamScore>=5=>store,non-deliver > > I get :- > > Actions are: attachment,header > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > >> Field > >> Sent: 04 September 2007 20:54 > >> To: MailScanner discussion > >> Subject: Re: Prombem with rule actions > >> > >> > >> Around line 1020 of /usr/lib/MailScanner/MailScanner/Message.pm, there > >> should be a big comment in a block of '#' characters that says > >> "SpamAssassin Rule Actions ends here". > >> Just after that comment, add this line: > >> > >> print STDERR "Actions are: " . join(',',keys %actions) . "\n"; > >> > >> And then run "MailScanner --debug". > >> Please tell me if it just prints the last action or all of them. > >> > >> Gareth wrote: > >> > >>> SpamAssassin Rule Actions = BAYES_99=>store,non-deliver > >>> SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver > >>> non-deliver option works but store does not > >>> > >>> SpamAssassin Rule Actions = SpamScore>=20=>forward > >>> test@cdlive.co.uk,store,non-deliver > >>> non-deliver works but store and forward dont > >>> > >>> SpamAssassin Rule Actions = SpamScore>=20=>forward > >>> > >> test@cdlive.co.uk,store > >> > >>> store works! > >>> but foward doesnt > >>> > >>> I am beginning to see a pattern here... > >>> > >>> SpamAssassin Rule Actions = SpamScore>=20=>forward > >>> test@cdlive.co.uk,non-deliver,store > >>> store works > >>> non-deliver doesn't > >>> > >>> > >>> It looks to me that only the last option works. > >>> > >>> Lets try it a little bit different > >>> SpamAssassin Rule Actions = SpamScore>=20=>non-deliver, > >>> > >> SpamScore>=20=>store > >> > >>> Not delivered and stored - SUCCESS! > >>> > >>> > >>> It looks like there may be a parsing bug. > >>> > >>> > >>> > >>>> -----Original Message----- > >>>> From: mailscanner-bounces@lists.mailscanner.info > >>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf > Of Julian > >>>> Field > >>>> Sent: 04 September 2007 19:31 > >>>> To: MailScanner discussion > >>>> Subject: Re: Prombem with rule actions > >>>> > >>>> > >>>> > >>>> > >>>> Gareth wrote: > >>>> > >>>> > >>>>> Jules, Could this be a bug? > >>>>> > >>>>> As it works when I put the store option in the high scoring > >>>>> > >>>>> > >>>> rules but wont > >>>> > >>>> > >>>>> work as part of a rules actions line I cant think of any cause > >>>>> > >>>>> > >>>> other that a > >>>> > >>>> > >>>>> problem with the rule actioon line itself or a bug somewhere. > >>>>> > >>>>> > >>>>> > >>>> I have this lot set: > >>>> > >>>> Required SpamAssassin Score = 6 > >>>> Non Spam Actions = deliver header "X-Spam-Status: No" > >>>> Spam Actions = deliver header "X-Spam-Status: Yes" > >>>> High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" > >>>> > >>>> SpamAssassin Rule Actions = FROM_BOSS_WIFE=>forward > >>>> secretary@domain.com, SpamScore>=6=>forward > >>>> spam.score@greater6.com,store,non-deliver, > SpamScore<100=>store,forward > >>>> spam.score@less100.com, store, SpamScore>100=>deliver,store > >>>> > >>>> And I get everything stored in the "nonspam" archive. > >>>> > >>>> So it appears to work for me. So I don't quite see why it doesn't for > >>>> you. It sets all the spam actions first, long before it does anything > >>>> about them. So it shouldn't be possible for the action to work in one > >>>> setting and not in another. > >>>> > >>>> > >>>>>> -----Original Message----- > >>>>>> From: mailscanner-bounces@lists.mailscanner.info > >>>>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf > >>>>>> > >> Of Gareth > >> > >>>>>> Sent: 04 September 2007 13:37 > >>>>>> To: MailScanner discussion > >>>>>> Subject: Re: Prombem with rule actions > >>>>>> > >>>>>> > >>>>>> I tried the following aswell as an alternative and it didn't > >>>>>> > >> store the > >> > >>>>>> message either. > >>>>>> > >>>>>> SpamAssassin Rule Actions = BAYES_99=>store,non-deliver > >>>>>> > >>>>>> On Tue, 2007-09-04 at 12:22, Gareth wrote: > >>>>>> > >>>>>> > >>>>>> > >>>>>>> Thanks for that. I have changed it to postfix but I dont > >>>>>>> > >>>>>>> > >>>> think it makes > >>>> > >>>> > >>>>>>> any real difference since it is already running as postfix > >>>>>>> > >> so it could > >> > >>>>>>> not change the user to root anyway. > >>>>>>> > >>>>>>> I changed my high scoring spam actions to add the deliver > >>>>>>> > >>>>>>> > >>>> option and an > >>>> > >>>> > >>>>>>> incoming high scoring spam and virus was detected and copies > >>>>>>> > >>>>>>> > >>>> were saved > >>>> > >>>> > >>>>>>> in the following places :- > >>>>>>> 20070904/spam/CF509AA0090.2CC09 > >>>>>>> 20070904/CF509AA0090.2CC09/message > >>>>>>> i.e it worked fine and two copies of the message was saved. > >>>>>>> > >>>>>>> > >>>> That is fine > >>>> > >>>> > >>>>>>> with me. > >>>>>>> > >>>>>>> I then switched to using > >>>>>>> SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver > >>>>>>> > >>>>>>> A few spams with a score of >20 came in and they were not > >>>>>>> > >>>>>>> > >>>> delivered but > >>>> > >>>> > >>>>>>> still were not logged in the spam directory. > >>>>>>> > >>>>>>> Previously when I had a spam with score >20 which was also > >>>>>>> > >>>>>>> > >>>> identified as > >>>> > >>>> > >>>>>>> a virus then nothing was stored also not even to the virus > >>>>>>> > >> store which > >> > >>>>>>> seems very wrong. > >>>>>>> > >>>>>>> On Tue, 2007-09-04 at 09:51, Glenn Steen wrote: > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>>> On 03/09/07, Gareth wrote: > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>> In MailScanner.conf I have :- > >>>>>>>>> Quarantine Dir = /var/spool/MailScanner/quarantine > >>>>>>>>> Quarantine User = root > >>>>>>>>> Quarantine Group = apache > >>>>>>>>> Quarantine Permissions = 0660 > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>> Hm, Uer set to root.... What MTA are you using Gareth? I > >>>>>>>> > >> thought you > >> > >>>>>>>> were a postmixer like me:-)... In which case that isn't very > >>>>>>>> > >>>>>>>> > >>>> likely to > >>>> > >>>> > >>>>>>>> be correct... Then again... > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>> However all quarantine entries are stored in the format :- > >>>>>>>>> %quarantine-dir%/<>/<> and they are viruses > >>>>>>>>> > >> and blocked > >> > >>>>>>>>> attachments. > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>> ... that this works indicate that the settings are > correct for your > >>>>>>>> setup (either another MTA, or PF run as root, I > presume... Or some > >>>>>>>> sticky bit magic:). I presume you've linted a few times, > >>>>>>>> > >> without any > >> > >>>>>>>> real errors? > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>> I am assuming this is correct for the virus quaranteen? > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>> Yes. > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>> If that is the case then MailScanner does not seem to be > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>> creating the > >>>>>> > >>>>>> > >>>>>> > >>>>>>>>> additional 'spam' etc... subdirectories for some reason. > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>> Seems so, yes. > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>> Are you sure the format is not > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>> %quarantine-dir%/spam/<>/<> as > >>>>>> > >>>>>> > >>>>>> > >>>>>>>>> if that was the case it could just be the issue that the > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>> spam directory does > >>>>>> > >>>>>> > >>>>>> > >>>>>>>>> not exist. > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>> Yes we're sure that isn't the case. Steve and Jules know > >>>>>>>> > >> this pretty > >> > >>>>>>>> ... intimately:-). > >>>>>>>> > >>>>>>>> Cheers > >>>>>>>> -- > >>>>>>>> -- Glenn > >>>>>>>> email: glenn < dot > steen < at > gmail < dot > com > >>>>>>>> work: glenn < dot > steen < at > ap1 < dot > se > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>> -- > >>>>>> MailScanner mailing list > >>>>>> mailscanner@lists.mailscanner.info > >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>>>> > >>>>>> Before posting, read http://wiki.mailscanner.info/posting > >>>>>> > >>>>>> Support MailScanner development - buy the book off the website! > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>> Jules > >>>> > >>>> -- > >>>> Julian Field MEng CITP > >>>> www.MailScanner.info > >>>> Buy the MailScanner book at www.MailScanner.info/store > >>>> > >>>> MailScanner customisation, or any advanced system > administration help? > >>>> Contact me at Jules@Jules.FM > >>>> > >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>>> For all your IT requirements visit www.transtec.co.uk > >>>> > >>>> > >>>> -- > >>>> This message has been scanned for viruses and > >>>> dangerous content by MailScanner, and is > >>>> believed to be clean. > >>>> For all your IT requirements visit www.transtec.co.uk > >>>> > >>>> -- > >>>> MailScanner mailing list > >>>> mailscanner@lists.mailscanner.info > >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>> > >>>> Before posting, read http://wiki.mailscanner.info/posting > >>>> > >>>> Support MailScanner development - buy the book off the website! > >>>> > >>>> > >>>> > >>>> > >>>> > >>> > >> Jules > >> > >> -- > >> Julian Field MEng CITP > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> > >> MailScanner customisation, or any advanced system administration help? > >> Contact me at Jules@Jules.FM > >> > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> For all your IT requirements visit www.transtec.co.uk > >> > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> For all your IT requirements visit www.transtec.co.uk > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > >> > >> > >> > > > > > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From hvdkooij at vanderkooij.org Tue Sep 4 21:37:16 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Sep 4 21:37:35 2007 Subject: Prombem with rule actions In-Reply-To: <46DDB5A7.6020003@ecs.soton.ac.uk> References: <46DDA450.8050307@ecs.soton.ac.uk> <46DDB5A7.6020003@ecs.soton.ac.uk> Message-ID: On Tue, 4 Sep 2007, Julian Field wrote: > Hugo van der Kooij wrote: >> On Tue, 4 Sep 2007, Julian Field wrote: >> >> > SpamAssassin Rule Actions = FROM_BOSS_WIFE=>forward >> > secretary@domain.com, SpamScore>=6=>forward >> > spam.score@greater6.com,store,non-deliver, SpamScore<100=>store,forward >> > spam.score@less100.com, store, SpamScore>100=>deliver,store >> >> I assume it is safe to make this slightly more readable? Like: >> >> SpamAssassin Rule Actions = \ >> FROM_BOSS_WIFE=>forward secretary@domain.com, \ >> SpamScore>=6=>forward spam.score@greater6.com,store,non-deliver, \ >> SpamScore<100=>store,forward spam.score@less100.com, store, \ >> SpamScore>100=>deliver,store >> >> I most definitly have a problem with reading long lines in a configuration >> file. > I don't remember implementing anything to allow multi-line configuration > entries, so you probably can't do this. Sorry. Can you put it somewhere on the feature request list? Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From mailadmin at baladia.gov.kw Tue Sep 4 22:07:51 2007 From: mailadmin at baladia.gov.kw (Mail Administrator) Date: Tue Sep 4 22:08:46 2007 Subject: query regarding qurantine release In-Reply-To: References: Message-ID: <4004.62.150.152.226.1188940071.squirrel@webmail.baladia.gov.kw> > How does your webmail send the mail? > Does it make a smtp connection or run sendmail locally? > > If it makes a SMTP connection then you could probably configure it to > connect to the servers real IP address and not 127.0.0.1 and then it > should > work. > Thanks for ur quick reply really appreciate sendmail runs locally here my mail log when i send a message for more info. ---------------------------------------- ep 5 00:03:07 kmdns1 sendmail[32523]: l84L36FM032523: from=simon@kmun.gov.kw, size=652, class=0, nrcpts=1, msgid=<3964.62.150.152.226.1188939786.squirrel@webmail.baladia.gov.kw>, relay=apache@localhost Sep 5 00:03:07 kmdns1 sendmail[32524]: l84L37UE032524: from=, size=877, class=0, nrcpts=1, msgid=<3964.62.150.152.226.1188939786.squirrel@webmail.baladia.gov.kw>, proto=ESMTP, daemon=MTA, relay=kmdns1.kmun.gov.kw [127.0.0.1] Sep 5 00:03:07 kmdns1 sendmail[32524]: l84L37UE032524: to=, delay=00:00:00, mailer=esmtp, pri=30877, stat=queued ------------------------------------ 62.150.152.226 is a ip of my machine since my sendmail runs locally on ip 127.0.0.1 how could i go arround solving this problem . apprecite your help regards simon >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of >> Mail Administrator >> Sent: 04 September 2007 21:28 >> To: MailScanner discussion >> Subject: query regarding qurantine release >> >> >> Dear All, >> >> >> I have the following setup on my server >> >> 1) Centos >> Primary Mail server >> Primary dns server >> Mailscanner >> Webmail server >> >> most of the users use their browser to login to the above server for >> sending and checking their mails >> everything is been workin perfectly >> >> i installed mailwatch so that i could release quarantine mails at >> my decision >> >> i then followed the exact steps as mentioned in the FAQ >> >> http://mailwatch.sourceforge.net/doku.php?id=mailwatch:faq >> >> and now i tried to test >> >> i sent a mail with attachment from my Yahoo account to my local mail >> server and it was blocked my mailscanner whcih is perfect >> n i logged in mailwatch and i could release the attachment and after i >> released if went perfectly to my mailbox. thats grt >> >> now i sent a mail with attachemnt from my local account using webmail to >> my yahoo account and it went perfectly fine >> >> and in my mailwatch details .. >> status as whitelist >> spam score 0.00 >> >> since 127.0.0.1 is white listed as per the rules.. >> >> So i see that Mailscanner n mailwatch works jus perfect for the mails >> received its grt >> >> but i have queries regading mail sent by users using the browser >> with webmail >> >> 1) does mailscanner do a virus n spam check on the mails sent since i >> see >> in mailwatch the status is >> >> status as whitelist >> spam score 0.00 >> cause if this does not happen then the users pc inefcted will cause the >> mail server to spam or send infected mails out >> >> 2) obviously i would like mailscanner to scan and block any attachments >> sent by my users via webmail and they should only be sent when released >> from quarantine with mailwatch >> >> how do i the above .. setup rules for doin that >> >> basically i see that after i implemented the steps in FAQ regarding the >> release of quarantine mails i see that it works perfect for mails with >> attachment received and not for mails sent >> >> >> really wd apprecite your help >> >> >> Regards >> >> Simon >> >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> Network ADMIN: >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- Network ADMIN: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Sep 4 22:16:55 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 4 22:17:10 2007 Subject: Prombem with rule actions In-Reply-To: References: Message-ID: <46DDCB47.5000701@ecs.soton.ac.uk> You're absolutely right, it's a bug. Fixed in 4.63.8-1 which is on its way out the door as I type.... The error happens however you try to add more than one action to any given rule, not just in specifying a comma-separated list of actions for a rule. Well spotted. Gareth wrote: > Spam Actions = deliver attachment header "X-Spam-Flag: YES" > High Scoring Spam Actions = %rules-dir%/deliver.high.scoring.spam.rules > Non Spam Actions = deliver header "X-lgdeltd-MailScanner-Spam-Status: No" > > [root@mailscanner MailScanner]# cat > /etc/MailScanner/rules/deliver.high.scoring.spam.rules > To: mis@linguaphone.co.uk delete > To: mis@linguaphone-intranet.co.uk delete > To: mis@linguaphone.com delete > FromOrTo: default deliver attachment > header "X-Spam-Flag: YES" > > currently running MailScanner-4.63.7-2 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian >> Field >> Sent: 04 September 2007 21:32 >> To: MailScanner discussion >> Subject: Re: Prombem with rule actions >> >> >> What were your Spam Actions set to (all 3 of non-spam, spam, and >> high-scoring spam). >> >> And what version are you running? >> >> Gareth wrote: >> >>> For normal ham I get :- >>> >>> Actions are: deliver,header >>> >>> For spam with a rule of :- >>> SpamAssassin Rule Actions = SpamScore>=5=>store,non-deliver >>> I get :- >>> Actions are: attachment,header >>> >>> >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian >>>> Field >>>> Sent: 04 September 2007 20:54 >>>> To: MailScanner discussion >>>> Subject: Re: Prombem with rule actions >>>> >>>> >>>> Around line 1020 of /usr/lib/MailScanner/MailScanner/Message.pm, there >>>> should be a big comment in a block of '#' characters that says >>>> "SpamAssassin Rule Actions ends here". >>>> Just after that comment, add this line: >>>> >>>> print STDERR "Actions are: " . join(',',keys %actions) . "\n"; >>>> >>>> And then run "MailScanner --debug". >>>> Please tell me if it just prints the last action or all of them. >>>> >>>> Gareth wrote: >>>> >>>> >>>>> SpamAssassin Rule Actions = BAYES_99=>store,non-deliver >>>>> SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver >>>>> non-deliver option works but store does not >>>>> >>>>> SpamAssassin Rule Actions = SpamScore>=20=>forward >>>>> test@cdlive.co.uk,store,non-deliver >>>>> non-deliver works but store and forward dont >>>>> >>>>> SpamAssassin Rule Actions = SpamScore>=20=>forward >>>>> >>>>> >>>> test@cdlive.co.uk,store >>>> >>>> >>>>> store works! >>>>> but foward doesnt >>>>> >>>>> I am beginning to see a pattern here... >>>>> >>>>> SpamAssassin Rule Actions = SpamScore>=20=>forward >>>>> test@cdlive.co.uk,non-deliver,store >>>>> store works >>>>> non-deliver doesn't >>>>> >>>>> >>>>> It looks to me that only the last option works. >>>>> >>>>> Lets try it a little bit different >>>>> SpamAssassin Rule Actions = SpamScore>=20=>non-deliver, >>>>> >>>>> >>>> SpamScore>=20=>store >>>> >>>> >>>>> Not delivered and stored - SUCCESS! >>>>> >>>>> >>>>> It looks like there may be a parsing bug. >>>>> >>>>> >>>>> >>>>> >>>>>> -----Original Message----- >>>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf >>>>>> >> Of Julian >> >>>>>> Field >>>>>> Sent: 04 September 2007 19:31 >>>>>> To: MailScanner discussion >>>>>> Subject: Re: Prombem with rule actions >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Gareth wrote: >>>>>> >>>>>> >>>>>> >>>>>>> Jules, Could this be a bug? >>>>>>> >>>>>>> As it works when I put the store option in the high scoring >>>>>>> >>>>>>> >>>>>>> >>>>>> rules but wont >>>>>> >>>>>> >>>>>> >>>>>>> work as part of a rules actions line I cant think of any cause >>>>>>> >>>>>>> >>>>>>> >>>>>> other that a >>>>>> >>>>>> >>>>>> >>>>>>> problem with the rule actioon line itself or a bug somewhere. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> I have this lot set: >>>>>> >>>>>> Required SpamAssassin Score = 6 >>>>>> Non Spam Actions = deliver header "X-Spam-Status: No" >>>>>> Spam Actions = deliver header "X-Spam-Status: Yes" >>>>>> High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" >>>>>> >>>>>> SpamAssassin Rule Actions = FROM_BOSS_WIFE=>forward >>>>>> secretary@domain.com, SpamScore>=6=>forward >>>>>> spam.score@greater6.com,store,non-deliver, >>>>>> >> SpamScore<100=>store,forward >> >>>>>> spam.score@less100.com, store, SpamScore>100=>deliver,store >>>>>> >>>>>> And I get everything stored in the "nonspam" archive. >>>>>> >>>>>> So it appears to work for me. So I don't quite see why it doesn't for >>>>>> you. It sets all the spam actions first, long before it does anything >>>>>> about them. So it shouldn't be possible for the action to work in one >>>>>> setting and not in another. >>>>>> >>>>>> >>>>>> >>>>>>>> -----Original Message----- >>>>>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>>>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf >>>>>>>> >>>>>>>> >>>> Of Gareth >>>> >>>> >>>>>>>> Sent: 04 September 2007 13:37 >>>>>>>> To: MailScanner discussion >>>>>>>> Subject: Re: Prombem with rule actions >>>>>>>> >>>>>>>> >>>>>>>> I tried the following aswell as an alternative and it didn't >>>>>>>> >>>>>>>> >>>> store the >>>> >>>> >>>>>>>> message either. >>>>>>>> >>>>>>>> SpamAssassin Rule Actions = BAYES_99=>store,non-deliver >>>>>>>> >>>>>>>> On Tue, 2007-09-04 at 12:22, Gareth wrote: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> Thanks for that. I have changed it to postfix but I dont >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>> think it makes >>>>>> >>>>>> >>>>>> >>>>>>>>> any real difference since it is already running as postfix >>>>>>>>> >>>>>>>>> >>>> so it could >>>> >>>> >>>>>>>>> not change the user to root anyway. >>>>>>>>> >>>>>>>>> I changed my high scoring spam actions to add the deliver >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>> option and an >>>>>> >>>>>> >>>>>> >>>>>>>>> incoming high scoring spam and virus was detected and copies >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>> were saved >>>>>> >>>>>> >>>>>> >>>>>>>>> in the following places :- >>>>>>>>> 20070904/spam/CF509AA0090.2CC09 >>>>>>>>> 20070904/CF509AA0090.2CC09/message >>>>>>>>> i.e it worked fine and two copies of the message was saved. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>> That is fine >>>>>> >>>>>> >>>>>> >>>>>>>>> with me. >>>>>>>>> >>>>>>>>> I then switched to using >>>>>>>>> SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver >>>>>>>>> >>>>>>>>> A few spams with a score of >20 came in and they were not >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>> delivered but >>>>>> >>>>>> >>>>>> >>>>>>>>> still were not logged in the spam directory. >>>>>>>>> >>>>>>>>> Previously when I had a spam with score >20 which was also >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>> identified as >>>>>> >>>>>> >>>>>> >>>>>>>>> a virus then nothing was stored also not even to the virus >>>>>>>>> >>>>>>>>> >>>> store which >>>> >>>> >>>>>>>>> seems very wrong. >>>>>>>>> >>>>>>>>> On Tue, 2007-09-04 at 09:51, Glenn Steen wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> On 03/09/07, Gareth wrote: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> In MailScanner.conf I have :- >>>>>>>>>>> Quarantine Dir = /var/spool/MailScanner/quarantine >>>>>>>>>>> Quarantine User = root >>>>>>>>>>> Quarantine Group = apache >>>>>>>>>>> Quarantine Permissions = 0660 >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> Hm, Uer set to root.... What MTA are you using Gareth? I >>>>>>>>>> >>>>>>>>>> >>>> thought you >>>> >>>> >>>>>>>>>> were a postmixer like me:-)... In which case that isn't very >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>> likely to >>>>>> >>>>>> >>>>>> >>>>>>>>>> be correct... Then again... >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> However all quarantine entries are stored in the format :- >>>>>>>>>>> %quarantine-dir%/<>/<> and they are viruses >>>>>>>>>>> >>>>>>>>>>> >>>> and blocked >>>> >>>> >>>>>>>>>>> attachments. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> ... that this works indicate that the settings are >>>>>>>>>> >> correct for your >> >>>>>>>>>> setup (either another MTA, or PF run as root, I >>>>>>>>>> >> presume... Or some >> >>>>>>>>>> sticky bit magic:). I presume you've linted a few times, >>>>>>>>>> >>>>>>>>>> >>>> without any >>>> >>>> >>>>>>>>>> real errors? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> I am assuming this is correct for the virus quaranteen? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> Yes. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> If that is the case then MailScanner does not seem to be >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>> creating the >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>>> additional 'spam' etc... subdirectories for some reason. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> Seems so, yes. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> Are you sure the format is not >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>> %quarantine-dir%/spam/<>/<> as >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>>> if that was the case it could just be the issue that the >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>> spam directory does >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>>> not exist. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> Yes we're sure that isn't the case. Steve and Jules know >>>>>>>>>> >>>>>>>>>> >>>> this pretty >>>> >>>> >>>>>>>>>> ... intimately:-). >>>>>>>>>> >>>>>>>>>> Cheers >>>>>>>>>> -- >>>>>>>>>> -- Glenn >>>>>>>>>> email: glenn < dot > steen < at > gmail < dot > com >>>>>>>>>> work: glenn < dot > steen < at > ap1 < dot > se >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>> -- >>>>>>>> MailScanner mailing list >>>>>>>> mailscanner@lists.mailscanner.info >>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>>> >>>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> Jules >>>>>> >>>>>> -- >>>>>> Julian Field MEng CITP >>>>>> www.MailScanner.info >>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>> >>>>>> MailScanner customisation, or any advanced system >>>>>> >> administration help? >> >>>>>> Contact me at Jules@Jules.FM >>>>>> >>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>> For all your IT requirements visit www.transtec.co.uk >>>>>> >>>>>> >>>>>> -- >>>>>> This message has been scanned for viruses and >>>>>> dangerous content by MailScanner, and is >>>>>> believed to be clean. >>>>>> For all your IT requirements visit www.transtec.co.uk >>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>> Jules >>>> >>>> -- >>>> Julian Field MEng CITP >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> >>>> MailScanner customisation, or any advanced system administration help? >>>> Contact me at Jules@Jules.FM >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> For all your IT requirements visit www.transtec.co.uk >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> For all your IT requirements visit www.transtec.co.uk >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>>> >>> >> Jules >> >> -- >> Julian Field MEng CITP >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> For all your IT requirements visit www.transtec.co.uk >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> For all your IT requirements visit www.transtec.co.uk >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> >> > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Tue Sep 4 22:38:12 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Sep 4 22:38:20 2007 Subject: query regarding qurantine release In-Reply-To: <3463.62.150.152.226.1188937683.squirrel@webmail.baladia.gov.kw> References: <3463.62.150.152.226.1188937683.squirrel@webmail.baladia.gov.kw> Message-ID: Mail Administrator spake the following on 9/4/2007 1:28 PM: > Dear All, > > > I have the following setup on my server > > 1) Centos > Primary Mail server > Primary dns server > Mailscanner > Webmail server > > most of the users use their browser to login to the above server for > sending and checking their mails > everything is been workin perfectly > > i installed mailwatch so that i could release quarantine mails at my decision > > i then followed the exact steps as mentioned in the FAQ > > http://mailwatch.sourceforge.net/doku.php?id=mailwatch:faq > > and now i tried to test > > i sent a mail with attachment from my Yahoo account to my local mail > server and it was blocked my mailscanner whcih is perfect > n i logged in mailwatch and i could release the attachment and after i > released if went perfectly to my mailbox. thats grt > > now i sent a mail with attachemnt from my local account using webmail to > my yahoo account and it went perfectly fine > > and in my mailwatch details .. > status as whitelist > spam score 0.00 > > since 127.0.0.1 is white listed as per the rules.. > > So i see that Mailscanner n mailwatch works jus perfect for the mails > received its grt > > but i have queries regading mail sent by users using the browser with webmail > > 1) does mailscanner do a virus n spam check on the mails sent since i see > in mailwatch the status is > > status as whitelist > spam score 0.00 > cause if this does not happen then the users pc inefcted will cause the > mail server to spam or send infected mails out > > 2) obviously i would like mailscanner to scan and block any attachments > sent by my users via webmail and they should only be sent when released > from quarantine with mailwatch > > how do i the above .. setup rules for doin that > > basically i see that after i implemented the steps in FAQ regarding the > release of quarantine mails i see that it works perfect for mails with > attachment received and not for mails sent > > > really wd apprecite your help > > > Regards > > Simon > Are you running squirrelmail as your webmail server? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From hvdkooij at vanderkooij.org Tue Sep 4 22:43:47 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Sep 4 22:44:01 2007 Subject: SPF wildcards by spammers Message-ID: Hi, I was debugging a Barracuda when I noticed an interresting thing. I saw email coming in from a domain which is clearly for spam related to those blue pills for men. They have a SPF record but it is a "everything goes" one. I guess it is intended to try to bypass filters. If it becomes more common we might wish to use this knowledge to fight back against spammers. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From ssilva at sgvwater.com Tue Sep 4 22:55:24 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Sep 4 22:56:18 2007 Subject: query regarding qurantine release In-Reply-To: <4004.62.150.152.226.1188940071.squirrel@webmail.baladia.gov.kw> References: <4004.62.150.152.226.1188940071.squirrel@webmail.baladia.gov.kw> Message-ID: Mail Administrator spake the following on 9/4/2007 2:07 PM: >> How does your webmail send the mail? >> Does it make a smtp connection or run sendmail locally? >> >> If it makes a SMTP connection then you could probably configure it to >> connect to the servers real IP address and not 127.0.0.1 and then it >> should >> work. >> > > Thanks for ur quick reply > really appreciate > > sendmail runs locally > > here my mail log when i send a message for more info. > > ---------------------------------------- > > ep 5 00:03:07 kmdns1 sendmail[32523]: l84L36FM032523: > from=simon@kmun.gov.kw, size=652, class=0, nrcpts=1, > msgid=<3964.62.150.152.226.1188939786.squirrel@webmail.baladia.gov.kw>, > relay=apache@localhost > Sep 5 00:03:07 kmdns1 sendmail[32524]: l84L37UE032524: > from=, size=877, class=0, nrcpts=1, > msgid=<3964.62.150.152.226.1188939786.squirrel@webmail.baladia.gov.kw>, > proto=ESMTP, daemon=MTA, relay=kmdns1.kmun.gov.kw [127.0.0.1] > Sep 5 00:03:07 kmdns1 sendmail[32524]: l84L37UE032524: > to=, delay=00:00:00, mailer=esmtp, pri=30877, > stat=queued > > ------------------------------------ > > 62.150.152.226 is a ip of my machine > > since my sendmail runs locally on ip 127.0.0.1 how could i go arround > solving this problem . > apprecite your help > > regards > > simon > > > >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of >>> Mail Administrator >>> Sent: 04 September 2007 21:28 >>> To: MailScanner discussion >>> Subject: query regarding qurantine release >>> >>> >>> Dear All, >>> >>> >>> I have the following setup on my server >>> >>> 1) Centos >>> Primary Mail server >>> Primary dns server >>> Mailscanner >>> Webmail server >>> >>> most of the users use their browser to login to the above server for >>> sending and checking their mails >>> everything is been workin perfectly >>> >>> i installed mailwatch so that i could release quarantine mails at >>> my decision >>> >>> i then followed the exact steps as mentioned in the FAQ >>> >>> http://mailwatch.sourceforge.net/doku.php?id=mailwatch:faq >>> >>> and now i tried to test >>> >>> i sent a mail with attachment from my Yahoo account to my local mail >>> server and it was blocked my mailscanner whcih is perfect >>> n i logged in mailwatch and i could release the attachment and after i >>> released if went perfectly to my mailbox. thats grt >>> >>> now i sent a mail with attachemnt from my local account using webmail to >>> my yahoo account and it went perfectly fine >>> >>> and in my mailwatch details .. >>> status as whitelist >>> spam score 0.00 >>> >>> since 127.0.0.1 is white listed as per the rules.. >>> >>> So i see that Mailscanner n mailwatch works jus perfect for the mails >>> received its grt >>> >>> but i have queries regading mail sent by users using the browser >>> with webmail >>> >>> 1) does mailscanner do a virus n spam check on the mails sent since i >>> see >>> in mailwatch the status is >>> >>> status as whitelist >>> spam score 0.00 >>> cause if this does not happen then the users pc inefcted will cause the >>> mail server to spam or send infected mails out >>> >>> 2) obviously i would like mailscanner to scan and block any attachments >>> sent by my users via webmail and they should only be sent when released >>> from quarantine with mailwatch >>> >>> how do i the above .. setup rules for doin that >>> >>> basically i see that after i implemented the steps in FAQ regarding the >>> release of quarantine mails i see that it works perfect for mails with >>> attachment received and not for mails sent >>> >>> >>> really wd apprecite your help >>> >>> >>> Regards >>> >>> Simon In your conf.php in the mailwatch directory you have a setting like; define(QUARANTINE_FROM_ADDR, 'postmaster'); Change all the rules to have From: 127.0.0.1 and From: postmaster@localhost no (notice the "and From:" part) Change postmaster to what you have in your conf.php. This way it will only whitelist messages that match "both" choices, which your webmail users won't hit. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Tue Sep 4 23:03:35 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Sep 4 23:03:50 2007 Subject: SPF wildcards by spammers In-Reply-To: References: Message-ID: Hugo van der Kooij spake the following on 9/4/2007 2:43 PM: > Hi, > > I was debugging a Barracuda when I noticed an interresting thing. I saw > email coming in from a domain which is clearly for spam related to those > blue pills for men. > > They have a SPF record but it is a "everything goes" one. I guess it is > intended to try to bypass filters. > > If it becomes more common we might wish to use this knowledge to fight > back against spammers. > > Hugo. > > I see a lot of legit senders that are either testing SPF or are just clueless and set their records this way. Even the wizard at the openspf site sets ~all instead of -all, and people probably just run the wizard and copy and paste. If the spamassassin people haven't bumped up a score over things like this, I would have to say that it will have too many FP's. They have a large corpus of messages to test against. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mkettler at evi-inc.com Tue Sep 4 23:09:28 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Sep 4 23:09:51 2007 Subject: SPF wildcards by spammers In-Reply-To: References: Message-ID: <46DDD798.6030906@evi-inc.com> Hugo van der Kooij wrote: > Hi, > > I was debugging a Barracuda when I noticed an interresting thing. I saw > email coming in from a domain which is clearly for spam related to those > blue pills for men. > > They have a SPF record but it is a "everything goes" one. I guess it is > intended to try to bypass filters. > > If it becomes more common we might wish to use this knowledge to fight > back against spammers. > Interesting.. Stupid on their part, but interesting. This is definitely something we can use against them, and something that offers the spammer no benefit (unless someone has badly misused SPF). I'm pretty sure it would be easy to add a rule for this to SpamAssassin.. might require a little rewrite of the SPF plugin code, but if it becomes common enough, the SA devs would probably jump on it.. From neilw at dcdata.co.za Tue Sep 4 23:11:54 2007 From: neilw at dcdata.co.za (Neil Wilson) Date: Tue Sep 4 23:13:54 2007 Subject: Could not read executable /usr/sbin/sendmailCould not read executable /usr/sbin/sendmail Message-ID: <46DDD82A.4090701@dcdata.co.za> Hi guys, I've never seen this one before. Running latest MailScanner, when I start it I see the following error in my /var/log/mail Sep 4 23:48:01 mail MailScanner[13066]: Could not read executable /usr/sbin/sendmail Sep 4 23:48:01 mail MailScanner[13066]: Error in line 25, file "/usr/sbin/sendmail" for sendmail does not exist (or can not be read) I'm using postfix but I've tried using the original sendmail binary and that gives the same error. I've got these options set in my MailScanner.conf Run As User = postfix Run As Group = postfix MTA = postfix Sendmail = /usr/sbin/sendmail Sendmail2 = /usr/sbin/sendmail I've tried changing the ownerships and setting various permissions. Below is the range of files/perms I've tried. -r-xr-sr-x 1 root mail 752776 Sep 4 23:45 sendmail -r-xr-sr-x 1 root root 752776 Sep 4 23:44 sendmail-old -rwxrwxrwx 1 postfix postfix 18992 May 4 14:00 sendmail-orig -rwxr-xr-x 1 root root 18840 Sep 4 23:45 sendmail-postfix -r-xr-sr-x 1 root mail 752776 Apr 27 20:16 sendmail.beforeaxigen The file sendmail.beforeaxigen is the backup axigen makes before it changes your original file. I've since removed axigen. Any ideas? Thanks. Regards Neil Wilson -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html From mkettler at evi-inc.com Tue Sep 4 23:28:05 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Sep 4 23:28:29 2007 Subject: SPF wildcards by spammers In-Reply-To: References: Message-ID: <46DDDBF5.6050509@evi-inc.com> Scott Silva wrote: >> > I see a lot of legit senders that are either testing SPF or are just > clueless and set their records this way. Even the wizard at the openspf > site sets ~all instead of -all, and people probably just run the wizard > and copy and paste. Well, ~all or even ?all is one thing.. +all is something totally different. ~all isn't what I would call "anything goes".. that's a soft-fail. Most domains should be using that instead of -all anyway, but that's a personal opinion. I'd call +all an "anything goes" situation. That would probably be worth scoring positive on. > If the spamassassin people haven't bumped up a score over things like > this, I would have to say that it will have too many FP's. They have a > large corpus of messages to test against. Certainly at the ~all level, that's common. In fact, I'd postulate that most folks using -all have screwed up, and the fact that SPF_SOFTFAIL (~all) has a higher S/O than SPF_FAIL (-all) supports that. (It appears lot of naive and eager admins jump straight in at -all without thinking about their network. This causes more FP's. Most of the cautious admins have thought it through, but still use ~all to be even more cautious.) From root at doctor.nl2k.ab.ca Tue Sep 4 14:42:47 2007 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Wed Sep 5 01:59:27 2007 Subject: Just some ideas for upcoming MailScanner releases Message-ID: <20070904134246.GA11063@doctor.nl2k.ab.ca> 1) USe cpan instead of perl packages 2) have a method to interactively configure tnef. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From doc at maddoc.net Wed Sep 5 02:07:05 2007 From: doc at maddoc.net (Doc Schneider) Date: Wed Sep 5 02:07:16 2007 Subject: Just some ideas for upcoming MailScanner releases In-Reply-To: <20070904134246.GA11063@doctor.nl2k.ab.ca> References: <20070904134246.GA11063@doctor.nl2k.ab.ca> Message-ID: <46DE0139.2000101@maddoc.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > 1) USe cpan instead of perl packages There are a lot of folks here who use RPM based OS's. And it really is a lot easier just to install an RPM then have to setup CPAN. And lots of times CPAN installs break things like yum install/update ... Not putting your idea down just this has been talked about on this list before. > 2) have a method to interactively configure tnef. > Is there a need to configure TNEF? I know I install it and it works for me, just curious why you think it needs to be configured? - -- - -Doc Lincoln, NE. http://www.fsl.com/ http://www.genealogyforyou.com/ http://www.cairnproductions.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFG3gE5qOEeBwEpgcsRAsWnAJ4pYEldzzSaoTNGrGWddeOSvHJ4WgCfbSTQ dKp+gADi/CEulrVLKv37uVY= =OY92 -----END PGP SIGNATURE----- From rwahyudi at gmail.com Wed Sep 5 02:33:10 2007 From: rwahyudi at gmail.com (Rianto Wahyudi) Date: Wed Sep 5 02:31:19 2007 Subject: Just some ideas for upcoming MailScanner releases In-Reply-To: <20070904134246.GA11063@doctor.nl2k.ab.ca> References: <20070904134246.GA11063@doctor.nl2k.ab.ca> Message-ID: <46DE0756.9090903@gmail.com> Addition to this : "repository" of which you can do : "yum update MailScanner " and it will update MailScanner Rianto Wahyudi Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > 1) USe cpan instead of perl packages > > 2) have a method to interactively configure tnef. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070905/f3771cc3/attachment.html From Robert.Horton at goodmanmfg.com Wed Sep 5 03:46:39 2007 From: Robert.Horton at goodmanmfg.com (Horton, Robert) Date: Wed Sep 5 03:46:43 2007 Subject: list of variables which can be used in reports In-Reply-To: <46D57A58.50406@ecs.soton.ac.uk> References: <1188387826.3776.3.camel@gblades-suse.linguaphone-intranet.co.uk> <46D569C9.7060206@ecs.soton.ac.uk> <1188391785.3773.12.camel@gblades-suse.linguaphone-intranet.co.uk> <46D56CC3.7020200@ecs.soton.ac.uk><1188392396.3779.14.camel@gblades-suse.linguaphone-intranet.co.uk> <46D57A58.50406@ecs.soton.ac.uk> Message-ID: <50678FBB708A9B4FB6B536F6F657883D028E95CF@exch-gman.ad.goodmanmfg.com> Julian, I could use the $datenumber variable in the inline.spam.warning.txt. It's available in the notice for high scoring spam but not the inline spam warning. Thanks, Robert -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Wednesday, August 29, 2007 8:53 AM To: MailScanner discussion Subject: Re: list of variables which can be used in reports -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You should already be able to use "$sascore" in this report. Sorry it's not in the example report, I must have overlooked that. Any others you need? Gareth wrote: > en/inline.spam.warning.txt please. > > On Wed, 2007-08-29 at 13:55, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> But in which report(s) specifically? And don't say "all of them" :-) >> >> Gareth wrote: >> >>> It would be useful to have the total spam score as a variable. >>> >>> The reason being that I get users to drop copies of all false positives >>> into a shared folder and it would save me having to manually add up all >>> the scores to find what the total was. Depending on how much over the >>> threshold it was I decide to do various things such as whitelist them, >>> tell them to fix their mail system or do nothing :) >>> >>> Thanks >>> >>> On Wed, 2007-08-29 at 13:42, Julian Field wrote: >>> >>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> Each of the sample reports I provide use all the variables available in >>>> that report. >>>> If you need any adding, just tell me what you want and where you want to >>>> use it. >>>> >>>> Gareth wrote: >>>> >>>> >>>>> Is there a list of variables that can be used in reports anywhere? >>>>> I have a look in the book and on wiki but could not find anything. >>>>> >>>>> In particular I would like to change the inline spam report so that it >>>>> also reports the total spamassassin score. >>>>> >>>>> Thanks >>>>> Gareth >>>>> >>>>> >>>>> >>>>> >>>> Jules >>>> >>>> - -- >>>> Julian Field MEng CITP >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> >>>> Need help customising MailScanner? >>>> Contact me! >>>> Need help fixing or optimising your systems? >>>> Contact me! >>>> Need help getting you started solving new requirements from your boss? >>>> Contact me! >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: PGP Desktop 9.6.3 (Build 3017) >>>> Comment: (pgp-secured) >>>> Charset: ISO-8859-1 >>>> >>>> wj8DBQFG1WnKEfZZRxQVtlQRAjOMAKDv3xvdvg4NnszZQfONbjkx7a/KxACgiMtf >>>> ZAqlgmHz/zYbZd8uuP4VlHI= >>>> =s2b8 >>>> -----END PGP SIGNATURE----- >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> For all your IT requirements visit www.transtec.co.uk >>>> >>>> >>> >>> >> Jules >> >> - -- >> Julian Field MEng CITP >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.6.3 (Build 3017) >> Comment: (pgp-secured) >> Charset: ISO-8859-1 >> >> wj8DBQFG1WzEEfZZRxQVtlQRAlCnAKCnSNqx5goX+IwKXK8F+IgWfGc3jwCg+7Gt >> zJ/GCo6o8GBmLmMx8nzltqk= >> =bDpY >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> For all your IT requirements visit www.transtec.co.uk >> > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-15 wj8DBQFG1XpZEfZZRxQVtlQRAiFpAJ9k5bJIxeq83zR8a4VwiIJHjTMfXACeJC3z G9o7Ewzmqn+55QDHvlYA2Ew= =GBej -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! CONFIDENTIALITY NOTE: The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. Thank you. From mikej at rogers.com Wed Sep 5 04:45:58 2007 From: mikej at rogers.com (Mike Jakubik) Date: Wed Sep 5 04:46:18 2007 Subject: MailScanner ANNOUNCE: Stable release 4.63.7 In-Reply-To: <46DB19BC.6010005@ecs.soton.ac.uk> References: <46D9812D.3090600@ecs.soton.ac.uk> <5F0FDB0F-7A43-4D09-B3EF-A511526F26D1@gray.net.au> <46DAB86A.20405@ecs.soton.ac.uk> <625385e30709020625r629156efg9c4775411e4038f0@mail.gmail.com> <46DB164C.5060702@rogers.com> <46DB19BC.6010005@ecs.soton.ac.uk> Message-ID: <46DE2676.2080400@rogers.com> Julian Field wrote: > > > Mike Jakubik wrote: >> >> As long as everyone is bragging, id like to point out that this has >> already been done in the FreeBSD port, many releases ago :) >> > Shame they didn't get me to incorporate it into the main distributions > when they wrote it... > :-) Not sure it would work Jules, as we use the rcNG system in the FreeBSD port. From dfilchak at sympatico.ca Wed Sep 5 08:53:30 2007 From: dfilchak at sympatico.ca (Dave Filchak) Date: Wed Sep 5 08:53:44 2007 Subject: Trouble with White Listing Mailman list Message-ID: <46DE607A.2030907@sympatico.ca> Hello all, I am having a hell of a time white listing a small Mailman list so the posts do not get {spam} tags all over the subject lines. These are HTML emails that go out to a small select list of recipients. I have added the email address of the list to the spam.whitelist.rules file, the posters address (this is a one-way list), the bounce address .. everything and still it gets scanned and tagged. Any help for a frustrated lad here? MailScanner version 4.61.7 3.002001 Mail::SpamAssassin 0.17 Mail::ClamAV Dave From shuttlebox at gmail.com Wed Sep 5 09:02:09 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Sep 5 09:02:13 2007 Subject: Trouble with White Listing Mailman list In-Reply-To: <46DE607A.2030907@sympatico.ca> References: <46DE607A.2030907@sympatico.ca> Message-ID: <625385e30709050102s1a9f9c57s99f5f7efa4e5f325@mail.gmail.com> On 9/5/07, Dave Filchak wrote: > Hello all, > > I am having a hell of a time white listing a small Mailman list so the > posts do not get {spam} tags all over the subject lines. These are HTML > emails that go out to a small select list of recipients. I have added > the email address of the list to the spam.whitelist.rules file, the > posters address (this is a one-way list), the bounce address .. > everything and still it gets scanned and tagged. Any help for a > frustrated lad here? > > MailScanner version 4.61.7 > 3.002001 Mail::SpamAssassin > 0.17 Mail::ClamAV Could you post the headers of a received mail? If it doesn't include the spam report, post that one too from the logs. -- /peter From list-mailscanner at linguaphone.com Wed Sep 5 11:42:11 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Sep 5 11:42:30 2007 Subject: Problem with rule actions (2) In-Reply-To: <46DDCB47.5000701@ecs.soton.ac.uk> References: <46DDCB47.5000701@ecs.soton.ac.uk> Message-ID: <1188988931.23626.15.camel@gblades-suse.linguaphone-intranet.co.uk> Thanks Julian. That is now working fine but I do have one issue which I dont know if it is mailscanner or mailwatch. When I get a virus which is high scoring the mail is only quarantined in the spam folder. Nothing is saved in the normal virus quarantine. With the previous version when it was saving to the spam folder viruses were also put in the normal virus quaranteen aswell and this did not cause any problems. With this version the change seems to cause mailwatch problems as it cannot determine what viruses were detected (there is no report field) On Tue, 2007-09-04 at 22:16, Julian Field wrote: > You're absolutely right, it's a bug. > Fixed in 4.63.8-1 which is on its way out the door as I type.... > > The error happens however you try to add more than one action to any > given rule, not just in specifying a comma-separated list of actions for > a rule. > > Well spotted. > > Gareth wrote: > > Spam Actions = deliver attachment header "X-Spam-Flag: YES" > > High Scoring Spam Actions = %rules-dir%/deliver.high.scoring.spam.rules > > Non Spam Actions = deliver header "X-lgdeltd-MailScanner-Spam-Status: No" > > > > [root@mailscanner MailScanner]# cat > > /etc/MailScanner/rules/deliver.high.scoring.spam.rules > > To: mis@linguaphone.co.uk delete > > To: mis@linguaphone-intranet.co.uk delete > > To: mis@linguaphone.com delete > > FromOrTo: default deliver attachment > > header "X-Spam-Flag: YES" > > > > currently running MailScanner-4.63.7-2 > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > >> Field > >> Sent: 04 September 2007 21:32 > >> To: MailScanner discussion > >> Subject: Re: Prombem with rule actions > >> > >> > >> What were your Spam Actions set to (all 3 of non-spam, spam, and > >> high-scoring spam). > >> > >> And what version are you running? > >> > >> Gareth wrote: > >> > >>> For normal ham I get :- > >>> > >>> Actions are: deliver,header > >>> > >>> For spam with a rule of :- > >>> SpamAssassin Rule Actions = SpamScore>=5=>store,non-deliver > >>> I get :- > >>> Actions are: attachment,header > >>> > >>> > >>> > >>>> -----Original Message----- > >>>> From: mailscanner-bounces@lists.mailscanner.info > >>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > >>>> Field > >>>> Sent: 04 September 2007 20:54 > >>>> To: MailScanner discussion > >>>> Subject: Re: Prombem with rule actions > >>>> > >>>> > >>>> Around line 1020 of /usr/lib/MailScanner/MailScanner/Message.pm, there > >>>> should be a big comment in a block of '#' characters that says > >>>> "SpamAssassin Rule Actions ends here". > >>>> Just after that comment, add this line: > >>>> > >>>> print STDERR "Actions are: " . join(',',keys %actions) . "\n"; > >>>> > >>>> And then run "MailScanner --debug". > >>>> Please tell me if it just prints the last action or all of them. > >>>> > >>>> Gareth wrote: > >>>> > >>>> > >>>>> SpamAssassin Rule Actions = BAYES_99=>store,non-deliver > >>>>> SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver > >>>>> non-deliver option works but store does not > >>>>> > >>>>> SpamAssassin Rule Actions = SpamScore>=20=>forward > >>>>> test@cdlive.co.uk,store,non-deliver > >>>>> non-deliver works but store and forward dont > >>>>> > >>>>> SpamAssassin Rule Actions = SpamScore>=20=>forward > >>>>> > >>>>> > >>>> test@cdlive.co.uk,store > >>>> > >>>> > >>>>> store works! > >>>>> but foward doesnt > >>>>> > >>>>> I am beginning to see a pattern here... > >>>>> > >>>>> SpamAssassin Rule Actions = SpamScore>=20=>forward > >>>>> test@cdlive.co.uk,non-deliver,store > >>>>> store works > >>>>> non-deliver doesn't > >>>>> > >>>>> > >>>>> It looks to me that only the last option works. > >>>>> > >>>>> Lets try it a little bit different > >>>>> SpamAssassin Rule Actions = SpamScore>=20=>non-deliver, > >>>>> > >>>>> > >>>> SpamScore>=20=>store > >>>> > >>>> > >>>>> Not delivered and stored - SUCCESS! > >>>>> > >>>>> > >>>>> It looks like there may be a parsing bug. > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>> -----Original Message----- > >>>>>> From: mailscanner-bounces@lists.mailscanner.info > >>>>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf > >>>>>> > >> Of Julian > >> > >>>>>> Field > >>>>>> Sent: 04 September 2007 19:31 > >>>>>> To: MailScanner discussion > >>>>>> Subject: Re: Prombem with rule actions > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> Gareth wrote: > >>>>>> > >>>>>> > >>>>>> > >>>>>>> Jules, Could this be a bug? > >>>>>>> > >>>>>>> As it works when I put the store option in the high scoring > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> rules but wont > >>>>>> > >>>>>> > >>>>>> > >>>>>>> work as part of a rules actions line I cant think of any cause > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> other that a > >>>>>> > >>>>>> > >>>>>> > >>>>>>> problem with the rule actioon line itself or a bug somewhere. > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> I have this lot set: > >>>>>> > >>>>>> Required SpamAssassin Score = 6 > >>>>>> Non Spam Actions = deliver header "X-Spam-Status: No" > >>>>>> Spam Actions = deliver header "X-Spam-Status: Yes" > >>>>>> High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" > >>>>>> > >>>>>> SpamAssassin Rule Actions = FROM_BOSS_WIFE=>forward > >>>>>> secretary@domain.com, SpamScore>=6=>forward > >>>>>> spam.score@greater6.com,store,non-deliver, > >>>>>> > >> SpamScore<100=>store,forward > >> > >>>>>> spam.score@less100.com, store, SpamScore>100=>deliver,store > >>>>>> > >>>>>> And I get everything stored in the "nonspam" archive. > >>>>>> > >>>>>> So it appears to work for me. So I don't quite see why it doesn't for > >>>>>> you. It sets all the spam actions first, long before it does anything > >>>>>> about them. So it shouldn't be possible for the action to work in one > >>>>>> setting and not in another. > >>>>>> > >>>>>> > >>>>>> > >>>>>>>> -----Original Message----- > >>>>>>>> From: mailscanner-bounces@lists.mailscanner.info > >>>>>>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf > >>>>>>>> > >>>>>>>> > >>>> Of Gareth > >>>> > >>>> > >>>>>>>> Sent: 04 September 2007 13:37 > >>>>>>>> To: MailScanner discussion > >>>>>>>> Subject: Re: Prombem with rule actions > >>>>>>>> > >>>>>>>> > >>>>>>>> I tried the following aswell as an alternative and it didn't > >>>>>>>> > >>>>>>>> > >>>> store the > >>>> > >>>> > >>>>>>>> message either. > >>>>>>>> > >>>>>>>> SpamAssassin Rule Actions = BAYES_99=>store,non-deliver > >>>>>>>> > >>>>>>>> On Tue, 2007-09-04 at 12:22, Gareth wrote: > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>> Thanks for that. I have changed it to postfix but I dont > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>> think it makes > >>>>>> > >>>>>> > >>>>>> > >>>>>>>>> any real difference since it is already running as postfix > >>>>>>>>> > >>>>>>>>> > >>>> so it could > >>>> > >>>> > >>>>>>>>> not change the user to root anyway. > >>>>>>>>> > >>>>>>>>> I changed my high scoring spam actions to add the deliver > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>> option and an > >>>>>> > >>>>>> > >>>>>> > >>>>>>>>> incoming high scoring spam and virus was detected and copies > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>> were saved > >>>>>> > >>>>>> > >>>>>> > >>>>>>>>> in the following places :- > >>>>>>>>> 20070904/spam/CF509AA0090.2CC09 > >>>>>>>>> 20070904/CF509AA0090.2CC09/message > >>>>>>>>> i.e it worked fine and two copies of the message was saved. > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>> That is fine > >>>>>> > >>>>>> > >>>>>> > >>>>>>>>> with me. > >>>>>>>>> > >>>>>>>>> I then switched to using > >>>>>>>>> SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver > >>>>>>>>> > >>>>>>>>> A few spams with a score of >20 came in and they were not > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>> delivered but > >>>>>> > >>>>>> > >>>>>> > >>>>>>>>> still were not logged in the spam directory. > >>>>>>>>> > >>>>>>>>> Previously when I had a spam with score >20 which was also > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>> identified as > >>>>>> > >>>>>> > >>>>>> > >>>>>>>>> a virus then nothing was stored also not even to the virus > >>>>>>>>> > >>>>>>>>> > >>>> store which > >>>> > >>>> > >>>>>>>>> seems very wrong. > >>>>>>>>> > >>>>>>>>> On Tue, 2007-09-04 at 09:51, Glenn Steen wrote: > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>>> On 03/09/07, Gareth wrote: > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>>> In MailScanner.conf I have :- > >>>>>>>>>>> Quarantine Dir = /var/spool/MailScanner/quarantine > >>>>>>>>>>> Quarantine User = root > >>>>>>>>>>> Quarantine Group = apache > >>>>>>>>>>> Quarantine Permissions = 0660 > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>> Hm, Uer set to root.... What MTA are you using Gareth? I > >>>>>>>>>> > >>>>>>>>>> > >>>> thought you > >>>> > >>>> > >>>>>>>>>> were a postmixer like me:-)... In which case that isn't very > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>> likely to > >>>>>> > >>>>>> > >>>>>> > >>>>>>>>>> be correct... Then again... > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>>> However all quarantine entries are stored in the format :- > >>>>>>>>>>> %quarantine-dir%/<>/<> and they are viruses > >>>>>>>>>>> > >>>>>>>>>>> > >>>> and blocked > >>>> > >>>> > >>>>>>>>>>> attachments. > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>> ... that this works indicate that the settings are > >>>>>>>>>> > >> correct for your > >> > >>>>>>>>>> setup (either another MTA, or PF run as root, I > >>>>>>>>>> > >> presume... Or some > >> > >>>>>>>>>> sticky bit magic:). I presume you've linted a few times, > >>>>>>>>>> > >>>>>>>>>> > >>>> without any > >>>> > >>>> > >>>>>>>>>> real errors? > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>>> I am assuming this is correct for the virus quaranteen? > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>> Yes. > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>>> If that is the case then MailScanner does not seem to be > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>> creating the > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>>> additional 'spam' etc... subdirectories for some reason. > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>> Seems so, yes. > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>>> Are you sure the format is not > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>> %quarantine-dir%/spam/<>/<> as > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>>> if that was the case it could just be the issue that the > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>> spam directory does > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>>> not exist. > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>> Yes we're sure that isn't the case. Steve and Jules know > >>>>>>>>>> > >>>>>>>>>> > >>>> this pretty > >>>> > >>>> > >>>>>>>>>> ... intimately:-). > >>>>>>>>>> > >>>>>>>>>> Cheers > >>>>>>>>>> -- > >>>>>>>>>> -- Glenn > >>>>>>>>>> email: glenn < dot > steen < at > gmail < dot > com > >>>>>>>>>> work: glenn < dot > steen < at > ap1 < dot > se > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>> -- > >>>>>>>> MailScanner mailing list > >>>>>>>> mailscanner@lists.mailscanner.info > >>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>>>>>> > >>>>>>>> Before posting, read http://wiki.mailscanner.info/posting > >>>>>>>> > >>>>>>>> Support MailScanner development - buy the book off the website! > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>> Jules > >>>>>> > >>>>>> -- > >>>>>> Julian Field MEng CITP > >>>>>> www.MailScanner.info > >>>>>> Buy the MailScanner book at www.MailScanner.info/store > >>>>>> > >>>>>> MailScanner customisation, or any advanced system > >>>>>> > >> administration help? > >> > >>>>>> Contact me at Jules@Jules.FM > >>>>>> > >>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>>>>> For all your IT requirements visit www.transtec.co.uk > >>>>>> > >>>>>> > >>>>>> -- > >>>>>> This message has been scanned for viruses and > >>>>>> dangerous content by MailScanner, and is > >>>>>> believed to be clean. > >>>>>> For all your IT requirements visit www.transtec.co.uk > >>>>>> > >>>>>> -- > >>>>>> MailScanner mailing list > >>>>>> mailscanner@lists.mailscanner.info > >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>>>> > >>>>>> Before posting, read http://wiki.mailscanner.info/posting > >>>>>> > >>>>>> Support MailScanner development - buy the book off the website! > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>> Jules > >>>> > >>>> -- > >>>> Julian Field MEng CITP > >>>> www.MailScanner.info > >>>> Buy the MailScanner book at www.MailScanner.info/store > >>>> > >>>> MailScanner customisation, or any advanced system administration help? > >>>> Contact me at Jules@Jules.FM > >>>> > >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>>> For all your IT requirements visit www.transtec.co.uk > >>>> > >>>> > >>>> -- > >>>> This message has been scanned for viruses and > >>>> dangerous content by MailScanner, and is > >>>> believed to be clean. > >>>> For all your IT requirements visit www.transtec.co.uk > >>>> > >>>> -- > >>>> MailScanner mailing list > >>>> mailscanner@lists.mailscanner.info > >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>> > >>>> Before posting, read http://wiki.mailscanner.info/posting > >>>> > >>>> Support MailScanner development - buy the book off the website! > >>>> > >>>> > >>>> > >>>> > >>>> > >>> > >> Jules > >> > >> -- > >> Julian Field MEng CITP > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> > >> MailScanner customisation, or any advanced system administration help? > >> Contact me at Jules@Jules.FM > >> > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> For all your IT requirements visit www.transtec.co.uk > >> > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> For all your IT requirements visit www.transtec.co.uk > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > >> > >> > >> > > > > > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk From list-mailscanner at linguaphone.com Wed Sep 5 12:24:54 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Sep 5 12:25:12 2007 Subject: Problem with rule actions (2) In-Reply-To: <1188988931.23626.15.camel@gblades-suse.linguaphone-intranet.co.uk> References: <46DDCB47.5000701@ecs.soton.ac.uk> <1188988931.23626.15.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <1188991494.23620.18.camel@gblades-suse.linguaphone-intranet.co.uk> Done a bit of investigating and the 'report' field in the mysql database is not being populated. So its mailscanner or the MailWatchLogging custom plugin On Wed, 2007-09-05 at 11:42, Gareth wrote: > Thanks Julian. > > That is now working fine but I do have one issue which I dont know if it > is mailscanner or mailwatch. > > When I get a virus which is high scoring the mail is only quarantined in > the spam folder. > Nothing is saved in the normal virus quarantine. With the previous > version when it was saving to the spam folder viruses were also put in > the normal virus quaranteen aswell and this did not cause any problems. > With this version the change seems to cause mailwatch problems as it > cannot determine what viruses were detected (there is no report field) > > On Tue, 2007-09-04 at 22:16, Julian Field wrote: > > You're absolutely right, it's a bug. > > Fixed in 4.63.8-1 which is on its way out the door as I type.... > > > > The error happens however you try to add more than one action to any > > given rule, not just in specifying a comma-separated list of actions for > > a rule. > > > > Well spotted. > > > > Gareth wrote: > > > Spam Actions = deliver attachment header "X-Spam-Flag: YES" > > > High Scoring Spam Actions = %rules-dir%/deliver.high.scoring.spam.rules > > > Non Spam Actions = deliver header "X-lgdeltd-MailScanner-Spam-Status: No" > > > > > > [root@mailscanner MailScanner]# cat > > > /etc/MailScanner/rules/deliver.high.scoring.spam.rules > > > To: mis@linguaphone.co.uk delete > > > To: mis@linguaphone-intranet.co.uk delete > > > To: mis@linguaphone.com delete > > > FromOrTo: default deliver attachment > > > header "X-Spam-Flag: YES" > > > > > > currently running MailScanner-4.63.7-2 > > > > > > > > >> -----Original Message----- > > >> From: mailscanner-bounces@lists.mailscanner.info > > >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > > >> Field > > >> Sent: 04 September 2007 21:32 > > >> To: MailScanner discussion > > >> Subject: Re: Prombem with rule actions > > >> > > >> > > >> What were your Spam Actions set to (all 3 of non-spam, spam, and > > >> high-scoring spam). > > >> > > >> And what version are you running? > > >> > > >> Gareth wrote: > > >> > > >>> For normal ham I get :- > > >>> > > >>> Actions are: deliver,header > > >>> > > >>> For spam with a rule of :- > > >>> SpamAssassin Rule Actions = SpamScore>=5=>store,non-deliver > > >>> I get :- > > >>> Actions are: attachment,header > > >>> > > >>> > > >>> > > >>>> -----Original Message----- > > >>>> From: mailscanner-bounces@lists.mailscanner.info > > >>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > > >>>> Field > > >>>> Sent: 04 September 2007 20:54 > > >>>> To: MailScanner discussion > > >>>> Subject: Re: Prombem with rule actions > > >>>> > > >>>> > > >>>> Around line 1020 of /usr/lib/MailScanner/MailScanner/Message.pm, there > > >>>> should be a big comment in a block of '#' characters that says > > >>>> "SpamAssassin Rule Actions ends here". > > >>>> Just after that comment, add this line: > > >>>> > > >>>> print STDERR "Actions are: " . join(',',keys %actions) . "\n"; > > >>>> > > >>>> And then run "MailScanner --debug". > > >>>> Please tell me if it just prints the last action or all of them. > > >>>> > > >>>> Gareth wrote: > > >>>> > > >>>> > > >>>>> SpamAssassin Rule Actions = BAYES_99=>store,non-deliver > > >>>>> SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver > > >>>>> non-deliver option works but store does not > > >>>>> > > >>>>> SpamAssassin Rule Actions = SpamScore>=20=>forward > > >>>>> test@cdlive.co.uk,store,non-deliver > > >>>>> non-deliver works but store and forward dont > > >>>>> > > >>>>> SpamAssassin Rule Actions = SpamScore>=20=>forward > > >>>>> > > >>>>> > > >>>> test@cdlive.co.uk,store > > >>>> > > >>>> > > >>>>> store works! > > >>>>> but foward doesnt > > >>>>> > > >>>>> I am beginning to see a pattern here... > > >>>>> > > >>>>> SpamAssassin Rule Actions = SpamScore>=20=>forward > > >>>>> test@cdlive.co.uk,non-deliver,store > > >>>>> store works > > >>>>> non-deliver doesn't > > >>>>> > > >>>>> > > >>>>> It looks to me that only the last option works. > > >>>>> > > >>>>> Lets try it a little bit different > > >>>>> SpamAssassin Rule Actions = SpamScore>=20=>non-deliver, > > >>>>> > > >>>>> > > >>>> SpamScore>=20=>store > > >>>> > > >>>> > > >>>>> Not delivered and stored - SUCCESS! > > >>>>> > > >>>>> > > >>>>> It looks like there may be a parsing bug. > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>>> -----Original Message----- > > >>>>>> From: mailscanner-bounces@lists.mailscanner.info > > >>>>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf > > >>>>>> > > >> Of Julian > > >> > > >>>>>> Field > > >>>>>> Sent: 04 September 2007 19:31 > > >>>>>> To: MailScanner discussion > > >>>>>> Subject: Re: Prombem with rule actions > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> Gareth wrote: > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>>> Jules, Could this be a bug? > > >>>>>>> > > >>>>>>> As it works when I put the store option in the high scoring > > >>>>>>> > > >>>>>>> > > >>>>>>> > > >>>>>> rules but wont > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>>> work as part of a rules actions line I cant think of any cause > > >>>>>>> > > >>>>>>> > > >>>>>>> > > >>>>>> other that a > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>>> problem with the rule actioon line itself or a bug somewhere. > > >>>>>>> > > >>>>>>> > > >>>>>>> > > >>>>>>> > > >>>>>> I have this lot set: > > >>>>>> > > >>>>>> Required SpamAssassin Score = 6 > > >>>>>> Non Spam Actions = deliver header "X-Spam-Status: No" > > >>>>>> Spam Actions = deliver header "X-Spam-Status: Yes" > > >>>>>> High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" > > >>>>>> > > >>>>>> SpamAssassin Rule Actions = FROM_BOSS_WIFE=>forward > > >>>>>> secretary@domain.com, SpamScore>=6=>forward > > >>>>>> spam.score@greater6.com,store,non-deliver, > > >>>>>> > > >> SpamScore<100=>store,forward > > >> > > >>>>>> spam.score@less100.com, store, SpamScore>100=>deliver,store > > >>>>>> > > >>>>>> And I get everything stored in the "nonspam" archive. > > >>>>>> > > >>>>>> So it appears to work for me. So I don't quite see why it doesn't for > > >>>>>> you. It sets all the spam actions first, long before it does anything > > >>>>>> about them. So it shouldn't be possible for the action to work in one > > >>>>>> setting and not in another. > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>>>> -----Original Message----- > > >>>>>>>> From: mailscanner-bounces@lists.mailscanner.info > > >>>>>>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf > > >>>>>>>> > > >>>>>>>> > > >>>> Of Gareth > > >>>> > > >>>> > > >>>>>>>> Sent: 04 September 2007 13:37 > > >>>>>>>> To: MailScanner discussion > > >>>>>>>> Subject: Re: Prombem with rule actions > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> I tried the following aswell as an alternative and it didn't > > >>>>>>>> > > >>>>>>>> > > >>>> store the > > >>>> > > >>>> > > >>>>>>>> message either. > > >>>>>>>> > > >>>>>>>> SpamAssassin Rule Actions = BAYES_99=>store,non-deliver > > >>>>>>>> > > >>>>>>>> On Tue, 2007-09-04 at 12:22, Gareth wrote: > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>>> Thanks for that. I have changed it to postfix but I dont > > >>>>>>>>> > > >>>>>>>>> > > >>>>>>>>> > > >>>>>> think it makes > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>>>>> any real difference since it is already running as postfix > > >>>>>>>>> > > >>>>>>>>> > > >>>> so it could > > >>>> > > >>>> > > >>>>>>>>> not change the user to root anyway. > > >>>>>>>>> > > >>>>>>>>> I changed my high scoring spam actions to add the deliver > > >>>>>>>>> > > >>>>>>>>> > > >>>>>>>>> > > >>>>>> option and an > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>>>>> incoming high scoring spam and virus was detected and copies > > >>>>>>>>> > > >>>>>>>>> > > >>>>>>>>> > > >>>>>> were saved > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>>>>> in the following places :- > > >>>>>>>>> 20070904/spam/CF509AA0090.2CC09 > > >>>>>>>>> 20070904/CF509AA0090.2CC09/message > > >>>>>>>>> i.e it worked fine and two copies of the message was saved. > > >>>>>>>>> > > >>>>>>>>> > > >>>>>>>>> > > >>>>>> That is fine > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>>>>> with me. > > >>>>>>>>> > > >>>>>>>>> I then switched to using > > >>>>>>>>> SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver > > >>>>>>>>> > > >>>>>>>>> A few spams with a score of >20 came in and they were not > > >>>>>>>>> > > >>>>>>>>> > > >>>>>>>>> > > >>>>>> delivered but > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>>>>> still were not logged in the spam directory. > > >>>>>>>>> > > >>>>>>>>> Previously when I had a spam with score >20 which was also > > >>>>>>>>> > > >>>>>>>>> > > >>>>>>>>> > > >>>>>> identified as > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>>>>> a virus then nothing was stored also not even to the virus > > >>>>>>>>> > > >>>>>>>>> > > >>>> store which > > >>>> > > >>>> > > >>>>>>>>> seems very wrong. > > >>>>>>>>> > > >>>>>>>>> On Tue, 2007-09-04 at 09:51, Glenn Steen wrote: > > >>>>>>>>> > > >>>>>>>>> > > >>>>>>>>> > > >>>>>>>>> > > >>>>>>>>>> On 03/09/07, Gareth wrote: > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>>> In MailScanner.conf I have :- > > >>>>>>>>>>> Quarantine Dir = /var/spool/MailScanner/quarantine > > >>>>>>>>>>> Quarantine User = root > > >>>>>>>>>>> Quarantine Group = apache > > >>>>>>>>>>> Quarantine Permissions = 0660 > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>> Hm, Uer set to root.... What MTA are you using Gareth? I > > >>>>>>>>>> > > >>>>>>>>>> > > >>>> thought you > > >>>> > > >>>> > > >>>>>>>>>> were a postmixer like me:-)... In which case that isn't very > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>> likely to > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>>>>>> be correct... Then again... > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>>> However all quarantine entries are stored in the format :- > > >>>>>>>>>>> %quarantine-dir%/<>/<> and they are viruses > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>> and blocked > > >>>> > > >>>> > > >>>>>>>>>>> attachments. > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>> ... that this works indicate that the settings are > > >>>>>>>>>> > > >> correct for your > > >> > > >>>>>>>>>> setup (either another MTA, or PF run as root, I > > >>>>>>>>>> > > >> presume... Or some > > >> > > >>>>>>>>>> sticky bit magic:). I presume you've linted a few times, > > >>>>>>>>>> > > >>>>>>>>>> > > >>>> without any > > >>>> > > >>>> > > >>>>>>>>>> real errors? > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>>> I am assuming this is correct for the virus quaranteen? > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>> Yes. > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>>> If that is the case then MailScanner does not seem to be > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>> creating the > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>>>>> additional 'spam' etc... subdirectories for some reason. > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>> Seems so, yes. > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>>> Are you sure the format is not > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>> %quarantine-dir%/spam/<>/<> as > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>>>>> if that was the case it could just be the issue that the > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>> spam directory does > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>>>>> not exist. > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>> Yes we're sure that isn't the case. Steve and Jules know > > >>>>>>>>>> > > >>>>>>>>>> > > >>>> this pretty > > >>>> > > >>>> > > >>>>>>>>>> ... intimately:-). > > >>>>>>>>>> > > >>>>>>>>>> Cheers > > >>>>>>>>>> -- > > >>>>>>>>>> -- Glenn > > >>>>>>>>>> email: glenn < dot > steen < at > gmail < dot > com > > >>>>>>>>>> work: glenn < dot > steen < at > ap1 < dot > se > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>> -- > > >>>>>>>> MailScanner mailing list > > >>>>>>>> mailscanner@lists.mailscanner.info > > >>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > > >>>>>>>> > > >>>>>>>> Before posting, read http://wiki.mailscanner.info/posting > > >>>>>>>> > > >>>>>>>> Support MailScanner development - buy the book off the website! > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>> Jules > > >>>>>> > > >>>>>> -- > > >>>>>> Julian Field MEng CITP > > >>>>>> www.MailScanner.info > > >>>>>> Buy the MailScanner book at www.MailScanner.info/store > > >>>>>> > > >>>>>> MailScanner customisation, or any advanced system > > >>>>>> > > >> administration help? > > >> > > >>>>>> Contact me at Jules@Jules.FM > > >>>>>> > > >>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >>>>>> For all your IT requirements visit www.transtec.co.uk > > >>>>>> > > >>>>>> > > >>>>>> -- > > >>>>>> This message has been scanned for viruses and > > >>>>>> dangerous content by MailScanner, and is > > >>>>>> believed to be clean. > > >>>>>> For all your IT requirements visit www.transtec.co.uk > > >>>>>> > > >>>>>> -- > > >>>>>> MailScanner mailing list > > >>>>>> mailscanner@lists.mailscanner.info > > >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > > >>>>>> > > >>>>>> Before posting, read http://wiki.mailscanner.info/posting > > >>>>>> > > >>>>>> Support MailScanner development - buy the book off the website! > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> > > >>>> Jules > > >>>> > > >>>> -- > > >>>> Julian Field MEng CITP > > >>>> www.MailScanner.info > > >>>> Buy the MailScanner book at www.MailScanner.info/store > > >>>> > > >>>> MailScanner customisation, or any advanced system administration help? > > >>>> Contact me at Jules@Jules.FM > > >>>> > > >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >>>> For all your IT requirements visit www.transtec.co.uk > > >>>> > > >>>> > > >>>> -- > > >>>> This message has been scanned for viruses and > > >>>> dangerous content by MailScanner, and is > > >>>> believed to be clean. > > >>>> For all your IT requirements visit www.transtec.co.uk > > >>>> > > >>>> -- > > >>>> MailScanner mailing list > > >>>> mailscanner@lists.mailscanner.info > > >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > > >>>> > > >>>> Before posting, read http://wiki.mailscanner.info/posting > > >>>> > > >>>> Support MailScanner development - buy the book off the website! > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> > > >>> > > >> Jules > > >> > > >> -- > > >> Julian Field MEng CITP > > >> www.MailScanner.info > > >> Buy the MailScanner book at www.MailScanner.info/store > > >> > > >> MailScanner customisation, or any advanced system administration help? > > >> Contact me at Jules@Jules.FM > > >> > > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >> For all your IT requirements visit www.transtec.co.uk > > >> > > >> > > >> -- > > >> This message has been scanned for viruses and > > >> dangerous content by MailScanner, and is > > >> believed to be clean. > > >> For all your IT requirements visit www.transtec.co.uk > > >> > > >> -- > > >> MailScanner mailing list > > >> mailscanner@lists.mailscanner.info > > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > > >> > > >> Before posting, read http://wiki.mailscanner.info/posting > > >> > > >> Support MailScanner development - buy the book off the website! > > >> > > >> > > >> > > >> > > > > > > > > > > Jules > > > > -- > > Julian Field MEng CITP > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > MailScanner customisation, or any advanced system administration help? > > Contact me at Jules@Jules.FM > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > For all your IT requirements visit www.transtec.co.uk > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > For all your IT requirements visit www.transtec.co.uk From list-mailscanner at linguaphone.com Wed Sep 5 12:38:43 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Sep 5 12:38:53 2007 Subject: Problem with rule actions (2) In-Reply-To: <1188991494.23620.18.camel@gblades-suse.linguaphone-intranet.co.uk> References: <46DDCB47.5000701@ecs.soton.ac.uk> <1188988931.23626.15.camel@gblades-suse.linguaphone-intranet.co.uk> <1188991494.23620.18.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <1188992322.23624.25.camel@gblades-suse.linguaphone-intranet.co.uk> Ok could you have a look at this Julian when you have some spare time. Problem: When an email contains a virus and it triggers a custom action (store,non-deliver) the infection report is not being stored in the database. The following code is what mailwatch uses to retrieve the infection array and convert it to a string and I cant see why it would be going wrong as it is just using the data passed by mailscanner. It would be nice if the virus quaranteen was still populated in addition to the spam quarantine since the virus quaranteen has the attachments decoded so it makes it easier to do furthur manual tests. my($file, $text, @report_array); while(($file, $text) = each %{$message->{allreports}}) { $file = "the entire message" if $file eq ""; # Use the sanitised filename to avoid problems caused by people forcing # logging of attachment filenames which contain nasty SQL instructions. $file = $message->{file2safefile}{$file} or $file; $text =~ s/\n/ /; # Make sure text report only contains 1 line $text =~ s/\t/ /; # and no tab characters push (@report_array, $text); } # Sanitize reports my $reports = join(",",@report_array); Thanks Gareth On Wed, 2007-09-05 at 12:24, Gareth wrote: > Done a bit of investigating and the 'report' field in the mysql database > is not being populated. > > So its mailscanner or the MailWatchLogging custom plugin > > On Wed, 2007-09-05 at 11:42, Gareth wrote: > > Thanks Julian. > > > > That is now working fine but I do have one issue which I dont know if it > > is mailscanner or mailwatch. > > > > When I get a virus which is high scoring the mail is only quarantined in > > the spam folder. > > Nothing is saved in the normal virus quarantine. With the previous > > version when it was saving to the spam folder viruses were also put in > > the normal virus quaranteen aswell and this did not cause any problems. > > With this version the change seems to cause mailwatch problems as it > > cannot determine what viruses were detected (there is no report field) > > > > On Tue, 2007-09-04 at 22:16, Julian Field wrote: > > > You're absolutely right, it's a bug. > > > Fixed in 4.63.8-1 which is on its way out the door as I type.... > > > > > > The error happens however you try to add more than one action to any > > > given rule, not just in specifying a comma-separated list of actions for > > > a rule. > > > > > > Well spotted. > > > > > > Gareth wrote: > > > > Spam Actions = deliver attachment header "X-Spam-Flag: YES" > > > > High Scoring Spam Actions = %rules-dir%/deliver.high.scoring.spam.rules > > > > Non Spam Actions = deliver header "X-lgdeltd-MailScanner-Spam-Status: No" > > > > > > > > [root@mailscanner MailScanner]# cat > > > > /etc/MailScanner/rules/deliver.high.scoring.spam.rules > > > > To: mis@linguaphone.co.uk delete > > > > To: mis@linguaphone-intranet.co.uk delete > > > > To: mis@linguaphone.com delete > > > > FromOrTo: default deliver attachment > > > > header "X-Spam-Flag: YES" > > > > > > > > currently running MailScanner-4.63.7-2 > > > > > > > > > > > >> -----Original Message----- > > > >> From: mailscanner-bounces@lists.mailscanner.info > > > >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > > > >> Field > > > >> Sent: 04 September 2007 21:32 > > > >> To: MailScanner discussion > > > >> Subject: Re: Prombem with rule actions > > > >> > > > >> > > > >> What were your Spam Actions set to (all 3 of non-spam, spam, and > > > >> high-scoring spam). > > > >> > > > >> And what version are you running? > > > >> > > > >> Gareth wrote: > > > >> > > > >>> For normal ham I get :- > > > >>> > > > >>> Actions are: deliver,header > > > >>> > > > >>> For spam with a rule of :- > > > >>> SpamAssassin Rule Actions = SpamScore>=5=>store,non-deliver > > > >>> I get :- > > > >>> Actions are: attachment,header > > > >>> > > > >>> > > > >>> > > > >>>> -----Original Message----- > > > >>>> From: mailscanner-bounces@lists.mailscanner.info > > > >>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > > > >>>> Field > > > >>>> Sent: 04 September 2007 20:54 > > > >>>> To: MailScanner discussion > > > >>>> Subject: Re: Prombem with rule actions > > > >>>> > > > >>>> > > > >>>> Around line 1020 of /usr/lib/MailScanner/MailScanner/Message.pm, there > > > >>>> should be a big comment in a block of '#' characters that says > > > >>>> "SpamAssassin Rule Actions ends here". > > > >>>> Just after that comment, add this line: > > > >>>> > > > >>>> print STDERR "Actions are: " . join(',',keys %actions) . "\n"; > > > >>>> > > > >>>> And then run "MailScanner --debug". > > > >>>> Please tell me if it just prints the last action or all of them. > > > >>>> > > > >>>> Gareth wrote: > > > >>>> > > > >>>> > > > >>>>> SpamAssassin Rule Actions = BAYES_99=>store,non-deliver > > > >>>>> SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver > > > >>>>> non-deliver option works but store does not > > > >>>>> > > > >>>>> SpamAssassin Rule Actions = SpamScore>=20=>forward > > > >>>>> test@cdlive.co.uk,store,non-deliver > > > >>>>> non-deliver works but store and forward dont > > > >>>>> > > > >>>>> SpamAssassin Rule Actions = SpamScore>=20=>forward > > > >>>>> > > > >>>>> > > > >>>> test@cdlive.co.uk,store > > > >>>> > > > >>>> > > > >>>>> store works! > > > >>>>> but foward doesnt > > > >>>>> > > > >>>>> I am beginning to see a pattern here... > > > >>>>> > > > >>>>> SpamAssassin Rule Actions = SpamScore>=20=>forward > > > >>>>> test@cdlive.co.uk,non-deliver,store > > > >>>>> store works > > > >>>>> non-deliver doesn't > > > >>>>> > > > >>>>> > > > >>>>> It looks to me that only the last option works. > > > >>>>> > > > >>>>> Lets try it a little bit different > > > >>>>> SpamAssassin Rule Actions = SpamScore>=20=>non-deliver, > > > >>>>> > > > >>>>> > > > >>>> SpamScore>=20=>store > > > >>>> > > > >>>> > > > >>>>> Not delivered and stored - SUCCESS! > > > >>>>> > > > >>>>> > > > >>>>> It looks like there may be a parsing bug. > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>>> -----Original Message----- > > > >>>>>> From: mailscanner-bounces@lists.mailscanner.info > > > >>>>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf > > > >>>>>> > > > >> Of Julian > > > >> > > > >>>>>> Field > > > >>>>>> Sent: 04 September 2007 19:31 > > > >>>>>> To: MailScanner discussion > > > >>>>>> Subject: Re: Prombem with rule actions > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>> Gareth wrote: > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>>> Jules, Could this be a bug? > > > >>>>>>> > > > >>>>>>> As it works when I put the store option in the high scoring > > > >>>>>>> > > > >>>>>>> > > > >>>>>>> > > > >>>>>> rules but wont > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>>> work as part of a rules actions line I cant think of any cause > > > >>>>>>> > > > >>>>>>> > > > >>>>>>> > > > >>>>>> other that a > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>>> problem with the rule actioon line itself or a bug somewhere. > > > >>>>>>> > > > >>>>>>> > > > >>>>>>> > > > >>>>>>> > > > >>>>>> I have this lot set: > > > >>>>>> > > > >>>>>> Required SpamAssassin Score = 6 > > > >>>>>> Non Spam Actions = deliver header "X-Spam-Status: No" > > > >>>>>> Spam Actions = deliver header "X-Spam-Status: Yes" > > > >>>>>> High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" > > > >>>>>> > > > >>>>>> SpamAssassin Rule Actions = FROM_BOSS_WIFE=>forward > > > >>>>>> secretary@domain.com, SpamScore>=6=>forward > > > >>>>>> spam.score@greater6.com,store,non-deliver, > > > >>>>>> > > > >> SpamScore<100=>store,forward > > > >> > > > >>>>>> spam.score@less100.com, store, SpamScore>100=>deliver,store > > > >>>>>> > > > >>>>>> And I get everything stored in the "nonspam" archive. > > > >>>>>> > > > >>>>>> So it appears to work for me. So I don't quite see why it doesn't for > > > >>>>>> you. It sets all the spam actions first, long before it does anything > > > >>>>>> about them. So it shouldn't be possible for the action to work in one > > > >>>>>> setting and not in another. > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>>>> -----Original Message----- > > > >>>>>>>> From: mailscanner-bounces@lists.mailscanner.info > > > >>>>>>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf > > > >>>>>>>> > > > >>>>>>>> > > > >>>> Of Gareth > > > >>>> > > > >>>> > > > >>>>>>>> Sent: 04 September 2007 13:37 > > > >>>>>>>> To: MailScanner discussion > > > >>>>>>>> Subject: Re: Prombem with rule actions > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> I tried the following aswell as an alternative and it didn't > > > >>>>>>>> > > > >>>>>>>> > > > >>>> store the > > > >>>> > > > >>>> > > > >>>>>>>> message either. > > > >>>>>>>> > > > >>>>>>>> SpamAssassin Rule Actions = BAYES_99=>store,non-deliver > > > >>>>>>>> > > > >>>>>>>> On Tue, 2007-09-04 at 12:22, Gareth wrote: > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>>> Thanks for that. I have changed it to postfix but I dont > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>> think it makes > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>>>>> any real difference since it is already running as postfix > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>> so it could > > > >>>> > > > >>>> > > > >>>>>>>>> not change the user to root anyway. > > > >>>>>>>>> > > > >>>>>>>>> I changed my high scoring spam actions to add the deliver > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>> option and an > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>>>>> incoming high scoring spam and virus was detected and copies > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>> were saved > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>>>>> in the following places :- > > > >>>>>>>>> 20070904/spam/CF509AA0090.2CC09 > > > >>>>>>>>> 20070904/CF509AA0090.2CC09/message > > > >>>>>>>>> i.e it worked fine and two copies of the message was saved. > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>> That is fine > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>>>>> with me. > > > >>>>>>>>> > > > >>>>>>>>> I then switched to using > > > >>>>>>>>> SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver > > > >>>>>>>>> > > > >>>>>>>>> A few spams with a score of >20 came in and they were not > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>> delivered but > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>>>>> still were not logged in the spam directory. > > > >>>>>>>>> > > > >>>>>>>>> Previously when I had a spam with score >20 which was also > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>> identified as > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>>>>> a virus then nothing was stored also not even to the virus > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>> store which > > > >>>> > > > >>>> > > > >>>>>>>>> seems very wrong. > > > >>>>>>>>> > > > >>>>>>>>> On Tue, 2007-09-04 at 09:51, Glenn Steen wrote: > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>>> On 03/09/07, Gareth wrote: > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>>>> In MailScanner.conf I have :- > > > >>>>>>>>>>> Quarantine Dir = /var/spool/MailScanner/quarantine > > > >>>>>>>>>>> Quarantine User = root > > > >>>>>>>>>>> Quarantine Group = apache > > > >>>>>>>>>>> Quarantine Permissions = 0660 > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>>> Hm, Uer set to root.... What MTA are you using Gareth? I > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>> thought you > > > >>>> > > > >>>> > > > >>>>>>>>>> were a postmixer like me:-)... In which case that isn't very > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>> likely to > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>>>>>> be correct... Then again... > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>>>> However all quarantine entries are stored in the format :- > > > >>>>>>>>>>> %quarantine-dir%/<>/<> and they are viruses > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>> and blocked > > > >>>> > > > >>>> > > > >>>>>>>>>>> attachments. > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>>> ... that this works indicate that the settings are > > > >>>>>>>>>> > > > >> correct for your > > > >> > > > >>>>>>>>>> setup (either another MTA, or PF run as root, I > > > >>>>>>>>>> > > > >> presume... Or some > > > >> > > > >>>>>>>>>> sticky bit magic:). I presume you've linted a few times, > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>> without any > > > >>>> > > > >>>> > > > >>>>>>>>>> real errors? > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>>>> I am assuming this is correct for the virus quaranteen? > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>>> Yes. > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>>>> If that is the case then MailScanner does not seem to be > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>> creating the > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>>>>> additional 'spam' etc... subdirectories for some reason. > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>>> Seems so, yes. > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>>>> Are you sure the format is not > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>> %quarantine-dir%/spam/<>/<> as > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>>>>> if that was the case it could just be the issue that the > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>> spam directory does > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>>>>> not exist. > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>>> Yes we're sure that isn't the case. Steve and Jules know > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>> this pretty > > > >>>> > > > >>>> > > > >>>>>>>>>> ... intimately:-). > > > >>>>>>>>>> > > > >>>>>>>>>> Cheers > > > >>>>>>>>>> -- > > > >>>>>>>>>> -- Glenn > > > >>>>>>>>>> email: glenn < dot > steen < at > gmail < dot > com > > > >>>>>>>>>> work: glenn < dot > steen < at > ap1 < dot > se > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>> -- > > > >>>>>>>> MailScanner mailing list > > > >>>>>>>> mailscanner@lists.mailscanner.info > > > >>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > >>>>>>>> > > > >>>>>>>> Before posting, read http://wiki.mailscanner.info/posting > > > >>>>>>>> > > > >>>>>>>> Support MailScanner development - buy the book off the website! > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>> Jules > > > >>>>>> > > > >>>>>> -- > > > >>>>>> Julian Field MEng CITP > > > >>>>>> www.MailScanner.info > > > >>>>>> Buy the MailScanner book at www.MailScanner.info/store > > > >>>>>> > > > >>>>>> MailScanner customisation, or any advanced system > > > >>>>>> > > > >> administration help? > > > >> > > > >>>>>> Contact me at Jules@Jules.FM > > > >>>>>> > > > >>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > >>>>>> For all your IT requirements visit www.transtec.co.uk > > > >>>>>> > > > >>>>>> > > > >>>>>> -- > > > >>>>>> This message has been scanned for viruses and > > > >>>>>> dangerous content by MailScanner, and is > > > >>>>>> believed to be clean. > > > >>>>>> For all your IT requirements visit www.transtec.co.uk > > > >>>>>> > > > >>>>>> -- > > > >>>>>> MailScanner mailing list > > > >>>>>> mailscanner@lists.mailscanner.info > > > >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > >>>>>> > > > >>>>>> Before posting, read http://wiki.mailscanner.info/posting > > > >>>>>> > > > >>>>>> Support MailScanner development - buy the book off the website! > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>> Jules > > > >>>> > > > >>>> -- > > > >>>> Julian Field MEng CITP > > > >>>> www.MailScanner.info > > > >>>> Buy the MailScanner book at www.MailScanner.info/store > > > >>>> > > > >>>> MailScanner customisation, or any advanced system administration help? > > > >>>> Contact me at Jules@Jules.FM > > > >>>> > > > >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > >>>> For all your IT requirements visit www.transtec.co.uk > > > >>>> > > > >>>> > > > >>>> -- > > > >>>> This message has been scanned for viruses and > > > >>>> dangerous content by MailScanner, and is > > > >>>> believed to be clean. > > > >>>> For all your IT requirements visit www.transtec.co.uk > > > >>>> > > > >>>> -- > > > >>>> MailScanner mailing list > > > >>>> mailscanner@lists.mailscanner.info > > > >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > >>>> > > > >>>> Before posting, read http://wiki.mailscanner.info/posting > > > >>>> > > > >>>> Support MailScanner development - buy the book off the website! > > > >>>> > > > >>>> > > > >>>> > > > >>>> > > > >>>> > > > >>> > > > >> Jules > > > >> > > > >> -- > > > >> Julian Field MEng CITP > > > >> www.MailScanner.info > > > >> Buy the MailScanner book at www.MailScanner.info/store > > > >> > > > >> MailScanner customisation, or any advanced system administration help? > > > >> Contact me at Jules@Jules.FM > > > >> > > > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > >> For all your IT requirements visit www.transtec.co.uk > > > >> > > > >> > > > >> -- > > > >> This message has been scanned for viruses and > > > >> dangerous content by MailScanner, and is > > > >> believed to be clean. > > > >> For all your IT requirements visit www.transtec.co.uk > > > >> > > > >> -- > > > >> MailScanner mailing list > > > >> mailscanner@lists.mailscanner.info > > > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > >> > > > >> Before posting, read http://wiki.mailscanner.info/posting > > > >> > > > >> Support MailScanner development - buy the book off the website! > > > >> > > > >> > > > >> > > > >> > > > > > > > > > > > > > > Jules > > > > > > -- > > > Julian Field MEng CITP > > > www.MailScanner.info > > > Buy the MailScanner book at www.MailScanner.info/store > > > > > > MailScanner customisation, or any advanced system administration help? > > > Contact me at Jules@Jules.FM > > > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > For all your IT requirements visit www.transtec.co.uk > > > > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content by MailScanner, and is > > > believed to be clean. > > > For all your IT requirements visit www.transtec.co.uk From jaearick at colby.edu Wed Sep 5 13:49:54 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Sep 5 13:50:14 2007 Subject: Just some ideas for upcoming MailScanner releases In-Reply-To: <46DE0139.2000101@maddoc.net> References: <20070904134246.GA11063@doctor.nl2k.ab.ca> <46DE0139.2000101@maddoc.net> Message-ID: On Tue, 4 Sep 2007, Doc Schneider wrote: > Dave Shariff Yadallee - System Administrator a.k.a. The Root of the > Problem wrote: >> 1) USe cpan instead of perl packages > > There are a lot of folks here who use RPM based OS's. And it really is a > lot easier just to install an RPM then have to setup CPAN. And lots of > times CPAN installs break things like yum install/update ... Not putting > your idea down just this has been talked about on this list before. > And some of us just don't trust CPAN enough to let it run amok on our systems installing whatever it wants. Yes, installing packages piecemeal is a PITA but I get to see it compile and pass its tests and I have control over whether it gets installed or not. Jeff Earickson Colby College From sandrews at andrewscompanies.com Wed Sep 5 14:01:47 2007 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Wed Sep 5 14:01:50 2007 Subject: OT: sa rule question Message-ID: <1964AAFBC212F742958F9275BF63DBB05B3EAD@winchester.andrewscompanies.com> I've got an oddball scenario I've got to deal with. I've got a box servicing multiple domains and on one domain I've got to take just about any 3digit format@domain.com and pass it on, that and a few specific email addresses; anything else, i want to toss. What I'm planning, and please correct my logic if necessary, is to create a rule to penalize all mail to that domain, say 10 points, effectively making it high spam. Then, have another rule that reverses the penalty (-10) on all mail to xxx@domain.com and to specificaddress@domain.com I've got the penalty phase rule working and i understand how to do it for specificaddress@domain.com, but i'm weak with the regex to match any 3 letters@domain.com. anyone got a quick sec to show me an example? Thanks, Steve -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070905/b72a195e/attachment.html From viralert at fadalto.com Wed Sep 5 14:25:19 2007 From: viralert at fadalto.com (Phil) Date: Wed Sep 5 14:25:37 2007 Subject: HELP ME PLEASE: MCP In-Reply-To: <8D2EFA3D9FD29C45BCEC3B532F0E2308413391EB2B@RDPEXCH2.Eu.Emory.Edu> References: <20070903105205.M86793@yatta-it.com> <1188820150.7202.26.camel@localhost> <20070903124728.M16375@fadalto.com> <8D2EFA3D9FD29C45BCEC3B532F0E2308413391EB2B@RDPEXCH2.Eu.Emory.Edu> Message-ID: <20070905131802.M13951@yatta-it.com> Great!!! IT WORKS! Changing the directive from "First Check = mcp" to "First Check = spam" has solved the problem!! Really many thanks Obviously it seems to be a BUG, for those who cares :) Phil ---------- Original Message ----------- From: "Gottschalk, David" To: MailScanner discussion Sent: Tue, 4 Sep 2007 08:12:35 -0400 Subject: RE: HELP ME PLEASE: MCP > Try... > > First Check = spam > > I had this same problem, and that resolved it for me. > > David Gottschalk > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Phil Sent: Monday, September 03, > 2007 8:47 AM To: MailScanner discussion Subject: Re: HELP ME PLEASE: MCP > > Ok, Sorry. > > Copying the conf the "forward" keys has been deleted. > > The config I'm using is: > > MCP Header = X-%org-name%-MailScanner-MCPCheck: > Non MCP Actions = deliver > MCP Actions = store forward spammy@yatta-it.com > High Scoring MCP Actions = store forward spammy@yatta-it.com > Bounce MCP As Attachment = no > > And, since I'm doing test, I'm sure I'm testing the MCP and not the HIGH-MCP :) > > Sincere thanks for the answer > > Phil > > ---------- Original Message ----------- > From: David Jacobson > To: MailScanner discussion > Sent: Mon, 3 Sep 2007 13:49:10 +0200 > Subject: Re: HELP ME PLEASE: MCP > > > Hi, > > > > See comments inline. > > > > On Mon, 2007-09-03 at 12:54 +0200, Phil wrote: > > > Hi all, > > > > > > I'm using now new MailScanner-4.63.7-2. > > > > > > The problem is the same and I'm go crazy. > > > > > > MCP messages are not forwarded to my spam trash user. > > > > > > Even if I configure MS to deliver MCP messages, they disappear and will not deliver. > > > > > > My configuration sectio is: > > > > > > Non MCP Actions = deliver > > > MCP Actions = store forward spammy@yatta-it.com > > > High Scoring MCP Actions = store spammy@yatta-it.com > > > > This should be store forward spammy@yatta-it.com you have left out the > > forward. Your MCP action is probably reaching the High scoring > > threshold therefore not forwarding. > > > > > > > > Bounce MCP As Attachment = no > > > > > > > > > > > > > > > Please, please, I'm begging you, could you please help me? > > > > > > Many thanks to all! > > > > > > Phil > > > > > -- > > Regards, > > > > David Jacobson > > Technical Director > > SYNAQ (Pty) Ltd > > > > Tel: 011 245 5888 > > Direct: 011 245 5889 > > Fax: 011 783 9275 > > Cell: 083 235 0760 > > Mail: davidj@synaq.com > > Web: http://www.synaq.com > > > > Key Fingerprint > > 8246 FCE1 3C22 7EFB E61B 18DF 6E8B 65E8 BD50 78A1 > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > ------- End of Original Message ------- > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ------- End of Original Message ------- From andreab at guttadauro.com Wed Sep 5 14:44:37 2007 From: andreab at guttadauro.com (Andrea Bazzanini) Date: Wed Sep 5 14:42:14 2007 Subject: Update Rules In-Reply-To: <20070903105205.M86793@yatta-it.com> References: <200708261100.l7QB02E8013272@safir.blacknight.ie> <000801c7e81e$953686b0$cc01a8c0@Dual> <46D1E2A5.4090500@ecs.soton.ac.uk> <20070903105205.M86793@yatta-it.com> Message-ID: <46DEB2C5.1000402@guttadauro.com> Hello Guys ! I'm a new MailScanner user , and i need some help about rules update. Which command i need run after download the rules from rulesemporium web site ? All Rules must be copied to /etc/Mailscanner and /etc/mail/spamassassin ??? Are there other place where i need store rules ? Sorry , if my question is very simple and not in correct english :) Thanks !! AndreA -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi, ed e' risultato non infetto. From dfilchak at sympatico.ca Wed Sep 5 14:42:45 2007 From: dfilchak at sympatico.ca (Dave Filchak) Date: Wed Sep 5 14:43:05 2007 Subject: Trouble with White Listing Mailman list In-Reply-To: <625385e30709050102s1a9f9c57s99f5f7efa4e5f325@mail.gmail.com> References: <46DE607A.2030907@sympatico.ca> <625385e30709050102s1a9f9c57s99f5f7efa4e5f325@mail.gmail.com> Message-ID: <46DEB255.8060607@sympatico.ca> shuttlebox wrote: > On 9/5/07, Dave Filchak wrote: > >> Hello all, >> >> I am having a hell of a time white listing a small Mailman list so the >> posts do not get {spam} tags all over the subject lines. These are HTML >> emails that go out to a small select list of recipients. I have added >> the email address of the list to the spam.whitelist.rules file, the >> posters address (this is a one-way list), the bounce address .. >> everything and still it gets scanned and tagged. Any help for a >> frustrated lad here? >> >> MailScanner version 4.61.7 >> 3.002001 Mail::SpamAssassin >> 0.17 Mail::ClamAV >> > > Could you post the headers of a received mail? If it doesn't include > the spam report, post that one too from the logs. > > Here you go. You will see that it is being scanned twice .. once by my secondary server, which has Mailman on it, and again by my main mail server, even though I have them both white listed (at least in theory). Here is what I have for rules: On ebony in spam.whitelist.rules: From: 127.0.0.1 yes From: ywca_lifeskills-bounces@ebony.zuka.net yes From: ywca_lifeskills-bounces@zuka.net yes From: 204.15.37.138 yes On rosewood in spam.whitelist.rules: From: 127.0.0.1 yes From: 204.15.37.138 yes From: 192.168.1.106 yes From: gateway.zuka.net yes From: ywca_lifeskills@ebony.zuka.net yes From: ywca_lifeskills-bounces@ebony.zuka.net yes From: ywca_lifeskills-bounces@zuka.net yes (OK .. I was getting a little desperate here and adding everything but the kitchen sink!) Thanks Dave Return-Path: X-Original-To: dave.filchak@zuka.net Delivered-To: dave.filchak@zuka.net Received: from ebony.zuka.net (ebony.zuka.net [199.243.151.21]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by rosewood.zuka.net (Postfix) with ESMTP id 9B12743C337; Wed, 5 Sep 2007 03:18:13 -0400 (EDT) Received: from ebony.zuka.net (localhost.localdomain [127.0.0.1]) by ebony.zuka.net (8.13.1/8.13.1) with ESMTP id l857IurF011818; Wed, 5 Sep 2007 03:21:05 -0400 Received: from rosewood.zuka.net (rosewood.zuka.net [199.243.151.38]) by ebony.zuka.net (8.13.1/8.13.1) with ESMTP id l857IOo2011799 for ; Wed, 5 Sep 2007 03:18:25 -0400 Received: from [192.168.1.106] (gateway.zuka.net [204.15.37.138]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: dave.filchak@zuka.net) by rosewood.zuka.net (Postfix) with ESMTP id E6FC643C325 for ; Wed, 5 Sep 2007 02:51:30 -0400 (EDT) Message-ID: <46DE5831.2040201@zuka.net> Date: Wed, 05 Sep 2007 03:18:09 -0400 From: Dave Filchak Organization: Zuka Inc. User-Agent: Thunderbird 2.0.0.6 (Macintosh/20070728) MIME-Version: 1.0 To: ywca_lifeskills@zuka.net Content-Type: multipart/alternative; boundary="------------050203010600000909060901" X-zuka.net-rw-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details, Not scanned: please contact your Internet E-Mail Service Provider for details X-zuka.net-rw-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=5.13, required 5, ALL_TRUSTED -1.44, FUZZY_OCR_CORRUPT_IMG 0.50, HEADER_SPAM 3.12, HTML_MESSAGE 0.00, HTML_TAG_EXIST_TBODY 0.13, SARE_GIF_ATTACH 1.42, SARE_HEAD_HDR_APPROV 0.82, SARE_UNI 0.59), not spam, SpamAssassin (not cached, score=3.451, required 5, FUZZY_OCR_CORRUPT_IMG 0.50, HTML_MESSAGE 0.00, HTML_TAG_EXIST_TBODY 0.13, INFO_TLD 0.81, SARE_GIF_ATTACH 1.42, SARE_UNI 0.59) X-zuka.net-rw-MailScanner-SpamScore: 5, 3 X-Zuka-EB-MailScanner: Found to be clean, Found to be clean X-Zuka-EB-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=8.226, required 5, BAYES_50 0.00, HEADER_SPAM 3.40, HTML_MESSAGE 0.00, INLINE_IMAGE 2.00, SARE_GIF_ATTACH 1.42, SARE_HEAD_HDR_APPROV 0.82, SARE_UNI 0.59), not spam, SpamAssassin (cached, score=4.013, required 5, BAYES_50 0.00, HTML_MESSAGE 0.00, INLINE_IMAGE 2.00, SARE_GIF_ATTACH 1.42, SARE_UNI 0.59) X-Zuka-EB-MailScanner-SpamScore: ssssssss, ssss Subject: [Lifeskills_News] {Spam?} {RW-Spam?} YWCA Lifeskills: Training, Coaching, Publications X-BeenThere: ywca_lifeskills@zuka.net X-Mailman-Version: 2.1.6 Precedence: list List-Id: "YWCA Lifeskills: Training, Coaching, Publications" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ywca_lifeskills-bounces@zuka.net Errors-To: ywca_lifeskills-bounces@zuka.net X-Zuka-EB-MailScanner-Information: Please contact the ISP for more information X-Zuka-EB-MailScanner-From: ywca_lifeskills-bounces@zuka.net X-zuka.net-rw-MailScanner-Information: Please contact the ISP for more information X-RWMailScanner-From: ywca_lifeskills-bounces@zuka.net This is a multi-part message in MIME format. --------------050203010600000909060901 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit From Richard.Frovarp at sendit.nodak.edu Wed Sep 5 14:47:03 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Wed Sep 5 14:47:07 2007 Subject: Update Rules In-Reply-To: <46DEB2C5.1000402@guttadauro.com> References: <200708261100.l7QB02E8013272@safir.blacknight.ie> <000801c7e81e$953686b0$cc01a8c0@Dual> <46D1E2A5.4090500@ecs.soton.ac.uk> <20070903105205.M86793@yatta-it.com> <46DEB2C5.1000402@guttadauro.com> Message-ID: <46DEB357.3090908@sendit.nodak.edu> Andrea Bazzanini wrote: > Hello Guys ! > > I'm a new MailScanner user , and i need some help about rules update. > > Which command i need run after download the rules from rulesemporium > web site ? > > All Rules must be copied to /etc/Mailscanner and > /etc/mail/spamassassin ??? Are there other place where i need store > rules ? > > Sorry , if my question is very simple and not in correct english :) > > > Thanks !! > > AndreA > > > > They go in /etc/mail/spamassassin. I would recommend using sa-update to automatically update the rules, which does put them in another location. http://wiki.apache.org/spamassassin/SareChannels Since MailScanner reloads every 2 or 4 hours depending on version and settings, you really don't need to do anything. The rules will be picked up on the next reload. Or you could restart MailScanner for the rules to take immediate effect. From jgg at giversen.net Wed Sep 5 14:55:10 2007 From: jgg at giversen.net (sysadm) Date: Wed Sep 5 14:55:13 2007 Subject: Notice problem In-Reply-To: <20070904134246.GA11063@doctor.nl2k.ab.ca> References: <20070904134246.GA11063@doctor.nl2k.ab.ca> Message-ID: <46DEB53E.5040207@giversen.net> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070905/bbf8dbd1/attachment.html From shuttlebox at gmail.com Wed Sep 5 15:20:24 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Sep 5 15:20:29 2007 Subject: Trouble with White Listing Mailman list In-Reply-To: <46DEB255.8060607@sympatico.ca> References: <46DE607A.2030907@sympatico.ca> <625385e30709050102s1a9f9c57s99f5f7efa4e5f325@mail.gmail.com> <46DEB255.8060607@sympatico.ca> Message-ID: <625385e30709050720w27ad1733p71cd788e0cdbea47@mail.gmail.com> On 9/5/07, Dave Filchak wrote: > X-zuka.net-rw-MailScanner-SpamCheck: spam, SpamAssassin (not cached, > score=5.13, required 5, ALL_TRUSTED -1.44, > FUZZY_OCR_CORRUPT_IMG 0.50, HEADER_SPAM 3.12, HTML_MESSAGE 0.00, > HTML_TAG_EXIST_TBODY 0.13, SARE_GIF_ATTACH 1.42, > SARE_HEAD_HDR_APPROV 0.82, SARE_UNI 0.59), not spam, SpamAssassin (not cached, > score=3.451, required 5, FUZZY_OCR_CORRUPT_IMG 0.50, > HTML_MESSAGE 0.00, HTML_TAG_EXIST_TBODY 0.13, INFO_TLD 0.81, > SARE_GIF_ATTACH 1.42, SARE_UNI 0.59) > X-Zuka-EB-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=8.226, > required 5, BAYES_50 0.00, HEADER_SPAM 3.40, > HTML_MESSAGE 0.00, > INLINE_IMAGE 2.00, SARE_GIF_ATTACH 1.42, SARE_HEAD_HDR_APPROV 0.82, > SARE_UNI 0.59), not spam, SpamAssassin (cached, score=4.013, > required 5, BAYES_50 0.00, HTML_MESSAGE 0.00, INLINE_IMAGE 2.00, > SARE_GIF_ATTACH 1.42, SARE_UNI 0.59) Very strange that you in the report have two reports, one that says it's spam and one that disagrees! Do you have spamd running? Also, remove the dot in zuka.net (%org-name%), it's not allowed. It's been known to cause problems. Julian: would you consider adding a dot/underscore check to --lint? -- /peter From steve.freegard at fsl.com Wed Sep 5 15:35:07 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Wed Sep 5 15:35:07 2007 Subject: Trouble with White Listing Mailman list In-Reply-To: <625385e30709050720w27ad1733p71cd788e0cdbea47@mail.gmail.com> References: <46DE607A.2030907@sympatico.ca> <625385e30709050102s1a9f9c57s99f5f7efa4e5f325@mail.gmail.com> <46DEB255.8060607@sympatico.ca> <625385e30709050720w27ad1733p71cd788e0cdbea47@mail.gmail.com> Message-ID: <46DEBE9B.7090105@fsl.com> shuttlebox wrote: > On 9/5/07, Dave Filchak wrote: >> X-zuka.net-rw-MailScanner-SpamCheck: spam, SpamAssassin (not cached, > > Also, remove the dot in zuka.net (%org-name%), it's not allowed. It's > been known to cause problems. > > Julian: would you consider adding a dot/underscore check to --lint? > Maybe something like: $org-name =~ s/\./-/; Would be better than adding a check to --lint. That way it's automagically corrected. Cheers, Steve. From list-mailscanner at linguaphone.com Wed Sep 5 15:52:37 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Sep 5 15:52:42 2007 Subject: OT: sa rule question In-Reply-To: <1964AAFBC212F742958F9275BF63DBB05B3EAD@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB05B3EAD@winchester.andrewscompanies.com> Message-ID: <1189003957.23625.39.camel@gblades-suse.linguaphone-intranet.co.uk> How about :- header LOCAL_TLA_ADDRESS To =~ /\b\w\w\w@domain\.com\b/i score LOCAL_TLA_ADDRESS -10.0 \b matches a word boundry so it basically stops it matching morethan3letters@domain.com \w matches a letter The problem I can forsee is things like mailing lists where the To: field does not match the recipients email address. On Wed, 2007-09-05 at 14:01, Steven Andrews wrote: > I've got an oddball scenario I've got to deal with. I've got a box > servicing multiple domains and on one domain I've got to take just > about any 3digit format@domain.com and pass it on, that and a few > specific email addresses; anything else, i want to toss. > > What I'm planning, and please correct my logic if necessary, is to > create a rule to penalize all mail to that domain, say 10 points, > effectively making it high spam. Then, have another rule that > reverses the penalty (-10) on all mail to xxx@domain.com and to > specificaddress@domain.com > > I've got the penalty phase rule working and i understand how to do it > for specificaddress@domain.com, but i'm weak with the regex to match > any 3 letters@domain.com. > > anyone got a quick sec to show me an example? > > Thanks, > > Steve > > ______________________________________________________________________ > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From sandrews at andrewscompanies.com Wed Sep 5 16:30:04 2007 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Wed Sep 5 16:30:14 2007 Subject: OT: sa rule question In-Reply-To: <1189003957.23625.39.camel@gblades-suse.linguaphone-intranet.co.uk> References: <1964AAFBC212F742958F9275BF63DBB05B3EAD@winchester.andrewscompanies.com> <1189003957.23625.39.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <1964AAFBC212F742958F9275BF63DBB05B3EB9@winchester.andrewscompanies.com> Perfect; thank you for the education on what's going on rather than just the example. The domain doesn't have any actual users so nobody to subscribe to mailing lists. Thanks, Steve -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gareth Sent: Wednesday, September 05, 2007 10:53 AM To: MailScanner discussion Subject: Re: OT: sa rule question How about :- header LOCAL_TLA_ADDRESS To =~ /\b\w\w\w@domain\.com\b/i score LOCAL_TLA_ADDRESS -10.0 \b matches a word boundry so it basically stops it matching morethan3letters@domain.com \w matches a letter The problem I can forsee is things like mailing lists where the To: field does not match the recipients email address. On Wed, 2007-09-05 at 14:01, Steven Andrews wrote: > I've got an oddball scenario I've got to deal with. I've got a box > servicing multiple domains and on one domain I've got to take just > about any 3digit format@domain.com and pass it on, that and a few > specific email addresses; anything else, i want to toss. > > What I'm planning, and please correct my logic if necessary, is to > create a rule to penalize all mail to that domain, say 10 points, > effectively making it high spam. Then, have another rule that > reverses the penalty (-10) on all mail to xxx@domain.com and to > specificaddress@domain.com > > I've got the penalty phase rule working and i understand how to do it > for specificaddress@domain.com, but i'm weak with the regex to match > any 3 letters@domain.com. > > anyone got a quick sec to show me an example? > > Thanks, > > Steve > > ______________________________________________________________________ > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ugob at lubik.ca Wed Sep 5 17:32:22 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Wed Sep 5 17:32:46 2007 Subject: Notice problem In-Reply-To: <46DEB53E.5040207@giversen.net> References: <20070904134246.GA11063@doctor.nl2k.ab.ca> <46DEB53E.5040207@giversen.net> Message-ID: sysadm wrote: > It seems that I have a problem with the notice from: function in > MailScanner. > > It only have this behaviour with password protected zip files. What am i > missing, any ideas? > Are the files seen as a virus? From gmane at tippingmar.com Wed Sep 5 17:47:18 2007 From: gmane at tippingmar.com (Mark Nienberg) Date: Wed Sep 5 17:47:36 2007 Subject: update_spamassassin default changed Message-ID: I noticed after I upgraded to the current MailScanner that in the file /etc/cron.daily/update_spamassassin the value of disabled=yes is now disabled=no. Does this mean that the current thinking is to enable this by default? I have been reluctant to do so after reading about earlier problems with this feature. Mark From grupolistas at gmail.com Wed Sep 5 17:50:51 2007 From: grupolistas at gmail.com (infolistas listas) Date: Wed Sep 5 17:50:57 2007 Subject: doesnt release from hold In-Reply-To: References: <44c071aa0709041235m150952f7v533ba6f1f0087a35@mail.gmail.com> Message-ID: <44c071aa0709050950k6d0653c8h96a91e66624b5dc@mail.gmail.com> where do I find this bayes directory , its getting worse every moment now even rebooting the system or using the postsuper -r ALL it isnt working... how to I stop holding them so long??? Thnaks 2007/9/4, Scott Silva : > > infolistas listas spake the following on 9/4/2007 12:35 PM: > > Guys I think mail scanner isnt releasing my mail that are on queue and > > its stopping all mail to go out and in > > > > c logs http://rapido.mfplan.com.br > > > It looks like it is choking on your bayes rebuild. Look in your bayes > directory for a bunch of files with expire in their name. You might need > to > run an expiry run with mailscanner stopped as the mailscanner user. > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070905/b4b8654a/attachment.html From ssilva at sgvwater.com Wed Sep 5 18:29:04 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Sep 5 18:29:34 2007 Subject: doesnt release from hold In-Reply-To: <44c071aa0709050950k6d0653c8h96a91e66624b5dc@mail.gmail.com> References: <44c071aa0709041235m150952f7v533ba6f1f0087a35@mail.gmail.com> <44c071aa0709050950k6d0653c8h96a91e66624b5dc@mail.gmail.com> Message-ID: >> >> infolistas listas spake the following on 9/4/2007 12:35 PM: >> > Guys I think mail scanner isnt releasing my mail that are on >> queue and >> > its stopping all mail to go out and in >> > >> > c logs http://rapido.mfplan.com.br >> > >> It looks like it is choking on your bayes rebuild. Look in your bayes >> directory for a bunch of files with expire in their name. You might >> need to >> run an expiry run with mailscanner stopped as the mailscanner user. >> >> -- >> >> MailScanner is like deodorant... >> You hope everybody uses it, and >> you notice quickly if they don't!!!! >> > where do I find this bayes directory , its getting worse every moment > now even rebooting the system or using the postsuper -r ALL it isnt > working... how to I stop holding them so long??? Thnaks > I don't run postfix, but if you know how to run a spamassassin --lint as the postfix user it is listed in the output. Glenn, are you there? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mailscanner at slackadelic.com Wed Sep 5 18:32:45 2007 From: mailscanner at slackadelic.com (Matt Hayes) Date: Wed Sep 5 18:32:52 2007 Subject: doesnt release from hold In-Reply-To: References: <44c071aa0709041235m150952f7v533ba6f1f0087a35@mail.gmail.com> <44c071aa0709050950k6d0653c8h96a91e66624b5dc@mail.gmail.com> Message-ID: <46DEE83D.8030107@slackadelic.com> Scott Silva wrote: >>> >>> infolistas listas spake the following on 9/4/2007 12:35 PM: >>> > Guys I think mail scanner isnt releasing my mail that are on >>> queue and >>> > its stopping all mail to go out and in >>> > >>> > c logs http://rapido.mfplan.com.br >>> > >>> It looks like it is choking on your bayes rebuild. Look in your >>> bayes >>> directory for a bunch of files with expire in their name. You might >>> need to >>> run an expiry run with mailscanner stopped as the mailscanner user. >>> >>> -- >>> >>> MailScanner is like deodorant... >>> You hope everybody uses it, and >>> you notice quickly if they don't!!!! >>> >> where do I find this bayes directory , its getting worse every moment >> now even rebooting the system or using the postsuper -r ALL it isnt >> working... how to I stop holding them so long??? Thnaks >> The bayes directory depends on where you put it when you configure MailScanner. You need to read your etc/spam.assassin.prefs file to see where you put it or where its trying to put it. -Matt From MailScanner at ecs.soton.ac.uk Wed Sep 5 18:54:43 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Sep 5 18:55:05 2007 Subject: Just some ideas for upcoming MailScanner releases In-Reply-To: <46DE0756.9090903@gmail.com> References: <20070904134246.GA11063@doctor.nl2k.ab.ca> <46DE0756.9090903@gmail.com> Message-ID: <46DEED63.7080606@ecs.soton.ac.uk> Does someone want to tell me how to set up a yum repository so you can do this? Rianto Wahyudi wrote: > Addition to this : "repository" of which you can do : "yum update > MailScanner " and it will update MailScanner Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From chris at bluecobras.com Wed Sep 5 21:41:19 2007 From: chris at bluecobras.com (Chris Hammond) Date: Wed Sep 5 18:59:14 2007 Subject: Just some ideas for upcoming MailScanner releases In-Reply-To: <46DEED63.7080606@ecs.soton.ac.uk> Message-ID: <5583562.201189024879865.JavaMail.root@scalix.bluecobras.com> Julian, check out this page. http://dag.wieers.com/home-made/mrepo/ Chris ----- Original Message ----- From: Julian Field Sent: Wed, 9/5/2007 1:54pm To: MailScanner discussion Subject: Re: Just some ideas for upcoming MailScanner releases Does someone want to tell me how to set up a yum repository so you can do this? Rianto Wahyudi wrote: > Addition to this : "repository" of which you can do : "yum update > MailScanner " and it will update MailScanner Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customization, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message was scanned by ESVA and is believed to be clean. Click here to report this message as spam. http://mailscanner.bluecobras.com/cgi-bin/learn-msg.cgi?id=F1CAF2821E.D11C3 From MailScanner at ecs.soton.ac.uk Wed Sep 5 18:59:13 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Sep 5 18:59:31 2007 Subject: list of variables which can be used in reports In-Reply-To: <50678FBB708A9B4FB6B536F6F657883D028E95CF@exch-gman.ad.goodmanmfg.com> References: <1188387826.3776.3.camel@gblades-suse.linguaphone-intranet.co.uk> <46D569C9.7060206@ecs.soton.ac.uk> <1188391785.3773.12.camel@gblades-suse.linguaphone-intranet.co.uk> <46D56CC3.7020200@ecs.soton.ac.uk><1188392396.3779.14.camel@gblades-suse.linguaphone-intranet.co.uk> <46D57A58.50406@ecs.soton.ac.uk> <50678FBB708A9B4FB6B536F6F657883D028E95CF@exch-gman.ad.goodmanmfg.com> Message-ID: <46DEEE71.8030509@ecs.soton.ac.uk> It will be in the next release for you. Horton, Robert wrote: > Julian, > > I could use the $datenumber variable in the inline.spam.warning.txt. > It's available in the notice for high scoring spam but not the inline > spam warning. > > Thanks, > > Robert > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Wednesday, August 29, 2007 8:53 AM > To: MailScanner discussion > Subject: Re: list of variables which can be used in reports > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > You should already be able to use "$sascore" in this report. Sorry it's > not in the example report, I must have overlooked that. Any others you > need? > > Gareth wrote: > >> en/inline.spam.warning.txt please. >> >> On Wed, 2007-08-29 at 13:55, Julian Field wrote: >> >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> But in which report(s) specifically? And don't say "all of them" :-) >>> >>> Gareth wrote: >>> >>> >>>> It would be useful to have the total spam score as a variable. >>>> >>>> The reason being that I get users to drop copies of all false >>>> > positives > >>>> into a shared folder and it would save me having to manually add up >>>> > all > >>>> the scores to find what the total was. Depending on how much over >>>> > the > >>>> threshold it was I decide to do various things such as whitelist >>>> > them, > >>>> tell them to fix their mail system or do nothing :) >>>> >>>> Thanks >>>> >>>> On Wed, 2007-08-29 at 13:42, Julian Field wrote: >>>> >>>> >>>> >>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>> Hash: SHA1 >>>>> >>>>> Each of the sample reports I provide use all the variables >>>>> > available in > >>>>> that report. >>>>> If you need any adding, just tell me what you want and where you >>>>> > want to > >>>>> use it. >>>>> >>>>> Gareth wrote: >>>>> >>>>> >>>>> >>>>>> Is there a list of variables that can be used in reports anywhere? >>>>>> I have a look in the book and on wiki but could not find anything. >>>>>> >>>>>> In particular I would like to change the inline spam report so >>>>>> > that it > >>>>>> also reports the total spamassassin score. >>>>>> >>>>>> Thanks >>>>>> Gareth >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> Jules >>>>> >>>>> - -- >>>>> Julian Field MEng CITP >>>>> www.MailScanner.info >>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>> >>>>> Need help customising MailScanner? >>>>> Contact me! >>>>> Need help fixing or optimising your systems? >>>>> Contact me! >>>>> Need help getting you started solving new requirements from your >>>>> > boss? > >>>>> Contact me! >>>>> >>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>> >>>>> >>>>> -----BEGIN PGP SIGNATURE----- >>>>> Version: PGP Desktop 9.6.3 (Build 3017) >>>>> Comment: (pgp-secured) >>>>> Charset: ISO-8859-1 >>>>> >>>>> wj8DBQFG1WnKEfZZRxQVtlQRAjOMAKDv3xvdvg4NnszZQfONbjkx7a/KxACgiMtf >>>>> ZAqlgmHz/zYbZd8uuP4VlHI= >>>>> =s2b8 >>>>> -----END PGP SIGNATURE----- >>>>> >>>>> -- >>>>> This message has been scanned for viruses and >>>>> dangerous content by MailScanner, and is >>>>> believed to be clean. >>>>> For all your IT requirements visit www.transtec.co.uk >>>>> >>>>> >>>>> >>>> >>>> >>>> >>> Jules >>> >>> - -- >>> Julian Field MEng CITP >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> Need help customising MailScanner? >>> Contact me! >>> Need help fixing or optimising your systems? >>> Contact me! >>> Need help getting you started solving new requirements from your >>> > boss? > >>> Contact me! >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: PGP Desktop 9.6.3 (Build 3017) >>> Comment: (pgp-secured) >>> Charset: ISO-8859-1 >>> >>> wj8DBQFG1WzEEfZZRxQVtlQRAlCnAKCnSNqx5goX+IwKXK8F+IgWfGc3jwCg+7Gt >>> zJ/GCo6o8GBmLmMx8nzltqk= >>> =bDpY >>> -----END PGP SIGNATURE----- >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> For all your IT requirements visit www.transtec.co.uk >>> >>> >> >> > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.3 (Build 3017) > Comment: (pgp-secured) > Charset: ISO-8859-15 > > wj8DBQFG1XpZEfZZRxQVtlQRAiFpAJ9k5bJIxeq83zR8a4VwiIJHjTMfXACeJC3z > G9o7Ewzmqn+55QDHvlYA2Ew= > =GBej > -----END PGP SIGNATURE----- > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Wed Sep 5 19:16:09 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Sep 5 19:16:35 2007 Subject: HELP ME PLEASE: MCP In-Reply-To: <20070905131802.M13951@yatta-it.com> References: <20070903105205.M86793@yatta-it.com> <1188820150.7202.26.camel@localhost> <20070903124728.M16375@fadalto.com> <8D2EFA3D9FD29C45BCEC3B532F0E2308413391EB2B@RDPEXCH2.Eu.Emory.Edu> <20070905131802.M13951@yatta-it.com> Message-ID: <46DEF269.40000@ecs.soton.ac.uk> The logic of what to do with the various spam+mcp actions when they can be done in either order is tortuous to say the least. But I will take a look for you. Phil wrote: > Great!!! > > IT WORKS! > > Changing the directive from "First Check = mcp" to "First Check = spam" has solved the > problem!! > > Really many thanks > > Obviously it seems to be a BUG, for those who cares :) > > Phil > > > ---------- Original Message ----------- > From: "Gottschalk, David" > To: MailScanner discussion > Sent: Tue, 4 Sep 2007 08:12:35 -0400 > Subject: RE: HELP ME PLEASE: MCP > > >> Try... >> >> First Check = spam >> >> I had this same problem, and that resolved it for me. >> >> David Gottschalk >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Phil Sent: Monday, September 03, >> 2007 8:47 AM To: MailScanner discussion Subject: Re: HELP ME PLEASE: MCP >> >> Ok, Sorry. >> >> Copying the conf the "forward" keys has been deleted. >> >> The config I'm using is: >> >> MCP Header = X-%org-name%-MailScanner-MCPCheck: >> Non MCP Actions = deliver >> MCP Actions = store forward spammy@yatta-it.com >> High Scoring MCP Actions = store forward spammy@yatta-it.com >> Bounce MCP As Attachment = no >> >> And, since I'm doing test, I'm sure I'm testing the MCP and not the HIGH-MCP :) >> >> Sincere thanks for the answer >> >> Phil >> >> ---------- Original Message ----------- >> From: David Jacobson >> To: MailScanner discussion >> Sent: Mon, 3 Sep 2007 13:49:10 +0200 >> Subject: Re: HELP ME PLEASE: MCP >> >> >>> Hi, >>> >>> See comments inline. >>> >>> On Mon, 2007-09-03 at 12:54 +0200, Phil wrote: >>> >>>> Hi all, >>>> >>>> I'm using now new MailScanner-4.63.7-2. >>>> >>>> The problem is the same and I'm go crazy. >>>> >>>> MCP messages are not forwarded to my spam trash user. >>>> >>>> Even if I configure MS to deliver MCP messages, they disappear and will not >>>> > deliver. > >>>> My configuration sectio is: >>>> >>>> Non MCP Actions = deliver >>>> MCP Actions = store forward spammy@yatta-it.com >>>> High Scoring MCP Actions = store spammy@yatta-it.com >>>> >>> This should be store forward spammy@yatta-it.com you have left out the >>> forward. Your MCP action is probably reaching the High scoring >>> threshold therefore not forwarding. >>> >>> >>>> Bounce MCP As Attachment = no >>>> >>>> >>>> >>>> >>>> Please, please, I'm begging you, could you please help me? >>>> >>>> Many thanks to all! >>>> >>>> Phil >>>> >>>> >>> -- >>> Regards, >>> >>> David Jacobson >>> Technical Director >>> SYNAQ (Pty) Ltd >>> >>> Tel: 011 245 5888 >>> Direct: 011 245 5889 >>> Fax: 011 783 9275 >>> Cell: 083 235 0760 >>> Mail: davidj@synaq.com >>> Web: http://www.synaq.com >>> >>> Key Fingerprint >>> 8246 FCE1 3C22 7EFB E61B 18DF 6E8B 65E8 BD50 78A1 >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> ------- End of Original Message ------- >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > ------- End of Original Message ------- > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Wed Sep 5 19:29:06 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Sep 5 19:29:20 2007 Subject: Trouble with White Listing Mailman list In-Reply-To: <625385e30709050720w27ad1733p71cd788e0cdbea47@mail.gmail.com> References: <46DE607A.2030907@sympatico.ca> <625385e30709050102s1a9f9c57s99f5f7efa4e5f325@mail.gmail.com> <46DEB255.8060607@sympatico.ca> <625385e30709050720w27ad1733p71cd788e0cdbea47@mail.gmail.com> Message-ID: <46DEF572.2050909@ecs.soton.ac.uk> Very good idea. Added. It will be in the next release. shuttlebox wrote: > On 9/5/07, Dave Filchak wrote: > >> X-zuka.net-rw-MailScanner-SpamCheck: spam, SpamAssassin (not cached, >> score=5.13, required 5, ALL_TRUSTED -1.44, >> FUZZY_OCR_CORRUPT_IMG 0.50, HEADER_SPAM 3.12, HTML_MESSAGE 0.00, >> HTML_TAG_EXIST_TBODY 0.13, SARE_GIF_ATTACH 1.42, >> SARE_HEAD_HDR_APPROV 0.82, SARE_UNI 0.59), not spam, SpamAssassin (not cached, >> score=3.451, required 5, FUZZY_OCR_CORRUPT_IMG 0.50, >> HTML_MESSAGE 0.00, HTML_TAG_EXIST_TBODY 0.13, INFO_TLD 0.81, >> SARE_GIF_ATTACH 1.42, SARE_UNI 0.59) >> > > >> X-Zuka-EB-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=8.226, >> required 5, BAYES_50 0.00, HEADER_SPAM 3.40, >> HTML_MESSAGE 0.00, >> INLINE_IMAGE 2.00, SARE_GIF_ATTACH 1.42, SARE_HEAD_HDR_APPROV 0.82, >> SARE_UNI 0.59), not spam, SpamAssassin (cached, score=4.013, >> required 5, BAYES_50 0.00, HTML_MESSAGE 0.00, INLINE_IMAGE 2.00, >> SARE_GIF_ATTACH 1.42, SARE_UNI 0.59) >> > > Very strange that you in the report have two reports, one that says > it's spam and one that disagrees! Do you have spamd running? > > Also, remove the dot in zuka.net (%org-name%), it's not allowed. It's > been known to cause problems. > > Julian: would you consider adding a dot/underscore check to --lint? > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Wed Sep 5 19:30:36 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Sep 5 19:30:56 2007 Subject: update_spamassassin default changed In-Reply-To: References: Message-ID: <46DEF5CC.6040104@ecs.soton.ac.uk> Mark Nienberg wrote: > I noticed after I upgraded to the current MailScanner that in the file > /etc/cron.daily/update_spamassassin > the value of > > disabled=yes is now disabled=no. > > Does this mean that the current thinking is to enable this by default? Yes. > I have been reluctant to do so after reading about earlier problems > with this feature. I don't know of any current problems with it at all. Am I wrong? Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From richard.siddall at elirion.net Wed Sep 5 20:43:15 2007 From: richard.siddall at elirion.net (Richard Siddall) Date: Wed Sep 5 20:45:24 2007 Subject: yum repositories, was: Just some ideas for upcoming MailScanner releases In-Reply-To: <46DEED63.7080606@ecs.soton.ac.uk> References: <20070904134246.GA11063@doctor.nl2k.ab.ca> <46DE0756.9090903@gmail.com> <46DEED63.7080606@ecs.soton.ac.uk> Message-ID: <46DF06D3.2090102@elirion.net> Julian Field wrote: > Does someone want to tell me how to set up a yum repository so you can > do this? > It's a little more complicated than setting up "a" repository. There are multiple RPM-based distros (anyone want anything other than CentOS/RHEL and SUSE?), multiple versions of said distros (anyone still using CentOS/RHEL 4.x?), and you'll want a stable and a testing repo for each distro version. Having said that, it's something along these lines for each distro version: # Build a distro-specific version of mailscanner-.rpm rpmbuild -ba mailscanner.spec # Or use your mailscanner-requires # Build all the distro-specific RPMs, most of which won't be used. tar zxvf MailScanner-.rpm.tar.gz cd MailScanner- ./install.sh # Copy everything up to the repo. cp -up /usr/src/redhat/RPMs/*.rpm /var/www/html/repo/stable/ # Sign the RPMs cd /var/www/html/repo/stable rpm --addsign *.rpm # Create the repo metafiles createrepo . # scp it to the main web server... scp -pr /var/www/html/repo/stable jules@mailscanner.info:/... Which isn't that bad if you've got a VPS for each distro version, or a volunteer to maintain that version for you. And, of course, you have to provide your PGP signing key and a repo config file for each repo on the downloads page at http://mailscanner.info/downloads.html Another approach that might work would be to join RPMForge, or give Dag Wieers (etc.) an updated mailscanner.spec or SRPM to build from. Offloading repo support to RPMForge (and a few other entities) would make your life easier in some respects. I don't know if they operate a shared build farm. I've attached a slightly updated (and not very clean) version of your mailscanner-requires.spec, but I'd recommend merging it into the core mailscanner-.spec so you can produce a distro-version-specific RPM with the correct dependencies for the distro version. For the old MailScanner-.rpm.tar.gz you could just turn off all the dependencies by not defining a distro flag. Regards, Richard Siddall -------------- next part -------------- # # Build with # rpmbuild -ba --define 'oscode 1' mailscanner-requires.spec # Where oscode is: # rh6 RedHat Linux 6.x # fc2 Fedora Core 2 # rhel5 RedHat Enterprise Linux 5 (and clones) # %define version 4.60.1 %define release 2 %define name mailscanner-requires Name: %{name} Version: %{version} Release: %{release} Summary: E-Mail Gateway Virus Scanner and Spam Detector Group: System Environment/Daemons License: GPL Vendor: Electronics and Computer Science, University of Southampton Packager: Julian Field URL: http://www.mailscanner.info/ Requires: mailscanner >= 4.60.1, perl >= 5.6.1, tnef >= 1.1.1, perl-MIME-tools >= 5.412, perl-Archive-Zip, perl-Compress-Zlib, perl-Convert-BinHex, perl-Convert-TNEF, perl-DBD-SQLite, perl-DBI, perl-Filesys-Df, perl-Getopt-Long, perl-IO-stringy, perl-HTML-Parser, perl-HTML-Tagset, perl-MailTools, perl-Net-CIDR, perl-Net-IP, perl-Sys-Hostname-Long, perl-TimeDate #BuildRoot: %{_tmppath}/%{name}-root BuildArchitectures: noarch # On some OSes, required Perl modules are built into the core Perl RPM %{?rh6:Requires: perl-File-Temp} %{?rh6:Requires: perl-MIME-Base64} %{?rh6:Requires: perl-Time-HiRes} #%{?rh6:Requires: perl-Sys-Syslog} #%{?fc2:Requires: perl-File-Temp} #%{?fc2:Requires: perl-MIME-Base64} %{?fc2:Requires: perl-Time-HiRes} #%{?fc2:Requires: perl-Sys-Syslog} #%{?rhel5:Requires: perl-File-Temp} #%{?rhel5:Requires: perl-MIME-Base64} #%{?rhel5:Requires: perl-Time-HiRes} #%{?rhel5:Requires: perl-Sys-Syslog} %description This is an RPM that exists solely for use by 'yum' to list all the requirements of MailScanner. If you 'yum localinstall' this package, then yum will go and fetch all the required packages and Perl modules. See the 'mailscanner' rpm for more information about MailScanner itself. #%prep #%setup #%build #%install %clean rm -rf ${RPM_BUILD_ROOT} %files %changelog * Fri Jun 1 2007 Richard Siddall - Started hacking up for OS-dependent dependencies. * Thu May 24 2007 Julian Field - Created. From mailadmin at baladia.gov.kw Wed Sep 5 21:27:26 2007 From: mailadmin at baladia.gov.kw (Mail Administrator) Date: Wed Sep 5 21:28:21 2007 Subject: query regarding qurantine release In-Reply-To: References: <4004.62.150.152.226.1188940071.squirrel@webmail.baladia.gov.kw> Message-ID: <2960.62.150.152.226.1189024046.squirrel@webmail.baladia.gov.kw> Thnaks Guy.. for ur reply i will try it out and let u know thanks indeed regards benedict > Mail Administrator spake the following on 9/4/2007 2:07 PM: >>> How does your webmail send the mail? >>> Does it make a smtp connection or run sendmail locally? >>> >>> If it makes a SMTP connection then you could probably configure it to >>> connect to the servers real IP address and not 127.0.0.1 and then it >>> should >>> work. >>> >> >> Thanks for ur quick reply >> really appreciate >> >> sendmail runs locally >> >> here my mail log when i send a message for more info. >> >> ---------------------------------------- >> >> ep 5 00:03:07 kmdns1 sendmail[32523]: l84L36FM032523: >> from=simon@kmun.gov.kw, size=652, class=0, nrcpts=1, >> msgid=<3964.62.150.152.226.1188939786.squirrel@webmail.baladia.gov.kw>, >> relay=apache@localhost >> Sep 5 00:03:07 kmdns1 sendmail[32524]: l84L37UE032524: >> from=, size=877, class=0, nrcpts=1, >> msgid=<3964.62.150.152.226.1188939786.squirrel@webmail.baladia.gov.kw>, >> proto=ESMTP, daemon=MTA, relay=kmdns1.kmun.gov.kw [127.0.0.1] >> Sep 5 00:03:07 kmdns1 sendmail[32524]: l84L37UE032524: >> to=, delay=00:00:00, mailer=esmtp, pri=30877, >> stat=queued >> >> ------------------------------------ >> >> 62.150.152.226 is a ip of my machine >> >> since my sendmail runs locally on ip 127.0.0.1 how could i go arround >> solving this problem . >> apprecite your help >> >> regards >> >> simon >> >> >> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of >>>> Mail Administrator >>>> Sent: 04 September 2007 21:28 >>>> To: MailScanner discussion >>>> Subject: query regarding qurantine release >>>> >>>> >>>> Dear All, >>>> >>>> >>>> I have the following setup on my server >>>> >>>> 1) Centos >>>> Primary Mail server >>>> Primary dns server >>>> Mailscanner >>>> Webmail server >>>> >>>> most of the users use their browser to login to the above server for >>>> sending and checking their mails >>>> everything is been workin perfectly >>>> >>>> i installed mailwatch so that i could release quarantine mails at >>>> my decision >>>> >>>> i then followed the exact steps as mentioned in the FAQ >>>> >>>> http://mailwatch.sourceforge.net/doku.php?id=mailwatch:faq >>>> >>>> and now i tried to test >>>> >>>> i sent a mail with attachment from my Yahoo account to my local mail >>>> server and it was blocked my mailscanner whcih is perfect >>>> n i logged in mailwatch and i could release the attachment and after i >>>> released if went perfectly to my mailbox. thats grt >>>> >>>> now i sent a mail with attachemnt from my local account using webmail >>>> to >>>> my yahoo account and it went perfectly fine >>>> >>>> and in my mailwatch details .. >>>> status as whitelist >>>> spam score 0.00 >>>> >>>> since 127.0.0.1 is white listed as per the rules.. >>>> >>>> So i see that Mailscanner n mailwatch works jus perfect for the mails >>>> received its grt >>>> >>>> but i have queries regading mail sent by users using the browser >>>> with webmail >>>> >>>> 1) does mailscanner do a virus n spam check on the mails sent since i >>>> see >>>> in mailwatch the status is >>>> >>>> status as whitelist >>>> spam score 0.00 >>>> cause if this does not happen then the users pc inefcted will cause >>>> the >>>> mail server to spam or send infected mails out >>>> >>>> 2) obviously i would like mailscanner to scan and block any >>>> attachments >>>> sent by my users via webmail and they should only be sent when >>>> released >>>> from quarantine with mailwatch >>>> >>>> how do i the above .. setup rules for doin that >>>> >>>> basically i see that after i implemented the steps in FAQ regarding >>>> the >>>> release of quarantine mails i see that it works perfect for mails with >>>> attachment received and not for mails sent >>>> >>>> >>>> really wd apprecite your help >>>> >>>> >>>> Regards >>>> >>>> Simon > In your conf.php in the mailwatch directory you have a setting like; > define(QUARANTINE_FROM_ADDR, 'postmaster'); > > Change all the rules to have From: 127.0.0.1 and From: > postmaster@localhost no > (notice the "and From:" part) > > Change postmaster to what you have in your conf.php. > This way it will only whitelist messages that match "both" choices, which > your > webmail users won't hit. > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- Network ADMIN: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From writetoashok at gmail.com Thu Sep 6 07:45:03 2007 From: writetoashok at gmail.com (Ashok Kumar) Date: Thu Sep 6 07:45:09 2007 Subject: Size checking for mails when using CC field Message-ID: Hi list, I could limit the size of messages sent based on user/domain using the following directives. Maximum Message Size = %rules-dir%/max.message.size.rules Maximum Attachment Size = %rules-dir%/max.attachment.size.rules But, the restriction doesn't seem to apply if mails are send using the CC field. since CC field doesn't appear in the headers, the rules like, FromOrTo: user@example.com 5M cannot be used. Is there a solution for this, so that the restriction applies even when the mail is send using the CC fields? -- regards, Ashok. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070906/9dd2cab0/attachment.html From tgc at statsbiblioteket.dk Thu Sep 6 08:17:22 2007 From: tgc at statsbiblioteket.dk (Tom G. Christensen) Date: Thu Sep 6 08:17:25 2007 Subject: yum repositories, was: Just some ideas for upcoming MailScanner releases In-Reply-To: <46DF06D3.2090102@elirion.net> References: <20070904134246.GA11063@doctor.nl2k.ab.ca> <46DE0756.9090903@gmail.com> <46DEED63.7080606@ecs.soton.ac.uk> <46DF06D3.2090102@elirion.net> Message-ID: <46DFA982.1090106@statsbiblioteket.dk> Richard Siddall wrote: > Julian Field wrote: >> Does someone want to tell me how to set up a yum repository so you can >> do this? >> > > It's a little more complicated than setting up "a" repository. There > are multiple RPM-based distros (anyone want anything other than > CentOS/RHEL and SUSE?), multiple versions of said distros (anyone still > using CentOS/RHEL 4.x?), and you'll want a stable and a testing repo for > each distro version. > I think you can pretty much count on RHEL 3->5 seeing serious use. I still have Mailscanner gateways running RHEL 2.1 but it's late in its lifecycle (EOL 2009-03-31) so probably not worth targetting. With a proper buildsystem and good quality specfiles it should not be a problem building for all of RHEL 3,4,5, just look at rpmforge. > Which isn't that bad if you've got a VPS for each distro version, or a > volunteer to maintain that version for you. > IMHO the most sane way to maintain a package for multiple distros is the rpmforge way of one specfile pr. package. Combined with a buildsystem like mock you can quite easily maintain builds for many different dists on a single machine. > Another approach that might work would be to join RPMForge, or give Dag > Wieers (etc.) an updated mailscanner.spec or SRPM to build from. > Offloading repo support to RPMForge (and a few other entities) would > make your life easier in some respects. I don't know if they operate a > shared build farm. > I'd think Dag would be positive if Julian offered to maintain a MailScanner specfile in rpmforge SVN. The alternative could be to fork the necessary packages from rpmforge into sort of an rpmforge for MailScanner sub repo. Julian would maintain a branch of rpmforge SVN for MailScanner, only building the packages needed for MailScanner and tagging them with jf or somesuch. How do you propose to solve the problem that it's not really possible to upgrade a number of core perl modules using rpms without installing with --force due to file conflicts? The distro perl packages where simply not designed for this in RHEL. This is the biggest blocker against 'yum install MailScanner' as I see it. My personal solution has been to fork the distro perl package and split it up into upgradeable subpackages, I prefer having to maintain that over using rpm --force. -tgc From andreab at guttadauro.com Thu Sep 6 09:53:41 2007 From: andreab at guttadauro.com (Andrea Bazzanini) Date: Thu Sep 6 09:51:23 2007 Subject: Relase from Message-ID: <46DFC015.3000002@guttadauro.com> Hello Guys... Is possible release messages from quarantine and use the original sender in to "from" field instead of MailScanner Administrator ? Thanks !! -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi, ed e' risultato non infetto. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070906/26b65e3c/attachment.html From MailScanner at ecs.soton.ac.uk Thu Sep 6 10:14:28 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Sep 6 10:14:54 2007 Subject: Size checking for mails when using CC field In-Reply-To: References: Message-ID: <46DFC4F4.7030409@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Cc field in the headers is just another way of giving recipients. The "To" that MailScanner looks at includes all the recipients, To: Cc: and Bcc:. Ashok Kumar wrote: > Hi list, > > I could limit the size of messages sent based on user/domain using the > following directives. > > Maximum Message Size = %rules-dir%/max.message.size.rules > Maximum Attachment Size = %rules-dir%/max.attachment.size.rules > > But, the restriction doesn't seem to apply if mails are send using the > CC field. since CC field doesn't appear in the headers, the rules > like, FromOrTo: user@example.com 5M cannot > be used. > > Is there a solution for this, so that the restriction applies even > when the mail is send using the CC fields? > > > -- > regards, > Ashok. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFG38T1EfZZRxQVtlQRAoV/AJ99bHIflz1f3/eEJdJExIcpEqg22ACgujn9 /ZoIDQMKO4BASvX0/v6awSk= =26WE -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From neilw at dcdata.co.za Thu Sep 6 10:27:25 2007 From: neilw at dcdata.co.za (Neil Wilson) Date: Thu Sep 6 10:29:41 2007 Subject: Disclaimer at the top Message-ID: <46DFC7FD.6030602@dcdata.co.za> Hi guys, Anyone know of a way to get a disclaimer to appear at the top of a mail instead of at the bottom? I'm using the inline_sig.html and have my sign clean messages = yes Thanks. Regards. Neil -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html From list-mailscanner at linguaphone.com Thu Sep 6 10:33:05 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Thu Sep 6 10:33:18 2007 Subject: Problem with rule actions (2) In-Reply-To: <1188992322.23624.25.camel@gblades-suse.linguaphone-intranet.co.uk> References: <46DDCB47.5000701@ecs.soton.ac.uk> <1188988931.23626.15.camel@gblades-suse.linguaphone-intranet.co.uk> <1188991494.23620.18.camel@gblades-suse.linguaphone-intranet.co.uk> <1188992322.23624.25.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <1189071185.26505.7.camel@gblades-suse.linguaphone-intranet.co.uk> Any thoughts on this Julian? Thinking about it a bit more myself it appears that when the custom action matches and the store,non-deliver is performed that MailScanner forgets about the actions it should be taking due to the message being identified as containing a virus. This results in :- * Message and decoded attachments not being saved into the virus quaranteen. * Details of the virus infections is lost and not passed onto the custom finction used to log entries to the mailwatch database. Thanks Gareth On Wed, 2007-09-05 at 12:38, Gareth wrote: > Ok could you have a look at this Julian when you have some spare time. > > Problem: When an email contains a virus and it triggers a custom action > (store,non-deliver) the infection report is not being stored in the > database. The following code is what mailwatch uses to retrieve the > infection array and convert it to a string and I cant see why it would > be going wrong as it is just using the data passed by mailscanner. > > It would be nice if the virus quaranteen was still populated in addition > to the spam quarantine since the virus quaranteen has the attachments > decoded so it makes it easier to do furthur manual tests. > > my($file, $text, @report_array); > while(($file, $text) = each %{$message->{allreports}}) { > $file = "the entire message" if $file eq ""; > # Use the sanitised filename to avoid problems caused by people > forcing > # logging of attachment filenames which contain nasty SQL > instructions. > $file = $message->{file2safefile}{$file} or $file; > $text =~ s/\n/ /; # Make sure text report only contains 1 line > $text =~ s/\t/ /; # and no tab characters > push (@report_array, $text); > } > > # Sanitize reports > my $reports = join(",",@report_array); > > > Thanks > Gareth > > > > On Wed, 2007-09-05 at 12:24, Gareth wrote: > > Done a bit of investigating and the 'report' field in the mysql database > > is not being populated. > > > > So its mailscanner or the MailWatchLogging custom plugin > > > > On Wed, 2007-09-05 at 11:42, Gareth wrote: > > > Thanks Julian. > > > > > > That is now working fine but I do have one issue which I dont know if it > > > is mailscanner or mailwatch. > > > > > > When I get a virus which is high scoring the mail is only quarantined in > > > the spam folder. > > > Nothing is saved in the normal virus quarantine. With the previous > > > version when it was saving to the spam folder viruses were also put in > > > the normal virus quaranteen aswell and this did not cause any problems. > > > With this version the change seems to cause mailwatch problems as it > > > cannot determine what viruses were detected (there is no report field) > > > > > > On Tue, 2007-09-04 at 22:16, Julian Field wrote: > > > > You're absolutely right, it's a bug. > > > > Fixed in 4.63.8-1 which is on its way out the door as I type.... > > > > > > > > The error happens however you try to add more than one action to any > > > > given rule, not just in specifying a comma-separated list of actions for > > > > a rule. > > > > > > > > Well spotted. > > > > > > > > Gareth wrote: > > > > > Spam Actions = deliver attachment header "X-Spam-Flag: YES" > > > > > High Scoring Spam Actions = %rules-dir%/deliver.high.scoring.spam.rules > > > > > Non Spam Actions = deliver header "X-lgdeltd-MailScanner-Spam-Status: No" > > > > > > > > > > [root@mailscanner MailScanner]# cat > > > > > /etc/MailScanner/rules/deliver.high.scoring.spam.rules > > > > > To: mis@linguaphone.co.uk delete > > > > > To: mis@linguaphone-intranet.co.uk delete > > > > > To: mis@linguaphone.com delete > > > > > FromOrTo: default deliver attachment > > > > > header "X-Spam-Flag: YES" > > > > > > > > > > currently running MailScanner-4.63.7-2 > > > > > > > > > > > > > > >> -----Original Message----- > > > > >> From: mailscanner-bounces@lists.mailscanner.info > > > > >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > > > > >> Field > > > > >> Sent: 04 September 2007 21:32 > > > > >> To: MailScanner discussion > > > > >> Subject: Re: Prombem with rule actions > > > > >> > > > > >> > > > > >> What were your Spam Actions set to (all 3 of non-spam, spam, and > > > > >> high-scoring spam). > > > > >> > > > > >> And what version are you running? > > > > >> > > > > >> Gareth wrote: > > > > >> > > > > >>> For normal ham I get :- > > > > >>> > > > > >>> Actions are: deliver,header > > > > >>> > > > > >>> For spam with a rule of :- > > > > >>> SpamAssassin Rule Actions = SpamScore>=5=>store,non-deliver > > > > >>> I get :- > > > > >>> Actions are: attachment,header > > > > >>> > > > > >>> > > > > >>> > > > > >>>> -----Original Message----- > > > > >>>> From: mailscanner-bounces@lists.mailscanner.info > > > > >>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > > > > >>>> Field > > > > >>>> Sent: 04 September 2007 20:54 > > > > >>>> To: MailScanner discussion > > > > >>>> Subject: Re: Prombem with rule actions > > > > >>>> > > > > >>>> > > > > >>>> Around line 1020 of /usr/lib/MailScanner/MailScanner/Message.pm, there > > > > >>>> should be a big comment in a block of '#' characters that says > > > > >>>> "SpamAssassin Rule Actions ends here". > > > > >>>> Just after that comment, add this line: > > > > >>>> > > > > >>>> print STDERR "Actions are: " . join(',',keys %actions) . "\n"; > > > > >>>> > > > > >>>> And then run "MailScanner --debug". > > > > >>>> Please tell me if it just prints the last action or all of them. > > > > >>>> > > > > >>>> Gareth wrote: > > > > >>>> > > > > >>>> > > > > >>>>> SpamAssassin Rule Actions = BAYES_99=>store,non-deliver > > > > >>>>> SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver > > > > >>>>> non-deliver option works but store does not > > > > >>>>> > > > > >>>>> SpamAssassin Rule Actions = SpamScore>=20=>forward > > > > >>>>> test@cdlive.co.uk,store,non-deliver > > > > >>>>> non-deliver works but store and forward dont > > > > >>>>> > > > > >>>>> SpamAssassin Rule Actions = SpamScore>=20=>forward > > > > >>>>> > > > > >>>>> > > > > >>>> test@cdlive.co.uk,store > > > > >>>> > > > > >>>> > > > > >>>>> store works! > > > > >>>>> but foward doesnt > > > > >>>>> > > > > >>>>> I am beginning to see a pattern here... > > > > >>>>> > > > > >>>>> SpamAssassin Rule Actions = SpamScore>=20=>forward > > > > >>>>> test@cdlive.co.uk,non-deliver,store > > > > >>>>> store works > > > > >>>>> non-deliver doesn't > > > > >>>>> > > > > >>>>> > > > > >>>>> It looks to me that only the last option works. > > > > >>>>> > > > > >>>>> Lets try it a little bit different > > > > >>>>> SpamAssassin Rule Actions = SpamScore>=20=>non-deliver, > > > > >>>>> > > > > >>>>> > > > > >>>> SpamScore>=20=>store > > > > >>>> > > > > >>>> > > > > >>>>> Not delivered and stored - SUCCESS! > > > > >>>>> > > > > >>>>> > > > > >>>>> It looks like there may be a parsing bug. > > > > >>>>> > > > > >>>>> > > > > >>>>> > > > > >>>>> > > > > >>>>>> -----Original Message----- > > > > >>>>>> From: mailscanner-bounces@lists.mailscanner.info > > > > >>>>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf > > > > >>>>>> > > > > >> Of Julian > > > > >> > > > > >>>>>> Field > > > > >>>>>> Sent: 04 September 2007 19:31 > > > > >>>>>> To: MailScanner discussion > > > > >>>>>> Subject: Re: Prombem with rule actions > > > > >>>>>> > > > > >>>>>> > > > > >>>>>> > > > > >>>>>> > > > > >>>>>> Gareth wrote: > > > > >>>>>> > > > > >>>>>> > > > > >>>>>> > > > > >>>>>>> Jules, Could this be a bug? > > > > >>>>>>> > > > > >>>>>>> As it works when I put the store option in the high scoring > > > > >>>>>>> > > > > >>>>>>> > > > > >>>>>>> > > > > >>>>>> rules but wont > > > > >>>>>> > > > > >>>>>> > > > > >>>>>> > > > > >>>>>>> work as part of a rules actions line I cant think of any cause > > > > >>>>>>> > > > > >>>>>>> > > > > >>>>>>> > > > > >>>>>> other that a > > > > >>>>>> > > > > >>>>>> > > > > >>>>>> > > > > >>>>>>> problem with the rule actioon line itself or a bug somewhere. > > > > >>>>>>> > > > > >>>>>>> > > > > >>>>>>> > > > > >>>>>>> > > > > >>>>>> I have this lot set: > > > > >>>>>> > > > > >>>>>> Required SpamAssassin Score = 6 > > > > >>>>>> Non Spam Actions = deliver header "X-Spam-Status: No" > > > > >>>>>> Spam Actions = deliver header "X-Spam-Status: Yes" > > > > >>>>>> High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" > > > > >>>>>> > > > > >>>>>> SpamAssassin Rule Actions = FROM_BOSS_WIFE=>forward > > > > >>>>>> secretary@domain.com, SpamScore>=6=>forward > > > > >>>>>> spam.score@greater6.com,store,non-deliver, > > > > >>>>>> > > > > >> SpamScore<100=>store,forward > > > > >> > > > > >>>>>> spam.score@less100.com, store, SpamScore>100=>deliver,store > > > > >>>>>> > > > > >>>>>> And I get everything stored in the "nonspam" archive. > > > > >>>>>> > > > > >>>>>> So it appears to work for me. So I don't quite see why it doesn't for > > > > >>>>>> you. It sets all the spam actions first, long before it does anything > > > > >>>>>> about them. So it shouldn't be possible for the action to work in one > > > > >>>>>> setting and not in another. > > > > >>>>>> > > > > >>>>>> > > > > >>>>>> > > > > >>>>>>>> -----Original Message----- > > > > >>>>>>>> From: mailscanner-bounces@lists.mailscanner.info > > > > >>>>>>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf > > > > >>>>>>>> > > > > >>>>>>>> > > > > >>>> Of Gareth > > > > >>>> > > > > >>>> > > > > >>>>>>>> Sent: 04 September 2007 13:37 > > > > >>>>>>>> To: MailScanner discussion > > > > >>>>>>>> Subject: Re: Prombem with rule actions > > > > >>>>>>>> > > > > >>>>>>>> > > > > >>>>>>>> I tried the following aswell as an alternative and it didn't > > > > >>>>>>>> > > > > >>>>>>>> > > > > >>>> store the > > > > >>>> > > > > >>>> > > > > >>>>>>>> message either. > > > > >>>>>>>> > > > > >>>>>>>> SpamAssassin Rule Actions = BAYES_99=>store,non-deliver > > > > >>>>>>>> > > > > >>>>>>>> On Tue, 2007-09-04 at 12:22, Gareth wrote: > > > > >>>>>>>> > > > > >>>>>>>> > > > > >>>>>>>> > > > > >>>>>>>> > > > > >>>>>>>>> Thanks for that. I have changed it to postfix but I dont > > > > >>>>>>>>> > > > > >>>>>>>>> > > > > >>>>>>>>> > > > > >>>>>> think it makes > > > > >>>>>> > > > > >>>>>> > > > > >>>>>> > > > > >>>>>>>>> any real difference since it is already running as postfix > > > > >>>>>>>>> > > > > >>>>>>>>> > > > > >>>> so it could > > > > >>>> > > > > >>>> > > > > >>>>>>>>> not change the user to root anyway. > > > > >>>>>>>>> > > > > >>>>>>>>> I changed my high scoring spam actions to add the deliver > > > > >>>>>>>>> > > > > >>>>>>>>> > > > > >>>>>>>>> > > > > >>>>>> option and an > > > > >>>>>> > > > > >>>>>> > > > > >>>>>> > > > > >>>>>>>>> incoming high scoring spam and virus was detected and copies > > > > >>>>>>>>> > > > > >>>>>>>>> > > > > >>>>>>>>> > > > > >>>>>> were saved > > > > >>>>>> > > > > >>>>>> > > > > >>>>>> > > > > >>>>>>>>> in the following places :- > > > > >>>>>>>>> 20070904/spam/CF509AA0090.2CC09 > > > > >>>>>>>>> 20070904/CF509AA0090.2CC09/message > > > > >>>>>>>>> i.e it worked fine and two copies of the message was saved. > > > > >>>>>>>>> > > > > >>>>>>>>> > > > > >>>>>>>>> > > > > >>>>>> That is fine > > > > >>>>>> > > > > >>>>>> > > > > >>>>>> > > > > >>>>>>>>> with me. > > > > >>>>>>>>> > > > > >>>>>>>>> I then switched to using > > > > >>>>>>>>> SpamAssassin Rule Actions = SpamScore>=20=>store,non-deliver > > > > >>>>>>>>> > > > > >>>>>>>>> A few spams with a score of >20 came in and they were not > > > > >>>>>>>>> > > > > >>>>>>>>> > > > > >>>>>>>>> > > > > >>>>>> delivered but > > > > >>>>>> > > > > >>>>>> > > > > >>>>>> > > > > >>>>>>>>> still were not logged in the spam directory. > > > > >>>>>>>>> > > > > >>>>>>>>> Previously when I had a spam with score >20 which was also > > > > >>>>>>>>> > > > > >>>>>>>>> > > > > >>>>>>>>> > > > > >>>>>> identified as > > > > >>>>>> > > > > >>>>>> > > > > >>>>>> > > > > >>>>>>>>> a virus then nothing was stored also not even to the virus > > > > >>>>>>>>> > > > > >>>>>>>>> > > > > >>>> store which > > > > >>>> > > > > >>>> > > > > >>>>>>>>> seems very wrong. > > > > >>>>>>>>> > > > > >>>>>>>>> On Tue, 2007-09-04 at 09:51, Glenn Steen wrote: > > > > >>>>>>>>> > > > > >>>>>>>>> > > > > >>>>>>>>> > > > > >>>>>>>>> > > > > >>>>>>>>>> On 03/09/07, Gareth wrote: > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > > >>>>>>>>>>> In MailScanner.conf I have :- > > > > >>>>>>>>>>> Quarantine Dir = /var/spool/MailScanner/quarantine > > > > >>>>>>>>>>> Quarantine User = root > > > > >>>>>>>>>>> Quarantine Group = apache > > > > >>>>>>>>>>> Quarantine Permissions = 0660 > > > > >>>>>>>>>>> > > > > >>>>>>>>>>> > > > > >>>>>>>>>>> > > > > >>>>>>>>>>> > > > > >>>>>>>>>> Hm, Uer set to root.... What MTA are you using Gareth? I > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > > >>>> thought you > > > > >>>> > > > > >>>> > > > > >>>>>>>>>> were a postmixer like me:-)... In which case that isn't very > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > > >>>>>> likely to > > > > >>>>>> > > > > >>>>>> > > > > >>>>>> > > > > >>>>>>>>>> be correct... Then again... > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > > >>>>>>>>>>> However all quarantine entries are stored in the format :- > > > > >>>>>>>>>>> %quarantine-dir%/<>/<> and they are viruses > > > > >>>>>>>>>>> > > > > >>>>>>>>>>> > > > > >>>> and blocked > > > > >>>> > > > > >>>> > > > > >>>>>>>>>>> attachments. > > > > >>>>>>>>>>> > > > > >>>>>>>>>>> > > > > >>>>>>>>>>> > > > > >>>>>>>>>>> > > > > >>>>>>>>>> ... that this works indicate that the settings are > > > > >>>>>>>>>> > > > > >> correct for your > > > > >> > > > > >>>>>>>>>> setup (either another MTA, or PF run as root, I > > > > >>>>>>>>>> > > > > >> presume... Or some > > > > >> > > > > >>>>>>>>>> sticky bit magic:). I presume you've linted a few times, > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > > >>>> without any > > > > >>>> > > > > >>>> > > > > >>>>>>>>>> real errors? > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > > >>>>>>>>>>> I am assuming this is correct for the virus quaranteen? > > > > >>>>>>>>>>> > > > > >>>>>>>>>>> > > > > >>>>>>>>>>> > > > > >>>>>>>>>>> > > > > >>>>>>>>>> Yes. > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > > >>>>>>>>>>> If that is the case then MailScanner does not seem to be > > > > >>>>>>>>>>> > > > > >>>>>>>>>>> > > > > >>>>>>>>>>> > > > > >>>>>>>>>>> > > > > >>>>>>>> creating the > > > > >>>>>>>> > > > > >>>>>>>> > > > > >>>>>>>> > > > > >>>>>>>> > > > > >>>>>>>>>>> additional 'spam' etc... subdirectories for some reason. > > > > >>>>>>>>>>> > > > > >>>>>>>>>>> > > > > >>>>>>>>>>> > > > > >>>>>>>>>>> > > > > >>>>>>>>>> Seems so, yes. > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > > >>>>>>>>>>> Are you sure the format is not > > > > >>>>>>>>>>> > > > > >>>>>>>>>>> > > > > >>>>>>>>>>> > > > > >>>>>>>>>>> > > > > >>>>>>>> %quarantine-dir%/spam/<>/<> as > > > > >>>>>>>> > > > > >>>>>>>> > > > > >>>>>>>> > > > > >>>>>>>> > > > > >>>>>>>>>>> if that was the case it could just be the issue that the > > > > >>>>>>>>>>> > > > > >>>>>>>>>>> > > > > >>>>>>>>>>> > > > > >>>>>>>>>>> > > > > >>>>>>>> spam directory does > > > > >>>>>>>> > > > > >>>>>>>> > > > > >>>>>>>> > > > > >>>>>>>> > > > > >>>>>>>>>>> not exist. > > > > >>>>>>>>>>> > > > > >>>>>>>>>>> > > > > >>>>>>>>>>> > > > > >>>>>>>>>>> > > > > >>>>>>>>>> Yes we're sure that isn't the case. Steve and Jules know > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > > >>>> this pretty > > > > >>>> > > > > >>>> > > > > >>>>>>>>>> ... intimately:-). > > > > >>>>>>>>>> > > > > >>>>>>>>>> Cheers > > > > >>>>>>>>>> -- > > > > >>>>>>>>>> -- Glenn > > > > >>>>>>>>>> email: glenn < dot > steen < at > gmail < dot > com > > > > >>>>>>>>>> work: glenn < dot > steen < at > ap1 < dot > se > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > > >>>>>>>> -- > > > > >>>>>>>> MailScanner mailing list > > > > >>>>>>>> mailscanner@lists.mailscanner.info > > > > >>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > >>>>>>>> > > > > >>>>>>>> Before posting, read http://wiki.mailscanner.info/posting > > > > >>>>>>>> > > > > >>>>>>>> Support MailScanner development - buy the book off the website! > > > > >>>>>>>> > > > > >>>>>>>> > > > > >>>>>>>> > > > > >>>>>>>> > > > > >>>>>>>> > > > > >>>>>>>> > > > > >>>>>>>> > > > > >>>>>> Jules > > > > >>>>>> > > > > >>>>>> -- > > > > >>>>>> Julian Field MEng CITP > > > > >>>>>> www.MailScanner.info > > > > >>>>>> Buy the MailScanner book at www.MailScanner.info/store > > > > >>>>>> > > > > >>>>>> MailScanner customisation, or any advanced system > > > > >>>>>> > > > > >> administration help? > > > > >> > > > > >>>>>> Contact me at Jules@Jules.FM > > > > >>>>>> > > > > >>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > >>>>>> For all your IT requirements visit www.transtec.co.uk > > > > >>>>>> > > > > >>>>>> > > > > >>>>>> -- > > > > >>>>>> This message has been scanned for viruses and > > > > >>>>>> dangerous content by MailScanner, and is > > > > >>>>>> believed to be clean. > > > > >>>>>> For all your IT requirements visit www.transtec.co.uk > > > > >>>>>> > > > > >>>>>> -- > > > > >>>>>> MailScanner mailing list > > > > >>>>>> mailscanner@lists.mailscanner.info > > > > >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > >>>>>> > > > > >>>>>> Before posting, read http://wiki.mailscanner.info/posting > > > > >>>>>> > > > > >>>>>> Support MailScanner development - buy the book off the website! > > > > >>>>>> > > > > >>>>>> > > > > >>>>>> > > > > >>>>>> > > > > >>>>>> > > > > >>>>>> > > > > >>>> Jules > > > > >>>> > > > > >>>> -- > > > > >>>> Julian Field MEng CITP > > > > >>>> www.MailScanner.info > > > > >>>> Buy the MailScanner book at www.MailScanner.info/store > > > > >>>> > > > > >>>> MailScanner customisation, or any advanced system administration help? > > > > >>>> Contact me at Jules@Jules.FM > > > > >>>> > > > > >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > >>>> For all your IT requirements visit www.transtec.co.uk > > > > >>>> > > > > >>>> > > > > >>>> -- > > > > >>>> This message has been scanned for viruses and > > > > >>>> dangerous content by MailScanner, and is > > > > >>>> believed to be clean. > > > > >>>> For all your IT requirements visit www.transtec.co.uk > > > > >>>> > > > > >>>> -- > > > > >>>> MailScanner mailing list > > > > >>>> mailscanner@lists.mailscanner.info > > > > >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > >>>> > > > > >>>> Before posting, read http://wiki.mailscanner.info/posting > > > > >>>> > > > > >>>> Support MailScanner development - buy the book off the website! > > > > >>>> > > > > >>>> > > > > >>>> > > > > >>>> > > > > >>>> > > > > >>> > > > > >> Jules > > > > >> > > > > >> -- > > > > >> Julian Field MEng CITP > > > > >> www.MailScanner.info > > > > >> Buy the MailScanner book at www.MailScanner.info/store > > > > >> > > > > >> MailScanner customisation, or any advanced system administration help? > > > > >> Contact me at Jules@Jules.FM > > > > >> > > > > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > >> For all your IT requirements visit www.transtec.co.uk > > > > >> > > > > >> > > > > >> -- > > > > >> This message has been scanned for viruses and > > > > >> dangerous content by MailScanner, and is > > > > >> believed to be clean. > > > > >> For all your IT requirements visit www.transtec.co.uk > > > > >> > > > > >> -- > > > > >> MailScanner mailing list > > > > >> mailscanner@lists.mailscanner.info > > > > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > >> > > > > >> Before posting, read http://wiki.mailscanner.info/posting > > > > >> > > > > >> Support MailScanner development - buy the book off the website! > > > > >> > > > > >> > > > > >> > > > > >> > > > > > > > > > > > > > > > > > > Jules > > > > > > > > -- > > > > Julian Field MEng CITP > > > > www.MailScanner.info > > > > Buy the MailScanner book at www.MailScanner.info/store > > > > > > > > MailScanner customisation, or any advanced system administration help? > > > > Contact me at Jules@Jules.FM > > > > > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > For all your IT requirements visit www.transtec.co.uk > > > > > > > > > > > > -- > > > > This message has been scanned for viruses and > > > > dangerous content by MailScanner, and is > > > > believed to be clean. > > > > For all your IT requirements visit www.transtec.co.uk From prandal at herefordshire.gov.uk Thu Sep 6 10:53:53 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Sep 6 10:54:00 2007 Subject: Just some ideas for upcoming MailScanner releases In-Reply-To: <46DEED63.7080606@ecs.soton.ac.uk> References: <20070904134246.GA11063@doctor.nl2k.ab.ca><46DE0756.9090903@gmail.com> <46DEED63.7080606@ecs.soton.ac.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA0184E21C@HC-MBX02.herefordshire.gov.uk> If MailScanner was dished out using yum, we'd have to change the way things are done too. For example, the equivalents of upgrade_mailscanner_conf and upgrade_languages_conf would have to be done seamlessly on install of the RPM. Otherwise they could easily get overlooked. Personally, I think automating that is a good idea anyhow, as long as you save the original config files in .rpmsave versions. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: 05 September 2007 18:55 > To: MailScanner discussion > Subject: Re: Just some ideas for upcoming MailScanner releases > > Does someone want to tell me how to set up a yum repository > so you can > do this? > > Rianto Wahyudi wrote: > > Addition to this : "repository" of which you can do : "yum update > > MailScanner " and it will update MailScanner > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From jgg at giversen.net Thu Sep 6 11:43:55 2007 From: jgg at giversen.net (sysadm) Date: Thu Sep 6 11:43:58 2007 Subject: Notice problem In-Reply-To: References: <20070904134246.GA11063@doctor.nl2k.ab.ca> <46DEB53E.5040207@giversen.net> Message-ID: <46DFD9EB.8070100@giversen.net> Ugo Bellavance skrev: > sysadm wrote: >> It seems that I have a problem with the notice from: function in >> MailScanner. >> >> It only have this behaviour with password protected zip files. What >> am i missing, any ideas? >> > > Are the files seen as a virus? > Nope Here is the email that the postmaster gets The following e-mails were found to have: Other Bad Content Detected : Password-protected Archive Detected Sender: sender@domain.com IP Address: 192.168.0.183 Recipient: recipint@domain.com Subject: test MessageID: 1IT0ZT-0007Yd-Fi Quarantine: ///quarantine/20070905/1IT0ZT-0007Yd-Fi Report: MailScanner: Message contained password-protected archive Full headers are: Received: from host ([192.168.0.0]) by mail.domain.com with esmtp (Exim 4.43) id 1IT0ZT-0007Yd-Fi for recipient@domain.com; ons, 05 sep 2007 21:29:56 +0200 Message-ID: <46DF0392.10105@domain.com> Date: Wed, 05 Sep 2007 21:29:22 +0200 From: =?ISO-8859-1?Q?J=F8rgen_Giversen?= User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: Early Bird Subject: test Content-Type: multipart/mixed; boundary="------------050200090609090307010706" From grupolistas at gmail.com Thu Sep 6 14:35:00 2007 From: grupolistas at gmail.com (infolistas listas) Date: Thu Sep 6 14:35:05 2007 Subject: doesnt release from hold In-Reply-To: <46DEE83D.8030107@slackadelic.com> References: <44c071aa0709041235m150952f7v533ba6f1f0087a35@mail.gmail.com> <44c071aa0709050950k6d0653c8h96a91e66624b5dc@mail.gmail.com> <46DEE83D.8030107@slackadelic.com> Message-ID: <44c071aa0709060635q5bc6663dt4c140ee3c21aa0d0@mail.gmail.com> I get this from spamassassin -lint root@mailbeta:/etc/cron.d# spamassassin --lint [14792] warn: config: failed to parse, now a plugin, skipping: ok_languages pt 2007/9/5, Matt Hayes : > > Scott Silva wrote: > >>> > >>> infolistas listas spake the following on 9/4/2007 12:35 PM: > >>> > Guys I think mail scanner isnt releasing my mail that are on > >>> queue and > >>> > its stopping all mail to go out and in > >>> > > >>> > c logs http://rapido.mfplan.com.br > >>> > > >>> It looks like it is choking on your bayes rebuild. Look in your > >>> bayes > >>> directory for a bunch of files with expire in their name. You > might > >>> need to > >>> run an expiry run with mailscanner stopped as the mailscanner > user. > >>> > >>> -- > >>> > >>> MailScanner is like deodorant... > >>> You hope everybody uses it, and > >>> you notice quickly if they don't!!!! > >>> > >> where do I find this bayes directory , its getting worse every moment > >> now even rebooting the system or using the postsuper -r ALL it isnt > >> working... how to I stop holding them so long??? Thnaks > >> > > > > > The bayes directory depends on where you put it when you configure > MailScanner. You need to read your etc/spam.assassin.prefs file to see > where you put it or where its trying to put it. > > -Matt > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070906/c7d20056/attachment.html From grupolistas at gmail.com Thu Sep 6 14:53:27 2007 From: grupolistas at gmail.com (infolistas listas) Date: Thu Sep 6 14:53:35 2007 Subject: doesnt release from hold In-Reply-To: <46DEE83D.8030107@slackadelic.com> References: <44c071aa0709041235m150952f7v533ba6f1f0087a35@mail.gmail.com> <44c071aa0709050950k6d0653c8h96a91e66624b5dc@mail.gmail.com> <46DEE83D.8030107@slackadelic.com> Message-ID: <44c071aa0709060652m54598b7lbd8a5e3ac96ef81f@mail.gmail.com> My bayes is stored on /var/lib/MailScanner/bayes Cant open them ... 2007/9/5, Matt Hayes : > > Scott Silva wrote: > >>> > >>> infolistas listas spake the following on 9/4/2007 12:35 PM: > >>> > Guys I think mail scanner isnt releasing my mail that are on > >>> queue and > >>> > its stopping all mail to go out and in > >>> > > >>> > c logs http://rapido.mfplan.com.br > >>> > > >>> It looks like it is choking on your bayes rebuild. Look in your > >>> bayes > >>> directory for a bunch of files with expire in their name. You > might > >>> need to > >>> run an expiry run with mailscanner stopped as the mailscanner > user. > >>> > >>> -- > >>> > >>> MailScanner is like deodorant... > >>> You hope everybody uses it, and > >>> you notice quickly if they don't!!!! > >>> > >> where do I find this bayes directory , its getting worse every moment > >> now even rebooting the system or using the postsuper -r ALL it isnt > >> working... how to I stop holding them so long??? Thnaks > >> > > > > > The bayes directory depends on where you put it when you configure > MailScanner. You need to read your etc/spam.assassin.prefs file to see > where you put it or where its trying to put it. > > -Matt > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070906/abc947e0/attachment.html From list-mailscanner at linguaphone.com Thu Sep 6 14:57:43 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Thu Sep 6 14:57:55 2007 Subject: doesnt release from hold In-Reply-To: <44c071aa0709060652m54598b7lbd8a5e3ac96ef81f@mail.gmail.com> References: <44c071aa0709041235m150952f7v533ba6f1f0087a35@mail.gmail.com> <44c071aa0709050950k6d0653c8h96a91e66624b5dc@mail.gmail.com> <46DEE83D.8030107@slackadelic.com> <44c071aa0709060652m54598b7lbd8a5e3ac96ef81f@mail.gmail.com> Message-ID: <1189087063.26501.22.camel@gblades-suse.linguaphone-intranet.co.uk> Can you post the output from :- ls -la /var/lib/MailScanner/bayes On Thu, 2007-09-06 at 14:53, infolistas listas wrote: > My bayes is stored on > /var/lib/MailScanner/bayes > > Cant open them ... > > 2007/9/5, Matt Hayes : > Scott Silva wrote: > >>> > >>> infolistas listas spake the following on 9/4/2007 > 12:35 PM: > >>> > Guys I think mail scanner isnt releasing my mail > that are on > >>> queue and > >>> > its stopping all mail to go out and in > >>> > > >>> > c logs http://rapido.mfplan.com.br > >>> > > >>> It looks like it is choking on your bayes rebuild. > Look in your > >>> bayes > >>> directory for a bunch of files with expire in their > name. You might > >>> need to > >>> run an expiry run with mailscanner stopped as the > mailscanner user. > >>> > >>> -- > >>> > >>> MailScanner is like deodorant... > >>> You hope everybody uses it, and > >>> you notice quickly if they don't!!!! > >>> > >> where do I find this bayes directory , its getting worse > every moment > >> now even rebooting the system or using the postsuper -r > ALL it isnt > >> working... how to I stop holding them so long??? Thnaks > >> > > > > > The bayes directory depends on where you put it when you > configure > MailScanner. You need to read your etc/spam.assassin.prefs > file to see > where you put it or where its trying to put it. > > -Matt > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > > > > ______________________________________________________________________ > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From grupolistas at gmail.com Thu Sep 6 15:08:24 2007 From: grupolistas at gmail.com (infolistas listas) Date: Thu Sep 6 15:08:31 2007 Subject: doesnt release from hold In-Reply-To: <1189087063.26501.22.camel@gblades-suse.linguaphone-intranet.co.uk> References: <44c071aa0709041235m150952f7v533ba6f1f0087a35@mail.gmail.com> <44c071aa0709050950k6d0653c8h96a91e66624b5dc@mail.gmail.com> <46DEE83D.8030107@slackadelic.com> <44c071aa0709060652m54598b7lbd8a5e3ac96ef81f@mail.gmail.com> <1189087063.26501.22.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <44c071aa0709060708v400d82cbp7678bdc1cdd445be@mail.gmail.com> the file it self /bayes doesnt exist there I have bayes_seen , bayes_toks and auto_whitelists 2007/9/6, Gareth : > > Can you post the output from :- > ls -la /var/lib/MailScanner/bayes > > On Thu, 2007-09-06 at 14:53, infolistas listas wrote: > > My bayes is stored on > > /var/lib/MailScanner/bayes > > > > Cant open them ... > > > > 2007/9/5, Matt Hayes : > > Scott Silva wrote: > > >>> > > >>> infolistas listas spake the following on 9/4/2007 > > 12:35 PM: > > >>> > Guys I think mail scanner isnt releasing my mail > > that are on > > >>> queue and > > >>> > its stopping all mail to go out and in > > >>> > > > >>> > c logs http://rapido.mfplan.com.br > > >>> > > > >>> It looks like it is choking on your bayes rebuild. > > Look in your > > >>> bayes > > >>> directory for a bunch of files with expire in their > > name. You might > > >>> need to > > >>> run an expiry run with mailscanner stopped as the > > mailscanner user. > > >>> > > >>> -- > > >>> > > >>> MailScanner is like deodorant... > > >>> You hope everybody uses it, and > > >>> you notice quickly if they don't!!!! > > >>> > > >> where do I find this bayes directory , its getting worse > > every moment > > >> now even rebooting the system or using the postsuper -r > > ALL it isnt > > >> working... how to I stop holding them so long??? Thnaks > > >> > > > > > > > > > > The bayes directory depends on where you put it when you > > configure > > MailScanner. You need to read your etc/spam.assassin.prefs > > file to see > > where you put it or where its trying to put it. > > > > -Matt > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the > > website! > > > > > > > > ______________________________________________________________________ > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070906/364fd07e/attachment.html From list-mailscanner at linguaphone.com Thu Sep 6 15:28:40 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Thu Sep 6 15:28:53 2007 Subject: doesnt release from hold In-Reply-To: <44c071aa0709060708v400d82cbp7678bdc1cdd445be@mail.gmail.com> References: <44c071aa0709041235m150952f7v533ba6f1f0087a35@mail.gmail.com> <44c071aa0709050950k6d0653c8h96a91e66624b5dc@mail.gmail.com> <46DEE83D.8030107@slackadelic.com> <44c071aa0709060652m54598b7lbd8a5e3ac96ef81f@mail.gmail.com> <1189087063.26501.22.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060708v400d82cbp7678bdc1cdd445be@mail.gmail.com> Message-ID: <1189088920.26508.25.camel@gblades-suse.linguaphone-intranet.co.uk> Can you post the output of the following in that case (i.e the directory containing the bayes files). ls -la /var/lib/MailScanner On Thu, 2007-09-06 at 15:08, infolistas listas wrote: > the file it self /bayes doesnt exist there I have > bayes_seen , bayes_toks and auto_whitelists > > 2007/9/6, Gareth : > Can you post the output from :- > ls -la /var/lib/MailScanner/bayes > > On Thu, 2007-09-06 at 14:53, infolistas listas wrote: > > My bayes is stored on > > /var/lib/MailScanner/bayes > > > > Cant open them ... > > > > 2007/9/5, Matt Hayes : > > Scott Silva wrote: > > >>> > > >>> infolistas listas spake the following on > 9/4/2007 > > 12:35 PM: > > >>> > Guys I think mail scanner isnt releasing > my mail > > that are on > > >>> queue and > > >>> > its stopping all mail to go out and in > > >>> > > > >>> > c logs http://rapido.mfplan.com.br > > >>> > > > >>> It looks like it is choking on your bayes > rebuild. > > Look in your > > >>> bayes > > >>> directory for a bunch of files with expire > in their > > name. You might > > >>> need to > > >>> run an expiry run with mailscanner stopped > as the > > mailscanner user. > > >>> > > >>> -- > > >>> > > >>> MailScanner is like deodorant... > > >>> You hope everybody uses it, and > > >>> you notice quickly if they don't!!!! > > >>> > > >> where do I find this bayes directory , its > getting worse > > every moment > > >> now even rebooting the system or using the > postsuper -r > > ALL it isnt > > >> working... how to I stop holding them so long??? > Thnaks > > >> > > > > > > > > > > The bayes directory depends on where you put it when > you > > configure > > MailScanner. You need to read your > etc/spam.assassin.prefs > > file to see > > where you put it or where its trying to put it. > > > > -Matt > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read > http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off > the > > website! > > > > > > > > > ______________________________________________________________________ > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the > website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > > > > ______________________________________________________________________ > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From grupolistas at gmail.com Thu Sep 6 15:37:33 2007 From: grupolistas at gmail.com (infolistas listas) Date: Thu Sep 6 15:37:38 2007 Subject: doesnt release from hold In-Reply-To: <1189088920.26508.25.camel@gblades-suse.linguaphone-intranet.co.uk> References: <44c071aa0709041235m150952f7v533ba6f1f0087a35@mail.gmail.com> <44c071aa0709050950k6d0653c8h96a91e66624b5dc@mail.gmail.com> <46DEE83D.8030107@slackadelic.com> <44c071aa0709060652m54598b7lbd8a5e3ac96ef81f@mail.gmail.com> <1189087063.26501.22.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060708v400d82cbp7678bdc1cdd445be@mail.gmail.com> <1189088920.26508.25.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <44c071aa0709060737n111e059ejd5868729bc769c3e@mail.gmail.com> root@mailbeta:~# ls -la /var/lib/MailScanner total 324 drwxr-x--- 2 postfix postfix 4096 2007-09-06 10:46 . drwxr-xr-x 58 root root 4096 2007-09-01 22:42 .. -rw------- 1 postfix postfix 45056 2007-09-01 09:35 auto-whitelist -rw------- 1 postfix postfix 12288 2007-09-01 09:31 bayes_seen -rw------- 1 postfix postfix 335872 2007-09-01 09:31 bayes_toks root@mailbeta:~# 2007/9/6, Gareth : > > Can you post the output of the following in that case (i.e the directory > containing the bayes files). > > ls -la /var/lib/MailScanner > > > On Thu, 2007-09-06 at 15:08, infolistas listas wrote: > > the file it self /bayes doesnt exist there I have > > bayes_seen , bayes_toks and auto_whitelists > > > > 2007/9/6, Gareth : > > Can you post the output from :- > > ls -la /var/lib/MailScanner/bayes > > > > On Thu, 2007-09-06 at 14:53, infolistas listas wrote: > > > My bayes is stored on > > > /var/lib/MailScanner/bayes > > > > > > Cant open them ... > > > > > > 2007/9/5, Matt Hayes : > > > Scott Silva wrote: > > > >>> > > > >>> infolistas listas spake the following on > > 9/4/2007 > > > 12:35 PM: > > > >>> > Guys I think mail scanner isnt releasing > > my mail > > > that are on > > > >>> queue and > > > >>> > its stopping all mail to go out and in > > > >>> > > > > >>> > c logs http://rapido.mfplan.com.br > > > >>> > > > > >>> It looks like it is choking on your bayes > > rebuild. > > > Look in your > > > >>> bayes > > > >>> directory for a bunch of files with expire > > in their > > > name. You might > > > >>> need to > > > >>> run an expiry run with mailscanner stopped > > as the > > > mailscanner user. > > > >>> > > > >>> -- > > > >>> > > > >>> MailScanner is like deodorant... > > > >>> You hope everybody uses it, and > > > >>> you notice quickly if they don't!!!! > > > >>> > > > >> where do I find this bayes directory , its > > getting worse > > > every moment > > > >> now even rebooting the system or using the > > postsuper -r > > > ALL it isnt > > > >> working... how to I stop holding them so long??? > > Thnaks > > > >> > > > > > > > > > > > > > > > The bayes directory depends on where you put it when > > you > > > configure > > > MailScanner. You need to read your > > etc/spam.assassin.prefs > > > file to see > > > where you put it or where its trying to put it. > > > > > > -Matt > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read > > http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off > > the > > > website! > > > > > > > > > > > > > > > ______________________________________________________________________ > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the > > website! > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the > > website! > > > > > > > > ______________________________________________________________________ > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070906/f2812dae/attachment.html From list-mailscanner at linguaphone.com Thu Sep 6 15:50:59 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Thu Sep 6 15:51:13 2007 Subject: doesnt release from hold In-Reply-To: <44c071aa0709060737n111e059ejd5868729bc769c3e@mail.gmail.com> References: <44c071aa0709041235m150952f7v533ba6f1f0087a35@mail.gmail.com> <44c071aa0709050950k6d0653c8h96a91e66624b5dc@mail.gmail.com> <46DEE83D.8030107@slackadelic.com> <44c071aa0709060652m54598b7lbd8a5e3ac96ef81f@mail.gmail.com> <1189087063.26501.22.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060708v400d82cbp7678bdc1cdd445be@mail.gmail.com> <1189088920.26508.25.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060737n111e059ejd5868729bc769c3e@mail.gmail.com> Message-ID: <1189090259.26506.28.camel@gblades-suse.linguaphone-intranet.co.uk> Try suing to the postfix user and then doing a manual bayes expire :- su postfix sa-learn --force-expire On Thu, 2007-09-06 at 15:37, infolistas listas wrote: > root@mailbeta:~# ls -la /var/lib/MailScanner > total 324 > drwxr-x--- 2 postfix postfix 4096 2007-09-06 10:46 . > drwxr-xr-x 58 root root 4096 2007-09-01 22:42 .. > -rw------- 1 postfix postfix 45056 2007-09-01 09:35 auto-whitelist > -rw------- 1 postfix postfix 12288 2007-09-01 09:31 bayes_seen > -rw------- 1 postfix postfix 335872 2007-09-01 09:31 bayes_toks > root@mailbeta:~# > > > 2007/9/6, Gareth : > Can you post the output of the following in that case ( i.e > the directory > containing the bayes files). > > ls -la /var/lib/MailScanner > > > On Thu, 2007-09-06 at 15:08, infolistas listas wrote: > > the file it self /bayes doesnt exist there I have > > bayes_seen , bayes_toks and auto_whitelists > > > > 2007/9/6, Gareth : > > Can you post the output from :- > > ls -la /var/lib/MailScanner/bayes > > > > On Thu, 2007-09-06 at 14:53, infolistas listas > wrote: > > > My bayes is stored on > > > /var/lib/MailScanner/bayes > > > > > > Cant open them ... > > > > > > 2007/9/5, Matt Hayes > : > > > Scott Silva wrote: > > > >>> > > > >>> infolistas listas spake the > following on > > 9/4/2007 > > > 12:35 PM: > > > >>> > Guys I think mail scanner isnt > releasing > > my mail > > > that are on > > > >>> queue and > > > >>> > its stopping all mail to go out > and in > > > >>> > > > > >>> > c logs > http://rapido.mfplan.com.br > > > >>> > > > > >>> It looks like it is choking on > your bayes > > rebuild. > > > Look in your > > > >>> bayes > > > >>> directory for a bunch of files > with expire > > in their > > > name. You might > > > >>> need to > > > >>> run an expiry run with mailscanner > stopped > > as the > > > mailscanner user. > > > >>> > > > >>> -- > > > >>> > > > >>> MailScanner is like deodorant... > > > >>> You hope everybody uses it, and > > > >>> you notice quickly if they > don't!!!! > > > >>> > > > >> where do I find this bayes directory , > its > > getting worse > > > every moment > > > >> now even rebooting the system or using > the > > postsuper -r > > > ALL it isnt > > > >> working... how to I stop holding them > so long??? > > Thnaks > > > >> > > > > > > > > > > > > > > > The bayes directory depends on where you > put it when > > you > > > configure > > > MailScanner. You need to read your > > etc/spam.assassin.prefs > > > file to see > > > where you put it or where its trying to > put it. > > > > > > -Matt > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read > > http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the > book off > > the > > > website! > > > > > > > > > > > > > > > ______________________________________________________________________ > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read > http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off > the > > website! > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read > http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off > the > > website! > > > > > > > > > ______________________________________________________________________ > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the > website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > > > > ______________________________________________________________________ > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From grupolistas at gmail.com Thu Sep 6 16:03:59 2007 From: grupolistas at gmail.com (infolistas listas) Date: Thu Sep 6 16:04:03 2007 Subject: doesnt release from hold In-Reply-To: <1189090259.26506.28.camel@gblades-suse.linguaphone-intranet.co.uk> References: <44c071aa0709041235m150952f7v533ba6f1f0087a35@mail.gmail.com> <44c071aa0709050950k6d0653c8h96a91e66624b5dc@mail.gmail.com> <46DEE83D.8030107@slackadelic.com> <44c071aa0709060652m54598b7lbd8a5e3ac96ef81f@mail.gmail.com> <1189087063.26501.22.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060708v400d82cbp7678bdc1cdd445be@mail.gmail.com> <1189088920.26508.25.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060737n111e059ejd5868729bc769c3e@mail.gmail.com> <1189090259.26506.28.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <44c071aa0709060803n6eaa0768m6ed5a5f159271b5c@mail.gmail.com> root@mailbeta:~# su postfix postfix@mailbeta:/root$ sa-learn --force-expire bayes: synced databases from journal in 0 seconds: 1720 unique entries (3957 total entries) postfix@mailbeta:/root$ 2007/9/6, Gareth : > > Try suing to the postfix user and then doing a manual bayes expire :- > > su postfix > sa-learn --force-expire > > On Thu, 2007-09-06 at 15:37, infolistas listas wrote: > > root@mailbeta:~# ls -la /var/lib/MailScanner > > total 324 > > drwxr-x--- 2 postfix postfix 4096 2007-09-06 10:46 . > > drwxr-xr-x 58 root root 4096 2007-09-01 22:42 .. > > -rw------- 1 postfix postfix 45056 2007-09-01 09:35 auto-whitelist > > -rw------- 1 postfix postfix 12288 2007-09-01 09:31 bayes_seen > > -rw------- 1 postfix postfix 335872 2007-09-01 09:31 bayes_toks > > root@mailbeta:~# > > > > > > 2007/9/6, Gareth : > > Can you post the output of the following in that case ( i.e > > the directory > > containing the bayes files). > > > > ls -la /var/lib/MailScanner > > > > > > On Thu, 2007-09-06 at 15:08, infolistas listas wrote: > > > the file it self /bayes doesnt exist there I have > > > bayes_seen , bayes_toks and auto_whitelists > > > > > > 2007/9/6, Gareth : > > > Can you post the output from :- > > > ls -la /var/lib/MailScanner/bayes > > > > > > On Thu, 2007-09-06 at 14:53, infolistas listas > > wrote: > > > > My bayes is stored on > > > > /var/lib/MailScanner/bayes > > > > > > > > Cant open them ... > > > > > > > > 2007/9/5, Matt Hayes > > : > > > > Scott Silva wrote: > > > > >>> > > > > >>> infolistas listas spake the > > following on > > > 9/4/2007 > > > > 12:35 PM: > > > > >>> > Guys I think mail scanner isnt > > releasing > > > my mail > > > > that are on > > > > >>> queue and > > > > >>> > its stopping all mail to go out > > and in > > > > >>> > > > > > >>> > c logs > > http://rapido.mfplan.com.br > > > > >>> > > > > > >>> It looks like it is choking on > > your bayes > > > rebuild. > > > > Look in your > > > > >>> bayes > > > > >>> directory for a bunch of files > > with expire > > > in their > > > > name. You might > > > > >>> need to > > > > >>> run an expiry run with mailscanner > > stopped > > > as the > > > > mailscanner user. > > > > >>> > > > > >>> -- > > > > >>> > > > > >>> MailScanner is like deodorant... > > > > >>> You hope everybody uses it, and > > > > >>> you notice quickly if they > > don't!!!! > > > > >>> > > > > >> where do I find this bayes directory , > > its > > > getting worse > > > > every moment > > > > >> now even rebooting the system or using > > the > > > postsuper -r > > > > ALL it isnt > > > > >> working... how to I stop holding them > > so long??? > > > Thnaks > > > > >> > > > > > > > > > > > > > > > > > > > > The bayes directory depends on where you > > put it when > > > you > > > > configure > > > > MailScanner. You need to read your > > > etc/spam.assassin.prefs > > > > file to see > > > > where you put it or where its trying to > > put it. > > > > > > > > -Matt > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read > > > http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the > > book off > > > the > > > > website! > > > > > > > > > > > > > > > > > > > > > > ______________________________________________________________________ > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read > > http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off > > the > > > website! > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read > > http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off > > the > > > website! > > > > > > > > > > > > > > > ______________________________________________________________________ > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the > > website! > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the > > website! > > > > > > > > ______________________________________________________________________ > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070906/f1b4731c/attachment-0001.html From list-mailscanner at linguaphone.com Thu Sep 6 16:11:03 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Thu Sep 6 16:11:20 2007 Subject: doesnt release from hold In-Reply-To: <44c071aa0709060803n6eaa0768m6ed5a5f159271b5c@mail.gmail.com> References: <44c071aa0709041235m150952f7v533ba6f1f0087a35@mail.gmail.com> <44c071aa0709050950k6d0653c8h96a91e66624b5dc@mail.gmail.com> <46DEE83D.8030107@slackadelic.com> <44c071aa0709060652m54598b7lbd8a5e3ac96ef81f@mail.gmail.com> <1189087063.26501.22.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060708v400d82cbp7678bdc1cdd445be@mail.gmail.com> <1189088920.26508.25.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060737n111e059ejd5868729bc769c3e@mail.gmail.com> <1189090259.26506.28.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060803n6eaa0768m6ed5a5f159271b5c@mail.gmail.com> Message-ID: <1189091462.26507.33.camel@gblades-suse.linguaphone-intranet.co.uk> Lets see what method is used for automatic bayes expiry :- cat /etc/MailScanner/MailScanner.conf | grep Bayes cat /etc/MailScanner/spam.assassin.prefs.conf | grep bayes_auto Lets see the bayes statistics :- su postfix sa-learn --dump magic On Thu, 2007-09-06 at 16:03, infolistas listas wrote: > root@mailbeta:~# su postfix > postfix@mailbeta:/root$ sa-learn --force-expire > bayes: synced databases from journal in 0 seconds: 1720 unique entries > (3957 total entries) > postfix@mailbeta:/root$ > > > 2007/9/6, Gareth : > Try suing to the postfix user and then doing a manual bayes > expire :- > > su postfix > sa-learn --force-expire > > On Thu, 2007-09-06 at 15:37, infolistas listas wrote: > > root@mailbeta:~# ls -la /var/lib/MailScanner > > total 324 > > drwxr-x--- 2 postfix postfix 4096 2007-09-06 10:46 . > > drwxr-xr-x 58 root root 4096 2007-09-01 22:42 .. > > -rw------- 1 postfix postfix 45056 2007-09-01 09:35 > auto-whitelist > > -rw------- 1 postfix postfix 12288 2007-09-01 09:31 > bayes_seen > > -rw------- 1 postfix postfix 335872 2007-09-01 09:31 > bayes_toks > > root@mailbeta:~# > > > > > > 2007/9/6, Gareth : > > Can you post the output of the following in that > case ( i.e > > the directory > > containing the bayes files). > > > > ls -la /var/lib/MailScanner > > > > > > On Thu, 2007-09-06 at 15:08, infolistas listas > wrote: > > > the file it self /bayes doesnt exist there I have > > > bayes_seen , bayes_toks and auto_whitelists > > > > > > 2007/9/6, Gareth > : > > > Can you post the output from :- > > > ls -la /var/lib/MailScanner/bayes > > > > > > On Thu, 2007-09-06 at 14:53, infolistas > listas > > wrote: > > > > My bayes is stored on > > > > /var/lib/MailScanner/bayes > > > > > > > > Cant open them ... > > > > > > > > 2007/9/5, Matt Hayes > > : > > > > Scott Silva wrote: > > > > >>> > > > > >>> infolistas listas spake > the > > following on > > > 9/4/2007 > > > > 12:35 PM: > > > > >>> > Guys I think mail > scanner isnt > > releasing > > > my mail > > > > that are on > > > > >>> queue and > > > > >>> > its stopping all mail > to go out > > and in > > > > >>> > > > > > >>> > c logs > > http://rapido.mfplan.com.br > > > > >>> > > > > > >>> It looks like it is > choking on > > your bayes > > > rebuild. > > > > Look in your > > > > >>> bayes > > > > >>> directory for a bunch of > files > > with expire > > > in their > > > > name. You might > > > > >>> need to > > > > >>> run an expiry run with > mailscanner > > stopped > > > as the > > > > mailscanner user. > > > > >>> > > > > >>> -- > > > > >>> > > > > >>> MailScanner is like > deodorant... > > > > >>> You hope everybody uses > it, and > > > > >>> you notice quickly if > they > > don't!!!! > > > > >>> > > > > >> where do I find this bayes > directory , > > its > > > getting worse > > > > every moment > > > > >> now even rebooting the system > or using > > the > > > postsuper -r > > > > ALL it isnt > > > > >> working... how to I stop > holding them > > so long??? > > > Thnaks > > > > >> > > > > > > > > > > > > > > > > > > > > The bayes directory depends on > where you > > put it when > > > you > > > > configure > > > > MailScanner. You need to read > your > > > etc/spam.assassin.prefs > > > > file to see > > > > where you put it or where its > trying to > > put it. > > > > > > > > -Matt > > > > -- > > > > MailScanner mailing list > > > > > mailscanner@lists.mailscanner.info > > > > > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read > > > http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development > - buy the > > book off > > > the > > > > website! > > > > > > > > > > > > > > > > > > > > > > ______________________________________________________________________ > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read > > http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy > the book off > > the > > > website! > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read > > http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the > book off > > the > > > website! > > > > > > > > > > > > > > > ______________________________________________________________________ > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read > http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off > the > > website! > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read > http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off > the > > website! > > > > > > > > > ______________________________________________________________________ > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the > website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > > > > ______________________________________________________________________ > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From j.ede at birchenallhowden.co.uk Thu Sep 6 15:14:49 2007 From: j.ede at birchenallhowden.co.uk (Jason Ede) Date: Thu Sep 6 16:35:53 2007 Subject: office 2007 files being treated as archives Message-ID: I've noticed a problem when sending office 2007 files... For an attached excel worksheet for example... .xlsx Mailscanner seems to be treating this as an archive and complaining about double extensions. We can get round this by saving the file as a office 97-2003 file, but surely there must be a better way of doing it? This happens on the latest stable release btw... MailScanner: Attempt to hide real filename extension (sheet1.xml.rel) MailScanner: Attempt to hide real filename extension (workbook.xml.rel) MailScanner: Attempt to hide real filename extension (sheet1.xml.rel) MailScanner: Attempt to hide real filename extension (workbook.xml.rel) MailScanner: Attempt to hide real filename extension (drawing1.xml.rel) MailScanner: Attempt to hide real filename extension (drawing1.xml.rel) Jason ----------------------------------------------------------- The information in this e-mail and any attachments is confidential. It is intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, or person responsible for delivering this information to the intended recipient, please notify the sender or email postmaster@birchenallhowden.co.uk and delete it from your computer systems. Unless you are the intended recipient or his/her representative you are not authorised to, and must not, read, copy, distribute, use or retain this message or any part of it. All messages are scanned by Mailscanner and are believed to be clean. Recipients are advised to apply their own virus checks to any message on delivery. No liability is accepted by BirchenallHowden Ltd for any losses caused by viruses contracted during transit over the internet or present in any recieving system. BirchenallHowden Ltd, 53 Mowbray St, Sheffield S3 8EN. From grupolistas at gmail.com Thu Sep 6 16:37:07 2007 From: grupolistas at gmail.com (infolistas listas) Date: Thu Sep 6 16:37:12 2007 Subject: doesnt release from hold In-Reply-To: <1189091462.26507.33.camel@gblades-suse.linguaphone-intranet.co.uk> References: <44c071aa0709041235m150952f7v533ba6f1f0087a35@mail.gmail.com> <46DEE83D.8030107@slackadelic.com> <44c071aa0709060652m54598b7lbd8a5e3ac96ef81f@mail.gmail.com> <1189087063.26501.22.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060708v400d82cbp7678bdc1cdd445be@mail.gmail.com> <1189088920.26508.25.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060737n111e059ejd5868729bc769c3e@mail.gmail.com> <1189090259.26506.28.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060803n6eaa0768m6ed5a5f159271b5c@mail.gmail.com> <1189091462.26507.33.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <44c071aa0709060837x7234adean2bb2fc11102723f2@mail.gmail.com> postfix@mailbeta:/root$ cat /etc/MailScanner/MailScanner.conf | grep Bayes # If you are using the Bayesian statistics engine on a busy server, # you may well need to force a Bayesian database rebuild and expiry Rebuild Bayes Every = 1 # The Bayesian database rebuild and expiry may take a 2 or 3 minutes Wait During Bayes Rebuild = no postfix@mailbeta:/root$ ---------------- postfix@mailbeta:/root$ cat /etc/MailScanner/spam.assassin.prefs.conf | grep bayes_auto bayes_auto_learn 1 bayes_auto_expire 0 postfix@mailbeta:/root$ -------------- postfix@mailbeta:/root$ sa-learn --dump magic 0.000 0 3 0 non-token data: bayes db version 0.000 0 735 0 non-token data: nspam 0.000 0 1018 0 non-token data: nham 0.000 0 57513 0 non-token data: ntokens 0.000 0 1188655746 0 non-token data: oldest atime 0.000 0 1189092763 0 non-token data: newest atime 0.000 0 1189091016 0 non-token data: last journal sync atime 0.000 0 1189091016 0 non-token data: last expiry atime 0.000 0 0 0 non-token data: last expire atime delta 0.000 0 0 0 non-token data: last expire reduction count postfix@mailbeta:/root$ 2007/9/6, Gareth : > > Lets see what method is used for automatic bayes expiry :- > > cat /etc/MailScanner/MailScanner.conf | grep Bayes > cat /etc/MailScanner/spam.assassin.prefs.conf | grep bayes_auto > > Lets see the bayes statistics :- > su postfix > sa-learn --dump magic > > On Thu, 2007-09-06 at 16:03, infolistas listas wrote: > > root@mailbeta:~# su postfix > > postfix@mailbeta:/root$ sa-learn --force-expire > > bayes: synced databases from journal in 0 seconds: 1720 unique entries > > (3957 total entries) > > postfix@mailbeta:/root$ > > > > > > 2007/9/6, Gareth : > > Try suing to the postfix user and then doing a manual bayes > > expire :- > > > > su postfix > > sa-learn --force-expire > > > > On Thu, 2007-09-06 at 15:37, infolistas listas wrote: > > > root@mailbeta:~# ls -la /var/lib/MailScanner > > > total 324 > > > drwxr-x--- 2 postfix postfix 4096 2007-09-06 10:46 . > > > drwxr-xr-x 58 root root 4096 2007-09-01 22:42 .. > > > -rw------- 1 postfix postfix 45056 2007-09-01 09:35 > > auto-whitelist > > > -rw------- 1 postfix postfix 12288 2007-09-01 09:31 > > bayes_seen > > > -rw------- 1 postfix postfix 335872 2007-09-01 09:31 > > bayes_toks > > > root@mailbeta:~# > > > > > > > > > 2007/9/6, Gareth : > > > Can you post the output of the following in that > > case ( i.e > > > the directory > > > containing the bayes files). > > > > > > ls -la /var/lib/MailScanner > > > > > > > > > On Thu, 2007-09-06 at 15:08, infolistas listas > > wrote: > > > > the file it self /bayes doesnt exist there I have > > > > bayes_seen , bayes_toks and auto_whitelists > > > > > > > > 2007/9/6, Gareth > > : > > > > Can you post the output from :- > > > > ls -la /var/lib/MailScanner/bayes > > > > > > > > On Thu, 2007-09-06 at 14:53, infolistas > > listas > > > wrote: > > > > > My bayes is stored on > > > > > /var/lib/MailScanner/bayes > > > > > > > > > > Cant open them ... > > > > > > > > > > 2007/9/5, Matt Hayes > > > : > > > > > Scott Silva wrote: > > > > > >>> > > > > > >>> infolistas listas spake > > the > > > following on > > > > 9/4/2007 > > > > > 12:35 PM: > > > > > >>> > Guys I think mail > > scanner isnt > > > releasing > > > > my mail > > > > > that are on > > > > > >>> queue and > > > > > >>> > its stopping all mail > > to go out > > > and in > > > > > >>> > > > > > > >>> > c logs > > > http://rapido.mfplan.com.br > > > > > >>> > > > > > > >>> It looks like it is > > choking on > > > your bayes > > > > rebuild. > > > > > Look in your > > > > > >>> bayes > > > > > >>> directory for a bunch of > > files > > > with expire > > > > in their > > > > > name. You might > > > > > >>> need to > > > > > >>> run an expiry run with > > mailscanner > > > stopped > > > > as the > > > > > mailscanner user. > > > > > >>> > > > > > >>> -- > > > > > >>> > > > > > >>> MailScanner is like > > deodorant... > > > > > >>> You hope everybody uses > > it, and > > > > > >>> you notice quickly if > > they > > > don't!!!! > > > > > >>> > > > > > >> where do I find this bayes > > directory , > > > its > > > > getting worse > > > > > every moment > > > > > >> now even rebooting the system > > or using > > > the > > > > postsuper -r > > > > > ALL it isnt > > > > > >> working... how to I stop > > holding them > > > so long??? > > > > Thnaks > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > The bayes directory depends on > > where you > > > put it when > > > > you > > > > > configure > > > > > MailScanner. You need to read > > your > > > > etc/spam.assassin.prefs > > > > > file to see > > > > > where you put it or where its > > trying to > > > put it. > > > > > > > > > > -Matt > > > > > -- > > > > > MailScanner mailing list > > > > > > > mailscanner@lists.mailscanner.info > > > > > > > > > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > > Before posting, read > > > > http://wiki.mailscanner.info/posting > > > > > > > > > > Support MailScanner development > > - buy the > > > book off > > > > the > > > > > website! > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ______________________________________________________________________ > > > > > -- > > > > > MailScanner mailing list > > > > > mailscanner@lists.mailscanner.info > > > > > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > > Before posting, read > > > http://wiki.mailscanner.info/posting > > > > > > > > > > Support MailScanner development - buy > > the book off > > > the > > > > website! > > > > > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read > > > http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the > > book off > > > the > > > > website! > > > > > > > > > > > > > > > > > > > > > > ______________________________________________________________________ > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read > > http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off > > the > > > website! > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read > > http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off > > the > > > website! > > > > > > > > > > > > > > > ______________________________________________________________________ > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the > > website! > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the > > website! > > > > > > > > ______________________________________________________________________ > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070906/4a4945cc/attachment.html From ssilva at sgvwater.com Thu Sep 6 16:57:40 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Sep 6 16:57:57 2007 Subject: doesnt release from hold In-Reply-To: <44c071aa0709060837x7234adean2bb2fc11102723f2@mail.gmail.com> References: <44c071aa0709041235m150952f7v533ba6f1f0087a35@mail.gmail.com> <46DEE83D.8030107@slackadelic.com> <44c071aa0709060652m54598b7lbd8a5e3ac96ef81f@mail.gmail.com> <1189087063.26501.22.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060708v400d82cbp7678bdc1cdd445be@mail.gmail.com> <1189088920.26508.25.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060737n111e059ejd5868729bc769c3e@mail.gmail.com> <1189090259.26506.28.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060803n6eaa0768m6ed5a5f159271b5c@mail.gmail.com> <1189091462.26507.33.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060837x7234adean2bb2fc11102723f2@mail.gmail.com> Message-ID: infolistas listas spake the following on 9/6/2007 8:37 AM: > postfix@mailbeta:/root$ cat /etc/MailScanner/MailScanner.conf | grep Bayes > # If you are using the Bayesian statistics engine on a busy server, > # you may well need to force a Bayesian database rebuild and expiry > Rebuild Bayes Every = 1 > # The Bayesian database rebuild and expiry may take a 2 or 3 minutes > Wait During Bayes Rebuild = no > postfix@mailbeta:/root$ Your bayes its trying to expire every minute. Try changing to; Rebuild Bayes Every = 86400 Wait During Bayes Rebuild = yes -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Thu Sep 6 17:07:38 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Sep 6 17:07:56 2007 Subject: office 2007 files being treated as archives In-Reply-To: References: Message-ID: <46E025CA.9020508@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Add a new line to filename.rules.conf (somewhere near the top) that says this: allow \.xml\.rel$ - - Make sure the 4 "words" are separated with tab characters and not spaces. This (along with its partner filetype.rules.conf) is the only place where tab characters must be used, as the regular expression matching the filename, and the reports (which are just "-" for an "allow" rule) could also contain spaces. Jason Ede wrote: > I've noticed a problem when sending office 2007 files... > > For an attached excel worksheet for example... .xlsx Mailscanner seems to be treating this as an archive and complaining about double extensions. We can get round this by saving the file as a office 97-2003 file, but surely there must be a better way of doing it? > > This happens on the latest stable release btw... > > > MailScanner: Attempt to hide real filename extension (sheet1.xml.rel) > MailScanner: Attempt to hide real filename extension (workbook.xml.rel) > MailScanner: Attempt to hide real filename extension (sheet1.xml.rel) > MailScanner: Attempt to hide real filename extension (workbook.xml.rel) > MailScanner: Attempt to hide real filename extension (drawing1.xml.rel) > MailScanner: Attempt to hide real filename extension (drawing1.xml.rel) > > Jason > > ----------------------------------------------------------- > > The information in this e-mail and any attachments is > confidential. It is intended solely for the attention and > use of the named addressee(s). If you are not the intended > recipient, or person responsible for delivering this > information to the intended recipient, please notify the > sender or email postmaster@birchenallhowden.co.uk and > delete it from your computer systems. Unless you are the > intended recipient or his/her representative you are not > authorised to, and must not, read, copy, distribute, use > or retain this message or any part of it. All messages > are scanned by Mailscanner and are believed to be clean. > Recipients are advised to apply their own virus checks > to any message on delivery. No liability is accepted by > BirchenallHowden Ltd for any losses caused by viruses > contracted during transit over the internet or present in > any recieving system. BirchenallHowden Ltd, 53 Mowbray St, > Sheffield S3 8EN. > > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFG4CXKEfZZRxQVtlQRAmT+AKDqWJiyVLBXEjD2+JW1l9nXoSKm9wCfaiNI VwLz7Xt1WIXecDvHEa1hMmk= =ieAO -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Thu Sep 6 17:08:37 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Sep 6 17:08:53 2007 Subject: doesnt release from hold In-Reply-To: References: <44c071aa0709041235m150952f7v533ba6f1f0087a35@mail.gmail.com> <46DEE83D.8030107@slackadelic.com> <44c071aa0709060652m54598b7lbd8a5e3ac96ef81f@mail.gmail.com> <1189087063.26501.22.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060708v400d82cbp7678bdc1cdd445be@mail.gmail.com> <1189088920.26508.25.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060737n111e059ejd5868729bc769c3e@mail.gmail.com> <1189090259.26506.28.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060803n6eaa0768m6ed5a5f159271b5c@mail.gmail.com> <1189091462.26507.33.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060837x7234adean2bb2fc11102723f2@mail.gmail.com> Message-ID: <46E02605.7020609@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > infolistas listas spake the following on 9/6/2007 8:37 AM: >> postfix@mailbeta:/root$ cat /etc/MailScanner/MailScanner.conf | grep >> Bayes >> # If you are using the Bayesian statistics engine on a busy server, >> # you may well need to force a Bayesian database rebuild and expiry >> Rebuild Bayes Every = 1 >> # The Bayesian database rebuild and expiry may take a 2 or 3 minutes >> Wait During Bayes Rebuild = no >> postfix@mailbeta:/root$ > Your bayes its trying to expire every minute. No, every second! > Try changing to; > Rebuild Bayes Every = 86400 > Wait During Bayes Rebuild = yes > > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFG4CYFEfZZRxQVtlQRAn/AAJ9HCFmS4PK3qpXM+pptpwYccPICMgCgiFd9 ERUBMwBzhq/Gu4C6WPy5GMs= =wDhW -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From prandal at herefordshire.gov.uk Thu Sep 6 17:13:45 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Sep 6 17:13:53 2007 Subject: Another possible enhancement Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA0184E348@HC-MBX02.herefordshire.gov.uk> Jules recently changed the default child process lifetime to 2 hours to enable children to use updates in phishing.bad.sites list sooner. How about a new config option to kill (and restart) children if any file in a list changes. So you could specify a longer child lifetime by default yet have MailScanner reload children when certain files change. I tend to put all my custom rules into one file. If MailScanner monitored that and reloaded when it changed, I wouldn't have to do a MailScanner reload every time I edited it. Comments, anyone? Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK From prandal at herefordshire.gov.uk Thu Sep 6 17:36:39 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Sep 6 17:36:53 2007 Subject: Another possible enhancement In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA0184E348@HC-MBX02.herefordshire.gov.uk> References: <7EF0EE5CB3B263488C8C18823239BEBA0184E348@HC-MBX02.herefordshire.gov.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA0184E355@HC-MBX02.herefordshire.gov.uk> It's probably a good idea to make the frequency that the list of files is checked for changes configurable too. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Randal, Phil > Sent: 06 September 2007 17:14 > To: mailscanner@lists.mailscanner.info > Subject: Another possible enhancement > > Jules recently changed the default child process lifetime to > 2 hours to > enable children to use updates in phishing.bad.sites list sooner. > > How about a new config option to kill (and restart) children > if any file > in a list changes. > > So you could specify a longer child lifetime by default yet have > MailScanner reload children when certain files change. > > I tend to put all my custom rules into one file. If MailScanner > monitored that and reloaded when it changed, I wouldn't have to do a > MailScanner reload every time I edited it. > > Comments, anyone? > > Cheers, > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From dstraka at caspercollege.edu Thu Sep 6 17:50:48 2007 From: dstraka at caspercollege.edu (Dan Straka) Date: Thu Sep 6 17:51:11 2007 Subject: office 2007 files being treated as archives In-Reply-To: <46E025CA.9020508@ecs.soton.ac.uk> References: <46E025CA.9020508@ecs.soton.ac.uk> Message-ID: <46DFDB88.61A4.0000.0@caspercollege.edu> Jules, How important is the second slash?? I've left it out the past 3 months and Office files are getting through ok. (ie. allow \.xml.rel$ - -) -- Dan Straka Systems Coordinator Casper College 307.268.2399 >>> On 9/6/2007 at 10:07 AM, in message <46E025CA.9020508@ecs.soton.ac.uk>, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Add a new line to filename.rules.conf (somewhere near the top) that says > this: > allow \.xml\.rel$ - - > Make sure the 4 "words" are separated with tab characters and not > spaces. This (along with its partner filetype.rules.conf) is the only > place where tab characters must be used, as the regular expression > matching the filename, and the reports (which are just "-" for an > "allow" rule) could also contain spaces. > > Jason Ede wrote: >> I've noticed a problem when sending office 2007 files... >> >> For an attached excel worksheet for example... .xlsx Mailscanner seems to be > treating this as an archive and complaining about double extensions. We can > get round this by saving the file as a office 97-2003 file, but surely there > must be a better way of doing it? >> >> This happens on the latest stable release btw... >> >> >> MailScanner: Attempt to hide real filename extension (sheet1.xml.rel) >> MailScanner: Attempt to hide real filename extension (workbook.xml.rel) >> MailScanner: Attempt to hide real filename extension (sheet1.xml.rel) >> MailScanner: Attempt to hide real filename extension (workbook.xml.rel) >> MailScanner: Attempt to hide real filename extension (drawing1.xml.rel) >> MailScanner: Attempt to hide real filename extension (drawing1.xml.rel) >> >> Jason >> >> ----------------------------------------------------------- >> >> The information in this e-mail and any attachments is >> confidential. It is intended solely for the attention and >> use of the named addressee(s). If you are not the intended >> recipient, or person responsible for delivering this >> information to the intended recipient, please notify the >> sender or email postmaster@birchenallhowden.co.uk and >> delete it from your computer systems. Unless you are the >> intended recipient or his/her representative you are not >> authorised to, and must not, read, copy, distribute, use >> or retain this message or any part of it. All messages >> are scanned by Mailscanner and are believed to be clean. >> Recipients are advised to apply their own virus checks >> to any message on delivery. No liability is accepted by >> BirchenallHowden Ltd for any losses caused by viruses >> contracted during transit over the internet or present in >> any recieving system. BirchenallHowden Ltd, 53 Mowbray St, >> Sheffield S3 8EN. >> >> >> > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.3 (Build 3017) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFG4CXKEfZZRxQVtlQRAmT+AKDqWJiyVLBXEjD2+JW1l9nXoSKm9wCfaiNI > VwLz7Xt1WIXecDvHEa1hMmk= > =ieAO > -----END PGP SIGNATURE----- From rcooper at dwford.com Thu Sep 6 17:54:19 2007 From: rcooper at dwford.com (Rick Cooper) Date: Thu Sep 6 17:54:24 2007 Subject: office 2007 files being treated as archives In-Reply-To: <46DFDB88.61A4.0000.0@caspercollege.edu> References: <46E025CA.9020508@ecs.soton.ac.uk> <46DFDB88.61A4.0000.0@caspercollege.edu> Message-ID: <025701c7f0a6$917dda10$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Dan Straka > Sent: Thursday, September 06, 2007 12:51 PM > To: MailScanner discussion > Subject: Re: office 2007 files being treated as archives > > Jules, > > How important is the second slash?? > I've left it out the past 3 months and Office files are > getting through ok. > (ie. allow \.xml.rel$ - -) > > -- Leaving out the \.rel just means that .xml-rel, .xmlarel, .xml[any char here]rel will match as well, the second \. Tells it only files ending in .xml.rel match Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From grupolistas at gmail.com Thu Sep 6 17:58:10 2007 From: grupolistas at gmail.com (infolistas listas) Date: Thu Sep 6 17:58:15 2007 Subject: doesnt release from hold In-Reply-To: <46E02605.7020609@ecs.soton.ac.uk> References: <44c071aa0709041235m150952f7v533ba6f1f0087a35@mail.gmail.com> <44c071aa0709060708v400d82cbp7678bdc1cdd445be@mail.gmail.com> <1189088920.26508.25.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060737n111e059ejd5868729bc769c3e@mail.gmail.com> <1189090259.26506.28.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060803n6eaa0768m6ed5a5f159271b5c@mail.gmail.com> <1189091462.26507.33.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060837x7234adean2bb2fc11102723f2@mail.gmail.com> <46E02605.7020609@ecs.soton.ac.uk> Message-ID: <44c071aa0709060958i6743a275k4eb3b61e240c0144@mail.gmail.com> every second or 86400 ? 2007/9/6, Julian Field : > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Scott Silva wrote: > > infolistas listas spake the following on 9/6/2007 8:37 AM: > >> postfix@mailbeta:/root$ cat /etc/MailScanner/MailScanner.conf | grep > >> Bayes > >> # If you are using the Bayesian statistics engine on a busy server, > >> # you may well need to force a Bayesian database rebuild and expiry > >> Rebuild Bayes Every = 1 > >> # The Bayesian database rebuild and expiry may take a 2 or 3 minutes > >> Wait During Bayes Rebuild = no > >> postfix@mailbeta:/root$ > > Your bayes its trying to expire every minute. > No, every second! > > Try changing to; > > Rebuild Bayes Every = 86400 > > Wait During Bayes Rebuild = yes > > > > > > > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.3 (Build 3017) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFG4CYFEfZZRxQVtlQRAn/AAJ9HCFmS4PK3qpXM+pptpwYccPICMgCgiFd9 > ERUBMwBzhq/Gu4C6WPy5GMs= > =wDhW > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070906/522459ed/attachment.html From MailScanner at ecs.soton.ac.uk Thu Sep 6 18:02:35 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Sep 6 18:02:52 2007 Subject: doesnt release from hold In-Reply-To: <44c071aa0709060958i6743a275k4eb3b61e240c0144@mail.gmail.com> References: <44c071aa0709041235m150952f7v533ba6f1f0087a35@mail.gmail.com> <44c071aa0709060708v400d82cbp7678bdc1cdd445be@mail.gmail.com> <1189088920.26508.25.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060737n111e059ejd5868729bc769c3e@mail.gmail.com> <1189090259.26506.28.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060803n6eaa0768m6ed5a5f159271b5c@mail.gmail.com> <1189091462.26507.33.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060837x7234adean2bb2fc11102723f2@mail.gmail.com> <46E02605.7020609@ecs.soton.ac.uk> <44c071aa0709060958i6743a275k4eb3b61e240c0144@mail.gmail.com> Message-ID: <46E032AB.8030403@ecs.soton.ac.uk> Rebuild Bayes Every specifies the frequency of the bayes rebuilds *in seconds*. So you don't want to set it to 1 !! Setting it to 86400 means do it once per day. infolistas listas wrote: > every second or 86400 ? > > > 2007/9/6, Julian Field >: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Scott Silva wrote: > > infolistas listas spake the following on 9/6/2007 8:37 AM: > >> postfix@mailbeta:/root$ cat /etc/MailScanner/MailScanner.conf | > grep > >> Bayes > >> # If you are using the Bayesian statistics engine on a busy server, > >> # you may well need to force a Bayesian database rebuild and expiry > >> Rebuild Bayes Every = 1 > >> # The Bayesian database rebuild and expiry may take a 2 or 3 > minutes > >> Wait During Bayes Rebuild = no > >> postfix@mailbeta:/root$ > > Your bayes its trying to expire every minute. > No, every second! > > Try changing to; > > Rebuild Bayes Every = 86400 > > Wait During Bayes Rebuild = yes > > > > > > > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.3 (Build 3017) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFG4CYFEfZZRxQVtlQRAn/AAJ9HCFmS4PK3qpXM+pptpwYccPICMgCgiFd9 > ERUBMwBzhq/Gu4C6WPy5GMs= > =wDhW > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From grupolistas at gmail.com Thu Sep 6 18:14:33 2007 From: grupolistas at gmail.com (infolistas listas) Date: Thu Sep 6 18:14:36 2007 Subject: doesnt release from hold In-Reply-To: <46E032AB.8030403@ecs.soton.ac.uk> References: <44c071aa0709041235m150952f7v533ba6f1f0087a35@mail.gmail.com> <44c071aa0709060737n111e059ejd5868729bc769c3e@mail.gmail.com> <1189090259.26506.28.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060803n6eaa0768m6ed5a5f159271b5c@mail.gmail.com> <1189091462.26507.33.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060837x7234adean2bb2fc11102723f2@mail.gmail.com> <46E02605.7020609@ecs.soton.ac.uk> <44c071aa0709060958i6743a275k4eb3b61e240c0144@mail.gmail.com> <46E032AB.8030403@ecs.soton.ac.uk> Message-ID: <44c071aa0709061014h5b3d6cb9j905ff99704cf3ae1@mail.gmail.com> Thanks 2007/9/6, Julian Field : > > Rebuild Bayes Every specifies the frequency of the bayes rebuilds *in > seconds*. > So you don't want to set it to 1 !! > Setting it to 86400 means do it once per day. > > infolistas listas wrote: > > every second or 86400 ? > > > > > > 2007/9/6, Julian Field > >: > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > > > > Scott Silva wrote: > > > infolistas listas spake the following on 9/6/2007 8:37 AM: > > >> postfix@mailbeta:/root$ cat /etc/MailScanner/MailScanner.conf | > > grep > > >> Bayes > > >> # If you are using the Bayesian statistics engine on a busy > server, > > >> # you may well need to force a Bayesian database rebuild and > expiry > > >> Rebuild Bayes Every = 1 > > >> # The Bayesian database rebuild and expiry may take a 2 or 3 > > minutes > > >> Wait During Bayes Rebuild = no > > >> postfix@mailbeta:/root$ > > > Your bayes its trying to expire every minute. > > No, every second! > > > Try changing to; > > > Rebuild Bayes Every = 86400 > > > Wait During Bayes Rebuild = yes > > > > > > > > > > > > > Jules > > > > - -- > > Julian Field MEng CITP > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > > > Need help customising MailScanner? > > Contact me! > > Need help fixing or optimising your systems? > > Contact me! > > Need help getting you started solving new requirements from your > boss? > > Contact me! > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP Desktop 9.6.3 (Build 3017) > > Comment: (pgp-secured) > > Charset: ISO-8859-1 > > > > wj8DBQFG4CYFEfZZRxQVtlQRAn/AAJ9HCFmS4PK3qpXM+pptpwYccPICMgCgiFd9 > > ERUBMwBzhq/Gu4C6WPy5GMs= > > =wDhW > > -----END PGP SIGNATURE----- > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > For all your IT requirements visit www.transtec.co.uk > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070906/c3215bfe/attachment.html From grupolistas at gmail.com Thu Sep 6 18:24:43 2007 From: grupolistas at gmail.com (infolistas listas) Date: Thu Sep 6 18:24:51 2007 Subject: doesnt release from hold In-Reply-To: <44c071aa0709061014h5b3d6cb9j905ff99704cf3ae1@mail.gmail.com> References: <44c071aa0709041235m150952f7v533ba6f1f0087a35@mail.gmail.com> <1189090259.26506.28.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060803n6eaa0768m6ed5a5f159271b5c@mail.gmail.com> <1189091462.26507.33.camel@gblades-suse.linguaphone-intranet.co.uk> <44c071aa0709060837x7234adean2bb2fc11102723f2@mail.gmail.com> <46E02605.7020609@ecs.soton.ac.uk> <44c071aa0709060958i6743a275k4eb3b61e240c0144@mail.gmail.com> <46E032AB.8030403@ecs.soton.ac.uk> <44c071aa0709061014h5b3d6cb9j905ff99704cf3ae1@mail.gmail.com> Message-ID: <44c071aa0709061024w23707d0dt6e3cc805f5e07da0@mail.gmail.com> Hi guys, did the confs but it's still holding the outgoing mail. I used the webmin un-hold option but still It's holding the messages Check log on http://rapido.mfplan.com.br 2007/9/6, infolistas listas : > > Thanks > > 2007/9/6, Julian Field : > > > > Rebuild Bayes Every specifies the frequency of the bayes rebuilds *in > > seconds*. > > So you don't want to set it to 1 !! > > Setting it to 86400 means do it once per day. > > > > infolistas listas wrote: > > > every second or 86400 ? > > > > > > > > > 2007/9/6, Julian Field > > >: > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > > > > > > > Scott Silva wrote: > > > > infolistas listas spake the following on 9/6/2007 8:37 AM: > > > >> postfix@mailbeta:/root$ cat /etc/MailScanner/MailScanner.conf | > > > grep > > > >> Bayes > > > >> # If you are using the Bayesian statistics engine on a busy > > server, > > > >> # you may well need to force a Bayesian database rebuild and > > expiry > > > >> Rebuild Bayes Every = 1 > > > >> # The Bayesian database rebuild and expiry may take a 2 or 3 > > > minutes > > > >> Wait During Bayes Rebuild = no > > > >> postfix@mailbeta:/root$ > > > > Your bayes its trying to expire every minute. > > > No, every second! > > > > Try changing to; > > > > Rebuild Bayes Every = 86400 > > > > Wait During Bayes Rebuild = yes > > > > > > > > > > > > > > > > > > Jules > > > > > > - -- > > > Julian Field MEng CITP > > > www.MailScanner.info < http://www.MailScanner.info> > > > Buy the MailScanner book at www.MailScanner.info/store > > > > > > > > > Need help customising MailScanner? > > > Contact me! > > > Need help fixing or optimising your systems? > > > Contact me! > > > Need help getting you started solving new requirements from your > > boss? > > > Contact me! > > > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > > > > -----BEGIN PGP SIGNATURE----- > > > Version: PGP Desktop 9.6.3 (Build 3017) > > > Comment: (pgp-secured) > > > Charset: ISO-8859-1 > > > > > > wj8DBQFG4CYFEfZZRxQVtlQRAn/AAJ9HCFmS4PK3qpXM+pptpwYccPICMgCgiFd9 > > > ERUBMwBzhq/Gu4C6WPy5GMs= > > > =wDhW > > > -----END PGP SIGNATURE----- > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content by MailScanner, and is > > > believed to be clean. > > > For all your IT requirements visit www.transtec.co.uk > > > > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > Jules > > > > -- > > Julian Field MEng CITP > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > MailScanner customisation, or any advanced system administration help? > > Contact me at Jules@Jules.FM > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > For all your IT requirements visit www.transtec.co.uk > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > For all your IT requirements visit www.transtec.co.uk > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070906/f2cedad8/attachment.html From list-mailscanner at linguaphone.com Thu Sep 6 18:30:54 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Thu Sep 6 18:31:09 2007 Subject: doesnt release from hold In-Reply-To: <44c071aa0709061024w23707d0dt6e3cc805f5e07da0@mail.gmail.com> Message-ID: When you release a message it is just put straight back into the normal incoming queue again. Therefore you have to exclude mail coming from 127.0.0.1 from being scanned. Have you done this? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of infolistas listas Sent: 06 September 2007 18:25 To: MailScanner discussion Subject: Re: doesnt release from hold Hi guys, did the confs but it's still holding the outgoing mail. I used the webmin un-hold option but still It's holding the messages Check log on http://rapido.mfplan.com.br 2007/9/6, infolistas listas : Thanks 2007/9/6, Julian Field : Rebuild Bayes Every specifies the frequency of the bayes rebuilds *in seconds*. So you don't want to set it to 1 !! Setting it to 86400 means do it once per day. infolistas listas wrote: > every second or 86400 ? > > > 2007/9/6, Julian Field >: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Scott Silva wrote: > > infolistas listas spake the following on 9/6/2007 8:37 AM: > >> postfix@mailbeta:/root$ cat /etc/MailScanner/MailScanner.conf | > grep > >> Bayes > >> # If you are using the Bayesian statistics engine on a busy server, > >> # you may well need to force a Bayesian database rebuild and expiry > >> Rebuild Bayes Every = 1 > >> # The Bayesian database rebuild and expiry may take a 2 or 3 > minutes > >> Wait During Bayes Rebuild = no > >> postfix@mailbeta:/root$ > > Your bayes its trying to expire every minute. > No, every second! > > Try changing to; > > Rebuild Bayes Every = 86400 > > Wait During Bayes Rebuild = yes > > > > > > > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info < http://www.MailScanner.info> > Buy the MailScanner book at www.MailScanner.info/store > > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.3 (Build 3017) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFG4CYFEfZZRxQVtlQRAn/AAJ9HCFmS4PK3qpXM+pptpwYccPICMgCgiFd9 > ERUBMwBzhq/Gu4C6WPy5GMs= > =wDhW > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070906/990b2bf0/attachment.html From j.ede at birchenallhowden.co.uk Thu Sep 6 17:40:34 2007 From: j.ede at birchenallhowden.co.uk (Jason Ede) Date: Thu Sep 6 18:32:51 2007 Subject: office 2007 files being treated as archives In-Reply-To: <46E025CA.9020508@ecs.soton.ac.uk> References: <46E025CA.9020508@ecs.soton.ac.uk> Message-ID: Julian, Many thanks for this :-) Jason -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 06 September 2007 17:08 To: MailScanner discussion Subject: Re: office 2007 files being treated as archives -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Add a new line to filename.rules.conf (somewhere near the top) that says this: allow \.xml\.rel$ - - Make sure the 4 "words" are separated with tab characters and not spaces. This (along with its partner filetype.rules.conf) is the only place where tab characters must be used, as the regular expression matching the filename, and the reports (which are just "-" for an "allow" rule) could also contain spaces. Jason Ede wrote: > I've noticed a problem when sending office 2007 files... > > For an attached excel worksheet for example... .xlsx Mailscanner seems to be treating this as an archive and complaining about double extensions. We can get round this by saving the file as a office 97-2003 file, but surely there must be a better way of doing it? > > This happens on the latest stable release btw... > > > MailScanner: Attempt to hide real filename extension (sheet1.xml.rel) > MailScanner: Attempt to hide real filename extension (workbook.xml.rel) > MailScanner: Attempt to hide real filename extension (sheet1.xml.rel) > MailScanner: Attempt to hide real filename extension (workbook.xml.rel) > MailScanner: Attempt to hide real filename extension (drawing1.xml.rel) > MailScanner: Attempt to hide real filename extension (drawing1.xml.rel) > > Jason > > ----------------------------------------------------------- > > The information in this e-mail and any attachments is > confidential. It is intended solely for the attention and > use of the named addressee(s). If you are not the intended > recipient, or person responsible for delivering this > information to the intended recipient, please notify the > sender or email postmaster@birchenallhowden.co.uk and > delete it from your computer systems. Unless you are the > intended recipient or his/her representative you are not > authorised to, and must not, read, copy, distribute, use > or retain this message or any part of it. All messages > are scanned by Mailscanner and are believed to be clean. > Recipients are advised to apply their own virus checks > to any message on delivery. No liability is accepted by > BirchenallHowden Ltd for any losses caused by viruses > contracted during transit over the internet or present in > any recieving system. BirchenallHowden Ltd, 53 Mowbray St, > Sheffield S3 8EN. > > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFG4CXKEfZZRxQVtlQRAmT+AKDqWJiyVLBXEjD2+JW1l9nXoSKm9wCfaiNI VwLz7Xt1WIXecDvHEa1hMmk= =ieAO -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ----------------------------------------------------------- The information in this e-mail and any attachments is confidential. It is intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, or person responsible for delivering this information to the intended recipient, please notify the sender or email postmaster@birchenallhowden.co.uk and delete it from your computer systems. Unless you are the intended recipient or his/her representative you are not authorised to, and must not, read, copy, distribute, use or retain this message or any part of it. All messages are scanned by Mailscanner and are believed to be clean. Recipients are advised to apply their own virus checks to any message on delivery. No liability is accepted by BirchenallHowden Ltd for any losses caused by viruses contracted during transit over the internet or present in any recieving system. BirchenallHowden Ltd, 53 Mowbray St, Sheffield S3 8EN. From grupolistas at gmail.com Thu Sep 6 18:42:55 2007 From: grupolistas at gmail.com (infolistas listas) Date: Thu Sep 6 18:43:00 2007 Subject: doesnt release from hold In-Reply-To: References: <44c071aa0709061024w23707d0dt6e3cc805f5e07da0@mail.gmail.com> Message-ID: <44c071aa0709061042i7f081d03mef9e3b039e443d70@mail.gmail.com> No I have no idea how to do that ... 2007/9/6, Gareth : > > When you release a message it is just put straight back into the normal > incoming queue again. > Therefore you have to exclude mail coming from 127.0.0.1 from being > scanned. Have you done this? > > -----Original Message----- > *From:* mailscanner-bounces@lists.mailscanner.info [mailto: > mailscanner-bounces@lists.mailscanner.info]*On Behalf Of *infolistas > listas > *Sent:* 06 September 2007 18:25 > *To:* MailScanner discussion > *Subject:* Re: doesnt release from hold > > Hi guys, did the confs but it's still holding the outgoing mail. > I used the webmin un-hold option but still It's holding the messages > > > Check log on http://rapido.mfplan.com.br > > 2007/9/6, infolistas listas : > > > > Thanks > > > > 2007/9/6, Julian Field : > > > > > > Rebuild Bayes Every specifies the frequency of the bayes rebuilds *in > > > seconds*. > > > So you don't want to set it to 1 !! > > > Setting it to 86400 means do it once per day. > > > > > > infolistas listas wrote: > > > > every second or 86400 ? > > > > > > > > > > > > 2007/9/6, Julian Field > > > >: > > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > Hash: SHA1 > > > > > > > > > > > > > > > > Scott Silva wrote: > > > > > infolistas listas spake the following on 9/6/2007 8:37 AM: > > > > >> postfix@mailbeta:/root$ cat /etc/MailScanner/MailScanner.conf > > > | > > > > grep > > > > >> Bayes > > > > >> # If you are using the Bayesian statistics engine on a busy > > > server, > > > > >> # you may well need to force a Bayesian database rebuild and > > > expiry > > > > >> Rebuild Bayes Every = 1 > > > > >> # The Bayesian database rebuild and expiry may take a 2 or 3 > > > > minutes > > > > >> Wait During Bayes Rebuild = no > > > > >> postfix@mailbeta:/root$ > > > > > Your bayes its trying to expire every minute. > > > > No, every second! > > > > > Try changing to; > > > > > Rebuild Bayes Every = 86400 > > > > > Wait During Bayes Rebuild = yes > > > > > > > > > > > > > > > > > > > > > > > Jules > > > > > > > > - -- > > > > Julian Field MEng CITP > > > > www.MailScanner.info < http://www.MailScanner.info> > > > > Buy the MailScanner book at www.MailScanner.info/store > > > > > > > > > > > > Need help customising MailScanner? > > > > Contact me! > > > > Need help fixing or optimising your systems? > > > > Contact me! > > > > Need help getting you started solving new requirements from your > > > boss? > > > > Contact me! > > > > > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > > > > > > > -----BEGIN PGP SIGNATURE----- > > > > Version: PGP Desktop 9.6.3 (Build 3017) > > > > Comment: (pgp-secured) > > > > Charset: ISO-8859-1 > > > > > > > > wj8DBQFG4CYFEfZZRxQVtlQRAn/AAJ9HCFmS4PK3qpXM+pptpwYccPICMgCgiFd9 > > > > ERUBMwBzhq/Gu4C6WPy5GMs= > > > > =wDhW > > > > -----END PGP SIGNATURE----- > > > > > > > > -- > > > > This message has been scanned for viruses and > > > > dangerous content by MailScanner, and is > > > > believed to be clean. > > > > For all your IT requirements visit www.transtec.co.uk > > > > > > > > > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > > Jules > > > > > > -- > > > Julian Field MEng CITP > > > www.MailScanner.info > > > Buy the MailScanner book at www.MailScanner.info/store > > > > > > MailScanner customisation, or any advanced system administration help? > > > Contact me at Jules@Jules.FM > > > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > For all your IT requirements visit www.transtec.co.uk > > > > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content by MailScanner, and is > > > believed to be clean. > > > For all your IT requirements visit www.transtec.co.uk > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070906/5286e297/attachment.html From list-mailscanner at linguaphone.com Thu Sep 6 18:59:09 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Thu Sep 6 18:59:21 2007 Subject: {Disarmed} Re: doesnt release from hold In-Reply-To: <44c071aa0709061042i7f081d03mef9e3b039e443d70@mail.gmail.com> Message-ID: Create a file called scan.message.rules within your /etc/MailScanner/rules directory and put the following two lines in it :- From: 127.0.0.1 no FromOrTo: default yes Now edit MailScanner.conf and change the section so it looks like (last line has been changed):- # If this is set to yes, then email messages passing through MailScanner # will be processed and checked, and all the other options in this file # will be used to control what checks are made on the message. # If this is set to no, then email messages will NOT be processed or # checked *at all*, and so any viruses or other problems will be ignored. # # The purpose of this option is to set it to be a ruleset, so that you # can skip all scanning of mail destined for some of your users/customers # and still scan all the rest. # A sample ruleset would look like this: # To: bad.customer.com no # From: ignore.domain.com no # FromOrTo: default yes # That will scan all mail except mail to bad.customer.com and mail from # ignore.domain.com. To set this up, put the 3 lines above into a file # called /etc/MailScanner/rules/scan.messages.rules and set the next line to # Scan Messages = %rules-dir%/scan.messages.rules # This can also be the filename of a ruleset (as illustrated above). Scan Messages = %rules-dir%/scan.messages.rules Now restart mailscanner and you should be able to release files from the quarantine. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of infolistas listas Sent: 06 September 2007 18:43 To: MailScanner discussion Subject: {Disarmed} Re: doesnt release from hold No I have no idea how to do that ... 2007/9/6, Gareth : When you release a message it is just put straight back into the normal incoming queue again. Therefore you have to exclude mail coming from MailScanner warning: numerical links are often malicious: 127.0.0.1 from being scanned. Have you done this? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of infolistas listas Sent: 06 September 2007 18:25 To: MailScanner discussion Subject: Re: doesnt release from hold Hi guys, did the confs but it's still holding the outgoing mail. I used the webmin un-hold option but still It's holding the messages Check log on http://rapido.mfplan.com.br 2007/9/6, infolistas listas : Thanks 2007/9/6, Julian Field : Rebuild Bayes Every specifies the frequency of the bayes rebuilds *in seconds*. So you don't want to set it to 1 !! Setting it to 86400 means do it once per day. infolistas listas wrote: > every second or 86400 ? > > > 2007/9/6, Julian Field >: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Scott Silva wrote: > > infolistas listas spake the following on 9/6/2007 8:37 AM: > >> postfix@mailbeta:/root$ cat /etc/MailScanner/MailScanner.conf | > grep > >> Bayes > >> # If you are using the Bayesian statistics engine on a busy server, > >> # you may well need to force a Bayesian database rebuild and expiry > >> Rebuild Bayes Every = 1 > >> # The Bayesian database rebuild and expiry may take a 2 or 3 > minutes > >> Wait During Bayes Rebuild = no > >> postfix@mailbeta:/root$ > > Your bayes its trying to expire every minute. > No, every second! > > Try changing to; > > Rebuild Bayes Every = 86400 > > Wait During Bayes Rebuild = yes > > > > > > > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info < http://www.MailScanner.info> > Buy the MailScanner book at www.MailScanner.info/store > > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.3 (Build 3017) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFG4CYFEfZZRxQVtlQRAn/AAJ9HCFmS4PK3qpXM+pptpwYccPICMgCgiFd9 > ERUBMwBzhq/Gu4C6WPy5GMs= > =wDhW > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070906/51e46b76/attachment-0001.html From jcals at kls.es Thu Sep 6 18:09:42 2007 From: jcals at kls.es (jcals@kls.es) Date: Thu Sep 6 19:02:58 2007 Subject: {Disarmed} Re: doesnt release from hold Message-ID: <20070906170942.14358.qmail@punk.kls.es> Hola, He recibido su email, pero no voy a poder garantizar respuesta hasta que vuelva al despacho, ya que estoy en un proyecto en Madrid hasta el 10 de septiembre. Si se trata de alg?n tema urgente puede contactar conmigo al 661.411.211. Salut ! :-) ------------------------- Hi, I've received your email but I can't guarantee any reply untill I'm back to office from Madrid, because of a client's project untill sept 10th. If you feel you really need to contact to me because any important thing you can call me at 661.411.211. Cheers ! :-) From jcals at kls.es Thu Sep 6 18:12:42 2007 From: jcals at kls.es (jcals@kls.es) Date: Thu Sep 6 19:06:00 2007 Subject: {Disarmed} Re: doesnt release from hold Message-ID: <20070906171242.15400.qmail@punk.kls.es> Hola, He recibido su email, pero no voy a poder garantizar respuesta hasta que vuelva al despacho, ya que estoy en un proyecto en Madrid hasta el 10 de septiembre. Si se trata de alg?n tema urgente puede contactar conmigo al 661.411.211. Salut ! :-) ------------------------- Hi, I've received your email but I can't guarantee any reply untill I'm back to office from Madrid, because of a client's project untill sept 10th. If you feel you really need to contact to me because any important thing you can call me at 661.411.211. Cheers ! :-) From jcals at kls.es Thu Sep 6 18:13:39 2007 From: jcals at kls.es (jcals@kls.es) Date: Thu Sep 6 19:06:53 2007 Subject: {Disarmed} Re: doesnt release from hold Message-ID: <20070906171339.15895.qmail@punk.kls.es> Hola, He recibido su email, pero no voy a poder garantizar respuesta hasta que vuelva al despacho, ya que estoy en un proyecto en Madrid hasta el 10 de septiembre. Si se trata de alg?n tema urgente puede contactar conmigo al 661.411.211. Salut ! :-) ------------------------- Hi, I've received your email but I can't guarantee any reply untill I'm back to office from Madrid, because of a client's project untill sept 10th. If you feel you really need to contact to me because any important thing you can call me at 661.411.211. Cheers ! :-) From maillists at conactive.com Thu Sep 6 20:03:33 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Sep 6 20:03:32 2007 Subject: yum repositories, was: Just some ideas for upcoming MailScanner releases In-Reply-To: <46DF06D3.2090102@elirion.net> References: <20070904134246.GA11063@doctor.nl2k.ab.ca> <46DE0756.9090903@gmail.com> <46DEED63.7080606@ecs.soton.ac.uk> <46DF06D3.2090102@elirion.net> Message-ID: Richard Siddall wrote on Wed, 05 Sep 2007 15:43:15 -0400: > Another approach that might work would be to join RPMForge, or give Dag > Wieers (etc.) an updated mailscanner.spec or SRPM to build from. > Offloading repo support to RPMForge (and a few other entities) would > make your life easier in some respects. I think talking to Dag would be the best approach as Dag already has all the other preliminaries and optional add-ons "in stock" and has had a long experience with repos. Dags stuff is always very reliable, fast on updates, has several mirrors and this would make it a one-stop shop for MailScanner. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Thu Sep 6 20:03:34 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Sep 6 20:03:35 2007 Subject: yum repositories, was: Just some ideas for upcoming MailScanner releases In-Reply-To: <46DFA982.1090106@statsbiblioteket.dk> References: <20070904134246.GA11063@doctor.nl2k.ab.ca> <46DE0756.9090903@gmail.com> <46DEED63.7080606@ecs.soton.ac.uk> <46DF06D3.2090102@elirion.net> <46DFA982.1090106@statsbiblioteket.dk> Message-ID: Tom G. Christensen wrote on Thu, 06 Sep 2007 09:17:22 +0200: > How do you propose to solve the problem that it's not really possible to > upgrade a number of core perl modules using rpms without installing with > --force due to file conflicts? You don't need to upgrade unless the module on an older distribution doesn't meet the needs. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From james at gray.net.au Fri Sep 7 00:37:06 2007 From: james at gray.net.au (James Gray) Date: Fri Sep 7 00:37:17 2007 Subject: MailScanner + Zimbra...anyone done it before? Message-ID: <6F097294-4AEA-4BD1-8C89-2799A4087AC2@gray.net.au> Hi All, The company that currently finances my lifestyle has installed Zimbra (www.zimbra.com) as their preferred collaboration suite. However, after running it since May this year, I've come to the conclusion their implementation of SpamAssassin and ClamAV in Zimbra (via Amavis) is really poorly done. Modifying the SA config is cumbersome and there is nothing available to check SA rules before installing them ("suck it and see", is about as good as it gets). Even worse though, is there is no ability to notify a user if a message was quarantined by SA - it just never gets delivered and falls out of quarantine after "X" days. Plus the attachment scanning is really quite mediocre. Don't get me wrong, as a *BASIC* antispam/antivirus setup it's got ticks in all the boxes, but having been spoilt with MailScanner's flexibility and fine-grained configuration for years, it's hard to go back to a less-capable setup. So my question to the list: has anyone ever tried to integrate MailScanner with Zimbra? Essentially Zimbra just uses Postfix as its MTA, so that's not too hard. However, it's all the "other" little things that I haven't thought of yet that worry me. Some of the things I have thought of are: 1. The Zimbra system has a "ham@..." and "spam@..." user where users send false positives/negatives. These end up in a mailbox that is stored in a MySQL database, ie, no file-system maildir folders. So assuming I want an automated learning script to pull the messages out and feed them to SA, I guess I'll have to use fetchmail or something similar to get the messages first. Right? Or would I be better off hacking something up to read them directly from the DB? 2. Mailwatch. Zimbra has its own MySQL daemon, so rather than doubling up, I guess I can just create a "MailWatch" instance in there and feed it as per normal. 3. Quarantine and releasing mail, MailScanner's own notifications etc. In short, there is no "sendmail" binary included with Zimbra. I have a separate exim binary but it's config is designed to send mail to the Internet as the "HELO/EHLO" host name Zimbra uses is not the same as the reverse of our external IP...so exim handles outbound mail. Short of adding a new configuration file for exim to deliver to Zimbra's postfix, I'm not really sure how this aspect is going to pan out :-S When I get all this working, I'll write up some documentation on the wiki if anyone is interested. Cheers, James -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2417 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070907/321d0daa/smime.bin From jcals at kls.es Thu Sep 6 23:48:43 2007 From: jcals at kls.es (jcals@kls.es) Date: Fri Sep 7 00:42:01 2007 Subject: MailScanner + Zimbra...anyone done it before? Message-ID: <20070906224843.5482.qmail@punk.kls.es> Hola, He recibido su email, pero no voy a poder garantizar respuesta hasta que vuelva al despacho, ya que estoy en un proyecto en Madrid hasta el 10 de septiembre. Si se trata de alg?n tema urgente puede contactar conmigo al 661.411.211. Salut ! :-) ------------------------- Hi, I've received your email but I can't guarantee any reply untill I'm back to office from Madrid, because of a client's project untill sept 10th. If you feel you really need to contact to me because any important thing you can call me at 661.411.211. Cheers ! :-) From ssilva at sgvwater.com Fri Sep 7 00:54:10 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Sep 7 00:54:55 2007 Subject: MailScanner + Zimbra...anyone done it before? In-Reply-To: <20070906224843.5482.qmail@punk.kls.es> References: <20070906224843.5482.qmail@punk.kls.es> Message-ID: jcals@kls.es spake the following on 9/6/2007 3:48 PM: > Hola, > > He recibido su email, pero no voy a poder garantizar respuesta hasta que vuelva al despacho, ya que estoy en un proyecto en Madrid hasta el 10 de septiembre. > > Si se trata de alg??n tema urgente puede contactar conmigo al 661.411.211. > > Salut ! :-) > > ------------------------- > > Hi, > > I've received your email but I can't guarantee any reply untill I'm back to office from Madrid, because of a client's project untill sept 10th. > > If you feel you really need to contact to me because any important thing you can call me at 661.411.211. > > Cheers ! :-) > > > Hello, I have received your stupid auto reply message several times already. No wonder our bosses don't think we should take vacations!!!! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From micoots at yahoo.com Fri Sep 7 00:57:04 2007 From: micoots at yahoo.com (Michael Mansour) Date: Fri Sep 7 00:57:08 2007 Subject: PGP links not working Message-ID: <76097.75133.qm@web33308.mail.mud.yahoo.com> Hi, The PGP signature links on: http://www.mailscanner.info/downloads.html are not working. Regards, Michael. --------------------------------- Sick of deleting your inbox? Yahoo!7 Mail has free unlimited storage. Get it now. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070907/21715d39/attachment.html From jcals at kls.es Fri Sep 7 01:38:20 2007 From: jcals at kls.es ([KLS] Jordi Cals) Date: Fri Sep 7 01:45:33 2007 Subject: MailScanner + Zimbra...anyone done it before? References: <20070906224843.5482.qmail@punk.kls.es> Message-ID: <000301c7f0e7$63d6ed90$6101a8c0@klsservicios.com> Yeah Scott, my stupid messages were gone. Sorry for disturbing, my stupid friend. Greetz. ----- Original Message ----- From: "Scott Silva" To: Sent: Friday, September 07, 2007 1:54 AM Subject: Re: MailScanner + Zimbra...anyone done it before? jcals@kls.es spake the following on 9/6/2007 3:48 PM: > Hola, > He recibido su email, pero no voy a poder garantizar respuesta hasta que > vuelva al despacho, ya que estoy en un proyecto en Madrid hasta el 10 de > septiembre. > Si se trata de alg??n tema urgente puede contactar conmigo al 661.411.211. > > Salut ! :-) > > ------------------------- > > Hi, > I've received your email but I can't guarantee any reply untill I'm back > to office from Madrid, because of a client's project untill sept 10th. > > If you feel you really need to contact to me because any important thing > you can call me at 661.411.211. > > Cheers ! :-) > > > Hello, I have received your stupid auto reply message several times already. No wonder our bosses don't think we should take vacations!!!! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From alex at nkpanama.com Fri Sep 7 05:04:21 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Sep 7 05:05:41 2007 Subject: office 2007 files being treated as archives In-Reply-To: <46E025CA.9020508@ecs.soton.ac.uk> References: <46E025CA.9020508@ecs.soton.ac.uk> Message-ID: <46E0CDC5.8060004@nkpanama.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Add a new line to filename.rules.conf (somewhere near the top) that says > this: > allow \.xml\.rel$ - - > Make sure the 4 "words" are separated with tab characters and not > spaces. This (along with its partner filetype.rules.conf) is the only > place where tab characters must be used, as the regular expression > matching the filename, and the reports (which are just "-" for an > "allow" rule) could also contain spaces. > > This could work - but I've already had other problems with Office 2007 files. I don't recall exactly what right now - I implemented something to get it out of the way and forgot about it, but I think it was similar. It would be a good thing if anybody else comes out and mentions any details regarding this so we can take proper action. Anybody here know why these files are treated as archives? Any other light that could be shed on the subject might help to better deal with these files, since we're all going to be finding them more often as people start "upgrading" to Office 2007. > Jason Ede wrote: > >> I've noticed a problem when sending office 2007 files... >> >> For an attached excel worksheet for example... .xlsx Mailscanner seems to be treating this as an archive and complaining about double extensions. We can get round this by saving the file as a office 97-2003 file, but surely there must be a better way of doing it? >> >> This happens on the latest stable release btw... >> >> >> MailScanner: Attempt to hide real filename extension (sheet1.xml.rel) >> MailScanner: Attempt to hide real filename extension (workbook.xml.rel) >> MailScanner: Attempt to hide real filename extension (sheet1.xml.rel) >> MailScanner: Attempt to hide real filename extension (workbook.xml.rel) >> MailScanner: Attempt to hide real filename extension (drawing1.xml.rel) >> MailScanner: Attempt to hide real filename extension (drawing1.xml.rel) >> >> Jason >> >> ----------------------------------------------------------- >> >> The information in this e-mail and any attachments is >> confidential. It is intended solely for the attention and >> use of the named addressee(s). If you are not the intended >> recipient, or person responsible for delivering this >> information to the intended recipient, please notify the >> sender or email postmaster@birchenallhowden.co.uk and >> delete it from your computer systems. Unless you are the >> intended recipient or his/her representative you are not >> authorised to, and must not, read, copy, distribute, use >> or retain this message or any part of it. All messages >> are scanned by Mailscanner and are believed to be clean. >> Recipients are advised to apply their own virus checks >> to any message on delivery. No liability is accepted by >> BirchenallHowden Ltd for any losses caused by viruses >> contracted during transit over the internet or present in >> any recieving system. BirchenallHowden Ltd, 53 Mowbray St, >> Sheffield S3 8EN. >> >> >> >> > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.3 (Build 3017) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFG4CXKEfZZRxQVtlQRAmT+AKDqWJiyVLBXEjD2+JW1l9nXoSKm9wCfaiNI > VwLz7Xt1WIXecDvHEa1hMmk= > =ieAO > -----END PGP SIGNATURE----- > > From martinh at solidstatelogic.com Fri Sep 7 08:55:20 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Sep 7 08:55:30 2007 Subject: MailScanner + Zimbra...anyone done it before? In-Reply-To: <6F097294-4AEA-4BD1-8C89-2799A4087AC2@gray.net.au> Message-ID: <7bd119aedd59c44f8bad7dbb74bc17a0@solidstatelogic.com> James You could always just setup a separate gateway, but if you want it all on one machine...but I wouldn't advise it I've heard Zimbra's pretty hard on resources itself (although this is purely rumour when I tried it under very little testing it was OK). But SA (as you know) can be pretty heavy on resources. Anyway 1) there's lots of scripts about that allow you to call the ham/spam as a imap folder and drag the email off the way. If you can't find I'll ding you mine off list.. 2) you could - again I'd watch performance here.. 3) In the mailwatch conf.php you can set it to call a 'sendmail' binary itself and then tell it you use the postfix sendmail equiv. here's mine.. define(QUARANTINE_USE_SENDMAIL, true); //define(QUARANTINE_SENDMAIL_PATH, '/usr/sbin/sendmail'); define(QUARANTINE_SENDMAIL_PATH, '/usr/local/sbin/exim'); -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of James Gray > Sent: 07 September 2007 00:37 > To: MailScanner Discussion List > Subject: MailScanner + Zimbra...anyone done it before? > > Hi All, > > The company that currently finances my lifestyle has installed Zimbra > (www.zimbra.com) as their preferred collaboration suite. However, > after running it since May this year, I've come to the conclusion > their implementation of SpamAssassin and ClamAV in Zimbra (via > Amavis) is really poorly done. Modifying the SA config is cumbersome > and there is nothing available to check SA rules before installing > them ("suck it and see", is about as good as it gets). Even worse > though, is there is no ability to notify a user if a message was > quarantined by SA - it just never gets delivered and falls out of > quarantine after "X" days. Plus the attachment scanning is really > quite mediocre. Don't get me wrong, as a *BASIC* antispam/antivirus > setup it's got ticks in all the boxes, but having been spoilt with > MailScanner's flexibility and fine-grained configuration for years, > it's hard to go back to a less-capable setup. > > So my question to the list: has anyone ever tried to integrate > MailScanner with Zimbra? Essentially Zimbra just uses Postfix as its > MTA, so that's not too hard. However, it's all the "other" little > things that I haven't thought of yet that worry me. Some of the > things I have thought of are: > > 1. The Zimbra system has a "ham@..." and "spam@..." user where users > send false positives/negatives. These end up in a mailbox that is > stored in a MySQL database, ie, no file-system maildir folders. So > assuming I want an automated learning script to pull the messages out > and feed them to SA, I guess I'll have to use fetchmail or something > similar to get the messages first. Right? Or would I be better off > hacking something up to read them directly from the DB? > > 2. Mailwatch. Zimbra has its own MySQL daemon, so rather than > doubling up, I guess I can just create a "MailWatch" instance in > there and feed it as per normal. > > 3. Quarantine and releasing mail, MailScanner's own notifications > etc. In short, there is no "sendmail" binary included with Zimbra. > I have a separate exim binary but it's config is designed to send > mail to the Internet as the "HELO/EHLO" host name Zimbra uses is not > the same as the reverse of our external IP...so exim handles outbound > mail. Short of adding a new configuration file for exim to deliver > to Zimbra's postfix, I'm not really sure how this aspect is going to > pan out :-S > > When I get all this working, I'll write up some documentation on the > wiki if anyone is interested. > > Cheers, > > James ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From hvdkooij at vanderkooij.org Fri Sep 7 10:09:13 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Sep 7 10:09:30 2007 Subject: MailScanner + Zimbra...anyone done it before? In-Reply-To: <6F097294-4AEA-4BD1-8C89-2799A4087AC2@gray.net.au> References: <6F097294-4AEA-4BD1-8C89-2799A4087AC2@gray.net.au> Message-ID: On Fri, 7 Sep 2007, James Gray wrote: > The company that currently finances my lifestyle has installed Zimbra > (www.zimbra.com) as their preferred collaboration suite. However, after > running it since May this year, I've come to the conclusion their > implementation of SpamAssassin and ClamAV in Zimbra (via Amavis) is really > poorly done. Modifying the SA config is cumbersome and there is nothing > available to check SA rules before installing them ("suck it and see", is > about as good as it gets). Even worse though, is there is no ability to > notify a user if a message was quarantined by SA - it just never gets > delivered and falls out of quarantine after "X" days. Plus the attachment > scanning is really quite mediocre. Don't get me wrong, as a *BASIC* > antispam/antivirus setup it's got ticks in all the boxes, but having been > spoilt with MailScanner's flexibility and fine-grained configuration for > years, it's hard to go back to a less-capable setup. I would disable as much of it as possible from Zimbra and set a seperate server next to it to act ias inbound and outbound gateway. If they prefer Zimba I guess they do not like it if you turn it into a unmaintable beast. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From tgc at statsbiblioteket.dk Fri Sep 7 11:31:08 2007 From: tgc at statsbiblioteket.dk (Tom G. Christensen) Date: Fri Sep 7 11:31:11 2007 Subject: yum repositories, was: Just some ideas for upcoming MailScanner releases In-Reply-To: References: <20070904134246.GA11063@doctor.nl2k.ab.ca> <46DE0756.9090903@gmail.com> <46DEED63.7080606@ecs.soton.ac.uk> <46DF06D3.2090102@elirion.net> <46DFA982.1090106@statsbiblioteket.dk> Message-ID: <46E1286C.4040109@statsbiblioteket.dk> Kai Schaetzl wrote: > Tom G. Christensen wrote on Thu, 06 Sep 2007 09:17:22 +0200: > >> How do you propose to solve the problem that it's not really possible to >> upgrade a number of core perl modules using rpms without installing with >> --force due to file conflicts? > > You don't need to upgrade unless the module on an older distribution > doesn't meet the needs. > The MS tarball includes atleast one core module newer than what is shipped with perl 5.8.8. The module is File::Temp v0.18, perl 5.8.8 only ships with v0.16. This means even a dist like CentOS5 needs this module updated unless the version dependency is lowered. In CentOS3 & 4 perl is shipped with an INC path that leaves vendor_perl last, which means you cannot actually upgrade a core module without overwriting the files in the main perl package. Fortunately in CentOS5 this has been changed and vendor_perl is now searched before core by default. -tgc From paul at blacknight.ie Fri Sep 7 14:51:02 2007 From: paul at blacknight.ie (Paul Kelly :: Blacknight Solutions) Date: Fri Sep 7 14:48:16 2007 Subject: MailScanner lock up Problem Message-ID: <46E15746.2070305@blacknight.ie> Hi All, One of our boxes has developed a weird lock up problem in the last 24 hours. Version: 4.63.8 SA: 3.2.3 Perl: 5.8.5 Once started MailScanner will process a few 100 mails and then simply lock up. e.g. mail 22296 0.2 1.3 63840 58056 ? S 14:03 0:06 MailScanner: dangerous content scanning mail 22325 0.3 1.4 64288 58524 ? S 14:03 0:06 MailScanner: waiting for messages mail 22384 0.2 1.3 63104 57344 ? S 14:04 0:05 MailScanner: checking with SpamAssassin mail 22452 0.3 1.4 64412 58632 ? S 14:04 0:06 MailScanner: waiting for messages mail 22506 0.3 1.4 64364 58520 ? S 14:04 0:06 MailScanner: finishing batch mail 22543 0.2 1.3 62660 56900 ? S 14:04 0:05 MailScanner: checking with SpamAssassin mail 22588 0.2 1.3 63504 57652 ? S 14:04 0:05 MailScanner: spam checks mail 22608 0.2 1.4 64212 58372 ? S 14:04 0:06 MailScanner: waiting for messages mail 21668 0.0 0.5 26948 21112 ? Ss 14:03 0:00 MailScanner: master waiting for children, sleeping mail 21669 0.2 1.3 63088 57272 ? S 14:03 0:05 MailScanner: waiting for messages mail 22176 0.2 1.4 64648 58836 ? S 14:03 0:06 MailScanner: dangerous content scanning They will stay like that for ever. If you do a restart, the processes never die and the init script is unhappy and keeps saying: Waiting for MailScanner to die gracefully ................................... it'll keep going like that, till I have to force a restart. An strace on some of the PIDs shows: Parent process: # strace -p 21668 Process 21668 attached - interrupt to quit waitpid(-1, Children: # strace -p 21669 Process 21669 attached - interrupt to quit write(5, "<22>Sep 7 14:08:37 MailScanner["..., 77 # strace -p 22176 Process 22176 attached - interrupt to quit write(5, "<22>Sep 7 14:19:50 MailScanner["..., 113 No other activity from them. We're running this on CentOS 4.5 and most of the important perl modules are current. If i run MailScanner --debug --debug-sa, the process exists once it's batch is done with no obvious errors or anything. Any of you got any ideas?? thanks, Paul -- Paul Kelly Technical Director Blacknight Internet Solutions ltd Hosting, Colocation, Dedicated servers IP Transit Services Lo-call: 1850 929 929 DDI: 059 9183091 e-mail: paul@blacknight.ie web: http://www.blacknight.ie Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park, Sleaty Road, Graiguecullen, Carlow, Ireland Company No.: 370845 From steve.freegard at fsl.com Fri Sep 7 15:33:34 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Fri Sep 7 15:33:35 2007 Subject: MailScanner lock up Problem In-Reply-To: <46E15746.2070305@blacknight.ie> References: <46E15746.2070305@blacknight.ie> Message-ID: <46E1613E.3010403@fsl.com> Hi Paul, Paul Kelly :: Blacknight Solutions wrote: > Hi All, > > One of our boxes has developed a weird lock up problem in the last 24 hours. > > Version: 4.63.8 > SA: 3.2.3 > Perl: 5.8.5 > > Once started MailScanner will process a few 100 mails and then simply > lock up. > > e.g. > > mail 22296 0.2 1.3 63840 58056 ? S 14:03 0:06 > MailScanner: dangerous content scanning > mail 22325 0.3 1.4 64288 58524 ? S 14:03 0:06 > MailScanner: waiting for messages > mail 22384 0.2 1.3 63104 57344 ? S 14:04 0:05 > MailScanner: checking with SpamAssassin > mail 22452 0.3 1.4 64412 58632 ? S 14:04 0:06 > MailScanner: waiting for messages > mail 22506 0.3 1.4 64364 58520 ? S 14:04 0:06 > MailScanner: finishing batch > mail 22543 0.2 1.3 62660 56900 ? S 14:04 0:05 > MailScanner: checking with SpamAssassin > mail 22588 0.2 1.3 63504 57652 ? S 14:04 0:05 > MailScanner: spam checks > mail 22608 0.2 1.4 64212 58372 ? S 14:04 0:06 > MailScanner: waiting for messages > mail 21668 0.0 0.5 26948 21112 ? Ss 14:03 0:00 > MailScanner: master waiting for children, sleeping > mail 21669 0.2 1.3 63088 57272 ? S 14:03 0:05 > MailScanner: waiting for messages > mail 22176 0.2 1.4 64648 58836 ? S 14:03 0:06 > MailScanner: dangerous content scanning > > > They will stay like that for ever. If you do a restart, the processes > never die and the init script is unhappy and keeps saying: > > Waiting for MailScanner to die gracefully > ................................... > > > it'll keep going like that, till I have to force a restart. > > An strace on some of the PIDs shows: > > Parent process: > > # strace -p 21668 > Process 21668 attached - interrupt to quit > waitpid(-1, > > Children: > > # strace -p 21669 > Process 21669 attached - interrupt to quit > write(5, "<22>Sep 7 14:08:37 MailScanner["..., 77 > > # strace -p 22176 > Process 22176 attached - interrupt to quit > write(5, "<22>Sep 7 14:19:50 MailScanner["..., 113 > > No other activity from them. We're running this on CentOS 4.5 and most > of the important perl modules are current. > > If i run MailScanner --debug --debug-sa, the process exists once it's > batch is done with no obvious errors or anything. > > Any of you got any ideas?? By the looks of the strace - my gut tells me that the problem is related to syslog. Hopefully that might point you in the right direction. Also - make sure that 'nscd' isn't running as that's caused me no end of trouble in the past with similar symptoms. Kind regards, Steve. From dfilchak at sympatico.ca Fri Sep 7 15:45:08 2007 From: dfilchak at sympatico.ca (Dave Filchak) Date: Fri Sep 7 15:45:24 2007 Subject: Trouble with White Listing Mailman list In-Reply-To: <625385e30709050720w27ad1733p71cd788e0cdbea47@mail.gmail.com> References: <46DE607A.2030907@sympatico.ca> <625385e30709050102s1a9f9c57s99f5f7efa4e5f325@mail.gmail.com> <46DEB255.8060607@sympatico.ca> <625385e30709050720w27ad1733p71cd788e0cdbea47@mail.gmail.com> Message-ID: <46E163F4.5080100@sympatico.ca> shuttlebox wrote: > On 9/5/07, Dave Filchak wrote: > >> X-zuka.net-rw-MailScanner-SpamCheck: spam, SpamAssassin (not cached, >> score=5.13, required 5, ALL_TRUSTED -1.44, >> FUZZY_OCR_CORRUPT_IMG 0.50, HEADER_SPAM 3.12, HTML_MESSAGE 0.00, >> HTML_TAG_EXIST_TBODY 0.13, SARE_GIF_ATTACH 1.42, >> SARE_HEAD_HDR_APPROV 0.82, SARE_UNI 0.59), not spam, SpamAssassin (not cached, >> score=3.451, required 5, FUZZY_OCR_CORRUPT_IMG 0.50, >> HTML_MESSAGE 0.00, HTML_TAG_EXIST_TBODY 0.13, INFO_TLD 0.81, >> SARE_GIF_ATTACH 1.42, SARE_UNI 0.59) >> > > >> X-Zuka-EB-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=8.226, >> required 5, BAYES_50 0.00, HEADER_SPAM 3.40, >> HTML_MESSAGE 0.00, >> INLINE_IMAGE 2.00, SARE_GIF_ATTACH 1.42, SARE_HEAD_HDR_APPROV 0.82, >> SARE_UNI 0.59), not spam, SpamAssassin (cached, score=4.013, >> required 5, BAYES_50 0.00, HTML_MESSAGE 0.00, INLINE_IMAGE 2.00, >> SARE_GIF_ATTACH 1.42, SARE_UNI 0.59) >> > > Very strange that you in the report have two reports, one that says > it's spam and one that disagrees! Do you have spamd running? > > Also, remove the dot in zuka.net (%org-name%), it's not allowed. It's > been known to cause problems. > > Julian: would you consider adding a dot/underscore check to --lint? > > No ... we are not running spamd. To my knowledge, MailScanner is using spamassassin directly. Dave From paul at blacknight.ie Fri Sep 7 16:06:44 2007 From: paul at blacknight.ie (Paul Kelly :: Blacknight Solutions) Date: Fri Sep 7 16:04:01 2007 Subject: MailScanner lock up Problem In-Reply-To: <46E1613E.3010403@fsl.com> References: <46E15746.2070305@blacknight.ie> <46E1613E.3010403@fsl.com> Message-ID: <46E16904.8080607@blacknight.ie> Steve Freegard wrote: > By the looks of the strace - my gut tells me that the problem is related > to syslog. Hopefully that might point you in the right direction. > > Also - make sure that 'nscd' isn't running as that's caused me no end of > trouble in the past with similar symptoms. Syslog you say. Hmmmm. No joy on that front. Also don't have nscd enabled. Paul -- Paul Kelly Technical Director Blacknight Internet Solutions ltd Hosting, Colocation, Dedicated servers IP Transit Services Lo-call: 1850 929 929 DDI: 059 9183091 e-mail: paul@blacknight.ie web: http://www.blacknight.ie Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park, Sleaty Road, Graiguecullen, Carlow, Ireland Company No.: 370845 From ssilva at sgvwater.com Fri Sep 7 18:58:22 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Sep 7 18:58:32 2007 Subject: office 2007 files being treated as archives In-Reply-To: <46E0CDC5.8060004@nkpanama.com> References: <46E025CA.9020508@ecs.soton.ac.uk> <46E0CDC5.8060004@nkpanama.com> Message-ID: Alex Neuman van der Hans spake the following on 9/6/2007 9:04 PM: > > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Add a new line to filename.rules.conf (somewhere near the top) that >> says this: >> allow \.xml\.rel$ - - >> Make sure the 4 "words" are separated with tab characters and not >> spaces. This (along with its partner filetype.rules.conf) is the only >> place where tab characters must be used, as the regular expression >> matching the filename, and the reports (which are just "-" for an >> "allow" rule) could also contain spaces. >> >> > This could work - but I've already had other problems with Office 2007 > files. I don't recall exactly what right now - I implemented something > to get it out of the way and forgot about it, but I think it was > similar. It would be a good thing if anybody else comes out and mentions > any details regarding this so we can take proper action. > > Anybody here know why these files are treated as archives? Any other > light that could be shed on the subject might help to better deal with > these files, since we're all going to be finding them more often as > people start "upgrading" to Office 2007. If you look at the spec they are an archive. Multiple files in a container which I believe is a zip file. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From alex at nkpanama.com Fri Sep 7 19:06:42 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Sep 7 19:07:49 2007 Subject: office 2007 files being treated as archives In-Reply-To: References: <46E025CA.9020508@ecs.soton.ac.uk> <46E0CDC5.8060004@nkpanama.com> Message-ID: <46E19332.10605@nkpanama.com> Scott Silva wrote: > Alex Neuman van der Hans spake the following on 9/6/2007 9:04 PM: >> >> Julian Field wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Add a new line to filename.rules.conf (somewhere near the top) that >>> says this: >>> allow \.xml\.rel$ - - >>> Make sure the 4 "words" are separated with tab characters and not >>> spaces. This (along with its partner filetype.rules.conf) is the >>> only place where tab characters must be used, as the regular >>> expression matching the filename, and the reports (which are just >>> "-" for an "allow" rule) could also contain spaces. >>> >>> >> This could work - but I've already had other problems with Office >> 2007 files. I don't recall exactly what right now - I implemented >> something to get it out of the way and forgot about it, but I think >> it was similar. It would be a good thing if anybody else comes out >> and mentions any details regarding this so we can take proper action. >> >> Anybody here know why these files are treated as archives? Any other >> light that could be shed on the subject might help to better deal >> with these files, since we're all going to be finding them more often >> as people start "upgrading" to Office 2007. > If you look at the spec they are an archive. Multiple files in a > container which I believe is a zip file. > And as such, susceptible to misinterpretation - I think I got one saying the file was "too compressed to be a real archive", which to me sounds like some part of MailScanner or clam or something (I'm still trying to remember the specifics) thought it was like one of those "42.zip" type problems. From maillists at conactive.com Fri Sep 7 21:31:50 2007 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Sep 7 21:31:52 2007 Subject: yum repositories, was: Just some ideas for upcoming MailScanner releases In-Reply-To: <46E1286C.4040109@statsbiblioteket.dk> References: <20070904134246.GA11063@doctor.nl2k.ab.ca> <46DE0756.9090903@gmail.com> <46DEED63.7080606@ecs.soton.ac.uk> <46DF06D3.2090102@elirion.net> <46DFA982.1090106@statsbiblioteket.dk> <46E1286C.4040109@statsbiblioteket.dk> Message-ID: Tom G. Christensen wrote on Fri, 07 Sep 2007 12:31:08 +0200: > The MS tarball includes atleast one core module newer than what is > shipped with perl 5.8.8. This doesn't mean you need it. > This means even a dist like CentOS5 needs this module updated unless the > version dependency is lowered. Not at all. You install all modules that CentOS5 (or whichever else) doesn't have, for instance from rpmforge. Then you install *only* the mailscanner*.rpm from the tarball. And only that should be what gets installed via yum. There's no dependency on File::Temp v0.18 in the rpm, so there should be none when installed via yum. As File::Temp is already part of Perl there should not even be a dependency on *any* version of it for those OSes that ship with it included. One thing that is more of a problem is what Phil Randal pointed out. Some things that you normally do "half-automated" after installation have to be incorporated in the yum install process and run automatically in a senseful way. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Fri Sep 7 22:36:18 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Sep 7 22:36:35 2007 Subject: office 2007 files being treated as archives In-Reply-To: <46E19332.10605@nkpanama.com> References: <46E025CA.9020508@ecs.soton.ac.uk> <46E0CDC5.8060004@nkpanama.com> <46E19332.10605@nkpanama.com> Message-ID: <46E1C452.9090900@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Neuman van der Hans wrote: > Scott Silva wrote: >> Alex Neuman van der Hans spake the following on 9/6/2007 9:04 PM: >>> >>> Julian Field wrote: >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> Add a new line to filename.rules.conf (somewhere near the top) that >>>> says this: >>>> allow \.xml\.rel$ - - >>>> Make sure the 4 "words" are separated with tab characters and not >>>> spaces. This (along with its partner filetype.rules.conf) is the >>>> only place where tab characters must be used, as the regular >>>> expression matching the filename, and the reports (which are just >>>> "-" for an "allow" rule) could also contain spaces. >>>> >>>> >>> This could work - but I've already had other problems with Office >>> 2007 files. I don't recall exactly what right now - I implemented >>> something to get it out of the way and forgot about it, but I think >>> it was similar. It would be a good thing if anybody else comes out >>> and mentions any details regarding this so we can take proper action. >>> >>> Anybody here know why these files are treated as archives? Any other >>> light that could be shed on the subject might help to better deal >>> with these files, since we're all going to be finding them more >>> often as people start "upgrading" to Office 2007. >> If you look at the spec they are an archive. Multiple files in a >> container which I believe is a zip file. >> > And as such, susceptible to misinterpretation - I think I got one > saying the file was "too compressed to be a real archive", which to me > sounds like some part of MailScanner or clam or something (I'm still > trying to remember the specifics) thought it was like one of those > "42.zip" type problems. That's not a MailScanner error message. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFG4cRTEfZZRxQVtlQRAuXIAKCLK/osbTYq7/H1UqUEsC3X0Ur9bwCfVhhK 0doP5h+dtBmT6oCGTrtr1RE= =rgcV -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From root at doctor.nl2k.ab.ca Thu Sep 6 21:29:40 2007 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Sat Sep 8 01:22:33 2007 Subject: Just some ideas for upcoming MailScanner releases In-Reply-To: <46DE0139.2000101@maddoc.net> References: <20070904134246.GA11063@doctor.nl2k.ab.ca> <46DE0139.2000101@maddoc.net> Message-ID: <20070906202939.GA26505@doctor.nl2k.ab.ca> On Tue, Sep 04, 2007 at 08:07:05PM -0500, Doc Schneider wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Dave Shariff Yadallee - System Administrator a.k.a. The Root of the > Problem wrote: > > 1) USe cpan instead of perl packages > > There are a lot of folks here who use RPM based OS's. And it really is a > lot easier just to install an RPM then have to setup CPAN. And lots of > times CPAN installs break things like yum install/update ... Not putting > your idea down just this has been talked about on this list before. > I am BSDish and still even then I do not use ports. a solution for those who never use cpan should be considerd. > > 2) have a method to interactively configure tnef. > > > > Is there a need to configure TNEF? I know I install it and it works for > me, just curious why you think it needs to be configured? > I usually store tnef in /usr/contrib . Guess which BSD i am using. > - -- > - -Doc > Lincoln, NE. > http://www.fsl.com/ > http://www.genealogyforyou.com/ > http://www.cairnproductions.com/ > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.5 (GNU/Linux) > Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org > > iD8DBQFG3gE5qOEeBwEpgcsRAsWnAJ4pYEldzzSaoTNGrGWddeOSvHJ4WgCfbSTQ > dKp+gADi/CEulrVLKv37uVY= > =OY92 > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rpotter at rpcs.net Sat Sep 8 02:51:16 2007 From: rpotter at rpcs.net (Richard Potter) Date: Sat Sep 8 02:51:31 2007 Subject: MailScanner lock up Problem In-Reply-To: <46E1613E.3010403@fsl.com> References: <46E15746.2070305@blacknight.ie> <46E1613E.3010403@fsl.com> Message-ID: <20070908015116.GA13102@rpcs.net> On Fri, Sep 07, 2007 at 03:33:34PM +0100, Steve Freegard wrote: > Also - make sure that 'nscd' isn't running as that's caused me no end of > trouble in the past with similar symptoms. Care to expand on that Steve? I have never been aware of any problems with nscd. Thanks! Richard From hvdkooij at vanderkooij.org Sat Sep 8 08:23:06 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Sep 8 08:23:25 2007 Subject: yum repositories, was: Just some ideas for upcoming MailScanner releases In-Reply-To: References: <20070904134246.GA11063@doctor.nl2k.ab.ca> <46DE0756.9090903@gmail.com> <46DEED63.7080606@ecs.soton.ac.uk> <46DF06D3.2090102@elirion.net> <46DFA982.1090106@statsbiblioteket.dk> <46E1286C.4040109@statsbiblioteket.dk> Message-ID: On Fri, 7 Sep 2007, Kai Schaetzl wrote: > Tom G. Christensen wrote on Fri, 07 Sep 2007 12:31:08 +0200: > >> The MS tarball includes atleast one core module newer than what is >> shipped with perl 5.8.8. > > This doesn't mean you need it. > >> This means even a dist like CentOS5 needs this module updated unless the >> version dependency is lowered. > > Not at all. You install all modules that CentOS5 (or whichever else) > doesn't have, for instance from rpmforge. Then you install *only* the > mailscanner*.rpm from the tarball. And only that should be what gets > installed via yum. There's no dependency on File::Temp v0.18 in the rpm, so > there should be none when installed via yum. As File::Temp is already part > of Perl there should not even be a dependency on *any* version of it for > those OSes that ship with it included. > > One thing that is more of a problem is what Phil Randal pointed out. Some > things that you normally do "half-automated" after installation have to be > incorporated in the yum install process and run automatically in a senseful > way. Not nescessarily. At least I do not expect yum to update my config files but add the new default ones to the system with the .rpmnew addition. A tool like Nagios can have a really serious set of config files and I appreciate it that my config files remain intact after a `yum update nagios`. I know I have to recheck the config files against the new version. Just point out the steps in the post install script but NOT automate this. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From steve.freegard at fsl.com Sat Sep 8 09:46:09 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Sat Sep 8 09:46:13 2007 Subject: MailScanner lock up Problem In-Reply-To: <20070908015116.GA13102@rpcs.net> References: <46E15746.2070305@blacknight.ie> <46E1613E.3010403@fsl.com> <20070908015116.GA13102@rpcs.net> Message-ID: <46E26151.6060104@fsl.com> Hi Richard, Richard Potter wrote: > On Fri, Sep 07, 2007 at 03:33:34PM +0100, Steve Freegard wrote: > >> Also - make sure that 'nscd' isn't running as that's caused me no end of >> trouble in the past with similar symptoms. > > Care to expand on that Steve? I have never been aware of any problems > with nscd. Sure - the nscd supplied with RedHat EL3/4 for a while was rather buggy (they might have fixed it now though - I'm not sure) when under heavy load. As nscd is 'hooked' into glibc at a low-level (e.g. intercepting all getpwnam, gethostbyname et al. calls) when it fails it fails in a big way and causes lots of things to block waiting on the nscd socket (e.g. ls etc.) and the only way I found to fix is a reboot as the system gets too hosed to be able to do anything else. Kind regards, Steve. From glenn.steen at gmail.com Sat Sep 8 12:15:03 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Sep 8 12:15:05 2007 Subject: MailScanner + Zimbra...anyone done it before? In-Reply-To: <6F097294-4AEA-4BD1-8C89-2799A4087AC2@gray.net.au> References: <6F097294-4AEA-4BD1-8C89-2799A4087AC2@gray.net.au> Message-ID: <223f97700709080415qaae36c0s520781cded88a94b@mail.gmail.com> On 07/09/2007, James Gray wrote: > Hi All, > (snip) > 3. Quarantine and releasing mail, MailScanner's own notifications > etc. In short, there is no "sendmail" binary included with Zimbra. > I have a separate exim binary but it's config is designed to send > mail to the Internet as the "HELO/EHLO" host name Zimbra uses is not > the same as the reverse of our external IP...so exim handles outbound > mail. Short of adding a new configuration file for exim to deliver > to Zimbra's postfix, I'm not really sure how this aspect is going to > pan out :-S As Martin suggested, putting MS on a separate GW box would be a simple and easily maintainable thing (I do this for M-Sexchange... The yokels (exchange admins etc) still have McAfee GSE on it. Fills a gap, since it'll be a mailstore defence, if one deems one needs one (for local mail, finding stuff "after the fact" etc))... But it should be possible to handle Zimbra and MailScanner on one box... Been a while since last I looked at it though. You might need pay attention to how the HOLD thing might interact with zimbra. As for releasing... Either use the sendmail binary that _should_ be delivered with postfix, use the PHP Mail_factory thing ("old-style":-) release of MailWatch... Or do as I show in the wiki, for spliting messages/recipient... Use something completely different. In that case, it is Jef Poskanzers mini_sendmail, which will do a normal SMTP conversation, to reinsert the mail. > When I get all this working, I'll write up some documentation on the > wiki if anyone is interested. Would be a very good thing, so thanks in advance;) > Cheers, Cheers indeed! -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sat Sep 8 12:39:26 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Sep 8 12:39:27 2007 Subject: MailScanner lock up Problem In-Reply-To: <46E16904.8080607@blacknight.ie> References: <46E15746.2070305@blacknight.ie> <46E1613E.3010403@fsl.com> <46E16904.8080607@blacknight.ie> Message-ID: <223f97700709080439p64d76038s1bb48ca73e27863f@mail.gmail.com> On 07/09/2007, Paul Kelly :: Blacknight Solutions wrote: > Steve Freegard wrote: > > > By the looks of the strace - my gut tells me that the problem is related > > to syslog. Hopefully that might point you in the right direction. > > > > Also - make sure that 'nscd' isn't running as that's caused me no end of > > trouble in the past with similar symptoms. > > Syslog you say. Hmmmm. No joy on that front. Also don't have nscd enabled. > > Paul The obvious questions are: What did you change, prior to the problems starting? Do you monitor your HW with something like SMART capabilities etc? Anything like that indicating a failing drive? How a bout controller/RAM/etc etc? Unfortunately, SW have to run on HW... and HW can fail in the most ... interesting... ways:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From pete at nrth.org Sat Sep 8 13:48:22 2007 From: pete at nrth.org (Pete) Date: Sat Sep 8 13:50:04 2007 Subject: MailScanner + Exim4 : Using local blacklists Message-ID: <20070908124822.GA5963@purity.nrth.org> Hello all, I've just started using MailScanner on my Debian Etch server. Aside from a few necessary tweaks I more or less left the defaults alone, and am very happy with the overall set up. I do have one very dumb question to ask though; Will my exim4 server still read (for example) /etc/exim4/local_sender_blacklist *before* MailScanner starts work on a message ? I ask this as senders/domains in the aformentioned blacklist are normally rejected at RCPT TO: time during the SMTP connection by Exim. Using a local telnet session to port 25 on my server, I submitted a message using one of the domains I have blacklisted, and it was accepted. Previously, exim would have permanently rejected that message. What have I messed up/forgotten to do ? I'm thinking now that I have to set up a ruleset in MailScanner to reject hosts/senders/domains now. Is this correct ? Thanks for your time all. Regards, Pete. From pete at nrth.org Sat Sep 8 15:29:58 2007 From: pete at nrth.org (Pete) Date: Sat Sep 8 15:31:46 2007 Subject: [solved] MailScanner + Exim4 : Using local blacklists Message-ID: <20070908142958.GA7955@purity.nrth.org> Hi, Exim4 + MailScanner on Debian Etch does a marvellous job of filtering mail, and it *does* check /etc/exim4/local_sender_blacklist or whatever else is configured there, so technically no need for extra rulesets within the MailScanner configuration directory. At least for me. It would appear I'm rather thick. Sorry all. The *local* telnet-to-port-25 test I did confused me, as when I read the message I'd submitted in Mutt, I saw the Return-path: of the domain that was supposed to have been rejected, and became befuddled. I'm guessing Exim accepted it ok as it was a local submission and it knows that I haven't RTFM. Once again, sorry all. Regards, Pete. From alex at nkpanama.com Sat Sep 8 15:49:30 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sat Sep 8 15:50:45 2007 Subject: office 2007 files being treated as archives In-Reply-To: <46E1C452.9090900@ecs.soton.ac.uk> References: <46E025CA.9020508@ecs.soton.ac.uk> <46E0CDC5.8060004@nkpanama.com> <46E19332.10605@nkpanama.com> <46E1C452.9090900@ecs.soton.ac.uk> Message-ID: <46E2B67A.1060307@nkpanama.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Alex Neuman van der Hans wrote: > >> Scott Silva wrote: >> >>> Alex Neuman van der Hans spake the following on 9/6/2007 9:04 PM: >>> >>>> Julian Field wrote: >>>> >>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>> Hash: SHA1 >>>>> >>>>> Add a new line to filename.rules.conf (somewhere near the top) that >>>>> says this: >>>>> allow \.xml\.rel$ - - >>>>> Make sure the 4 "words" are separated with tab characters and not >>>>> spaces. This (along with its partner filetype.rules.conf) is the >>>>> only place where tab characters must be used, as the regular >>>>> expression matching the filename, and the reports (which are just >>>>> "-" for an "allow" rule) could also contain spaces. >>>>> >>>>> >>>>> >>>> This could work - but I've already had other problems with Office >>>> 2007 files. I don't recall exactly what right now - I implemented >>>> something to get it out of the way and forgot about it, but I think >>>> it was similar. It would be a good thing if anybody else comes out >>>> and mentions any details regarding this so we can take proper action. >>>> >>>> Anybody here know why these files are treated as archives? Any other >>>> light that could be shed on the subject might help to better deal >>>> with these files, since we're all going to be finding them more >>>> often as people start "upgrading" to Office 2007. >>>> >>> If you look at the spec they are an archive. Multiple files in a >>> container which I believe is a zip file. >>> >>> >> And as such, susceptible to misinterpretation - I think I got one >> saying the file was "too compressed to be a real archive", which to me >> sounds like some part of MailScanner or clam or something (I'm still >> trying to remember the specifics) thought it was like one of those >> "42.zip" type problems. >> > That's not a MailScanner error message. > > I know it's not "specifically", but I *did* see MailScanner's indication of some subcomponent's misconception about the file. I haven't been able to reproduce the problem and I don't recall the details of the specific case, but I *will* definitely share anything on the subject as soon as it presents itself again. > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.2 (Build 2014) > Charset: ISO-8859-1 > > wj8DBQFG4cRTEfZZRxQVtlQRAuXIAKCLK/osbTYq7/H1UqUEsC3X0Ur9bwCfVhhK > 0doP5h+dtBmT6oCGTrtr1RE= > =rgcV > -----END PGP SIGNATURE----- > > From alex at nkpanama.com Sat Sep 8 18:57:45 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sat Sep 8 18:59:03 2007 Subject: Just some ideas for upcoming MailScanner releases In-Reply-To: <20070906202939.GA26505@doctor.nl2k.ab.ca> References: <20070904134246.GA11063@doctor.nl2k.ab.ca> <46DE0139.2000101@maddoc.net> <20070906202939.GA26505@doctor.nl2k.ab.ca> Message-ID: <46E2E299.50005@nkpanama.com> Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > I usually store tnef in /usr/contrib . > > Guess which BSD i am using. > ... whatever the best one for the job is, as usual! :-) From james at gray.net.au Sun Sep 9 01:05:45 2007 From: james at gray.net.au (James Gray) Date: Sun Sep 9 01:06:02 2007 Subject: MailScanner + Zimbra...anyone done it before? In-Reply-To: <6F097294-4AEA-4BD1-8C89-2799A4087AC2@gray.net.au> References: <6F097294-4AEA-4BD1-8C89-2799A4087AC2@gray.net.au> Message-ID: Thanks for the suggestions folks. The consensus seems to be "run a separate box" but the problem is we have a number of people who work remotely and that would introduce a whole raft of new custom-hacks to get authenticated SMTP relaying going for the remote users via the separate box (assuming it becomes the "Internet-facing" part of the SMTP chain). Then the remote users would (probably) need a different mail config when the venture into the office. The way things stand at the moment the roaming users can use EXACTLY the same mail setup externally as those in the office without the need for VPN, making the transition seamless (management LOVE that crap...personally, I don't care). So long story short - it's gotta run on a single box with Zimbra being the MTA. Not a big deal, I've already set Zimbra up with a couple of RBL's and MTA-level anti-spam measures and it's doing fine. As for the resources Zimbra chews up, yes, it is VERY hungry. However, its constituent components can be separated as the system grows. The OpenLDAP, MySQL, Tomcat and Postfix/MTA components are completely separable thus spreading the love amongst different machines etc. It's actually kinda neat :) However, we are running everything on the one machine for the time being but it's a bit of a beast: dual Xeon's, 6GB ECC RAM, couple-of-hundred GB U320 SCSI RAID 5, dual gigabit (bonded) Ethernet....and we only have 30 mailboxes! :P I think it will handle the 4-5 MailScanner children and Mailwatch running along side. Worst case scenario: I mount/export the Postfix spools via NFS and do the opposite on a "filter" box running MS+MW. That introduces a new set of "what if's" the first that springs to mind is file locking. So Postfix guru's: can you think of anything that would barf on either the MailScanner or Postfix sides by using NFS for the mail spool? What would be better: mounting the spools on a MailScanner box (exporting from the Postfix box), or the other way around? I'd be using a RAM disk for the MailScanner children's scratch space so I can't see performance being a show-stopper. I'm trying to keep the Zimbra box as close to standard as possible, so hacking the bejeezus out of it is off the cards. Minor changes to the operating system (CentOS) such as NFS frufru wouldn't be a big problem as this is all handled through our configuration management system :) Unfortunately, most of the config for Zimbra is stored in its LDAP directory making it very difficult to manage that with a file-based configuration management system. See the problem? *sigh* Nothing is ever easy ;) Thanks again folks! James -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2417 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070909/d970ac06/smime.bin From philippe at beau.nom.fr Sun Sep 9 09:00:20 2007 From: philippe at beau.nom.fr (Philippe BEAU) Date: Sun Sep 9 09:01:14 2007 Subject: Right MailScanner installation Message-ID: <000601c7f2b7$77e0b2e0$64fefe0a@beauhqlo3ihx4g> Hello all, I would like to know which extension are you installing against MailScanner to have a good antispam gateway ? (like fuzzyOcr & co) Best regards Philippe, From list-mailscanner at linguaphone.com Sun Sep 9 09:41:29 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Sun Sep 9 09:41:36 2007 Subject: Right MailScanner installation In-Reply-To: <000601c7f2b7$77e0b2e0$64fefe0a@beauhqlo3ihx4g> Message-ID: http://www.gbnetwork.co.uk/mailscanner/ Thats what I use. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Philippe > BEAU > Sent: 09 September 2007 09:00 > To: mailscanner@lists.mailscanner.info > Subject: Right MailScanner installation > > > Hello all, > > I would like to know which extension are you installing against > MailScanner > to have a good antispam gateway ? (like fuzzyOcr & co) > > Best regards > > Philippe, > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From linux at ubernissen.dk Sun Sep 9 10:42:31 2007 From: linux at ubernissen.dk (Nis - Linux) Date: Sun Sep 9 10:42:34 2007 Subject: Blocking different X-Original-To and To mails Message-ID: <001801c7f2c5$be599710$6445a8c0@work1> Some one told me a while ago, that his mailscanner blocks these types of mails. But for some reason, mine dont! I get more and more of these mails and they are a pain in the bu..! I use MailScanner 4.58.9, Spamassassin 3.2.1-r1 and Clamav 0.91.2 What's to do? /Nis The latest looks like this: Received: from av12-1-sn2.hy.skanova.net (av12-1-sn2.hy.skanova.net [81.228.8.185]) by smtp.mydomain.com (Postfix) with ESMTP id B5C2741ED5 for ; Sat, 8 Sep 2007 14:08:58 +0200 (CEST) Received: by av12-1-sn2.hy.skanova.net (Postfix, from userid 502) id B22AB380E0; Sat, 8 Sep 2007 14:08:55 +0200 (CEST) Received: from smtp4-1-sn2.hy.skanova.net (smtp4-1-sn2.hy.skanova.net [81.228.8.92]) by av12-1-sn2.hy.skanova.net (Postfix) with ESMTP id 9E88537E8F; Sat, 8 Sep 2007 14:08:55 +0200 (CEST) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: Co-operation Date: Sat, 08 Sep 2007 16:08:29 +0300 X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Co-operation Thread-Index: AcfM6pRv3S0aNEXTQbybOS7dT37FnAMAsdZw From: "Zakazchik Media" To: Message-Id: <20070908120832.7222F37E73@smtp4-1-sn2.hy.skanova.net> From alex at nkpanama.com Sun Sep 9 14:33:13 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Sun Sep 9 14:34:29 2007 Subject: MailScanner + Zimbra...anyone done it before? In-Reply-To: References: <6F097294-4AEA-4BD1-8C89-2799A4087AC2@gray.net.au> Message-ID: <46E3F619.8070900@nkpanama.com> James Gray wrote: > Thanks for the suggestions folks. The consensus seems to be "run a > separate box" but the problem is we have a number of people who work > remotely and that would introduce a whole raft of new custom-hacks to > get authenticated SMTP relaying going for the remote users via the > separate box (assuming it becomes the "Internet-facing" part of the > SMTP chain). Then the remote users would (probably) need a different > mail config when the venture into the office. The way things stand at > the moment the roaming users can use EXACTLY the same mail setup > externally as those in the office without the need for VPN, making > the transition seamless (management LOVE that crap...personally, I > don't care). So long story short - it's gotta run on a single box > with Zimbra being the MTA. Not a big deal, I've already set Zimbra up > with a couple of RBL's and MTA-level anti-spam measures and it's doing > fine. > There *are* alternatives. One would be to have your inward-facing DNS point to an internal (behind the firewall) IP address that belongs to the Zimbra box, and outside the office port 25 gets forwarded to MailScanner. Pros - no changes (if you have the same users & passwords or authenticate against the same thing) to your clients. Cons - features that require messages to be processed by MailScanner (archive messages = comes to mind) will not work. Another alternative would be to virtualize Zimbra inside a box running MailScanner since you have such a "big" box. Stuff comes in to the MailScanner instance in "the real world" and then gets stuffed inside Zimbra in it's "virtual form". Zimbra can then use the resources (as you point out in the next paragraph) of the "real world" (LDAP, MYSQL, etc.) as if it were another server. > As for the resources Zimbra chews up, yes, it is VERY hungry. > However, its constituent components can be separated as the system > grows. The OpenLDAP, MySQL, Tomcat and Postfix/MTA components are > completely separable thus spreading the love amongst different > machines etc. It's actually kinda neat :) However, we are running > everything on the one machine for the time being but it's a bit of a > beast: dual Xeon's, 6GB ECC RAM, couple-of-hundred GB U320 SCSI RAID > 5, dual gigabit (bonded) Ethernet....and we only have 30 mailboxes! > :P I think it will handle the 4-5 MailScanner children and Mailwatch > running along side. > > Worst case scenario: I mount/export the Postfix spools via NFS and do > the opposite on a "filter" box running MS+MW. That introduces a new > set of "what if's" the first that springs to mind is file locking. So > Postfix guru's: can you think of anything that would barf on either > the MailScanner or Postfix sides by using NFS for the mail spool? > What would be better: mounting the spools on a MailScanner box > (exporting from the Postfix box), or the other way around? I'd be > using a RAM disk for the MailScanner children's scratch space so I > can't see performance being a show-stopper. > > I'm trying to keep the Zimbra box as close to standard as possible, so > hacking the bejeezus out of it is off the cards. Minor changes to the > operating system (CentOS) such as NFS frufru wouldn't be a big problem > as this is all handled through our configuration management system :) > Unfortunately, most of the config for Zimbra is stored in its LDAP > directory making it very difficult to manage that with a file-based > configuration management system. See the problem? *sigh* Nothing is > ever easy ;) > > Thanks again folks! > > James From MailScanner at ecs.soton.ac.uk Sun Sep 9 22:57:12 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Sep 9 22:57:35 2007 Subject: Right MailScanner installation In-Reply-To: <000601c7f2b7$77e0b2e0$64fefe0a@beauhqlo3ihx4g> References: <000601c7f2b7$77e0b2e0$64fefe0a@beauhqlo3ihx4g> Message-ID: <46E46C38.4090202@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you take a look at the MailScanner group on Facebook, you'll see a few example setups there. Mine are mostly documented in the HOWTO I posted to this list back in July. Look for "HOWTO" in the Subject line in the archive of this mailing list. Philippe BEAU wrote: > Hello all, > > I would like to know which extension are you installing against MailScanner > to have a good antispam gateway ? (like fuzzyOcr & co) > > Best regards > > Philippe, > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFG5Gw7EfZZRxQVtlQRAgvAAKC11rc4ZVjsci49FzlR5igMZu+C6ACffrCA GJfNdd+NiXXHi/3se4BQ4Rs= =6X+s -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Sun Sep 9 22:59:39 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Sep 9 23:00:05 2007 Subject: Blocking different X-Original-To and To mails In-Reply-To: <001801c7f2c5$be599710$6445a8c0@work1> References: <001801c7f2c5$be599710$6445a8c0@work1> Message-ID: <46E46CCB.7000008@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What's the point of your question? You show a set of message headers of a mail purportedly from you to you, which might or might not be spam. MailScanner never looks at any "X-Original-To" header. Mind you, it doesn't look at the "To" header either :-) (it uses the envelope recipients, ie. the real ones, not whatever someone chose to put in the headers). Nis - Linux wrote: > Some one told me a while ago, that his mailscanner blocks these types > of mails. > But for some reason, mine dont! > I get more and more of these mails and they are a pain in the bu..! > > I use MailScanner 4.58.9, Spamassassin 3.2.1-r1 and Clamav 0.91.2 > > What's to do? > > /Nis > > The latest looks like this: > > Received: from av12-1-sn2.hy.skanova.net (av12-1-sn2.hy.skanova.net > [81.228.8.185]) > by smtp.mydomain.com (Postfix) with ESMTP id B5C2741ED5 > for ; Sat, 8 Sep 2007 14:08:58 +0200 (CEST) > Received: by av12-1-sn2.hy.skanova.net (Postfix, from userid 502) > id B22AB380E0; Sat, 8 Sep 2007 14:08:55 +0200 (CEST) > Received: from smtp4-1-sn2.hy.skanova.net (smtp4-1-sn2.hy.skanova.net > [81.228.8.92]) > by av12-1-sn2.hy.skanova.net (Postfix) with ESMTP > id 9E88537E8F; Sat, 8 Sep 2007 14:08:55 +0200 (CEST) > X-MimeOLE: Produced By Microsoft Exchange V6.5 > Content-class: urn:content-classes:message > MIME-Version: 1.0 > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > Subject: Co-operation > Date: Sat, 08 Sep 2007 16:08:29 +0300 > X-MS-Has-Attach: > X-MS-TNEF-Correlator: > Thread-Topic: Co-operation > Thread-Index: AcfM6pRv3S0aNEXTQbybOS7dT37FnAMAsdZw > From: "Zakazchik Media" > To: > Message-Id: <20070908120832.7222F37E73@smtp4-1-sn2.hy.skanova.net> > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFG5GzMEfZZRxQVtlQRArE/AKC+cAzq2JuK/0freUZPVx+uN8iM4gCgu1kU mA82B4uDPrcEnzsSfPj/GF8= =vY3k -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From tgc at statsbiblioteket.dk Mon Sep 10 08:14:41 2007 From: tgc at statsbiblioteket.dk (Tom G. Christensen) Date: Mon Sep 10 08:14:43 2007 Subject: yum repositories, was: Just some ideas for upcoming MailScanner releases In-Reply-To: References: <20070904134246.GA11063@doctor.nl2k.ab.ca> <46DE0756.9090903@gmail.com> <46DEED63.7080606@ecs.soton.ac.uk> <46DF06D3.2090102@elirion.net> <46DFA982.1090106@statsbiblioteket.dk> <46E1286C.4040109@statsbiblioteket.dk> Message-ID: <46E4EEE1.2030608@statsbiblioteket.dk> Kai Schaetzl wrote: > Tom G. Christensen wrote on Fri, 07 Sep 2007 12:31:08 +0200: > >> The MS tarball includes atleast one core module newer than what is >> shipped with perl 5.8.8. > > This doesn't mean you need it. > In that case I'd very much like a list of the versions *actually* needed. I would also recommend that this list is fed into install.sh so that it doesn't insist on trying to upgrade the modules if there's a perfectly adequate vendor supported version installed. > Then you install *only* the > mailscanner*.rpm from the tarball. And only that should be what gets > installed via yum. There's no dependency on File::Temp v0.18 in the rpm, so > there should be none when installed via yum. As File::Temp is already part > of Perl there should not even be a dependency on *any* version of it for > those OSes that ship with it included. > There should most certainly be an unversioned Requires: perl(File::Temp) in the rpm otherwise it's broken. I can understand why it's not like that right now since the rpm is supposed to be generic enough to be used on all RPM based dists, it will however not be okay for a yum repo targetting RHEL like rpmforge. Known minimum versions of modules must be expressed in the rpm somehow, either by explicitly requiring a perl version known to have them or by explicit dist specific requires on rpms that install these modules. If I can't do yum install mailscanner and have it pull in all the needed dependencies there there's no point to having a yum repository for MS. > One thing that is more of a problem is what Phil Randal pointed out. Some > things that you normally do "half-automated" after installation have to be > incorporated in the yum install process and run automatically in a senseful > way. > Actually I consider that much less of a problem. -tgc From gsjarvis at infoservers.net Mon Sep 10 10:27:03 2007 From: gsjarvis at infoservers.net (Graham S. Jarvis) Date: Mon Sep 10 10:26:44 2007 Subject: Spam Free "Archive Mail" In-Reply-To: <46E46C38.4090202@ecs.soton.ac.uk> References: <000601c7f2b7$77e0b2e0$64fefe0a@beauhqlo3ihx4g> <46E46C38.4090202@ecs.soton.ac.uk> Message-ID: <46E50DE7.2040101@infoservers.net> Hello All, I have tried to google the list for help on how to get the spam out of the "Archive Mail" files. The only thing I could find was: (http://lists.mailscanner.info/pipermail/mailscanner/2006-March/059056.html) but DrewB doesn't seem to be around any more. Does anyone have a similar script because it sounds like a good way to do sa-learn's as well. Is there a switch in the conf for doing this, Julian? Regards, -Graham- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070910/86a24188/attachment.html From glenn.steen at gmail.com Mon Sep 10 11:05:50 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Sep 10 11:05:52 2007 Subject: Spam Free "Archive Mail" In-Reply-To: <46E50DE7.2040101@infoservers.net> References: <000601c7f2b7$77e0b2e0$64fefe0a@beauhqlo3ihx4g> <46E46C38.4090202@ecs.soton.ac.uk> <46E50DE7.2040101@infoservers.net> Message-ID: <223f97700709100305r6cfce2dfia890faac2c672661@mail.gmail.com> On 10/09/2007, Graham S. Jarvis wrote: > > > Hello All, > > I have tried to google the list for help on how to get the spam out of > the "Archive Mail" files. > The only thing I could find was: > (http://lists.mailscanner.info/pipermail/mailscanner/2006-March/059056.html) > but DrewB doesn't seem to be around any more. > > Does anyone have a similar script because it sounds like a good way to > do sa-learn's as well. > > Is there a switch in the conf for doing this, Julian? Although I'mm certainly not Jules, I think it is safe to say: No, there isn't. If you need an "after scanning archive", you are much better off doing that with the Actions (Non-spam, spam, high scoring spam... or similar... Recent releases have ... made this more flexible:-). Simply store everything (for a while) and use the nonspam quarantine as your archive;). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From grupolistas at gmail.com Mon Sep 10 14:26:17 2007 From: grupolistas at gmail.com (infolistas listas) Date: Mon Sep 10 14:26:23 2007 Subject: doesnt release from hold In-Reply-To: <44c071aa0709061042i7f081d03mef9e3b039e443d70@mail.gmail.com> References: <44c071aa0709061024w23707d0dt6e3cc805f5e07da0@mail.gmail.com> <44c071aa0709061042i7f081d03mef9e3b039e443d70@mail.gmail.com> Message-ID: <44c071aa0709100626k7313d409g3ae3174b659e57f@mail.gmail.com> Ok solved thanks to you guys. 2007/9/6, infolistas listas : > > No I have no idea how to do that ... > > 2007/9/6, Gareth : > > > > When you release a message it is just put straight back into the normal > > incoming queue again. > > Therefore you have to exclude mail coming from 127.0.0.1 from being > > scanned. Have you done this? > > > > -----Original Message----- > > *From:* mailscanner-bounces@lists.mailscanner.info [mailto: > > mailscanner-bounces@lists.mailscanner.info]*On Behalf Of *infolistas > > listas > > *Sent:* 06 September 2007 18:25 > > *To:* MailScanner discussion > > *Subject:* Re: doesnt release from hold > > > > Hi guys, did the confs but it's still holding the outgoing mail. > > I used the webmin un-hold option but still It's holding the messages > > > > > > Check log on http://rapido.mfplan.com.br > > > > 2007/9/6, infolistas listas : > > > > > > Thanks > > > > > > 2007/9/6, Julian Field : > > > > > > > > Rebuild Bayes Every specifies the frequency of the bayes rebuilds > > > > *in > > > > seconds*. > > > > So you don't want to set it to 1 !! > > > > Setting it to 86400 means do it once per day. > > > > > > > > infolistas listas wrote: > > > > > every second or 86400 ? > > > > > > > > > > > > > > > 2007/9/6, Julian Field > > > > >: > > > > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > > Hash: SHA1 > > > > > > > > > > > > > > > > > > > > Scott Silva wrote: > > > > > > infolistas listas spake the following on 9/6/2007 8:37 AM: > > > > > >> postfix@mailbeta:/root$ cat > > > > /etc/MailScanner/MailScanner.conf | > > > > > grep > > > > > >> Bayes > > > > > >> # If you are using the Bayesian statistics engine on a busy > > > > server, > > > > > >> # you may well need to force a Bayesian database rebuild > > > > and expiry > > > > > >> Rebuild Bayes Every = 1 > > > > > >> # The Bayesian database rebuild and expiry may take a 2 or > > > > 3 > > > > > minutes > > > > > >> Wait During Bayes Rebuild = no > > > > > >> postfix@mailbeta:/root$ > > > > > > Your bayes its trying to expire every minute. > > > > > No, every second! > > > > > > Try changing to; > > > > > > Rebuild Bayes Every = 86400 > > > > > > Wait During Bayes Rebuild = yes > > > > > > > > > > > > > > > > > > > > > > > > > > > > Jules > > > > > > > > > > - -- > > > > > Julian Field MEng CITP > > > > > www.MailScanner.info < http://www.MailScanner.info> > > > > > Buy the MailScanner book at www.MailScanner.info/store > > > > > > > > > > > > > > > Need help customising MailScanner? > > > > > Contact me! > > > > > Need help fixing or optimising your systems? > > > > > Contact me! > > > > > Need help getting you started solving new requirements from > > > > your boss? > > > > > Contact me! > > > > > > > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 > > > > B654 > > > > > > > > > > > > > > > -----BEGIN PGP SIGNATURE----- > > > > > Version: PGP Desktop 9.6.3 (Build 3017) > > > > > Comment: (pgp-secured) > > > > > Charset: ISO-8859-1 > > > > > > > > > > > > > > wj8DBQFG4CYFEfZZRxQVtlQRAn/AAJ9HCFmS4PK3qpXM+pptpwYccPICMgCgiFd9 > > > > > ERUBMwBzhq/Gu4C6WPy5GMs= > > > > > =wDhW > > > > > -----END PGP SIGNATURE----- > > > > > > > > > > -- > > > > > This message has been scanned for viruses and > > > > > dangerous content by MailScanner, and is > > > > > believed to be clean. > > > > > For all your IT requirements visit www.transtec.co.uk > > > > > > > > > > > > > > > -- > > > > > MailScanner mailing list > > > > > mailscanner@lists.mailscanner.info > > > > > > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > > > Support MailScanner development - buy the book off the > > > > website! > > > > > > > > > > > > > > > > > > Jules > > > > > > > > -- > > > > Julian Field MEng CITP > > > > www.MailScanner.info > > > > Buy the MailScanner book at www.MailScanner.info/store > > > > > > > > MailScanner customisation, or any advanced system administration > > > > help? > > > > Contact me at Jules@Jules.FM > > > > > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > For all your IT requirements visit www.transtec.co.uk > > > > > > > > > > > > -- > > > > This message has been scanned for viruses and > > > > dangerous content by MailScanner, and is > > > > believed to be clean. > > > > For all your IT requirements visit www.transtec.co.uk > > > > > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070910/eba0ca38/attachment.html From grupolistas at gmail.com Mon Sep 10 14:26:46 2007 From: grupolistas at gmail.com (infolistas listas) Date: Mon Sep 10 14:26:57 2007 Subject: {Disarmed} Re: doesnt release from hold In-Reply-To: <20070906171339.15895.qmail@punk.kls.es> References: <20070906171339.15895.qmail@punk.kls.es> Message-ID: <44c071aa0709100626g64a08d3cwe12cfff91ed006a7@mail.gmail.com> Ok solved thanks to you guys. 6 Sep 2007 19:13:39 +0200, jcals@kls.es : > > Hola, > > He recibido su email, pero no voy a poder garantizar respuesta hasta que > vuelva al despacho, ya que estoy en un proyecto en Madrid hasta el 10 de > septiembre. > > Si se trata de alg?n tema urgente puede contactar conmigo al 661.411.211. > > Salut ! :-) > > ------------------------- > > Hi, > > I've received your email but I can't guarantee any reply untill I'm back > to office from Madrid, because of a client's project untill sept 10th. > > If you feel you really need to contact to me because any important thing > you can call me at 661.411.211. > > Cheers ! :-) > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070910/55e7bab2/attachment.html From Denis.Beauchemin at USherbrooke.ca Mon Sep 10 16:34:20 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Sep 10 16:35:35 2007 Subject: MailScanner lock up Problem In-Reply-To: <46E26151.6060104@fsl.com> References: <46E15746.2070305@blacknight.ie> <46E1613E.3010403@fsl.com> <20070908015116.GA13102@rpcs.net> <46E26151.6060104@fsl.com> Message-ID: <46E563FC.4060301@USherbrooke.ca> Steve Freegard a ?crit : > > Sure - the nscd supplied with RedHat EL3/4 for a while was rather > buggy (they might have fixed it now though - I'm not sure) when under > heavy load. > > As nscd is 'hooked' into glibc at a low-level (e.g. intercepting all > getpwnam, gethostbyname et al. calls) when it fails it fails in a big > way and causes lots of things to block waiting on the nscd socket > (e.g. ls etc.) and the only way I found to fix is a reboot as the > system gets too hosed to be able to do anything else. > I use nscd on my RHEL5 boxes and I can tell you that it's still broken! I use a cron job (checks every 15 minutes) to restart it whenever it disappears, which is quite often! I should have put it into inittab but didn't take the time... Sometimes nscd is still running but not really doing its job... I have to kill and restart it manually... But I never had to reboot to correct the problem. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070910/7bf62c18/smime.bin From paul at blacknight.ie Mon Sep 10 16:59:27 2007 From: paul at blacknight.ie (Paul Kelly :: Blacknight Solutions) Date: Mon Sep 10 16:56:27 2007 Subject: MailScanner lock up Problem In-Reply-To: <223f97700709080439p64d76038s1bb48ca73e27863f@mail.gmail.com> References: <46E15746.2070305@blacknight.ie> <46E1613E.3010403@fsl.com> <46E16904.8080607@blacknight.ie> <223f97700709080439p64d76038s1bb48ca73e27863f@mail.gmail.com> Message-ID: <46E569DF.2020300@blacknight.ie> Glenn Steen wrote: > On 07/09/2007, Paul Kelly :: Blacknight Solutions wrote: >> Steve Freegard wrote: >> >>> By the looks of the strace - my gut tells me that the problem is related >>> to syslog. Hopefully that might point you in the right direction. >>> >>> Also - make sure that 'nscd' isn't running as that's caused me no end of >>> trouble in the past with similar symptoms. >> Syslog you say. Hmmmm. No joy on that front. Also don't have nscd enabled. >> >> Paul > > The obvious questions are: What did you change, prior to the problems > starting? Do you monitor your HW with something like SMART > capabilities etc? Anything like that indicating a failing drive? How a > bout controller/RAM/etc etc? > > Unfortunately, SW have to run on HW... and HW can fail in the most ... > interesting... ways:-) > Turns out it was a rather interesting file system issue. I had to visit the machine in the data centre in the wee hours of Saturday morning (damn I hate being on-call) and perform open heart surgery on the file systems. We're doing a mix of Raid 1 + LVM on top of it and a power cycle of the machine during the previous few days caused some oddness with /var. This I believe was causing MS to die silently. It's been "ok" since. /me touches wood -- Paul Kelly Technical Director Blacknight Internet Solutions ltd Hosting, Colocation, Dedicated servers IP Transit Services Lo-call: 1850 929 929 DDI: 059 9183091 e-mail: paul@blacknight.ie web: http://www.blacknight.ie Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park, Sleaty Road, Graiguecullen, Carlow, Ireland Company No.: 370845 From Denis.Beauchemin at USherbrooke.ca Mon Sep 10 16:56:52 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Sep 10 16:57:44 2007 Subject: OT: Sendmail problems on RHEL5 (and solution) Message-ID: <46E56944.2080009@USherbrooke.ca> Hello all, Ever since I switched to my new RHEL5 MS servers I was noticing many errors like these: Sep 7 00:10:36 132.210.244.13 sendmail[6929]: l873tB1s006929: collect: premature EOM: unexpected close Sep 7 00:10:36 132.210.244.13 sendmail[6929]: l873tB1s006929: collect: unexpected close on connection from pobox.sfu.ca, sender= I could get thousands of these in a day and they resulted in delivery delays that were starting to annoy seriously my users because they were coming from legitimate servers. I was also annoyed because the boxes were running with more and more sendmail processes. We finally tracked it down to a faulty TCP/IP default setup on RHEL5! To correct the problem I had to: sysctl -w net.ipv4.tcp_wmem="4096 16384 131072" sysctl -w net.ipv4.tcp_rmem="4096 87380 174760" and modify /etc/sysctl.conf : net.ipv4.tcp_wmem="4096 16384 131072" net.ipv4.tcp_rmem="4096 87380 174760" For some unknown reason the TCP/IP stack was telling some remote hosts to use a really small window size and this resulted in some equipment down the line breaking the connection. It happened more often with big emails (the ones with attachments). I don't know if this bug is also present on CentOS5, but it might be... The following commands might help you find out if you have the problem (quick hack): grep "unexpected close on connection" /var/log/maillog | perl -ne ' next unless /collect: unexpected close on connection from ([^,]+),/; $f{$1}++; END{ foreach $i (sort keys %f){ printf "%25s : %d\n", $i, $f{$i}; } }' | sort -k3n | tail If you see some servers with hundreds of errors, you may have the problem... Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070910/7ff3443f/smime.bin From hylton at conacher.co.za Mon Sep 10 17:00:25 2007 From: hylton at conacher.co.za (Hylton Conacher (ZR1HPC)) Date: Mon Sep 10 17:01:00 2007 Subject: Error in documentation/src code? Message-ID: <46E56A19.1040604@conacher.co.za> Hi, I am investigating installing MailScanner on openSUSE 9/10.2 and would be installing it for use with a Postfix mailserver. From the web page for this at http://www.mailscanner.info/postfix.html How to Set up MailScanner for Use with Postfix In your MailScanner.conf file (probably in /etc/MailScanner or /opt/MailScanner/etc), there are 5 settings you need to change. They are all really near the top of the file. The settings are Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming MTA = postfix Should the outgoing Queue Dir not read /var/spool/postfix/outgoing, it is going out not coming in?? Regards Hylton From hylton at conacher.co.za Mon Sep 10 17:06:22 2007 From: hylton at conacher.co.za (Hylton Conacher (ZR1HPC)) Date: Mon Sep 10 17:06:42 2007 Subject: Mailscanner or Postfix, which one wins for you and why? Message-ID: <46E56B7E.1050802@conacher.co.za> Hi, I currently have a mailserver and workstation behind an IPCop firewall. I have been investigating MailScanner as it seems to allow far easier editing of the parts that make up a firewall. Given the number of IPCop addons that can allow an admin vast powers, although I haven't installed any yet as I am a GUI man, the question remains to all those IPCop users that have switched to MailScanner if it is better/easier to use update and configure than IPCop. I await the comments with interest. Regards Hylton From hylton at conacher.co.za Mon Sep 10 17:14:24 2007 From: hylton at conacher.co.za (Hylton Conacher (ZR1HPC)) Date: Mon Sep 10 17:14:43 2007 Subject: Mailscanner or IPCop, which one wins for you and why? In-Reply-To: <46E56B7E.1050802@conacher.co.za> References: <46E56B7E.1050802@conacher.co.za> Message-ID: <46E56D60.9090005@conacher.co.za> Doh!! Typos galore ie Postfix should be IPCop. Sorry for the misleading subject and hope I'm not creating the proverbial flame war :) Hylton Conacher (ZR1HPC) wrote: > Hi, > > I currently have a mailserver and workstation behind an IPCop firewall. > I have been investigating MailScanner as it seems to allow far easier > editing of the parts that make up a firewall. > > Given the number of IPCop addons that can allow an admin vast powers, > although I haven't installed any yet as I am a GUI man, the question > remains to all those IPCop users that have switched to MailScanner if it > is better/easier to use update and configure than IPCop. > > I await the comments with interest. > > Regards > Hylton > From martinh at solidstatelogic.com Mon Sep 10 17:30:58 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Sep 10 17:31:28 2007 Subject: MailScanner + Zimbra...anyone done it before? In-Reply-To: Message-ID: <5fc6a34b95e4d4439aaff16b1c234ced@solidstatelogic.com> James Here's how I do it for my communigate server which his behind the MS gateway. On the CGP I run the inbound SMTP on port 465 for external hosted and ONLY accept authenticated sessions on this. I can config this easy via communigate, dunno about PF/zimbra. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of James Gray > Sent: 09 September 2007 01:06 > To: MailScanner discussion > Subject: Re: MailScanner + Zimbra...anyone done it before? > > Thanks for the suggestions folks. The consensus seems to be "run a > separate box" but the problem is we have a number of people who work > remotely and that would introduce a whole raft of new custom-hacks to > get authenticated SMTP relaying going for the remote users via the > separate box (assuming it becomes the "Internet-facing" part of the > SMTP chain). Then the remote users would (probably) need a different > mail config when the venture into the office. The way things stand > at the moment the roaming users can use EXACTLY the same mail setup > externally as those in the office without the need for VPN, making > the transition seamless (management LOVE that crap...personally, I > don't care). So long story short - it's gotta run on a single box > with Zimbra being the MTA. Not a big deal, I've already set Zimbra > up with a couple of RBL's and MTA-level anti-spam measures and it's > doing fine. > > As for the resources Zimbra chews up, yes, it is VERY hungry. > However, its constituent components can be separated as the system > grows. The OpenLDAP, MySQL, Tomcat and Postfix/MTA components are > completely separable thus spreading the love amongst different > machines etc. It's actually kinda neat :) However, we are running > everything on the one machine for the time being but it's a bit of a > beast: dual Xeon's, 6GB ECC RAM, couple-of-hundred GB U320 SCSI RAID > 5, dual gigabit (bonded) Ethernet....and we only have 30 > mailboxes! :P I think it will handle the 4-5 MailScanner children > and Mailwatch running along side. > > Worst case scenario: I mount/export the Postfix spools via NFS and do > the opposite on a "filter" box running MS+MW. That introduces a new > set of "what if's" the first that springs to mind is file locking. > So Postfix guru's: can you think of anything that would barf on > either the MailScanner or Postfix sides by using NFS for the mail > spool? What would be better: mounting the spools on a MailScanner > box (exporting from the Postfix box), or the other way around? I'd > be using a RAM disk for the MailScanner children's scratch space so I > can't see performance being a show-stopper. > > I'm trying to keep the Zimbra box as close to standard as possible, > so hacking the bejeezus out of it is off the cards. Minor changes to > the operating system (CentOS) such as NFS frufru wouldn't be a big > problem as this is all handled through our configuration management > system :) Unfortunately, most of the config for Zimbra is stored in > its LDAP directory making it very difficult to manage that with a > file-based configuration management system. See the problem? *sigh* > Nothing is ever easy ;) > > Thanks again folks! > > James ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From alex at nkpanama.com Mon Sep 10 17:37:31 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Mon Sep 10 17:38:22 2007 Subject: Mailscanner or IPCop, which one wins for you and why? In-Reply-To: <46E56D60.9090005@conacher.co.za> References: <46E56B7E.1050802@conacher.co.za> <46E56D60.9090005@conacher.co.za> Message-ID: <46E572CB.5060208@nkpanama.com> What do you mean by switching from postfix to MailScanner? MailScanner works *with* postfix (unless you believe WietseV enema, I think that's what his name is), sendmail, exim, qmail (I think) either "along with" or "in front of" your existing setup. Hylton Conacher (ZR1HPC) wrote: > Doh!! Typos galore ie Postfix should be IPCop. > Sorry for the misleading subject and hope I'm not creating the > proverbial flame war :) > > Hylton Conacher (ZR1HPC) wrote: > >> Hi, >> >> I currently have a mailserver and workstation behind an IPCop firewall. >> I have been investigating MailScanner as it seems to allow far easier >> editing of the parts that make up a firewall. >> >> Given the number of IPCop addons that can allow an admin vast powers, >> although I haven't installed any yet as I am a GUI man, the question >> remains to all those IPCop users that have switched to MailScanner if it >> is better/easier to use update and configure than IPCop. >> >> I await the comments with interest. >> >> Regards >> Hylton >> >> > > From list-mailscanner at linguaphone.com Mon Sep 10 17:40:16 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Sep 10 17:40:21 2007 Subject: Error in documentation/src code? In-Reply-To: <46E56A19.1040604@conacher.co.za> Message-ID: No its correct. When you use the hold queue method the mail goes straight into the hold queue. So after processing it gets put in the incoming queue so that Postfix can still do anything else it wants to before it delivers it. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Hylton > Conacher (ZR1HPC) > Sent: 10 September 2007 17:00 > To: mailscanner@lists.mailscanner.info > Subject: Error in documentation/src code? > > > Hi, > > I am investigating installing MailScanner on openSUSE 9/10.2 and would > be installing it for use with a Postfix mailserver. From the web page > for this at http://www.mailscanner.info/postfix.html > > How to Set up MailScanner for Use with Postfix > In your MailScanner.conf file (probably in /etc/MailScanner or > /opt/MailScanner/etc), there are 5 settings you need to change. They are > all really near the top of the file. The settings are > > Run As User = postfix > Run As Group = postfix > Incoming Queue Dir = /var/spool/postfix/hold > Outgoing Queue Dir = /var/spool/postfix/incoming > MTA = postfix > > Should the outgoing Queue Dir not read /var/spool/postfix/outgoing, it > is going out not coming in?? > > Regards > Hylton > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From martinh at solidstatelogic.com Mon Sep 10 17:43:34 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Sep 10 17:43:39 2007 Subject: phishing.bad.sites.conf.master size Message-ID: Jules I noticed that phishing.bad.sites.conf.master is growing to around 15k then shrinks back to 9k the grows to 15k again.... I'm downloading once per hour at 27 mins past. What gives? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From prandal at herefordshire.gov.uk Mon Sep 10 17:44:46 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Sep 10 17:44:57 2007 Subject: Sendmail problems on RHEL5 (and solution) In-Reply-To: <46E56944.2080009@USherbrooke.ca> References: <46E56944.2080009@USherbrooke.ca> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA0184E674@HC-MBX02.herefordshire.gov.uk> On a standard CentOS 5 install here we get: [root@mx0 ~]# cat /proc/sys/net/ipv4/tcp_wmem 4096 16384 4194304 [root@mx0 ~]# cat /proc/sys/net/ipv4/tcp_rmem 4096 87380 4194304 Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Denis Beauchemin > Sent: 10 September 2007 16:57 > To: MailScanner > Subject: OT: Sendmail problems on RHEL5 (and solution) > > Hello all, > > Ever since I switched to my new RHEL5 MS servers I was noticing many > errors like these: > Sep 7 00:10:36 132.210.244.13 sendmail[6929]: > l873tB1s006929: collect: > premature EOM: unexpected close > Sep 7 00:10:36 132.210.244.13 sendmail[6929]: > l873tB1s006929: collect: > unexpected close on connection from pobox.sfu.ca, > sender= > > I could get thousands of these in a day and they resulted in delivery > delays that were starting to annoy seriously my users because > they were > coming from legitimate servers. I was also annoyed because the boxes > were running with more and more sendmail processes. > > We finally tracked it down to a faulty TCP/IP default setup > on RHEL5! > To correct the problem I had to: > sysctl -w net.ipv4.tcp_wmem="4096 16384 131072" > sysctl -w net.ipv4.tcp_rmem="4096 87380 174760" > > and modify /etc/sysctl.conf : > net.ipv4.tcp_wmem="4096 16384 131072" > net.ipv4.tcp_rmem="4096 87380 174760" > > For some unknown reason the TCP/IP stack was telling some > remote hosts > to use a really small window size and this resulted in some equipment > down the line breaking the connection. It happened more > often with big > emails (the ones with attachments). > > I don't know if this bug is also present on CentOS5, but it > might be... > > The following commands might help you find out if you have > the problem > (quick hack): > grep "unexpected close on connection" /var/log/maillog | perl -ne ' > next unless /collect: unexpected close on connection from ([^,]+),/; > $f{$1}++; > END{ > foreach $i (sort keys %f){ > printf "%25s : %d\n", $i, $f{$i}; > } > }' | sort -k3n | tail > > If you see some servers with hundreds of errors, you may have > the problem... > > Denis > > -- > _ > ?v? Denis Beauchemin, analyste > /(_)\ Universit? de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x62252 F: 819.821.8045 > > > From ka at pacific.net Mon Sep 10 18:24:20 2007 From: ka at pacific.net (Ken A) Date: Mon Sep 10 18:24:23 2007 Subject: Mailscanner or IPCop, which one wins for you and why? In-Reply-To: <46E56D60.9090005@conacher.co.za> References: <46E56B7E.1050802@conacher.co.za> <46E56D60.9090005@conacher.co.za> Message-ID: <46E57DC4.20708@pacific.net> Hylton Conacher (ZR1HPC) wrote: > Doh!! Typos galore ie Postfix should be IPCop. > Sorry for the misleading subject and hope I'm not creating the > proverbial flame war :) > > Hylton Conacher (ZR1HPC) wrote: >> Hi, >> >> I currently have a mailserver and workstation behind an IPCop firewall. >> I have been investigating MailScanner as it seems to allow far easier >> editing of the parts that make up a firewall. >> >> Given the number of IPCop addons that can allow an admin vast powers, >> although I haven't installed any yet as I am a GUI man, the question >> remains to all those IPCop users that have switched to MailScanner if it >> is better/easier to use update and configure than IPCop. >> >> I await the comments with interest. >> >> Regards >> Hylton >> > trolls go hungry From MailScanner at ecs.soton.ac.uk Mon Sep 10 19:20:12 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 10 19:20:33 2007 Subject: phishing.bad.sites.conf.master size In-Reply-To: References: Message-ID: <46E58ADC.2090301@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It should steadily grow for a while now. You're just seeing coincidence in the flow of new sites coming in versus old ones going out. Martin.Hepworth wrote: > Jules > > I noticed that phishing.bad.sites.conf.master is growing to around 15k then shrinks back to 9k the grows to 15k again.... > > I'm downloading once per hour at 27 mins past. > > What gives? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFG5YrdEfZZRxQVtlQRAhiZAKDOKv89FqPmOJLsO4U11LLPmftzCwCgusKy j27eobg4zTllRL1cux22oiU= =QN21 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From jaearick at colby.edu Mon Sep 10 19:22:59 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon Sep 10 19:23:20 2007 Subject: 4.63.8 questions Message-ID: Gang, The ChangeLog for 4.63.8 mentions an improved /etc/init.d script for MailScanner. Where is it in the files? I gather that the "Phishing Bad Sites" business needs some kind of crontab entry to pull this info down hourly? How to do this? Is there some kind of centralized info on crontab settings needed to run MailScanner? Julian, can you please, please include the ChangeLog file with each release of MailScanner, in the same directory as the README, for quick reference? Jeff Earickson Colby College From dyioulos at firstbhph.com Mon Sep 10 19:49:53 2007 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Mon Sep 10 19:49:11 2007 Subject: 4.63.8 questions In-Reply-To: References: Message-ID: <200709101449.53723.dyioulos@firstbhph.com> On Monday 10 September 2007 2:22 pm, Jeff A. Earickson wrote: > Gang, > > The ChangeLog for 4.63.8 mentions an improved /etc/init.d > script for MailScanner. Where is it in the files? > > I gather that the "Phishing Bad Sites" business needs some > kind of crontab entry to pull this info down hourly? How > to do this? Is there some kind of centralized info on > crontab settings needed to run MailScanner? > > Julian, can you please, please include the ChangeLog file > with each release of MailScanner, in the same directory as > the README, for quick reference? > > Jeff Earickson > Colby College > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! On my CentOS 3.8-based system, the cron job was added to the "hourly" jobs automatically during the upgrade process. Might be a distro-specific thing. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Mon Sep 10 19:59:31 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Sep 10 19:59:37 2007 Subject: 4.63.8 questions In-Reply-To: References: Message-ID: <625385e30709101159m6ac9a756kb72b6e66b052f876@mail.gmail.com> On 9/10/07, Jeff A. Earickson wrote: > Gang, > > The ChangeLog for 4.63.8 mentions an improved /etc/init.d > script for MailScanner. Where is it in the files? I think only the RPM release got the improvement (it's a quicker restart). I have implemented the change in the Blastwave release of MailScanner. As a Solaris user maybe you should take a look at it: http://www.blastwave.org/packages/CSWmailscanner > I gather that the "Phishing Bad Sites" business needs some > kind of crontab entry to pull this info down hourly? How > to do this? Is there some kind of centralized info on > crontab settings needed to run MailScanner? There's a few scripts included in bin and bin/cron. Again, I have them included (ready to use for Solaris) in the Blastwave release. :-) > Julian, can you please, please include the ChangeLog file > with each release of MailScanner, in the same directory as > the README, for quick reference? That's a great idea. -- /peter From martinh at solidstatelogic.com Mon Sep 10 20:03:11 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Sep 10 20:03:12 2007 Subject: phishing.bad.sites.conf.master size In-Reply-To: <46E58ADC.2090301@ecs.soton.ac.uk> Message-ID: <6c0919f6b68d774a95e9a4f1aaf63a7f@solidstatelogic.com> Jule Ta - just making sure it's situation normal ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 10 September 2007 19:20 > To: MailScanner discussion > Subject: Re: phishing.bad.sites.conf.master size > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > It should steadily grow for a while now. You're just seeing coincidence > in the flow of new sites coming in versus old ones going out. > > Martin.Hepworth wrote: > > Jules > > > > I noticed that phishing.bad.sites.conf.master is growing to around 15k > then shrinks back to 9k the grows to 15k again.... > > > > I'm downloading once per hour at 27 mins past. > > > > What gives? > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are intended for the > > addressee only and may be confidential. If they come to you in error > > you must take no action based on them, nor must you copy or show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data corruption. We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales > > (Company No:5362730) > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > United Kingdom > > ********************************************************************** > > > > > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.2 (Build 2014) > Charset: ISO-8859-1 > > wj8DBQFG5YrdEfZZRxQVtlQRAhiZAKDOKv89FqPmOJLsO4U11LLPmftzCwCgusKy > j27eobg4zTllRL1cux22oiU= > =QN21 > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From glenn.steen at gmail.com Mon Sep 10 20:31:04 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Sep 10 20:31:07 2007 Subject: MailScanner lock up Problem In-Reply-To: <46E569DF.2020300@blacknight.ie> References: <46E15746.2070305@blacknight.ie> <46E1613E.3010403@fsl.com> <46E16904.8080607@blacknight.ie> <223f97700709080439p64d76038s1bb48ca73e27863f@mail.gmail.com> <46E569DF.2020300@blacknight.ie> Message-ID: <223f97700709101231s25b1bad9r9ba41bd9375c1236@mail.gmail.com> On 10/09/2007, Paul Kelly :: Blacknight Solutions wrote: > Glenn Steen wrote: > > On 07/09/2007, Paul Kelly :: Blacknight Solutions wrote: > >> Steve Freegard wrote: > >> > >>> By the looks of the strace - my gut tells me that the problem is related > >>> to syslog. Hopefully that might point you in the right direction. > >>> > >>> Also - make sure that 'nscd' isn't running as that's caused me no end of > >>> trouble in the past with similar symptoms. > >> Syslog you say. Hmmmm. No joy on that front. Also don't have nscd enabled. > >> > >> Paul > > > > The obvious questions are: What did you change, prior to the problems > > starting? Do you monitor your HW with something like SMART > > capabilities etc? Anything like that indicating a failing drive? How a > > bout controller/RAM/etc etc? > > > > Unfortunately, SW have to run on HW... and HW can fail in the most ... > > interesting... ways:-) > > > > Turns out it was a rather interesting file system issue. I had to visit > the machine in the data centre in the wee hours of Saturday morning > (damn I hate being on-call) and perform open heart surgery on the file > systems. > > We're doing a mix of Raid 1 + LVM on top of it and a power cycle of the > machine during the previous few days caused some oddness with /var. This > I believe was causing MS to die silently. > > It's been "ok" since. /me touches wood > Ah. Might explain things:-). Since you will surely keep a very watchful eye on that particular system for the next week or so ... you needn't be too superstitious... Just keep the chicken wings (hmmm, shouldn't that be feet?:) handy, for when a "double-kingston" isn't enough voodoo:-):-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Sep 10 20:45:08 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Sep 10 20:45:11 2007 Subject: Mailscanner or Postfix, which one wins for you and why? In-Reply-To: <46E56B7E.1050802@conacher.co.za> References: <46E56B7E.1050802@conacher.co.za> Message-ID: <223f97700709101245y4be3d2faub95730412e074505@mail.gmail.com> On 10/09/2007, Hylton Conacher (ZR1HPC) wrote: > Hi, > > I currently have a mailserver and workstation behind an IPCop firewall. > I have been investigating MailScanner as it seems to allow far easier > editing of the parts that make up a firewall. > > Given the number of IPCop addons that can allow an admin vast powers, > although I haven't installed any yet as I am a GUI man, the question > remains to all those IPCop users that have switched to MailScanner if it > is better/easier to use update and configure than IPCop. > > I await the comments with interest. > > Regards > Hylton Eeerrrrr, what-do-you-mean???? MailScanner isn't in any way a replacement for an MTA (Postfix, as alluded to in the subject), nor does it replace a firewall (like IPCop)... What it does do is replace the often very rudimentary, in most cases, mail handling capabilities of said firewall. As I'm sure you've discovered, if you've been looking a bit at the firewall market, most any firewall claim to be able to protect your mailservers (simplistically one could say "MTA" here, but one would probably mean a combination of MTA, MDA and mail store....) WRT antivirus and anti-spam... None (or very few, at least... I don't claim to have looked at _every_ firewall:-) come even close to the accuracy, performance and ease of use MailScanner boasts. And then I haven't mentioned the fact that few, if any, mail scanning products can boast even a small part of the features MailScanner do. So do keep your firewall, but use MailScanner, in conjuction with a well-,aintained MTA, for your mail protection. You might be thinking of DansGuardian perhaps? Where one use MailScanner to do pretty much the same thing for normal "surf traffic" as MailScanner do for mail...? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martinh at solidstatelogic.com Mon Sep 10 20:51:22 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Sep 10 20:51:38 2007 Subject: MailScanner lock up Problem In-Reply-To: <46E569DF.2020300@blacknight.ie> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Paul Kelly :: Blacknight > Solutions > Sent: 10 September 2007 16:59 > To: MailScanner discussion > Subject: Re: MailScanner lock up Problem > > Glenn Steen wrote: > > On 07/09/2007, Paul Kelly :: Blacknight Solutions > wrote: > >> Steve Freegard wrote: > >> > >>> By the looks of the strace - my gut tells me that the problem is > related > >>> to syslog. Hopefully that might point you in the right direction. > >>> > >>> Also - make sure that 'nscd' isn't running as that's caused me no end > of > >>> trouble in the past with similar symptoms. > >> Syslog you say. Hmmmm. No joy on that front. Also don't have nscd > enabled. > >> > >> Paul > > > > The obvious questions are: What did you change, prior to the problems > > starting? Do you monitor your HW with something like SMART > > capabilities etc? Anything like that indicating a failing drive? How a > > bout controller/RAM/etc etc? > > > > Unfortunately, SW have to run on HW... and HW can fail in the most ... > > interesting... ways:-) > > > > Turns out it was a rather interesting file system issue. I had to visit > the machine in the data centre in the wee hours of Saturday morning > (damn I hate being on-call) and perform open heart surgery on the file > systems. > > We're doing a mix of Raid 1 + LVM on top of it and a power cycle of the > machine during the previous few days caused some oddness with /var. This > I believe was causing MS to die silently. > > It's been "ok" since. /me touches wood > > -- > Paul Kelly Paul Well I told you ext3 was crud ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From seamus at rheelweb.co.nz Mon Sep 10 22:01:08 2007 From: seamus at rheelweb.co.nz (Seamus Allan) Date: Mon Sep 10 22:01:20 2007 Subject: New Spam? In-Reply-To: <46DFC015.3000002@guttadauro.com> References: <46DFC015.3000002@guttadauro.com> Message-ID: <46E5B094.6040403@rheelweb.co.nz> Hi guys, I don't *think* I have seen this mentioned, but I got an interesting piece of spam this morning. It was an HTML email with the words Viagra and Cialis in it, and a small amount of random lettering right aligned. My scanner let it through, giving it scores for obfuscated text, but nothing for the words. Puzzled, I highlighted the word Viagra, and to my surprise half of the random text on the right selected too. I think they are using DIV's or something to hide text in text, but display it correctly to be read. I have uploaded a copy of the file if anyone wants to have a look, perhaps you'll see some of this in your inbox's soon? Any ideas on how to catch this? http://files.rheelweb.co.nz/spam.txt http://files.rheelweb.co.nz/spam.eml Cheers Seamus From mike at tc3net.com Tue Sep 11 00:31:48 2007 From: mike at tc3net.com (Michael Baird) Date: Tue Sep 11 00:31:26 2007 Subject: Redirecting *.spamhaus.org queries to local feed server In-Reply-To: <46D1DCDB.1040106@ecs.soton.ac.uk> References: <46D10C3E.9080004@maddoc.net> <46D1323E.4050100@alexb.ch> <46D1A23E.8020508@alexb.ch> <46D1DCDB.1040106@ecs.soton.ac.uk> Message-ID: <46E5D3E4.8040303@tc3net.com> Anybody know what the filename for zen is on their rsync servers, I just happened to setup an account with them in the past few days, and am getting around to setting up the script they supply. I get sbl pbl xbl just fine, but no zen (I tried specifying zen, in their script, just like sbl pbl and xbl are specified). Regards Michael Baird > In my setup, which has all the zones, the only ones that get queried > are zen (600k queries) and sbl (1.4m queries). > Both xbl and pbl have had 0 queries. > > Alex Broens wrote: >> On 8/26/2007 4:48 PM, Vlad Mazek wrote: >>> Should I have equivalent zones for PBL as well or is ZEN enough? >> >> Nope >> >> PBL lookups happen thru Zen >> See 20_dnsbl_tests.cf >> >> Alex >> >>> -Vlad >>> >>> On 8/26/07, Alex Broens wrote: >>>> On 8/26/2007 7:14 AM, Doc Schneider wrote: >>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>> Hash: SHA1 >>>>> >>>>> Vlad Mazek wrote: >>>>>> Ok, so setup a local rbldnsd server for a spamhaus feed. >>>>>> >>>>>> Stupid question: how do I tell MailScanner/spamassassin to redirect >>>>>> *.spamhaus.com queries to my rbldnsd server? >>>>>> >>>>>> -Vlad >>>>>> >>>>> For a caching name server >>>>> >>>>> zone "zen.spamhaus.org" { >>>>> type forward; >>>>> forward only; >>>>> forwarders { 1.2.3.4; }; >>>>> }; >>>>> >>>>> >>>>> Of course change to 1.2.3.4 to the IP of your rbldnsd server. >>>> that's not enough >>>> >>>> URIBL_SBL in 25_uribl.cf queries sbl.spamhaus.org so you'll also need >>>> >>>> zone "sbl.spamhaus.org" IN { >>>> type forward; >>>> forward first; >>>> forwarders { 1.2.3.4; }; >>>> }; >>>> >>>> Alex >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> >>> >> >> > > Jules > From mike at tc3net.com Tue Sep 11 00:42:49 2007 From: mike at tc3net.com (Michael Baird) Date: Tue Sep 11 00:42:29 2007 Subject: Redirecting *.spamhaus.org queries to local feed server In-Reply-To: <46E5D3E4.8040303@tc3net.com> References: <46D10C3E.9080004@maddoc.net> <46D1323E.4050100@alexb.ch> <46D1A23E.8020508@alexb.ch> <46D1DCDB.1040106@ecs.soton.ac.uk> <46E5D3E4.8040303@tc3net.com> Message-ID: <46E5D679.2090609@tc3net.com> Sorry, google search revealed all, combine all the zones within rbldnsd. Regards Michael Baird > Anybody know what the filename for zen is on their rsync servers, I > just happened to setup an account with them in the past few days, and > am getting around to setting up the script they supply. I get sbl pbl > xbl just fine, but no zen (I tried specifying zen, in their script, > just like sbl pbl and xbl are specified). > > Regards > Michael Baird >> In my setup, which has all the zones, the only ones that get queried >> are zen (600k queries) and sbl (1.4m queries). >> Both xbl and pbl have had 0 queries. >> >> Alex Broens wrote: >>> On 8/26/2007 4:48 PM, Vlad Mazek wrote: >>>> Should I have equivalent zones for PBL as well or is ZEN enough? >>> >>> Nope >>> >>> PBL lookups happen thru Zen >>> See 20_dnsbl_tests.cf >>> >>> Alex >>> >>>> -Vlad >>>> >>>> On 8/26/07, Alex Broens wrote: >>>>> On 8/26/2007 7:14 AM, Doc Schneider wrote: >>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>> Hash: SHA1 >>>>>> >>>>>> Vlad Mazek wrote: >>>>>>> Ok, so setup a local rbldnsd server for a spamhaus feed. >>>>>>> >>>>>>> Stupid question: how do I tell MailScanner/spamassassin to redirect >>>>>>> *.spamhaus.com queries to my rbldnsd server? >>>>>>> >>>>>>> -Vlad >>>>>>> >>>>>> For a caching name server >>>>>> >>>>>> zone "zen.spamhaus.org" { >>>>>> type forward; >>>>>> forward only; >>>>>> forwarders { 1.2.3.4; }; >>>>>> }; >>>>>> >>>>>> >>>>>> Of course change to 1.2.3.4 to the IP of your rbldnsd server. >>>>> that's not enough >>>>> >>>>> URIBL_SBL in 25_uribl.cf queries sbl.spamhaus.org so you'll also need >>>>> >>>>> zone "sbl.spamhaus.org" IN { >>>>> type forward; >>>>> forward first; >>>>> forwarders { 1.2.3.4; }; >>>>> }; >>>>> >>>>> Alex >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> >>>> >>>> >>> >>> >> >> Jules >> > From ssilva at sgvwater.com Tue Sep 11 00:25:37 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Sep 11 05:01:51 2007 Subject: New Spam? In-Reply-To: <46E5B094.6040403@rheelweb.co.nz> References: <46DFC015.3000002@guttadauro.com> <46E5B094.6040403@rheelweb.co.nz> Message-ID: Seamus Allan spake the following on 9/10/2007 2:01 PM: > Hi guys, > > I don't *think* I have seen this mentioned, but I got an interesting > piece of spam this morning. > It was an HTML email with the words Viagra and Cialis in it, and a small > amount of random lettering right aligned. My scanner let it through, > giving it scores for obfuscated text, but nothing for the words. > Puzzled, I highlighted the word Viagra, and to my surprise half of the > random text on the right selected too. I think they are using DIV's or > something to hide text in text, but display it correctly to be read. > I have uploaded a copy of the file if anyone wants to have a look, > perhaps you'll see some of this in your inbox's soon? > Any ideas on how to catch this? > > http://files.rheelweb.co.nz/spam.txt > http://files.rheelweb.co.nz/spam.eml > > Cheers > > Seamus My system seemed to score it high enough to at least mark it. Content analysis details: (8.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.6 HTML_OBFUSCATE_10_20 BODY: Message is 10% to 20% HTML obfuscation 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.5000] 1.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 1.7 SARE_HTML_USL_OBFU RAW: Message body has very strange HTML sequence 3.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist [URIs: advertisingcs.com] The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Sep 10 18:13:34 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Sep 11 05:18:43 2007 Subject: Error in documentation/src code? In-Reply-To: <46E56A19.1040604@conacher.co.za> References: <46E56A19.1040604@conacher.co.za> Message-ID: Hylton Conacher (ZR1HPC) spake the following on 9/10/2007 9:00 AM: > Hi, > > I am investigating installing MailScanner on openSUSE 9/10.2 and would > be installing it for use with a Postfix mailserver. From the web page > for this at http://www.mailscanner.info/postfix.html > > How to Set up MailScanner for Use with Postfix > In your MailScanner.conf file (probably in /etc/MailScanner or > /opt/MailScanner/etc), there are 5 settings you need to change. They are > all really near the top of the file. The settings are > > Run As User = postfix > Run As Group = postfix > Incoming Queue Dir = /var/spool/postfix/hold > Outgoing Queue Dir = /var/spool/postfix/incoming > MTA = postfix > > Should the outgoing Queue Dir not read /var/spool/postfix/outgoing, it > is going out not coming in?? > > Regards > Hylton No. It is still mail incoming to the main postfix process. New mails go into hold, and mailscanner processes them and puts them in incoming. If mailscanner was not installed, the mail would go straight to incoming. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Sep 10 17:56:36 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Sep 11 05:20:47 2007 Subject: Mailscanner or Postfix, which one wins for you and why? In-Reply-To: <46E56B7E.1050802@conacher.co.za> References: <46E56B7E.1050802@conacher.co.za> Message-ID: Hylton Conacher (ZR1HPC) spake the following on 9/10/2007 9:06 AM: > Hi, > > I currently have a mailserver and workstation behind an IPCop firewall. > I have been investigating MailScanner as it seems to allow far easier > editing of the parts that make up a firewall. > > Given the number of IPCop addons that can allow an admin vast powers, > although I haven't installed any yet as I am a GUI man, the question > remains to all those IPCop users that have switched to MailScanner if it > is better/easier to use update and configure than IPCop. > > I await the comments with interest. > > Regards > Hylton Ipcop and mailscanner are as different as apples and oranges. Ipcop is a internet firewall and mailscanner is a mail filter. It is like stating that you want to replace your farm tractor with a sports car. They do different things. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From seamus at rheelweb.co.nz Tue Sep 11 05:41:18 2007 From: seamus at rheelweb.co.nz (Seamus Allan) Date: Tue Sep 11 06:10:14 2007 Subject: New Spam? In-Reply-To: References: <46DFC015.3000002@guttadauro.com> <46E5B094.6040403@rheelweb.co.nz> Message-ID: <46E61C6E.2010802@rheelweb.co.nz> Scott Silva wrote: > Seamus Allan spake the following on 9/10/2007 2:01 PM: >> Hi guys, >> >> I don't *think* I have seen this mentioned, but I got an interesting >> piece of spam this morning. >> It was an HTML email with the words Viagra and Cialis in it, and a >> small amount of random lettering right aligned. My scanner let it >> through, giving it scores for obfuscated text, but nothing for the >> words. Puzzled, I highlighted the word Viagra, and to my surprise >> half of the random text on the right selected too. I think they are >> using DIV's or something to hide text in text, but display it >> correctly to be read. >> I have uploaded a copy of the file if anyone wants to have a look, >> perhaps you'll see some of this in your inbox's soon? >> Any ideas on how to catch this? >> >> http://files.rheelweb.co.nz/spam.txt >> http://files.rheelweb.co.nz/spam.eml >> >> Cheers >> >> Seamus > My system seemed to score it high enough to at least mark it. > Content analysis details: (8.7 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 2.6 HTML_OBFUSCATE_10_20 BODY: Message is 10% to 20% HTML obfuscation > 0.0 HTML_MESSAGE BODY: HTML included in message > 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% > [score: 0.5000] > 1.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts > 1.7 SARE_HTML_USL_OBFU RAW: Message body has very strange HTML > sequence > 3.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist > [URIs: advertisingcs.com] > > The original message was not completely plain text, and may be unsafe to > open with some email clients; in particular, it may contain a virus, > or confirm that your address can receive spam. If you wish to view > it, it may be safer to save it to a file and open it with an editor. > > > Curiously when this email came in, it didn't trigger the URIBL rule, yet when I invoke spamassassin from the command line (as the correct user etc) it does fire the URIBL rule. I wonder why this is? Seamus From ms-list at alexb.ch Tue Sep 11 06:20:36 2007 From: ms-list at alexb.ch (Alex Broens) Date: Tue Sep 11 06:20:42 2007 Subject: New Spam? In-Reply-To: <46E61C6E.2010802@rheelweb.co.nz> References: <46DFC015.3000002@guttadauro.com> <46E5B094.6040403@rheelweb.co.nz> <46E61C6E.2010802@rheelweb.co.nz> Message-ID: <46E625A4.5050704@alexb.ch> On 9/11/2007 6:41 AM, Seamus Allan wrote: > > Scott Silva wrote: >> Seamus Allan spake the following on 9/10/2007 2:01 PM: >>> Hi guys, >>> >>> I don't *think* I have seen this mentioned, but I got an interesting >>> piece of spam this morning. >>> It was an HTML email with the words Viagra and Cialis in it, and a >>> small amount of random lettering right aligned. My scanner let it >>> through, giving it scores for obfuscated text, but nothing for the >>> words. Puzzled, I highlighted the word Viagra, and to my surprise >>> half of the random text on the right selected too. I think they are >>> using DIV's or something to hide text in text, but display it >>> correctly to be read. >>> I have uploaded a copy of the file if anyone wants to have a look, >>> perhaps you'll see some of this in your inbox's soon? >>> Any ideas on how to catch this? >>> >>> http://files.rheelweb.co.nz/spam.txt >>> http://files.rheelweb.co.nz/spam.eml >>> >>> Cheers >>> >>> Seamus >> My system seemed to score it high enough to at least mark it. >> Content analysis details: (8.7 points, 5.0 required) >> >> pts rule name description >> ---- ---------------------- >> -------------------------------------------------- >> 2.6 HTML_OBFUSCATE_10_20 BODY: Message is 10% to 20% HTML obfuscation >> 0.0 HTML_MESSAGE BODY: HTML included in message >> 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% >> [score: 0.5000] >> 1.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts >> 1.7 SARE_HTML_USL_OBFU RAW: Message body has very strange HTML >> sequence >> 3.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist >> [URIs: advertisingcs.com] >> >> The original message was not completely plain text, and may be unsafe to >> open with some email clients; in particular, it may contain a virus, >> or confirm that your address can receive spam. If you wish to view >> it, it may be safer to save it to a file and open it with an editor. >> >> >> > Curiously when this email came in, it didn't trigger the URIBL rule, yet > when I invoke spamassassin from the command line (as the correct user > etc) it does fire the URIBL rule. > I wonder why this is? Assume a MailScanner gremlin listed it. From raymond at prolocation.net Tue Sep 11 09:28:29 2007 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Tue Sep 11 09:28:31 2007 Subject: New Spam? In-Reply-To: <46E625A4.5050704@alexb.ch> References: <46DFC015.3000002@guttadauro.com> <46E5B094.6040403@rheelweb.co.nz> <46E61C6E.2010802@rheelweb.co.nz> <46E625A4.5050704@alexb.ch> Message-ID: Hi! >>>> http://files.rheelweb.co.nz/spam.txt >>>> http://files.rheelweb.co.nz/spam.eml >>>> >>>> Cheers >>> pts rule name description >>> ---- ---------------------- >>> -------------------------------------------------- >>> 2.6 HTML_OBFUSCATE_10_20 BODY: Message is 10% to 20% HTML obfuscation >>> 0.0 HTML_MESSAGE BODY: HTML included in message >>> 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% >>> [score: 0.5000] >>> 1.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts >>> 1.7 SARE_HTML_USL_OBFU RAW: Message body has very strange HTML >>> sequence >>> 3.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist >>> [URIs: advertisingcs.com] >>> >>> The original message was not completely plain text, and may be unsafe to >>> open with some email clients; in particular, it may contain a virus, >>> or confirm that your address can receive spam. If you wish to view >>> it, it may be safer to save it to a file and open it with an editor. >> Curiously when this email came in, it didn't trigger the URIBL rule, yet >> when I invoke spamassassin from the command line (as the correct user etc) >> it does fire the URIBL rule. >> I wonder why this is? > Assume a MailScanner gremlin listed it. It magicly ended up in SURBL also. Bye, Raymond. From dean.plant at roke.co.uk Tue Sep 11 10:03:00 2007 From: dean.plant at roke.co.uk (Plant, Dean) Date: Tue Sep 11 10:03:09 2007 Subject: Sendmail problems on RHEL5 (and solution) Message-ID: <2181C5F19DD0254692452BFF3EAF1D680394092B@rsys005a.comm.ad.roke.co.uk> Denis Beauchemin wrote: > Hello all, > > Ever since I switched to my new RHEL5 MS servers I was noticing many > errors like these: > Sep 7 00:10:36 132.210.244.13 sendmail[6929]: l873tB1s006929: > collect: premature EOM: unexpected close > Sep 7 00:10:36 132.210.244.13 sendmail[6929]: l873tB1s006929: > collect: unexpected close on connection from pobox.sfu.ca, > sender= > > I could get thousands of these in a day and they resulted in delivery > delays that were starting to annoy seriously my users because they > were coming from legitimate servers. I was also annoyed because the > boxes > were running with more and more sendmail processes. > > We finally tracked it down to a faulty TCP/IP default setup on RHEL5! > To correct the problem I had to: > sysctl -w net.ipv4.tcp_wmem="4096 16384 131072" > sysctl -w net.ipv4.tcp_rmem="4096 87380 174760" > > and modify /etc/sysctl.conf : > net.ipv4.tcp_wmem="4096 16384 131072" > net.ipv4.tcp_rmem="4096 87380 174760" > > For some unknown reason the TCP/IP stack was telling some remote hosts > to use a really small window size and this resulted in some equipment > down the line breaking the connection. It happened more often with > big emails (the ones with attachments). > > I don't know if this bug is also present on CentOS5, but it might > be... > > The following commands might help you find out if you have the problem > (quick hack): > grep "unexpected close on connection" /var/log/maillog | perl -ne ' > next unless /collect: unexpected close on connection from ([^,]+),/; > $f{$1}++;a broken > END{ > foreach $i (sort keys %f){ > printf "%25s : %d\n", $i, $f{$i}; > } > }' | sort -k3n | tail > > If you see some servers with hundreds of errors, you may have the > problem... > > Denis This might be related, when we moved to CentOS 5 we had issues with TCP connections stalling and traced this down to a broken firewall and TCP window scaling. This only happened when transmitting larger amounts of data. This is a known symptom of some broken firewalls which rewrite (rather than remove) this option. This means that one end thinks a different window scale is being used to the other, and things break. You can echo 0 > /proc/sys/net/ipv4/tcp_window_scaling on the RHEL 5 box to see if this is affecting you as this was a workaround until we had a patch from the firewall vendor. Dean From mailadmin at baladia.gov.kw Tue Sep 11 11:20:51 2007 From: mailadmin at baladia.gov.kw (Mail Administrator) Date: Tue Sep 11 11:21:42 2007 Subject: Add 2nd antivirus scanner In-Reply-To: References: Message-ID: <1266.62.150.152.42.1189506051.squirrel@webmail.baladia.gov.kw> Dear All, I have the following below setup workin perfect for sometime Centos 5 MailScanner-4.62.9-3 Spam Assassin+Clamav--- jules package mailwatch i wanted to use the second antivurus scanner thats is bit defender since is free as of now so i downloaded it and installed it and when i run mailScanner --lint i see the fiollowing -------------------------------- Checking version numbers... Version number in MailScanner.conf (4.62.9) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamav bitdefender" Found these virus scanners installed: clamav =========================================================================== Ignore errors about failing to find EOCD signature format error: can't find EOCD signature at /usr/sbin/MailScanner line 451 cat: /tmp/log.bdc.7225: No such file or directory rm: cannot remove `/tmp/log.bdc.7225': No such file or directory =========================================================================== Virus Scanner test reports: ClamAV said "eicar.com contains Eicar-Test-Signature" If any of your virus scanners (clamav) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. --------------------------- also i modified the virusscanner.conf file original was bitdefender /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc modified to bitdefender /usr/lib/MailScanner/bitdefender-wrapper /opt/BitDefender-scanner/bin/bdscan -------------------------------------------------------------- 2) also when i try to run bdscan it says trial key found 25 days remaining why is this message appreciate your help Thanks and regards benedict -------------------------------- but now when I run MailScanner --lint -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Tue Sep 11 11:37:46 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Sep 11 11:37:48 2007 Subject: Add 2nd antivirus scanner In-Reply-To: <1266.62.150.152.42.1189506051.squirrel@webmail.baladia.gov.kw> References: <1266.62.150.152.42.1189506051.squirrel@webmail.baladia.gov.kw> Message-ID: <223f97700709110337l114eeea5uccd24b455db61ef2@mail.gmail.com> On 11/09/2007, Mail Administrator wrote: > > Dear All, > > I have the following below setup workin perfect for sometime > > Centos 5 > MailScanner-4.62.9-3 > Spam Assassin+Clamav--- jules package > mailwatch > > i wanted to use the second antivurus scanner thats is bit defender since > is free as of now > so i downloaded it and installed it and when i run mailScanner --lint i > see the fiollowing > > -------------------------------- > > Checking version numbers... > Version number in MailScanner.conf (4.62.9) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin reported no errors. > MailScanner.conf says "Virus Scanners = clamav bitdefender" > Found these virus scanners installed: clamav > =========================================================================== > Ignore errors about failing to find EOCD signature > format error: can't find EOCD signature > at /usr/sbin/MailScanner line 451 > cat: /tmp/log.bdc.7225: No such file or directory > rm: cannot remove `/tmp/log.bdc.7225': No such file or directory > =========================================================================== > Virus Scanner test reports: > ClamAV said "eicar.com contains Eicar-Test-Signature" > > If any of your virus scanners (clamav) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its virus.scanners.conf. > > --------------------------- > > also i modified the virusscanner.conf file > > original was > > bitdefender /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc > > modified to > > bitdefender /usr/lib/MailScanner/bitdefender-wrapper > /opt/BitDefender-scanner/bin/bdscan This is wrong. The previous setting is for BDC version 7.x where the BitDefender commandline get installed into /opt/bdc (meaning the scanner is at /opt/bdc/bin/bdc). Not sure you got the right package, not sure even the "right package" is right for the current implementation in MS... Will have to take a look on what they tote ATM. Am swamped with work, so ... don't hold your breath (perhaps someone else, like Jules, will have the time;-). > -------------------------------------------------------------- > > 2) also when i try to run bdscan > it says > trial key found 25 days remaining > > why is this message Because it isn't the free version you're using, it is a trial version...;-) > > appreciate your help > > > Thanks and regards > > benedict > > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Sep 11 12:02:04 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Sep 11 12:02:15 2007 Subject: Add 2nd antivirus scanner In-Reply-To: <223f97700709110337l114eeea5uccd24b455db61ef2@mail.gmail.com> References: <1266.62.150.152.42.1189506051.squirrel@webmail.baladia.gov.kw> <223f97700709110337l114eeea5uccd24b455db61ef2@mail.gmail.com> Message-ID: <223f97700709110402v43e5fcd3nf1b641091032927@mail.gmail.com> On 11/09/2007, Glenn Steen wrote: > On 11/09/2007, Mail Administrator wrote: > > > > Dear All, > > > > I have the following below setup workin perfect for sometime > > > > Centos 5 > > MailScanner-4.62.9-3 > > Spam Assassin+Clamav--- jules package > > mailwatch > > > > i wanted to use the second antivurus scanner thats is bit defender since > > is free as of now > > so i downloaded it and installed it and when i run mailScanner --lint i > > see the fiollowing > > > > -------------------------------- > > > > Checking version numbers... > > Version number in MailScanner.conf (4.62.9) is correct. > > > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > > > Checking for SpamAssassin errors (if you use it)... > > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > > SpamAssassin reported no errors. > > MailScanner.conf says "Virus Scanners = clamav bitdefender" > > Found these virus scanners installed: clamav > > =========================================================================== > > Ignore errors about failing to find EOCD signature > > format error: can't find EOCD signature > > at /usr/sbin/MailScanner line 451 > > cat: /tmp/log.bdc.7225: No such file or directory > > rm: cannot remove `/tmp/log.bdc.7225': No such file or directory > > =========================================================================== > > Virus Scanner test reports: > > ClamAV said "eicar.com contains Eicar-Test-Signature" > > > > If any of your virus scanners (clamav) > > are not listed there, you should check that they are installed correctly > > and that MailScanner is finding them correctly via its virus.scanners.conf. > > > > --------------------------- > > > > also i modified the virusscanner.conf file > > > > original was > > > > bitdefender /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc > > > > modified to > > > > bitdefender /usr/lib/MailScanner/bitdefender-wrapper > > /opt/BitDefender-scanner/bin/bdscan > > This is wrong. The previous setting is for BDC version 7.x where the > BitDefender commandline get installed into /opt/bdc (meaning the > scanner is at /opt/bdc/bin/bdc). Not sure you got the right package, > not sure even the "right package" is right for the current > implementation in MS... Will have to take a look on what they tote > ATM. Am swamped with work, so ... don't hold your breath (perhaps > someone else, like Jules, will have the time;-). Ok, took a quick peek... Indeed the Bidefender-scanner (version 7.5) package is a "free download", but unlike the BitDefender-Antivirus-Console package (version 7.0, 7.1) this has a more ... strict.... license. It is indeed free for private use, but they do stipulate that if you intend to integrate it into your own scanning system (they even mention "scripts"...) you need use a commercial license. The package is trial, until you fill out a form/receive a "private use" license. It was all there in the EULA you just couldn't have missed, during the install. Apart from minor things, like renaming the binary and the install directory, the most visible difference seems to be the conversion to use "--" instead of "-" for the long options. Installing this package on a system that has the BDC (version 7.0-7.1) will _replace_ that package, at least when using RPM, so ... perhaps not a good thing:-). > > -------------------------------------------------------------- > > > > 2) also when i try to run bdscan > > it says > > trial key found 25 days remaining > > > > why is this message > > Because it isn't the free version you're using, it is a trial version...;-) As said, this is really true in a way. Look at the FAQ they provide, or the EULA, or even the INSTALL file...:-). > > > > appreciate your help > > > > > > Thanks and regards > > > > benedict > > > > > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Denis.Beauchemin at USherbrooke.ca Tue Sep 11 13:55:02 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Sep 11 13:56:05 2007 Subject: Sendmail problems on RHEL5 (and solution) In-Reply-To: <2181C5F19DD0254692452BFF3EAF1D680394092B@rsys005a.comm.ad.roke.co.uk> References: <2181C5F19DD0254692452BFF3EAF1D680394092B@rsys005a.comm.ad.roke.co.uk> Message-ID: <46E69026.3050401@USherbrooke.ca> Plant, Dean a ?crit : > Denis Beauchemin wrote: > >> Hello all, >> >> Ever since I switched to my new RHEL5 MS servers I was noticing many >> errors like these: >> Sep 7 00:10:36 132.210.244.13 sendmail[6929]: l873tB1s006929: >> collect: premature EOM: unexpected close >> Sep 7 00:10:36 132.210.244.13 sendmail[6929]: l873tB1s006929: >> collect: unexpected close on connection from pobox.sfu.ca, >> sender= >> >> I could get thousands of these in a day and they resulted in delivery >> delays that were starting to annoy seriously my users because they >> were coming from legitimate servers. I was also annoyed because the >> boxes >> were running with more and more sendmail processes. >> >> We finally tracked it down to a faulty TCP/IP default setup on RHEL5! >> To correct the problem I had to: >> sysctl -w net.ipv4.tcp_wmem="4096 16384 131072" >> sysctl -w net.ipv4.tcp_rmem="4096 87380 174760" >> >> and modify /etc/sysctl.conf : >> net.ipv4.tcp_wmem="4096 16384 131072" >> net.ipv4.tcp_rmem="4096 87380 174760" >> >> For some unknown reason the TCP/IP stack was telling some remote hosts >> to use a really small window size and this resulted in some equipment >> down the line breaking the connection. It happened more often with >> big emails (the ones with attachments). >> >> I don't know if this bug is also present on CentOS5, but it might >> be... >> >> The following commands might help you find out if you have the problem >> (quick hack): >> grep "unexpected close on connection" /var/log/maillog | perl -ne ' >> next unless /collect: unexpected close on connection from ([^,]+),/; >> $f{$1}++;a broken >> END{ >> foreach $i (sort keys %f){ >> printf "%25s : %d\n", $i, $f{$i}; >> } >> }' | sort -k3n | tail >> >> If you see some servers with hundreds of errors, you may have the >> problem... >> >> Denis >> > > This might be related, when we moved to CentOS 5 we had issues with TCP > connections stalling and traced this down to a broken firewall and TCP > window scaling. This only happened when transmitting larger amounts of > data. > > This is a known symptom of some broken firewalls which rewrite (rather > than remove) this option. This means that one end thinks a different > window scale is being used to the other, and things break. > > You can echo 0 > /proc/sys/net/ipv4/tcp_window_scaling on the RHEL 5 box > to see if this is affecting you as this was a workaround until we had a > patch from the firewall vendor. > > Dean > Dean, We began by doing what you suggest but it didn't correct the problem. As for the firewall we are using iptables on the servers. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From list-mailscanner at linguaphone.com Tue Sep 11 14:03:59 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue Sep 11 14:04:13 2007 Subject: Problem with rule actions (2) In-Reply-To: <1189071185.26505.7.camel@gblades-suse.linguaphone-intranet.co.uk> References: <46DDCB47.5000701@ecs.soton.ac.uk> <1188988931.23626.15.camel@gblades-suse.linguaphone-intranet.co.uk> <1188991494.23620.18.camel@gblades-suse.linguaphone-intranet.co.uk> <1188992322.23624.25.camel@gblades-suse.linguaphone-intranet.co.uk> <1189071185.26505.7.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <1189515839.8650.14.camel@gblades-suse.linguaphone-intranet.co.uk> Sorry to be a pail Julian but I wondered if you have had time to have a look at this to see if it is a bug? Thanks Gareth On Thu, 2007-09-06 at 10:33, Gareth wrote: > Any thoughts on this Julian? > > Thinking about it a bit more myself it appears that when the custom > action matches and the store,non-deliver is performed that MailScanner > forgets about the actions it should be taking due to the message being > identified as containing a virus. > This results in :- > * Message and decoded attachments not being saved into the virus > quaranteen. > * Details of the virus infections is lost and not passed onto the custom > finction used to log entries to the mailwatch database. > > Thanks > Gareth > > > On Wed, 2007-09-05 at 12:38, Gareth wrote: > > Ok could you have a look at this Julian when you have some spare time. > > > > Problem: When an email contains a virus and it triggers a custom action > > (store,non-deliver) the infection report is not being stored in the > > database. The following code is what mailwatch uses to retrieve the > > infection array and convert it to a string and I cant see why it would > > be going wrong as it is just using the data passed by mailscanner. > > > > It would be nice if the virus quaranteen was still populated in addition > > to the spam quarantine since the virus quaranteen has the attachments > > decoded so it makes it easier to do furthur manual tests. > > > > my($file, $text, @report_array); > > while(($file, $text) = each %{$message->{allreports}}) { > > $file = "the entire message" if $file eq ""; > > # Use the sanitised filename to avoid problems caused by people > > forcing > > # logging of attachment filenames which contain nasty SQL > > instructions. > > $file = $message->{file2safefile}{$file} or $file; > > $text =~ s/\n/ /; # Make sure text report only contains 1 line > > $text =~ s/\t/ /; # and no tab characters > > push (@report_array, $text); > > } > > > > # Sanitize reports > > my $reports = join(",",@report_array); > > > > > > Thanks > > Gareth From glenn.steen at gmail.com Tue Sep 11 14:13:02 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Sep 11 14:13:04 2007 Subject: Problem with rule actions (2) In-Reply-To: <1189515839.8650.14.camel@gblades-suse.linguaphone-intranet.co.uk> References: <46DDCB47.5000701@ecs.soton.ac.uk> <1188988931.23626.15.camel@gblades-suse.linguaphone-intranet.co.uk> <1188991494.23620.18.camel@gblades-suse.linguaphone-intranet.co.uk> <1188992322.23624.25.camel@gblades-suse.linguaphone-intranet.co.uk> <1189071185.26505.7.camel@gblades-suse.linguaphone-intranet.co.uk> <1189515839.8650.14.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <223f97700709110613n6a71a779m49959ab15be8b3cd@mail.gmail.com> On 11/09/2007, Gareth wrote: > Sorry to be a pail Julian but I wondered if you have had time to have a Don't be sorry... There are worse fluid containers (than a pail) one could be (bucket, spittoon, WC ...:-):-) Sorry, couldn't resist it;-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From jonbjorn at mbl.is Tue Sep 11 14:34:32 2007 From: jonbjorn at mbl.is (Jon Bjorn Njalsson) Date: Tue Sep 11 14:34:41 2007 Subject: Sendmail problems on RHEL5 (and solution) In-Reply-To: <46E69026.3050401@USherbrooke.ca> References: <2181C5F19DD0254692452BFF3EAF1D680394092B@rsys005a.comm.ad.roke.co.uk> <46E69026.3050401@USherbrooke.ca> Message-ID: <1189517672.4215.33.camel@viper> On ?ri, 2007-09-11 at 08:55 -0400, Denis Beauchemin wrote: > Plant, Dean a ?crit : > > Denis Beauchemin wrote: > > > >> Hello all, > >> > >> Ever since I switched to my new RHEL5 MS servers I was noticing many > >> errors like these: > >> Sep 7 00:10:36 132.210.244.13 sendmail[6929]: l873tB1s006929: > >> collect: premature EOM: unexpected close > >> Sep 7 00:10:36 132.210.244.13 sendmail[6929]: l873tB1s006929: > >> collect: unexpected close on connection from pobox.sfu.ca, > >> sender= > >> > >> I could get thousands of these in a day and they resulted in delivery > >> delays that were starting to annoy seriously my users because they > >> were coming from legitimate servers. I was also annoyed because the > >> boxes > >> were running with more and more sendmail processes. > >> > >> We finally tracked it down to a faulty TCP/IP default setup on RHEL5! > >> To correct the problem I had to: > >> sysctl -w net.ipv4.tcp_wmem="4096 16384 131072" > >> sysctl -w net.ipv4.tcp_rmem="4096 87380 174760" > >> > >> and modify /etc/sysctl.conf : > >> net.ipv4.tcp_wmem="4096 16384 131072" > >> net.ipv4.tcp_rmem="4096 87380 174760" > >> > >> For some unknown reason the TCP/IP stack was telling some remote hosts > >> to use a really small window size and this resulted in some equipment > >> down the line breaking the connection. It happened more often with > >> big emails (the ones with attachments). > >> > >> I don't know if this bug is also present on CentOS5, but it might > >> be... > >> > >> The following commands might help you find out if you have the problem > >> (quick hack): > >> grep "unexpected close on connection" /var/log/maillog | perl -ne ' > >> next unless /collect: unexpected close on connection from ([^,]+),/; > >> $f{$1}++;a broken > >> END{ > >> foreach $i (sort keys %f){ > >> printf "%25s : %d\n", $i, $f{$i}; > >> } > >> }' | sort -k3n | tail > >> > >> If you see some servers with hundreds of errors, you may have the > >> problem... > >> > >> Denis > >> > > > > This might be related, when we moved to CentOS 5 we had issues with TCP > > connections stalling and traced this down to a broken firewall and TCP > > window scaling. This only happened when transmitting larger amounts of > > data. > > > > This is a known symptom of some broken firewalls which rewrite (rather > > than remove) this option. This means that one end thinks a different > > window scale is being used to the other, and things break. > > > > You can echo 0 > /proc/sys/net/ipv4/tcp_window_scaling on the RHEL 5 box > > to see if this is affecting you as this was a workaround until we had a > > patch from the firewall vendor. > > > > Dean > > > Dean, > > We began by doing what you suggest but it didn't correct the problem. > As for the firewall we are using iptables on the servers. > > Denis > > -- > _ > ?v? Denis Beauchemin, analyste > /(_)\ Universit? de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x62252 F: 819.821.8045 > > I had similar problems with large attachments (premature EOM: unexpected close) using fedora Core 6 and the solution for me was to disable tcp_sack. echo 0 >/proc/sys/net/ipv4/tcp_sack Jon Bjorn From Carl.Boberg at nrm.se Tue Sep 11 14:40:12 2007 From: Carl.Boberg at nrm.se (Carl Boberg) Date: Tue Sep 11 14:41:54 2007 Subject: What controles this 'spam(no null-header or sender address)' Message-ID: <521A1817A68E5F4895A67C104512BF5F012779A2@GANDALF.nrm.se> Hi, A while ago we started getting mail marked as spam that where from mailinglists automatic senders and others with empty return-path : Return-Path: or similar They get flaged as spam with no spamscore and just this statement in the Spamreport (Mailwatch): spam(no null-header or sender address) How can i stop this behaviour? Cheers -------------------------------- Carl Boberg System & Network Administrator Swedish Museum of Naturalhistory Frescativ?gen 40 104 05 Stockholm Sweden Tel nr: 08-5195 5116 Mobile: 0701-82 4055 E-mail: carl.boberg@nrm.se -------------------------------- From Carl.Boberg at nrm.se Tue Sep 11 14:55:08 2007 From: Carl.Boberg at nrm.se (Carl Boberg) Date: Tue Sep 11 14:55:13 2007 Subject: What controles this 'spam(no null-header or sender address)' In-Reply-To: <521A1817A68E5F4895A67C104512BF5F012779A2@GANDALF.nrm.se> Message-ID: <521A1817A68E5F4895A67C104512BF5F012779A3@GANDALF.nrm.se> > > A while ago we started getting mail marked as spam that where > from mailinglists automatic senders and others with empty > return-path : Return-Path: or similar > > They get flaged as spam with no spamscore and just this > statement in the Spamreport (Mailwatch): > spam(no null-header or sender address) > > How can i stop this behaviour? Replying to my own post :) I had missed the setting: Treat Invalid Watermarks With No Sender as Spam = spam Just changed it to Treat Invalid Watermarks With No Sender as Spam = nothing The scary thing with this setting is that when set to other settings than "nothing" MS completely ignores all other spamchecks and just marks the email as Spam / High-spam Whatever, all is well again :) / carl From ram at netcore.co.in Tue Sep 11 15:46:18 2007 From: ram at netcore.co.in (ram) Date: Tue Sep 11 15:46:36 2007 Subject: spamcheck.rules file and headers Message-ID: <1189521978.6976.56.camel@localhost.localdomain> I use in my MailScanner.conf Spam Checks = %rules-dir%/spamcheck.rules to define which ids get spamchecked and which dont From: 160.83.52. no From: default yes Can I add a special spamcheck header ( added thru a milter ) if header X-Spamcheck: yes , then do spamchecks else no fi Thanks Ram From mailadmin at baladia.gov.kw Tue Sep 11 16:06:05 2007 From: mailadmin at baladia.gov.kw (Mail Administrator) Date: Tue Sep 11 16:06:41 2007 Subject: query regarding qurantine release In-Reply-To: References: <4004.62.150.152.226.1188940071.squirrel@webmail.baladia.gov.kw> Message-ID: <3996.62.150.152.59.1189523165.squirrel@webmail.baladia.gov.kw> > Mail Administrator spake the following on 9/4/2007 2:07 PM: >>> How does your webmail send the mail? >>> Does it make a smtp connection or run sendmail locally? >>> >>> If it makes a SMTP connection then you could probably configure it to >>> connect to the servers real IP address and not 127.0.0.1 and then it >>> should >>> work. >>> >> >> Thanks for ur quick reply >> really appreciate >> >> sendmail runs locally >> >> here my mail log when i send a message for more info. >> >> ---------------------------------------- >> >> ep 5 00:03:07 kmdns1 sendmail[32523]: l84L36FM032523: >> from=simon@kmun.gov.kw, size=652, class=0, nrcpts=1, >> msgid=<3964.62.150.152.226.1188939786.squirrel@webmail.baladia.gov.kw>, >> relay=apache@localhost >> Sep 5 00:03:07 kmdns1 sendmail[32524]: l84L37UE032524: >> from=, size=877, class=0, nrcpts=1, >> msgid=<3964.62.150.152.226.1188939786.squirrel@webmail.baladia.gov.kw>, >> proto=ESMTP, daemon=MTA, relay=kmdns1.kmun.gov.kw [127.0.0.1] >> Sep 5 00:03:07 kmdns1 sendmail[32524]: l84L37UE032524: >> to=, delay=00:00:00, mailer=esmtp, pri=30877, >> stat=queued >> >> ------------------------------------ >> >> 62.150.152.226 is a ip of my machine >> >> since my sendmail runs locally on ip 127.0.0.1 how could i go arround >> solving this problem . >> apprecite your help >> >> regards >> >> simon >> >> >> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of >>>> Mail Administrator >>>> Sent: 04 September 2007 21:28 >>>> To: MailScanner discussion >>>> Subject: query regarding qurantine release >>>> >>>> >>>> Dear All, >>>> >>>> >>>> I have the following setup on my server >>>> >>>> 1) Centos >>>> Primary Mail server >>>> Primary dns server >>>> Mailscanner >>>> Webmail server >>>> >>>> most of the users use their browser to login to the above server for >>>> sending and checking their mails >>>> everything is been workin perfectly >>>> >>>> i installed mailwatch so that i could release quarantine mails at >>>> my decision >>>> >>>> i then followed the exact steps as mentioned in the FAQ >>>> >>>> http://mailwatch.sourceforge.net/doku.php?id=mailwatch:faq >>>> >>>> and now i tried to test >>>> >>>> i sent a mail with attachment from my Yahoo account to my local mail >>>> server and it was blocked my mailscanner whcih is perfect >>>> n i logged in mailwatch and i could release the attachment and after i >>>> released if went perfectly to my mailbox. thats grt >>>> >>>> now i sent a mail with attachemnt from my local account using webmail >>>> to >>>> my yahoo account and it went perfectly fine >>>> >>>> and in my mailwatch details .. >>>> status as whitelist >>>> spam score 0.00 >>>> >>>> since 127.0.0.1 is white listed as per the rules.. >>>> >>>> So i see that Mailscanner n mailwatch works jus perfect for the mails >>>> received its grt >>>> >>>> but i have queries regading mail sent by users using the browser >>>> with webmail >>>> >>>> 1) does mailscanner do a virus n spam check on the mails sent since i >>>> see >>>> in mailwatch the status is >>>> >>>> status as whitelist >>>> spam score 0.00 >>>> cause if this does not happen then the users pc inefcted will cause >>>> the >>>> mail server to spam or send infected mails out >>>> >>>> 2) obviously i would like mailscanner to scan and block any >>>> attachments >>>> sent by my users via webmail and they should only be sent when >>>> released >>>> from quarantine with mailwatch >>>> >>>> how do i the above .. setup rules for doin that >>>> >>>> basically i see that after i implemented the steps in FAQ regarding >>>> the >>>> release of quarantine mails i see that it works perfect for mails with >>>> attachment received and not for mails sent >>>> >>>> >>>> really wd apprecite your help >>>> >>>> >>>> Regards >>>> >>>> Simon > In your conf.php in the mailwatch directory you have a setting like; > define(QUARANTINE_FROM_ADDR, 'postmaster'); > > Change all the rules to have From: 127.0.0.1 and From: > postmaster@localhost no > (notice the "and From:" part) > > Change postmaster to what you have in your conf.php. > This way it will only whitelist messages that match "both" choices, which > your > webmail users won't hit. Dear Scott, i have been tryin ur sugestions and tryed chnging the rukes and testing with no luck wht i have achieved is this if i send a mail from my rediffmail or yahoo account with an attachment to my local account the attachment is blocked and then when i log into mailwatch and release the attachment it is realeased perfectly and goes to my inbox which is absolutely correct n wht i want now if from my local account i send mail with attachment to my yahoo account the attachment is blocked which is perfect now i would like to release it so when i log into mailwatch n try to release it i get a message saying it is released by the new user i created n defined in conf.php . but i see in the maillogs that it been blocked again here below ------------------------------------------------------ kmdns1 sendmail[17217]: l8BEYeJ2017217: from=, size=153473, class=0, nrcpts=1, msgid=<200709111434.l8BEYeJ2017217@kmdns1.kmun.gov.kw>, proto=ESMTP, daemon=MTA, relay=kmdns1.kmun.gov.kw [127.0.0.1] Sep 11 17:34:41 kmdns1 sendmail[17217]: l8BEYeJ2017217: to=, delay=00:00:00, mailer=esmtp, pri=183473, stat=queued Sep 11 17:34:41 kmdns1 MailScanner[16792]: New Batch: Scanning 1 messages, 154073 bytes Sep 11 17:34:41 kmdns1 MailScanner[16792]: Message l8BEYeJ2017217 from 127.0.0.1 (mailmanager@localhost) to rediffmail.com is too big for spam checks (154073 > 150000 bytes) Sep 11 17:34:41 kmdns1 MailScanner[16792]: Virus and Content Scanning: Starting Sep 11 17:34:44 kmdns1 MailScanner[16792]: Filename Checks: Blocked Filename Detected (l8BEYeJ2017217 bpftp241.exe) Sep 11 17:34:44 kmdns1 MailScanner[16792]: Filename Checks: Blocked Filetype Detected (l8BEYeJ2017217 bpftp241.exe) apprecite your kind help mailmanager is the user i have created n specifies in conf.php regards Benedict > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- Network ADMIN: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jaearick at colby.edu Tue Sep 11 17:11:44 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Tue Sep 11 17:12:22 2007 Subject: routing "Bad Filename" info to users Message-ID: Gang, I have MailScanner set up to send the "virus detected" and "bad filename" or filetype messages to "msvirii" which is an email alias for me. What I need are the "bad filename" blurbs like below to go to end user (kjmartis here), but have the "virus detected" messages not go to end users. How to do this? Jeff Earickson Colby College ---------- Forwarded message ---------- Date: Tue, 11 Sep 2007 12:00:06 -0400 (EDT) From: MailScanner To: msvirii@colby.edu Subject: Bad Filename Detected The following e-mails were found to have: Bad Filename Detected Sender: ccyr@denford.com IP Address: 66.219.128.242 Recipient: kjmartis@colby.edu Subject: FW: Licence file COL31-01F (REGENERATION) Colby College MessageID: l8BFwapx018741 Quarantine: /var/spool/MailScanner/quarantine/20070911/l8BFwapx018741 Report: MailScanner: Executable DOS/Windows programs are dangerous in email (lmtools.exe) Report: MailScanner: Executable DOS/Windows programs are dangerous in email (delcam.exe) Report: MailScanner: Executable DOS/Windows programs are dangerous in email (spnsrv9x.exe) Report: MailScanner: Executable DOS/Windows programs are dangerous in email (lmtools.exe) MailScanner: Executable DOS/Windows programs are dangerous in email (delcam.exe) MailScanner: Executable DOS/Windows programs are dangerous in email (spnsrv9x.exe) MailScanner: Executable DOS/Windows programs are dangerous in email (loadserv.exe) MailScanner: Executable DOS/Windows programs are dangerous in email (lmutil.exe) MailScanner: Batch files are often malicious (lmstart.bat) MailScanner: Executable DOS/Windows programs are dangerous in email (SPNSrvStop.exe) MailScanner: Executable DOS/Windows programs are dangerous in email (SetupSysDriver.exe) MailScanner: Executable DOS/Windows programs are dangerous in email (PwdGenUtility1.exe) MailScanner: Executable DOS/Windows programs are dangerous in email (PwdGenUtility.exe) MailScanner: Executable DOS/Windows programs are dangerous in email (sentstrt.exe) MailScanner: Executable DOS/Windows programs are dangerous in email (spnsrvnt.exe) MailScanner: Executable DOS/Windows programs are dangerous in email (lmgrd.exe) Report: MailScanner: Executable DOS/Windows programs are dangerous in email (loadserv.exe) Report: MailScanner: Executable DOS/Windows programs are dangerous in email (lmutil.exe) Report: MailScanner: Batch files are often malicious (lmstart.bat) Report: MailScanner: Executable DOS/Windows programs are dangerous in email (SPNSrvStop.exe) Report: MailScanner: Executable DOS/Windows programs are dangerous in email (SetupSysDriver.exe) Report: MailScanner: Executable DOS/Windows programs are dangerous in email (PwdGenUtility1.exe) Report: MailScanner: Executable DOS/Windows programs are dangerous in email (PwdGenUtility.exe) Report: MailScanner: Executable DOS/Windows programs are dangerous in email (sentstrt.exe) Report: MailScanner: Executable DOS/Windows programs are dangerous in email (spnsrvnt.exe) Report: MailScanner: Executable DOS/Windows programs are dangerous in email (lmgrd.exe) Full headers are: Return-Path: Received: from hume.neobright.net (hume.neobright.net [66.219.128.242]) by jasper.colby.edu (8.14.1/8.14.1) with ESMTP id l8BFwapx018741 for ; Tue, 11 Sep 2007 11:58:44 -0400 (EDT) Received: from CARLENE (dynamic-acs-72-23-120-203.zoominternet.net [72.23.120.203]) by hume.neobright.net (8.11.6/8.11.6) with ESMTP id l8BFO5w27968 for ; Tue, 11 Sep 2007 11:24:05 -0400 From: "Carlene Cyr" To: Subject: FW: Licence file COL31-01F (REGENERATION) Colby College Date: Tue, 11 Sep 2007 11:23:56 -0400 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0000_01C7F466.4122F500" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138 Disposition-Notification-To: "Carlene Cyr" X-Greylist: Delayed for 00:31:28 by milter-greylist-4.0b1 (jasper.colby.edu [137.146.28.72]); Tue, 11 Sep 2007 11:58:54 -0400 (EDT) -- MailScanner Email Virus Scanner www.mailscanner.info From cparker at swatgear.com Tue Sep 11 18:42:54 2007 From: cparker at swatgear.com (Chris W. Parker) Date: Tue Sep 11 18:42:58 2007 Subject: Lots of spam gets through because of BAYES_00 -2.60 Message-ID: <97FD54B5E57A1842AA1A4B232E4761178EEB28@ati-ex-02.ati.local> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 2688 bytes Desc: sig_logo_rsml.gif Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070911/a310b032/attachment.gif From list-mailscanner at linguaphone.com Tue Sep 11 18:51:06 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue Sep 11 18:51:09 2007 Subject: Lots of spam gets through because of BAYES_00 -2.60 In-Reply-To: <97FD54B5E57A1842AA1A4B232E4761178EEB28@ati-ex-02.ati.local> Message-ID: Personally I find that it is very difficult to make bayes particularly effective in a corporate enviroment because of the variety of mails people receive. Therefore I find the low scoring bayes rules give a far to big a negative score. I tend to overise the low and high scores with the following :- score BAYES_00 -0.5 score BAYES_05 -0.1 score BAYES_20 -0.01 score BAYES_40 -0.01 score BAYES_99 5.0 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Chris W. Parker Sent: 11 September 2007 18:43 To: MailScanner discussion Subject: Lots of spam gets through because of BAYES_00 -2.60 Hello, I've got (at least) one user who has a strange spam problem. They receive a lot spam all day long but it's usually the same three to four types. It's either about a "JC Penney order confirmation #nnnnnn" (false), a "for dummies" book ads, or "airline flight reservation confirmation" (false of course). In almost all emails she receives there is BAYES_00 -2.60 in the spam score. I guess this means that the bayes database is really confident they're not spam. But too bad it's wrong! So this usually ends up putting the email below the threshold for possible spam (4.5). What action should I take to remedy this? Is there a way to train the bayes database for these messages? Or feed the bayes database some strings (like the ones above) so that it scores them more accurately? Another option I though of is to make my own SA rules to offset the incorrect bayes score but I don't really like that option because it requires me to maintain a list of fixes for the bayes test "mistakes". Thanks! Chris Parker Aardvark Tactical, Inc. IT Manager 1002 W Tenth St. Azusa, CA 91702 phone: 800.997.3773 x131 fax: 626.334.6860 cparker@swatgear.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070911/935de3ec/attachment.html From hylton at conacher.co.za Tue Sep 11 19:09:07 2007 From: hylton at conacher.co.za (Hylton Conacher (ZR1HPC)) Date: Tue Sep 11 19:09:26 2007 Subject: Mailscanner or Postfix, which one wins for you and why? In-Reply-To: References: <46E56B7E.1050802@conacher.co.za> Message-ID: <46E6D9C3.9040005@conacher.co.za> Hi Scott, Scott Silva wrote: > Hylton Conacher (ZR1HPC) spake the following on 9/10/2007 9:06 AM: >> Hi, >> >> I currently have a mailserver and workstation behind an IPCop firewall. >> I have been investigating MailScanner as it seems to allow far easier >> editing of the parts that make up a firewall. >> >> Given the number of IPCop addons that can allow an admin vast powers, >> although I haven't installed any yet as I am a GUI man, the question >> remains to all those IPCop users that have switched to MailScanner if it >> is better/easier to use update and configure than IPCop. >> >> I await the comments with interest. >> >> Regards >> Hylton > Ipcop and mailscanner are as different as apples and oranges. Ipcop is a > internet firewall and mailscanner is a mail filter. It is like stating > that you want to replace your farm tractor with a sports car. They do > different things. Scott, THANKYOU. Now I sort of understand how MailScanner fits into the network topology. The webpage does not, for what I could see, give a definition of what MailScanner does and or how it fits into the network topology. I had not realised that is just a mailscanner for picking up virii and SPAM and therefore could be installed on the same box as a mail server, behind a separate IPCop firewall. Regards Hylton From Denis.Beauchemin at USherbrooke.ca Tue Sep 11 19:13:25 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Sep 11 19:15:26 2007 Subject: Lots of spam gets through because of BAYES_00 -2.60 In-Reply-To: <97FD54B5E57A1842AA1A4B232E4761178EEB28@ati-ex-02.ati.local> References: <97FD54B5E57A1842AA1A4B232E4761178EEB28@ati-ex-02.ati.local> Message-ID: <46E6DAC5.3010404@USherbrooke.ca> Chris W. Parker a ?crit : > Hello, > > I've got (at least) one user who has a strange spam problem. They > receive a lot spam all day long but it's usually the same three to > four types. It's either about a "JC Penney order confirmation #nnnnnn" > (false), a "for dummies" book ads, or "airline flight reservation > confirmation" (false of course). > > In almost all emails she receives there is BAYES_00 -2.60 in the spam > score. I guess this means that the bayes database is really confident > they're not spam. But too bad it's wrong! So this usually ends up > putting the email below the threshold for possible spam (4.5). > > What action should I take to remedy this? Is there a way to train the > bayes database for these messages? Or feed the bayes database some > strings (like the ones above) so that it scores them more accurately? > > Another option I though of is to make my own SA rules to offset the > incorrect bayes score but I don't really like that option because it > requires me to maintain a list of fixes for the bayes test "mistakes". > Chris, I wrote many such rules over the years... In my opinion, Bayes is not a "one size fits all" solution. You sometimes have to tweak it or find external help such as rules emporium or others. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070911/9430d616/smime.bin From martinh at solidstatelogic.com Tue Sep 11 19:18:04 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Sep 11 19:18:10 2007 Subject: Mailscanner or Postfix, which one wins for you and why? In-Reply-To: <46E6D9C3.9040005@conacher.co.za> Message-ID: <2d5a21c7f02a9e4aa863d2b257db282a@solidstatelogic.com> Kinda what it says - it's an email scanner.. Page 2 of this document shows a reasonable process flow.. http://www.fsl.com/support/MailScanner-Manual-Version-1.0.5.pdf Steve/Jules can we add this diagram into the wiki somewhere? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Hylton Conacher (ZR1HPC) > Sent: 11 September 2007 19:09 > To: MailScanner discussion > Subject: Re: Mailscanner or Postfix, which one wins for you and why? > > Hi Scott, > > Scott Silva wrote: > > Hylton Conacher (ZR1HPC) spake the following on 9/10/2007 9:06 AM: > >> Hi, > >> > >> I currently have a mailserver and workstation behind an IPCop firewall. > >> I have been investigating MailScanner as it seems to allow far easier > >> editing of the parts that make up a firewall. > >> > >> Given the number of IPCop addons that can allow an admin vast powers, > >> although I haven't installed any yet as I am a GUI man, the question > >> remains to all those IPCop users that have switched to MailScanner if > it > >> is better/easier to use update and configure than IPCop. > >> > >> I await the comments with interest. > >> > >> Regards > >> Hylton > > Ipcop and mailscanner are as different as apples and oranges. Ipcop is a > > internet firewall and mailscanner is a mail filter. It is like stating > > that you want to replace your farm tractor with a sports car. They do > > different things. > > Scott, THANKYOU. > > Now I sort of understand how MailScanner fits into the network topology. > The webpage does not, for what I could see, give a definition of what > MailScanner does and or how it fits into the network topology. > > I had not realised that is just a mailscanner for picking up virii and > SPAM and therefore could be installed on the same box as a mail server, > behind a separate IPCop firewall. > > Regards > Hylton > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From cparker at swatgear.com Tue Sep 11 19:24:43 2007 From: cparker at swatgear.com (Chris W. Parker) Date: Tue Sep 11 19:24:45 2007 Subject: Lots of spam gets through because of BAYES_00 -2.60 References: Message-ID: <97FD54B5E57A1842AA1A4B232E47611773EC43@ati-ex-02.ati.local> I think that's probably a pretty good assessment of a corporate environment. What are the numbers at the end of the score? Is that the percentage of certainty that bayes has for the email that it is NOT spam? Thanks, Chris. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gareth Sent: Tuesday, September 11, 2007 10:51 AM To: MailScanner discussion Subject: RE: Lots of spam gets through because of BAYES_00 -2.60 Personally I find that it is very difficult to make bayes particularly effective in a corporate enviroment because of the variety of mails people receive. Therefore I find the low scoring bayes rules give a far to big a negative score. I tend to overise the low and high scores with the following :- score BAYES_00 -0.5 score BAYES_05 -0.1 score BAYES_20 -0.01 score BAYES_40 -0.01 score BAYES_99 5.0 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Chris W. Parker Sent: 11 September 2007 18:43 To: MailScanner discussion Subject: Lots of spam gets through because of BAYES_00 -2.60 Hello, I've got (at least) one user who has a strange spam problem. They receive a lot spam all day long but it's usually the same three to four types. It's either about a "JC Penney order confirmation #nnnnnn" (false), a "for dummies" book ads, or "airline flight reservation confirmation" (false of course). In almost all emails she receives there is BAYES_00 -2.60 in the spam score. I guess this means that the bayes database is really confident they're not spam. But too bad it's wrong! So this usually ends up putting the email below the threshold for possible spam (4.5). What action should I take to remedy this? Is there a way to train the bayes database for these messages? Or feed the bayes database some strings (like the ones above) so that it scores them more accurately? Another option I though of is to make my own SA rules to offset the incorrect bayes score but I don't really like that option because it requires me to maintain a list of fixes for the bayes test "mistakes". Thanks! Chris Parker Aardvark Tactical, Inc. IT Manager 1002 W Tenth St. Azusa, CA 91702 phone: 800.997.3773 x131 fax: 626.334.6860 cparker@swatgear.com From list-mailscanner at linguaphone.com Tue Sep 11 19:55:25 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue Sep 11 19:55:31 2007 Subject: Lots of spam gets through because of BAYES_00 -2.60 In-Reply-To: <97FD54B5E57A1842AA1A4B232E47611773EC43@ati-ex-02.ati.local> Message-ID: Its the percentage certantity that it is spam. So BAYES_00 is 0% certain that its spam. The problem is that in corporate enviroments you dont generally automatically learn known spam. The only learning that we do is on spam which gets through (<0.1% for us) and which gets learn from the autolearn feature. The problem is that the default autolearn configuration only learns spam with a score ov over 20 so there will be some types of spam which never get learnt and therefore continue to get a low bayes score. Thats why I advise using as many rules as possible even if only a few spam get through. More rules means more spam with a score of over 20 so the more effective bayes gets. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Chris W. > Parker > Sent: 11 September 2007 19:25 > To: MailScanner discussion > Subject: RE: Lots of spam gets through because of BAYES_00 -2.60 > > > I think that's probably a pretty good assessment of a corporate > environment. > > What are the numbers at the end of the score? Is that the percentage of > certainty that bayes has for the email that it is NOT spam? > > > Thanks, > Chris. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gareth > Sent: Tuesday, September 11, 2007 10:51 AM > To: MailScanner discussion > Subject: RE: Lots of spam gets through because of BAYES_00 -2.60 > > Personally I find that it is very difficult to make bayes particularly > effective in a corporate enviroment because of the variety of mails > people receive. Therefore I find the low scoring bayes rules give a far > to big a negative score. I tend to overise the low and high scores with > the following :- > > score BAYES_00 -0.5 > score BAYES_05 -0.1 > score BAYES_20 -0.01 > score BAYES_40 -0.01 > score BAYES_99 5.0 > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Chris W. > Parker > Sent: 11 September 2007 18:43 > To: MailScanner discussion > Subject: Lots of spam gets through because of BAYES_00 -2.60 > > > Hello, > > I've got (at least) one user who has a strange spam problem. > They receive a lot spam all day long but it's usually the same three to > four types. It's either about a "JC Penney order confirmation #nnnnnn" > (false), a "for dummies" book ads, or "airline flight reservation > confirmation" (false of course). > > In almost all emails she receives there is BAYES_00 -2.60 in the > spam score. I guess this means that the bayes database is really > confident they're not spam. But too bad it's wrong! So this usually ends > up putting the email below the threshold for possible spam (4.5). > > What action should I take to remedy this? Is there a way to > train the bayes database for these messages? Or feed the bayes database > some strings (like the ones above) so that it scores them more > accurately? > > Another option I though of is to make my own SA rules to offset > the incorrect bayes score but I don't really like that option because it > requires me to maintain a list of fixes for the bayes test "mistakes". > > > > Thanks! > > Chris Parker > Aardvark Tactical, Inc. > IT Manager > 1002 W Tenth St. Azusa, CA 91702 > phone: 800.997.3773 x131 fax: 626.334.6860 > cparker@swatgear.com > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From ms-list at alexb.ch Tue Sep 11 21:19:04 2007 From: ms-list at alexb.ch (Alex Broens) Date: Tue Sep 11 21:19:13 2007 Subject: Lots of spam gets through because of BAYES_00 -2.60 In-Reply-To: <97FD54B5E57A1842AA1A4B232E4761178EEB28@ati-ex-02.ati.local> References: <97FD54B5E57A1842AA1A4B232E4761178EEB28@ati-ex-02.ati.local> Message-ID: <46E6F838.4080700@alexb.ch> On 9/11/2007 7:42 PM, Chris W. Parker wrote: > Hello, > > I've got (at least) one user who has a strange spam problem. They > receive a lot spam all day long but it's usually the same three to four > types. It's either about a "JC Penney order confirmation #nnnnnn" > (false), a "for dummies" book ads, or "airline flight reservation > confirmation" (false of course). > > In almost all emails she receives there is BAYES_00 -2.60 in the spam > score. I guess this means that the bayes database is really confident > they're not spam. But too bad it's wrong! So this usually ends up > putting the email below the threshold for possible spam (4.5). > > What action should I take to remedy this? Is there a way to train the > bayes database for these messages? Or feed the bayes database some > strings (like the ones above) so that it scores them more accurately? > > Another option I though of is to make my own SA rules to offset the > incorrect bayes score but I don't really like that option because it > requires me to maintain a list of fixes for the bayes test "mistakes". > > are you autolearning to Bayes? if yes, are you rejecting so much spam that BAyes doesn't get a chance to get enough crud to learn? if not, what are you doing to "teach" it? do you realize that Bayes is just a few extra points in a sum of rules? Alex From grupolistas at gmail.com Tue Sep 11 21:30:52 2007 From: grupolistas at gmail.com (infolistas listas) Date: Tue Sep 11 21:30:54 2007 Subject: unwanted flags Message-ID: <44c071aa0709111330t778c45d1wd3f3635dc07d0ea@mail.gmail.com> Hi users how can I remove this message from mailscanner or change it for my will.??? thanks Assunto: {Dangerous Content?} Lida: SPAM newsletter@incosmeto.com Warning: This message has had one or more attachments removed Warning: (not named). Warning: Please read the "unconfigured-debian-site-Attachment-Warning.txt" attachment(s) for more information. This is a message from the MailScanner E-Mail Virus Protection Service ---------------------------------------------------------------------- The original e-mail attachment "the entire message" was believed to be infected by a virus and has been replaced by this warning message. If you wish to receive a copy of the *infected* attachment, please e-mail helpdesk and include the whole of this message in your request. Alternatively, you can call them, with the contents of this message to hand when you call. At Tue Sep 11 16:17:04 2007 the virus scanner said: Could not parse Outlook Rich Text attachment Note to Help Desk: Look on the unconfigured-debian-site () MailScanner in /var/spool/MailScanner/quarantine/20070911 (message 499D97FF99.4D8E9). -- Postmaster -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070911/7419ae5e/attachment.html From MailScanner at ecs.soton.ac.uk Tue Sep 11 21:41:21 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 11 21:41:42 2007 Subject: spamcheck.rules file and headers In-Reply-To: <1189521978.6976.56.camel@localhost.localdomain> References: <1189521978.6976.56.camel@localhost.localdomain> Message-ID: <46E6FD71.6070607@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 And when someone else adds a "X-Spamcheck: no" header to all your incoming mail for you? ram wrote: > I use in my MailScanner.conf > Spam Checks = %rules-dir%/spamcheck.rules > to define which ids get spamchecked and which dont > > > > From: 160.83.52. no > From: default yes > > > Can I add a special spamcheck header ( added thru a milter ) > > if header X-Spamcheck: yes , > then do spamchecks > else > no > fi > > > > > Thanks > Ram > > > > > > > > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFG5v1yEfZZRxQVtlQRAhdIAJsFUuol7cTZ8szPLl5MARpeEBjggACdE8yH WHJygcJIBS+JY+VW+gUwJBk= =TJX0 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Tue Sep 11 23:18:26 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Sep 11 23:18:50 2007 Subject: Add 2nd antivirus scanner In-Reply-To: <1266.62.150.152.42.1189506051.squirrel@webmail.baladia.gov.kw> References: <1266.62.150.152.42.1189506051.squirrel@webmail.baladia.gov.kw> Message-ID: Mail Administrator spake the following on 9/11/2007 3:20 AM: > Dear All, > > I have the following below setup workin perfect for sometime > > Centos 5 > MailScanner-4.62.9-3 > Spam Assassin+Clamav--- jules package > mailwatch > > i wanted to use the second antivurus scanner thats is bit defender since > is free as of now > so i downloaded it and installed it and when i run mailScanner --lint i > see the fiollowing > > -------------------------------- > > Checking version numbers... > Version number in MailScanner.conf (4.62.9) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin reported no errors. > MailScanner.conf says "Virus Scanners = clamav bitdefender" > Found these virus scanners installed: clamav > =========================================================================== > Ignore errors about failing to find EOCD signature > format error: can't find EOCD signature > at /usr/sbin/MailScanner line 451 > cat: /tmp/log.bdc.7225: No such file or directory > rm: cannot remove `/tmp/log.bdc.7225': No such file or directory > =========================================================================== > Virus Scanner test reports: > ClamAV said "eicar.com contains Eicar-Test-Signature" > > If any of your virus scanners (clamav) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its virus.scanners.conf. > > --------------------------- > > also i modified the virusscanner.conf file > > original was > > bitdefender /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc > > modified to > > bitdefender /usr/lib/MailScanner/bitdefender-wrapper > /opt/BitDefender-scanner/bin/bdscan > -------------------------------------------------------------- > > 2) also when i try to run bdscan > it says > trial key found 25 days remaining > > why is this message > > appreciate your help > > > Thanks and regards > > benedict You did not install the free version. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Wed Sep 12 00:25:48 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Sep 12 00:26:10 2007 Subject: unwanted flags In-Reply-To: <44c071aa0709111330t778c45d1wd3f3635dc07d0ea@mail.gmail.com> References: <44c071aa0709111330t778c45d1wd3f3635dc07d0ea@mail.gmail.com> Message-ID: <46E723FC.7040202@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Edit /etc/MailScanner/reports/en/inline.warning.txt and inline.warning.html. You can also pick a totally different language if you want to, or edit any of the files in that directory. None of your changes will be lost when upgrade to some future version of MailScanner, all your changes will be kept. infolistas listas wrote: > Hi users how can I remove this message from mailscanner or change it > for my will.??? thanks > > Assunto: {Dangerous Content?} Lida: SPAM newsletter@incosmeto.com > > > Warning: This message has had one or more attachments removed > Warning: (not named). > Warning: Please read the "unconfigured-debian-site-Attachment-Warning.txt" > attachment(s) for more information. > > This is a message from the MailScanner E-Mail Virus Protection Service > ---------------------------------------------------------------------- > The original e-mail attachment "the entire message" > was believed to be infected by a virus and has been replaced by this > warning message. > > If you wish to receive a copy of the *infected* attachment, please > e-mail helpdesk and include the whole of this message in your request. > Alternatively, you can call them, with the contents of this message to > hand when you call. > > At Tue Sep 11 16:17:04 2007 the virus scanner said: > Could not parse Outlook Rich Text attachment > > Note to Help Desk: Look on the unconfigured-debian-site () MailScanner in > /var/spool/MailScanner/quarantine/20070911 (message 499D97FF99.4D8E9). > -- > Postmaster Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFG5yP8EfZZRxQVtlQRAno3AJ9By0NqLmOh3zyLRB7AxiaPTeT3ZQCeMS3g kz+VDdz8vrBJJEbD1Lok6bs= =LLlF -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From mailadmin at baladia.gov.kw Wed Sep 12 06:59:24 2007 From: mailadmin at baladia.gov.kw (Mail Administrator) Date: Wed Sep 12 07:00:01 2007 Subject: Add 2nd antivirus scanner In-Reply-To: References: <1266.62.150.152.42.1189506051.squirrel@webmail.baladia.gov.kw> Message-ID: <4365.62.150.152.42.1189576764.squirrel@webmail.baladia.gov.kw> > Mail Administrator spake the following on 9/11/2007 3:20 AM: >> Dear All, >> >> I have the following below setup workin perfect for sometime >> >> Centos 5 >> MailScanner-4.62.9-3 >> Spam Assassin+Clamav--- jules package >> mailwatch >> >> i wanted to use the second antivurus scanner thats is bit defender since >> is free as of now >> so i downloaded it and installed it and when i run mailScanner --lint i >> see the fiollowing >> >> -------------------------------- >> >> Checking version numbers... >> Version number in MailScanner.conf (4.62.9) is correct. >> >> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >> >> Checking for SpamAssassin errors (if you use it)... >> SpamAssassin temp dir = >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >> SpamAssassin reported no errors. >> MailScanner.conf says "Virus Scanners = clamav bitdefender" >> Found these virus scanners installed: clamav >> =========================================================================== >> Ignore errors about failing to find EOCD signature >> format error: can't find EOCD signature >> at /usr/sbin/MailScanner line 451 >> cat: /tmp/log.bdc.7225: No such file or directory >> rm: cannot remove `/tmp/log.bdc.7225': No such file or directory >> =========================================================================== >> Virus Scanner test reports: >> ClamAV said "eicar.com contains Eicar-Test-Signature" >> >> If any of your virus scanners (clamav) >> are not listed there, you should check that they are installed correctly >> and that MailScanner is finding them correctly via its >> virus.scanners.conf. >> >> --------------------------- >> >> also i modified the virusscanner.conf file >> >> original was >> >> bitdefender /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc >> >> modified to >> >> bitdefender /usr/lib/MailScanner/bitdefender-wrapper >> /opt/BitDefender-scanner/bin/bdscan >> -------------------------------------------------------------- >> >> 2) also when i try to run bdscan >> it says >> trial key found 25 days remaining >> >> why is this message >> >> appreciate your help >> >> >> Thanks and regards >> >> benedict > You did not install the free version. > Thanks Scott.. btw i did download the BitDefender antivirus from this location and installed it http://download.bitdefender.com/SMB/Workstation_Security_and_Management/BitDefender_Antivirus_Scanner_for_Unices/Unix/Current/EN/Version_7.x/Linux/ apprecite if u could provide me the right link if im wrong thnkss once again regards benedict > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- Network ADMIN: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ram at netcore.co.in Wed Sep 12 07:06:37 2007 From: ram at netcore.co.in (ram) Date: Wed Sep 12 07:07:35 2007 Subject: spamcheck.rules file and headers In-Reply-To: <46E6FD71.6070607@ecs.soton.ac.uk> References: <1189521978.6976.56.camel@localhost.localdomain> <46E6FD71.6070607@ecs.soton.ac.uk> Message-ID: <1189577197.18246.16.camel@localhost.localdomain> On Tue, 2007-09-11 at 21:41 +0100, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > And when someone else adds a "X-Spamcheck: no" header to all your > incoming mail for you? > Dont worry , I am not that naive :-) In the actual implementation I dont plan to have a simple "no" , but a varying string ( like your "watermark" idea ). I could change the string every day Thanks Ram > ram wrote: > > I use in my MailScanner.conf > > Spam Checks = %rules-dir%/spamcheck.rules > > to define which ids get spamchecked and which dont > > > > > > > > From: 160.83.52. no > > From: default yes > > > > > > Can I add a special spamcheck header ( added thru a milter ) > > > > if header X-Spamcheck: yes , > > then do spamchecks > > else > > no > > fi > > > > > > > > > > Thanks > > Ram > > > > > > > > > > > > > > > > > > > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.2 (Build 2014) > Charset: ISO-8859-1 > > wj8DBQFG5v1yEfZZRxQVtlQRAhdIAJsFUuol7cTZ8szPLl5MARpeEBjggACdE8yH > WHJygcJIBS+JY+VW+gUwJBk= > =TJX0 > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > From john at tradoc.fr Wed Sep 12 08:22:27 2007 From: john at tradoc.fr (John Wilcock) Date: Wed Sep 12 08:22:32 2007 Subject: spamcheck.rules file and headers In-Reply-To: <1189577197.18246.16.camel@localhost.localdomain> References: <1189521978.6976.56.camel@localhost.localdomain> <46E6FD71.6070607@ecs.soton.ac.uk> <1189577197.18246.16.camel@localhost.localdomain> Message-ID: <46E793B3.3070407@tradoc.fr> ram wrote: > On Tue, 2007-09-11 at 21:41 +0100, Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> And when someone else adds a "X-Spamcheck: no" header to all your >> incoming mail for you? >> > Dont worry , I am not that naive :-) > In the actual implementation I dont plan to have a simple "no" , but a > varying string ( like your "watermark" idea ). I could change the > string every day What you could do is use the shortcircuit feature introduced in SA 3.2 to skip all other SA rules if your header matches. See http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Plugin_Shortcircuit.html for details. John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From glenn.steen at gmail.com Wed Sep 12 09:16:26 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Sep 12 09:16:29 2007 Subject: Add 2nd antivirus scanner In-Reply-To: <4365.62.150.152.42.1189576764.squirrel@webmail.baladia.gov.kw> References: <1266.62.150.152.42.1189506051.squirrel@webmail.baladia.gov.kw> <4365.62.150.152.42.1189576764.squirrel@webmail.baladia.gov.kw> Message-ID: <223f97700709120116w433c73d5v452baa16f2e0ec74@mail.gmail.com> On 12/09/2007, Mail Administrator wrote: > > > Mail Administrator spake the following on 9/11/2007 3:20 AM: > >> Dear All, > >> > >> I have the following below setup workin perfect for sometime > >> > >> Centos 5 > >> MailScanner-4.62.9-3 > >> Spam Assassin+Clamav--- jules package > >> mailwatch > >> > >> i wanted to use the second antivurus scanner thats is bit defender since > >> is free as of now > >> so i downloaded it and installed it and when i run mailScanner --lint i > >> see the fiollowing > >> > >> -------------------------------- > >> > >> Checking version numbers... > >> Version number in MailScanner.conf (4.62.9) is correct. > >> > >> Your envelope_sender_header in spam.assassin.prefs.conf is correct. > >> > >> Checking for SpamAssassin errors (if you use it)... > >> SpamAssassin temp dir = > >> /var/spool/MailScanner/incoming/SpamAssassin-Temp > >> SpamAssassin reported no errors. > >> MailScanner.conf says "Virus Scanners = clamav bitdefender" > >> Found these virus scanners installed: clamav > >> =========================================================================== > >> Ignore errors about failing to find EOCD signature > >> format error: can't find EOCD signature > >> at /usr/sbin/MailScanner line 451 > >> cat: /tmp/log.bdc.7225: No such file or directory > >> rm: cannot remove `/tmp/log.bdc.7225': No such file or directory > >> =========================================================================== > >> Virus Scanner test reports: > >> ClamAV said "eicar.com contains Eicar-Test-Signature" > >> > >> If any of your virus scanners (clamav) > >> are not listed there, you should check that they are installed correctly > >> and that MailScanner is finding them correctly via its > >> virus.scanners.conf. > >> > >> --------------------------- > >> > >> also i modified the virusscanner.conf file > >> > >> original was > >> > >> bitdefender /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc > >> > >> modified to > >> > >> bitdefender /usr/lib/MailScanner/bitdefender-wrapper > >> /opt/BitDefender-scanner/bin/bdscan > >> -------------------------------------------------------------- > >> > >> 2) also when i try to run bdscan > >> it says > >> trial key found 25 days remaining > >> > >> why is this message > >> > >> appreciate your help > >> > >> > >> Thanks and regards > >> > >> benedict > > You did not install the free version. > > > > Thanks Scott.. > > btw i did download the BitDefender antivirus from this location and > installed it > > > http://download.bitdefender.com/SMB/Workstation_Security_and_Management/BitDefender_Antivirus_Scanner_for_Unices/Unix/Current/EN/Version_7.x/Linux/ > > apprecite if u could provide me the right link if im wrong > > thnkss once again > > regards > > benedict Well Benedict, that's just it: As of a while back, there simply isn't any "right link" to download from. Per definition, bdscanner cannot be used free of charge in MailScanner (assuming I read the license correctly). But I do think there are very minor changes to actually support it (as we should... after all, it is still a commercial scanner someone might like to buy). In that sense, I don't think BD would have any objections to us implementing that support (I think it'd be best to do it like a separate scanner... bd75x ... or something similar. And no, I haven't checked whether the existing functions would work with the bdscanner as well as with bdc... Will have to get a separate life, just to keep up with all the current work ... :-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mailadmin at baladia.gov.kw Wed Sep 12 12:50:33 2007 From: mailadmin at baladia.gov.kw (Mail Administrator) Date: Wed Sep 12 12:50:57 2007 Subject: Thanks a lot Glen :..Re: Add 2nd antivirus scanner In-Reply-To: <223f97700709120116w433c73d5v452baa16f2e0ec74@mail.gmail.com> References: <1266.62.150.152.42.1189506051.squirrel@webmail.baladia.gov.kw> <4365.62.150.152.42.1189576764.squirrel@webmail.baladia.gov.kw> <223f97700709120116w433c73d5v452baa16f2e0ec74@mail.gmail.com> Message-ID: <1096.62.150.152.226.1189597833.squirrel@webmail.baladia.gov.kw> > On 12/09/2007, Mail Administrator wrote: >> >> > Mail Administrator spake the following on 9/11/2007 3:20 AM: >> >> Dear All, >> >> >> >> I have the following below setup workin perfect for sometime >> >> >> >> Centos 5 >> >> MailScanner-4.62.9-3 >> >> Spam Assassin+Clamav--- jules package >> >> mailwatch >> >> >> >> i wanted to use the second antivurus scanner thats is bit defender >> since >> >> is free as of now >> >> so i downloaded it and installed it and when i run mailScanner >> --lint i >> >> see the fiollowing >> >> >> >> -------------------------------- >> >> >> >> Checking version numbers... >> >> Version number in MailScanner.conf (4.62.9) is correct. >> >> >> >> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >> >> >> >> Checking for SpamAssassin errors (if you use it)... >> >> SpamAssassin temp dir = >> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >> >> SpamAssassin reported no errors. >> >> MailScanner.conf says "Virus Scanners = clamav bitdefender" >> >> Found these virus scanners installed: clamav >> >> =========================================================================== >> >> Ignore errors about failing to find EOCD signature >> >> format error: can't find EOCD signature >> >> at /usr/sbin/MailScanner line 451 >> >> cat: /tmp/log.bdc.7225: No such file or directory >> >> rm: cannot remove `/tmp/log.bdc.7225': No such file or directory >> >> =========================================================================== >> >> Virus Scanner test reports: >> >> ClamAV said "eicar.com contains Eicar-Test-Signature" >> >> >> >> If any of your virus scanners (clamav) >> >> are not listed there, you should check that they are installed >> correctly >> >> and that MailScanner is finding them correctly via its >> >> virus.scanners.conf. >> >> >> >> --------------------------- >> >> >> >> also i modified the virusscanner.conf file >> >> >> >> original was >> >> >> >> bitdefender /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc >> >> >> >> modified to >> >> >> >> bitdefender /usr/lib/MailScanner/bitdefender-wrapper >> >> /opt/BitDefender-scanner/bin/bdscan >> >> -------------------------------------------------------------- >> >> >> >> 2) also when i try to run bdscan >> >> it says >> >> trial key found 25 days remaining >> >> >> >> why is this message >> >> >> >> appreciate your help >> >> >> >> >> >> Thanks and regards >> >> >> >> benedict >> > You did not install the free version. >> > >> >> Thanks Scott.. >> >> btw i did download the BitDefender antivirus from this location and >> installed it >> >> >> http://download.bitdefender.com/SMB/Workstation_Security_and_Management/BitDefender_Antivirus_Scanner_for_Unices/Unix/Current/EN/Version_7.x/Linux/ >> >> apprecite if u could provide me the right link if im wrong >> >> thnkss once again >> >> regards >> >> benedict > Well Benedict, that's just it: As of a while back, there simply isn't > any "right link" to download from. Per definition, bdscanner cannot be > used free of charge in MailScanner (assuming I read the license > correctly). > > But I do think there are very minor changes to actually support it (as > we should... after all, it is still a commercial scanner someone might > like to buy). In that sense, I don't think BD would have any > objections to us implementing that support (I think it'd be best to do > it like a separate scanner... bd75x ... or something similar. And no, > I haven't checked whether the existing functions would work with the > bdscanner as well as with bdc... Will have to get a separate life, > just to keep up with all the current work ... :-). > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- Network ADMIN: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gsjarvis at infoservers.net Wed Sep 12 13:18:46 2007 From: gsjarvis at infoservers.net (Graham S. Jarvis) Date: Wed Sep 12 13:18:27 2007 Subject: Spam Free "Archive Mail" In-Reply-To: <223f97700709100305r6cfce2dfia890faac2c672661@mail.gmail.com> References: <000601c7f2b7$77e0b2e0$64fefe0a@beauhqlo3ihx4g> <46E46C38.4090202@ecs.soton.ac.uk> <46E50DE7.2040101@infoservers.net> <223f97700709100305r6cfce2dfia890faac2c672661@mail.gmail.com> Message-ID: <46E7D926.3010709@infoservers.net> Glenn Steen wrote on 10/09/2007 12:05: > On 10/09/2007, Graham S. Jarvis wrote: > >> Hello All, >> >> I have tried to google the list for help on how to get the spam out of >> the "Archive Mail" files. >> The only thing I could find was: >> (http://lists.mailscanner.info/pipermail/mailscanner/2006-March/059056.html) >> but DrewB doesn't seem to be around any more. >> >> Does anyone have a similar script because it sounds like a good way to >> do sa-learn's as well. >> >> Is there a switch in the conf for doing this, Julian? >> > Although I'mm certainly not Jules, I think it is safe to say: No, there isn't. > And I don't suppose anyone else is interested in such a feature. . . . . So, there's not much chance of it ever becoming a config switch - shame! > If you need an "after scanning archive", you are much better off doing > that with the Actions (Non-spam, spam, high scoring spam... or > similar... Recent releases have ... made this more flexible:-). Simply > store everything (for a while) and use the nonspam quarantine as your > archive;). > > Cheers > Can you expand on this please. I thought these were "just" logging actions. Many Thanks, -Graham- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070912/f85f1f13/attachment.html From gmatt at nerc.ac.uk Wed Sep 12 13:38:08 2007 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Wed Sep 12 13:38:26 2007 Subject: Lots of spam gets through because of BAYES_00 -2.60 In-Reply-To: References: Message-ID: <46E7DDB0.50404@nerc.ac.uk> Gareth wrote: > Personally I find that it is very difficult to make bayes particularly > effective in a corporate enviroment because of the variety of mails this is not a reflection on the usefulness of Bayes. Proper configuration will make this an extremely useful part of the anti-spam suite. > people receive. Therefore I find the low scoring bayes rules give a far > to big a negative score. I tend to overise the low and high scores with > the following :- > > score BAYES_00 -0.5 > score BAYES_05 -0.1 > score BAYES_20 -0.01 > score BAYES_40 -0.01 > score BAYES_99 5.0 > interesting, your high-end scores aren't as conservative as your low end. I wonder if you are managing to auto-learn enough ham? You know you can adjust the autolearn thresholds dont you? Its quite common for Bayes to have far more spam to learn from than ham which without attention results in having to skew the scores as you have above. Personally, I have great success with Bayes on relays that filter around 20-30k messages per day across 20-30 domains and around 5000 mailboxes. I am careful tho to feed back all false postives flagged up by users (perhaps as many as 5 per week) back into the system. I also feed back all my own (personal) false negatives which may be as many as 10 per week (<1% of my mail). In summary, if Bayes is not working for you, its worth taking the time to get it right rather than simply skewing the scores. -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From list-mailscanner at linguaphone.com Wed Sep 12 13:41:08 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Sep 12 13:41:20 2007 Subject: Spam Free "Archive Mail" In-Reply-To: <46E7D926.3010709@infoservers.net> References: <000601c7f2b7$77e0b2e0$64fefe0a@beauhqlo3ihx4g> <46E46C38.4090202@ecs.soton.ac.uk> <46E50DE7.2040101@infoservers.net> <223f97700709100305r6cfce2dfia890faac2c672661@mail.gmail.com> <46E7D926.3010709@infoservers.net> Message-ID: <1189600868.12036.27.camel@gblades-suse.linguaphone-intranet.co.uk> All you need to do is add store-nonspam option to the 'Non Spam Actions =' line in MailScanner.conf. A copy of the mail is then automatically stored in the /var/spool/MailScanner/quarantine/yyyymmdd/nonspam/ directory. This mail can be read or another copy released using mailwatch. On Wed, 2007-09-12 at 13:18, Graham S. Jarvis wrote: > > Glenn Steen wrote on 10/09/2007 12:05: > > On 10/09/2007, Graham S. Jarvis wrote: > > > > > Hello All, > > > > > > I have tried to google the list for help on how to get the spam out of > > > the "Archive Mail" files. > > > The only thing I could find was: > > > (http://lists.mailscanner.info/pipermail/mailscanner/2006-March/059056.html) > > > but DrewB doesn't seem to be around any more. > > > > > > Does anyone have a similar script because it sounds like a good way to > > > do sa-learn's as well. > > > > > > Is there a switch in the conf for doing this, Julian? > > > > > Although I'mm certainly not Jules, I think it is safe to say: No, there isn't. > > > And I don't suppose anyone else is interested in such a feature. . . . > . > So, there's not much chance of it ever becoming a config switch - > shame! > > If you need an "after scanning archive", you are much better off doing > > that with the Actions (Non-spam, spam, high scoring spam... or > > similar... Recent releases have ... made this more flexible:-). Simply > > store everything (for a while) and use the nonspam quarantine as your > > archive;). > > > > Cheers > > > Can you expand on this please. > I thought these were "just" logging actions. > > Many Thanks, > -Graham- > > > > ______________________________________________________________________ > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Wed Sep 12 13:46:22 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Sep 12 13:46:25 2007 Subject: Spam Free "Archive Mail" In-Reply-To: <46E7D926.3010709@infoservers.net> References: <000601c7f2b7$77e0b2e0$64fefe0a@beauhqlo3ihx4g> <46E46C38.4090202@ecs.soton.ac.uk> <46E50DE7.2040101@infoservers.net> <223f97700709100305r6cfce2dfia890faac2c672661@mail.gmail.com> <46E7D926.3010709@infoservers.net> Message-ID: <223f97700709120546hc26b030ycead25e6215fc7ef@mail.gmail.com> On 12/09/2007, Graham S. Jarvis wrote: > > > > Glenn Steen wrote on 10/09/2007 12:05: > On 10/09/2007, Graham S. Jarvis wrote: > > > Hello All, > > I have tried to google the list for help on how to get the spam out of > the "Archive Mail" files. > The only thing I could find was: > (http://lists.mailscanner.info/pipermail/mailscanner/2006-March/059056.html) > but DrewB doesn't seem to be around any more. > > Does anyone have a similar script because it sounds like a good way to > do sa-learn's as well. > > Is there a switch in the conf for doing this, Julian? > > Although I'mm certainly not Jules, I think it is safe to say: No, there > isn't. > > And I don't suppose anyone else is interested in such a feature. . . . . > So, there's not much chance of it ever becoming a config switch - shame! > > If you need an "after scanning archive", you are much better off doing > that with the Actions (Non-spam, spam, high scoring spam... or > similar... Recent releases have ... made this more flexible:-). Simply > store everything (for a while) and use the nonspam quarantine as your > archive;). > > Cheers > > Can you expand on this please. > I thought these were "just" logging actions. > > Many Thanks, If you use "store" in any of them, the messages that "hit" that action will be put in the quarantine. Or you could use a setting like "forward mailarchive@yourdomain.tld" to pass every message into a separate mail (archive) account. If you use MailWatch, accessing the messages in the non-spam (and non-virus, for that matter) is then very easy. Just a matter of "point-and-click":-). The downside with that type of archiving (as indeed also for the Archive Mail setting) is that it will consume a fair amount of disk. Since you can use the non-spam quarantine for what you want, there really is no need for a "Keep Archive Clean" setting;-). You'll find the messages in something like /var/spool/MailScanner//nonspam/ ... If you don't quarantine the messages as queue files (this is a requirement of MailWatch), they will be plain text RFC822 files. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mikael at syska.dk Wed Sep 12 13:55:16 2007 From: mikael at syska.dk (Mikael Syska) Date: Wed Sep 12 13:53:30 2007 Subject: Blacklists by ip/mail/domain for each domain ... Message-ID: <46E7E1B4.3090607@syska.dk> Hi, I know mailwatch has some kind of this function allready, but I need it to be per domain. I want to be able to block mail to domian A if there is the sender, domain or ip are listed in a db table. My first though was using the custom functions and write it in Perl, but since perl aint my strong side, therefore I was wandering if someone allready has made such thing. Then it would be easy to make a interface on a simple page for the domain admin in MailWatch interface. So its actually a modification to the mailwatch interface, and we dont user it per user, but only per domain. // ouT From list-mailscanner at linguaphone.com Wed Sep 12 13:56:50 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Sep 12 13:57:05 2007 Subject: Lots of spam gets through because of BAYES_00 -2.60 In-Reply-To: <46E7DDB0.50404@nerc.ac.uk> References: <46E7DDB0.50404@nerc.ac.uk> Message-ID: <1189601810.12029.41.camel@gblades-suse.linguaphone-intranet.co.uk> Bayes does work well for us. It just does not work quite as well as my home system since that is trained on every mail and even if something is identified as spam and bayes is 80% certain I retrain it just to reinforce the result. Thats not practical in a company which gets as much mail as we do. Mailscanner stats for the last 30 days. identified spams - 13487 BAYES_99 - 9970 BAYES_50 - 1422 BAYES_80 - 635 BAYES_95 - 631 BAYES_60 - 494 BAYES_00 - 254 BAYES_20 - 100 BAYES_40 - 95 BAYES_05 - 46 I think thats good for a single rule. I just dont believe bayes not thinking it is spam is a good reason to give such a high negative score. Daily we use RBLs to reject mail to over 5000 recipients. Of whats left we get 1000 mails a day of which about half is spam. In the last week two spams have got through and we have had one false positive. We are obviously doing something right to get such good results. On Wed, 2007-09-12 at 13:38, Greg Matthews wrote: > Gareth wrote: > > Personally I find that it is very difficult to make bayes particularly > > effective in a corporate enviroment because of the variety of mails > > this is not a reflection on the usefulness of Bayes. Proper > configuration will make this an extremely useful part of the anti-spam > suite. > > > people receive. Therefore I find the low scoring bayes rules give a far > > to big a negative score. I tend to overise the low and high scores with > > the following :- > > > > score BAYES_00 -0.5 > > score BAYES_05 -0.1 > > score BAYES_20 -0.01 > > score BAYES_40 -0.01 > > score BAYES_99 5.0 > > > > interesting, your high-end scores aren't as conservative as your low > end. I wonder if you are managing to auto-learn enough ham? You know you > can adjust the autolearn thresholds dont you? Its quite common for Bayes > to have far more spam to learn from than ham which without attention > results in having to skew the scores as you have above. > > Personally, I have great success with Bayes on relays that filter around > 20-30k messages per day across 20-30 domains and around 5000 mailboxes. > I am careful tho to feed back all false postives flagged up by users > (perhaps as many as 5 per week) back into the system. I also feed back > all my own (personal) false negatives which may be as many as 10 per > week (<1% of my mail). > > In summary, if Bayes is not working for you, its worth taking the time > to get it right rather than simply skewing the scores. > > -- > Greg Matthews 01491 692445 > Head of UNIX/Linux, iTSS Wallingford > > -- > This message (and any attachments) is for the recipient only. NERC > is subject to the Freedom of Information Act 2000 and the contents > of this email and any reply you make may be disclosed by NERC unless > it is exempt from release under the Act. Any material supplied to > NERC may be stored in an electronic records management system. From list-mailscanner at linguaphone.com Wed Sep 12 14:06:26 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Sep 12 14:06:33 2007 Subject: Blacklists by ip/mail/domain for each domain ... In-Reply-To: <46E7E1B4.3090607@syska.dk> References: <46E7E1B4.3090607@syska.dk> Message-ID: <1189602386.12029.44.camel@gblades-suse.linguaphone-intranet.co.uk> I thought you could do that already by lust leaving the box before the '@' empty when adding a bloacklist entry. On Wed, 2007-09-12 at 13:55, Mikael Syska wrote: > Hi, > > I know mailwatch has some kind of this function allready, but I need it > to be per domain. > > I want to be able to block mail to domian A if there is the sender, > domain or ip are listed in a db table. > > My first though was using the custom functions and write it in Perl, but > since perl aint my strong side, therefore I was wandering if someone > allready has made such thing. Then it would be easy to make a interface > on a simple page for the domain admin in MailWatch interface. > > So its actually a modification to the mailwatch interface, and we dont > user it per user, but only per domain. > > // ouT From daneil.goodman at gmail.com Wed Sep 12 14:14:57 2007 From: daneil.goodman at gmail.com (Daneil Goodman) Date: Wed Sep 12 14:15:01 2007 Subject: How to remove {Disarmed} mail? Message-ID: <9a0fe170709120614u5dda3b50mbc5f42bb258034f@mail.gmail.com> Hi all, Can you please tell me how to change the config to remove the {Disarmed} mail? Recently, my users told me that they received more spam emails, and I changed the SA score to 4. But it looks like it does not block more spams. I am thinking about to add the blacklist, but I do not know how to do it and where I can download the blacklist. Please help me. Besides, can you please tell me what are the necessary steps and methods to tweak the config so that we can block more spams? Appreciate for your help. Daneil -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070912/87dba494/attachment.html From list-mailscanner at linguaphone.com Wed Sep 12 14:19:15 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Sep 12 14:19:26 2007 Subject: Blacklists by ip/mail/domain for each domain ... In-Reply-To: <1189602386.12029.44.camel@gblades-suse.linguaphone-intranet.co.uk> References: <46E7E1B4.3090607@syska.dk> <1189602386.12029.44.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <1189603154.12037.46.camel@gblades-suse.linguaphone-intranet.co.uk> Bah I need a new keyboard or at least an email client which does an automatic spell check. On Wed, 2007-09-12 at 14:06, Gareth wrote: > I thought you could do that already by lust leaving the box before the > '@' empty when adding a bloacklist entry. > > On Wed, 2007-09-12 at 13:55, Mikael Syska wrote: > > Hi, > > > > I know mailwatch has some kind of this function allready, but I need it > > to be per domain. > > > > I want to be able to block mail to domian A if there is the sender, > > domain or ip are listed in a db table. > > > > My first though was using the custom functions and write it in Perl, but > > since perl aint my strong side, therefore I was wandering if someone > > allready has made such thing. Then it would be easy to make a interface > > on a simple page for the domain admin in MailWatch interface. > > > > So its actually a modification to the mailwatch interface, and we dont > > user it per user, but only per domain. > > > > // ouT From andreab at guttadauro.com Wed Sep 12 14:32:53 2007 From: andreab at guttadauro.com (Andrea Bazzanini) Date: Wed Sep 12 14:30:54 2007 Subject: How to remove {Disarmed} mail? In-Reply-To: <9a0fe170709120614u5dda3b50mbc5f42bb258034f@mail.gmail.com> References: <9a0fe170709120614u5dda3b50mbc5f42bb258034f@mail.gmail.com> Message-ID: <46E7EA85.4020305@guttadauro.com> Hello Daniel I'm a new MailScanner too... and i met the same problem some times ago. I have fixed it by adding , new rules to SA. Before update, all message reach 4 or 5 points, the same message with new rules installed reach 20 / 22 points. Check the rulesemporium web site and try add new rules. NB: I repeat... i'm a new user too... :) NB: Ok.. my english in not very clear > Hi all, > > Can you please tell me how to change the config to remove the > {Disarmed} mail? > > Recently, my users told me that they received more spam emails, and > I changed the SA score to 4. But it looks like it does not block > more spams. I am thinking about to add the blacklist, but I do not > know how to do it and where I can download the blacklist. Please > help me. Besides, can you please tell me what are the necessary > steps and methods to tweak the config so that we can block more spams? > > Appreciate for your help. > > Daneil > -- > Il messaggio e' stato analizzato alla ricerca di virus o > contenuti pericolosi, ed e' risultato non infetto. -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi, ed e' risultato non infetto. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070912/e74820ef/attachment.html From list-mailscanner at linguaphone.com Wed Sep 12 14:33:59 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Sep 12 14:34:04 2007 Subject: RBLs Message-ID: <1189604039.12031.49.camel@gblades-suse.linguaphone-intranet.co.uk> Has anyone configured spamassassin to use additional RBLs other than what comes in the default configuration? I use Spamhaus and Spamcop in postfix but there are lots of alternatives available and the best way to test them would be to configure them in spamassassin and use the mailwatch report to see the % of ham and spam it matches. From mikael at syska.dk Wed Sep 12 15:36:47 2007 From: mikael at syska.dk (Mikael Syska) Date: Wed Sep 12 15:34:54 2007 Subject: Blacklists by ip/mail/domain for each domain ... In-Reply-To: <1189603154.12037.46.camel@gblades-suse.linguaphone-intranet.co.uk> References: <46E7E1B4.3090607@syska.dk> <1189602386.12029.44.camel@gblades-suse.linguaphone-intranet.co.uk> <1189603154.12037.46.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <46E7F97F.8020205@syska.dk> Hi, You are right about this one. I was just told that it did not work with domain etc. So i only used google a little and did not find anything. But after testing it, it seems to work. There just seem to be some delay in the updating(because it reads the table when the MS process starts) ... so I guess it was there I got the impression that it did not wrong. Thanks for pointing it out. // ouT Gareth wrote: > Bah I need a new keyboard or at least an email client which does an > automatic spell check. > > On Wed, 2007-09-12 at 14:06, Gareth wrote: > >> I thought you could do that already by lust leaving the box before the >> '@' empty when adding a bloacklist entry. >> >> On Wed, 2007-09-12 at 13:55, Mikael Syska wrote: >> >>> Hi, >>> >>> I know mailwatch has some kind of this function allready, but I need it >>> to be per domain. >>> >>> I want to be able to block mail to domian A if there is the sender, >>> domain or ip are listed in a db table. >>> >>> My first though was using the custom functions and write it in Perl, but >>> since perl aint my strong side, therefore I was wandering if someone >>> allready has made such thing. Then it would be easy to make a interface >>> on a simple page for the domain admin in MailWatch interface. >>> >>> So its actually a modification to the mailwatch interface, and we dont >>> user it per user, but only per domain. >>> >>> // ouT >>> > > From glenn.steen at gmail.com Wed Sep 12 15:50:20 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Sep 12 15:50:29 2007 Subject: Blacklists by ip/mail/domain for each domain ... In-Reply-To: <46E7F97F.8020205@syska.dk> References: <46E7E1B4.3090607@syska.dk> <1189602386.12029.44.camel@gblades-suse.linguaphone-intranet.co.uk> <1189603154.12037.46.camel@gblades-suse.linguaphone-intranet.co.uk> <46E7F97F.8020205@syska.dk> Message-ID: <223f97700709120750xcde5e85w75243a6943e5d103@mail.gmail.com> On 12/09/2007, Mikael Syska wrote: > Hi, > > You are right about this one. I was just told that it did not work with > domain etc. So i only used google a little and did not find anything. > But after testing it, it seems to work. There just seem to be some delay > in the updating(because it reads the table when the MS process starts) > ... so I guess it was there I got the impression that it did not wrong. > Thanks for pointing it out. IIRC it updates ever 15 minutes ... or so... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From list-mailscanner at linguaphone.com Wed Sep 12 15:59:15 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Sep 12 15:59:28 2007 Subject: Blacklists by ip/mail/domain for each domain ... In-Reply-To: <46E7F97F.8020205@syska.dk> References: <46E7E1B4.3090607@syska.dk> <1189602386.12029.44.camel@gblades-suse.linguaphone-intranet.co.uk> <1189603154.12037.46.camel@gblades-suse.linguaphone-intranet.co.uk> <46E7F97F.8020205@syska.dk> Message-ID: <1189609155.12031.62.camel@gblades-suse.linguaphone-intranet.co.uk> Glad its working for you. The only thing I know that it does not do is thngs like the following. user1 has an account user1@domain1.com user1 has additional filters applied to their account as user1a@domain1.com and user@domain2.com. user1 can see all email sent to them at their primary email address and the two addresses in the filters. However only email sent to there primary email address is whitelisted or blacklisted unless an administrator adds additional filters for the other specific addresses. I have written a patch to add the extra functionality so that white/blacklists also apply to addresses in the users filters. It can be downloaded from http://www.gbnetwork.co.uk/mailscanner/ On Wed, 2007-09-12 at 15:36, Mikael Syska wrote: > Hi, > > You are right about this one. I was just told that it did not work with > domain etc. So i only used google a little and did not find anything. > But after testing it, it seems to work. There just seem to be some delay > in the updating(because it reads the table when the MS process starts) > ... so I guess it was there I got the impression that it did not wrong. > Thanks for pointing it out. > > // ouT > > Gareth wrote: > > Bah I need a new keyboard or at least an email client which does an > > automatic spell check. > > > > On Wed, 2007-09-12 at 14:06, Gareth wrote: > > > >> I thought you could do that already by lust leaving the box before the > >> '@' empty when adding a bloacklist entry. > >> > >> On Wed, 2007-09-12 at 13:55, Mikael Syska wrote: > >> > >>> Hi, > >>> > >>> I know mailwatch has some kind of this function allready, but I need it > >>> to be per domain. > >>> > >>> I want to be able to block mail to domian A if there is the sender, > >>> domain or ip are listed in a db table. > >>> > >>> My first though was using the custom functions and write it in Perl, but > >>> since perl aint my strong side, therefore I was wandering if someone > >>> allready has made such thing. Then it would be easy to make a interface > >>> on a simple page for the domain admin in MailWatch interface. > >>> > >>> So its actually a modification to the mailwatch interface, and we dont > >>> user it per user, but only per domain. > >>> > >>> // ouT > >>> > > > > From cparker at swatgear.com Wed Sep 12 18:13:27 2007 From: cparker at swatgear.com (Chris W. Parker) Date: Wed Sep 12 18:13:30 2007 Subject: Lots of spam gets through because of BAYES_00 -2.60 References: <97FD54B5E57A1842AA1A4B232E4761178EEB28@ati-ex-02.ati.local> <46E6F838.4080700@alexb.ch> Message-ID: <97FD54B5E57A1842AA1A4B232E47611773EC49@ati-ex-02.ati.local> On Tuesday, September 11, 2007 1:19 PM Alex Broens said: > are you autolearning to Bayes? I think so. "autolearn=spam" right? Sep 9 22:37:01 filter MailScanner[18715]: Message l8A5ZuaQ026042 from 76.87.143.41 (berke@pop3.connect.ie) to swatgear.com is spam, SpamAssassin (not cached, score=26.644, required 4.5, autolearn=spam, AXB_XMID_1212 3.50, BAYES_99 3.50, BODY_ENHANCEMENT 0.31, DCC_CHECK 2.17, FH_HELO_EQ_D_D_D_D 0.00, HELO_DYNAMIC_DHCP 1.40, HELO_DYNAMIC_IPADDR 2.43, RCVD_IN_XBL 3.03, RDNS_DYNAMIC 0.10, SARE_ADULT2 1.42, STOX_REPLY_TYPE 0.00, URIBL_AB_SURBL 1.86, URIBL_BLACK 1.96, URIBL_JP_SURBL 1.50, URIBL_OB_SURBL 1.50, URIBL_SC_SURBL 0.47, URIBL_WS_SURBL 1.50) > if yes, are you rejecting so much spam that BAyes doesn't get a chance > to get enough crud to learn? I don't know. How can I determine this? > if not, what are you doing to "teach" it? Autolearn only. I don't know how to feed messages to it. > do you realize that Bayes is just a few extra points in a sum of > rules? Yes. Thanks, Chris. From cparker at swatgear.com Wed Sep 12 18:17:35 2007 From: cparker at swatgear.com (Chris W. Parker) Date: Wed Sep 12 18:17:39 2007 Subject: Lots of spam gets through because of BAYES_00 -2.60 References: <46E7DDB0.50404@nerc.ac.uk> Message-ID: <97FD54B5E57A1842AA1A4B232E4761178EEB31@ati-ex-02.ati.local> On Wednesday, September 12, 2007 5:38 AM Greg Matthews said: > In summary, if Bayes is not working for you, its worth taking the time > to get it right rather than simply skewing the scores. Would you mind giving more details on how I can take the time to "get it right"? Thanks! Chris. From martinh at solidstatelogic.com Wed Sep 12 18:23:33 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Sep 12 18:23:39 2007 Subject: Lots of spam gets through because of BAYES_00 -2.60 In-Reply-To: <97FD54B5E57A1842AA1A4B232E4761178EEB31@ati-ex-02.ati.local> Message-ID: <57a08d5677f0494fae7a2da5ee370015@solidstatelogic.com> Chris There's a good starter bayes if yours is playing at www.fsl.com/support -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Chris W. Parker > Sent: 12 September 2007 18:18 > To: MailScanner discussion > Subject: RE: Lots of spam gets through because of BAYES_00 -2.60 > > On Wednesday, September 12, 2007 5:38 AM Greg Matthews said: > > > In summary, if Bayes is not working for you, its worth taking the time > > to get it right rather than simply skewing the scores. > > Would you mind giving more details on how I can take the time to "get it > right"? > > > Thanks! > Chris. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From itdept at fractalweb.com Wed Sep 12 18:54:05 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Wed Sep 12 18:54:37 2007 Subject: Mailscanner with CRM114 - getting past "unknown" in headers Message-ID: <46E827BD.4060207@fractalweb.com> Hi everyone, I'm using MailScanner and SA with CRM114 and am getting the following in my headers: X-Spam-CRM114-Version: UNKNOWN X-Spam-CRM114-CacheID: UNKNOWN X-Spam-CRM114-Status: UNKNOWN ( 0 ) The strange thing is that if I check a message in the system's quarantine with the following, the proper information shows up (just the relevant part is pasted): # spamassassin -t < l8CHZtYJ016597 X-Spam-CRM114-Version: 20070301-BlameBaltar ( TRE 0.7.5 (LGPL) ) MR-BD9991E2 X-Spam-CRM114-CacheID: sfid-20070912_104730_888511_104EF1BB X-Spam-CRM114-Status: SPAM ( -26.32 ) So, questions. 1) is the version info not showing up likely because of something to do with MailScanner? Or could it be something else? It seems odd that the header gets put in, but the data just ends up being "UNKNOWN", except when run from the shell. 2) am I using the current version of CRM114 and/or mailreaver? Thanks, Chris From Kevin_Miller at ci.juneau.ak.us Wed Sep 12 19:45:35 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Sep 12 19:45:01 2007 Subject: Spam Free "Archive Mail" In-Reply-To: <223f97700709120546hc26b030ycead25e6215fc7ef@mail.gmail.com> References: <000601c7f2b7$77e0b2e0$64fefe0a@beauhqlo3ihx4g><46E46C38.4090202@ecs.soton.ac.uk> <46E50DE7.2040101@infoservers.net><223f97700709100305r6cfce2dfia890faac2c672661@mail.gmail.com><46E7D926.3010709@infoservers.net> <223f97700709120546hc26b030ycead25e6215fc7ef@mail.gmail.com> Message-ID: Glenn Steen wrote: > If you use MailWatch, accessing the messages in the non-spam (and > non-virus, for that matter) is then very easy. Just a matter of > "point-and-click":-). > The downside with that type of archiving (as indeed also for the > Archive Mail setting) is that it will consume a fair amount of disk. Not a big problem if you set your archive cleanup appropriately. A couple weeks worth of archives works for me but I'm just using it as an emergency poor man's backup. Easily taylored to fit however. > Since you can use the non-spam quarantine for what you want, there > really is no need for a "Keep Archive Clean" setting;-). Hmmm. I'm not sure I understand that. I 'quarantine' both spam and non-spam, but I also keep it clean. If it's a virus, I don't want it, period. If it's a false positive the sender can repackage and resend. > You'll find the messages in something like > /var/spool/MailScanner//nonspam/ ... If you don't > quarantine the messages as queue files (this is a requirement of > MailWatch), they will be plain text RFC822 files. I've never quarantined my messages as queue files, and I've been able to release from MailWatch just fine. I didn't see anything in the MailWatch install doc about that setting. This something new? We are talking about the 'Quarantine Whole Messages as Queue Files' setting, right? Mine has always been set to no. All the quarantine mail is sitting in the quarantine directories as whole messages - headers at the top, then the body. They're not in a format that I could just drop back into /var/spool/mqueue for easy delivery to my internal server. Changing that will (should?) make it really simple to just copy/move the files from the approprite quarantine directory to the mqueue directory and then go get a cup of joe. Right? S'later... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From MailScanner at ecs.soton.ac.uk Wed Sep 12 20:01:50 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Sep 12 20:02:08 2007 Subject: Blacklists by ip/mail/domain for each domain ... In-Reply-To: <46E7F97F.8020205@syska.dk> References: <46E7E1B4.3090607@syska.dk> <1189602386.12029.44.camel@gblades-suse.linguaphone-intranet.co.uk> <1189603154.12037.46.camel@gblades-suse.linguaphone-intranet.co.uk> <46E7F97F.8020205@syska.dk> Message-ID: <46E8379E.5040709@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In which case I suggest you buy a copy of the book, so that you get accurate information. Mikael Syska wrote: > Hi, > > You are right about this one. I was just told that it did not work > with domain etc. So i only used google a little and did not find > anything. But after testing it, it seems to work. There just seem to > be some delay in the updating(because it reads the table when the MS > process starts) ... so I guess it was there I got the impression that > it did not wrong. Thanks for pointing it out. > > // ouT > > Gareth wrote: >> Bah I need a new keyboard or at least an email client which does an >> automatic spell check. >> >> On Wed, 2007-09-12 at 14:06, Gareth wrote: >> >>> I thought you could do that already by lust leaving the box before the >>> '@' empty when adding a bloacklist entry. >>> >>> On Wed, 2007-09-12 at 13:55, Mikael Syska wrote: >>> >>>> Hi, >>>> >>>> I know mailwatch has some kind of this function allready, but I >>>> need it to be per domain. >>>> >>>> I want to be able to block mail to domian A if there is the sender, >>>> domain or ip are listed in a db table. >>>> >>>> My first though was using the custom functions and write it in >>>> Perl, but since perl aint my strong side, therefore I was wandering >>>> if someone allready has made such thing. Then it would be easy to >>>> make a interface on a simple page for the domain admin in MailWatch >>>> interface. >>>> >>>> So its actually a modification to the mailwatch interface, and we >>>> dont user it per user, but only per domain. >>>> >>>> // ouT >>>> >> >> > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Charset: ISO-8859-1 wj8DBQFG6DefEfZZRxQVtlQRArcWAKCMTW4+av2UP1vzIYfMRvqIA2aUTwCg+S9q IGul3RxA+IL1OKMl2N/AjvY= =RsMX -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From glenn.steen at gmail.com Wed Sep 12 20:09:56 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Sep 12 20:09:58 2007 Subject: Spam Free "Archive Mail" In-Reply-To: References: <000601c7f2b7$77e0b2e0$64fefe0a@beauhqlo3ihx4g> <46E46C38.4090202@ecs.soton.ac.uk> <46E50DE7.2040101@infoservers.net> <223f97700709100305r6cfce2dfia890faac2c672661@mail.gmail.com> <46E7D926.3010709@infoservers.net> <223f97700709120546hc26b030ycead25e6215fc7ef@mail.gmail.com> Message-ID: <223f97700709121209k41f70b2eg104e82d5544848de@mail.gmail.com> On 12/09/2007, Kevin Miller wrote: > Glenn Steen wrote: > > > If you use MailWatch, accessing the messages in the non-spam (and > > non-virus, for that matter) is then very easy. Just a matter of > > "point-and-click":-). > > The downside with that type of archiving (as indeed also for the > > Archive Mail setting) is that it will consume a fair amount of disk. > > Not a big problem if you set your archive cleanup appropriately. A > couple weeks worth of archives works for me but I'm just using it as an > emergency poor man's backup. Easily taylored to fit however. True. > > Since you can use the non-spam quarantine for what you want, there > > really is no need for a "Keep Archive Clean" setting;-). > > Hmmm. I'm not sure I understand that. I 'quarantine' both spam and > non-spam, but I also keep it clean. If it's a virus, I don't want it, > period. If it's a false positive the sender can repackage and resend. I think you miss the context of the comment.... It is regarding the fact that the Archive Mail setting will archive _everything_ just as it was received, regardless if it is a virus, spam, bad content .... whatever. Since you can use the nonspam quarantine as a "cleaned archive", you don't really need anything like a Keep Archived Mail Clean (a bit like the Keep Spam And MCP Quarantine Clean setting... Might be that that you're thinking of?). Even if the distinct quarantines (virus, spam, nonspam ...) are in the same directory hierarchy, they really are separate;-). > > You'll find the messages in something like > > /var/spool/MailScanner//nonspam/ ... If you don't > > quarantine the messages as queue files (this is a requirement of > > MailWatch), they will be plain text RFC822 files. > > I've never quarantined my messages as queue files, and I've been able to > release from MailWatch just fine. I didn't see anything in the > MailWatch install doc about that setting. This something new? No, setting it like you have is the requirement I'm talking about;-):-). It's right there in the install docs for MailWatch;). > We are talking about the 'Quarantine Whole Messages as Queue Files' > setting, right? Mine has always been set to no. All the quarantine > mail is sitting in the quarantine directories as whole messages - > headers at the top, then the body. Yes. That is the RFC822 format I mention. > They're not in a format that I could > just drop back into /var/spool/mqueue for easy delivery to my internal > server. Changing that will (should?) make it really simple to just > copy/move the files from the approprite quarantine directory to the > mqueue directory and then go get a cup of joe. > > Right? True, they would be more easy to release from the command line. But it?d break MailWatch a bit (since the detail view of the message need be able to read a consistent file format ...). So don't do it if you plan on keeping MailWatch Kevin...;-). > S'later... > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Kevin_Miller at ci.juneau.ak.us Wed Sep 12 20:20:38 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Sep 12 20:20:06 2007 Subject: Spam Free "Archive Mail" In-Reply-To: <223f97700709121209k41f70b2eg104e82d5544848de@mail.gmail.com> References: <000601c7f2b7$77e0b2e0$64fefe0a@beauhqlo3ihx4g><46E46C38.4090202@ecs.soton.ac.uk> <46E50DE7.2040101@infoservers.net><223f97700709100305r6cfce2dfia890faac2c672661@mail.gmail.com><46E7D926.3010709@infoservers.net><223f97700709120546hc26b030ycead25e6215fc7ef@mail.gmail.com> <223f97700709121209k41f70b2eg104e82d5544848de@mail.gmail.com> Message-ID: Glenn Steen wrote: > On 12/09/2007, Kevin Miller wrote: >> Glenn Steen wrote: >> >>> If you use MailWatch, accessing the messages in the non-spam (and >>> non-virus, for that matter) is then very easy. Just a matter of >>> "point-and-click":-). The downside with that type of archiving (as >>> indeed also for the Archive Mail setting) is that it will consume a >>> fair amount of disk. >> >> Not a big problem if you set your archive cleanup appropriately. A >> couple weeks worth of archives works for me but I'm just using it as >> an emergency poor man's backup. Easily taylored to fit however. > > True. > >>> Since you can use the non-spam quarantine for what you want, there >>> really is no need for a "Keep Archive Clean" setting;-). >> >> Hmmm. I'm not sure I understand that. I 'quarantine' both spam and >> non-spam, but I also keep it clean. If it's a virus, I don't want >> it, period. If it's a false positive the sender can repackage and >> resend. > > I think you miss the context of the comment.... It is regarding the > fact that the Archive Mail setting will archive _everything_ just as > it was received, regardless if it is a virus, spam, bad content .... > whatever. Since you can use the nonspam quarantine as a "cleaned > archive", you don't really need anything like a Keep Archived Mail > Clean (a bit like the Keep Spam And MCP Quarantine Clean setting... > Might be that that you're thinking of?). Even if the distinct > quarantines (virus, spam, nonspam ...) are in the same directory > hierarchy, they really are separate;-). > >>> You'll find the messages in something like >>> /var/spool/MailScanner//nonspam/ ... If you don't >>> quarantine the messages as queue files (this is a requirement of >>> MailWatch), they will be plain text RFC822 files. >> >> I've never quarantined my messages as queue files, and I've been >> able to release from MailWatch just fine. I didn't see anything in >> the MailWatch install doc about that setting. This something new? > > No, setting it like you have is the requirement I'm talking > about;-):-). It's right there in the install docs for MailWatch;). Weird - I'll have to go look again. I parsed the INSTALL doc, and didn't see it but not the other files. >> We are talking about the 'Quarantine Whole Messages as Queue Files' >> setting, right? Mine has always been set to no. All the quarantine >> mail is sitting in the quarantine directories as whole messages - >> headers at the top, then the body. > Yes. That is the RFC822 format I mention. > >> They're not in a format that I could >> just drop back into /var/spool/mqueue for easy delivery to my >> internal server. Changing that will (should?) make it really simple >> to just copy/move the files from the approprite quarantine directory >> to the mqueue directory and then go get a cup of joe. >> >> Right? > > True, they would be more easy to release from the command line. But > it?d break MailWatch a bit (since the detail view of the message need > be able to read a consistent file format ...). So don't do it if you > plan on keeping MailWatch Kevin...;-). Ok, I'll leave it as is. I do want to keep using MailWatch. Someday I should come up w/a routine to turn the rfc view into queue format but there's never enough time. Sigh. Thanks amigo... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From Kevin_Miller at ci.juneau.ak.us Wed Sep 12 20:32:15 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Sep 12 20:31:40 2007 Subject: Spam Free "Archive Mail" In-Reply-To: References: <000601c7f2b7$77e0b2e0$64fefe0a@beauhqlo3ihx4g><46E46C38.4090202@ecs.soton.ac.uk><46E50DE7.2040101@infoservers.net><223f97700709100305r6cfce2dfia890faac2c672661@mail.gmail.com><46E7D926.3010709@infoservers.net><223f97700709120546hc26b030ycead25e6215fc7ef@mail.gmail.com><223f97700709121209k41f70b2eg104e82d5544848de@mail.gmail.com> Message-ID: Kevin Miller wrote: > Glenn Steen wrote: >> No, setting it like you have is the requirement I'm talking >> about;-):-). It's right there in the install docs for MailWatch;). > > Weird - I'll have to go look again. I parsed the INSTALL doc, and > didn't see it but not the other files. Sigh. Replying to my own post. The stupid 'case sensitive' option bit me in the kiester. It is indeed there in the INSTALL file. Is it beer o:clock yet? ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From derek at csolve.net Wed Sep 12 21:26:47 2007 From: derek at csolve.net (Derek Buttineau) Date: Wed Sep 12 21:27:09 2007 Subject: TNEF Question In-Reply-To: <46C217E1.8070304@ecs.soton.ac.uk> References: <8072BCAE-023A-41D4-8E56-00C3CA14ADFF@csolve.net> <46C1FBC4.8070800@ecs.soton.ac.uk> <80FB635B-B7EF-4A09-A1D1-3513F3F4E680@csolve.net> <46C217E1.8070304@ecs.soton.ac.uk> Message-ID: On 2007-Aug-14, at 5:00 PM, Julian Field wrote: > That code has changed quite a bit since then. I found a bug in the > external TNEF decoder support code which I have fixed. Hi Julian, I finally had a chance to review the TNEF changes in Version 4.62.9 and found that my test winmail.dat (which had worked fine with 4.61.7) was coming back as unparsable. After a bit of head scratching, I think I found the problem. The default umask of 0022 on the system was causing the tnef.$$ subdirectory to be created with a mode of 0640 instead of 0777 and a result when the external decoder was called it was unable to extract the files to the newly created directory. To work around this, I simply added the chmod 0700 to bring it inline with the InternalDecoder(). I've included the patch for 4.62.9 (as minor as it is) -------------- next part -------------- A non-text attachment was scrubbed... Name: TNEF.pm.4.62.9.patch Type: application/octet-stream Size: 326 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070912/26cda3db/TNEF.pm.4.62.9.obj -------------- next part -------------- -- Regards, Derek Buttineau Internet Systems Developer Compu-SOLVE Internet Services Compu-SOLVE Technologies, Inc Phone: 705-725-1212 x255 E-Mail: derek@csolve.net From glenn.steen at gmail.com Wed Sep 12 21:54:03 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Sep 12 21:54:08 2007 Subject: Spam Free "Archive Mail" In-Reply-To: References: <000601c7f2b7$77e0b2e0$64fefe0a@beauhqlo3ihx4g> <46E46C38.4090202@ecs.soton.ac.uk> <46E50DE7.2040101@infoservers.net> <223f97700709100305r6cfce2dfia890faac2c672661@mail.gmail.com> <46E7D926.3010709@infoservers.net> <223f97700709120546hc26b030ycead25e6215fc7ef@mail.gmail.com> <223f97700709121209k41f70b2eg104e82d5544848de@mail.gmail.com> Message-ID: <223f97700709121354y6356dfb8yb040ed1e74f9a73c@mail.gmail.com> On 12/09/2007, Kevin Miller wrote: > Kevin Miller wrote: > > Glenn Steen wrote: > >> No, setting it like you have is the requirement I'm talking > >> about;-):-). It's right there in the install docs for MailWatch;). > > > > Weird - I'll have to go look again. I parsed the INSTALL doc, and > > didn't see it but not the other files. > > Sigh. Replying to my own post. The stupid 'case sensitive' option bit > me in the kiester. It is indeed there in the INSTALL file. > > Is it beer o:clock yet? > Seems so, yes.:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Wed Sep 12 22:17:25 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Sep 12 22:18:05 2007 Subject: Add 2nd antivirus scanner In-Reply-To: <4365.62.150.152.42.1189576764.squirrel@webmail.baladia.gov.kw> References: <1266.62.150.152.42.1189506051.squirrel@webmail.baladia.gov.kw> <4365.62.150.152.42.1189576764.squirrel@webmail.baladia.gov.kw> Message-ID: Mail Administrator spake the following on 9/11/2007 10:59 PM: >> Mail Administrator spake the following on 9/11/2007 3:20 AM: >>> Dear All, >>> >>> I have the following below setup workin perfect for sometime >>> >>> Centos 5 >>> MailScanner-4.62.9-3 >>> Spam Assassin+Clamav--- jules package >>> mailwatch >>> >>> i wanted to use the second antivurus scanner thats is bit defender since >>> is free as of now >>> so i downloaded it and installed it and when i run mailScanner --lint i >>> see the fiollowing >>> >>> -------------------------------- >>> >>> Checking version numbers... >>> Version number in MailScanner.conf (4.62.9) is correct. >>> >>> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >>> >>> Checking for SpamAssassin errors (if you use it)... >>> SpamAssassin temp dir = >>> /var/spool/MailScanner/incoming/SpamAssassin-Temp >>> SpamAssassin reported no errors. >>> MailScanner.conf says "Virus Scanners = clamav bitdefender" >>> Found these virus scanners installed: clamav >>> =========================================================================== >>> Ignore errors about failing to find EOCD signature >>> format error: can't find EOCD signature >>> at /usr/sbin/MailScanner line 451 >>> cat: /tmp/log.bdc.7225: No such file or directory >>> rm: cannot remove `/tmp/log.bdc.7225': No such file or directory >>> =========================================================================== >>> Virus Scanner test reports: >>> ClamAV said "eicar.com contains Eicar-Test-Signature" >>> >>> If any of your virus scanners (clamav) >>> are not listed there, you should check that they are installed correctly >>> and that MailScanner is finding them correctly via its >>> virus.scanners.conf. >>> >>> --------------------------- >>> >>> also i modified the virusscanner.conf file >>> >>> original was >>> >>> bitdefender /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc >>> >>> modified to >>> >>> bitdefender /usr/lib/MailScanner/bitdefender-wrapper >>> /opt/BitDefender-scanner/bin/bdscan >>> -------------------------------------------------------------- >>> >>> 2) also when i try to run bdscan >>> it says >>> trial key found 25 days remaining >>> >>> why is this message >>> >>> appreciate your help >>> >>> >>> Thanks and regards >>> >>> benedict >> You did not install the free version. >> > > Thanks Scott.. > > btw i did download the BitDefender antivirus from this location and > installed it > > > http://download.bitdefender.com/SMB/Workstation_Security_and_Management/BitDefender_Antivirus_Scanner_for_Unices/Unix/Current/EN/Version_7.x/Linux/ > > apprecite if u could provide me the right link if im wrong > > thnkss once again > > regards > > benedict It looks as if they have removed the links to the old free product. I'm sure many here have it still, but it is getting to be a real resource hog. I cannot provide a link, as I can't post it if the manufacturer has decided to remove their link. Sorry. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Sep 12 22:30:25 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Sep 12 22:30:50 2007 Subject: RBLs In-Reply-To: <1189604039.12031.49.camel@gblades-suse.linguaphone-intranet.co.uk> References: <1189604039.12031.49.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: Gareth spake the following on 9/12/2007 6:33 AM: > Has anyone configured spamassassin to use additional RBLs other than > what comes in the default configuration? > > I use Spamhaus and Spamcop in postfix but there are lots of alternatives > available and the best way to test them would be to configure them in > spamassassin and use the mailwatch report to see the % of ham and spam > it matches. > I have a few. ---snip---- header RCVD_IN_PSBL eval:check_rbl('psbl', 'psbl.surriel.com.') describe RCVD_IN_PSBL Received via a relay in PSBL tflags RCVD_IN_PSBL net score RCVD_IN_PSBL 0 1.50 0 1.50 header RCVD_IN_UCE_PFSM_1 eval:check_rbl('UCE_PFSM_1', 'dnsbl-1.uceprotect.net') describe RCVD_IN_UCE_PFSM_1 Received via a relay in UCE_PFSM_1 tflags RCVD_IN_UCE_PFSM_1 net score RCVD_IN_UCE_PFSM_1 0 1.50 0 1.50 header RCVD_IN_UCE_PFSM_2 eval:check_rbl('UCE_PFSM_2', 'dnsbl-2.uceprotect.net') describe RCVD_IN_UCE_PFSM_2 Received via a relay in UCE_PFSM_2 tflags RCVD_IN_UCE_PFSM_2 net score RCVD_IN_UCE_PFSM_2 0 1.50 0 1.50 header RCVD_IN_UCE_PFSM_3 eval:check_rbl('UCE_PFSM_3', 'dnsbl-3.uceprotect.net') describe RCVD_IN_UCE_PFSM_3 Received via a relay in UCE_PFSM_3 tflags RCVD_IN_UCE_PFSM_3 net score RCVD_IN_UCE_PFSM_3 0 1.50 0 1.50 header DNS_FROM_MPBULK_RHSBL eval:check_rbl_from_host('mprhs', 'bulk.rhs.mailpolice.com.') describe DNS_FROM_MPBULK_RHSBL From: sender listed in bulk.rhs.mailpolice.com tflags DNS_FROM_MPBULK_RHSBL net score DNS_FROM_MPBULK_RHSBL 2.0 urirhsbl URIBL_BULK_MPRHS bulk.rhs.mailpolice.com. A body URIBL_BULK_MPRHS eval:check_uridnsbl('URIBL_BULK_MPRHS') describe URIBL_BULK_MPRHS Contains a URL listed in the MailPolice bulk senders list tflags URIBL_BULK_MPRHS net score URIBL_BULK_MPRHS 2.0 urirhsbl URIBL_PORN_MPRHS porn.rhs.mailpolice.com. A body URIBL_PORN_MPRHS eval:check_uridnsbl('URIBL_PORN_MPRHS') describe URIBL_PORN_MPRHS Contains a URL listed in the MailPolice porn domains list tflags URIBL_PORN_MPRHS net score URIBL_PORN_MPRHS 2.0 urirhsbl URIBL_FRAUD_MPRHS fraud.rhs.mailpolice.com. A body URIBL_FRAUD_MPRHS eval:check_uridnsbl('URIBL_FRAUD_MPRHS') describe URIBL_FRAUD_MPRHS Contains a URL listed in the MailPolice fraud domains list tflags URIBL_FRAUD_MPRHS net score URIBL_FRAUD_MPRHS 2.0 header RCVD_IN_SPAMCANNIBAL eval:check_rbl('spamcannibal', 'bl.spamcannibal.org.') describe RCVD_IN_SPAMCANNIBAL Received via a relay in SpamCannibal tflags RCVD_IN_SPAMCANNIBAL net score RCVD_IN_SPAMCANNIBAL 0 1.50 0 1.50 header RCVD_IN_MSRBL eval:check_rbl('msrbl', 'combined.rbl.msrbl.net.') describe RCVD_IN_MSRBL Received via a relay in MSRBL tflags RCVD_IN_MSRBL net score RCVD_IN_MSRBL 0 1.50 0 1.50 ---snip--- Some are better than others, as I haven't had time to evaluate them for a while. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mikael at syska.dk Wed Sep 12 22:53:54 2007 From: mikael at syska.dk (Mikael Syska) Date: Wed Sep 12 22:51:58 2007 Subject: Blacklists by ip/mail/domain for each domain ... In-Reply-To: <46E8379E.5040709@ecs.soton.ac.uk> References: <46E7E1B4.3090607@syska.dk> <1189602386.12029.44.camel@gblades-suse.linguaphone-intranet.co.uk> <1189603154.12037.46.camel@gblades-suse.linguaphone-intranet.co.uk> <46E7F97F.8020205@syska.dk> <46E8379E.5040709@ecs.soton.ac.uk> Message-ID: <46E85FF2.50401@syska.dk> Hey, Allready got the book, just not near me at the moment ... its down in the company and I'm offsite atm. Still, i have to thank you for a great product. Came from Amavisd-new .... and haven't regretted the change a single second. // ouT Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > In which case I suggest you buy a copy of the book, so that you get > accurate information. > > Mikael Syska wrote: > >> Hi, >> >> You are right about this one. I was just told that it did not work >> with domain etc. So i only used google a little and did not find >> anything. But after testing it, it seems to work. There just seem to >> be some delay in the updating(because it reads the table when the MS >> process starts) ... so I guess it was there I got the impression that >> it did not wrong. Thanks for pointing it out. >> >> // ouT >> >> Gareth wrote: >> >>> Bah I need a new keyboard or at least an email client which does an >>> automatic spell check. >>> >>> On Wed, 2007-09-12 at 14:06, Gareth wrote: >>> >>> >>>> I thought you could do that already by lust leaving the box before the >>>> '@' empty when adding a bloacklist entry. >>>> >>>> On Wed, 2007-09-12 at 13:55, Mikael Syska wrote: >>>> >>>> >>>>> Hi, >>>>> >>>>> I know mailwatch has some kind of this function allready, but I >>>>> need it to be per domain. >>>>> >>>>> I want to be able to block mail to domian A if there is the sender, >>>>> domain or ip are listed in a db table. >>>>> >>>>> My first though was using the custom functions and write it in >>>>> Perl, but since perl aint my strong side, therefore I was wandering >>>>> if someone allready has made such thing. Then it would be easy to >>>>> make a interface on a simple page for the domain admin in MailWatch >>>>> interface. >>>>> >>>>> So its actually a modification to the mailwatch interface, and we >>>>> dont user it per user, but only per domain. >>>>> >>>>> // ouT >>>>> >>>>> >>> >>> > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.3 (Build 3017) > Charset: ISO-8859-1 > > wj8DBQFG6DefEfZZRxQVtlQRArcWAKCMTW4+av2UP1vzIYfMRvqIA2aUTwCg+S9q > IGul3RxA+IL1OKMl2N/AjvY= > =RsMX > -----END PGP SIGNATURE----- > > From MailScanner at ecs.soton.ac.uk Wed Sep 12 23:14:53 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Sep 12 23:15:13 2007 Subject: TNEF Question In-Reply-To: References: <8072BCAE-023A-41D4-8E56-00C3CA14ADFF@csolve.net> <46C1FBC4.8070800@ecs.soton.ac.uk> <80FB635B-B7EF-4A09-A1D1-3513F3F4E680@csolve.net> <46C217E1.8070304@ecs.soton.ac.uk> Message-ID: <46E864DD.20204@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Many thanks for that. It will be in the next release. Derek Buttineau wrote: > On 2007-Aug-14, at 5:00 PM, Julian Field wrote: > >> That code has changed quite a bit since then. I found a bug in the >> external TNEF decoder support code which I have fixed. > > Hi Julian, > > I finally had a chance to review the TNEF changes in Version 4.62.9 > and found that my test winmail.dat (which had worked fine with 4.61.7) > was coming back as unparsable. After a bit of head scratching, I > think I found the problem. The default umask of 0022 on the system > was causing the tnef.$$ subdirectory to be created with a mode of 0640 > instead of 0777 and a result when the external decoder was called it > was unable to extract the files to the newly created directory. > > To work around this, I simply added the chmod 0700 to bring it inline > with the InternalDecoder(). I've included the patch for 4.62.9 (as > minor as it is) > > > -- > Regards, > > Derek Buttineau > Internet Systems Developer > Compu-SOLVE Internet Services > Compu-SOLVE Technologies, Inc > > Phone: 705-725-1212 x255 > E-Mail: derek@csolve.net > > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Charset: ISO-8859-1 wj8DBQFG6GTeEfZZRxQVtlQRAiucAKC0XtdFAgASoW4vxwTWT0U2r2ffbwCgircH XiIvGzG9y4uYhctUV/0rmR0= =kn/0 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Wed Sep 12 23:23:41 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Sep 12 23:24:02 2007 Subject: Blacklists by ip/mail/domain for each domain ... In-Reply-To: <46E85FF2.50401@syska.dk> References: <46E7E1B4.3090607@syska.dk> <1189602386.12029.44.camel@gblades-suse.linguaphone-intranet.co.uk> <1189603154.12037.46.camel@gblades-suse.linguaphone-intranet.co.uk> <46E7F97F.8020205@syska.dk> <46E8379E.5040709@ecs.soton.ac.uk> <46E85FF2.50401@syska.dk> Message-ID: <46E866ED.2090507@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mikael Syska wrote: > Hey, > > Allready got the book, just not near me at the moment ... its down in > the company and I'm offsite atm. That's the trouble with books. But, before someone suggests it again, I am not going to release a PDF version (or any other e-book) of it, as they are all really easy to hack/crack. It is my only reliable source of income from MailScanner, and it would be in open circulation on the net within 24 hours of me publishing the e-book :-( > > Still, i have to thank you for a great product. Came from Amavisd-new > .... and haven't regretted the change a single second. Glad you like it! What made you switch from Amavis in the first place? Jules. > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> In which case I suggest you buy a copy of the book, so that you get >> accurate information. >> >> Mikael Syska wrote: >> >>> Hi, >>> >>> You are right about this one. I was just told that it did not work >>> with domain etc. So i only used google a little and did not find >>> anything. But after testing it, it seems to work. There just seem >>> to be some delay in the updating(because it reads the table when the >>> MS process starts) ... so I guess it was there I got the impression >>> that it did not wrong. Thanks for pointing it out. >>> >>> // ouT >>> >>> Gareth wrote: >>> >>>> Bah I need a new keyboard or at least an email client which does an >>>> automatic spell check. >>>> >>>> On Wed, 2007-09-12 at 14:06, Gareth wrote: >>>> >>>> >>>>> I thought you could do that already by lust leaving the box before >>>>> the >>>>> '@' empty when adding a bloacklist entry. >>>>> >>>>> On Wed, 2007-09-12 at 13:55, Mikael Syska wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> I know mailwatch has some kind of this function allready, but I >>>>>> need it to be per domain. >>>>>> >>>>>> I want to be able to block mail to domian A if there is the >>>>>> sender, domain or ip are listed in a db table. >>>>>> >>>>>> My first though was using the custom functions and write it in >>>>>> Perl, but since perl aint my strong side, therefore I was >>>>>> wandering if someone allready has made such thing. Then it would >>>>>> be easy to make a interface on a simple page for the domain admin >>>>>> in MailWatch interface. >>>>>> >>>>>> So its actually a modification to the mailwatch interface, and we >>>>>> dont user it per user, but only per domain. >>>>>> >>>>>> // ouT >>>>>> >>>> >> >> Jules >> >> - -- Julian Field MEng CITP >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> For all your IT requirements visit www.transtec.co.uk >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.6.3 (Build 3017) >> Charset: ISO-8859-1 >> >> wj8DBQFG6DefEfZZRxQVtlQRArcWAKCMTW4+av2UP1vzIYfMRvqIA2aUTwCg+S9q >> IGul3RxA+IL1OKMl2N/AjvY= >> =RsMX >> -----END PGP SIGNATURE----- >> >> > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Charset: ISO-8859-1 wj8DBQFG6GbuEfZZRxQVtlQRAvDcAKDNGrOmxuRPafnbeM3Tqplwk7Q75gCfYgXa eWeegchScjBKzLUN+NN4HOQ= =ON7V -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From brent.addis at pronet.co.nz Thu Sep 13 00:20:54 2007 From: brent.addis at pronet.co.nz (Brent Addis) Date: Thu Sep 13 00:25:16 2007 Subject: Add 2nd antivirus scanner References: <1266.62.150.152.42.1189506051.squirrel@webmail.baladia.gov.kw> <4365.62.150.152.42.1189576764.squirrel@webmail.baladia.gov.kw> Message-ID: <7EF1F27F7292534D82933F70AB6996CC25CFBF@pro-ak-exch01.hosted.pronet.net.nz> ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Scott Silva Sent: Thu 13/09/2007 9:17 a.m. To: mailscanner@lists.mailscanner.info Subject: Re: Add 2nd antivirus scanner Mail Administrator spake the following on 9/11/2007 10:59 PM: >> Mail Administrator spake the following on 9/11/2007 3:20 AM: >>> Dear All, >>> >>> I have the following below setup workin perfect for sometime >>> >>> Centos 5 >>> MailScanner-4.62.9-3 >>> Spam Assassin+Clamav--- jules package >>> mailwatch >>> >>> i wanted to use the second antivurus scanner thats is bit defender since >>> is free as of now >>> so i downloaded it and installed it and when i run mailScanner --lint i >>> see the fiollowing >>> >>> -------------------------------- >>> >>> Checking version numbers... >>> Version number in MailScanner.conf (4.62.9) is correct. >>> >>> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >>> >>> Checking for SpamAssassin errors (if you use it)... >>> SpamAssassin temp dir = >>> /var/spool/MailScanner/incoming/SpamAssassin-Temp >>> SpamAssassin reported no errors. >>> MailScanner.conf says "Virus Scanners = clamav bitdefender" >>> Found these virus scanners installed: clamav >>> =========================================================================== >>> Ignore errors about failing to find EOCD signature >>> format error: can't find EOCD signature >>> at /usr/sbin/MailScanner line 451 >>> cat: /tmp/log.bdc.7225: No such file or directory >>> rm: cannot remove `/tmp/log.bdc.7225': No such file or directory >>> =========================================================================== >>> Virus Scanner test reports: >>> ClamAV said "eicar.com contains Eicar-Test-Signature" >>> >>> If any of your virus scanners (clamav) >>> are not listed there, you should check that they are installed correctly >>> and that MailScanner is finding them correctly via its >>> virus.scanners.conf. >>> >>> --------------------------- >>> >>> also i modified the virusscanner.conf file >>> >>> original was >>> >>> bitdefender /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc >>> >>> modified to >>> >>> bitdefender /usr/lib/MailScanner/bitdefender-wrapper >>> /opt/BitDefender-scanner/bin/bdscan >>> -------------------------------------------------------------- >>> >>> 2) also when i try to run bdscan >>> it says >>> trial key found 25 days remaining >>> >>> why is this message >>> >>> appreciate your help >>> >>> >>> Thanks and regards >>> >>> benedict >> You did not install the free version. >> > > Thanks Scott.. > > btw i did download the BitDefender antivirus from this location and > installed it > > > http://download.bitdefender.com/SMB/Workstation_Security_and_Management/BitDefender_Antivirus_Scanner_for_Unices/Unix/Current/EN/Version_7.x/Linux/ > > apprecite if u could provide me the right link if im wrong > > thnkss once again > > regards > > benedict It looks as if they have removed the links to the old free product. I'm sure many here have it still, but it is getting to be a real resource hog. I cannot provide a link, as I can't post it if the manufacturer has decided to remove their link. Sorry. --- I'm pretty sure the free one was never actually designed to be free the way it was being used here. I seem to remember it being a linux desktop only version, while the mail server / file server versions were not free. Regards, Brent Addis -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 7702 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070913/65dc292e/attachment.bin From ssilva at sgvwater.com Thu Sep 13 00:33:00 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Sep 13 00:33:26 2007 Subject: Add 2nd antivirus scanner In-Reply-To: <7EF1F27F7292534D82933F70AB6996CC25CFBF@pro-ak-exch01.hosted.pronet.net.nz> References: <1266.62.150.152.42.1189506051.squirrel@webmail.baladia.gov.kw> <4365.62.150.152.42.1189576764.squirrel@webmail.baladia.gov.kw> <7EF1F27F7292534D82933F70AB6996CC25CFBF@pro-ak-exch01.hosted.pronet.net.nz> Message-ID: Brent Addis spake the following on 9/12/2007 4:20 PM: > > > ________________________________ > > From: mailscanner-bounces@lists.mailscanner.info on behalf of Scott Silva > Sent: Thu 13/09/2007 9:17 a.m. > To: mailscanner@lists.mailscanner.info > Subject: Re: Add 2nd antivirus scanner > > > > Mail Administrator spake the following on 9/11/2007 10:59 PM: >>> Mail Administrator spake the following on 9/11/2007 3:20 AM: >>>> Dear All, >>>> >>>> I have the following below setup workin perfect for sometime >>>> >>>> Centos 5 >>>> MailScanner-4.62.9-3 >>>> Spam Assassin+Clamav--- jules package >>>> mailwatch >>>> >>>> i wanted to use the second antivurus scanner thats is bit defender since >>>> is free as of now >>>> so i downloaded it and installed it and when i run mailScanner --lint i >>>> see the fiollowing >>>> >>>> -------------------------------- >>>> >>>> Checking version numbers... >>>> Version number in MailScanner.conf (4.62.9) is correct. >>>> >>>> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >>>> >>>> Checking for SpamAssassin errors (if you use it)... >>>> SpamAssassin temp dir = >>>> /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>> SpamAssassin reported no errors. >>>> MailScanner.conf says "Virus Scanners = clamav bitdefender" >>>> Found these virus scanners installed: clamav >>>> =========================================================================== >>>> Ignore errors about failing to find EOCD signature >>>> format error: can't find EOCD signature >>>> at /usr/sbin/MailScanner line 451 >>>> cat: /tmp/log.bdc.7225: No such file or directory >>>> rm: cannot remove `/tmp/log.bdc.7225': No such file or directory >>>> =========================================================================== >>>> Virus Scanner test reports: >>>> ClamAV said "eicar.com contains Eicar-Test-Signature" >>>> >>>> If any of your virus scanners (clamav) >>>> are not listed there, you should check that they are installed correctly >>>> and that MailScanner is finding them correctly via its >>>> virus.scanners.conf. >>>> >>>> --------------------------- >>>> >>>> also i modified the virusscanner.conf file >>>> >>>> original was >>>> >>>> bitdefender /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc >>>> >>>> modified to >>>> >>>> bitdefender /usr/lib/MailScanner/bitdefender-wrapper >>>> /opt/BitDefender-scanner/bin/bdscan >>>> -------------------------------------------------------------- >>>> >>>> 2) also when i try to run bdscan >>>> it says >>>> trial key found 25 days remaining >>>> >>>> why is this message >>>> >>>> appreciate your help >>>> >>>> >>>> Thanks and regards >>>> >>>> benedict >>> You did not install the free version. >>> >> Thanks Scott.. >> >> btw i did download the BitDefender antivirus from this location and >> installed it >> >> >> http://download.bitdefender.com/SMB/Workstation_Security_and_Management/BitDefender_Antivirus_Scanner_for_Unices/Unix/Current/EN/Version_7.x/Linux/ >> >> apprecite if u could provide me the right link if im wrong >> >> thnkss once again >> >> regards >> >> benedict > It looks as if they have removed the links to the old free product. I'm sure > many here have it still, but it is getting to be a real resource hog. I cannot > provide a link, as I can't post it if the manufacturer has decided to remove > their link. Sorry. > > > --- > > I'm pretty sure the free one was never actually designed to be free the way it was being used here. I seem to remember it being a linux desktop only version, while the mail server / file server versions were not free. > > > Regards, > > > > Brent Addis > > But the included license said free for any use AFAIR. I will have to look at the license in my archived copy. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From brent.addis at pronet.co.nz Thu Sep 13 05:11:07 2007 From: brent.addis at pronet.co.nz (Brent Addis) Date: Thu Sep 13 05:13:43 2007 Subject: Add 2nd antivirus scanner References: <1266.62.150.152.42.1189506051.squirrel@webmail.baladia.gov.kw> <4365.62.150.152.42.1189576764.squirrel@webmail.baladia.gov.kw> <7EF1F27F7292534D82933F70AB6996CC25CFBF@pro-ak-exch01.hosted.pronet.net.nz> Message-ID: <7EF1F27F7292534D82933F70AB6996CC25CFC7@pro-ak-exch01.hosted.pronet.net.nz> ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Scott Silva Sent: Thu 13/09/2007 11:33 a.m. To: mailscanner@lists.mailscanner.info Subject: Re: Add 2nd antivirus scanner Brent Addis spake the following on 9/12/2007 4:20 PM: > > > ________________________________ > > From: mailscanner-bounces@lists.mailscanner.info on behalf of Scott Silva > Sent: Thu 13/09/2007 9:17 a.m. > To: mailscanner@lists.mailscanner.info > Subject: Re: Add 2nd antivirus scanner > > > > Mail Administrator spake the following on 9/11/2007 10:59 PM: >>> Mail Administrator spake the following on 9/11/2007 3:20 AM: >>>> Dear All, >>>> >>>> I have the following below setup workin perfect for sometime >>>> >>>> Centos 5 >>>> MailScanner-4.62.9-3 >>>> Spam Assassin+Clamav--- jules package >>>> mailwatch >>>> >>>> i wanted to use the second antivurus scanner thats is bit defender since >>>> is free as of now >>>> so i downloaded it and installed it and when i run mailScanner --lint i >>>> see the fiollowing >>>> >>>> -------------------------------- >>>> >>>> Checking version numbers... >>>> Version number in MailScanner.conf (4.62.9) is correct. >>>> >>>> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >>>> >>>> Checking for SpamAssassin errors (if you use it)... >>>> SpamAssassin temp dir = >>>> /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>> SpamAssassin reported no errors. >>>> MailScanner.conf says "Virus Scanners = clamav bitdefender" >>>> Found these virus scanners installed: clamav >>>> =========================================================================== >>>> Ignore errors about failing to find EOCD signature >>>> format error: can't find EOCD signature >>>> at /usr/sbin/MailScanner line 451 >>>> cat: /tmp/log.bdc.7225: No such file or directory >>>> rm: cannot remove `/tmp/log.bdc.7225': No such file or directory >>>> =========================================================================== >>>> Virus Scanner test reports: >>>> ClamAV said "eicar.com contains Eicar-Test-Signature" >>>> >>>> If any of your virus scanners (clamav) >>>> are not listed there, you should check that they are installed correctly >>>> and that MailScanner is finding them correctly via its >>>> virus.scanners.conf. >>>> >>>> --------------------------- >>>> >>>> also i modified the virusscanner.conf file >>>> >>>> original was >>>> >>>> bitdefender /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc >>>> >>>> modified to >>>> >>>> bitdefender /usr/lib/MailScanner/bitdefender-wrapper >>>> /opt/BitDefender-scanner/bin/bdscan >>>> -------------------------------------------------------------- >>>> >>>> 2) also when i try to run bdscan >>>> it says >>>> trial key found 25 days remaining >>>> >>>> why is this message >>>> >>>> appreciate your help >>>> >>>> >>>> Thanks and regards >>>> >>>> benedict >>> You did not install the free version. >>> >> Thanks Scott.. >> >> btw i did download the BitDefender antivirus from this location and >> installed it >> >> >> http://download.bitdefender.com/SMB/Workstation_Security_and_Management/BitDefender_Antivirus_Scanner_for_Unices/Unix/Current/EN/Version_7.x/Linux/ >> >> apprecite if u could provide me the right link if im wrong >> >> thnkss once again >> >> regards >> >> benedict > It looks as if they have removed the links to the old free product. I'm sure > many here have it still, but it is getting to be a real resource hog. I cannot > provide a link, as I can't post it if the manufacturer has decided to remove > their link. Sorry. > > > --- > > I'm pretty sure the free one was never actually designed to be free the way it was being used here. I seem to remember it being a linux desktop only version, while the mail server / file server versions were not free. > > > Regards, > > > > Brent Addis > > But the included license said free for any use AFAIR. I will have to look at the license in my archived copy. ----- I'm looking at the license from when I was running it, and I don't see that anywhere. I also however don't see any mention of it being for a workstation only, however it may be assumed that you know that by reading what (was) on the website. I'm no lawyer so I don't know how that would apply in the grand scheme of things. Excuse the large pasting: BitDefender for Linux Console Free Edition ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ License and Warranty Copyright (C) 2005 SOFTWIN IF YOU DO NOT AGREE TO THESE TERMS AND CONDITIONS DO NOT INSTALL THE SOFTWARE. BY INSTALLING OR USING THE SOFTWARE IN ANY WAY, YOU ARE INDICATING YOUR COMPLETE UNDERSTANDING AND ACCEPTANCE OF THE TERMS OF THIS AGREEMENT. This License Agreement is a legal agreement between you (either an individual or a single entity end user) and SOFTWIN SRL for use of the SOFTWIN software product identified above, which includes computer software and may include associated media, printed materials, and "online" or electronic documentation ("BitDefender"), all of which are protected by U.S. and international copyright laws and international treaty protection. By installing, copying, or otherwise using the BitDefender, you agree to be bound by the terms of this agreement. If you do not agree to the terms of this agreement, do not install or use the BitDefender; you may, however, return it to your place of purchase for a full refund within 30 days after your purchase. Verification of your purchase may be required. BitDefender LICENSE BitDefender is protected by copyright laws and international copyright treaties, as well as other intellectual property laws and treaties. The BitDefender is licensed, not sold. GRANT OF LICENSE. SOFTWIN SRL hereby grants you and only you the fol- lowing non-exclusive license to use BitDefender: APPLICATION SOFTWARE. You may install and use one copy of the BitDefender, or any prior version for the same operating system, on a single computer terminal. The primary user of the computer on which the BitDefender is installed may make one additional (i.e. second) copy for his or her exclusive use on a portable computer. NETWORK USE. You may also store or install a copy of the BitDefender on a storage device, such as a network server, used only to install or run the BitDefender on your other computers over an internal network; however, you must purchase and dedicate a separate license for each separate computer terminal on which the BitDefender is installed or run from the storage device. A license for the BitDefender may not be shared or used concurrently on different computers or computer termi- nals. You should purchase a license pack if you require multiple licenses for use on multiple computers or computer terminals. LICENSE PACKS. If you purchase a License Pack and you have acquired this License Agreement for multiple licenses of BitDefender, you may make the number of additional copies of the computer software portion of the BitDefender specified above as "Licensed copies." You are also entitled to make a corresponding number of secondary copies for porta- ble computer use as specified above in the section entitled "Applica- tion Software". TERM OF LICENSE. The license granted hereunder shall commence on the date that you install, copy or otherwise first use BitDefender and shall continue only on the computer on which it is initially installed. UPGRADES. If the BitDefender is labeled as an upgrade, you must be properly licensed to use a product identified by SOFTWIN as being eli- gible for the upgrade in order to use the BitDefender. An BitDefender labeled as an upgrade replaces and/or supplements the product that formed the basis for your eligibility for the upgrade. You may use the resulting upgraded product only in accordance with the terms of this License Agreement. If the BitDefender is an upgrade of a component of a package of software programs that you licensed as a single product, the BitDefender may be used and transferred only as part of that sin- gle product package and may not be separated for use on more than one computer. COPYRIGHT. All right, title and interest in and to BitDefender and all copyright rights in and to the BitDefender (including but not limited to any images, photographs, logos, animations, video, audio, music, text, and "applets" incorporated into the BitDefender), the accompany- ing printed materials, and any copies of the BitDefender are owned by SOFTWIN SRL. The BitDefender is protected by copyright laws and inter- national treaty provisions. Therefore, you must treat the BitDefender like any other copyrighted material except that you may install the BitDefender on a single computer provided you keep the original solely for backup or archival purposes. You may not copy the printed materi- als accompanying the BitDefender. You must produce and include all copyright notices in their original form for all copies created irre- spective of the media or form in which BitDefender exists. You may not sub-license, rent, sell, or lease BitDefender. You may not reverse engineer, recompile, disassemble, create derivative works, modify, translate, or make any attempt to discover the source code for BitDefender. LIMITED WARRANTY. SOFTWIN SRL warrants that the media on which BitDefender is distributed is free from defects for a period of thirty days from the date of delivery of BitDefender to you. Your sole remedy for a breach of this warranty will be that SOFTWIN SRL, at its option, may replace the defective media upon receipt of the damaged media, or refund the money you paid for BitDefender. SOFTWIN SRL does not war- rant that BitDefender will be uninterrupted or error free or that the errors will be corrected. SOFTWIN SRL does not warrant that BitDefender will meet your requirements. SOFTWIN SRL HEREBY DISCLAIMS ALL OTHER WARRANTIES FOR BITDEFENDER, WHETHER EXPRESSED OR IMPLIED. THE ABOVE WARRANTY IS EXCLUSIVE AND IN LIEU OF ALL OTHER WARRANTIES, WHETHER EXPRESSED OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MER- CHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS. YOU MAY HAVE OTHER RIGHTS, WHICH VARY FROM STATE TO STATE. DISCLAIMER OF DAMAGES. Anyone using, testing, or evaluating BitDefender bears all risk to the quality and performance of BitDefender. In no event shall SOFTWIN SRL be liable for any damages of any kind, including, without limitation, direct or indirect damages arising out of the use, performance, or delivery of BitDefender, even if SOFTWIN SRL has been advised of the existence or possibility of such damages. SOME STATES DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMI-TATION OR EXCLUSION MAY NOT APPLY TO YOU. IN NO CASE SHALL SOFTWIN SRL'S LIABILITY EXCEED THE PURCHASE PRICE PAID BY YOU FOR BITDEFENDER. The disclaimers and limitations set forth above will apply regardless of whether you accept or use, evaluate, or test BitDefender. IMPORTANT NOTICE TO USERS. THIS SOFTWARE IS NOT FAULT-TOLERANT AND IS NOT DESIGNED OR INTENDED FOR USE IN ANY HAZARDOUS ENVIRONMENT REQUIR- ING FAIL-SAFE PERFORMANCE OR OPERATION. THIS SOFTWARE IS NOT FOR USE IN THE OPERATION OF AIRCRAFT NAVIGATION, NUCLEAR FACILITIES, OR COMMU- NICATION SYSTEMS, WEAPONS SYSTEMS, DIRECT OR INDIRECT LIFE-SUPPORT SYSTEMS, AIR TRAFFIC CONTROL, OR ANY APPLICATION OR INSTALLATION WHERE FAILURE COULD RESULT IN DEATH, SEVERE PHYSICAL INJURY OR PROPERTY DAM- AGE. GOVERNMENT RESTRICTED RIGHTS/RESTRICTED RIGHTS LEGEND. Use, duplica- tion, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 or subparagraphs (c)(1) and (2) of Commercial Computer Software-Restricted Rights clause at 48 CFR 52.227-19, as applicable. Contact SOFTWIN SRL, at 5, F-ca de Glucoza str., 72322-Sect.2, Bucharest, Romania, or at Tel No: 40-21-2330780 or Fax:40-21-2330763. GENERAL. This Agreement will be governed by the laws of Romania and by the international copyright regulations and treaties. This Agreement may only be modified by a license addendum, which accompanies this Agreement or by a written document which has been signed, by both you and SOFTWIN SRL. This Agreement has been written in the English lan- guage only and is not to be translated or interpreted in any other language. Prices, costs and fees for use of BitDefender are subject to change without prior notice to you. In the event of invalidity of any provision of this Agreement, the invalidity shall not affect the validity of the remaining portions of this Agreement. BitDefender and BitDefender logos are trademarks of SOFTWIN SRL. Linux is a registered trademark of Linus Torvalds. All other trademarks are the property of their respective owners. -- BitDefender - Secure Your Every Bit http://linux.bitdefender.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 19158 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070913/4990fee4/attachment.bin From itdept at fractalweb.com Thu Sep 13 05:38:06 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Thu Sep 13 05:38:42 2007 Subject: run as user? Message-ID: <46E8BEAE.5060209@fractalweb.com> On my system, in MailScanner.conf I have: Run As User = Run As Group = Does MailScanner run as user "root" in the case? How about SpamAssassin? Thanks From andreab at guttadauro.com Thu Sep 13 08:31:21 2007 From: andreab at guttadauro.com (Andrea Bazzanini) Date: Thu Sep 13 08:29:02 2007 Subject: Question about rules syntax Message-ID: <46E8E749.3000302@guttadauro.com> Hello guys.. Only one and simple questione. Are there different between the follow rules syntax ?? FromOrTo: *@domain.it Yes FromOrTo @domain.it Yes Thanks for your reply :) MaruscyA -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi, ed e' risultato non infetto. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070913/c67ddd13/attachment.html From mailadmin at baladia.gov.kw Thu Sep 13 08:43:45 2007 From: mailadmin at baladia.gov.kw (Mail Administrator) Date: Thu Sep 13 08:44:13 2007 Subject: Add 2nd antivirus scanner In-Reply-To: References: <1266.62.150.152.42.1189506051.squirrel@webmail.baladia.gov.kw> <4365.62.150.152.42.1189576764.squirrel@webmail.baladia.gov.kw> Message-ID: <3514.62.150.152.44.1189669425.squirrel@webmail.baladia.gov.kw> Thanks a lot scott for ur immediate reply.. I guess as u said if its a performance hog i be happy with clamav as so far its doin a grt job regards benedict > Mail Administrator spake the following on 9/11/2007 10:59 PM: >>> Mail Administrator spake the following on 9/11/2007 3:20 AM: >>>> Dear All, >>>> >>>> I have the following below setup workin perfect for sometime >>>> >>>> Centos 5 >>>> MailScanner-4.62.9-3 >>>> Spam Assassin+Clamav--- jules package >>>> mailwatch >>>> >>>> i wanted to use the second antivurus scanner thats is bit defender >>>> since >>>> is free as of now >>>> so i downloaded it and installed it and when i run mailScanner --lint >>>> i >>>> see the fiollowing >>>> >>>> -------------------------------- >>>> >>>> Checking version numbers... >>>> Version number in MailScanner.conf (4.62.9) is correct. >>>> >>>> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >>>> >>>> Checking for SpamAssassin errors (if you use it)... >>>> SpamAssassin temp dir = >>>> /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>> SpamAssassin reported no errors. >>>> MailScanner.conf says "Virus Scanners = clamav bitdefender" >>>> Found these virus scanners installed: clamav >>>> =========================================================================== >>>> Ignore errors about failing to find EOCD signature >>>> format error: can't find EOCD signature >>>> at /usr/sbin/MailScanner line 451 >>>> cat: /tmp/log.bdc.7225: No such file or directory >>>> rm: cannot remove `/tmp/log.bdc.7225': No such file or directory >>>> =========================================================================== >>>> Virus Scanner test reports: >>>> ClamAV said "eicar.com contains Eicar-Test-Signature" >>>> >>>> If any of your virus scanners (clamav) >>>> are not listed there, you should check that they are installed >>>> correctly >>>> and that MailScanner is finding them correctly via its >>>> virus.scanners.conf. >>>> >>>> --------------------------- >>>> >>>> also i modified the virusscanner.conf file >>>> >>>> original was >>>> >>>> bitdefender /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc >>>> >>>> modified to >>>> >>>> bitdefender /usr/lib/MailScanner/bitdefender-wrapper >>>> /opt/BitDefender-scanner/bin/bdscan >>>> -------------------------------------------------------------- >>>> >>>> 2) also when i try to run bdscan >>>> it says >>>> trial key found 25 days remaining >>>> >>>> why is this message >>>> >>>> appreciate your help >>>> >>>> >>>> Thanks and regards >>>> >>>> benedict >>> You did not install the free version. >>> >> >> Thanks Scott.. >> >> btw i did download the BitDefender antivirus from this location and >> installed it >> >> >> http://download.bitdefender.com/SMB/Workstation_Security_and_Management/BitDefender_Antivirus_Scanner_for_Unices/Unix/Current/EN/Version_7.x/Linux/ >> >> apprecite if u could provide me the right link if im wrong >> >> thnkss once again >> >> regards >> >> benedict > It looks as if they have removed the links to the old free product. I'm > sure > many here have it still, but it is getting to be a real resource hog. I > cannot > provide a link, as I can't post it if the manufacturer has decided to > remove > their link. Sorry. > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- Network ADMIN: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailwatch.kp at gmail.com Thu Sep 13 09:15:01 2007 From: mailwatch.kp at gmail.com (vinayan KP) Date: Thu Sep 13 09:15:04 2007 Subject: Can folders and files inside /var/spool/MailScanner/incoming be deleted?? Message-ID: <6a7195cc0709130115u11f03aet8a0aabeba118aed8@mail.gmail.com> Hello everyone, I am very new to MailScanner and I hope someone could help me to fix my problem of mailscanner eating up my hard disk space? I just found out that /var/spool/MailScanner/incoming folder has lot of folders and one of them occupies a lot of space. I just want to know whether I can remover these folders and files that take lot of space? Thanking you in advance Regards Vinu From glenn.steen at gmail.com Thu Sep 13 09:57:17 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Sep 13 09:57:19 2007 Subject: run as user? In-Reply-To: <46E8BEAE.5060209@fractalweb.com> References: <46E8BEAE.5060209@fractalweb.com> Message-ID: <223f97700709130157x4d0146a0t9ba020de99d9c6a3@mail.gmail.com> On 13/09/2007, Chris Yuzik wrote: > On my system, in MailScanner.conf I have: > > Run As User = > Run As Group = > > Does MailScanner run as user "root" in the case? How about SpamAssassin? > Yes. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Sep 13 10:04:16 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Sep 13 10:04:19 2007 Subject: Add 2nd antivirus scanner In-Reply-To: <7EF1F27F7292534D82933F70AB6996CC25CFC7@pro-ak-exch01.hosted.pronet.net.nz> References: <1266.62.150.152.42.1189506051.squirrel@webmail.baladia.gov.kw> <4365.62.150.152.42.1189576764.squirrel@webmail.baladia.gov.kw> <7EF1F27F7292534D82933F70AB6996CC25CFBF@pro-ak-exch01.hosted.pronet.net.nz> <7EF1F27F7292534D82933F70AB6996CC25CFC7@pro-ak-exch01.hosted.pronet.net.nz> Message-ID: <223f97700709130204k5bdf040bqc80c9a5bc2f08aa9@mail.gmail.com> On 13/09/2007, Brent Addis wrote: > (snip) > > It looks as if they have removed the links to the old free product. I'm sure > > many here have it still, but it is getting to be a real resource hog. I cannot > > provide a link, as I can't post it if the manufacturer has decided to remove > > their link. Sorry. > > > > > > --- > > > > I'm pretty sure the free one was never actually designed to be free the way it was being used here. I seem to remember it being a linux desktop only version, while the mail server / file server versions were not free. > > > > > > Regards, > > > > > > > > Brent Addis > > > > > But the included license said free for any use AFAIR. I will have to look at > the license in my archived copy. > > ----- > > I'm looking at the license from when I was running it, and I don't see that anywhere. I also however don't see any mention of it being for a workstation only, however it may be assumed that you know that by reading what (was) on the website. I'm no lawyer so I don't know how that would apply in the grand scheme of things. > (snip) This tired ol' debate? There is a piece on that in the (now mostly obsolete) wiki page. The thing was that the license provided clashed with what they claimed on the web page, as well as what their representatives claimed in mail communications. Once they realised what was happening, and that they didn't make any money on that, they changed things to the current, rather useless "free" thing which, although very similar, isn't the same thing. AFAICS, that is about all there is to say about it. Once 7.1 begins behaving as badly as 7.0.1 does (when updating), it goes out the window. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From simon at saq.co.uk Thu Sep 13 11:31:03 2007 From: simon at saq.co.uk (Simon Jones) Date: Thu Sep 13 11:41:15 2007 Subject: choked hold queue Message-ID: Hi, I have a problem with a mailscanner box at the moment getting choked up and stacking mail in the /var/spool/postfix/hold directory. When I check for MailScanner processes all I get is a bunch of postfix 15620 0.4 1.4 38712 29564 ? S 11:10 0:01 MailScanner: checking with SpamAssassin postfix 15660 0.6 1.4 38724 29572 ? S 11:10 0:01 MailScanner: checking with SpamAssassin postfix 15689 0.6 1.4 38740 29580 ? S 11:10 0:01 MailScanner: checking with SpamAssassin postfix 15719 0.6 1.4 39188 29844 ? S 11:10 0:01 MailScanner: checking with SpamAssassin it seems that SpamAssassin is choking up but I can't figure out why. I run 3 separate gateway machines with MailScanner logging to a central mysql db and MailWatch for a front end GUI. I've shut down each gateway in turn and only gateway 3 seems to be having this problem, the other two are fine and processing mail normally and a ps aux | grep MailScanner shows some checking with spamassassin and others doing virus scans etc. I changed spamassassin time out within MailScanner.conf and pretty much every message timed out on the spamassassin scan, so it killed the process and sent the message on for delivery - spam or no spam. I've checked spam.assassin.prefs against one I know is working and the file is exactly the same, a spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint which didn't report any errors, although it did say pyzor and dcc checks were local only but I don't think this is an issue as spamassassin would just ignore the checks if they're unavailable right? Dns is resolving fine, no probs at all with that and I can't see anything different to the blacklists to that of the working server so I don't think it's a slow rbl. Anyone know what could be causing spamassassin / mailscanner to choke like this? before I stopped the service and moved the queue to a temporary dir there was about 500mb of mail in there - I'll filter this back in later but need to get the darn thing running properly first :) Thanks!! Simon J From gmatt at nerc.ac.uk Thu Sep 13 11:49:17 2007 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Sep 13 11:49:41 2007 Subject: Lots of spam gets through because of BAYES_00 -2.60 In-Reply-To: <97FD54B5E57A1842AA1A4B232E4761178EEB31@ati-ex-02.ati.local> References: <46E7DDB0.50404@nerc.ac.uk> <97FD54B5E57A1842AA1A4B232E4761178EEB31@ati-ex-02.ati.local> Message-ID: <46E915AD.4060804@nerc.ac.uk> Chris W. Parker wrote: > On Wednesday, September 12, 2007 5:38 AM Greg Matthews said: > >> In summary, if Bayes is not working for you, its worth taking the time >> to get it right rather than simply skewing the scores. > > Would you mind giving more details on how I can take the time to "get it > right"? theres no substitute for reading the docs! SA is a complex piece of software and you need to understand at least how it works. but... - make sure it is getting plenty of ham training and not just high scoring spam. You may need to adjust the threshold(s) for this. - make sure you feed back the false positives and negatives so it learns from them. - remember when feeding messages back in, they need to be as pristine as possible. Try to remove any extra markup they may have from MailScanner and your mail relays. G > > > Thanks! > Chris. -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From cobalt-users1 at fishnet.co.uk Thu Sep 13 11:55:35 2007 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Thu Sep 13 11:55:43 2007 Subject: Mailscanner with CRM114 - getting past "unknown" in headers In-Reply-To: <46E827BD.4060207@fractalweb.com> References: <46E827BD.4060207@fractalweb.com> Message-ID: <46E92537.7922.1F3C0143@cobalt-users1.fishnet.co.uk> On 12 Sep 2007 at 10:54, Chris Yuzik wrote: > Hi everyone, > > I'm using MailScanner and SA with CRM114 and am getting the following > in my headers: > > X-Spam-CRM114-Version: UNKNOWN > X-Spam-CRM114-CacheID: UNKNOWN > X-Spam-CRM114-Status: UNKNOWN ( 0 ) > > The strange thing is that if I check a message in the system's > quarantine with the following, the proper information shows up (just > the relevant part is pasted): > > # spamassassin -t < l8CHZtYJ016597 > X-Spam-CRM114-Version: 20070301-BlameBaltar ( TRE 0.7.5 (LGPL) ) > MR-BD9991E2 X-Spam-CRM114-CacheID: > sfid-20070912_104730_888511_104EF1BB X-Spam-CRM114-Status: SPAM ( > -26.32 ) > > So, questions. > > 1) is the version info not showing up likely because of something to > do with MailScanner? Or could it be something else? It seems odd that > the header gets put in, but the data just ends up being "UNKNOWN", > except when run from the shell. 2) am I using the current version of > CRM114 and/or mailreaver? Hi, I have not had chance to set up CRM114 yet but I can tell you how to check debug spamassassin as run by MailScanner as I have recently been debugging the Botnet plugin. The following command line will run a lint check and put the stderr output into a file: as root: (or whatever user you run MailScanner as): spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint 2> debug.txt To test a specific message in the file test_message: spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf < test_message> test_spam_output 2> test_spam_debug This should help track down your problem. Regards Ian -- From a.fiorenzi at infogroup.it Thu Sep 13 12:10:46 2007 From: a.fiorenzi at infogroup.it (Alessandro Fiorenzi) Date: Thu Sep 13 12:11:17 2007 Subject: Header for suspect phishing mail Message-ID: <1189681847.5140.0.camel@x-tiger.intra.it> Hi, is there any way to insert Header for phishing as for spam? It would be great to have an Headers like: Phishing Header = X-%org-name%-MailScanner-PhishingCheck: Phishing Score Header = X-%org-name%-MailScanner-PhishingScore: Where ther score could be get form some service like www.phishtank.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070913/92e9ffe2/attachment.html From glenn.steen at gmail.com Thu Sep 13 13:06:57 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Sep 13 13:07:00 2007 Subject: choked hold queue In-Reply-To: References: Message-ID: <223f97700709130506x1aca2b2fr3e66370a1cf104f5@mail.gmail.com> On 13/09/2007, Simon Jones wrote: > Hi, > > I have a problem with a mailscanner box at the moment getting choked up > and stacking mail in the /var/spool/postfix/hold directory. > > When I check for MailScanner processes all I get is a bunch of > > postfix 15620 0.4 1.4 38712 29564 ? S 11:10 0:01 > MailScanner: checking with SpamAssassin > postfix 15660 0.6 1.4 38724 29572 ? S 11:10 0:01 > MailScanner: checking with SpamAssassin > postfix 15689 0.6 1.4 38740 29580 ? S 11:10 0:01 > MailScanner: checking with SpamAssassin > postfix 15719 0.6 1.4 39188 29844 ? S 11:10 0:01 > MailScanner: checking with SpamAssassin > > it seems that SpamAssassin is choking up but I can't figure out why. I > run 3 separate gateway machines with MailScanner logging to a central > mysql db and MailWatch for a front end GUI. > > I've shut down each gateway in turn and only gateway 3 seems to be > having this problem, the other two are fine and processing mail normally > and a ps aux | grep MailScanner shows some checking with spamassassin > and others doing virus scans etc. > > I changed spamassassin time out within MailScanner.conf and pretty much > every message timed out on the spamassassin scan, so it killed the > process and sent the message on for delivery - spam or no spam. > > I've checked spam.assassin.prefs against one I know is working and the > file is exactly the same, a spamassassin -D -p > /etc/MailScanner/spam.assassin.prefs.conf --lint which didn't report any > errors, although it did say pyzor and dcc checks were local only but I > don't think this is an issue as spamassassin would just ignore the > checks if they're unavailable right? > > Dns is resolving fine, no probs at all with that and I can't see > anything different to the blacklists to that of the working server so I > don't think it's a slow rbl. > > Anyone know what could be causing spamassassin / mailscanner to choke > like this? before I stopped the service and moved the queue to a > temporary dir there was about 500mb of mail in there - I'll filter this > back in later but need to get the darn thing running properly first :) > > Thanks!! > > Simon J > A "classic" problem is that something has put a non-queuefile file in the hold directory... This will make MailScanner choke. But what you describe sound a bit different. If you run a message through (as the PF user) spamassassin -t -D, where do you see "pauses"? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From simon at saq.co.uk Thu Sep 13 13:07:18 2007 From: simon at saq.co.uk (Simon Jones) Date: Thu Sep 13 13:17:30 2007 Subject: choked hold queue References: <223f97700709130506x1aca2b2fr3e66370a1cf104f5@mail.gmail.com> Message-ID: Hi Glen, Test gives: [root@mailgate3 hold]# spamassassin -t -D [2167] dbg: logger: adding facilities: all [2167] dbg: logger: logging level is DBG [2167] dbg: generic: SpamAssassin version 3.2.3 [2167] dbg: config: score set 0 chosen. [2167] dbg: util: running in taint mode? yes [2167] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [2167] dbg: util: PATH included '/usr/kerberos/sbin', keeping [2167] dbg: util: PATH included '/usr/kerberos/bin', keeping [2167] dbg: util: PATH included '/usr/local/sbin', keeping [2167] dbg: util: PATH included '/usr/local/bin', keeping [2167] dbg: util: PATH included '/sbin', keeping [2167] dbg: util: PATH included '/bin', keeping [2167] dbg: util: PATH included '/usr/sbin', keeping [2167] dbg: util: PATH included '/usr/bin', keeping [2167] dbg: util: PATH included '/usr/X11R6/bin', keeping [2167] dbg: util: PATH included '/root/bin', which doesn't exist, dropping [2167] dbg: util: final PATH set to: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbi n:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin [2167] dbg: dns: no ipv6 [2167] dbg: dns: is Net::DNS::Resolver available? yes [2167] dbg: dns: Net::DNS version: 0.61 And sticks there, but this happens on the working machines too so I figured it wasn't a problem. Absolutely nothing is being sent off this box - tail -f /var/log/maillog | grep sent shows NOTHING :( > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Glenn Steen > Sent: 13 September 2007 13:07 > To: MailScanner discussion > Subject: Re: choked hold queue > > On 13/09/2007, Simon Jones wrote: > > Hi, > > > > I have a problem with a mailscanner box at the moment getting choked > up > > and stacking mail in the /var/spool/postfix/hold directory. > > > > When I check for MailScanner processes all I get is a bunch of > > > > postfix 15620 0.4 1.4 38712 29564 ? S 11:10 0:01 > > MailScanner: checking with SpamAssassin > > postfix 15660 0.6 1.4 38724 29572 ? S 11:10 0:01 > > MailScanner: checking with SpamAssassin > > postfix 15689 0.6 1.4 38740 29580 ? S 11:10 0:01 > > MailScanner: checking with SpamAssassin > > postfix 15719 0.6 1.4 39188 29844 ? S 11:10 0:01 > > MailScanner: checking with SpamAssassin > > > > it seems that SpamAssassin is choking up but I can't figure out why. > I > > run 3 separate gateway machines with MailScanner logging to a central > > mysql db and MailWatch for a front end GUI. > > > > I've shut down each gateway in turn and only gateway 3 seems to be > > having this problem, the other two are fine and processing mail > normally > > and a ps aux | grep MailScanner shows some checking with spamassassin > > and others doing virus scans etc. > > > > I changed spamassassin time out within MailScanner.conf and pretty > much > > every message timed out on the spamassassin scan, so it killed the > > process and sent the message on for delivery - spam or no spam. > > > > I've checked spam.assassin.prefs against one I know is working and > the > > file is exactly the same, a spamassassin -D -p > > /etc/MailScanner/spam.assassin.prefs.conf --lint which didn't report > any > > errors, although it did say pyzor and dcc checks were local only but > I > > don't think this is an issue as spamassassin would just ignore the > > checks if they're unavailable right? > > > > Dns is resolving fine, no probs at all with that and I can't see > > anything different to the blacklists to that of the working server so > I > > don't think it's a slow rbl. > > > > Anyone know what could be causing spamassassin / mailscanner to choke > > like this? before I stopped the service and moved the queue to a > > temporary dir there was about 500mb of mail in there - I'll filter > this > > back in later but need to get the darn thing running properly first > :) > > > > Thanks!! > > > > Simon J > > > A "classic" problem is that something has put a non-queuefile file in > the hold directory... This will make MailScanner choke. > But what you describe sound a bit different. If you run a message > through (as the PF user) spamassassin -t -D, where do you see > "pauses"? > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From simon at saq.co.uk Thu Sep 13 13:32:07 2007 From: simon at saq.co.uk (Simon Jones) Date: Thu Sep 13 13:42:20 2007 Subject: choked hold queue References: <223f97700709130506x1aca2b2fr3e66370a1cf104f5@mail.gmail.com> Message-ID: Ok I got 1 sent! That's all though, so it looks to be working but is just incredibly slow [root@mailgate3 ~]# tail -f /var/log/maillog | grep sent Sep 13 13:38:20 mailgate3 postfix/smtp[5102]: C98B498834C: to=, relay=196.2.1.1[196.2.1.2], delay=712, status=sent (250 Message queued) > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Simon Jones > Sent: 13 September 2007 13:07 > To: MailScanner discussion > Subject: RE: choked hold queue > > Hi Glen, > > Test gives: > > [root@mailgate3 hold]# spamassassin -t -D > [2167] dbg: logger: adding facilities: all > [2167] dbg: logger: logging level is DBG > [2167] dbg: generic: SpamAssassin version 3.2.3 > [2167] dbg: config: score set 0 chosen. > [2167] dbg: util: running in taint mode? yes > [2167] dbg: util: taint mode: deleting unsafe environment variables, > resetting PATH > [2167] dbg: util: PATH included '/usr/kerberos/sbin', keeping > [2167] dbg: util: PATH included '/usr/kerberos/bin', keeping > [2167] dbg: util: PATH included '/usr/local/sbin', keeping > [2167] dbg: util: PATH included '/usr/local/bin', keeping > [2167] dbg: util: PATH included '/sbin', keeping > [2167] dbg: util: PATH included '/bin', keeping > [2167] dbg: util: PATH included '/usr/sbin', keeping > [2167] dbg: util: PATH included '/usr/bin', keeping > [2167] dbg: util: PATH included '/usr/X11R6/bin', keeping > [2167] dbg: util: PATH included '/root/bin', which doesn't exist, > dropping > [2167] dbg: util: final PATH set to: > /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sb > i > n:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin > [2167] dbg: dns: no ipv6 > [2167] dbg: dns: is Net::DNS::Resolver available? yes > [2167] dbg: dns: Net::DNS version: 0.61 > > And sticks there, but this happens on the working machines too so I > figured it wasn't a problem. Absolutely nothing is being sent off this > box - tail -f /var/log/maillog | grep sent shows NOTHING :( > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Glenn Steen > > Sent: 13 September 2007 13:07 > > To: MailScanner discussion > > Subject: Re: choked hold queue > > > > On 13/09/2007, Simon Jones wrote: > > > Hi, > > > > > > I have a problem with a mailscanner box at the moment getting > choked > > up > > > and stacking mail in the /var/spool/postfix/hold directory. > > > > > > When I check for MailScanner processes all I get is a bunch of > > > > > > postfix 15620 0.4 1.4 38712 29564 ? S 11:10 0:01 > > > MailScanner: checking with SpamAssassin > > > postfix 15660 0.6 1.4 38724 29572 ? S 11:10 0:01 > > > MailScanner: checking with SpamAssassin > > > postfix 15689 0.6 1.4 38740 29580 ? S 11:10 0:01 > > > MailScanner: checking with SpamAssassin > > > postfix 15719 0.6 1.4 39188 29844 ? S 11:10 0:01 > > > MailScanner: checking with SpamAssassin > > > > > > it seems that SpamAssassin is choking up but I can't figure out > why. > > I > > > run 3 separate gateway machines with MailScanner logging to a > central > > > mysql db and MailWatch for a front end GUI. > > > > > > I've shut down each gateway in turn and only gateway 3 seems to be > > > having this problem, the other two are fine and processing mail > > normally > > > and a ps aux | grep MailScanner shows some checking with > spamassassin > > > and others doing virus scans etc. > > > > > > I changed spamassassin time out within MailScanner.conf and pretty > > much > > > every message timed out on the spamassassin scan, so it killed the > > > process and sent the message on for delivery - spam or no spam. > > > > > > I've checked spam.assassin.prefs against one I know is working and > > the > > > file is exactly the same, a spamassassin -D -p > > > /etc/MailScanner/spam.assassin.prefs.conf --lint which didn't > report > > any > > > errors, although it did say pyzor and dcc checks were local only > but > > I > > > don't think this is an issue as spamassassin would just ignore the > > > checks if they're unavailable right? > > > > > > Dns is resolving fine, no probs at all with that and I can't see > > > anything different to the blacklists to that of the working server > so > > I > > > don't think it's a slow rbl. > > > > > > Anyone know what could be causing spamassassin / mailscanner to > choke > > > like this? before I stopped the service and moved the queue to a > > > temporary dir there was about 500mb of mail in there - I'll filter > > this > > > back in later but need to get the darn thing running properly first > > :) > > > > > > Thanks!! > > > > > > Simon J > > > > > A "classic" problem is that something has put a non-queuefile file in > > the hold directory... This will make MailScanner choke. > > But what you describe sound a bit different. If you run a message > > through (as the PF user) spamassassin -t -D, where do you see > > "pauses"? > > > > Cheers > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From dgottsc at emory.edu Thu Sep 13 16:50:26 2007 From: dgottsc at emory.edu (Gottschalk, David) Date: Thu Sep 13 16:50:45 2007 Subject: Virus scanning hanging? Message-ID: <8D2EFA3D9FD29C45BCEC3B532F0E2308413589F113@RDPEXCH2.Eu.Emory.Edu> It appears that some of the MailScanner processes on one of my boxes are hanging on Virus scanning. ps -ef | grep -I mailscanner | grep dangerous root 4259 4139 62 10:56 ? 00:29:07 MailScanner: dangerous content scanning root 4212 4139 61 10:56 ? 00:28:35 MailScanner: dangerous content scanning root 4140 4139 62 10:56 ? 00:29:03 MailScanner: dangerous content scanning Sep 13 10:56:06 mr5 MailScanner[4140]: MCP Checks: Starting Sep 13 10:56:09 mr5 MailScanner[4140]: MCP Checks completed at 789370 bytes per second Sep 13 10:56:10 mr5 MailScanner[4140]: Virus and Content Scanning: Starting sudo strace -p 4140 Process 4140 attached - interrupt to quit Process 4140 detached I'm running clamav 0.91.1/4264/Thu Sep 13 02:06:05 2007and bitdefender BDC/Linux-Console v7.0 (build 2492) (i386) (Dec 11 2003 13:24:00). Other mail is flowing fine. Any ideas? Any ideas? David Gottschalk UTS Infrastructure Technology Services david.gottschalk@emory.edu -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070913/11f631b4/attachment.html From Gerhard.Bressler at meinhart.at Thu Sep 13 17:54:02 2007 From: Gerhard.Bressler at meinhart.at (Gerhard Bressler) Date: Thu Sep 13 17:54:18 2007 Subject: Max File Size blocking Message-ID: Hi list, I installed a new server with mailscanner 4.63.8 and Mailwatch 1.04. At my old server was MS 4.55 and MW 1.03. The problem for me is, that on the old system a message which exceeds the limit, got an entry in Mailwatch with 'Other Infection' and was stored in quarantaine-folder. On the new system the message is also stored in quarantine, but it doesn't get the Flag 'Other Infection'. So its hard to find out which message has been blocked. Is this a configuration issue or a change in MailScanner ? hoping for help Gerhard From glenn.steen at gmail.com Thu Sep 13 18:32:56 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Sep 13 18:32:58 2007 Subject: Virus scanning hanging? In-Reply-To: <8D2EFA3D9FD29C45BCEC3B532F0E2308413589F113@RDPEXCH2.Eu.Emory.Edu> References: <8D2EFA3D9FD29C45BCEC3B532F0E2308413589F113@RDPEXCH2.Eu.Emory.Edu> Message-ID: <223f97700709131032o719c91e7g20e7ee4fd3c150b4@mail.gmail.com> On 13/09/2007, Gottschalk, David wrote: (snip) > > Any ideas? Size of the mails they are handling? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From stork at openenterprise.ca Thu Sep 13 18:33:33 2007 From: stork at openenterprise.ca (Johnny Stork) Date: Thu Sep 13 18:33:37 2007 Subject: OT- Urgent question about Exchange relaying to MS Message-ID: <46E9746D.9020007@openenterprise.ca> Sorry about this Exchange OT question but I am in a tight bind. Have a client that I am about to deploy/test DefenderMX for and we need to point their Exchange 2000 server to send outgoing mail through the DefenderMX box. I dont know Exchange so cant help them and unfortunately the client is not that knowledgeable either. I found this below so is this all thats needed? Section 3, "Adding an SMTP connector": http://www.christensen-software.com/support/config_exchange_2000.htm This is the /var/log/maillog on the defendermx system when they did set something in Exchange.....not sure what. (mailboxmaster.dos,ca is the Exchange 2000 server) Sep 13 10:15:45 relaytest sendmail[9442]: l8DHAlQx009442: collect: premature EOM: unexpected close Sep 13 10:15:45 relaytest sendmail[9442]: l8DHAlQx009442: collect: unexpected close on connection from mailboxmaster.dos.ca, sender= Sep 13 10:15:45 relaytest sendmail[9442]: l8DHAlQx009442: from=, size=7299, class=0, nrcpts=1, proto=ESMTP, daemon=MTA, relay=mailboxmaster.dos.ca [192.168.10.14] Sep 13 10:17:07 relaytest milter-ahead[2882]: 00051 l8DHH7q7009631: recipient (0) cached, skipping I have also mailed FSL but waiting on a response, big time crunch so trying to get help anywhere -- *Johnny Stork* Business & Technology Consultant stork@openenterprise.ca From ssilva at sgvwater.com Thu Sep 13 18:34:11 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Sep 13 18:35:15 2007 Subject: Add 2nd antivirus scanner In-Reply-To: <3514.62.150.152.44.1189669425.squirrel@webmail.baladia.gov.kw> References: <1266.62.150.152.42.1189506051.squirrel@webmail.baladia.gov.kw> <4365.62.150.152.42.1189576764.squirrel@webmail.baladia.gov.kw> <3514.62.150.152.44.1189669425.squirrel@webmail.baladia.gov.kw> Message-ID: Mail Administrator spake the following on 9/13/2007 12:43 AM: > Thanks a lot scott for ur immediate reply.. > > I guess as u said if its a performance hog i be happy with clamav as so > far its doin a grt job > Check the licensing of any corporate desktop antivirus that your company might have purchased. I know with our McAfee license it allows us to use the Linux command line scanner also. It isn't perfect, but it is a backup. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From dgottsc at emory.edu Thu Sep 13 18:41:42 2007 From: dgottsc at emory.edu (Gottschalk, David) Date: Thu Sep 13 18:41:56 2007 Subject: Virus scanning hanging? In-Reply-To: <223f97700709131032o719c91e7g20e7ee4fd3c150b4@mail.gmail.com> References: <8D2EFA3D9FD29C45BCEC3B532F0E2308413589F113@RDPEXCH2.Eu.Emory.Edu> <223f97700709131032o719c91e7g20e7ee4fd3c150b4@mail.gmail.com> Message-ID: <8D2EFA3D9FD29C45BCEC3B532F0E2308413589F1F3@RDPEXCH2.Eu.Emory.Edu> About 2-3 megs. I think it might actually be hanging on the dangerous content filtering, not virus scanning. I was mistaken. I thought dangerous content filtering included virus scanning. David Gottschalk UTS Infrastructure Technology Services david.gottschalk@emory.edu 404.727.9744 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Thursday, September 13, 2007 1:33 PM To: MailScanner discussion Subject: Re: Virus scanning hanging? On 13/09/2007, Gottschalk, David wrote: (snip) > > Any ideas? Size of the mails they are handling? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From sandrews at andrewscompanies.com Thu Sep 13 18:42:52 2007 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Thu Sep 13 18:42:55 2007 Subject: OT- Urgent question about Exchange relaying to MS In-Reply-To: <46E9746D.9020007@openenterprise.ca> References: <46E9746D.9020007@openenterprise.ca> Message-ID: <1964AAFBC212F742958F9275BF63DBB05B3F53@winchester.andrewscompanies.com> On the exchange box, go to Exchange System Manager drill down to Servers, Protocols, SMTP, Default SMTP Virutal Server, right click, properties. Delivery tab, advanced. Put your defender in the "smart host" box. You'll have to use it's FQDN, not just IP (you can setup a defender.domain.local if you need on the domain's DNS server). Click OK to save it all. Right click on the virtual server, stop it, right click, start it. Done. The link you supplied below assumes smtp mail was never setup on the box; I'm assuming it is. Steve -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Johnny Stork Sent: Thursday, September 13, 2007 1:34 PM To: mailscanner@lists.mailscanner.info Subject: OT- Urgent question about Exchange relaying to MS Sorry about this Exchange OT question but I am in a tight bind. Have a client that I am about to deploy/test DefenderMX for and we need to point their Exchange 2000 server to send outgoing mail through the DefenderMX box. I dont know Exchange so cant help them and unfortunately the client is not that knowledgeable either. I found this below so is this all thats needed? Section 3, "Adding an SMTP connector": http://www.christensen-software.com/support/config_exchange_2000.htm This is the /var/log/maillog on the defendermx system when they did set something in Exchange.....not sure what. (mailboxmaster.dos,ca is the Exchange 2000 server) Sep 13 10:15:45 relaytest sendmail[9442]: l8DHAlQx009442: collect: premature EOM: unexpected close Sep 13 10:15:45 relaytest sendmail[9442]: l8DHAlQx009442: collect: unexpected close on connection from mailboxmaster.dos.ca, sender= Sep 13 10:15:45 relaytest sendmail[9442]: l8DHAlQx009442: from=, size=7299, class=0, nrcpts=1, proto=ESMTP, daemon=MTA, relay=mailboxmaster.dos.ca [192.168.10.14] Sep 13 10:17:07 relaytest milter-ahead[2882]: 00051 l8DHH7q7009631: recipient (0) cached, skipping I have also mailed FSL but waiting on a response, big time crunch so trying to get help anywhere -- *Johnny Stork* Business & Technology Consultant stork@openenterprise.ca -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Chris at 7of9b.org Thu Sep 13 18:46:49 2007 From: Chris at 7of9b.org (Chris Burton) Date: Thu Sep 13 18:47:31 2007 Subject: OT- Urgent question about Exchange relaying to MS References: <46E9746D.9020007@openenterprise.ca> <1964AAFBC212F742958F9275BF63DBB05B3F53@winchester.andrewscompanies.com> Message-ID: <019f01c7f62e$14213e80$c7fda8c0@murphy3> > On the exchange box, go to Exchange System Manager drill down to > Servers, Protocols, SMTP, Default SMTP Virutal Server, right click, > properties. Delivery tab, advanced. Put your defender in the "smart > host" box. You'll have to use it's FQDN, not just IP (you can setup a > defender.domain.local if you need on the domain's DNS server). Click OK > to save it all. Right click on the virtual server, stop it, right > click, start it. You can use an IP if you enclose it in square brackets [1.2.3.4] ChrisB. From Robert.Horton at goodmanmfg.com Thu Sep 13 18:52:34 2007 From: Robert.Horton at goodmanmfg.com (Horton, Robert) Date: Thu Sep 13 18:52:37 2007 Subject: Mailscanner with CRM114 - getting past "unknown" in headers In-Reply-To: <46E827BD.4060207@fractalweb.com> References: <46E827BD.4060207@fractalweb.com> Message-ID: <50678FBB708A9B4FB6B536F6F657883D028E9642@exch-gman.ad.goodmanmfg.com> How are you getting the headers at all in mailscanner? Is there a way to have mailscanner pass headers generated from spamassassin? I need to get the X-Spam-CRM114-CacheID. Thanks, Robert -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Chris Yuzik Sent: Wednesday, September 12, 2007 12:54 PM To: MailScanner discussion Subject: Mailscanner with CRM114 - getting past "unknown" in headers Hi everyone, I'm using MailScanner and SA with CRM114 and am getting the following in my headers: X-Spam-CRM114-Version: UNKNOWN X-Spam-CRM114-CacheID: UNKNOWN X-Spam-CRM114-Status: UNKNOWN ( 0 ) The strange thing is that if I check a message in the system's quarantine with the following, the proper information shows up (just the relevant part is pasted): # spamassassin -t < l8CHZtYJ016597 X-Spam-CRM114-Version: 20070301-BlameBaltar ( TRE 0.7.5 (LGPL) ) MR-BD9991E2 X-Spam-CRM114-CacheID: sfid-20070912_104730_888511_104EF1BB X-Spam-CRM114-Status: SPAM ( -26.32 ) So, questions. 1) is the version info not showing up likely because of something to do with MailScanner? Or could it be something else? It seems odd that the header gets put in, but the data just ends up being "UNKNOWN", except when run from the shell. 2) am I using the current version of CRM114 and/or mailreaver? Thanks, Chris -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! CONFIDENTIALITY NOTE: The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. Thank you. From itdept at fractalweb.com Thu Sep 13 19:02:06 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Thu Sep 13 19:02:45 2007 Subject: Mailscanner with CRM114 - getting past "unknown" in headers In-Reply-To: <50678FBB708A9B4FB6B536F6F657883D028E9642@exch-gman.ad.goodmanmfg.com> References: <46E827BD.4060207@fractalweb.com> <50678FBB708A9B4FB6B536F6F657883D028E9642@exch-gman.ad.goodmanmfg.com> Message-ID: <46E97B1E.5070900@fractalweb.com> Horton, Robert wrote: > How are you getting the headers at all in mailscanner? Is there a way to > have mailscanner pass headers generated from spamassassin? I need to get > the X-Spam-CRM114-CacheID. Robert, That's my goal too. I want the X-Spam-CRM114-CacheID so I can have my users forward emails to a specific address for training. I have the following lines in my crm114.cf file: add_header all CRM114-Version _CRM114VERSION_ add_header all CRM114-CacheID _CRM114CACHEID_ add_header all CRM114-Status _CRM114STATUS_ ( _CRM114SCORE_ ) additionally, I have: crm114_use_cacheid 1 Unfortunately, in actual emails, I'm getting the header but not the data. In testing from the shell, I get all the headers and the data. Not sure if it's MailScanner preventing the data from getting through or what. Chris From itdept at fractalweb.com Thu Sep 13 19:16:32 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Thu Sep 13 19:17:10 2007 Subject: Mailscanner with CRM114 - getting past "unknown" in headers In-Reply-To: <46E92537.7922.1F3C0143@cobalt-users1.fishnet.co.uk> References: <46E827BD.4060207@fractalweb.com> <46E92537.7922.1F3C0143@cobalt-users1.fishnet.co.uk> Message-ID: <46E97E80.3030107@fractalweb.com> Ian wrote: > I have not had chance to set up CRM114 yet but I can tell you how to check debug > spamassassin as run by MailScanner as I have recently been debugging the Botnet plugin. > The following command line will run a lint check and put the stderr output into a file: > > as root: (or whatever user you run MailScanner as): > > spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint 2> debug.txt > > To test a specific message in the file test_message: > > spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf < test_message> > test_spam_output 2> test_spam_debug > > This should help track down your problem. Ian, I'm not sure I'm much further ahead than I was before, but THANK YOU for this bit of wisdom. Is this in the MailScanner wiki anywhere? If not, could you add it? Chris From glenn.steen at gmail.com Thu Sep 13 19:17:22 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Sep 13 19:17:23 2007 Subject: Virus scanning hanging? In-Reply-To: <8D2EFA3D9FD29C45BCEC3B532F0E2308413589F1F3@RDPEXCH2.Eu.Emory.Edu> References: <8D2EFA3D9FD29C45BCEC3B532F0E2308413589F113@RDPEXCH2.Eu.Emory.Edu> <223f97700709131032o719c91e7g20e7ee4fd3c150b4@mail.gmail.com> <8D2EFA3D9FD29C45BCEC3B532F0E2308413589F1F3@RDPEXCH2.Eu.Emory.Edu> Message-ID: <223f97700709131117u35b516c1l908a5fef89b13520@mail.gmail.com> On 13/09/2007, Gottschalk, David wrote: > About 2-3 megs. > > I think it might actually be hanging on the dangerous content filtering, not virus scanning. I was mistaken. > > I thought dangerous content filtering included virus scanning. > Nah. Might be that they are some very strange files? Zip-bombs come to mind.... Or your file command misbehaving? You can probably "catch" them in the act in the MailScanner incoming directory ... And check that that hasn't run full or something like that.... The files are in subdirectories like /var/spool/MailScanner/incoming/// (IIRC:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Thu Sep 13 19:19:08 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Sep 13 19:19:24 2007 Subject: Can folders and files inside /var/spool/MailScanner/incoming be deleted?? In-Reply-To: <6a7195cc0709130115u11f03aet8a0aabeba118aed8@mail.gmail.com> References: <6a7195cc0709130115u11f03aet8a0aabeba118aed8@mail.gmail.com> Message-ID: vinayan KP spake the following on 9/13/2007 1:15 AM: > Hello everyone, > > I am very new to MailScanner and I hope someone could help me to fix > my problem of mailscanner eating up my hard disk space? > > I just found out that /var/spool/MailScanner/incoming folder has lot > of folders and one of them occupies a lot of space. I just want to > know whether I can remover these folders and files that take lot of > space? > > Thanking you in advance > > Regards > > Vinu Most of us run that folder in tmpfs to increase speed. With MailScanner stopped, you should be able to delete any folders that are numbered. To run that folder in tmpfs add the following line to your /etc/fstab none /var/spool/MailScanner/incoming tmpfs defaults 0 0 That way the folder will run faster, and will be cleaned up during a reboot. But only add this if your system has a sufficient amount of memory. Somewhere near 1 GB per processor. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From glenn.steen at gmail.com Thu Sep 13 19:22:41 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Sep 13 19:22:42 2007 Subject: OT- Urgent question about Exchange relaying to MS In-Reply-To: <1964AAFBC212F742958F9275BF63DBB05B3F53@winchester.andrewscompanies.com> References: <46E9746D.9020007@openenterprise.ca> <1964AAFBC212F742958F9275BF63DBB05B3F53@winchester.andrewscompanies.com> Message-ID: <223f97700709131122g4575eea1re911fef2e75a7804@mail.gmail.com> On 13/09/2007, Steven Andrews wrote: > On the exchange box, go to Exchange System Manager drill down to > Servers, Protocols, SMTP, Default SMTP Virutal Server, right click, > properties. Delivery tab, advanced. Put your defender in the "smart > host" box. You'll have to use it's FQDN, not just IP (you can setup a > defender.domain.local if you need on the domain's DNS server). Click OK > to save it all. Right click on the virtual server, stop it, right > click, start it. > > Done. > > The link you supplied below assumes smtp mail was never setup on the > box; I'm assuming it is. > > Steve Don't think you need the restart... Then again, last I did that, was on a 2k3 box (the M-Sexchanged admin was on vacation... Grmbl...:). Other than that, it sounds about right. Browse about in the admin tool, it ain't that complex:-):-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Thu Sep 13 19:34:38 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Sep 13 19:34:56 2007 Subject: Virus scanning hanging? In-Reply-To: <8D2EFA3D9FD29C45BCEC3B532F0E2308413589F113@RDPEXCH2.Eu.Emory.Edu> References: <8D2EFA3D9FD29C45BCEC3B532F0E2308413589F113@RDPEXCH2.Eu.Emory.Edu> Message-ID: Gottschalk, David spake the following on 9/13/2007 8:50 AM: > It appears that some of the MailScanner processes on one of my boxes are > hanging on Virus scanning. > > > > ps ?ef | grep ?I mailscanner | grep dangerous > > > > root 4259 4139 62 10:56 ? 00:29:07 MailScanner: dangerous > content scanning > > root 4212 4139 61 10:56 ? 00:28:35 MailScanner: dangerous > content scanning > > root 4140 4139 62 10:56 ? 00:29:03 MailScanner: dangerous > content scanning > > > > > > > > Sep 13 10:56:06 mr5 MailScanner[4140]: MCP Checks: Starting > > Sep 13 10:56:09 mr5 MailScanner[4140]: MCP Checks completed at 789370 > bytes per second > > Sep 13 10:56:10 mr5 MailScanner[4140]: Virus and Content Scanning: Starting > > > > > > sudo strace -p 4140 > > Process 4140 attached - interrupt to quit > > > > > > Process 4140 detached > > > > I?m running clamav 0.91.1/4264/Thu Sep 13 02:06:05 2007and bitdefender > BDC/Linux-Console v7.0 (build 2492) (i386) (Dec 11 2003 13:24:00). > > > > Other mail is flowing fine. Any ideas? > > > > Any ideas? On a sidenote, I had a lot of problems with BitDefender 7.0. I found 7.1 and it was much better, until this week that is. I disabled it on a busy box until I can trace why it is slow. It always uses close to 100% CPU, but it used to be done in a few seconds. This week I had processes sticking around for 5 to 10 minutes. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From dgottsc at emory.edu Thu Sep 13 19:35:49 2007 From: dgottsc at emory.edu (Gottschalk, David) Date: Thu Sep 13 19:36:00 2007 Subject: Virus scanning hanging? In-Reply-To: <223f97700709131117u35b516c1l908a5fef89b13520@mail.gmail.com> References: <8D2EFA3D9FD29C45BCEC3B532F0E2308413589F113@RDPEXCH2.Eu.Emory.Edu> <223f97700709131032o719c91e7g20e7ee4fd3c150b4@mail.gmail.com> <8D2EFA3D9FD29C45BCEC3B532F0E2308413589F1F3@RDPEXCH2.Eu.Emory.Edu> <223f97700709131117u35b516c1l908a5fef89b13520@mail.gmail.com> Message-ID: <8D2EFA3D9FD29C45BCEC3B532F0E2308413589F263@RDPEXCH2.Eu.Emory.Edu> Yeah, I saw the files in the actual mqueue.in folder. I tried to do a strace, but for some reason strace isn't working on these machines right now. I turned off Dangerous content filtering, and the message went through. I'm still curious though about what happened, and worried it might happen again. I wish I could do a strace, then I could have seen what it was trying to do while taking up 98% of the CPU. David Gottschalk UTS Infrastructure Technology Services david.gottschalk@emory.edu -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Thursday, September 13, 2007 2:17 PM To: MailScanner discussion Subject: Re: Virus scanning hanging? On 13/09/2007, Gottschalk, David wrote: > About 2-3 megs. > > I think it might actually be hanging on the dangerous content filtering, not virus scanning. I was mistaken. > > I thought dangerous content filtering included virus scanning. > Nah. Might be that they are some very strange files? Zip-bombs come to mind.... Or your file command misbehaving? You can probably "catch" them in the act in the MailScanner incoming directory ... And check that that hasn't run full or something like that.... The files are in subdirectories like /var/spool/MailScanner/incoming/// (IIRC:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Robert.Horton at goodmanmfg.com Thu Sep 13 19:41:53 2007 From: Robert.Horton at goodmanmfg.com (Horton, Robert) Date: Thu Sep 13 19:42:02 2007 Subject: Mailscanner with CRM114 - getting past "unknown" in headers In-Reply-To: <46E97B1E.5070900@fractalweb.com> References: <46E827BD.4060207@fractalweb.com><50678FBB708A9B4FB6B536F6F657883D028E9642@exch-gman.ad.goodmanmfg.com> <46E97B1E.5070900@fractalweb.com> Message-ID: <50678FBB708A9B4FB6B536F6F657883D028E9643@exch-gman.ad.goodmanmfg.com> I too have those settings but do not receive them in the delivered version of the email. When running from the command line I get these from spamassassin but they don't continue to Mailscanner (and never have to my knowledge) X-Spam-ASN: AS21479 83.221.192.0/19 X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.2 (2007-07-23) on XxX X-Spam-CRM114-CacheID: sfid-20070913_124207_925341_C2D1B898 X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=79.9 required=5.0 tests=BAYES_99,CRM114_CHECK, HIDE_WIN_STATUS,HTML_IMAGE_ONLY_24,HTML_MESSAGE,PART_CID_STOCK, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RDNS_NONE,SARE_GIF_ATTACH, TVD_FW_GRAPHIC_NAME_LONG,TVD_FW_GRAPHIC_NAME_MID,T_TVD_FW_GRAPHIC_ID1, URIBL_BLACK,URIBL_JP_SURBL,URI_HEX autolearn=unavailable version=3.2.2 X-Spam-CRM114-Status: SPAM ( -294.08 ) Have you made any changes in the MailScanner.conf file for those headers? -Robert -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Chris Yuzik Sent: Thursday, September 13, 2007 1:02 PM To: MailScanner discussion Subject: Re: Mailscanner with CRM114 - getting past "unknown" in headers Horton, Robert wrote: > How are you getting the headers at all in mailscanner? Is there a way to > have mailscanner pass headers generated from spamassassin? I need to get > the X-Spam-CRM114-CacheID. Robert, That's my goal too. I want the X-Spam-CRM114-CacheID so I can have my users forward emails to a specific address for training. I have the following lines in my crm114.cf file: add_header all CRM114-Version _CRM114VERSION_ add_header all CRM114-CacheID _CRM114CACHEID_ add_header all CRM114-Status _CRM114STATUS_ ( _CRM114SCORE_ ) additionally, I have: crm114_use_cacheid 1 Unfortunately, in actual emails, I'm getting the header but not the data. In testing from the shell, I get all the headers and the data. Not sure if it's MailScanner preventing the data from getting through or what. Chris -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! CONFIDENTIALITY NOTE: The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. Thank you. From sandrews at andrewscompanies.com Thu Sep 13 19:42:20 2007 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Thu Sep 13 19:42:23 2007 Subject: OT- Urgent question about Exchange relaying to MS In-Reply-To: <223f97700709131122g4575eea1re911fef2e75a7804@mail.gmail.com> References: <46E9746D.9020007@openenterprise.ca><1964AAFBC212F742958F9275BF63DBB05B3F53@winchester.andrewscompanies.com> <223f97700709131122g4575eea1re911fef2e75a7804@mail.gmail.com> Message-ID: <1964AAFBC212F742958F9275BF63DBB05B3F56@winchester.andrewscompanies.com> Just start and stop the service; not restart the whole box. Yes, anytime you make a change to the smtp virutal you should stop, start...only way to be sure (well, that and nuking from orbit). -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Thursday, September 13, 2007 2:23 PM To: MailScanner discussion Subject: Re: OT- Urgent question about Exchange relaying to MS On 13/09/2007, Steven Andrews wrote: > On the exchange box, go to Exchange System Manager drill down to > Servers, Protocols, SMTP, Default SMTP Virutal Server, right click, > properties. Delivery tab, advanced. Put your defender in the "smart > host" box. You'll have to use it's FQDN, not just IP (you can setup a > defender.domain.local if you need on the domain's DNS server). Click > OK to save it all. Right click on the virtual server, stop it, right > click, start it. > > Done. > > The link you supplied below assumes smtp mail was never setup on the > box; I'm assuming it is. > > Steve Don't think you need the restart... Then again, last I did that, was on a 2k3 box (the M-Sexchanged admin was on vacation... Grmbl...:). Other than that, it sounds about right. Browse about in the admin tool, it ain't that complex:-):-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Thu Sep 13 20:01:16 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Sep 13 20:01:19 2007 Subject: OT- Urgent question about Exchange relaying to MS In-Reply-To: <1964AAFBC212F742958F9275BF63DBB05B3F56@winchester.andrewscompanies.com> References: <46E9746D.9020007@openenterprise.ca> <1964AAFBC212F742958F9275BF63DBB05B3F53@winchester.andrewscompanies.com> <223f97700709131122g4575eea1re911fef2e75a7804@mail.gmail.com> <1964AAFBC212F742958F9275BF63DBB05B3F56@winchester.andrewscompanies.com> Message-ID: <223f97700709131201g458e1768l85962dc3c94fb7ec@mail.gmail.com> On 13/09/2007, Steven Andrews wrote: > Just start and stop the service; not restart the whole box. Yes, > anytime you make a change to the smtp virutal you should stop, > start...only way to be sure (well, that and nuking from orbit). Nuking from orbit.... Sounds like a very attractive option, next time I get downgraded to doing M-Sexchange work....:-) Cheers > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn > Steen > Sent: Thursday, September 13, 2007 2:23 PM > To: MailScanner discussion > Subject: Re: OT- Urgent question about Exchange relaying to MS > > On 13/09/2007, Steven Andrews wrote: > > On the exchange box, go to Exchange System Manager drill down to > > Servers, Protocols, SMTP, Default SMTP Virutal Server, right click, > > properties. Delivery tab, advanced. Put your defender in the "smart > > host" box. You'll have to use it's FQDN, not just IP (you can setup a > > > defender.domain.local if you need on the domain's DNS server). Click > > OK to save it all. Right click on the virtual server, stop it, right > > click, start it. > > > > Done. > > > > The link you supplied below assumes smtp mail was never setup on the > > box; I'm assuming it is. > > > > Steve > > Don't think you need the restart... Then again, last I did that, was on > a 2k3 box (the M-Sexchanged admin was on vacation... Grmbl...:). > Other than that, it sounds about right. Browse about in the admin tool, > it ain't that complex:-):-). > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From hvdkooij at vanderkooij.org Thu Sep 13 20:11:35 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Sep 13 20:11:50 2007 Subject: Lots of spam gets through because of BAYES_00 -2.60 In-Reply-To: <46E915AD.4060804@nerc.ac.uk> References: <46E7DDB0.50404@nerc.ac.uk> <97FD54B5E57A1842AA1A4B232E4761178EEB31@ati-ex-02.ati.local> <46E915AD.4060804@nerc.ac.uk> Message-ID: On Thu, 13 Sep 2007, Greg Matthews wrote: > Chris W. Parker wrote: >> On Wednesday, September 12, 2007 5:38 AM Greg Matthews said: >> >> > In summary, if Bayes is not working for you, its worth taking the time >> > to get it right rather than simply skewing the scores. >> >> Would you mind giving more details on how I can take the time to "get it >> right"? > > theres no substitute for reading the docs! SA is a complex piece of software > and you need to understand at least how it works. but... Take a word of advice from the competition: http://www.barracudanetworks.com/ns/downloads/Barracuda_Bayes.pdf The core advice to be carefull what message you feed to your bayesian database has proven to be sound on MailScanner installations as well. In short: 1. Feed it ~250 HAM and ~250 SPAM messages to start with. 2. Now sparsely feed it SPAM or HAM messages. 3. Feed SPAM if it classified too poorly by other means. 4. Feed HAM messages if they get tagged. Try to keep the numbers relative low to make it work more accurate. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From itdept at fractalweb.com Thu Sep 13 20:16:18 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Thu Sep 13 20:16:58 2007 Subject: Mailscanner with CRM114 - getting past "unknown" in headers In-Reply-To: <50678FBB708A9B4FB6B536F6F657883D028E9643@exch-gman.ad.goodmanmfg.com> References: <46E827BD.4060207@fractalweb.com><50678FBB708A9B4FB6B536F6F657883D028E9642@exch-gman.ad.goodmanmfg.com> <46E97B1E.5070900@fractalweb.com> <50678FBB708A9B4FB6B536F6F657883D028E9643@exch-gman.ad.goodmanmfg.com> Message-ID: <46E98C82.2070903@fractalweb.com> Horton, Robert wrote: > I too have those settings but do not receive them in the delivered > version of the email. There is something very odd going on. Mail to some addresses gets the added headers as I reported earlier, but others do not get the headers. I've done extensive testing using webmail (so as to not corrupt the results due to a mail client stripping off headers) and find that mail to my personal account does indeed get the added headers (but not any data). Mail to some other accounts on the system do not get the CRM114 headers added. WTF?!? I have even sent the same message cc'd to different account and one gets the CRM114 headers, while the others do not. Anyone know what could cause this behaviour? > When running from the command line I get these from spamassassin but > they don't continue to Mailscanner (and never have to my knowledge) This is very odd. I'm in the same boat, except that I sometimes get the headers added to the messages but not other times. Is it somehow recipient dependent? I'm confused. > Have you made any changes in the MailScanner.conf file for those > headers? Not to my knowledge. Chris From MailScanner at ecs.soton.ac.uk Thu Sep 13 20:43:42 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Sep 13 20:44:05 2007 Subject: Question about rules syntax In-Reply-To: <46E8E749.3000302@guttadauro.com> References: <46E8E749.3000302@guttadauro.com> Message-ID: <46E992EE.10205@ecs.soton.ac.uk> As far as I can remember, no, there is no difference. Andrea Bazzanini wrote: > Hello guys.. > > Only one and simple questione. > > Are there different between the follow rules syntax ?? > > FromOrTo: *@domain.it Yes > FromOrTo @domain.it Yes > > > Thanks for your reply :) > > MaruscyA > > -- > Il messaggio e' stato analizzato alla ricerca di virus o > contenuti pericolosi, ed e' risultato non infetto. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Thu Sep 13 20:48:04 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Sep 13 20:48:18 2007 Subject: Can folders and files inside /var/spool/MailScanner/incoming be deleted?? In-Reply-To: <6a7195cc0709130115u11f03aet8a0aabeba118aed8@mail.gmail.com> References: <6a7195cc0709130115u11f03aet8a0aabeba118aed8@mail.gmail.com> Message-ID: <46E993F4.6020301@ecs.soton.ac.uk> vinayan KP wrote: > Hello everyone, > > I am very new to MailScanner and I hope someone could help me to fix > my problem of mailscanner eating up my hard disk space? > > I just found out that /var/spool/MailScanner/incoming folder has lot > of folders and one of them occupies a lot of space. I just want to > know whether I can remover these folders and files that take lot of > space? > If you stop MailScanner, you can then delete the contents of /var/spool/MailScanner/incoming/(any numbered subdirectory), and the SpamAssassin-Temp directory. It will re-create the SpamAssassin-Temp directory if you remove it. You shouldn't have files collecting in there, MailScanner does its housekeeping to stop it collecting files. You don't stop it with "kill -9" do you? If so, then DON'T as this will stop it doing its housekeeping. It takes MailScanner a few seconds to stop, as it is doing its cleaning-up of /var/spool/MailScanner/incoming. Don't delete any files in there while MailScanner is running. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From dave.list at pixelhammer.com Thu Sep 13 20:51:30 2007 From: dave.list at pixelhammer.com (DAve) Date: Thu Sep 13 20:52:56 2007 Subject: Slightly, maybe, offtopic. Message-ID: <46E994C2.8010501@pixelhammer.com> We are investing in VMWare and some other technologies quickly. I understand or have seen mention of, others running MailScanner within VMWare. I am beginning to think that has great potential from a DR and multiple NOC point of view. Any pitfalls in running MailScanner in VMWare I should know about? Thanks, DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From MailScanner at ecs.soton.ac.uk Thu Sep 13 20:56:24 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Sep 13 20:56:39 2007 Subject: choked hold queue In-Reply-To: References: <223f97700709130506x1aca2b2fr3e66370a1cf104f5@mail.gmail.com> Message-ID: <46E995E8.2080708@ecs.soton.ac.uk> Do this, and watch for the pauses: MailScanner --debug --debug-sa It should start printing stuff almost immediately. If there are any huge delays before it starts, that's problem which is easy to fix. Otherwise it depends on where it pauses. The start of the output should come out pretty fast and look like this: [root@alegria qhtml]# MailScanner --debug --debug-sa In Debugging mode, not forking... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp [21761] dbg: logger: adding facilities: all [21761] dbg: logger: logging level is DBG [21761] dbg: generic: SpamAssassin version 3.2.2 [21761] dbg: config: score set 0 chosen. [21761] dbg: util: running in taint mode? no [21761] dbg: dns: no ipv6 [21761] dbg: dns: is Net::DNS::Resolver available? yes [21761] dbg: dns: Net::DNS version: 0.60 [21761] dbg: ignore: test message to precompile patterns and load modules [21761] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [21761] dbg: config: read file /etc/mail/spamassassin/init.pre [21761] dbg: config: read file /etc/mail/spamassassin/v310.pre [21761] dbg: config: read file /etc/mail/spamassassin/v312.pre [21761] dbg: config: read file /etc/mail/spamassassin/v320.pre [21761] dbg: config: using "/var/lib/spamassassin/3.002002" for sys rules pre files [21761] dbg: config: using "/var/lib/spamassassin/3.002002" for default rules dir [21761] dbg: config: read file /var/lib/spamassassin/3.002002/updates_spamassassin_org.cf [21761] dbg: config: using "/etc/mail/spamassassin" for site rules dir [21761] dbg: config: read file /etc/mail/spamassassin/local.cf [21761] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf Where does it pause in the output? (As usual Ctrl-S will stop the output and Ctrl-Q will resume it). Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From paul at blacknight.ie Thu Sep 13 20:56:47 2007 From: paul at blacknight.ie (Paul Kelly :: Blacknight) Date: Thu Sep 13 20:56:49 2007 Subject: Slightly, maybe, offtopic. In-Reply-To: <46E994C2.8010501@pixelhammer.com> References: <46E994C2.8010501@pixelhammer.com> Message-ID: <60711.217.114.163.190.1189713407.squirrel@mail.blacknight.ie> On Thu, September 13, 2007 8:51 pm, DAve wrote: > We are investing in VMWare and some other technologies quickly. I > understand or have seen mention of, others running MailScanner within > VMWare. I am beginning to think that has great potential from a DR and > multiple NOC point of view. > > Any pitfalls in running MailScanner in VMWare I should know about? > MailScanner is happiest with loads of memory and fast disks. If you can use raid 10 storage for your vm's file systems with 15k SAS drives behind it and you pack the host machines with lots of ram there shouldn't be much of an issue doing this. Paul > > Thanks, > > > DAve > > > -- > Three years now I've asked Google why they don't have a > logo change for Memorial Day. Why do they choose to do logos for other > non-international holidays, but nothing for Veterans? > > > Maybe they forgot who made that choice possible. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > Before posting, read http://wiki.mailscanner.info/posting > > > Support MailScanner development - buy the book off the website! > > From MailScanner at ecs.soton.ac.uk Thu Sep 13 20:58:45 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Sep 13 20:59:22 2007 Subject: Virus scanning hanging? In-Reply-To: <8D2EFA3D9FD29C45BCEC3B532F0E2308413589F113@RDPEXCH2.Eu.Emory.Edu> References: <8D2EFA3D9FD29C45BCEC3B532F0E2308413589F113@RDPEXCH2.Eu.Emory.Edu> Message-ID: <46E99675.8030604@ecs.soton.ac.uk> Gottschalk, David wrote: > > It appears that some of the MailScanner processes on one of my boxes > are hanging on Virus scanning. > > ps ?ef | grep ?I mailscanner | grep dangerous > > root 4259 4139 62 10:56 ? 00:29:07 MailScanner: dangerous content scanning > > root 4212 4139 61 10:56 ? 00:28:35 MailScanner: dangerous content scanning > > root 4140 4139 62 10:56 ? 00:29:03 MailScanner: dangerous content scanning > Virus scanning and dangerous content scanning are different. > > Sep 13 10:56:06 mr5 MailScanner[4140]: MCP Checks: Starting > > Sep 13 10:56:09 mr5 MailScanner[4140]: MCP Checks completed at 789370 > bytes per second > > Sep 13 10:56:10 mr5 MailScanner[4140]: Virus and Content Scanning: > Starting > > sudo strace -p 4140 > > Process 4140 attached - interrupt to quit > > Process 4140 detached > > I?m running clamav 0.91.1/4264/Thu Sep 13 02:06:05 2007and bitdefender > BDC/Linux-Console v7.0 (build 2492) (i386) (Dec 11 2003 13:24:00). > > Other mail is flowing fine. Any ideas? > > Any ideas? > > David Gottschalk > UTS Infrastructure Technology Services > david.gottschalk@emory.edu > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From Richard.Frovarp at sendit.nodak.edu Thu Sep 13 21:08:51 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Thu Sep 13 21:08:54 2007 Subject: Slightly, maybe, offtopic. In-Reply-To: <46E994C2.8010501@pixelhammer.com> References: <46E994C2.8010501@pixelhammer.com> Message-ID: <46E998D3.2010806@sendit.nodak.edu> DAve wrote: > We are investing in VMWare and some other technologies quickly. I > understand or have seen mention of, others running MailScanner within > VMWare. I am beginning to think that has great potential from a DR and > multiple NOC point of view. > > Any pitfalls in running MailScanner in VMWare I should know about? > > Thanks, > > DAve > We do have one of our MailScanner boxes under VMWare. We are using their free VMWare server option. The hardware has 2 dual core 3.2 Xeon (so 4 cores total) with 10K RPM drives in RAID 1. It doesn't do much else that is processor intensive on it. This VM has 1 GB of RAM. It handles our internal mail without much of an issue. Since it is internal mail we don't run any MTA defenses in front of it. It handles 40,000 messages a day quite easily, with most of the message occurring during business hours. We do run full SA scans against the mail. I can't think of any pitfalls at the moment. From dave.list at pixelhammer.com Thu Sep 13 21:10:55 2007 From: dave.list at pixelhammer.com (DAve) Date: Thu Sep 13 21:12:23 2007 Subject: Slightly, maybe, offtopic. In-Reply-To: <60711.217.114.163.190.1189713407.squirrel@mail.blacknight.ie> References: <46E994C2.8010501@pixelhammer.com> <60711.217.114.163.190.1189713407.squirrel@mail.blacknight.ie> Message-ID: <46E9994F.8010604@pixelhammer.com> Paul Kelly :: Blacknight wrote: > On Thu, September 13, 2007 8:51 pm, DAve wrote: >> We are investing in VMWare and some other technologies quickly. I >> understand or have seen mention of, others running MailScanner within >> VMWare. I am beginning to think that has great potential from a DR and >> multiple NOC point of view. >> >> Any pitfalls in running MailScanner in VMWare I should know about? >> > > MailScanner is happiest with loads of memory and fast disks. > > If you can use raid 10 storage for your vm's file systems with 15k SAS > drives behind it and you pack the host machines with lots of ram there > shouldn't be much of an issue doing this. > > Paul That shouldn't be a problem, we already have plenty of server under all our MailScanner installs now. We can upgrade if needed. We are looking at the possibility of virtualizing all the servers and using ESX to manage them. We have big DR demands coming due in the coming months and the email systems have to be HA and major disaster proof. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From sconway at wlnet.com Thu Sep 13 21:13:00 2007 From: sconway at wlnet.com (Stephen Conway) Date: Thu Sep 13 21:13:06 2007 Subject: ArchiveMail Exclusions Message-ID: <0ab401c7f642$7c334e00$7499ea00$@com> Hello: I have the requirement to archive mail for some senders to a certain address but not if certain senders are matched, I have put the following but it still always archives, any way to configure this? From: *@dontcopydomain.com and To: @domaintobecopied.com no From: *@* and To: @domaintobecopied.com usertobecopied@otherdomain.com This type of logic works well for the Max Message size rules, to have size restrictions for certain domains than others, but for this ruleset file which is type (AllMatch) as per docs, it doesn't use same logic. Thanks, Steve -- ShipMail Now 30% Faster From mikael at syska.dk Thu Sep 13 21:17:29 2007 From: mikael at syska.dk (Mikael Syska) Date: Thu Sep 13 21:15:42 2007 Subject: RBLs In-Reply-To: References: <1189604039.12031.49.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <46E99AD9.3070501@syska.dk> Hi, Just wondering ... is this a busy system or private home server ? What are the mail flow ? // ouT Scott Silva wrote: > Gareth spake the following on 9/12/2007 6:33 AM: >> Has anyone configured spamassassin to use additional RBLs other than >> what comes in the default configuration? >> >> I use Spamhaus and Spamcop in postfix but there are lots of alternatives >> available and the best way to test them would be to configure them in >> spamassassin and use the mailwatch report to see the % of ham and spam >> it matches. >> > I have a few. > > ---snip---- > > > header RCVD_IN_PSBL eval:check_rbl('psbl', > 'psbl.surriel.com.') > describe RCVD_IN_PSBL Received via a relay in PSBL > tflags RCVD_IN_PSBL net > score RCVD_IN_PSBL 0 1.50 0 1.50 > > header RCVD_IN_UCE_PFSM_1 eval:check_rbl('UCE_PFSM_1', > 'dnsbl-1.uceprotect.net') > describe RCVD_IN_UCE_PFSM_1 Received via a relay in UCE_PFSM_1 > tflags RCVD_IN_UCE_PFSM_1 net > score RCVD_IN_UCE_PFSM_1 0 1.50 0 1.50 > > header RCVD_IN_UCE_PFSM_2 eval:check_rbl('UCE_PFSM_2', > 'dnsbl-2.uceprotect.net') > describe RCVD_IN_UCE_PFSM_2 Received via a relay in UCE_PFSM_2 > tflags RCVD_IN_UCE_PFSM_2 net > score RCVD_IN_UCE_PFSM_2 0 1.50 0 1.50 > > header RCVD_IN_UCE_PFSM_3 eval:check_rbl('UCE_PFSM_3', > 'dnsbl-3.uceprotect.net') > describe RCVD_IN_UCE_PFSM_3 Received via a relay in UCE_PFSM_3 > tflags RCVD_IN_UCE_PFSM_3 net > score RCVD_IN_UCE_PFSM_3 0 1.50 0 1.50 > > > header DNS_FROM_MPBULK_RHSBL eval:check_rbl_from_host('mprhs', > 'bulk.rhs.mailpolice.com.') > describe DNS_FROM_MPBULK_RHSBL From: sender listed in > bulk.rhs.mailpolice.com > tflags DNS_FROM_MPBULK_RHSBL net > score DNS_FROM_MPBULK_RHSBL 2.0 > > > urirhsbl URIBL_BULK_MPRHS bulk.rhs.mailpolice.com. A > body URIBL_BULK_MPRHS eval:check_uridnsbl('URIBL_BULK_MPRHS') > describe URIBL_BULK_MPRHS Contains a URL listed in the MailPolice > bulk senders list > tflags URIBL_BULK_MPRHS net > score URIBL_BULK_MPRHS 2.0 > > > urirhsbl URIBL_PORN_MPRHS porn.rhs.mailpolice.com. A > body URIBL_PORN_MPRHS eval:check_uridnsbl('URIBL_PORN_MPRHS') > describe URIBL_PORN_MPRHS Contains a URL listed in the MailPolice > porn domains list > tflags URIBL_PORN_MPRHS net > score URIBL_PORN_MPRHS 2.0 > > > urirhsbl URIBL_FRAUD_MPRHS fraud.rhs.mailpolice.com. A > body URIBL_FRAUD_MPRHS eval:check_uridnsbl('URIBL_FRAUD_MPRHS') > describe URIBL_FRAUD_MPRHS Contains a URL listed in the MailPolice > fraud domains list > tflags URIBL_FRAUD_MPRHS net > score URIBL_FRAUD_MPRHS 2.0 > > header RCVD_IN_SPAMCANNIBAL eval:check_rbl('spamcannibal', > 'bl.spamcannibal.org.') > describe RCVD_IN_SPAMCANNIBAL Received via a relay in > SpamCannibal > tflags RCVD_IN_SPAMCANNIBAL net > score RCVD_IN_SPAMCANNIBAL 0 1.50 0 1.50 > > header RCVD_IN_MSRBL eval:check_rbl('msrbl', > 'combined.rbl.msrbl.net.') > describe RCVD_IN_MSRBL Received via a relay in MSRBL > tflags RCVD_IN_MSRBL net > score RCVD_IN_MSRBL 0 1.50 0 1.50 > > ---snip--- > > > Some are better than others, as I haven't had time to evaluate them > for a while. > From MailScanner at ecs.soton.ac.uk Thu Sep 13 21:21:09 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Sep 13 21:21:25 2007 Subject: Mailscanner with CRM114 - getting past "unknown" in headers In-Reply-To: <46E98C82.2070903@fractalweb.com> References: <46E827BD.4060207@fractalweb.com><50678FBB708A9B4FB6B536F6F657883D028E9642@exch-gman.ad.goodmanmfg.com> <46E97B1E.5070900@fractalweb.com> <50678FBB708A9B4FB6B536F6F657883D028E9643@exch-gman.ad.goodmanmfg.com> <46E98C82.2070903@fractalweb.com> Message-ID: <46E99BB5.1070008@ecs.soton.ac.uk> MailScanner will not preserve any extra headers added by SpamAssassin. All it uses from SpamAssassin is the spam score and the reports of what rules fired (in order to build the X-MailScanner-SpamCheck: header and the report added in the "attachment" spam action. If you are getting SpamAssassin headers added, then my best guess is that you have spamd running (or some other way of calling SpamAssassin) and/or have the "sendmail" service chkconfig'd on. Do chkconfig spamassassin off chkconfig sendmail off chkconfig MailScanner on service spamassassin stop service sendmail stop service MailScanner restart to clear it all up. Chris Yuzik wrote: > Horton, Robert wrote: >> I too have those settings but do not receive them in the delivered >> version of the email. > > There is something very odd going on. Mail to some addresses gets the > added headers as I reported earlier, but others do not get the > headers. I've done extensive testing using webmail (so as to not > corrupt the results due to a mail client stripping off headers) and > find that mail to my personal account does indeed get the added > headers (but not any data). Mail to some other accounts on the system > do not get the CRM114 headers added. WTF?!? > > I have even sent the same message cc'd to different account and one > gets the CRM114 headers, while the others do not. Anyone know what > could cause this behaviour? > >> When running from the command line I get these from spamassassin but >> they don't continue to Mailscanner (and never have to my knowledge) > > This is very odd. I'm in the same boat, except that I sometimes get > the headers added to the messages but not other times. > > Is it somehow recipient dependent? I'm confused. > >> Have you made any changes in the MailScanner.conf file for those >> headers? > > Not to my knowledge. > > Chris Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Thu Sep 13 21:31:14 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Sep 13 21:31:34 2007 Subject: RBLs In-Reply-To: <46E99AD9.3070501@syska.dk> References: <1189604039.12031.49.camel@gblades-suse.linguaphone-intranet.co.uk> <46E99AD9.3070501@syska.dk> Message-ID: Mikael Syska spake the following on 9/13/2007 1:17 PM: > Hi, > > Just wondering ... is this a busy system or private home server ? What > are the mail flow ? > > // ouT > > Scott Silva wrote: >> Gareth spake the following on 9/12/2007 6:33 AM: >>> Has anyone configured spamassassin to use additional RBLs other than >>> what comes in the default configuration? >>> >>> I use Spamhaus and Spamcop in postfix but there are lots of alternatives >>> available and the best way to test them would be to configure them in >>> spamassassin and use the mailwatch report to see the % of ham and spam >>> it matches. >>> >> I have a few. >> >> ---snip---- >> >> >> header RCVD_IN_PSBL eval:check_rbl('psbl', >> 'psbl.surriel.com.') >> describe RCVD_IN_PSBL Received via a relay in PSBL >> tflags RCVD_IN_PSBL net >> score RCVD_IN_PSBL 0 1.50 0 1.50 >> >> header RCVD_IN_UCE_PFSM_1 eval:check_rbl('UCE_PFSM_1', >> 'dnsbl-1.uceprotect.net') >> describe RCVD_IN_UCE_PFSM_1 Received via a relay in UCE_PFSM_1 >> tflags RCVD_IN_UCE_PFSM_1 net >> score RCVD_IN_UCE_PFSM_1 0 1.50 0 1.50 >> >> header RCVD_IN_UCE_PFSM_2 eval:check_rbl('UCE_PFSM_2', >> 'dnsbl-2.uceprotect.net') >> describe RCVD_IN_UCE_PFSM_2 Received via a relay in UCE_PFSM_2 >> tflags RCVD_IN_UCE_PFSM_2 net >> score RCVD_IN_UCE_PFSM_2 0 1.50 0 1.50 >> >> header RCVD_IN_UCE_PFSM_3 eval:check_rbl('UCE_PFSM_3', >> 'dnsbl-3.uceprotect.net') >> describe RCVD_IN_UCE_PFSM_3 Received via a relay in UCE_PFSM_3 >> tflags RCVD_IN_UCE_PFSM_3 net >> score RCVD_IN_UCE_PFSM_3 0 1.50 0 1.50 >> >> >> header DNS_FROM_MPBULK_RHSBL eval:check_rbl_from_host('mprhs', >> 'bulk.rhs.mailpolice.com.') >> describe DNS_FROM_MPBULK_RHSBL From: sender listed in >> bulk.rhs.mailpolice.com >> tflags DNS_FROM_MPBULK_RHSBL net >> score DNS_FROM_MPBULK_RHSBL 2.0 >> >> >> urirhsbl URIBL_BULK_MPRHS bulk.rhs.mailpolice.com. A >> body URIBL_BULK_MPRHS eval:check_uridnsbl('URIBL_BULK_MPRHS') >> describe URIBL_BULK_MPRHS Contains a URL listed in the MailPolice >> bulk senders list >> tflags URIBL_BULK_MPRHS net >> score URIBL_BULK_MPRHS 2.0 >> >> >> urirhsbl URIBL_PORN_MPRHS porn.rhs.mailpolice.com. A >> body URIBL_PORN_MPRHS eval:check_uridnsbl('URIBL_PORN_MPRHS') >> describe URIBL_PORN_MPRHS Contains a URL listed in the MailPolice >> porn domains list >> tflags URIBL_PORN_MPRHS net >> score URIBL_PORN_MPRHS 2.0 >> >> >> urirhsbl URIBL_FRAUD_MPRHS fraud.rhs.mailpolice.com. A >> body URIBL_FRAUD_MPRHS eval:check_uridnsbl('URIBL_FRAUD_MPRHS') >> describe URIBL_FRAUD_MPRHS Contains a URL listed in the MailPolice >> fraud domains list >> tflags URIBL_FRAUD_MPRHS net >> score URIBL_FRAUD_MPRHS 2.0 >> >> header RCVD_IN_SPAMCANNIBAL eval:check_rbl('spamcannibal', >> 'bl.spamcannibal.org.') >> describe RCVD_IN_SPAMCANNIBAL Received via a relay in >> SpamCannibal >> tflags RCVD_IN_SPAMCANNIBAL net >> score RCVD_IN_SPAMCANNIBAL 0 1.50 0 1.50 >> >> header RCVD_IN_MSRBL eval:check_rbl('msrbl', >> 'combined.rbl.msrbl.net.') >> describe RCVD_IN_MSRBL Received via a relay in MSRBL >> tflags RCVD_IN_MSRBL net >> score RCVD_IN_MSRBL 0 1.50 0 1.50 >> >> ---snip--- >> >> >> Some are better than others, as I haven't had time to evaluate them >> for a while. >> > Corporate mailservers serving about 100 users each in California, US. We are a public utility serving about 80,000 plus consumers in parts of 6 cities. Mail is usually around 10,000 to 15,000 per day before filtering. Usually 1000 or less legitimate mails, some are rather large word documents going back and forth with attorneys. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Thu Sep 13 21:44:16 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Sep 13 21:44:36 2007 Subject: Slightly, maybe, offtopic. In-Reply-To: <46E998D3.2010806@sendit.nodak.edu> References: <46E994C2.8010501@pixelhammer.com> <46E998D3.2010806@sendit.nodak.edu> Message-ID: <46E9A120.8050009@ecs.soton.ac.uk> Richard Frovarp wrote: > DAve wrote: >> We are investing in VMWare and some other technologies quickly. I >> understand or have seen mention of, others running MailScanner within >> VMWare. I am beginning to think that has great potential from a DR >> and multiple NOC point of view. >> >> Any pitfalls in running MailScanner in VMWare I should know about? >> >> Thanks, >> >> DAve >> > > We do have one of our MailScanner boxes under VMWare. We are using > their free VMWare server option. The hardware has 2 dual core 3.2 Xeon > (so 4 cores total) with 10K RPM drives in RAID 1. It doesn't do much > else that is processor intensive on it. This VM has 1 GB of RAM. It > handles our internal mail without much of an issue. Since it is > internal mail we don't run any MTA defenses in front of it. It handles > 40,000 messages a day quite easily, with most of the message occurring > during business hours. We do run full SA scans against the mail. > > I can't think of any pitfalls at the moment. With that hardware spec, it should be capable of handling many times that mail volume. I have a box with 4 dual-core 2.8GHz Xeons, with 15K RPM drives and plenty of RAM. It handles over 2 million messages per day, with 2 virus scanners and all the MailScanner functionality switched on, including SpamAssassin. The only servers I have running VMWare are for our own-a-pc service we offer to our students who need full administrator rights on a dedicated machine of their own for their projects. With 1 box we can serve 40 or 50 virtual PC's as few of the students need to access their PC at the same time. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Thu Sep 13 21:57:18 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Sep 13 21:57:36 2007 Subject: ArchiveMail Exclusions In-Reply-To: <0ab401c7f642$7c334e00$7499ea00$@com> References: <0ab401c7f642$7c334e00$7499ea00$@com> Message-ID: <46E9A42E.8090206@ecs.soton.ac.uk> Stephen, Stephen Conway wrote: > Hello: > > I have the requirement to archive mail for some senders to a certain address > but not if certain senders are matched, I have put the following but it > still always archives, any way to configure this? > > From: *@dontcopydomain.com and To: @domaintobecopied.com > no > That will attempt to archive the mail to a directory called "no" which isn't what you meant. To archive nothing, you just leave it blank, so this is what you meant: From: dontcopydomain.com and to: domaintobecopied.com > From: *@* and To: @domaintobecopied.com > usertobecopied@otherdomain.com > That (the second line) is the same as saying To: domaintobecopied.com usertobecopied@otherdomain.com > This type of logic works well for the Max Message size rules, to have size > restrictions for certain domains than others, but for this ruleset file > which is type (AllMatch) as per docs, it doesn't use same logic. > Correct, as it's an "AllMatch". This means that it will archive to all of the places and addresses specified by all the matching rules. That seemed a sensible thing to do at the time, and I still believe is what most people will want. If you want to make it a FirstMatch, edit /usr/lib/MailScanner/MailScanner/ConfigDefs.pl and move this line: ArchiveMail from the [All,Other] section to the [First,Other] section. Then restart MailScanner, and you will have changed the logic it uses. Dead easy. Remember to re-apply the change when you next upgrade MailScanner, as changes you make to that file will be lost during the upgrade process. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Thu Sep 13 21:59:11 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Sep 13 21:59:35 2007 Subject: RBLs In-Reply-To: References: <1189604039.12031.49.camel@gblades-suse.linguaphone-intranet.co.uk> <46E99AD9.3070501@syska.dk> Message-ID: <46E9A49F.2090905@ecs.soton.ac.uk> Scott Silva wrote: > Mikael Syska spake the following on 9/13/2007 1:17 PM: >> Hi, >> >> Just wondering ... is this a busy system or private home server ? >> What are the mail flow ? >> >> // ouT >> >> Scott Silva wrote: >>> Gareth spake the following on 9/12/2007 6:33 AM: >>>> Has anyone configured spamassassin to use additional RBLs other than >>>> what comes in the default configuration? >>>> >>>> I use Spamhaus and Spamcop in postfix but there are lots of >>>> alternatives >>>> available and the best way to test them would be to configure them in >>>> spamassassin and use the mailwatch report to see the % of ham and spam >>>> it matches. >>>> >>> I have a few. >>> >>> ---snip---- >>> >>> >>> header RCVD_IN_PSBL eval:check_rbl('psbl', >>> 'psbl.surriel.com.') >>> describe RCVD_IN_PSBL Received via a relay in PSBL >>> tflags RCVD_IN_PSBL net >>> score RCVD_IN_PSBL 0 1.50 0 1.50 >>> >>> header RCVD_IN_UCE_PFSM_1 eval:check_rbl('UCE_PFSM_1', >>> 'dnsbl-1.uceprotect.net') >>> describe RCVD_IN_UCE_PFSM_1 Received via a relay in UCE_PFSM_1 >>> tflags RCVD_IN_UCE_PFSM_1 net >>> score RCVD_IN_UCE_PFSM_1 0 1.50 0 1.50 >>> >>> header RCVD_IN_UCE_PFSM_2 eval:check_rbl('UCE_PFSM_2', >>> 'dnsbl-2.uceprotect.net') >>> describe RCVD_IN_UCE_PFSM_2 Received via a relay in UCE_PFSM_2 >>> tflags RCVD_IN_UCE_PFSM_2 net >>> score RCVD_IN_UCE_PFSM_2 0 1.50 0 1.50 >>> >>> header RCVD_IN_UCE_PFSM_3 eval:check_rbl('UCE_PFSM_3', >>> 'dnsbl-3.uceprotect.net') >>> describe RCVD_IN_UCE_PFSM_3 Received via a relay in UCE_PFSM_3 >>> tflags RCVD_IN_UCE_PFSM_3 net >>> score RCVD_IN_UCE_PFSM_3 0 1.50 0 1.50 >>> >>> >>> header DNS_FROM_MPBULK_RHSBL eval:check_rbl_from_host('mprhs', >>> 'bulk.rhs.mailpolice.com.') >>> describe DNS_FROM_MPBULK_RHSBL From: sender listed in >>> bulk.rhs.mailpolice.com >>> tflags DNS_FROM_MPBULK_RHSBL net >>> score DNS_FROM_MPBULK_RHSBL 2.0 >>> >>> >>> urirhsbl URIBL_BULK_MPRHS bulk.rhs.mailpolice.com. A >>> body URIBL_BULK_MPRHS eval:check_uridnsbl('URIBL_BULK_MPRHS') >>> describe URIBL_BULK_MPRHS Contains a URL listed in the MailPolice >>> bulk senders list >>> tflags URIBL_BULK_MPRHS net >>> score URIBL_BULK_MPRHS 2.0 >>> >>> >>> urirhsbl URIBL_PORN_MPRHS porn.rhs.mailpolice.com. A >>> body URIBL_PORN_MPRHS eval:check_uridnsbl('URIBL_PORN_MPRHS') >>> describe URIBL_PORN_MPRHS Contains a URL listed in the MailPolice >>> porn domains list >>> tflags URIBL_PORN_MPRHS net >>> score URIBL_PORN_MPRHS 2.0 >>> >>> >>> urirhsbl URIBL_FRAUD_MPRHS fraud.rhs.mailpolice.com. A >>> body URIBL_FRAUD_MPRHS eval:check_uridnsbl('URIBL_FRAUD_MPRHS') >>> describe URIBL_FRAUD_MPRHS Contains a URL listed in the MailPolice >>> fraud domains list >>> tflags URIBL_FRAUD_MPRHS net >>> score URIBL_FRAUD_MPRHS 2.0 >>> >>> header RCVD_IN_SPAMCANNIBAL >>> eval:check_rbl('spamcannibal', 'bl.spamcannibal.org.') >>> describe RCVD_IN_SPAMCANNIBAL Received via a relay in >>> SpamCannibal >>> tflags RCVD_IN_SPAMCANNIBAL net >>> score RCVD_IN_SPAMCANNIBAL 0 1.50 0 1.50 >>> >>> header RCVD_IN_MSRBL eval:check_rbl('msrbl', >>> 'combined.rbl.msrbl.net.') >>> describe RCVD_IN_MSRBL Received via a relay in MSRBL >>> tflags RCVD_IN_MSRBL net >>> score RCVD_IN_MSRBL 0 1.50 0 1.50 >>> >>> ---snip--- >>> >>> >>> Some are better than others, as I haven't had time to evaluate them >>> for a while. >>> >> > Corporate mailservers serving about 100 users each in California, US. > We are a public utility serving about 80,000 plus consumers in parts > of 6 cities. Mail is usually around 10,000 to 15,000 per day before > filtering. Usually 1000 or less legitimate mails, some are rather > large word documents going back and forth with attorneys. To save space on your mail servers, have you considered trying out the auto-zip functionality in MailScanner? It will squash Word documents a lot. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From itdept at fractalweb.com Thu Sep 13 22:24:16 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Thu Sep 13 22:24:53 2007 Subject: Mailscanner with CRM114 - getting past "unknown" in headers In-Reply-To: <46E99BB5.1070008@ecs.soton.ac.uk> References: <46E827BD.4060207@fractalweb.com><50678FBB708A9B4FB6B536F6F657883D028E9642@exch-gman.ad.goodmanmfg.com> <46E97B1E.5070900@fractalweb.com> <50678FBB708A9B4FB6B536F6F657883D028E9643@exch-gman.ad.goodmanmfg.com> <46E98C82.2070903@fractalweb.com> <46E99BB5.1070008@ecs.soton.ac.uk> Message-ID: <46E9AA80.3060809@fractalweb.com> Jules! Thanks for jumping in on this. Julian Field wrote: > MailScanner will not preserve any extra headers added by SpamAssassin. > All it uses from SpamAssassin is the spam score and the reports of what > rules fired (in order to build the X-MailScanner-SpamCheck: header and > the report added in the "attachment" spam action. Very interesting. Thanks. > If you are getting SpamAssassin headers added, then my best guess is > that you have spamd running (or some other way of calling SpamAssassin) > and/or have the "sendmail" service chkconfig'd on. Do > chkconfig spamassassin off > chkconfig sendmail off > chkconfig MailScanner on > service spamassassin stop > service sendmail stop > service MailScanner restart > to clear it all up. # chkconfig --list | grep spam spamassassin 0:off 1:off 2:off 3:off 4:off 5:off 6:off # chkconfig --list | grep send sendmail 0:off 1:off 2:off 3:off 4:off 5:off 6:off # chkconfig --list | grep MailScanner MailScanner 0:off 1:off 2:on 3:on 4:on 5:on 6:off # service spamassassin status spamd is stopped # service sendmail status sendmail (pid 27116 27111 27107 13556 13364 13282 13227) is running... (but I think this is normal when MailScanner is running) # grep -i sendmail /etc/MailScanner/MailScanner.conf | grep -ve '^#' MTA = sendmail Sendmail = /usr/sbin/sendmail Sendmail2 = /usr/sbin/sendmail Spam List = Aha! How did that get in there. Perhaps that was the culprit. I've shut down MailScanner, and manually shut down sendmail to make certain. -- after some initial testing -- Rats! Nope. I just sent a test message to myself that had the extra headers added. Here's an excerpt: X-Spam-CRM114-Version: UNKNOWN X-Spam-ASN: X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on mail.domain.com X-Spam-CRM114-CacheID: UNKNOWN X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_00 autolearn=unavailable version=3.2.3 X-Spam-CRM114-Status: UNKNOWN ( 0 ) My MailScanner headers don't start with "X-Spam". I have no idea what is running to add those in there. Any ideas? Chris From MailScanner at ecs.soton.ac.uk Thu Sep 13 22:38:24 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Sep 13 22:38:40 2007 Subject: Mailscanner with CRM114 - getting past "unknown" in headers In-Reply-To: <46E9AA80.3060809@fractalweb.com> References: <46E827BD.4060207@fractalweb.com><50678FBB708A9B4FB6B536F6F657883D028E9642@exch-gman.ad.goodmanmfg.com> <46E97B1E.5070900@fractalweb.com> <50678FBB708A9B4FB6B536F6F657883D028E9643@exch-gman.ad.goodmanmfg.com> <46E98C82.2070903@fractalweb.com> <46E99BB5.1070008@ecs.soton.ac.uk> <46E9AA80.3060809@fractalweb.com> Message-ID: <46E9ADD0.3000301@ecs.soton.ac.uk> Chris Yuzik wrote: > Jules! > > Thanks for jumping in on this. > > Julian Field wrote: >> MailScanner will not preserve any extra headers added by >> SpamAssassin. All it uses from SpamAssassin is the spam score and the >> reports of what rules fired (in order to build the >> X-MailScanner-SpamCheck: header and the report added in the >> "attachment" spam action. > > Very interesting. Thanks. > >> If you are getting SpamAssassin headers added, then my best guess is >> that you have spamd running (or some other way of calling >> SpamAssassin) and/or have the "sendmail" service chkconfig'd on. Do >> chkconfig spamassassin off >> chkconfig sendmail off >> chkconfig MailScanner on >> service spamassassin stop >> service sendmail stop >> service MailScanner restart >> to clear it all up. > > # chkconfig --list | grep spam > spamassassin 0:off 1:off 2:off 3:off 4:off 5:off 6:off > > # chkconfig --list | grep send > sendmail 0:off 1:off 2:off 3:off 4:off 5:off 6:off > > # chkconfig --list | grep MailScanner > MailScanner 0:off 1:off 2:on 3:on 4:on 5:on 6:off > > # service spamassassin status > spamd is stopped > > # service sendmail status > sendmail (pid 27116 27111 27107 13556 13364 13282 13227) is running... > (but I think this is normal when MailScanner is running) > > # grep -i sendmail /etc/MailScanner/MailScanner.conf | grep -ve '^#' > MTA = sendmail > Sendmail = /usr/sbin/sendmail > Sendmail2 = /usr/sbin/sendmail > Spam List = > > Aha! How did that get in there. Perhaps that was the culprit. I've > shut down MailScanner, and manually shut down sendmail to make certain. That looks okay to me. > > -- after some initial testing -- > > Rats! Nope. I just sent a test message to myself that had the extra > headers added. Here's an excerpt: > > X-Spam-CRM114-Version: UNKNOWN > X-Spam-ASN: > X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on > mail.domain.com > X-Spam-CRM114-CacheID: UNKNOWN > X-Spam-Level: > X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_00 > autolearn=unavailable version=3.2.3 > X-Spam-CRM114-Status: UNKNOWN ( 0 ) > > My MailScanner headers don't start with "X-Spam". I have no idea what > is running to add those in there. Any ideas? No, sorry. You've either got something in your sendmail.cf that is intercepting the message delivery to call CRM114 or else you've got a milter running or something like that. ps ax | grep -i milter ps ax | grep -i crm114 grep -i crm114 /etc/mail/sendmail.cf grep -i spam /etc/mail/sendmail.cf Those should show up anything interesting happening. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Thu Sep 13 23:25:50 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Sep 13 23:26:14 2007 Subject: RBLs In-Reply-To: <46E9A49F.2090905@ecs.soton.ac.uk> References: <1189604039.12031.49.camel@gblades-suse.linguaphone-intranet.co.uk> <46E99AD9.3070501@syska.dk> <46E9A49F.2090905@ecs.soton.ac.uk> Message-ID: Julian Field spake the following on 9/13/2007 1:59 PM: > > > Scott Silva wrote: >> Mikael Syska spake the following on 9/13/2007 1:17 PM: >>> Hi, >>> >>> Just wondering ... is this a busy system or private home server ? >>> What are the mail flow ? >>> >>> // ouT >>> >>> Scott Silva wrote: >>>> Gareth spake the following on 9/12/2007 6:33 AM: >>>>> Has anyone configured spamassassin to use additional RBLs other than >>>>> what comes in the default configuration? >>>>> >>>>> I use Spamhaus and Spamcop in postfix but there are lots of >>>>> alternatives >>>>> available and the best way to test them would be to configure them in >>>>> spamassassin and use the mailwatch report to see the % of ham and spam >>>>> it matches. >>>>> >>>> I have a few. >>>> >>>> ---snip---- >>>> >>>> >>>> header RCVD_IN_PSBL eval:check_rbl('psbl', >>>> 'psbl.surriel.com.') >>>> describe RCVD_IN_PSBL Received via a relay in PSBL >>>> tflags RCVD_IN_PSBL net >>>> score RCVD_IN_PSBL 0 1.50 0 1.50 >>>> >>>> header RCVD_IN_UCE_PFSM_1 eval:check_rbl('UCE_PFSM_1', >>>> 'dnsbl-1.uceprotect.net') >>>> describe RCVD_IN_UCE_PFSM_1 Received via a relay in UCE_PFSM_1 >>>> tflags RCVD_IN_UCE_PFSM_1 net >>>> score RCVD_IN_UCE_PFSM_1 0 1.50 0 1.50 >>>> >>>> header RCVD_IN_UCE_PFSM_2 eval:check_rbl('UCE_PFSM_2', >>>> 'dnsbl-2.uceprotect.net') >>>> describe RCVD_IN_UCE_PFSM_2 Received via a relay in UCE_PFSM_2 >>>> tflags RCVD_IN_UCE_PFSM_2 net >>>> score RCVD_IN_UCE_PFSM_2 0 1.50 0 1.50 >>>> >>>> header RCVD_IN_UCE_PFSM_3 eval:check_rbl('UCE_PFSM_3', >>>> 'dnsbl-3.uceprotect.net') >>>> describe RCVD_IN_UCE_PFSM_3 Received via a relay in UCE_PFSM_3 >>>> tflags RCVD_IN_UCE_PFSM_3 net >>>> score RCVD_IN_UCE_PFSM_3 0 1.50 0 1.50 >>>> >>>> >>>> header DNS_FROM_MPBULK_RHSBL eval:check_rbl_from_host('mprhs', >>>> 'bulk.rhs.mailpolice.com.') >>>> describe DNS_FROM_MPBULK_RHSBL From: sender listed in >>>> bulk.rhs.mailpolice.com >>>> tflags DNS_FROM_MPBULK_RHSBL net >>>> score DNS_FROM_MPBULK_RHSBL 2.0 >>>> >>>> >>>> urirhsbl URIBL_BULK_MPRHS bulk.rhs.mailpolice.com. A >>>> body URIBL_BULK_MPRHS eval:check_uridnsbl('URIBL_BULK_MPRHS') >>>> describe URIBL_BULK_MPRHS Contains a URL listed in the MailPolice >>>> bulk senders list >>>> tflags URIBL_BULK_MPRHS net >>>> score URIBL_BULK_MPRHS 2.0 >>>> >>>> >>>> urirhsbl URIBL_PORN_MPRHS porn.rhs.mailpolice.com. A >>>> body URIBL_PORN_MPRHS eval:check_uridnsbl('URIBL_PORN_MPRHS') >>>> describe URIBL_PORN_MPRHS Contains a URL listed in the MailPolice >>>> porn domains list >>>> tflags URIBL_PORN_MPRHS net >>>> score URIBL_PORN_MPRHS 2.0 >>>> >>>> >>>> urirhsbl URIBL_FRAUD_MPRHS fraud.rhs.mailpolice.com. A >>>> body URIBL_FRAUD_MPRHS eval:check_uridnsbl('URIBL_FRAUD_MPRHS') >>>> describe URIBL_FRAUD_MPRHS Contains a URL listed in the MailPolice >>>> fraud domains list >>>> tflags URIBL_FRAUD_MPRHS net >>>> score URIBL_FRAUD_MPRHS 2.0 >>>> >>>> header RCVD_IN_SPAMCANNIBAL >>>> eval:check_rbl('spamcannibal', 'bl.spamcannibal.org.') >>>> describe RCVD_IN_SPAMCANNIBAL Received via a relay in >>>> SpamCannibal >>>> tflags RCVD_IN_SPAMCANNIBAL net >>>> score RCVD_IN_SPAMCANNIBAL 0 1.50 0 1.50 >>>> >>>> header RCVD_IN_MSRBL eval:check_rbl('msrbl', >>>> 'combined.rbl.msrbl.net.') >>>> describe RCVD_IN_MSRBL Received via a relay in MSRBL >>>> tflags RCVD_IN_MSRBL net >>>> score RCVD_IN_MSRBL 0 1.50 0 1.50 >>>> >>>> ---snip--- >>>> >>>> >>>> Some are better than others, as I haven't had time to evaluate them >>>> for a while. >>>> >>> >> Corporate mailservers serving about 100 users each in California, US. >> We are a public utility serving about 80,000 plus consumers in parts >> of 6 cities. Mail is usually around 10,000 to 15,000 per day before >> filtering. Usually 1000 or less legitimate mails, some are rather >> large word documents going back and forth with attorneys. > To save space on your mail servers, have you considered trying out the > auto-zip functionality in MailScanner? It will squash Word documents a lot. > > Jules > I considered it a lot, but I'm sure the complaints from the users will just increase. Any change in how things work gives me nothing but grief. You should have heard the noise when I disabled mailing movie files! You would think I unplugged the coffee pot! And when I blocked social pages like Myspace and Facebook at the proxy, people actually had the stones to ask why I did it. I asked them when they had time to do any real work if they were on myspace all day and hinted that HR might be looking at the proxy logs and they all shut up. BOFH!!! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From itdept at fractalweb.com Fri Sep 14 01:02:05 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Fri Sep 14 01:02:45 2007 Subject: Mailscanner with CRM114 - getting past "unknown" in headers In-Reply-To: <46E9ADD0.3000301@ecs.soton.ac.uk> References: <46E827BD.4060207@fractalweb.com><50678FBB708A9B4FB6B536F6F657883D028E9642@exch-gman.ad.goodmanmfg.com> <46E97B1E.5070900@fractalweb.com> <50678FBB708A9B4FB6B536F6F657883D028E9643@exch-gman.ad.goodmanmfg.com> <46E98C82.2070903@fractalweb.com> <46E99BB5.1070008@ecs.soton.ac.uk> <46E9AA80.3060809@fractalweb.com> <46E9ADD0.3000301@ecs.soton.ac.uk> Message-ID: <46E9CF7D.5030301@fractalweb.com> Julian Field wrote: > No, sorry. You've either got something in your sendmail.cf that is > intercepting the message delivery to call CRM114 or else you've got a > milter running or something like that. > ps ax | grep -i milter # ps ax | grep -i milter 2024 pts/1 S+ 0:00 grep -i milter 3803 ? Ssl 6:29 /usr/local/sbin/milter-null Hmmm. Could milter-null be the source of the strangeness? > ps ax | grep -i crm114 # ps ax | grep -i crm114 2248 pts/1 S+ 0:00 grep -i crm114 > grep -i crm114 /etc/mail/sendmail.cf # grep -i crm114 /etc/mail/sendmail.cf nothing > grep -i spam /etc/mail/sendmail.cf # grep -i spam /etc/mail/sendmail.cf # possible access_db RHS for spam friends/haters C{SpamTag}SPAMFRIEND SPAMHATER # Access list database (for spam stomping) # DNS based IP address spam list cbl.abuseat.org # DNS based IP address spam list list.dsbl.org # DNS based IP address spam list sbl-xbl.spamhaus.org R$-.$-.$-.$- $: $(ednsbl $4.$3.$2.$1.sbl-xbl.spamhaus.org. $: OK $) R$+ $#error $@ 5.7.1 $: "554 Rejected " $&{client_addr} " found in sbl-xbl.spamhaus.org" # DNS based IP address spam list zen.spamhaus.org R$-.$-.$-.$- $: $(dnsbl $4.$3.$2.$1.zen.spamhaus.org. $: OK $) R$+ $#error $@ 5.7.1 $: "554 Rejected " $&{client_addr} " found in zen.spamhaus.org" R<$={SpamTag}> <$*> $: @ $2 mark address as no match > Those should show up anything interesting happening. Hopefully this helped. Chris From mailscanner at home.carlo65.de Fri Sep 14 05:51:42 2007 From: mailscanner at home.carlo65.de (R. Ehle (MailScanner Mailinglist)) Date: Fri Sep 14 05:52:24 2007 Subject: AW: Mailscanner with CRM114 - getting past "unknown" in headers In-Reply-To: <46E9AA80.3060809@fractalweb.com> References: <46E827BD.4060207@fractalweb.com><50678FBB708A9B4FB6B536F6F657883D028E9642@exch-gman.ad.goodmanmfg.com> <46E97B1E.5070900@fractalweb.com> <50678FBB708A9B4FB6B536F6F657883D028E9643@exch-gman.ad.goodmanmfg.com> <46E98C82.2070903@fractalweb.com> <46E99BB5.1070008@ecs.soton.ac.uk> <46E9AA80.3060809@fractalweb.com> Message-ID: <4D1CD0994309F84BA83DF998BF0075AF1C320E0DAA@ts-dc2.TS-Webarts.local> Hi Chris, please have a look into your /etc/mail/spamassassin directory and check, if you find a non-empty local.cf file, which should be empty. Best is to have local.cf symlinked to /etc/MailScanner/spam.assassin.prefs.conf. Regards, Roland -----Urspr?ngliche Nachricht----- Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Im Auftrag von Chris Yuzik Gesendet: Donnerstag, 13. September 2007 23:24 An: MailScanner discussion Betreff: Re: Mailscanner with CRM114 - getting past "unknown" in headers Jules! Thanks for jumping in on this. Julian Field wrote: > MailScanner will not preserve any extra headers added by SpamAssassin. > All it uses from SpamAssassin is the spam score and the reports of what > rules fired (in order to build the X-MailScanner-SpamCheck: header and > the report added in the "attachment" spam action. Very interesting. Thanks. > If you are getting SpamAssassin headers added, then my best guess is > that you have spamd running (or some other way of calling SpamAssassin) > and/or have the "sendmail" service chkconfig'd on. Do > chkconfig spamassassin off > chkconfig sendmail off > chkconfig MailScanner on > service spamassassin stop > service sendmail stop > service MailScanner restart > to clear it all up. # chkconfig --list | grep spam spamassassin 0:off 1:off 2:off 3:off 4:off 5:off 6:off # chkconfig --list | grep send sendmail 0:off 1:off 2:off 3:off 4:off 5:off 6:off # chkconfig --list | grep MailScanner MailScanner 0:off 1:off 2:on 3:on 4:on 5:on 6:off # service spamassassin status spamd is stopped # service sendmail status sendmail (pid 27116 27111 27107 13556 13364 13282 13227) is running... (but I think this is normal when MailScanner is running) # grep -i sendmail /etc/MailScanner/MailScanner.conf | grep -ve '^#' MTA = sendmail Sendmail = /usr/sbin/sendmail Sendmail2 = /usr/sbin/sendmail Spam List = Aha! How did that get in there. Perhaps that was the culprit. I've shut down MailScanner, and manually shut down sendmail to make certain. -- after some initial testing -- Rats! Nope. I just sent a test message to myself that had the extra headers added. Here's an excerpt: X-Spam-CRM114-Version: UNKNOWN X-Spam-ASN: X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on mail.domain.com X-Spam-CRM114-CacheID: UNKNOWN X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_00 autolearn=unavailable version=3.2.3 X-Spam-CRM114-Status: UNKNOWN ( 0 ) My MailScanner headers don't start with "X-Spam". I have no idea what is running to add those in there. Any ideas? Chris -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ---------------------------------------------------------- Diese Nachricht wurde von mailMind(R) auf Viren und andere gefaehrliche Inhalte untersucht und ist sauber. --- mailMind(R) - we have your Mailsecurity in mind! http://www.mailmind.de --- From hvdkooij at vanderkooij.org Fri Sep 14 06:43:32 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Sep 14 06:43:47 2007 Subject: Slightly, maybe, offtopic. In-Reply-To: <46E994C2.8010501@pixelhammer.com> References: <46E994C2.8010501@pixelhammer.com> Message-ID: On Thu, 13 Sep 2007, DAve wrote: > We are investing in VMWare and some other technologies quickly. I understand > or have seen mention of, others running MailScanner within VMWare. I am > beginning to think that has great potential from a DR and multiple NOC point > of view. > > Any pitfalls in running MailScanner in VMWare I should know about? Timing is an issue with VmWare. So if you need your logs as proof you should not use VmWare. Beyond that? Nothing you can't think of yourself. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From jen at ah.dk Fri Sep 14 09:01:12 2007 From: jen at ah.dk (Jan Elmqvist Nielsen) Date: Fri Sep 14 09:01:46 2007 Subject: Problems with the lastest Spamassassin 3.2 In-Reply-To: <1189604039.12031.49.camel@gblades-suse.linguaphone-intranet.co.uk> References: <1189604039.12031.49.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <6FEBCA03F26F344484341AC71B6669D133F9FEA4@nhsmail01.nhs.local> Hi All The lastest version af Spamassassin have a great negativ impact of scanning speed, - over 30 sec. For a single mail, and over 10 min. For 30 mails Sep 9 08:38:54 ms3 MailScanner[13443]: Batch (1 message) processed in 35.08 seconds Sep 9 08:39:05 ms3 MailScanner[28616]: Batch (1 message) processed in 32.99 seconds Sep 9 08:41:30 ms3 MailScanner[29579]: Batch (1 message) processed in 35.13 seconds Sep 9 08:43:50 ms3 MailScanner[16936]: Batch (1 message) processed in 35.04 seconds Sep 9 08:44:01 ms3 MailScanner[15264]: Batch (1 message) processed in 33.03 seconds Sep 9 08:44:36 ms3 MailScanner[15264]: Batch (1 message) processed in 34.32 seconds Sep 9 08:45:26 ms3 MailScanner[17200]: Batch (1 message) processed in 34.90 seconds Sep 9 08:50:12 ms3 MailScanner[13443]: Batch (1 message) processed in 36.26 seconds Sep 11 10:56:46 ms3 MailScanner[27136]: Batch (30 messages) processed in 644.63 seconds Sep 11 11:05:24 ms3 MailScanner[16112]: Batch (30 messages) processed in 612.87 seconds Sep 11 11:05:31 ms3 MailScanner[25983]: Batch (30 messages) processed in 615.20 seconds Sep 11 11:06:12 ms3 MailScanner[13657]: Batch (30 messages) processed in 613.25 seconds Sep 11 11:06:47 ms3 MailScanner[16369]: Batch (30 messages) processed in 614.73 seconds Sep 11 11:06:57 ms3 MailScanner[8300]: Batch (30 messages) processed in 635.04 seconds Sep 11 11:07:06 ms3 MailScanner[9209]: Batch (30 messages) processed in 624.50 seconds So have do I downgrade to an older version - 3.1.9? Jan Elmqvist Nielsen From tim.sattler at nordcapital.com Fri Sep 14 09:15:13 2007 From: tim.sattler at nordcapital.com (Sattler, Tim) Date: Fri Sep 14 09:15:18 2007 Subject: Problems with the lastest Spamassassin 3.2 In-Reply-To: <6FEBCA03F26F344484341AC71B6669D133F9FEA4@nhsmail01.nhs.local> References: <1189604039.12031.49.camel@gblades-suse.linguaphone-intranet.co.uk> <6FEBCA03F26F344484341AC71B6669D133F9FEA4@nhsmail01.nhs.local> Message-ID: Jan Elmqvist Nielsen wrote: > The lastest version af Spamassassin have a great negativ impact of > scanning speed, - over 30 sec. For a single mail, and over 10 min. > For 30 mails Do you have Mail::SpamAssassin::Plugin::ASN enabled? It is known to cause performance problems. Regards Tim From mailwatch.kp at gmail.com Fri Sep 14 09:35:48 2007 From: mailwatch.kp at gmail.com (vinayan KP) Date: Fri Sep 14 09:35:51 2007 Subject: Can folders and files inside /var/spool/MailScanner/incoming be deleted?? In-Reply-To: <46E993F4.6020301@ecs.soton.ac.uk> References: <6a7195cc0709130115u11f03aet8a0aabeba118aed8@mail.gmail.com> <46E993F4.6020301@ecs.soton.ac.uk> Message-ID: <6a7195cc0709140135t66514121tcbed7d990ac7332d@mail.gmail.com> Sir, Thank you very much for your mail and I could fix the problem. Vinu On 9/14/07, Julian Field wrote: > > > vinayan KP wrote: > > Hello everyone, > > > > I am very new to MailScanner and I hope someone could help me to fix > > my problem of mailscanner eating up my hard disk space? > > > > I just found out that /var/spool/MailScanner/incoming folder has lot > > of folders and one of them occupies a lot of space. I just want to > > know whether I can remover these folders and files that take lot of > > space? > > > If you stop MailScanner, you can then delete the contents of > /var/spool/MailScanner/incoming/(any numbered subdirectory), and the > SpamAssassin-Temp directory. It will re-create the SpamAssassin-Temp > directory if you remove it. > > You shouldn't have files collecting in there, MailScanner does its > housekeeping to stop it collecting files. You don't stop it with "kill > -9" do you? If so, then DON'T as this will stop it doing its > housekeeping. It takes MailScanner a few seconds to stop, as it is doing > its cleaning-up of /var/spool/MailScanner/incoming. > > Don't delete any files in there while MailScanner is running. > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From simon at saq.co.uk Fri Sep 14 10:24:02 2007 From: simon at saq.co.uk (Simon Jones) Date: Fri Sep 14 10:34:16 2007 Subject: choked hold queue References: <223f97700709130506x1aca2b2fr3e66370a1cf104f5@mail.gmail.com> <46E995E8.2080708@ecs.soton.ac.uk> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 13 September 2007 20:56 > To: MailScanner discussion > Subject: Re: choked hold queue > > Do this, and watch for the pauses: > MailScanner --debug --debug-sa > It should start printing stuff almost immediately. If there are any > huge > delays before it starts, that's problem which is easy to fix. > > Otherwise it depends on where it pauses. The start of the output should > come out pretty fast and look like this: > > [root@alegria qhtml]# MailScanner --debug --debug-sa > In Debugging mode, not forking... > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin- > Temp > [21761] dbg: logger: adding facilities: all > [21761] dbg: logger: logging level is DBG > [21761] dbg: generic: SpamAssassin version 3.2.2 > [21761] dbg: config: score set 0 chosen. > [21761] dbg: util: running in taint mode? no > [21761] dbg: dns: no ipv6 > [21761] dbg: dns: is Net::DNS::Resolver available? yes > [21761] dbg: dns: Net::DNS version: 0.60 > [21761] dbg: ignore: test message to precompile patterns and load > modules > [21761] dbg: config: using "/etc/mail/spamassassin" for site rules pre > files > [21761] dbg: config: read file /etc/mail/spamassassin/init.pre > [21761] dbg: config: read file /etc/mail/spamassassin/v310.pre > [21761] dbg: config: read file /etc/mail/spamassassin/v312.pre > [21761] dbg: config: read file /etc/mail/spamassassin/v320.pre > [21761] dbg: config: using "/var/lib/spamassassin/3.002002" for sys > rules pre files > [21761] dbg: config: using "/var/lib/spamassassin/3.002002" for default > rules dir > [21761] dbg: config: read file > /var/lib/spamassassin/3.002002/updates_spamassassin_org.cf > [21761] dbg: config: using "/etc/mail/spamassassin" for site rules dir > [21761] dbg: config: read file /etc/mail/spamassassin/local.cf > [21761] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf > > Where does it pause in the output? (As usual Ctrl-S will stop the > output > and Ctrl-Q will resume it). > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store Hi Julian, Thanks for the response. I eventually fixed the problem by upping the max children from 10 to 20 so it looks as though the problem was simply load on the system, after a service restart it happily crunched through the hold directory and sent everything on it's merry way! I did MailScanner --debug --debug-sa which seems to pause on [10112] dbg: bayes: untie-ing The pause is for around 10 seconds, everything else seems to run through OK. Simon From MailScanner at ecs.soton.ac.uk Fri Sep 14 10:35:51 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Sep 14 10:36:12 2007 Subject: Problems with the lastest Spamassassin 3.2 In-Reply-To: <6FEBCA03F26F344484341AC71B6669D133F9FEA4@nhsmail01.nhs.local> References: <1189604039.12031.49.camel@gblades-suse.linguaphone-intranet.co.uk> <6FEBCA03F26F344484341AC71B6669D133F9FEA4@nhsmail01.nhs.local> Message-ID: <46EA55F7.8050204@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Have you checked out SpamAssassin bug 5589? It includes a patch which is said to solve most of the speed problems. Please let me know how you get on. Jan Elmqvist Nielsen wrote: > Hi All > > The lastest version af Spamassassin have a great negativ impact of scanning speed, - over 30 sec. For a single mail, and over 10 min. For 30 mails > > Sep 9 08:38:54 ms3 MailScanner[13443]: Batch (1 message) processed in 35.08 seconds > Sep 9 08:39:05 ms3 MailScanner[28616]: Batch (1 message) processed in 32.99 seconds > Sep 9 08:41:30 ms3 MailScanner[29579]: Batch (1 message) processed in 35.13 seconds > Sep 9 08:43:50 ms3 MailScanner[16936]: Batch (1 message) processed in 35.04 seconds > Sep 9 08:44:01 ms3 MailScanner[15264]: Batch (1 message) processed in 33.03 seconds > Sep 9 08:44:36 ms3 MailScanner[15264]: Batch (1 message) processed in 34.32 seconds > Sep 9 08:45:26 ms3 MailScanner[17200]: Batch (1 message) processed in 34.90 seconds > Sep 9 08:50:12 ms3 MailScanner[13443]: Batch (1 message) processed in 36.26 seconds > > Sep 11 10:56:46 ms3 MailScanner[27136]: Batch (30 messages) processed in 644.63 seconds > Sep 11 11:05:24 ms3 MailScanner[16112]: Batch (30 messages) processed in 612.87 seconds > Sep 11 11:05:31 ms3 MailScanner[25983]: Batch (30 messages) processed in 615.20 seconds > Sep 11 11:06:12 ms3 MailScanner[13657]: Batch (30 messages) processed in 613.25 seconds > Sep 11 11:06:47 ms3 MailScanner[16369]: Batch (30 messages) processed in 614.73 seconds > Sep 11 11:06:57 ms3 MailScanner[8300]: Batch (30 messages) processed in 635.04 seconds > Sep 11 11:07:06 ms3 MailScanner[9209]: Batch (30 messages) processed in 624.50 seconds > > So have do I downgrade to an older version - 3.1.9? > > Jan Elmqvist Nielsen > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFG6lX4EfZZRxQVtlQRAvOTAKCY6G+1dIHM6wMeXawAo/UC4fI0SQCgowWP M6RVB0Mn1m0qdGLFUe6q6kk= =GxCc -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From glenn.steen at gmail.com Fri Sep 14 11:06:42 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Sep 14 11:06:45 2007 Subject: choked hold queue In-Reply-To: References: <223f97700709130506x1aca2b2fr3e66370a1cf104f5@mail.gmail.com> <46E995E8.2080708@ecs.soton.ac.uk> Message-ID: <223f97700709140306y538026e1r200bb61b769e133a@mail.gmail.com> On 14/09/2007, Simon Jones wrote: (snip) > > Hi Julian, > > Thanks for the response. I eventually fixed the problem by upping the > max children from 10 to 20 so it looks as though the problem was simply > load on the system, after a service restart it happily crunched through > the hold directory and sent everything on it's merry way! > > I did MailScanner --debug --debug-sa which seems to pause on > > [10112] dbg: bayes: untie-ing > > The pause is for around 10 seconds, everything else seems to run through > OK. > What is the very next line you see? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From grupolistas at gmail.com Fri Sep 14 11:16:16 2007 From: grupolistas at gmail.com (infolistas listas) Date: Fri Sep 14 11:16:19 2007 Subject: domain flags Message-ID: <44c071aa0709140316j3f9d8214u4470fe9e2d1848d9@mail.gmail.com> Hello mailscanner users, I'm having a little problem with mailscanner, and it appears to be only with one users, when this users sends an email to another from her own domain the mail arrives with de {disarmed} flag or dangerous, warning or something like that. All attachments are allowed on for mydomain to mydomain only a couple of users may send outside domain, and she is one that may send outside the domain. Any ideas? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070914/a219c20d/attachment.html From jonas.lilja at exallon.sigma.se Fri Sep 14 12:25:17 2007 From: jonas.lilja at exallon.sigma.se (Jonas Lilja) Date: Fri Sep 14 12:24:55 2007 Subject: question about "unknown string" Message-ID: <34D06C003AA0EA4D8D9B9443E7BDDD9503A99AC4@ikaros.exallon.sigma.se> Hi everybody, Is "unknown string" in the maillog anything I should worry about? I have runned the upgrade_languages_conf-command after upgrading MS to mailscanner-4.63.7-2 Regards Jonas Sep 14 13:15:18 tubes MailScanner[9511]: Looked up unknown string spam in language translation file /etc/MailScanner/reports/en/languages.conf Sep 14 13:15:18 tubes MailScanner[9511]: Looked up unknown string notspam in language translation file /etc/MailScanner/reports/en/languages.conf Sep 14 13:15:20 tubes MailScanner[9511]: Looked up unknown string score in language translation file /etc/MailScanner/reports/en/languages.conf Sep 14 13:15:20 tubes MailScanner[9511]: Looked up unknown string required in language translation file /etc/MailScanner/reports/en/languages.conf Sep 14 13:15:20 tubes MailScanner[9511]: Looked up unknown string notcached in language translation file /etc/MailScanner/reports/en/languages.conf Sep 14 13:15:20 tubes MailScanner[9511]: Looked up unknown string spamassassin in language translation file /etc/MailScanner/reports/en/languages.conf Sep 14 13:15:20 tubes MailScanner[9511]: Looked up unknown string mailscanner in language translation file /etc/MailScanner/reports/en/languages.conf Sep 14 13:15:20 tubes MailScanner[9511]: Looked up unknown string unreadablearchive in language translation file /etc/MailScanner/reports/en/languages.conf Sep 14 13:15:20 tubes MailScanner[9511]: Looked up unknown string passwordedarchive in language translation file /etc/MailScanner/reports/en/languages.conf Sep 14 13:15:20 tubes MailScanner[9511]: Looked up unknown string archivetoodeep in language translation file /etc/MailScanner/reports/en/languages.conf From jen at ah.dk Fri Sep 14 12:29:04 2007 From: jen at ah.dk (Jan Elmqvist Nielsen) Date: Fri Sep 14 12:29:39 2007 Subject: {Spam?} SV: Problems with the lastest Spamassassin 3.2 In-Reply-To: <46EA55F7.8050204@ecs.soton.ac.uk> References: <1189604039.12031.49.camel@gblades-suse.linguaphone-intranet.co.uk> <6FEBCA03F26F344484341AC71B6669D133F9FEA4@nhsmail01.nhs.local> <46EA55F7.8050204@ecs.soton.ac.uk> Message-ID: <6FEBCA03F26F344484341AC71B6669D133F9FEAD@nhsmail01.nhs.local> Our MailScanner believes that the attachment to this message sent to you From: jen@ah.dk Subject: SV: Problems with the lastest Spamassassin 3.2 is Unsolicited Commercial Email (spam). Unless you are sure that this message is incorrectly thought to be spam, please delete this message without opening it. Opening spam messages might allow the spammer to verify your email address. If you believe that this message has been incorrectly marked as spam, please forward this email, as attachment, to jen@ah.dk. pts rule name description ---- ---------------------- -------------------------------------------------- -3.0 LOCAL_FSECURE_RULE LOCAL_FSECURE_RULE -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP 1.3 INFO_TLD URI: Contains an URL in the INFO top-level domain 2.1 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: cavalquitm.net] 3.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist [URIs: cavalquitm.net] 4.1 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist [URIs: cavalquitm.net] -------------- next part -------------- An embedded message was scrubbed... From: Jan Elmqvist Nielsen Subject: SV: Problems with the lastest Spamassassin 3.2 Date: Fri, 14 Sep 2007 13:29:04 +0200 Size: 16339 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070914/d60efbfb/attachment.mht From simon at saq.co.uk Fri Sep 14 12:45:12 2007 From: simon at saq.co.uk (Simon Jones) Date: Fri Sep 14 12:55:25 2007 Subject: choked hold queue References: <223f97700709130506x1aca2b2fr3e66370a1cf104f5@mail.gmail.com><46E995E8.2080708@ecs.soton.ac.uk> <223f97700709140306y538026e1r200bb61b769e133a@mail.gmail.com> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Glenn Steen > Sent: 14 September 2007 11:07 > To: MailScanner discussion > Subject: Re: choked hold queue > > On 14/09/2007, Simon Jones wrote: > (snip) > > > > Hi Julian, > > > > Thanks for the response. I eventually fixed the problem by upping > the > > max children from 10 to 20 so it looks as though the problem was > simply > > load on the system, after a service restart it happily crunched > through > > the hold directory and sent everything on it's merry way! > > > > I did MailScanner --debug --debug-sa which seems to pause on > > > > [10112] dbg: bayes: untie-ing > > > > The pause is for around 10 seconds, everything else seems to run > through > > OK. > > > What is the very next line you see? > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se Hi Glen, Dunno, It doesn't do it now! From MailScanner at ecs.soton.ac.uk Fri Sep 14 13:46:10 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Sep 14 13:46:35 2007 Subject: question about "unknown string" In-Reply-To: <34D06C003AA0EA4D8D9B9443E7BDDD9503A99AC4@ikaros.exallon.sigma.se> References: <34D06C003AA0EA4D8D9B9443E7BDDD9503A99AC4@ikaros.exallon.sigma.se> Message-ID: <46EA8292.2010605@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Check that you ran it correctly. You are missing most of the languages.conf entries. Jonas Lilja wrote: > Hi everybody, > > Is "unknown string" in the maillog anything I should worry about? I have > runned the upgrade_languages_conf-command after upgrading MS to > mailscanner-4.63.7-2 > > Regards > > Jonas > > Sep 14 13:15:18 tubes MailScanner[9511]: Looked up unknown string spam > in language translation file /etc/MailScanner/reports/en/languages.conf > Sep 14 13:15:18 tubes MailScanner[9511]: Looked up unknown string > notspam in language translation file > /etc/MailScanner/reports/en/languages.conf > Sep 14 13:15:20 tubes MailScanner[9511]: Looked up unknown string score > in language translation file /etc/MailScanner/reports/en/languages.conf > Sep 14 13:15:20 tubes MailScanner[9511]: Looked up unknown string > required in language translation file > /etc/MailScanner/reports/en/languages.conf > Sep 14 13:15:20 tubes MailScanner[9511]: Looked up unknown string > notcached in language translation file > /etc/MailScanner/reports/en/languages.conf > Sep 14 13:15:20 tubes MailScanner[9511]: Looked up unknown string > spamassassin in language translation file > /etc/MailScanner/reports/en/languages.conf > Sep 14 13:15:20 tubes MailScanner[9511]: Looked up unknown string > mailscanner in language translation file > /etc/MailScanner/reports/en/languages.conf > Sep 14 13:15:20 tubes MailScanner[9511]: Looked up unknown string > unreadablearchive in language translation file > /etc/MailScanner/reports/en/languages.conf > Sep 14 13:15:20 tubes MailScanner[9511]: Looked up unknown string > passwordedarchive in language translation file > /etc/MailScanner/reports/en/languages.conf > Sep 14 13:15:20 tubes MailScanner[9511]: Looked up unknown string > archivetoodeep in language translation file > /etc/MailScanner/reports/en/languages.conf > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFG6oKYEfZZRxQVtlQRAusXAKCBCIt5RSicruT+2LutrGyWP2gMZwCg8lpZ eZdVqb54ZqsqJNU9N9Y5xKI= =ZkZk -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From simon at saq.co.uk Fri Sep 14 14:02:52 2007 From: simon at saq.co.uk (Simon Jones) Date: Fri Sep 14 14:13:05 2007 Subject: format error: can't find EOCD signature Message-ID: Hi, ok been playing with the debug tool :) What can cause the following when running mailscanner --debug --debug-sa? [20434] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=3.88, head-points=3.88, learned-points=0 [20434] dbg: learn: auto-learn? no: inside auto-learn thresholds, not considered ham or spam Ignore errors about failing to find EOCD signature format error: can't find EOCD signature at /usr/sbin/MailScanner line 820 Stopping now as you are debugging me. This is on a different machine to the previous problems with the choked hold directory btw. Simon Jones From grupolistas at gmail.com Fri Sep 14 14:17:42 2007 From: grupolistas at gmail.com (infolistas listas) Date: Fri Sep 14 14:17:44 2007 Subject: Problem {Dangerous Content?} Message-ID: <44c071aa0709140617y7ee4f7b6q54521e1ac5ddc7d9@mail.gmail.com> For only one specific user I'm getting this message. EX: user1 send mail to user10 and user10 gets this message, but for all others users the mail arrives with no problem. Warning: This message has had one or more attachments removed Warning: (not named). Warning: Please read the "Attachment-Warning.txt" attachment(s) for more information. The sender is specified as allowed to send mail max.attach.size.rules from : user@mydomain.com.br -1 to : *@mydomain.com.br -1 also in filename.rules.conf and filetype To: mydomain.com.br FromOrTo: default /etc/MailScanner/filename.rules.conf To: mydomain.com.br FromOrTo: default /etc/MailScanner/filetype.rules.conf -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070914/ddc7fd03/attachment.html From glenn.steen at gmail.com Fri Sep 14 14:46:56 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Sep 14 14:46:58 2007 Subject: domain flags In-Reply-To: <44c071aa0709140316j3f9d8214u4470fe9e2d1848d9@mail.gmail.com> References: <44c071aa0709140316j3f9d8214u4470fe9e2d1848d9@mail.gmail.com> Message-ID: <223f97700709140646j61e5cfffq991c20b350800db9@mail.gmail.com> On 14/09/2007, infolistas listas wrote: > Hello mailscanner users, > I'm having a little problem with mailscanner, and it appears to be only with > one users, when this users sends an email to another from her own domain the > mail arrives with de {disarmed} flag or dangerous, warning or something like > that. > All attachments are allowed on for mydomain to mydomain only a couple of > users may send outside domain, and she is one that may send outside the > domain. > Any ideas? > Perhaps something she has some cr*p in her signature? Some nice logo, or similar? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Sep 14 14:48:48 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Sep 14 14:48:51 2007 Subject: {Spam?} SV: Problems with the lastest Spamassassin 3.2 In-Reply-To: <6FEBCA03F26F344484341AC71B6669D133F9FEAD@nhsmail01.nhs.local> References: <1189604039.12031.49.camel@gblades-suse.linguaphone-intranet.co.uk> <6FEBCA03F26F344484341AC71B6669D133F9FEA4@nhsmail01.nhs.local> <46EA55F7.8050204@ecs.soton.ac.uk> <6FEBCA03F26F344484341AC71B6669D133F9FEAD@nhsmail01.nhs.local> Message-ID: <223f97700709140648h3b575cadm4df4e67296c06306@mail.gmail.com> On 14/09/2007, Jan Elmqvist Nielsen wrote: > Our MailScanner believes that the attachment to this message sent to you > > From: jen@ah.dk > Subject: SV: Problems with the lastest Spamassassin 3.2 > > is Unsolicited Commercial Email (spam). Unless you are sure that this message > is incorrectly thought to be spam, please delete this message without opening > it. Opening spam messages might allow the spammer to verify your email > address. > > If you believe that this message has been incorrectly marked as spam, please > forward this email, as attachment, to jen@ah.dk. > > pts rule name description > ---- ---------------------- -------------------------------------------------- > -3.0 LOCAL_FSECURE_RULE LOCAL_FSECURE_RULE > -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP > 1.3 INFO_TLD URI: Contains an URL in the INFO top-level domain > 2.1 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist > [URIs: cavalquitm.net] > 3.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist > [URIs: cavalquitm.net] > 4.1 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist > [URIs: cavalquitm.net] > > > Jan, perhaps you should make an exception for the MS list, eh?:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Sep 14 14:49:37 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Sep 14 14:49:39 2007 Subject: choked hold queue In-Reply-To: References: <223f97700709130506x1aca2b2fr3e66370a1cf104f5@mail.gmail.com> <46E995E8.2080708@ecs.soton.ac.uk> <223f97700709140306y538026e1r200bb61b769e133a@mail.gmail.com> Message-ID: <223f97700709140649m6a593b8ds938c0bcc60a08bbd@mail.gmail.com> On 14/09/2007, Simon Jones wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Glenn Steen > > Sent: 14 September 2007 11:07 > > To: MailScanner discussion > > Subject: Re: choked hold queue > > > > On 14/09/2007, Simon Jones wrote: > > (snip) > > > > > > Hi Julian, > > > > > > Thanks for the response. I eventually fixed the problem by upping > > the > > > max children from 10 to 20 so it looks as though the problem was > > simply > > > load on the system, after a service restart it happily crunched > > through > > > the hold directory and sent everything on it's merry way! > > > > > > I did MailScanner --debug --debug-sa which seems to pause on > > > > > > [10112] dbg: bayes: untie-ing > > > > > > The pause is for around 10 seconds, everything else seems to run > > through > > > OK. > > > > > What is the very next line you see? > > > > Cheers > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > Hi Glen, > > Dunno, It doesn't do it now! Ok. Until next time (if ever:-) then... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Sep 14 14:52:47 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Sep 14 14:52:49 2007 Subject: question about "unknown string" In-Reply-To: <34D06C003AA0EA4D8D9B9443E7BDDD9503A99AC4@ikaros.exallon.sigma.se> References: <34D06C003AA0EA4D8D9B9443E7BDDD9503A99AC4@ikaros.exallon.sigma.se> Message-ID: <223f97700709140652n23fbf6f7o2127412a40f6e40e@mail.gmail.com> On 14/09/2007, Jonas Lilja wrote: > Hi everybody, > > Is "unknown string" in the maillog anything I should worry about? I have > runned the upgrade_languages_conf-command after upgrading MS to > mailscanner-4.63.7-2 > > Regards > > Jonas > (snip) You probably cut'n'pasted the suggested commands from the upgrade script, without checking that you really had an .rpmnew file, in the first place. So you likely have the correct file as languages.conf.old ... or somesuch... and have an empty languages.conf file... I'm sure you can figure out how to mv everything back into place:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Sep 14 14:56:10 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Sep 14 14:56:12 2007 Subject: format error: can't find EOCD signature In-Reply-To: References: Message-ID: <223f97700709140656y70970258oc75ff81842e477bb@mail.gmail.com> On 14/09/2007, Simon Jones wrote: > Hi, ok been playing with the debug tool :) > (snip) > Ignore errors about failing to find EOCD signature The above is the only really important line to read, concernuing this. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Sep 14 14:58:40 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Sep 14 14:58:45 2007 Subject: Problem {Dangerous Content?} In-Reply-To: <44c071aa0709140617y7ee4f7b6q54521e1ac5ddc7d9@mail.gmail.com> References: <44c071aa0709140617y7ee4f7b6q54521e1ac5ddc7d9@mail.gmail.com> Message-ID: <223f97700709140658pb063981vb16fc9ec8dc1d9b@mail.gmail.com> On 14/09/2007, infolistas listas wrote: > For only one specific user I'm getting this message. > > EX: user1 send mail to user10 and user10 gets this message, but for all > others users the mail arrives with no problem. > > Warning: This message has had one or more attachments removed > Warning: (not named). > Warning: Please read the "Attachment-Warning.txt" attachment(s) for more > information. > > The sender is specified as allowed to send mail max.attach.size.rules > > from : user@mydomain.com.br -1 > to : *@mydomain.com.br -1 > > also in filename.rules.conf and filetype > > To: mydomain.com.br > FromOrTo: default /etc/MailScanner/filename.rules.conf > > To: mydomain.com.br > FromOrTo: default /etc/MailScanner/filetype.rules.conf > > > If user can send to any other user OK, except user10, then the problematic rule is probably only on user10 ... I assume you've looked at this possibility? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From simon at saq.co.uk Fri Sep 14 14:58:56 2007 From: simon at saq.co.uk (Simon Jones) Date: Fri Sep 14 15:09:11 2007 Subject: format error: can't find EOCD signature References: <223f97700709140656y70970258oc75ff81842e477bb@mail.gmail.com> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Glenn Steen > Sent: 14 September 2007 14:56 > To: MailScanner discussion > Subject: Re: format error: can't find EOCD signature > > On 14/09/2007, Simon Jones wrote: > > Hi, ok been playing with the debug tool :) > > > (snip) > > Ignore errors about failing to find EOCD signature > The above is the only really important line to read, concernuing this. > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se Ok, but what does it mean? More importantly is it causing me problems? The machine seems to scan OK but I can't get bayes to work so it is slightly less effective than the other servers at detecting junk. From grupolistas at gmail.com Fri Sep 14 15:12:46 2007 From: grupolistas at gmail.com (infolistas listas) Date: Fri Sep 14 15:12:50 2007 Subject: domain flags In-Reply-To: <223f97700709140646j61e5cfffq991c20b350800db9@mail.gmail.com> References: <44c071aa0709140316j3f9d8214u4470fe9e2d1848d9@mail.gmail.com> <223f97700709140646j61e5cfffq991c20b350800db9@mail.gmail.com> Message-ID: <44c071aa0709140712n14d0806cv3baa99b5a63589d6@mail.gmail.com> indeed, she has a phone on her signature, is there a way to allow even that? but it only happens when sending mail to one specific user ... 2007/9/14, Glenn Steen : > > On 14/09/2007, infolistas listas wrote: > > Hello mailscanner users, > > I'm having a little problem with mailscanner, and it appears to be only > with > > one users, when this users sends an email to another from her own domain > the > > mail arrives with de {disarmed} flag or dangerous, warning or something > like > > that. > > All attachments are allowed on for mydomain to mydomain only a couple of > > users may send outside domain, and she is one that may send outside the > > domain. > > Any ideas? > > > Perhaps something she has some cr*p in her signature? Some nice logo, > or similar? > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070914/60c5f158/attachment.html From martinh at solidstatelogic.com Fri Sep 14 15:13:33 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Sep 14 15:13:35 2007 Subject: {Spam?} SV: Problems with the lastest Spamassassin 3.2 In-Reply-To: <223f97700709140648h3b575cadm4df4e67296c06306@mail.gmail.com> Message-ID: Not to mention "bouncing" spam is a bad idea as real spam the from: is forged anyway? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Glenn Steen > Sent: 14 September 2007 14:49 > To: MailScanner discussion > Subject: Re: {Spam?} SV: Problems with the lastest Spamassassin 3.2 > > On 14/09/2007, Jan Elmqvist Nielsen wrote: > > Our MailScanner believes that the attachment to this message sent to you > > > > From: jen@ah.dk > > Subject: SV: Problems with the lastest Spamassassin 3.2 > > > > is Unsolicited Commercial Email (spam). Unless you are sure that this > message > > is incorrectly thought to be spam, please delete this message without > opening > > it. Opening spam messages might allow the spammer to verify your email > > address. > > > > If you believe that this message has been incorrectly marked as spam, > please > > forward this email, as attachment, to jen@ah.dk. > > > > pts rule name description > > ---- ---------------------- -------------------------------------------- > ------ > > -3.0 LOCAL_FSECURE_RULE LOCAL_FSECURE_RULE > > -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP > > 1.3 INFO_TLD URI: Contains an URL in the INFO top-level > domain > > 2.1 URIBL_WS_SURBL Contains an URL listed in the WS SURBL > blocklist > > [URIs: cavalquitm.net] > > 3.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL > blocklist > > [URIs: cavalquitm.net] > > 4.1 URIBL_JP_SURBL Contains an URL listed in the JP SURBL > blocklist > > [URIs: cavalquitm.net] > > > > > > > Jan, perhaps you should make an exception for the MS list, eh?:-) > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From grupolistas at gmail.com Fri Sep 14 15:13:48 2007 From: grupolistas at gmail.com (infolistas listas) Date: Fri Sep 14 15:13:52 2007 Subject: Problem {Dangerous Content?} In-Reply-To: <223f97700709140658pb063981vb16fc9ec8dc1d9b@mail.gmail.com> References: <44c071aa0709140617y7ee4f7b6q54521e1ac5ddc7d9@mail.gmail.com> <223f97700709140658pb063981vb16fc9ec8dc1d9b@mail.gmail.com> Message-ID: <44c071aa0709140713x706c83bj19de9949f3ab5891@mail.gmail.com> I have no rules set for this user thats isnt aplied to others ( send attachments ) only that 2007/9/14, Glenn Steen : > > On 14/09/2007, infolistas listas wrote: > > For only one specific user I'm getting this message. > > > > EX: user1 send mail to user10 and user10 gets this message, but for all > > others users the mail arrives with no problem. > > > > Warning: This message has had one or more attachments removed > > Warning: (not named). > > Warning: Please read the "Attachment-Warning.txt" attachment(s) for more > > information. > > > > The sender is specified as allowed to send mail max.attach.size.rules > > > > from : user@mydomain.com.br -1 > > to : *@mydomain.com.br -1 > > > > also in filename.rules.conf and filetype > > > > To: mydomain.com.br > > FromOrTo: default /etc/MailScanner/filename.rules.conf > > > > To: mydomain.com.br > > FromOrTo: default /etc/MailScanner/filetype.rules.conf > > > > > > > If user can send to any other user OK, except user10, then the > problematic rule is probably only on user10 ... I assume you've looked > at this possibility? > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070914/fd76dbf1/attachment.html From ram at netcore.co.in Fri Sep 14 15:20:01 2007 From: ram at netcore.co.in (ram) Date: Fri Sep 14 15:20:16 2007 Subject: spamcheck.rules file and headers In-Reply-To: <46E793B3.3070407@tradoc.fr> References: <1189521978.6976.56.camel@localhost.localdomain> <46E6FD71.6070607@ecs.soton.ac.uk> <1189577197.18246.16.camel@localhost.localdomain> <46E793B3.3070407@tradoc.fr> Message-ID: <1189779601.23988.14.camel@localhost.localdomain> On Wed, 2007-09-12 at 09:22 +0200, John Wilcock wrote: > ram wrote: > > On Tue, 2007-09-11 at 21:41 +0100, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> And when someone else adds a "X-Spamcheck: no" header to all your > >> incoming mail for you? > >> > > Dont worry , I am not that naive :-) > > In the actual implementation I dont plan to have a simple "no" , but a > > varying string ( like your "watermark" idea ). I could change the > > string every day > > What you could do is use the shortcircuit feature introduced in SA 3.2 > to skip all other SA rules if your header matches. > See > http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Plugin_Shortcircuit.html > for details. > > John. > Already doing that. But still SA is invoked and all the network tests are still done inspite of the priority settings I do on my header-check Thanks Ram From glenn.steen at gmail.com Fri Sep 14 15:38:19 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Sep 14 15:38:24 2007 Subject: format error: can't find EOCD signature In-Reply-To: References: <223f97700709140656y70970258oc75ff81842e477bb@mail.gmail.com> Message-ID: <223f97700709140738l745e9a6alcb933079e6c74916@mail.gmail.com> On 14/09/2007, Simon Jones wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Glenn Steen > > Sent: 14 September 2007 14:56 > > To: MailScanner discussion > > Subject: Re: format error: can't find EOCD signature > > > > On 14/09/2007, Simon Jones wrote: > > > Hi, ok been playing with the debug tool :) > > > > > (snip) > > > Ignore errors about failing to find EOCD signature > > The above is the only really important line to read, concernuing this. > > > > Cheers > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > Ok, but what does it mean? More importantly is it causing me problems? > The machine seems to scan OK but I can't get bayes to work so it is > slightly less effective than the other servers at detecting junk. IIRC (haven't looked at this part of the code for a few months) it has to do with the MIME decoding and is a rather harmless warning (Jules does the right thing anyway). It has absolutely nothing to do with bayes, working or not. When looking at bayes, remember to run your SA tests (since that is purely SA) as the postfix user... Might make things more obvious (like if you have some file(s) with the wrong owner/group etc ... in your case they should all be owned by :;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Sep 14 15:39:54 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Sep 14 15:39:56 2007 Subject: domain flags In-Reply-To: <44c071aa0709140712n14d0806cv3baa99b5a63589d6@mail.gmail.com> References: <44c071aa0709140316j3f9d8214u4470fe9e2d1848d9@mail.gmail.com> <223f97700709140646j61e5cfffq991c20b350800db9@mail.gmail.com> <44c071aa0709140712n14d0806cv3baa99b5a63589d6@mail.gmail.com> Message-ID: <223f97700709140739j20d9af36o2008dc8f6044f30a@mail.gmail.com> On 14/09/2007, infolistas listas wrote: > indeed, she has a phone on her signature, is there a way to allow even that? > but it only happens when sending mail to one specific user ... Then it is the rules for that specific user that is acting up, not her rules;-). Cheers > 2007/9/14, Glenn Steen < glenn.steen@gmail.com>: > > > > On 14/09/2007, infolistas listas < grupolistas@gmail.com> wrote: > > > Hello mailscanner users, > > > I'm having a little problem with mailscanner, and it appears to be only > with > > > one users, when this users sends an email to another from her own domain > the > > > mail arrives with de {disarmed} flag or dangerous, warning or something > like > > > that. > > > All attachments are allowed on for mydomain to mydomain only a couple of > > > users may send outside domain, and she is one that may send outside the > > > domain. > > > Any ideas? > > > > > Perhaps something she has some cr*p in her signature? Some nice logo, > > or similar? > > > > Cheers > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Sep 14 15:41:48 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Sep 14 15:41:51 2007 Subject: {Spam?} SV: Problems with the lastest Spamassassin 3.2 In-Reply-To: References: <223f97700709140648h3b575cadm4df4e67296c06306@mail.gmail.com> Message-ID: <223f97700709140741h4a08720dm8228dadbcdcd90c9@mail.gmail.com> On 14/09/2007, Martin.Hepworth wrote: > Not to mention "bouncing" spam is a bad idea as real spam the from: is forged anyway? > Ow... I have to be very tired and should stop working immediately... missing that... Thanks Martin, for pointing that out. Cheers (me longing desperately for $FRIDAY_NIGHT_BEVERAGE ...:) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Sep 14 15:42:56 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Sep 14 15:43:00 2007 Subject: Problem {Dangerous Content?} In-Reply-To: <44c071aa0709140713x706c83bj19de9949f3ab5891@mail.gmail.com> References: <44c071aa0709140617y7ee4f7b6q54521e1ac5ddc7d9@mail.gmail.com> <223f97700709140658pb063981vb16fc9ec8dc1d9b@mail.gmail.com> <44c071aa0709140713x706c83bj19de9949f3ab5891@mail.gmail.com> Message-ID: <223f97700709140742j43915bc2m43a6f6d1393e0cc5@mail.gmail.com> On 14/09/2007, infolistas listas wrote: > I have no rules set for this user thats isnt aplied to others ( send > attachments ) only that > Hm. Strange. Both are "local" users, so that you have control of the rules for both? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dgottsc at emory.edu Fri Sep 14 15:58:25 2007 From: dgottsc at emory.edu (Gottschalk, David) Date: Fri Sep 14 15:58:37 2007 Subject: Incoming dir size? Message-ID: <8D2EFA3D9FD29C45BCEC3B532F0E2308413589F5EA@RDPEXCH2.Eu.Emory.Edu> Hi all, I recently set my /mailscanner/incoming directory to be mounted in memory. One thing I didn't think about before I allocated size is what if a email comes in that is bigger than this filesystem size in memory? Currently, I have 512mb mounted in memory. The size of data on it right now is very small, but I'm afraid it could cause problems if someone sent a massive file (had someone recently send a 1.4gig file via email, no, I'm not joking, it got quarantined though cause it was over max size allowed). I can't find any information on this, so any input would be appreciated. Thanks! David Gottschalk UTS Infrastructure Technology Services david.gottschalk@emory.edu -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070914/b822eca0/attachment.html From grupolistas at gmail.com Fri Sep 14 16:05:57 2007 From: grupolistas at gmail.com (infolistas listas) Date: Fri Sep 14 16:06:02 2007 Subject: domain flags In-Reply-To: <223f97700709140739j20d9af36o2008dc8f6044f30a@mail.gmail.com> References: <44c071aa0709140316j3f9d8214u4470fe9e2d1848d9@mail.gmail.com> <223f97700709140646j61e5cfffq991c20b350800db9@mail.gmail.com> <44c071aa0709140712n14d0806cv3baa99b5a63589d6@mail.gmail.com> <223f97700709140739j20d9af36o2008dc8f6044f30a@mail.gmail.com> Message-ID: <44c071aa0709140805l7ece7f9ua914391692c2a7d2@mail.gmail.com> these rules are global for "her" the specific user and other 10 users 2007/9/14, Glenn Steen : > > On 14/09/2007, infolistas listas wrote: > > indeed, she has a phone on her signature, is there a way to allow even > that? > > but it only happens when sending mail to one specific user ... > > Then it is the rules for that specific user that is acting up, not her > rules;-). > > Cheers > > 2007/9/14, Glenn Steen < glenn.steen@gmail.com>: > > > > > > On 14/09/2007, infolistas listas < grupolistas@gmail.com> wrote: > > > > Hello mailscanner users, > > > > I'm having a little problem with mailscanner, and it appears to be > only > > with > > > > one users, when this users sends an email to another from her own > domain > > the > > > > mail arrives with de {disarmed} flag or dangerous, warning or > something > > like > > > > that. > > > > All attachments are allowed on for mydomain to mydomain only a > couple of > > > > users may send outside domain, and she is one that may send outside > the > > > > domain. > > > > Any ideas? > > > > > > > Perhaps something she has some cr*p in her signature? Some nice logo, > > > or similar? > > > > > > Cheers > > > -- > > > -- Glenn > > > email: glenn < dot > steen < at > gmail < dot > com > > > work: glenn < dot > steen < at > ap1 < dot > se > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070914/5f014a07/attachment.html From grupolistas at gmail.com Fri Sep 14 16:07:25 2007 From: grupolistas at gmail.com (infolistas listas) Date: Fri Sep 14 16:07:36 2007 Subject: Problem {Dangerous Content?} In-Reply-To: <223f97700709140742j43915bc2m43a6f6d1393e0cc5@mail.gmail.com> References: <44c071aa0709140617y7ee4f7b6q54521e1ac5ddc7d9@mail.gmail.com> <223f97700709140658pb063981vb16fc9ec8dc1d9b@mail.gmail.com> <44c071aa0709140713x706c83bj19de9949f3ab5891@mail.gmail.com> <223f97700709140742j43915bc2m43a6f6d1393e0cc5@mail.gmail.com> Message-ID: <44c071aa0709140807h56ec96e7qff222ddb3f0671f9@mail.gmail.com> Both have same rules so as other 10 users ,and it only happens between these 2 2007/9/14, Glenn Steen : > > On 14/09/2007, infolistas listas wrote: > > I have no rules set for this user thats isnt aplied to others ( send > > attachments ) only that > > > Hm. Strange. Both are "local" users, so that you have control of the > rules for both? > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070914/df1779bc/attachment.html From glenn.steen at gmail.com Fri Sep 14 16:10:31 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Sep 14 16:10:35 2007 Subject: Incoming dir size? In-Reply-To: <8D2EFA3D9FD29C45BCEC3B532F0E2308413589F5EA@RDPEXCH2.Eu.Emory.Edu> References: <8D2EFA3D9FD29C45BCEC3B532F0E2308413589F5EA@RDPEXCH2.Eu.Emory.Edu> Message-ID: <223f97700709140810n14b78c20o3fb454fce1ce003@mail.gmail.com> On 14/09/2007, Gottschalk, David wrote: > > > > > Hi all, > > I recently set my /mailscanner/incoming directory to be mounted in > memory. One thing I didn't think about before I allocated size is what if a > email comes in that is bigger than this filesystem size in memory? > Currently, I have 512mb mounted in memory. The size of data on it right now > is very small, but I'm afraid it could cause problems if someone sent a > massive file (had someone recently send a 1.4gig file via email, no, I'm not > joking, it got quarantined though cause it was over max size allowed). I > can't find any information on this, so any input would be appreciated. > > > > Thanks! > I imagine things would literally go to hell in a hurry. When sizing, limit what your MTA will accept to something reasonable, take that size and multiply by batch-size and max children... You might be able to get away with less, since most mails aren't even close to 10 MiB, but ... that is if you need be really really sure;). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mailscanner at yeticomputers.com Fri Sep 14 17:35:01 2007 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Fri Sep 14 17:35:16 2007 Subject: Slightly, maybe, offtopic. In-Reply-To: <46E994C2.8010501@pixelhammer.com> References: <46E994C2.8010501@pixelhammer.com> Message-ID: <46EAB835.80701@yeticomputers.com> I just virtualized my MailScanner setup and find it to be working just as well as it did on a physical server. Slightly better, actually. The base server is a single Xeon 3.0 GHz processor with 3G of RAM. I'm using the free VMWare Server and running two virtual machines on it. The MailScanner setup is running in FreeBSD and has been allocated 1.5G of RAM. It consists of Postfix, Cyrus, MySQL, MailScanner (using SA and clamav, with bdc running in Linux emulation) and also includes an Apache2 server feeding up Squirrelmail. It is happily processing about 30,000 messages per day with a little under 1000 getting into user's mailboxes. The other virtual machine is a nameserver allocated 512M (Ubuntu, PowerDNS, MySQL backend, authoritative for about 100 domains and recursing for a dozen or so in-office users). I have configured VMWare to swap none of the virtual machines' RAM. Both are running fine, both were a P2V done by restoring a backup to the VM. Both servers were less powerful boxes before the swap. The mailserver used to be a 2.4GHz Celeron with 1.5G of RAM and the nameserver was running on an ancient 500MHz P3 Dell server with 512M of RAM. The base server, if it's relevant, is Ubuntu Server 7.04, mostly because I recently started playing with that OS and wanted to see how well it worked in production. The average batch time is about 8 seconds per message, but that's only because my average batch is so small. When I get a decent batch the time goes down to about 4 seconds per message. Neither machine was heavily loaded before virtualization, even though the sheer amount of junk running on the mailserver might seem excessive. I plan on breaking things up a bit eventually, but when this was originally set up I was quite short on servers. :) I'm really liking the virtualization thing, but am acutely conscious of the entire "if the base server goes down, we lose a bunch of services" issue. It makes one think about which VM's to combine on which servers quite carefully. But, the DR benefits are too great to ignore. Rick DAve wrote: > We are investing in VMWare and some other technologies quickly. I > understand or have seen mention of, others running MailScanner within > VMWare. I am beginning to think that has great potential from a DR and > multiple NOC point of view. > > Any pitfalls in running MailScanner in VMWare I should know about? > > Thanks, > > DAve > From joao at psp-informatica.com Fri Sep 14 18:05:50 2007 From: joao at psp-informatica.com (=?ISO-8859-1?Q?Jo=E3o_Mota?=) Date: Fri Sep 14 18:06:00 2007 Subject: Watermarking questions Message-ID: <46EABF6E.70509@psp-informatica.com> Hello everybody, Like many users I've bumped into the new watermarking false-positives issue. Now I'm a mailing list subscriber :) First, a complaint. Why can't any of the developpers find a 5 minute slot to create a simple wiki entry to explain the feature and it's caveats and save all of us newbies half hour (=2 month) of flashbacking in the mailing list archives? Just a couple of lines that show up when you search for watermark in the wiki. I've been looking at some of the false positives after disabling the "Treat Invalid Watermarks With No Sender as Spam" option. I was experiencing problems with my server wich is a incoming and outgoing relay (postfix + fecthmail). The server I relay mail to/from (wich I don't control) is also running spamassassin with qmail, and is probably responsible for the header's removal. I've noticed that the watermark header isn't present in the bounce-message's headers but it's still in the original message's header. Is this setup supose to work? Does the watermark engine search for the watermark in the original message or only in the destination/relay server's message reply? If the server I relay mail to/from starts using watermarking will all my messages be flagged as spam? False positive message follows (notice that neither Outlook or Exchange are present): Received: from localhost (XXXXXXXXX [127.0.0.1]) by XXXXXXXXXXX (Postfix) with ESMTP id 32D9F6E0001 for ; Thu, 13 Sep 2007 18:24:53 +0200 (CEST) Delivered-To: XXXXXX@XXXXXXX Received: from XXXXXXXX by localhost with IMAP (fetchmail-6.2.5) for XXXX@localhost (single-drop); Thu, 13 Sep 2007 18:24:53 +0200 (CEST) Received: (qmail 25899 invoked by uid 2526); 13 Sep 2007 18:22:25 +0200 Received: from 127.0.0.1 by XXXXXXXXXXXX (envelope-from <>, uid 2522) with qmail-scanner-2.01st (clamdscan: 0.90.2/4260. spamassassin: 3.1.9. perlscan: 2.01st. Clear:RC:1(127.0.0.1):. Processed in 0.105389 secs); 13 Sep 2007 16:22:25 -0000 Date: 13 Sep 2007 18:22:25 +0200 From: MAILER-DAEMON@XXXXXXXX To: XXXXX@XXXXXXX Subject: failure notice X-Qmail-Scanner-Message-ID: <118970054599325891@XXXXXXXXX> Message-Id: <20070913162453.32D9F6E0001@XXXXXXXXX> Hi. This is the qmail-send program at XXXXXXXXXXXXXX. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. : XXXXXXXXXXXXX does not like recipient. Remote host said: 550 RCPT TO: User unknown Giving up on XXXXXXXXXXX. --- Below this line is a copy of the message. Return-Path: Received: (qmail 25884 invoked by uid 2526); 13 Sep 2007 18:22:23 +0200 Received: from XXXXXX by XXXXXX (envelope-from , uid 2020) with qmail-scanner-2.01st (clamdscan: 0.90.2/4260. spamassassin: 3.1.9. perlscan: 2.01st. Clear:RC:0(XXXXXXXXX):SA:0(-1.2/7.0):. Processed in 14.880337 secs); 13 Sep 2007 16:22:23 -0000 X-Spam-Status: No, hits=-1.2 required=7.0 Received: from XXXXXXXXXXXXXX (HELO XXXXXXXXX) (XXXXXXXXXXX) by XXXXXXXXXXXX with SMTP; 13 Sep 2007 18:22:07 +0200 Received: from [127.0.0.1] (unknown [192.168.1.8]) by XXXXXXXXXXXXX (Postfix) with ESMTP id EF0886E0001 for ; Thu, 13 Sep 2007 18:21:55 +0200 (CEST) Message-ID: <46E96340.8000703@XXXXXXXXXXXX> Date: Thu, 13 Sep 2007 18:20:16 +0200 From: XXXXXXX@XXXXXXXXX User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: xxx Subject: blablabla Content-Type: multipart/mixed; boundary="------------000606020001090209010502" X-MyDomain-MailScanner-Watermark: 1190305315.99936@NxseHU+Nufs+D87fwdbY8A ....EOF... Sorry for the long mail and thanks for your time, Jo?o Mota -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070914/f96b8bdb/signature.bin From rcooper at dwford.com Fri Sep 14 18:18:38 2007 From: rcooper at dwford.com (Rick Cooper) Date: Fri Sep 14 18:18:46 2007 Subject: format error: can't find EOCD signature In-Reply-To: References: <223f97700709140656y70970258oc75ff81842e477bb@mail.gmail.com> Message-ID: <017d01c7f6f3$4a960520$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Simon Jones > Sent: Friday, September 14, 2007 9:59 AM > To: MailScanner discussion > Subject: RE: format error: can't find EOCD signature > > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Glenn Steen > > Sent: 14 September 2007 14:56 > > To: MailScanner discussion > > Subject: Re: format error: can't find EOCD signature > > > > On 14/09/2007, Simon Jones wrote: > > > Hi, ok been playing with the debug tool :) > > > > > (snip) > > > Ignore errors about failing to find EOCD signature > > The above is the only really important line to read, > concernuing this. > > > > Cheers > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > Ok, but what does it mean? More importantly is it causing me > problems? > The machine seems to scan OK but I can't get bayes to work so it is > slightly less effective than the other servers at detecting junk. > -- It means that MailScanner tried to open a file as a zip that wasn't a zip. Just a thought, Julian, but this comes up even though you put the note about Ignoring EOCD errors in there. I noticed you really don't do anything with The errors, just exit if $zip is undef. If you added the following line Just above the ->new line in UnpackZip: Archive::Zip::setErrorHandler( sub{}); There will be no error string automatically displayed when a Format Error (or any other) occurs Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From itdept at fractalweb.com Fri Sep 14 19:33:57 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Fri Sep 14 19:34:35 2007 Subject: AW: Mailscanner with CRM114 - getting past "unknown" in headers In-Reply-To: <4D1CD0994309F84BA83DF998BF0075AF1C320E0DAA@ts-dc2.TS-Webarts.local> References: <46E827BD.4060207@fractalweb.com><50678FBB708A9B4FB6B536F6F657883D028E9642@exch-gman.ad.goodmanmfg.com> <46E97B1E.5070900@fractalweb.com> <50678FBB708A9B4FB6B536F6F657883D028E9643@exch-gman.ad.goodmanmfg.com> <46E98C82.2070903@fractalweb.com> <46E99BB5.1070008@ecs.soton.ac.uk> <46E9AA80.3060809@fractalweb.com> <4D1CD0994309F84BA83DF998BF0075AF1C320E0DAA@ts-dc2.TS-Webarts.local> Message-ID: <46EAD415.7050407@fractalweb.com> R. Ehle (MailScanner Mailinglist) wrote: > please have a look into your /etc/mail/spamassassin directory and check, if you find a non-empty local.cf file, which should be empty. Best is to have local.cf symlinked to /etc/MailScanner/spam.assassin.prefs.conf. Roland, Ok, have done this. Stopped MailScanner. Checked to make sure there were no sendmail processes still running. Then started MailScanner. I'm still getting the extra headers. This is very strange. I wonder if it's Milter-null that's allowing this to happen. Furthermore, is Milter-null now redundant with MailScanner's watermarking? Chris From sconway at wlnet.com Fri Sep 14 21:21:06 2007 From: sconway at wlnet.com (Stephen Conway) Date: Fri Sep 14 21:21:10 2007 Subject: ArchiveMail Exclusions In-Reply-To: <46E9A42E.8090206@ecs.soton.ac.uk> References: <0ab401c7f642$7c334e00$7499ea00$@com> <46E9A42E.8090206@ecs.soton.ac.uk> Message-ID: <10cf01c7f70c$c7bd2b00$57378100$@com> Hello Julien: Thanks very much for that. Seems to work OK. One other question, is there a way using ArchiveMail to forward messages instead of just make an archive? Ex: To: *@domain.com !somegroupmailbox@otherdomain.com Thanks, Steve -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, September 13, 2007 4:57 PM To: MailScanner discussion Subject: Re: ArchiveMail Exclusions Stephen, Stephen Conway wrote: > Hello: > > I have the requirement to archive mail for some senders to a certain address > but not if certain senders are matched, I have put the following but it > still always archives, any way to configure this? > > From: *@dontcopydomain.com and To: @domaintobecopied.com > no > That will attempt to archive the mail to a directory called "no" which isn't what you meant. To archive nothing, you just leave it blank, so this is what you meant: From: dontcopydomain.com and to: domaintobecopied.com > From: *@* and To: @domaintobecopied.com > usertobecopied@otherdomain.com > That (the second line) is the same as saying To: domaintobecopied.com usertobecopied@otherdomain.com > This type of logic works well for the Max Message size rules, to have size > restrictions for certain domains than others, but for this ruleset file > which is type (AllMatch) as per docs, it doesn't use same logic. > Correct, as it's an "AllMatch". This means that it will archive to all of the places and addresses specified by all the matching rules. That seemed a sensible thing to do at the time, and I still believe is what most people will want. If you want to make it a FirstMatch, edit /usr/lib/MailScanner/MailScanner/ConfigDefs.pl and move this line: ArchiveMail from the [All,Other] section to the [First,Other] section. Then restart MailScanner, and you will have changed the logic it uses. Dead easy. Remember to re-apply the change when you next upgrade MailScanner, as changes you make to that file will be lost during the upgrade process. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- ShipMail Now 30% Faster From alex at nkpanama.com Fri Sep 14 22:09:28 2007 From: alex at nkpanama.com (Alex Neuman van der Hans) Date: Fri Sep 14 22:12:02 2007 Subject: ArchiveMail Exclusions In-Reply-To: <10cf01c7f70c$c7bd2b00$57378100$@com> References: <0ab401c7f642$7c334e00$7499ea00$@com> <46E9A42E.8090206@ecs.soton.ac.uk> <10cf01c7f70c$c7bd2b00$57378100$@com> Message-ID: <46EAF888.8010805@nkpanama.com> Stephen Conway wrote: > Hello Julien: > > Thanks very much for that. Seems to work OK. > > One other question, is there a way using ArchiveMail to forward messages > instead of just make an archive? > > Ex: > > To: *@domain.com !somegroupmailbox@otherdomain.com > > Thanks, > > AFAIK the archive mail setting *does* take an e-mail address as an option to send everything there. You can either use that or, for example, use "non spam actions" to do the same thing (that is, archive everything except spam). > Steve > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Thursday, September 13, 2007 4:57 PM > To: MailScanner discussion > Subject: Re: ArchiveMail Exclusions > > Stephen, > > Stephen Conway wrote: > >> Hello: >> >> I have the requirement to archive mail for some senders to a certain >> > address > >> but not if certain senders are matched, I have put the following but it >> still always archives, any way to configure this? >> >> From: *@dontcopydomain.com and To: @domaintobecopied.com >> no >> >> > That will attempt to archive the mail to a directory called "no" which > isn't what you meant. To archive nothing, you just leave it blank, so > this is what you meant: > From: dontcopydomain.com and to: domaintobecopied.com > >> From: *@* and To: @domaintobecopied.com >> usertobecopied@otherdomain.com >> >> > That (the second line) is the same as saying > To: domaintobecopied.com usertobecopied@otherdomain.com > >> This type of logic works well for the Max Message size rules, to have size >> restrictions for certain domains than others, but for this ruleset file >> which is type (AllMatch) as per docs, it doesn't use same logic. >> >> > Correct, as it's an "AllMatch". This means that it will archive to all > of the places and addresses specified by all the matching rules. That > seemed a sensible thing to do at the time, and I still believe is what > most people will want. > > If you want to make it a FirstMatch, edit > /usr/lib/MailScanner/MailScanner/ConfigDefs.pl and move this line: > ArchiveMail > from the [All,Other] section to the [First,Other] section. > Then restart MailScanner, and you will have changed the logic it uses. > Dead easy. > Remember to re-apply the change when you next upgrade MailScanner, as > changes you make to that file will be lost during the upgrade process. > > Jules > > From vanhorn at whidbey.com Sat Sep 15 01:30:37 2007 From: vanhorn at whidbey.com (G. Armour Van Horn) Date: Sat Sep 15 01:29:08 2007 Subject: Queue control? Message-ID: <46EB27AD.60905@whidbey.com> Some unspeakable person flooded Hotmail with spam that looked like it came from me overnight, and I'm struggling under the onslaught of error messages. Hotmail is pumping the messages in, and as long as the load average is under 12 the system is accepting them, but for the most part they're just piling up and not being delivered to the local user. Earlier this afternoon there were so many files in mqueue.in that I couldn't run ls to see how bad it was. I renamed the directory and created a new one, and not it has over 12,000 files in it, which must mean there are over 6,000 more messages waiting to be processed. I don't really want to read them all, but I do want to get them processed so I can read the valid mail that is certainly hidden in there. I tried bumping the Max children from the default up to 20 to see if that would force it to start delivering the mail, but that when my load average hit 16 I stopped MailScanner. (I did "service MailScanner stop" at a load average of just under 16, it didn't actually stop until the load average had hit 25.) Obviously that wasn't the right approach, so now I've set it down to 3 children which is keeping the memory use and load average within reason, but it still isn't delivering any mail. Is there something I can do to force the system to devote at least some resources to working through the queue instead of just piling it higher? Van -- ---------------------------------------------------------- Sign up now for Quotes of the Day, a handful of quotations on a theme delivered every morning. Enlightenment! Daily, for free! mailto:twisted@whidbey.com?subject=Subscribe_QOTD For photography, web design, hosting, and maintenance, visit Van's home page: http://www.domainvanhorn.com/van/ ----------------------------------------------------------- From doc at maddoc.net Sat Sep 15 03:20:33 2007 From: doc at maddoc.net (Doc Schneider) Date: Sat Sep 15 03:20:43 2007 Subject: Queue control? In-Reply-To: <46EB27AD.60905@whidbey.com> References: <46EB27AD.60905@whidbey.com> Message-ID: <46EB4171.6000404@maddoc.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 G. Armour Van Horn wrote: > Some unspeakable person flooded Hotmail with spam that looked like it > came from me overnight, and I'm struggling under the onslaught of error > messages. Hotmail is pumping the messages in, and as long as the load > average is under 12 the system is accepting them, but for the most part > they're just piling up and not being delivered to the local user. > > Earlier this afternoon there were so many files in mqueue.in that I > couldn't run ls to see how bad it was. I renamed the directory and > created a new one, and not it has over 12,000 files in it, which must > mean there are over 6,000 more messages waiting to be processed. > > I don't really want to read them all, but I do want to get them > processed so I can read the valid mail that is certainly hidden in there. > > I tried bumping the Max children from the default up to 20 to see if > that would force it to start delivering the mail, but that when my load > average hit 16 I stopped MailScanner. (I did "service MailScanner stop" > at a load average of just under 16, it didn't actually stop until the > load average had hit 25.) Obviously that wasn't the right approach, so > now I've set it down to 3 children which is keeping the memory use and > load average within reason, but it still isn't delivering any mail. > > Is there something I can do to force the system to devote at least some > resources to working through the queue instead of just piling it higher? > > Van > > service MailScanner stop service MailScanner startout (this will stop all incoming mail and will just process mail being held in mqueue.in) HTH - -- - -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFG60FxqOEeBwEpgcsRAi/+AJ0R6n4MTVIoZVbAmtnDS4w+WZvvSACfZDgD fvZXgcv4OTvdFWzPDA8FRcw= =3pBO -----END PGP SIGNATURE----- From vanhorn at whidbey.com Sat Sep 15 04:14:02 2007 From: vanhorn at whidbey.com (G. Armour Van Horn) Date: Sat Sep 15 04:12:32 2007 Subject: Queue control? In-Reply-To: <46EB4171.6000404@maddoc.net> References: <46EB27AD.60905@whidbey.com> <46EB4171.6000404@maddoc.net> Message-ID: <46EB4DFA.8030101@whidbey.com> Doc Schneider wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > G. Armour Van Horn wrote: > >> Some unspeakable person flooded Hotmail with spam that looked like it >> came from me overnight, and I'm struggling under the onslaught of error >> messages. Hotmail is pumping the messages in, and as long as the load >> average is under 12 the system is accepting them, but for the most part >> they're just piling up and not being delivered to the local user. >> >> Earlier this afternoon there were so many files in mqueue.in that I >> couldn't run ls to see how bad it was. I renamed the directory and >> created a new one, and not it has over 12,000 files in it, which must >> mean there are over 6,000 more messages waiting to be processed. >> >> I don't really want to read them all, but I do want to get them >> processed so I can read the valid mail that is certainly hidden in there. >> >> I tried bumping the Max children from the default up to 20 to see if >> that would force it to start delivering the mail, but that when my load >> average hit 16 I stopped MailScanner. (I did "service MailScanner stop" >> at a load average of just under 16, it didn't actually stop until the >> load average had hit 25.) Obviously that wasn't the right approach, so >> now I've set it down to 3 children which is keeping the memory use and >> load average within reason, but it still isn't delivering any mail. >> >> Is there something I can do to force the system to devote at least some >> resources to working through the queue instead of just piling it higher? >> >> Van >> >> >> > > service MailScanner stop > service MailScanner startout (this will stop all incoming mail and will > just process mail being held in mqueue.in) > > HTH > > - -- > - -Doc > Lincoln, NE. > http://www.genealogyforyou.com/ > http://www.cairnproductions.com/ > Actually, it looks to me like that just lets Sendmail process the mail being held in mqueue. The problem is, there isn't anything there. If I understand this correctly, it is MailScanner that takes the messages from mqueue.in and moves them to mqueue, which is the part that isn't happening. I tried to modify the "start" section of /etc/init.d/MailScanner to start both the outbound Sendmail and MailScanner, but that wasn't as simple as I hoped. Right now I'm moving massive chunks of mail from the mqueue.in (and backups thereof) into mqueue, then using the "startout" option, which is working. Tedious, but it's working. Of course, if Hotmail has another million messages for me when I start the standard MailScanner back up I don't know what I can do about it. Van -- ---------------------------------------------------------- Sign up now for Quotes of the Day, a handful of quotations on a theme delivered every morning. Enlightenment! Daily, for free! mailto:twisted@whidbey.com?subject=Subscribe_QOTD For photography, web design, hosting, and maintenance, visit Van's home page: http://www.domainvanhorn.com/van/ ----------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070914/7992ea8d/attachment.html From j.ede at birchenallhowden.co.uk Sat Sep 15 07:52:39 2007 From: j.ede at birchenallhowden.co.uk (Jason Ede) Date: Sat Sep 15 07:52:54 2007 Subject: Queue control? In-Reply-To: <46EB4DFA.8030101@whidbey.com> References: <46EB27AD.60905@whidbey.com> <46EB4171.6000404@maddoc.net> <46EB4DFA.8030101@whidbey.com> Message-ID: From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of G. Armour Van Horn Sent: 15 September 2007 04:14 To: MailScanner discussion Subject: Re: Queue control? Doc Schneider wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 G. Armour Van Horn wrote: Some unspeakable person flooded Hotmail with spam that looked like it came from me overnight, and I'm struggling under the onslaught of error messages. Hotmail is pumping the messages in, and as long as the load average is under 12 the system is accepting them, but for the most part they're just piling up and not being delivered to the local user. Earlier this afternoon there were so many files in mqueue.in that I couldn't run ls to see how bad it was. I renamed the directory and created a new one, and not it has over 12,000 files in it, which must mean there are over 6,000 more messages waiting to be processed. I don't really want to read them all, but I do want to get them processed so I can read the valid mail that is certainly hidden in there. I tried bumping the Max children from the default up to 20 to see if that would force it to start delivering the mail, but that when my load average hit 16 I stopped MailScanner. (I did "service MailScanner stop" at a load average of just under 16, it didn't actually stop until the load average had hit 25.) Obviously that wasn't the right approach, so now I've set it down to 3 children which is keeping the memory use and load average within reason, but it still isn't delivering any mail. Is there something I can do to force the system to devote at least some resources to working through the queue instead of just piling it higher? Van service MailScanner stop service MailScanner startout (this will stop all incoming mail and will just process mail being held in mqueue.in) HTH - -- - -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ Actually, it looks to me like that just lets Sendmail process the mail being held in mqueue. The problem is, there isn't anything there. If I understand this correctly, it is MailScanner that takes the messages from mqueue.in and moves them to mqueue, which is the part that isn't happening. I tried to modify the "start" section of /etc/init.d/MailScanner to start both the outbound Sendmail and MailScanner, but that wasn't as simple as I hoped. Right now I'm moving massive chunks of mail from the mqueue.in (and backups thereof) into mqueue, then using the "startout" option, which is working. Tedious, but it's working. Of course, if Hotmail has another million messages for me when I start the standard MailScanner back up I don't know what I can do about it. Van How about keeping MailScanners number of processes low, but increasing the batch size? We had similar problem... Managed to clear the queue by stopping incoming emails on firewall, letting MailScanner work through the queue and then opening up the firewall after I'd stripped down some of the slower spam checks temporarily. Jason ----------------------------------------------------------- The information in this e-mail and any attachments is confidential. It is intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, or person responsible for delivering this information to the intended recipient, please notify the sender or email postmaster@birchenallhowden.co.uk and delete it from your computer systems. Unless you are the intended recipient or his/her representative you are not authorised to, and must not, read, copy, distribute, use or retain this message or any part of it. All messages are scanned by Mailscanner and are believed to be clean. Recipients are advised to apply their own virus checks to any message on delivery. No liability is accepted by BirchenallHowden Ltd for any losses caused by viruses contracted during transit over the internet or present in any recieving system. BirchenallHowden Ltd, 53 Mowbray St, Sheffield S3 8EN. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070915/1b77c5f1/attachment.html From glenn.steen at gmail.com Sat Sep 15 10:42:20 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Sep 15 10:42:23 2007 Subject: Queue control? In-Reply-To: <46EB4DFA.8030101@whidbey.com> References: <46EB27AD.60905@whidbey.com> <46EB4171.6000404@maddoc.net> <46EB4DFA.8030101@whidbey.com> Message-ID: <223f97700709150242g46b3d9bfq2fe4d83a634354b1@mail.gmail.com> On 15/09/2007, G. Armour Van Horn wrote: > > Doc Schneider wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > G. Armour Van Horn wrote: > > > Some unspeakable person flooded Hotmail with spam that looked like it > came from me overnight, and I'm struggling under the onslaught of error > messages. Hotmail is pumping the messages in, and as long as the load > average is under 12 the system is accepting them, but for the most part > they're just piling up and not being delivered to the local user. > > Earlier this afternoon there were so many files in mqueue.in that I > couldn't run ls to see how bad it was. I renamed the directory and > created a new one, and not it has over 12,000 files in it, which must > mean there are over 6,000 more messages waiting to be processed. > > I don't really want to read them all, but I do want to get them > processed so I can read the valid mail that is certainly hidden in there. > > I tried bumping the Max children from the default up to 20 to see if > that would force it to start delivering the mail, but that when my load > average hit 16 I stopped MailScanner. (I did "service MailScanner stop" > at a load average of just under 16, it didn't actually stop until the > load average had hit 25.) Obviously that wasn't the right approach, so > now I've set it down to 3 children which is keeping the memory use and > load average within reason, but it still isn't delivering any mail. > > Is there something I can do to force the system to devote at least some > resources to working through the queue instead of just piling it higher? > > Van > > > > service MailScanner stop > service MailScanner startout (this will stop all incoming mail and will > just process mail being held in mqueue.in) > > HTH > > - -- > - -Doc > Lincoln, NE. > http://www.genealogyforyou.com/ > http://www.cairnproductions.com/ > > Actually, it looks to me like that just lets Sendmail process the mail > being held in mqueue. The problem is, there isn't anything there. If I > understand this correctly, it is MailScanner that takes the messages from > mqueue.in and moves them to mqueue, which is the part that isn't happening. > > I tried to modify the "start" section of /etc/init.d/MailScanner to start > both the outbound Sendmail and MailScanner, but that wasn't as simple as I > hoped. Right now I'm moving massive chunks of mail from the mqueue.in (and > backups thereof) into mqueue, then using the "startout" option, which is > working. Tedious, but it's working. You can do as Doc suggests, then run check_MailScanner, which will start mailscanner... and start filling that outgoing queue. > Of course, if Hotmail has another million messages for me when I start the > standard MailScanner back up I don't know what I can do about it. You might want to temporarily blacklist the sending servers in you MTA or use an FW rule against them. One would think that the i....s would know to scan everything and not bounce bad things. Sigh. If it persists, one could seriously consider some form of action against them.... even legal... I, and probably everyone else here, sympathise with you/your situation.... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From vanhorn at whidbey.com Sat Sep 15 11:33:18 2007 From: vanhorn at whidbey.com (G. Armour Van Horn) Date: Sat Sep 15 11:31:47 2007 Subject: Queue control? In-Reply-To: <223f97700709150242g46b3d9bfq2fe4d83a634354b1@mail.gmail.com> References: <46EB27AD.60905@whidbey.com> <46EB4171.6000404@maddoc.net> <46EB4DFA.8030101@whidbey.com> <223f97700709150242g46b3d9bfq2fe4d83a634354b1@mail.gmail.com> Message-ID: <46EBB4EE.2090708@whidbey.com> Glenn Steen wrote: > On 15/09/2007, G. Armour Van Horn wrote: > >> Doc Schneider wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> G. Armour Van Horn wrote: >> >> >> Some unspeakable person flooded Hotmail with spam that looked like it >> came from me overnight, and I'm struggling under the onslaught of error >> messages. Hotmail is pumping the messages in, and as long as the load >> average is under 12 the system is accepting them, but for the most part >> they're just piling up and not being delivered to the local user. >> >> Earlier this afternoon there were so many files in mqueue.in that I >> couldn't run ls to see how bad it was. I renamed the directory and >> created a new one, and not it has over 12,000 files in it, which must >> mean there are over 6,000 more messages waiting to be processed. >> >> I don't really want to read them all, but I do want to get them >> processed so I can read the valid mail that is certainly hidden in there. >> >> I tried bumping the Max children from the default up to 20 to see if >> that would force it to start delivering the mail, but that when my load >> average hit 16 I stopped MailScanner. (I did "service MailScanner stop" >> at a load average of just under 16, it didn't actually stop until the >> load average had hit 25.) Obviously that wasn't the right approach, so >> now I've set it down to 3 children which is keeping the memory use and >> load average within reason, but it still isn't delivering any mail. >> >> Is there something I can do to force the system to devote at least some >> resources to working through the queue instead of just piling it higher? >> >> Van >> >> >> >> service MailScanner stop >> service MailScanner startout (this will stop all incoming mail and will >> just process mail being held in mqueue.in) >> >> HTH >> >> - -- >> - -Doc >> Lincoln, NE. >> http://www.genealogyforyou.com/ >> http://www.cairnproductions.com/ >> >> Actually, it looks to me like that just lets Sendmail process the mail >> being held in mqueue. The problem is, there isn't anything there. If I >> understand this correctly, it is MailScanner that takes the messages from >> mqueue.in and moves them to mqueue, which is the part that isn't happening. >> >> I tried to modify the "start" section of /etc/init.d/MailScanner to start >> both the outbound Sendmail and MailScanner, but that wasn't as simple as I >> hoped. Right now I'm moving massive chunks of mail from the mqueue.in (and >> backups thereof) into mqueue, then using the "startout" option, which is >> working. Tedious, but it's working. >> > > You can do as Doc suggests, then run check_MailScanner, which will > start mailscanner... and start filling that outgoing queue. > > >> Of course, if Hotmail has another million messages for me when I start the >> standard MailScanner back up I don't know what I can do about it. >> > > You might want to temporarily blacklist the sending servers in you MTA > or use an FW rule against them. One would think that the i....s would > know to scan everything and not bounce bad things. Sigh. If it > persists, one could seriously consider some form of action against > them.... even legal... > > I, and probably everyone else here, sympathise with you/your situation.... > > Cheers > Another list member mailed me privately and suggested I add "Scan messages = no" to my Mailscanner.conf, which isn't how I normally want to run but it definitely sped things up. I also dropped the threshold in Sendmail for maximum load average for receiving mail. Sendmail defaults to cutting off incoming SMTP at a load average of 12, I dropped this to 8, and then to 4, which throttled things down to where the queue was consistently shrinking. When things were at their worst I was deleting the messages at the server through Webmin, although that put a fair load on the server. I took care of about 33,000 messages that way, and have picked up over 28,000 in my normal error-handling e-mail client. There are roughly 15,000 still on the server, and though it's slowed down dramatically since this afternoon, there are still more of the errors coming in. So with 75,000 so far, I'd expect it to hit 85,000 if the jerk doesn't run this again tomorrow. Either his list was really, really bad, or it was really, really huge. Van -- ---------------------------------------------------------- Sign up now for Quotes of the Day, a handful of quotations on a theme delivered every morning. Enlightenment! Daily, for free! mailto:twisted@whidbey.com?subject=Subscribe_QOTD For photography, web design, hosting, and maintenance, visit Van's home page: http://www.domainvanhorn.com/van/ ----------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070915/2511103e/attachment-0001.html From hvdkooij at vanderkooij.org Sat Sep 15 13:35:01 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Sep 15 13:35:15 2007 Subject: Incoming dir size? In-Reply-To: <8D2EFA3D9FD29C45BCEC3B532F0E2308413589F5EA@RDPEXCH2.Eu.Emory.Edu> References: <8D2EFA3D9FD29C45BCEC3B532F0E2308413589F5EA@RDPEXCH2.Eu.Emory.Edu> Message-ID: On Fri, 14 Sep 2007, Gottschalk, David wrote: > Hi all, > I recently set my /mailscanner/incoming directory to be mounted in memory. One thing I didn't think about before I allocated size is what if a email comes in that is bigger than this filesystem size in memory? Currently, I have 512mb mounted in memory. The size of data on it right now is very small, but I'm afraid it could cause problems if someone sent a massive file (had someone recently send a 1.4gig file via email, no, I'm not joking, it got quarantined though cause it was over max size allowed). I can't find any information on this, so any input would be appreciated. Even with 2 GB you can run into trouble. I did not store the samples I have seen bringing down a Barracuda down as it picked apart a message and ended up with more then 2 GB of work files. (OCR scanning will do that to you.) I know it was a reasonably large PDF files containing lot's of images which it tried to pick apart into uncompressed raw bitmaps. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From hvdkooij at vanderkooij.org Sat Sep 15 13:46:50 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Sep 15 13:47:11 2007 Subject: Queue control? In-Reply-To: <46EBB4EE.2090708@whidbey.com> References: <46EB27AD.60905@whidbey.com> <46EB4171.6000404@maddoc.net> <46EB4DFA.8030101@whidbey.com> <223f97700709150242g46b3d9bfq2fe4d83a634354b1@mail.gmail.com> <46EBB4EE.2090708@whidbey.com> Message-ID: On Sat, 15 Sep 2007, G. Armour Van Horn wrote: > When things were at their worst I was deleting the messages at the server > through Webmin, although that put a fair load on the server. I took care of > about 33,000 messages that way, and have picked up over 28,000 in my normal > error-handling e-mail client. There are roughly 15,000 still on the server, > and though it's slowed down dramatically since this afternoon, there are > still more of the errors coming in. So with 75,000 so far, I'd expect it to > hit 85,000 if the jerk doesn't run this again tomorrow. > > Either his list was really, really bad, or it was really, really huge. All lists are very, very bad. On my domain there are at least a 1000 unique addresses in use by spammers. In real life there is only a handfull of valid users here. I recommend you see if there is a unique signature in the headers and see if you can instruct sendmail to drop those. In postfix I got headers checks like: /^Subject: =\?big5\?/ REJECT Chinese encoding not allowed here. /^Subject: =\?GB2312\?/ REJECT Chinese encoding not allowed here. /^X-Mailer: Foxmail 4.1 [cn]/ REJECT Chinese encoding not allowed here. /^X-Mailer: Foxmail 4.2 [cn]/ REJECT Chinese encoding not allowed here. /^Subject: =\?EUC-KR\?/ REJECT Korean encoding not allowed here. /^Subject: =\?KOI8-R\?/ REJECT Russian encoding not allowed here. /^Subject: ADV:/ REJECT Advertisements not accepted here. /^Subject: Out of Office AutoReply:/ REJECT Autoreplies are considered harmfull! /^X-MDSend-Notifications-To: \[trash\]/ REJECT Autoreplies are considered harmfull! /^Subject: .* is out of the office$/ REJECT Autoreplies are considered harmfull! /^Subject: Abwesenheitsnotiz: / REJECT Autoreplies are considered harmfull! /^Auto-Submitted: auto-replied/ REJECT Autoreplies are considered harmfull! I got rid of a significant number of those blasted out-of-office messages this way. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From MailScanner at ecs.soton.ac.uk Sat Sep 15 14:40:19 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Sep 15 14:40:38 2007 Subject: Incoming dir size? In-Reply-To: <8D2EFA3D9FD29C45BCEC3B532F0E2308413589F5EA@RDPEXCH2.Eu.Emory.Edu> References: <8D2EFA3D9FD29C45BCEC3B532F0E2308413589F5EA@RDPEXCH2.Eu.Emory.Edu> Message-ID: <46EBE0C3.6070504@ecs.soton.ac.uk> For starters, don't use a fixed size ram disk, use tmpfs which will only allocate as much ram as is needed at any given time, and will allocate space out of swap if it runs out of ram. So do that for starters, together with a reasonable size swapfile, and also put in a sensible limit on the max message size in your MTA (say, 100Mb). Gottschalk, David wrote: > > Hi all, > > I recently set my /mailscanner/incoming directory to be mounted in > memory. One thing I didn?t think about before I allocated size is what > if a email comes in that is bigger than this filesystem size in > memory? Currently, I have 512mb mounted in memory. The size of data on > it right now is very small, but I?m afraid it could cause problems if > someone sent a massive file (had someone recently send a 1.4gig file > via email, no, I?m not joking, it got quarantined though cause it was > over max size allowed). I can?t find any information on this, so any > input would be appreciated. > > Thanks! > > David Gottschalk > UTS Infrastructure Technology Services > david.gottschalk@emory.edu > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Sat Sep 15 14:54:41 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Sep 15 14:54:57 2007 Subject: ArchiveMail Exclusions In-Reply-To: <10cf01c7f70c$c7bd2b00$57378100$@com> References: <0ab401c7f642$7c334e00$7499ea00$@com> <46E9A42E.8090206@ecs.soton.ac.uk> <10cf01c7f70c$c7bd2b00$57378100$@com> Message-ID: <46EBE421.1070400@ecs.soton.ac.uk> As it says right at the top of the comment about Archive Mail =, you can include # Space-separated list of any combination of # 1. email addresses to which mail should be forwarded, # 2. directory names where you want mail to be stored, # 3. file names (they must already exist!) to which mail will be appended # in "mbox" format suitable for most Unix mail systems. Stephen Conway wrote: > Hello Julien: > > Thanks very much for that. Seems to work OK. > > One other question, is there a way using ArchiveMail to forward messages > instead of just make an archive? > > Ex: > > To: *@domain.com !somegroupmailbox@otherdomain.com > > Thanks, > > Steve > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Thursday, September 13, 2007 4:57 PM > To: MailScanner discussion > Subject: Re: ArchiveMail Exclusions > > Stephen, > > Stephen Conway wrote: > >> Hello: >> >> I have the requirement to archive mail for some senders to a certain >> > address > >> but not if certain senders are matched, I have put the following but it >> still always archives, any way to configure this? >> >> From: *@dontcopydomain.com and To: @domaintobecopied.com >> no >> >> > That will attempt to archive the mail to a directory called "no" which > isn't what you meant. To archive nothing, you just leave it blank, so > this is what you meant: > From: dontcopydomain.com and to: domaintobecopied.com > >> From: *@* and To: @domaintobecopied.com >> usertobecopied@otherdomain.com >> >> > That (the second line) is the same as saying > To: domaintobecopied.com usertobecopied@otherdomain.com > >> This type of logic works well for the Max Message size rules, to have size >> restrictions for certain domains than others, but for this ruleset file >> which is type (AllMatch) as per docs, it doesn't use same logic. >> >> > Correct, as it's an "AllMatch". This means that it will archive to all > of the places and addresses specified by all the matching rules. That > seemed a sensible thing to do at the time, and I still believe is what > most people will want. > > If you want to make it a FirstMatch, edit > /usr/lib/MailScanner/MailScanner/ConfigDefs.pl and move this line: > ArchiveMail > from the [All,Other] section to the [First,Other] section. > Then restart MailScanner, and you will have changed the logic it uses. > Dead easy. > Remember to re-apply the change when you next upgrade MailScanner, as > changes you make to that file will be lost during the upgrade process. > > Jules > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From itdept at fractalweb.com Sat Sep 15 21:28:14 2007 From: itdept at fractalweb.com (Chris Yuzik) Date: Sat Sep 15 21:28:23 2007 Subject: is milter-null redundant? Message-ID: <46EC405E.2080802@fractalweb.com> Now that we've got MailScanner with built-in watermarking, is milter-null now redundant? Or is there still some benefit to running both? From martinh at solidstatelogic.com Sun Sep 16 09:39:17 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Sun Sep 16 09:39:49 2007 Subject: is milter-null redundant? In-Reply-To: <46EC405E.2080802@fractalweb.com> Message-ID: <47a850635a6378459b980cd5bddf2300@solidstatelogic.com> Chris Still useful is stopping spam etc getting to your mailscanner in the first place. Alternatives that will stop unknown recipients also usefull http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:reject_non_existent_users -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Chris Yuzik > Sent: 15 September 2007 21:28 > To: MailScanner discussion > Subject: is milter-null redundant? > > Now that we've got MailScanner with built-in watermarking, is > milter-null now redundant? Or is there still some benefit to running both? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From lists at masonc.com Sun Sep 16 14:43:08 2007 From: lists at masonc.com (Chris Mason (Lists)) Date: Sun Sep 16 14:43:14 2007 Subject: MailScanner + Zimbra...anyone done it before? In-Reply-To: <223f97700709080415qaae36c0s520781cded88a94b@mail.gmail.com> References: <6F097294-4AEA-4BD1-8C89-2799A4087AC2@gray.net.au> <223f97700709080415qaae36c0s520781cded88a94b@mail.gmail.com> Message-ID: <46ED32EC.9080806@masonc.com> Glenn Steen wrote: > As Martin suggested, putting MS on a separate GW box would be a simple > and easily maintainable thing (I do this for M-Sexchange... I'm very interested to know how this is done. I would like to have a box that runs Postfix/MailScanner to receive and send mail as I trust this setup, but with user accounts on a separate Exchange server as the users want an Exchange server. Can anyone point me to a HOWTO on how to do this or give me some pointers? -- Chris Mason Anguilla: (264) 497-5670 Fax: (264) 497-8463 Cell: 264-235-5670 International: (305) 704-7249 Fax: (815)301-9759 Yahoo IM only: netconcepts_anguilla@yahoo.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solidstatelogic.com Sun Sep 16 15:22:10 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Sun Sep 16 15:22:19 2007 Subject: MailScanner + Zimbra...anyone done it before? In-Reply-To: <46ED32EC.9080806@masonc.com> Message-ID: Chris It's in the wiki...for postfix http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:setup_a_gateway -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Chris Mason (Lists) > Sent: 16 September 2007 14:43 > To: MailScanner discussion > Subject: Re: MailScanner + Zimbra...anyone done it before? > > Glenn Steen wrote: > > > As Martin suggested, putting MS on a separate GW box would be a simple > > and easily maintainable thing (I do this for M-Sexchange... > > I'm very interested to know how this is done. I would like to have a box > that runs Postfix/MailScanner to receive and send mail as I trust this > setup, but with user accounts on a separate Exchange server as the users > want an Exchange server. > > Can anyone point me to a HOWTO on how to do this or give me some pointers? > > > -- > Chris Mason > Anguilla: (264) 497-5670 Fax: (264) 497-8463 Cell: 264-235-5670 > International: (305) 704-7249 Fax: (815)301-9759 > Yahoo IM only: netconcepts_anguilla@yahoo.com > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From martin.wickman at xms.se Sun Sep 16 16:21:13 2007 From: martin.wickman at xms.se (Martin Wickman) Date: Sun Sep 16 16:21:22 2007 Subject: User postfix refuses to run sa-learn Message-ID: <46ED49E9.1060006@xms.se> Hi I'm running MailScanner with spamassassin and postfix. I have configured postfix to execute a script which runs sa-learn on all new mails that gets sent to the 'spam' user. The idea is to update the site-global /var/spool/MailScanner/spamassassin/bayes.* database automatically when my users forwards their spam. In postfix/master.cf I have this rule: spam unix - n n - - pipe user=postfix:postfix argv=/usr/local/bin/sa-learn-wrapper.pl spam ${sender} That says that postfix should run a command which updates the bayes database. BUT that fails horrible because postfix refuses to run commands as the postfix user... 'Run As User' is postfix and thus /var/spool/.../bayes* is also owned by postfix. Afaik I *need* to run sa-learn as postfix since the bayes-database and spamassassin is owned and ran by postfix. Its some kind of catch-22 here :( Apart from chmod 666 /var/spool/.../bayes* and using nobody:nobody, do you guys have any ideas how to fix this? /Thanks! From martin.wickman at xms.se Sun Sep 16 16:24:04 2007 From: martin.wickman at xms.se (Martin Wickman) Date: Sun Sep 16 16:24:15 2007 Subject: User postfix refuses to run sa-learn Message-ID: <46ED4A94.7020604@xms.se> Hi I'm running MailScanner with spamassassin and postfix. I have configured postfix to execute a script which runs sa-learn on all new mails that gets sent to the 'spam' user. The idea is to update the site-global /var/spool/MailScanner/spamassassin/bayes.* database automatically when my users forwards their spam. In postfix/master.cf I have this rule: spam unix - n n - - pipe user=postfix:postfix argv=/usr/local/bin/sa-learn-wrapper.pl spam ${sender} That says that postfix should run a command which updates the bayes database. BUT that fails horrible because postfix refuses to run commands as the postfix user... 'Run As User' is postfix and thus /var/spool/.../bayes* is also owned by postfix. Afaik I *need* to run sa-learn as postfix since the bayes-database and spamassassin is owned and ran by postfix. Its some kind of catch-22 here :( Apart from chmod 666 /var/spool/.../bayes* and using nobody:nobody, do you guys have any ideas how to fix this? /Thanks! From glenn.steen at gmail.com Sun Sep 16 16:42:46 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Sep 16 16:42:49 2007 Subject: User postfix refuses to run sa-learn In-Reply-To: <46ED49E9.1060006@xms.se> References: <46ED49E9.1060006@xms.se> Message-ID: <223f97700709160842q49ed4403s592affe14f826734@mail.gmail.com> On 16/09/2007, Martin Wickman wrote: > Hi > > I'm running MailScanner with spamassassin and postfix. I have configured > postfix to execute a script which runs sa-learn on all new mails that > gets sent to the 'spam' user. The idea is to update the site-global > /var/spool/MailScanner/spamassassin/bayes.* database automatically when > my users forwards their spam. > > In postfix/master.cf I have this rule: > > spam unix - n n - - pipe user=postfix:postfix > argv=/usr/local/bin/sa-learn-wrapper.pl spam ${sender} > > That says that postfix should run a command which updates the bayes > database. > > BUT that fails horrible because postfix refuses to run commands as the > postfix user... > > 'Run As User' is postfix and thus /var/spool/.../bayes* is also owned by > postfix. Afaik I *need* to run sa-learn as postfix since the > bayes-database and spamassassin is owned and ran by postfix. Its some > kind of catch-22 here :( > > Apart from chmod 666 /var/spool/.../bayes* and using nobody:nobody, do > you guys have any ideas how to fix this? > > /Thanks! Hej Martin, fisrt up... What is your bayessetup in SA? bayes_path ... etc... Second... When run like that, aren't you in the chroot jail? So paths etc would be "wrong", so to speak...? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martin.wickman at xms.se Sun Sep 16 17:01:07 2007 From: martin.wickman at xms.se (Martin Wickman) Date: Sun Sep 16 17:01:18 2007 Subject: User postfix refuses to run sa-learn In-Reply-To: <223f97700709160842q49ed4403s592affe14f826734@mail.gmail.com> References: <46ED49E9.1060006@xms.se> <223f97700709160842q49ed4403s592affe14f826734@mail.gmail.com> Message-ID: <46ED5343.7000605@xms.se> Glenn Steen wrote: > On 16/09/2007, Martin Wickman wrote: >> Hi >> >> I'm running MailScanner with spamassassin and postfix. I have configured >> postfix to execute a script which runs sa-learn on all new mails that >> gets sent to the 'spam' user. The idea is to update the site-global >> /var/spool/MailScanner/spamassassin/bayes.* database automatically when >> my users forwards their spam. >> >> In postfix/master.cf I have this rule: >> >> spam unix - n n - - pipe user=postfix:postfix >> argv=/usr/local/bin/sa-learn-wrapper.pl spam ${sender} >> >> That says that postfix should run a command which updates the bayes >> database. >> >> BUT that fails horrible because postfix refuses to run commands as the >> postfix user... >> >> 'Run As User' is postfix and thus /var/spool/.../bayes* is also owned by >> postfix. Afaik I *need* to run sa-learn as postfix since the >> bayes-database and spamassassin is owned and ran by postfix. Its some >> kind of catch-22 here :( >> >> Apart from chmod 666 /var/spool/.../bayes* and using nobody:nobody, do >> you guys have any ideas how to fix this? >> > > fisrt up... What is your bayessetup in SA? bayes_path ... etc... > Second... When run like that, aren't you in the chroot jail? So paths > etc would be "wrong", so to speak...? It's a standard setup more or less. No chroot jail at the moment. bayes_path is /var/spool/MailScanner/spamassassin/bayes This is not a path problem, its a problem because SA runs as postfix and I need sa-learn to run as postfix as well, since the bayes database in bayes_path is postfix owned. From glenn.steen at gmail.com Sun Sep 16 17:18:46 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Sep 16 17:18:49 2007 Subject: User postfix refuses to run sa-learn In-Reply-To: <46ED5343.7000605@xms.se> References: <46ED49E9.1060006@xms.se> <223f97700709160842q49ed4403s592affe14f826734@mail.gmail.com> <46ED5343.7000605@xms.se> Message-ID: <223f97700709160918t50c13453sa9e21276daf17123@mail.gmail.com> On 16/09/2007, Martin Wickman wrote: > Glenn Steen wrote: > > On 16/09/2007, Martin Wickman wrote: > >> Hi > >> > >> I'm running MailScanner with spamassassin and postfix. I have configured > >> postfix to execute a script which runs sa-learn on all new mails that > >> gets sent to the 'spam' user. The idea is to update the site-global > >> /var/spool/MailScanner/spamassassin/bayes.* database automatically when > >> my users forwards their spam. > >> > >> In postfix/master.cf I have this rule: > >> > >> spam unix - n n - - pipe user=postfix:postfix > >> argv=/usr/local/bin/sa-learn-wrapper.pl spam ${sender} > >> > >> That says that postfix should run a command which updates the bayes > >> database. > >> > >> BUT that fails horrible because postfix refuses to run commands as the > >> postfix user... > >> > >> 'Run As User' is postfix and thus /var/spool/.../bayes* is also owned by > >> postfix. Afaik I *need* to run sa-learn as postfix since the > >> bayes-database and spamassassin is owned and ran by postfix. Its some > >> kind of catch-22 here :( > >> > >> Apart from chmod 666 /var/spool/.../bayes* and using nobody:nobody, do > >> you guys have any ideas how to fix this? > >> > > > > fisrt up... What is your bayessetup in SA? bayes_path ... etc... > > Second... When run like that, aren't you in the chroot jail? So paths > > etc would be "wrong", so to speak...? > > It's a standard setup more or less. No chroot jail at the moment. > bayes_path is /var/spool/MailScanner/spamassassin/bayes And you don't run Postfix chrooted? That happens to be the standard on most distros (of Linux)... So it might be something like that still. It wouldn't show if you "su- postfix -s /bin/bash", since that wouldn't be chrooted to (something like) /var/spool/postfix, just have it's home dir there. As to the "standard setup", where you put bayes isn't that much standardised... I still wan't to know _if_ you have bayes_path etc set in such a way that all invocations of SA will find/use that setting (I suspect this is the case, but ... better safe than sorry:-). A classic problems is that one lacks the mailscanner.cf link to spam.assassin.prefs.conf, so anything set there isn't picked up by sa-learn etc... Which would default to trying to use $HOME/.spamassassin/... for everything bayes... and the default for that dir (which also is the root of the jail) usually isn't writable by the postfix user (and shouldn't be!). > This is not a path problem, its a problem because SA runs as postfix and > I need sa-learn to run as postfix as well, since the bayes database in > bayes_path is postfix owned. Fine, but do tell if you have the symbolic link from /etc/mail/spamassassin/mailscanner.cf to /etc/MailScanner/spam.assassin.prefs.conf, please. If you do the su from above, can you run the script successfully by hand? What error logs do you get? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martin.wickman at xms.se Sun Sep 16 18:57:39 2007 From: martin.wickman at xms.se (Martin Wickman) Date: Sun Sep 16 18:57:53 2007 Subject: User postfix refuses to run sa-learn In-Reply-To: <223f97700709160918t50c13453sa9e21276daf17123@mail.gmail.com> References: <46ED49E9.1060006@xms.se> <223f97700709160842q49ed4403s592affe14f826734@mail.gmail.com> <46ED5343.7000605@xms.se> <223f97700709160918t50c13453sa9e21276daf17123@mail.gmail.com> Message-ID: <46ED6E93.3020705@xms.se> Glenn Steen wrote: > On 16/09/2007, Martin Wickman wrote: >> Glenn Steen wrote: >>> On 16/09/2007, Martin Wickman wrote: >>>> I'm running MailScanner with spamassassin and postfix. I have configured >>>> postfix to execute a script which runs sa-learn on all new mails that >>>> gets sent to the 'spam' user. The idea is to update the site-global >>>> /var/spool/MailScanner/spamassassin/bayes.* database automatically when >>>> my users forwards their spam. >>>> >>>> In postfix/master.cf I have this rule: >>>> >>>> spam unix - n n - - pipe user=postfix:postfix >>>> argv=/usr/local/bin/sa-learn-wrapper.pl spam ${sender} >>>> >>>> That says that postfix should run a command which updates the bayes >>>> database. >>>> >>>> BUT that fails horrible because postfix refuses to run commands as the >>>> postfix user... >>>> >>>> 'Run As User' is postfix and thus /var/spool/.../bayes* is also owned by >>>> postfix. Afaik I *need* to run sa-learn as postfix since the >>>> bayes-database and spamassassin is owned and ran by postfix. Its some >>>> kind of catch-22 here :( [..] > And you don't run Postfix chrooted? That happens to be the standard on > most distros (of Linux)... So it might be something like that still. > It wouldn't show if you "su- postfix -s /bin/bash", since that > wouldn't be chrooted to (something like) /var/spool/postfix, just have > it's home dir there. Well, its CentOS postfix rpm built from http://postfix.wl0.org/en/ and I'm pretty sure its not chrooted. > As to the "standard setup", where you put bayes isn't that much > standardised... I still wan't to know _if_ you have bayes_path etc set > in such a way that all invocations of SA will find/use that setting (I > suspect this is the case, but ... better safe than sorry:-). A classic > problems is that one lacks the mailscanner.cf link to > spam.assassin.prefs.conf, so anything set there isn't picked up by > sa-learn etc... Which would default to trying to use > $HOME/.spamassassin/... for everything bayes... and the default for > that dir (which also is the root of the jail) usually isn't writable > by the postfix user (and shouldn't be!). Ok, thanks for you help, but I dont think that is the problem. The problem is that postfix owns the bayes-files and the postfix-software dont want to run scripts as the postfix user. pipe(8) explains this as "The software refuses to execute commands with root privileges, or with the privileges of the mail system owner." Btw, the setup is taken from http://www.jousset.org/pub/sa-postfix.en.html if you want de details. Thats site is off-line or something, but google has working cache: http://www.google.com/search?q=cache:S0-FoGYZSHwJ:www.jousset.org/pub/sa-postfix.en.html+http://www.jousset.org/pub/sa-postfix.en.html&hl=en&ct=clnk&cd=1&gl=se&client=firefox-a >> This is not a path problem, its a problem because SA runs as postfix and >> I need sa-learn to run as postfix as well, since the bayes database in >> bayes_path is postfix owned. > Fine, but do tell if you have the symbolic link from > /etc/mail/spamassassin/mailscanner.cf to > /etc/MailScanner/spam.assassin.prefs.conf, please. Yupp: $ file /etc/mail/spamassassin/mailscanner.cf /etc/mail/spamassassin/mailscanner.cf: symbolic link to `/etc/MailScanner/spam.assassin.prefs.conf' > If you do the su from above, can you run the script successfully by hand? > What error logs do you get? No errors, ie: [root@xxx ~]# su -s /bin/sh postfix sh-3.1$ id uid=89(postfix) gid=89(postfix) groups=12(mail),89(postfix) sh-3.1$ sa-learn --spam /tmp/spamish Learned tokens from 1 message(s) (1 message(s) examined) sh-3.1$ sa-learn --forget /tmp/spamish Forgot tokens from 1 message(s) (1 message(s) examined) For the record, running as a non-root, not-postfix user gives this error as expected: $ sa-learn --forget /tmp/spamish bayes: expire_old_tokens: locker: safe_lock: cannot create lockfile /var/spool/MailScanner/spamassassin/bayes.mutex: Permission denied Forgot tokens from 0 message(s) (1 message(s) examined) bayes: locker: safe_lock: cannot create lockfile /var/spool/MailScanner/spamassassin/bayes.mutex: Permission denied From glenn.steen at gmail.com Sun Sep 16 19:26:46 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Sep 16 19:26:49 2007 Subject: User postfix refuses to run sa-learn In-Reply-To: <46ED6E93.3020705@xms.se> References: <46ED49E9.1060006@xms.se> <223f97700709160842q49ed4403s592affe14f826734@mail.gmail.com> <46ED5343.7000605@xms.se> <223f97700709160918t50c13453sa9e21276daf17123@mail.gmail.com> <46ED6E93.3020705@xms.se> Message-ID: <223f97700709161126i5729511co80c1d26bf540d133@mail.gmail.com> On 16/09/2007, Martin Wickman wrote: > Glenn Steen wrote: > (snip) > > And you don't run Postfix chrooted? That happens to be the standard on > > most distros (of Linux)... So it might be something like that still. > > It wouldn't show if you "su- postfix -s /bin/bash", since that > > wouldn't be chrooted to (something like) /var/spool/postfix, just have > > it's home dir there. > > Well, its CentOS postfix rpm built from http://postfix.wl0.org/en/ and > I'm pretty sure its not chrooted. Ok. > > As to the "standard setup", where you put bayes isn't that much > > standardised... I still wan't to know _if_ you have bayes_path etc set > > in such a way that all invocations of SA will find/use that setting (I > > suspect this is the case, but ... better safe than sorry:-). A classic > > problems is that one lacks the mailscanner.cf link to > > spam.assassin.prefs.conf, so anything set there isn't picked up by > > sa-learn etc... Which would default to trying to use > > $HOME/.spamassassin/... for everything bayes... and the default for > > that dir (which also is the root of the jail) usually isn't writable > > by the postfix user (and shouldn't be!). > > Ok, thanks for you help, but I dont think that is the problem. The > problem is that postfix owns the bayes-files and the postfix-software > dont want to run scripts as the postfix user. pipe(8) explains this as > "The software refuses to execute commands with root privileges, > or with the privileges of the mail system owner." Ah. Yes. Might be a problem:-D. So then a rethink might be in order. Why not just let procmail or a cron job handle it? Procmail should be fairly easy, provided you have it already... well, even if you don't:-). Or running a cronjob that "plunders" the spam mailbox (which would need be a real mailbox) and run the script on the messages... should be fairly easy too. I'm sure there are others that have done something like that before, perhaps even documented it (haven't checked the wiki)... > Btw, the setup is taken from > http://www.jousset.org/pub/sa-postfix.en.html if you want de details. > Thats site is off-line or something, but google has working cache: > http://www.google.com/search?q=cache:S0-FoGYZSHwJ:www.jousset.org/pub/sa-postfix.en.html+http://www.jousset.org/pub/sa-postfix.en.html&hl=en&ct=clnk&cd=1&gl=se&client=firefox-a > Too tired to go look, perhaps tomorrow:). > >> This is not a path problem, its a problem because SA runs as postfix and > >> I need sa-learn to run as postfix as well, since the bayes database in > >> bayes_path is postfix owned. > > Fine, but do tell if you have the symbolic link from > > /etc/mail/spamassassin/mailscanner.cf to > > /etc/MailScanner/spam.assassin.prefs.conf, please. > > Yupp: > > $ file /etc/mail/spamassassin/mailscanner.cf > /etc/mail/spamassassin/mailscanner.cf: symbolic link to > `/etc/MailScanner/spam.assassin.prefs.conf' > Good, and thanks. Thought so, but ... it's best to cover all basic stuff first:-). > > If you do the su from above, can you run the script successfully by hand? > > What error logs do you get? > > No errors, ie: > > [root@xxx ~]# su -s /bin/sh postfix > sh-3.1$ id > uid=89(postfix) gid=89(postfix) groups=12(mail),89(postfix) > sh-3.1$ sa-learn --spam /tmp/spamish > Learned tokens from 1 message(s) (1 message(s) examined) > sh-3.1$ sa-learn --forget /tmp/spamish > Forgot tokens from 1 message(s) (1 message(s) examined) Looks good, kind of like expected. > For the record, running as a non-root, not-postfix user gives this error > as expected: > > $ sa-learn --forget /tmp/spamish > bayes: expire_old_tokens: locker: safe_lock: cannot create lockfile > /var/spool/MailScanner/spamassassin/bayes.mutex: Permission denied > Forgot tokens from 0 message(s) (1 message(s) examined) > bayes: locker: safe_lock: cannot create lockfile > /var/spool/MailScanner/spamassassin/bayes.mutex: Permission denied As expected... One wonders what would happen if you played a bit with the script and the "sticky bit".... A "non-PF script" calls the sticky "PF script"...;-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From list-mailscanner at linguaphone.com Sun Sep 16 19:26:48 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Sun Sep 16 19:26:58 2007 Subject: User postfix refuses to run sa-learn In-Reply-To: <46ED49E9.1060006@xms.se> Message-ID: Personally I configure bayes to store the tokens in a mysql database. Avoids all the problems with permissions and makes it much easier to perform backups aswell. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Martin > Wickman > Sent: 16 September 2007 16:21 > To: mailscanner@lists.mailscanner.info > Subject: User postfix refuses to run sa-learn > > > Hi > > I'm running MailScanner with spamassassin and postfix. I have configured > postfix to execute a script which runs sa-learn on all new mails that > gets sent to the 'spam' user. The idea is to update the site-global > /var/spool/MailScanner/spamassassin/bayes.* database automatically when > my users forwards their spam. > > In postfix/master.cf I have this rule: > > spam unix - n n - - pipe user=postfix:postfix > argv=/usr/local/bin/sa-learn-wrapper.pl spam ${sender} > > That says that postfix should run a command which updates the bayes > database. > > BUT that fails horrible because postfix refuses to run commands as the > postfix user... > > 'Run As User' is postfix and thus /var/spool/.../bayes* is also owned by > postfix. Afaik I *need* to run sa-learn as postfix since the > bayes-database and spamassassin is owned and ran by postfix. Its some > kind of catch-22 here :( > > Apart from chmod 666 /var/spool/.../bayes* and using nobody:nobody, do > you guys have any ideas how to fix this? > > /Thanks! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From glenn.steen at gmail.com Sun Sep 16 19:56:02 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Sep 16 19:56:04 2007 Subject: User postfix refuses to run sa-learn In-Reply-To: References: <46ED49E9.1060006@xms.se> Message-ID: <223f97700709161156w2da121f0h56e06c55178e4b88@mail.gmail.com> On 16/09/2007, Gareth wrote: > Personally I configure bayes to store the tokens in a mysql database. Avoids > all the problems with permissions and makes it much easier to perform > backups aswell. > .... but would that help with the "automagic" sa-learn? Not likely;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martin.wickman at xms.se Sun Sep 16 20:04:53 2007 From: martin.wickman at xms.se (Martin Wickman) Date: Sun Sep 16 20:05:04 2007 Subject: User postfix refuses to run sa-learn In-Reply-To: <223f97700709161126i5729511co80c1d26bf540d133@mail.gmail.com> References: <46ED49E9.1060006@xms.se> <223f97700709160842q49ed4403s592affe14f826734@mail.gmail.com> <46ED5343.7000605@xms.se> <223f97700709160918t50c13453sa9e21276daf17123@mail.gmail.com> <46ED6E93.3020705@xms.se> <223f97700709161126i5729511co80c1d26bf540d133@mail.gmail.com> Message-ID: <46ED7E55.8070402@xms.se> Glenn Steen wrote: > On 16/09/2007, Martin Wickman wrote: >> Glenn Steen wrote: [..] >> Ok, thanks for you help, but I dont think that is the problem. The >> problem is that postfix owns the bayes-files and the postfix-software >> dont want to run scripts as the postfix user. pipe(8) explains this as >> "The software refuses to execute commands with root privileges, >> or with the privileges of the mail system owner." > Ah. Yes. Might be a problem:-D. So then a rethink might be in order. > Why not just let procmail or a cron job handle it? Yeah I thought about that, but the problem is still there (I think?). Only the postfix user can update the bayes data and it wont help much having procmail do it. Do you think it is possible to change MailScanner.conf in some way, ie to have a separate SA-user which is not 'postfix'? As it is now "Run As User" is postfix and maybe it's possible to change something here, akin to "Quarantine User"? > Procmail should be fairly easy, provided you have it already... well, > even if you don't:-). > Or running a cronjob that "plunders" the spam mailbox (which would > need be a real mailbox) and run the script on the messages... should > be fairly easy too. I'm sure there are others that have done something > like that before, perhaps even documented it (haven't checked the > wiki)... Thought of that too, but there is the issue with forwarded spammails. That is, attached mails needs to be splitted into single mails before se-learn can grok them correctly. Also, having to run sa-learn on the whole corpus all the time seems wasteful. >> Btw, the setup is taken from >> http://www.jousset.org/pub/sa-postfix.en.html if you want de details. >> Thats site is off-line or something, but google has working cache: >> http://www.google.com/search?q=cache:S0-FoGYZSHwJ:www.jousset.org/pub/sa-postfix.en.html+http://www.jousset.org/pub/sa-postfix.en.html&hl=en&ct=clnk&cd=1&gl=se&client=firefox-a >> > Too tired to go look, perhaps tomorrow:). Please do :-) [..] >> For the record, running as a non-root, not-postfix user gives this error >> as expected: >> >> $ sa-learn --forget /tmp/spamish >> bayes: expire_old_tokens: locker: safe_lock: cannot create lockfile >> /var/spool/MailScanner/spamassassin/bayes.mutex: Permission denied >> Forgot tokens from 0 message(s) (1 message(s) examined) >> bayes: locker: safe_lock: cannot create lockfile >> /var/spool/MailScanner/spamassassin/bayes.mutex: Permission denied > > As expected... One wonders what would happen if you played a bit with > the script and the "sticky bit".... A "non-PF script" calls the sticky > "PF script"...;-) Dunno, didn't think script could be setuid? From martin.wickman at xms.se Sun Sep 16 20:07:09 2007 From: martin.wickman at xms.se (Martin Wickman) Date: Sun Sep 16 20:07:17 2007 Subject: User postfix refuses to run sa-learn In-Reply-To: References: Message-ID: <46ED7EDD.7080509@xms.se> Gareth wrote: > Personally I configure bayes to store the tokens in a mysql database. Avoids > all the problems with permissions and makes it much easier to perform > backups aswell. Hi Yes, that should help I guess. Anything in particular one should think about when configuring it (pitfalls, oddities etc)? [..] From list-mailscanner at linguaphone.com Sun Sep 16 20:32:09 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Sun Sep 16 20:32:12 2007 Subject: User postfix refuses to run sa-learn In-Reply-To: <223f97700709161156w2da121f0h56e06c55178e4b88@mail.gmail.com> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Glenn > Steen > Sent: 16 September 2007 19:56 > To: MailScanner discussion > Subject: Re: User postfix refuses to run sa-learn > > > On 16/09/2007, Gareth wrote: > > Personally I configure bayes to store the tokens in a mysql > database. Avoids > > all the problems with permissions and makes it much easier to perform > > backups aswell. > > > .... but would that help with the "automagic" sa-learn? Not likely;-). Well it would not matter what user ran sa-learn since the only applicable permissions are the username/password for the database and that is stored in the bayes configuration anyway. From list-mailscanner at linguaphone.com Sun Sep 16 20:35:18 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Sun Sep 16 20:35:20 2007 Subject: User postfix refuses to run sa-learn In-Reply-To: <46ED7EDD.7080509@xms.se> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Martin > Wickman > Sent: 16 September 2007 20:07 > To: MailScanner discussion > Subject: Re: User postfix refuses to run sa-learn > > > Gareth wrote: > > Personally I configure bayes to store the tokens in a mysql > database. Avoids > > all the problems with permissions and makes it much easier to perform > > backups aswell. > > Hi > > Yes, that should help I guess. Anything in particular one should think > about when configuring it (pitfalls, oddities etc)? > Its all documented at http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassi n:bayes:sql I found it a very simple process which only took a few minutes to get working. From glenn.steen at gmail.com Sun Sep 16 20:45:33 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Sep 16 20:45:35 2007 Subject: User postfix refuses to run sa-learn In-Reply-To: References: <223f97700709161156w2da121f0h56e06c55178e4b88@mail.gmail.com> Message-ID: <223f97700709161245s765726d3xcb61070843cce5fd@mail.gmail.com> On 16/09/2007, Gareth wrote: > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Glenn > > Steen > > Sent: 16 September 2007 19:56 > > To: MailScanner discussion > > Subject: Re: User postfix refuses to run sa-learn > > > > > > On 16/09/2007, Gareth wrote: > > > Personally I configure bayes to store the tokens in a mysql > > database. Avoids > > > all the problems with permissions and makes it much easier to perform > > > backups aswell. > > > > > .... but would that help with the "automagic" sa-learn? Not likely;-). > > Well it would not matter what user ran sa-learn since the only applicable > permissions are the username/password for the database and that is stored in > the bayes configuration anyway. > True. I said I was tired, didn't I:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sun Sep 16 20:57:41 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Sep 16 20:57:45 2007 Subject: User postfix refuses to run sa-learn In-Reply-To: <46ED7E55.8070402@xms.se> References: <46ED49E9.1060006@xms.se> <223f97700709160842q49ed4403s592affe14f826734@mail.gmail.com> <46ED5343.7000605@xms.se> <223f97700709160918t50c13453sa9e21276daf17123@mail.gmail.com> <46ED6E93.3020705@xms.se> <223f97700709161126i5729511co80c1d26bf540d133@mail.gmail.com> <46ED7E55.8070402@xms.se> Message-ID: <223f97700709161257q79c5141ata0ce0a40fbaef97f@mail.gmail.com> On 16/09/2007, Martin Wickman wrote: > Glenn Steen wrote: > > On 16/09/2007, Martin Wickman wrote: > >> Glenn Steen wrote: > > [..] > > >> Ok, thanks for you help, but I dont think that is the problem. The > >> problem is that postfix owns the bayes-files and the postfix-software > >> dont want to run scripts as the postfix user. pipe(8) explains this as > >> "The software refuses to execute commands with root privileges, > >> or with the privileges of the mail system owner." > > Ah. Yes. Might be a problem:-D. So then a rethink might be in order. > > Why not just let procmail or a cron job handle it? > > Yeah I thought about that, but the problem is still there (I think?). > Only the postfix user can update the bayes data and it wont help much > having procmail do it. > ... run in gw-mode, as the PF user...? > Do you think it is possible to change MailScanner.conf in some way, ie > to have a separate SA-user which is not 'postfix'? As it is now "Run As > User" is postfix and maybe it's possible to change something here, akin > to "Quarantine User"? You could use another Run As Group, I guess.... Like for clamav (and a little like one does for MailWatch... apache group, in that case... Then specify a user:group accordingly... I think pipe will fall back to the group...). > > Procmail should be fairly easy, provided you have it already... well, > > even if you don't:-). > > Or running a cronjob that "plunders" the spam mailbox (which would > > need be a real mailbox) and run the script on the messages... should > > be fairly easy too. I'm sure there are others that have done something > > like that before, perhaps even documented it (haven't checked the > > wiki)... > > Thought of that too, but there is the issue with forwarded spammails. > That is, attached mails needs to be splitted into single mails before > se-learn can grok them correctly. Also, having to run sa-learn on the > whole corpus all the time seems wasteful. > Don't you have that problem anyway? > >> Btw, the setup is taken from > >> http://www.jousset.org/pub/sa-postfix.en.html if you want de details. > >> Thats site is off-line or something, but google has working cache: > >> http://www.google.com/search?q=cache:S0-FoGYZSHwJ:www.jousset.org/pub/sa-postfix.en.html+http://www.jousset.org/pub/sa-postfix.en.html&hl=en&ct=clnk&cd=1&gl=se&client=firefox-a > >> > > Too tired to go look, perhaps tomorrow:). > > Please do :-) > Tomorrow... Morgonstund har guld i mun(d):-):-). > [..] > > >> For the record, running as a non-root, not-postfix user gives this error > >> as expected: > >> > >> $ sa-learn --forget /tmp/spamish > >> bayes: expire_old_tokens: locker: safe_lock: cannot create lockfile > >> /var/spool/MailScanner/spamassassin/bayes.mutex: Permission denied > >> Forgot tokens from 0 message(s) (1 message(s) examined) > >> bayes: locker: safe_lock: cannot create lockfile > >> /var/spool/MailScanner/spamassassin/bayes.mutex: Permission denied > > > > As expected... One wonders what would happen if you played a bit with > > the script and the "sticky bit".... A "non-PF script" calls the sticky > > "PF script"...;-) > > Dunno, didn't think script could be setuid? I still live in the dark ages... When that was so very easy to do:-):-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martin.wickman at xms.se Sun Sep 16 21:26:19 2007 From: martin.wickman at xms.se (Martin Wickman) Date: Sun Sep 16 21:26:28 2007 Subject: User postfix refuses to run sa-learn In-Reply-To: <223f97700709161257q79c5141ata0ce0a40fbaef97f@mail.gmail.com> References: <46ED49E9.1060006@xms.se> <223f97700709160842q49ed4403s592affe14f826734@mail.gmail.com> <46ED5343.7000605@xms.se> <223f97700709160918t50c13453sa9e21276daf17123@mail.gmail.com> <46ED6E93.3020705@xms.se> <223f97700709161126i5729511co80c1d26bf540d133@mail.gmail.com> <46ED7E55.8070402@xms.se> <223f97700709161257q79c5141ata0ce0a40fbaef97f@mail.gmail.com> Message-ID: <46ED916B.50003@xms.se> Glenn Steen wrote: > On 16/09/2007, Martin Wickman wrote: >> Glenn Steen wrote: >>> On 16/09/2007, Martin Wickman wrote: >>>> Glenn Steen wrote: [..] >> Yeah I thought about that, but the problem is still there (I think?). >> Only the postfix user can update the bayes data and it wont help much >> having procmail do it. >> > ... run in gw-mode, as the PF user...? gw-mode? Huh, you lost me there i think :) >> Do you think it is possible to change MailScanner.conf in some way, ie >> to have a separate SA-user which is not 'postfix'? As it is now "Run As >> User" is postfix and maybe it's possible to change something here, akin >> to "Quarantine User"? > > You could use another Run As Group, I guess.... Like for clamav (and a > little like one does for MailWatch... apache group, in that case... > Then specify a user:group accordingly... I think pipe will fall back > to the group...). Ok thanks, I'll keep that in mind. I'm currently messing with the bayes-sql stuff. We'll see how that turns out. >>> Or running a cronjob that "plunders" the spam mailbox (which would >>> need be a real mailbox) and run the script on the messages... should >>> be fairly easy too. I'm sure there are others that have done something >>> like that before, perhaps even documented it (haven't checked the >>> wiki)... >> Thought of that too, but there is the issue with forwarded spammails. >> That is, attached mails needs to be splitted into single mails before >> se-learn can grok them correctly. Also, having to run sa-learn on the >> whole corpus all the time seems wasteful. >> > Don't you have that problem anyway? Yes, sorta. Only that it is easier to split mails on-the-fly instead of having to split them to fil before running sa-learn (ie giving sa-learn the Maildir as input). >>>> Btw, the setup is taken from >>>> http://www.jousset.org/pub/sa-postfix.en.html if you want de details. >>>> Thats site is off-line or something, but google has working cache: >>>> http://www.google.com/search?q=cache:S0-FoGYZSHwJ:www.jousset.org/pub/sa-postfix.en.html+http://www.jousset.org/pub/sa-postfix.en.html&hl=en&ct=clnk&cd=1&gl=se&client=firefox-a >>>> >>> Too tired to go look, perhaps tomorrow:). >> Please do :-) >> > Tomorrow... Morgonstund har guld i mun(d):-):-). Heh. Sant. :) /Thanks From mkettler at evi-inc.com Sun Sep 16 23:53:34 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Sun Sep 16 23:53:46 2007 Subject: User postfix refuses to run sa-learn In-Reply-To: <46ED49E9.1060006@xms.se> References: <46ED49E9.1060006@xms.se> Message-ID: <46EDB3EE.9070505@evi-inc.com> Martin Wickman wrote: > Hi > > I'm running MailScanner with spamassassin and postfix. I have configured > postfix to execute a script which runs sa-learn on all new mails that > gets sent to the 'spam' user. The idea is to update the site-global > /var/spool/MailScanner/spamassassin/bayes.* database automatically when > my users forwards their spam. Before you go any further... fundamental flaw. Forwarded email generally bears very little resemblance to the original, and isn't useful for feeding to sa-learn. From listacc at ocosa.com Mon Sep 17 03:51:50 2007 From: listacc at ocosa.com (OCOSA ListAcct) Date: Mon Sep 17 03:52:08 2007 Subject: Admin Guide Question Message-ID: <46EDEBC6.2010408@ocosa.com> Hello, I was wondering if anyone had a copy of the MailScanner Administrators Guide the latest via pdf or know of any guides for CentOS 5? I am really looking for a detailed guide to get a feel for how MailScanner works and how I can implement this software with our current systems. Any help is appreciated!!! Otis From febrianto at sioenasia.com Mon Sep 17 04:10:35 2007 From: febrianto at sioenasia.com (Budi Febrianto) Date: Mon Sep 17 04:04:25 2007 Subject: OOT: Problem connection to dostech Message-ID: Anyone have the same experience? I use my sa-update to update the rulesdujour too, but recently having problem connecting. This never be a problem to me. A site down maybe? From jonas.lilja at exallon.sigma.se Mon Sep 17 08:44:23 2007 From: jonas.lilja at exallon.sigma.se (Jonas Lilja) Date: Mon Sep 17 08:44:04 2007 Subject: SV: question about "unknown string" In-Reply-To: <223f97700709140652n23fbf6f7o2127412a40f6e40e@mail.gmail.com> References: <34D06C003AA0EA4D8D9B9443E7BDDD9503A99AC4@ikaros.exallon.sigma.se> <223f97700709140652n23fbf6f7o2127412a40f6e40e@mail.gmail.com> Message-ID: <34D06C003AA0EA4D8D9B9443E7BDDD9503A99BBA@ikaros.exallon.sigma.se> Hmmm... I just rebuild the MS with the install-script (without problems) and when looking in the reports/en-directory the languages.conf file exists but is empty (0 bytes). The languages.conf.rpmnew doesn?t exist. The file-permissions looks fine. Hints? Is it possible to download a "default" languages.conf from the web? Regards /Jonas PS - MS is running on RHEL 4 ES with latest patch-level. [root@tubes en]# ll total 216 -rw-r--r-- 1 root root 704 Sep 2 00:02 deleted.content.message.txt -rw-r--r-- 1 root root 579 Sep 2 00:02 deleted.filename.message.txt -rw-r--r-- 1 root root 578 Sep 2 00:02 deleted.size.message.txt -rw-r--r-- 1 root root 672 Sep 2 00:02 deleted.virus.message.txt -rw-r--r-- 1 root root 345 Sep 2 00:02 disinfected.report.txt -rw-r--r-- 1 root root 187 Sep 2 00:02 inline.sig.html -rw-r--r-- 1 root root 113 Sep 2 00:02 inline.sig.txt -rw-r--r-- 1 root root 484 Sep 2 00:02 inline.spam.warning.txt -rw-r--r-- 1 root root 202 Sep 2 00:02 inline.warning.html -rw-r--r-- 1 root root 165 Sep 2 00:02 inline.warning.txt -rw-r--r-- 1 root root 0 Sep 11 11:36 languages.conf -rw-r--r-- 1 root root 0 Sep 3 13:00 languages.old -rw-r--r-- 1 root root 720 Sep 2 00:02 recipient.mcp.report.txt -rw-r--r-- 1 root root 956 Sep 2 00:02 recipient.spam.report.txt -rw-r--r-- 1 root root 480 Sep 2 00:02 rejection.report.txt -rw-r--r-- 1 root root 797 Sep 2 00:02 sender.content.report.txt -rw-r--r-- 1 root root 810 Sep 2 00:02 sender.error.report.txt -rw-r--r-- 1 root root 634 Sep 2 00:02 sender.filename.report.txt -rw-r--r-- 1 root root 581 Sep 2 00:02 sender.mcp.report.txt -rw-r--r-- 1 root root 795 Sep 2 00:02 sender.size.report.txt -rw-r--r-- 1 root root 742 Sep 2 00:02 sender.spam.rbl.report.txt -rw-r--r-- 1 root root 817 Sep 2 00:02 sender.spam.report.txt -rw-r--r-- 1 root root 797 Sep 2 00:02 sender.spam.sa.report.txt -rw-r--r-- 1 root root 616 Sep 2 00:02 sender.virus.report.txt -rw-r--r-- 1 root root 869 Sep 2 00:02 stored.content.message.txt -rw-r--r-- 1 root root 746 Sep 2 00:02 stored.filename.message.txt -rw-r--r-- 1 root root 757 Sep 2 00:02 stored.size.message.txt -rw-r--r-- 1 root root 730 Sep 2 00:02 stored.virus.message.txt -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Glenn Steen Skickat: den 14 september 2007 15:53 Till: MailScanner discussion ?mne: Re: question about "unknown string" On 14/09/2007, Jonas Lilja wrote: > Hi everybody, > > Is "unknown string" in the maillog anything I should worry about? I have > runned the upgrade_languages_conf-command after upgrading MS to > mailscanner-4.63.7-2 > > Regards > > Jonas > (snip) You probably cut'n'pasted the suggested commands from the upgrade script, without checking that you really had an .rpmnew file, in the first place. So you likely have the correct file as languages.conf.old ... or somesuch... and have an empty languages.conf file... I'm sure you can figure out how to mv everything back into place:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070917/6c750bd1/attachment-0001.html From list-mailscanner at linguaphone.com Mon Sep 17 08:49:42 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Sep 17 08:49:51 2007 Subject: Admin Guide Question In-Reply-To: <46EDEBC6.2010408@ocosa.com> References: <46EDEBC6.2010408@ocosa.com> Message-ID: <1190015382.25710.0.camel@gblades-suse.linguaphone-intranet.co.uk> The best thing to do would be to buy a copy of the book. On Mon, 2007-09-17 at 03:51, OCOSA ListAcct wrote: > Hello, > > I was wondering if anyone had a copy of the MailScanner Administrators > Guide the latest via pdf or know of any guides for CentOS 5? I am really > looking for a detailed guide to get a feel for how MailScanner works and > how I can implement this software with our current systems. Any help is > appreciated!!! > > Otis From martin.wickman at xms.se Mon Sep 17 08:38:22 2007 From: martin.wickman at xms.se (Martin Wickman) Date: Mon Sep 17 08:56:11 2007 Subject: User postfix refuses to run sa-learn In-Reply-To: <46EDB3EE.9070505@evi-inc.com> References: <46ED49E9.1060006@xms.se> <46EDB3EE.9070505@evi-inc.com> Message-ID: <46EE2EEE.1040301@xms.se> Matt Kettler wrote: > Martin Wickman wrote: >> Hi >> >> I'm running MailScanner with spamassassin and postfix. I have configured >> postfix to execute a script which runs sa-learn on all new mails that >> gets sent to the 'spam' user. The idea is to update the site-global >> /var/spool/MailScanner/spamassassin/bayes.* database automatically when >> my users forwards their spam. > > Before you go any further... fundamental flaw. > > Forwarded email generally bears very little resemblance to the original, > and isn't useful for feeding to sa-learn. Yeah, but I'm thinking "Forward as attachments" which should work, right? From glenn.steen at gmail.com Mon Sep 17 10:33:40 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Sep 17 10:33:42 2007 Subject: question about "unknown string" In-Reply-To: <34D06C003AA0EA4D8D9B9443E7BDDD9503A99BBA@ikaros.exallon.sigma.se> References: <34D06C003AA0EA4D8D9B9443E7BDDD9503A99AC4@ikaros.exallon.sigma.se> <223f97700709140652n23fbf6f7o2127412a40f6e40e@mail.gmail.com> <34D06C003AA0EA4D8D9B9443E7BDDD9503A99BBA@ikaros.exallon.sigma.se> Message-ID: <223f97700709170233r4fd9050pc332e566fddf114d@mail.gmail.com> On 17/09/2007, Jonas Lilja wrote: > > > > > Hmmm... I just rebuild the MS with the install-script (without problems) and > when looking in the reports/en-directory the languages.conf file exists but > is empty (0 bytes). The languages.conf.rpmnew doesn?t exist. The > file-permissions looks fine. Hints? Is it possible to download a "default" > languages.conf from the web? > Ouch. The second time around you probably scratched the languages.old file. So now you need get it (languages.conf) from somewhere else. Easiest is probably to download the tarball version of MailScanner and getting it from inside that... If no kind soul can find the time to send you a copy they might have just laying around (sorry, not me, not right now at least...). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From shuttlebox at gmail.com Mon Sep 17 11:26:04 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Sep 17 11:26:16 2007 Subject: question about "unknown string" In-Reply-To: <223f97700709170233r4fd9050pc332e566fddf114d@mail.gmail.com> References: <34D06C003AA0EA4D8D9B9443E7BDDD9503A99AC4@ikaros.exallon.sigma.se> <223f97700709140652n23fbf6f7o2127412a40f6e40e@mail.gmail.com> <34D06C003AA0EA4D8D9B9443E7BDDD9503A99BBA@ikaros.exallon.sigma.se> <223f97700709170233r4fd9050pc332e566fddf114d@mail.gmail.com> Message-ID: <625385e30709170326y6ce7b904m45f9812b3f43bd8b@mail.gmail.com> On 9/17/07, Glenn Steen wrote: > On 17/09/2007, Jonas Lilja wrote: > > Hmmm... I just rebuild the MS with the install-script (without problems) and > > when looking in the reports/en-directory the languages.conf file exists but > > is empty (0 bytes). The languages.conf.rpmnew doesn?t exist. The > > file-permissions looks fine. Hints? Is it possible to download a "default" > > languages.conf from the web? > Ouch. The second time around you probably scratched the languages.old > file. So now you need get it (languages.conf) from somewhere else. > Easiest is probably to download the tarball version of MailScanner and > getting it from inside that... If no kind soul can find the time to > send you a copy they might have just laying around (sorry, not me, not > right now at least...). He can extract the default from his own RPM: # cd /tmp # rpm -qlp mailscanner-4.62.9-3.noarch.rpm | grep languages.conf /etc/MailScanner/reports/ca/languages.conf /etc/MailScanner/reports/cy+en/languages.conf /etc/MailScanner/reports/cz/languages.conf /etc/MailScanner/reports/de/languages.conf /etc/MailScanner/reports/dk/languages.conf /etc/MailScanner/reports/en/languages.conf /etc/MailScanner/reports/es/languages.conf /etc/MailScanner/reports/fr/languages.conf /etc/MailScanner/reports/hu/languages.conf /etc/MailScanner/reports/it/languages.conf /etc/MailScanner/reports/nl/languages.conf /etc/MailScanner/reports/pt_br/languages.conf /etc/MailScanner/reports/ro/languages.conf /etc/MailScanner/reports/se/languages.conf /etc/MailScanner/reports/sk/languages.conf /usr/sbin/upgrade_languages_conf # rpm2cpio < mailscanner-4.62.9-3.noarch.rpm | cpio -id ./etc/MailScanner/reports/se/languages.conf -- /peter From glenn.steen at gmail.com Mon Sep 17 11:39:43 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Sep 17 11:39:45 2007 Subject: question about "unknown string" In-Reply-To: <625385e30709170326y6ce7b904m45f9812b3f43bd8b@mail.gmail.com> References: <34D06C003AA0EA4D8D9B9443E7BDDD9503A99AC4@ikaros.exallon.sigma.se> <223f97700709140652n23fbf6f7o2127412a40f6e40e@mail.gmail.com> <34D06C003AA0EA4D8D9B9443E7BDDD9503A99BBA@ikaros.exallon.sigma.se> <223f97700709170233r4fd9050pc332e566fddf114d@mail.gmail.com> <625385e30709170326y6ce7b904m45f9812b3f43bd8b@mail.gmail.com> Message-ID: <223f97700709170339ic3eb3a1i39c35c1f057f5f47@mail.gmail.com> On 17/09/2007, shuttlebox wrote: > On 9/17/07, Glenn Steen wrote: > > On 17/09/2007, Jonas Lilja wrote: > > > Hmmm... I just rebuild the MS with the install-script (without problems) and > > > when looking in the reports/en-directory the languages.conf file exists but > > > is empty (0 bytes). The languages.conf.rpmnew doesn?t exist. The > > > file-permissions looks fine. Hints? Is it possible to download a "default" > > > languages.conf from the web? > > Ouch. The second time around you probably scratched the languages.old > > file. So now you need get it (languages.conf) from somewhere else. > > Easiest is probably to download the tarball version of MailScanner and > > getting it from inside that... If no kind soul can find the time to > > send you a copy they might have just laying around (sorry, not me, not > > right now at least...). > > He can extract the default from his own RPM: > > # cd /tmp > # rpm -qlp mailscanner-4.62.9-3.noarch.rpm | grep languages.conf > /etc/MailScanner/reports/ca/languages.conf > /etc/MailScanner/reports/cy+en/languages.conf > /etc/MailScanner/reports/cz/languages.conf > /etc/MailScanner/reports/de/languages.conf > /etc/MailScanner/reports/dk/languages.conf > /etc/MailScanner/reports/en/languages.conf > /etc/MailScanner/reports/es/languages.conf > /etc/MailScanner/reports/fr/languages.conf > /etc/MailScanner/reports/hu/languages.conf > /etc/MailScanner/reports/it/languages.conf > /etc/MailScanner/reports/nl/languages.conf > /etc/MailScanner/reports/pt_br/languages.conf > /etc/MailScanner/reports/ro/languages.conf > /etc/MailScanner/reports/se/languages.conf > /etc/MailScanner/reports/sk/languages.conf > /usr/sbin/upgrade_languages_conf > # rpm2cpio < mailscanner-4.62.9-3.noarch.rpm | cpio -id > ./etc/MailScanner/reports/se/languages.conf > > Very true Peter, assuming he has rpm2cpio installed, that indeed is a very workable solution. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From jonas.lilja at exallon.sigma.se Mon Sep 17 11:51:00 2007 From: jonas.lilja at exallon.sigma.se (Jonas Lilja) Date: Mon Sep 17 11:50:37 2007 Subject: SV: question about "unknown string" In-Reply-To: <223f97700709170339ic3eb3a1i39c35c1f057f5f47@mail.gmail.com> References: <34D06C003AA0EA4D8D9B9443E7BDDD9503A99AC4@ikaros.exallon.sigma.se><223f97700709140652n23fbf6f7o2127412a40f6e40e@mail.gmail.com><34D06C003AA0EA4D8D9B9443E7BDDD9503A99BBA@ikaros.exallon.sigma.se><223f97700709170233r4fd9050pc332e566fddf114d@mail.gmail.com><625385e30709170326y6ce7b904m45f9812b3f43bd8b@mail.gmail.com> <223f97700709170339ic3eb3a1i39c35c1f057f5f47@mail.gmail.com> Message-ID: <34D06C003AA0EA4D8D9B9443E7BDDD9503A99C5C@ikaros.exallon.sigma.se> I haven't rpm2cpio... I will google for it and give it a try. Thanx. /Jonas -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Glenn Steen Skickat: den 17 september 2007 12:40 Till: MailScanner discussion ?mne: Re: question about "unknown string" On 17/09/2007, shuttlebox wrote: > On 9/17/07, Glenn Steen wrote: > > On 17/09/2007, Jonas Lilja wrote: > > > Hmmm... I just rebuild the MS with the install-script (without problems) and > > > when looking in the reports/en-directory the languages.conf file exists but > > > is empty (0 bytes). The languages.conf.rpmnew doesn?t exist. The > > > file-permissions looks fine. Hints? Is it possible to download a "default" > > > languages.conf from the web? > > Ouch. The second time around you probably scratched the languages.old > > file. So now you need get it (languages.conf) from somewhere else. > > Easiest is probably to download the tarball version of MailScanner and > > getting it from inside that... If no kind soul can find the time to > > send you a copy they might have just laying around (sorry, not me, not > > right now at least...). > > He can extract the default from his own RPM: > > # cd /tmp > # rpm -qlp mailscanner-4.62.9-3.noarch.rpm | grep languages.conf > /etc/MailScanner/reports/ca/languages.conf > /etc/MailScanner/reports/cy+en/languages.conf > /etc/MailScanner/reports/cz/languages.conf > /etc/MailScanner/reports/de/languages.conf > /etc/MailScanner/reports/dk/languages.conf > /etc/MailScanner/reports/en/languages.conf > /etc/MailScanner/reports/es/languages.conf > /etc/MailScanner/reports/fr/languages.conf > /etc/MailScanner/reports/hu/languages.conf > /etc/MailScanner/reports/it/languages.conf > /etc/MailScanner/reports/nl/languages.conf > /etc/MailScanner/reports/pt_br/languages.conf > /etc/MailScanner/reports/ro/languages.conf > /etc/MailScanner/reports/se/languages.conf > /etc/MailScanner/reports/sk/languages.conf > /usr/sbin/upgrade_languages_conf > # rpm2cpio < mailscanner-4.62.9-3.noarch.rpm | cpio -id > ./etc/MailScanner/reports/se/languages.conf > > Very true Peter, assuming he has rpm2cpio installed, that indeed is a very workable solution. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Mon Sep 17 11:52:38 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Sep 17 11:52:40 2007 Subject: User postfix refuses to run sa-learn In-Reply-To: <46ED916B.50003@xms.se> References: <46ED49E9.1060006@xms.se> <223f97700709160842q49ed4403s592affe14f826734@mail.gmail.com> <46ED5343.7000605@xms.se> <223f97700709160918t50c13453sa9e21276daf17123@mail.gmail.com> <46ED6E93.3020705@xms.se> <223f97700709161126i5729511co80c1d26bf540d133@mail.gmail.com> <46ED7E55.8070402@xms.se> <223f97700709161257q79c5141ata0ce0a40fbaef97f@mail.gmail.com> <46ED916B.50003@xms.se> Message-ID: <223f97700709170352s5c4a4916rab1f06e8e63f7b79@mail.gmail.com> On 16/09/2007, Martin Wickman wrote: (snip) > >>>> Btw, the setup is taken from > >>>> http://www.jousset.org/pub/sa-postfix.en.html if you want de details. > >>>> Thats site is off-line or something, but google has working cache: > >>>> http://www.google.com/search?q=cache:S0-FoGYZSHwJ:www.jousset.org/pub/sa-postfix.en.html+http://www.jousset.org/pub/sa-postfix.en.html&hl=en&ct=clnk&cd=1&gl=se&client=firefox-a > >>>> > >>> Too tired to go look, perhaps tomorrow:). > >> Please do :-) > >> > > Tomorrow... Morgonstund har guld i mun(d):-):-). > > Heh. Sant. :) > Well, since those instructions seem to be for a certain amavisd user/group, I can well see them working;-):-). Basically change the group on the file to something else than root or postfix, then try it with user=postfix: ... and you should be fine, more or less. I haven't tested this though... Leave that to you...:-). But best (from a multitude of perspectives) is to go with Gareths suggestion of putting it all in a DB. Usually, I think people tend to set things like this up like a public IMAP folder where they can drop the actual message (thus avoiding the problem of forwarding entirely), not a forwarding address. Might work OK for you too. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From shuttlebox at gmail.com Mon Sep 17 12:24:45 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Sep 17 12:24:51 2007 Subject: question about "unknown string" In-Reply-To: <34D06C003AA0EA4D8D9B9443E7BDDD9503A99C5C@ikaros.exallon.sigma.se> References: <34D06C003AA0EA4D8D9B9443E7BDDD9503A99AC4@ikaros.exallon.sigma.se> <223f97700709140652n23fbf6f7o2127412a40f6e40e@mail.gmail.com> <34D06C003AA0EA4D8D9B9443E7BDDD9503A99BBA@ikaros.exallon.sigma.se> <223f97700709170233r4fd9050pc332e566fddf114d@mail.gmail.com> <625385e30709170326y6ce7b904m45f9812b3f43bd8b@mail.gmail.com> <223f97700709170339ic3eb3a1i39c35c1f057f5f47@mail.gmail.com> <34D06C003AA0EA4D8D9B9443E7BDDD9503A99C5C@ikaros.exallon.sigma.se> Message-ID: <625385e30709170424k2b17409cvf7002b0d1c18f49e@mail.gmail.com> On 9/17/07, Jonas Lilja wrote: > I haven't rpm2cpio... I will google for it and give it a try. What OS are you running? On RHEL/CentOS 5 it's in the main rpm package so I just assumed every Linux had it. Sorry about that, maybe it's simpler to download the tar dist then. -- /peter From jonas.lilja at exallon.sigma.se Mon Sep 17 12:45:29 2007 From: jonas.lilja at exallon.sigma.se (Jonas Lilja) Date: Mon Sep 17 12:45:16 2007 Subject: SV: question about "unknown string" In-Reply-To: <625385e30709170424k2b17409cvf7002b0d1c18f49e@mail.gmail.com> References: <34D06C003AA0EA4D8D9B9443E7BDDD9503A99AC4@ikaros.exallon.sigma.se><223f97700709140652n23fbf6f7o2127412a40f6e40e@mail.gmail.com><34D06C003AA0EA4D8D9B9443E7BDDD9503A99BBA@ikaros.exallon.sigma.se><223f97700709170233r4fd9050pc332e566fddf114d@mail.gmail.com><625385e30709170326y6ce7b904m45f9812b3f43bd8b@mail.gmail.com><223f97700709170339ic3eb3a1i39c35c1f057f5f47@mail.gmail.com><34D06C003AA0EA4D8D9B9443E7BDDD9503A99C5C@ikaros.exallon.sigma.se> <625385e30709170424k2b17409cvf7002b0d1c18f49e@mail.gmail.com> Message-ID: <34D06C003AA0EA4D8D9B9443E7BDDD9503A99C8F@ikaros.exallon.sigma.se> Sorry, I had the rpm2cpio... everything solved. Thanx a lot. Regards Jonas -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r shuttlebox Skickat: den 17 september 2007 13:25 Till: MailScanner discussion ?mne: Re: question about "unknown string" On 9/17/07, Jonas Lilja wrote: > I haven't rpm2cpio... I will google for it and give it a try. What OS are you running? On RHEL/CentOS 5 it's in the main rpm package so I just assumed every Linux had it. Sorry about that, maybe it's simpler to download the tar dist then. -- /peter -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From dgottsc at emory.edu Mon Sep 17 12:47:22 2007 From: dgottsc at emory.edu (Gottschalk, David) Date: Mon Sep 17 12:47:44 2007 Subject: Incoming dir size? In-Reply-To: <46EBE0C3.6070504@ecs.soton.ac.uk> References: <8D2EFA3D9FD29C45BCEC3B532F0E2308413589F5EA@RDPEXCH2.Eu.Emory.Edu> <46EBE0C3.6070504@ecs.soton.ac.uk> Message-ID: <8D2EFA3D9FD29C45BCEC3B532F0E2308413589F932@RDPEXCH2.Eu.Emory.Edu> Thanks for the help everyone! David Gottschalk UTS Infrastructure Technology Services david.gottschalk@emory.edu -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Saturday, September 15, 2007 9:40 AM To: MailScanner discussion Subject: Re: Incoming dir size? For starters, don't use a fixed size ram disk, use tmpfs which will only allocate as much ram as is needed at any given time, and will allocate space out of swap if it runs out of ram. So do that for starters, together with a reasonable size swapfile, and also put in a sensible limit on the max message size in your MTA (say, 100Mb). Gottschalk, David wrote: > > Hi all, > > I recently set my /mailscanner/incoming directory to be mounted in > memory. One thing I didn't think about before I allocated size is what > if a email comes in that is bigger than this filesystem size in > memory? Currently, I have 512mb mounted in memory. The size of data on > it right now is very small, but I'm afraid it could cause problems if > someone sent a massive file (had someone recently send a 1.4gig file > via email, no, I'm not joking, it got quarantined though cause it was > over max size allowed). I can't find any information on this, so any > input would be appreciated. > > Thanks! > > David Gottschalk > UTS Infrastructure Technology Services > david.gottschalk@emory.edu > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mailscanner at lists.com.ar Mon Sep 17 13:05:00 2007 From: mailscanner at lists.com.ar (Leonardo Helman) Date: Mon Sep 17 13:03:20 2007 Subject: Problem with Virus Scan Custom Function Message-ID: <1190030700.3886.7.camel@morticia.pert.com.ar> Hi I think this is a recurring one. The problem: When "Virus Scanning" is a Custom function AND Dangerous Content Scanning is set to "Yes", MS calls each virus scanner without looking for the Custom Function value. The report is correct, that is, if CS returns 0 the report doesn't say nothing about viruses I've noticed that in SweepViruses.pm in the sub TryCommercial is this code ---------- return 1 if MailScanner::Config::IsSimpleValue('virusscan') && !MailScanner::Config::Value('virusscan'); ---------- So when virusscan is a function, scans all the batch (if it's already opened) a quick example to reproduce this, would be a Custom function like sub InitVS { return 0; } and Virus Scanning= &VS Dangerous Content Scanning = yes And send a virus. The virus will be scanned (not what the custom function says), and not reported (that's good) I'know there is a batch over there so, we don't know at this stage if each member of the batch wants to AV or not In ScanBach the files to scan are already created (I think this only happens when there also other forms of content scanning) I think "Dangerous Content Scanning" is opening the mail, and the scanning is over all the already opened parts. I think the quick&dirty is something like calling the same Custom Function in "Dangerous Content Scanning" and "Virus Scanning" Is there another way? I thought that maybe we could check "Virus Scanning" on the ClamAVModule "while($childname = $dir->read()) " and only check "$dirname/$childname when is asked If that's THE way, we should write a line or two about that in MailScanner.conf Saludos -- Leonardo Helman Pert Consultores Argentina From martin.wickman at xms.se Mon Sep 17 12:50:17 2007 From: martin.wickman at xms.se (Martin Wickman) Date: Mon Sep 17 13:08:10 2007 Subject: User postfix refuses to run sa-learn In-Reply-To: <223f97700709170352s5c4a4916rab1f06e8e63f7b79@mail.gmail.com> References: <46ED49E9.1060006@xms.se> <223f97700709160842q49ed4403s592affe14f826734@mail.gmail.com> <46ED5343.7000605@xms.se> <223f97700709160918t50c13453sa9e21276daf17123@mail.gmail.com> <46ED6E93.3020705@xms.se> <223f97700709161126i5729511co80c1d26bf540d133@mail.gmail.com> <46ED7E55.8070402@xms.se> <223f97700709161257q79c5141ata0ce0a40fbaef97f@mail.gmail.com> <46ED916B.50003@xms.se> <223f97700709170352s5c4a4916rab1f06e8e63f7b79@mail.gmail.com> Message-ID: <46EE69F9.8070208@xms.se> Glenn Steen wrote: > On 16/09/2007, Martin Wickman wrote: > (snip) >>>>>> Btw, the setup is taken from >>>>>> http://www.jousset.org/pub/sa-postfix.en.html if you want de details. >>>>>> Thats site is off-line or something, but google has working cache: >>>>>> http://www.google.com/search?q=cache:S0-FoGYZSHwJ:www.jousset.org/pub/sa-postfix.en.html+http://www.jousset.org/pub/sa-postfix.en.html&hl=en&ct=clnk&cd=1&gl=se&client=firefox-a >>>>>> >>>>> Too tired to go look, perhaps tomorrow:). >>>> Please do :-) >>>> >>> Tomorrow... Morgonstund har guld i mun(d):-):-). >> Heh. Sant. :) >> > Well, since those instructions seem to be for a certain amavisd > user/group, I can well see them working;-):-). > Basically change the group on the file to something else than root or > postfix, then try it with user=postfix: ... and you > should be fine, more or less. I haven't tested this though... Leave > that to you...:-). > But best (from a multitude of perspectives) is to go with Gareths > suggestion of putting it all in a DB. I implemented the mysql approach and it seems to work pretty well. Thanks a lot! From dave.list at pixelhammer.com Mon Sep 17 13:53:59 2007 From: dave.list at pixelhammer.com (DAve) Date: Mon Sep 17 13:55:40 2007 Subject: Slightly, maybe, offtopic. In-Reply-To: <46EAB835.80701@yeticomputers.com> References: <46E994C2.8010501@pixelhammer.com> <46EAB835.80701@yeticomputers.com> Message-ID: <46EE78E7.7030203@pixelhammer.com> Thanks everyone for the responses! DAve > > DAve wrote: >> We are investing in VMWare and some other technologies quickly. I >> understand or have seen mention of, others running MailScanner within >> VMWare. I am beginning to think that has great potential from a DR and >> multiple NOC point of view. >> >> Any pitfalls in running MailScanner in VMWare I should know about? >> >> Thanks, >> >> DAve >> > -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From listacc at ocosa.com Mon Sep 17 14:01:16 2007 From: listacc at ocosa.com (OCOSA ListAcct) Date: Mon Sep 17 14:01:37 2007 Subject: Admin Guide Question In-Reply-To: <1190015382.25710.0.camel@gblades-suse.linguaphone-intranet.co.uk> References: <46EDEBC6.2010408@ocosa.com> <1190015382.25710.0.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <46EE7A9C.3080302@ocosa.com> Ok thanks Gareth...I could not find a valid link to purchase so I asked then I navigated back to the home page of MailScanner and saw that lulu is where the book is located. Have you purchased the book? Is it in detail? How is it? Gareth wrote: > The best thing to do would be to buy a copy of the book. > > On Mon, 2007-09-17 at 03:51, OCOSA ListAcct wrote: > >> Hello, >> >> I was wondering if anyone had a copy of the MailScanner Administrators >> Guide the latest via pdf or know of any guides for CentOS 5? I am really >> looking for a detailed guide to get a feel for how MailScanner works and >> how I can implement this software with our current systems. Any help is >> appreciated!!! >> >> Otis >> > > From mailinglist at asyouneed.com Mon Sep 17 14:28:20 2007 From: mailinglist at asyouneed.com (mailinglist) Date: Mon Sep 17 14:28:39 2007 Subject: High scoring spam rules file Message-ID: <200709171328.l8HDScPN021765@www.asyouneed.com> Hi All, I tried to do different things with high scoring spam depending on the domain it's sent to and have done the following. Created file called high.spam.rules in the mailscanner etc rules folder # Default Rules for high scoring spam. To somedomain.com delete To other.domain.com delete FromOrTo: default deliver header "X-Spam-Status: Yes" Then edited Mailscanner.conf High Scoring Spam Actions = /opt/Mailscanner/etc/rules/high.spam.rules But it isn't deleting the high scoring junk any ideas? Dee -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070917/15798c3b/attachment.html From martinh at solidstatelogic.com Mon Sep 17 14:35:24 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Sep 17 14:35:29 2007 Subject: High scoring spam rules file In-Reply-To: <200709171328.l8HDScPN021765@www.asyouneed.com> Message-ID: <22ab5674b9250c44a5b1dbe421f4274a@solidstatelogic.com> Assumee there's a deliberate typo there.. To: somedomain.com delete To: other.domain.com delete FromOrTo: default deliver header "X-Spam-Status: Yes" And you restarted mailscanner after this change? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of mailinglist > Sent: 17 September 2007 14:28 > To: MailScanner discussion > Subject: High scoring spam rules file > > Hi All, > > > > I tried to do different things with high scoring spam > depending on the domain it's sent to and have done the following. > > > > Created file called high.spam.rules in the mailscanner etc rules folder > > > > # Default Rules for high scoring spam. > > To somedomain.com delete > > To other.domain.com delete > > FromOrTo: default deliver header "X-Spam- > Status: Yes" > > > > Then edited Mailscanner.conf > > > > High Scoring Spam Actions = /opt/Mailscanner/etc/rules/high.spam.rules > > > > But it isn't deleting the high scoring junk any ideas? > > > > Dee ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From mailinglist at asyouneed.com Mon Sep 17 14:51:54 2007 From: mailinglist at asyouneed.com (mailinglist) Date: Mon Sep 17 14:52:14 2007 Subject: High scoring spam rules file In-Reply-To: <22ab5674b9250c44a5b1dbe421f4274a@solidstatelogic.com> Message-ID: <200709171352.l8HDqC3X022041@www.asyouneed.com> Shouldn't be a typo there I still can't see it if there is. Yes I restarted Mailscanner after this but no joy. Dee -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth Sent: 17 September 2007 14:35 To: MailScanner discussion Subject: RE: High scoring spam rules file Assumee there's a deliberate typo there.. To: somedomain.com delete To: other.domain.com delete FromOrTo: default deliver header "X-Spam-Status: Yes" And you restarted mailscanner after this change? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of mailinglist > Sent: 17 September 2007 14:28 > To: MailScanner discussion > Subject: High scoring spam rules file > > Hi All, > > > > I tried to do different things with high scoring spam > depending on the domain it's sent to and have done the following. > > > > Created file called high.spam.rules in the mailscanner etc rules folder > > > > # Default Rules for high scoring spam. > > To somedomain.com delete > > To other.domain.com delete > > FromOrTo: default deliver header "X-Spam- > Status: Yes" > > > > Then edited Mailscanner.conf > > > > High Scoring Spam Actions = /opt/Mailscanner/etc/rules/high.spam.rules > > > > But it isn't deleting the high scoring junk any ideas? > > > > Dee ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From grupolistas at gmail.com Mon Sep 17 14:55:38 2007 From: grupolistas at gmail.com (infolistas listas) Date: Mon Sep 17 14:55:45 2007 Subject: fuzzyocr + mailscanner Message-ID: <44c071aa0709170655j4e0a1d18n638ad68905fe4062@mail.gmail.com> HI users, i just followed the http://www.howtoforge.com/fight_image_spam_with_fuzzyocr_spamassassin_p2documentarion over fuzzyocr and spamassassin and i'm not really sure if it work, is there a way to conifgure fuzzyocr with mailscanner? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070917/14f45260/attachment.html From martinh at solidstatelogic.com Mon Sep 17 14:59:11 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Sep 17 14:59:21 2007 Subject: High scoring spam rules file In-Reply-To: <200709171352.l8HDqC3X022041@www.asyouneed.com> Message-ID: Dee I put To: domain.com delete You put To domain.com delete (you missed out a ':' after the "To") -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of mailinglist > Sent: 17 September 2007 14:52 > To: MailScanner discussion > Subject: RE: High scoring spam rules file > > Shouldn't be a typo there I still can't see it if there is. > > Yes I restarted Mailscanner after this but no joy. > > Dee > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Martin.Hepworth > Sent: 17 September 2007 14:35 > To: MailScanner discussion > Subject: RE: High scoring spam rules file > > Assumee there's a deliberate typo there.. > > To: somedomain.com delete > To: other.domain.com delete > FromOrTo: default deliver header "X-Spam-Status: Yes" > > And you restarted mailscanner after this change? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of mailinglist > > Sent: 17 September 2007 14:28 > > To: MailScanner discussion > > Subject: High scoring spam rules file > > > > Hi All, > > > > > > > > I tried to do different things with high scoring spam > > depending on the domain it's sent to and have done the following. > > > > > > > > Created file called high.spam.rules in the mailscanner etc rules folder > > > > > > > > # Default Rules for high scoring spam. > > > > To somedomain.com delete > > > > To other.domain.com delete > > > > FromOrTo: default deliver header "X-Spam- > > Status: Yes" > > > > > > > > Then edited Mailscanner.conf > > > > > > > > High Scoring Spam Actions = /opt/Mailscanner/etc/rules/high.spam.rules > > > > > > > > But it isn't deleting the high scoring junk any ideas? > > > > > > > > Dee > > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From a.peacock at chime.ucl.ac.uk Mon Sep 17 14:59:23 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Mon Sep 17 14:59:41 2007 Subject: High scoring spam rules file In-Reply-To: <200709171352.l8HDqC3X022041@www.asyouneed.com> References: <200709171352.l8HDqC3X022041@www.asyouneed.com> Message-ID: <46EE883B.1040902@chime.ucl.ac.uk> Hi, mailinglist wrote: > Shouldn't be a typo there I still can't see it if there is. Did you cut&paste the example configuration lines or retype them? If you cut&pasted them, then you are missing two colons (:) after the "To"s. > > Yes I restarted Mailscanner after this but no joy. > > Dee > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Martin.Hepworth > Sent: 17 September 2007 14:35 > To: MailScanner discussion > Subject: RE: High scoring spam rules file > > Assumee there's a deliberate typo there.. > > To: somedomain.com delete > To: other.domain.com delete > FromOrTo: default deliver header "X-Spam-Status: Yes" > > And you restarted mailscanner after this change? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of mailinglist >> Sent: 17 September 2007 14:28 >> To: MailScanner discussion >> Subject: High scoring spam rules file >> >> Hi All, >> >> >> >> I tried to do different things with high scoring spam >> depending on the domain it's sent to and have done the following. >> >> >> >> Created file called high.spam.rules in the mailscanner etc rules folder >> >> >> >> # Default Rules for high scoring spam. >> >> To somedomain.com delete >> >> To other.domain.com delete >> >> FromOrTo: default deliver header "X-Spam- >> Status: Yes" >> >> >> >> Then edited Mailscanner.conf >> >> >> >> High Scoring Spam Actions = /opt/Mailscanner/etc/rules/high.spam.rules >> >> >> >> But it isn't deleting the high scoring junk any ideas? >> >> >> >> Dee > > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "A CAT scan should take less time than a PET scan. For a CAT scan, they're only looking for one thing, whereas a PET scan could result in a lot of things." - Carl Princi, 2002/07/19 From list-mailscanner at linguaphone.com Mon Sep 17 15:13:35 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Sep 17 15:13:49 2007 Subject: fuzzyocr + mailscanner In-Reply-To: <44c071aa0709170655j4e0a1d18n638ad68905fe4062@mail.gmail.com> References: <44c071aa0709170655j4e0a1d18n638ad68905fe4062@mail.gmail.com> Message-ID: <1190038415.25715.14.camel@gblades-suse.linguaphone-intranet.co.uk> You need the SVN version of fuzzyocr if you are using spamassassin 3.2 otherwise you wont get any results back. The following URL gives some usefull information http://www.freespamfilter.org/forum/viewforum.php?f=25 On Mon, 2007-09-17 at 14:55, infolistas listas wrote: > HI users, i just followed the > http://www.howtoforge.com/fight_image_spam_with_fuzzyocr_spamassassin_p2 documentarion over fuzzyocr and spamassassin and i'm not really sure if it work, is there a way to conifgure fuzzyocr with mailscanner? > > Thanks > > > ______________________________________________________________________ > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mailinglist at asyouneed.com Mon Sep 17 15:38:09 2007 From: mailinglist at asyouneed.com (mailinglist) Date: Mon Sep 17 15:38:29 2007 Subject: High scoring spam rules file In-Reply-To: <46EE883B.1040902@chime.ucl.ac.uk> Message-ID: <200709171438.l8HEcRXh022440@www.asyouneed.com> Couldn't see the wood for the trees there, however I've checked config and it has the colons after the "To"s. Also just rebooted the whole server to make sure it's loading new config but still nothing, mail is marked as {Spam?} and delivered. Dee -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Anthony Peacock Sent: 17 September 2007 14:59 To: MailScanner discussion Subject: Re: High scoring spam rules file Hi, mailinglist wrote: > Shouldn't be a typo there I still can't see it if there is. Did you cut&paste the example configuration lines or retype them? If you cut&pasted them, then you are missing two colons (:) after the "To"s. > > Yes I restarted Mailscanner after this but no joy. > > Dee > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Martin.Hepworth > Sent: 17 September 2007 14:35 > To: MailScanner discussion > Subject: RE: High scoring spam rules file > > Assumee there's a deliberate typo there.. > > To: somedomain.com delete > To: other.domain.com delete > FromOrTo: default deliver header "X-Spam-Status: Yes" > > And you restarted mailscanner after this change? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of mailinglist >> Sent: 17 September 2007 14:28 >> To: MailScanner discussion >> Subject: High scoring spam rules file >> >> Hi All, >> >> >> >> I tried to do different things with high scoring spam >> depending on the domain it's sent to and have done the following. >> >> >> >> Created file called high.spam.rules in the mailscanner etc rules folder >> >> >> >> # Default Rules for high scoring spam. >> >> To somedomain.com delete >> >> To other.domain.com delete >> >> FromOrTo: default deliver header "X-Spam- >> Status: Yes" >> >> >> >> Then edited Mailscanner.conf >> >> >> >> High Scoring Spam Actions = /opt/Mailscanner/etc/rules/high.spam.rules >> >> >> >> But it isn't deleting the high scoring junk any ideas? >> >> >> >> Dee > > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "A CAT scan should take less time than a PET scan. For a CAT scan, they're only looking for one thing, whereas a PET scan could result in a lot of things." - Carl Princi, 2002/07/19 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From martinh at solidstatelogic.com Mon Sep 17 15:47:07 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Sep 17 15:47:11 2007 Subject: High scoring spam rules file In-Reply-To: <200709171438.l8HEcRXh022440@www.asyouneed.com> Message-ID: <63adcb1ddc3c404daf96e8d7c0baa79f@solidstatelogic.com> Dee Make sure that the actual recipient (envelope-to) is somedomain.com If its to multiple recipients only the first will take effect unless you do something clever like split out to individual recipients at the MTA as described in the wiki. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of mailinglist > Sent: 17 September 2007 15:38 > To: MailScanner discussion > Subject: RE: High scoring spam rules file > > Couldn't see the wood for the trees there, however I've checked config and > it has the colons after the "To"s. > > Also just rebooted the whole server to make sure it's loading new config > but > still nothing, mail is marked as {Spam?} and delivered. > > Dee > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Anthony > Peacock > Sent: 17 September 2007 14:59 > To: MailScanner discussion > Subject: Re: High scoring spam rules file > > Hi, > > mailinglist wrote: > > Shouldn't be a typo there I still can't see it if there is. > > Did you cut&paste the example configuration lines or retype them? > > If you cut&pasted them, then you are missing two colons (:) after the > "To"s. > > > > > > Yes I restarted Mailscanner after this but no joy. > > > > Dee > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > Martin.Hepworth > > Sent: 17 September 2007 14:35 > > To: MailScanner discussion > > Subject: RE: High scoring spam rules file > > > > Assumee there's a deliberate typo there.. > > > > To: somedomain.com delete > > To: other.domain.com delete > > FromOrTo: default deliver header "X-Spam-Status: Yes" > > > > And you restarted mailscanner after this change? > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of mailinglist > >> Sent: 17 September 2007 14:28 > >> To: MailScanner discussion > >> Subject: High scoring spam rules file > >> > >> Hi All, > >> > >> > >> > >> I tried to do different things with high scoring spam > >> depending on the domain it's sent to and have done the following. > >> > >> > >> > >> Created file called high.spam.rules in the mailscanner etc rules folder > >> > >> > >> > >> # Default Rules for high scoring spam. > >> > >> To somedomain.com delete > >> > >> To other.domain.com delete > >> > >> FromOrTo: default deliver header "X- > Spam- > >> Status: Yes" > >> > >> > >> > >> Then edited Mailscanner.conf > >> > >> > >> > >> High Scoring Spam Actions = /opt/Mailscanner/etc/rules/high.spam.rules > >> > >> > >> > >> But it isn't deleting the high scoring junk any ideas? > >> > >> > >> > >> Dee > > > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are intended for the > > addressee only and may be confidential. If they come to you in error > > you must take no action based on them, nor must you copy or show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data corruption. We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales > > (Company No:5362730) > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > United Kingdom > > ********************************************************************** > > > > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "A CAT scan should take less time than a PET scan. For a CAT scan, > they're only looking for one thing, whereas a PET scan could result in > a lot of things." - Carl Princi, 2002/07/19 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From grupolistas at gmail.com Mon Sep 17 15:52:39 2007 From: grupolistas at gmail.com (infolistas listas) Date: Mon Sep 17 15:52:42 2007 Subject: spams blacklist Message-ID: <44c071aa0709170752x6e6d1198rb8c6aa6404a6598f@mail.gmail.com> Hi users, is it possible to blacklist all domains and only allow some of them add whitelist?(only receive mail from specific domains) Is it possible to do that for specific users too? Ex: user1 may send mail to anyone but can only receive from some specific domains EX: user 2 may send mail to anyone and can receive mail from all domains How can I optimise mailscanner and spamassassin , they where working well until saterday when I began to receive lots of spam? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070917/3fe9d593/attachment.html From mailinglist at asyouneed.com Mon Sep 17 16:02:53 2007 From: mailinglist at asyouneed.com (mailinglist) Date: Mon Sep 17 16:03:14 2007 Subject: High scoring spam rules file In-Reply-To: <63adcb1ddc3c404daf96e8d7c0baa79f@solidstatelogic.com> Message-ID: <200709171503.l8HF3CtU022867@www.asyouneed.com> Not sure if this is right but I noticed in the log it was complaining about high.spam.rules appearing to be a rules file and needing renaming to .rule or .rules. Odd I thought so I renamed to highspam.rules and it is now working. Also I removed the FromOrTo: for the default and changed it to just To: One of these actions appears to have fixed it. Thanks all. Dee -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth Sent: 17 September 2007 15:47 To: MailScanner discussion Subject: RE: High scoring spam rules file Dee Make sure that the actual recipient (envelope-to) is somedomain.com If its to multiple recipients only the first will take effect unless you do something clever like split out to individual recipients at the MTA as described in the wiki. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of mailinglist > Sent: 17 September 2007 15:38 > To: MailScanner discussion > Subject: RE: High scoring spam rules file > > Couldn't see the wood for the trees there, however I've checked config and > it has the colons after the "To"s. > > Also just rebooted the whole server to make sure it's loading new config > but > still nothing, mail is marked as {Spam?} and delivered. > > Dee > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Anthony > Peacock > Sent: 17 September 2007 14:59 > To: MailScanner discussion > Subject: Re: High scoring spam rules file > > Hi, > > mailinglist wrote: > > Shouldn't be a typo there I still can't see it if there is. > > Did you cut&paste the example configuration lines or retype them? > > If you cut&pasted them, then you are missing two colons (:) after the > "To"s. > > > > > > Yes I restarted Mailscanner after this but no joy. > > > > Dee > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > Martin.Hepworth > > Sent: 17 September 2007 14:35 > > To: MailScanner discussion > > Subject: RE: High scoring spam rules file > > > > Assumee there's a deliberate typo there.. > > > > To: somedomain.com delete > > To: other.domain.com delete > > FromOrTo: default deliver header "X-Spam-Status: Yes" > > > > And you restarted mailscanner after this change? > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of mailinglist > >> Sent: 17 September 2007 14:28 > >> To: MailScanner discussion > >> Subject: High scoring spam rules file > >> > >> Hi All, > >> > >> > >> > >> I tried to do different things with high scoring spam > >> depending on the domain it's sent to and have done the following. > >> > >> > >> > >> Created file called high.spam.rules in the mailscanner etc rules folder > >> > >> > >> > >> # Default Rules for high scoring spam. > >> > >> To somedomain.com delete > >> > >> To other.domain.com delete > >> > >> FromOrTo: default deliver header "X- > Spam- > >> Status: Yes" > >> > >> > >> > >> Then edited Mailscanner.conf > >> > >> > >> > >> High Scoring Spam Actions = /opt/Mailscanner/etc/rules/high.spam.rules > >> > >> > >> > >> But it isn't deleting the high scoring junk any ideas? > >> > >> > >> > >> Dee > > > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are intended for the > > addressee only and may be confidential. If they come to you in error > > you must take no action based on them, nor must you copy or show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data corruption. We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales > > (Company No:5362730) > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > United Kingdom > > ********************************************************************** > > > > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "A CAT scan should take less time than a PET scan. For a CAT scan, > they're only looking for one thing, whereas a PET scan could result in > a lot of things." - Carl Princi, 2002/07/19 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From sconway at wlnet.com Mon Sep 17 16:32:19 2007 From: sconway at wlnet.com (Stephen Conway) Date: Mon Sep 17 16:32:49 2007 Subject: ArchiveMail Exclusions In-Reply-To: <46EBE421.1070400@ecs.soton.ac.uk> References: <0ab401c7f642$7c334e00$7499ea00$@com> <46E9A42E.8090206@ecs.soton.ac.uk> <10cf01c7f70c$c7bd2b00$57378100$@com> <46EBE421.1070400@ecs.soton.ac.uk> Message-ID: <18a501c7f93f$ef6d1db0$ce475910$@com> Hello Julien: Yes, sorry I think I wasn't clear what I was asking. I know that if you enter as an action here an e-mail address that messages will go to that e-mail. But as I have seen, this sends a 'copy' of the message to the address (meaning that a copy still goes to the original recipient). Is there a way for example, putting a ! in front of the address, where the message is actually forwarded (not copy) to the other address? Also, I have another item as well. I have blacklist file, and it seems that if MailScanner sees another 'X-Spam: No' flag in the message, that it will not block the message even if on the black list. Any way to bypass this, to make MailScanner scan for Spam even if the message has been scanned by another Relay server before? Thanks as always for assistance. Steve -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Saturday, September 15, 2007 9:55 AM To: MailScanner discussion Subject: Re: ArchiveMail Exclusions As it says right at the top of the comment about Archive Mail =, you can include # Space-separated list of any combination of # 1. email addresses to which mail should be forwarded, # 2. directory names where you want mail to be stored, # 3. file names (they must already exist!) to which mail will be appended # in "mbox" format suitable for most Unix mail systems. Stephen Conway wrote: > Hello Julien: > > Thanks very much for that. Seems to work OK. > > One other question, is there a way using ArchiveMail to forward messages > instead of just make an archive? > > Ex: > > To: *@domain.com !somegroupmailbox@otherdomain.com > > Thanks, > > Steve > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Thursday, September 13, 2007 4:57 PM > To: MailScanner discussion > Subject: Re: ArchiveMail Exclusions > > Stephen, > > Stephen Conway wrote: > >> Hello: >> >> I have the requirement to archive mail for some senders to a certain >> > address > >> but not if certain senders are matched, I have put the following but it >> still always archives, any way to configure this? >> >> From: *@dontcopydomain.com and To: @domaintobecopied.com >> no >> >> > That will attempt to archive the mail to a directory called "no" which > isn't what you meant. To archive nothing, you just leave it blank, so > this is what you meant: > From: dontcopydomain.com and to: domaintobecopied.com > >> From: *@* and To: @domaintobecopied.com >> usertobecopied@otherdomain.com >> >> > That (the second line) is the same as saying > To: domaintobecopied.com usertobecopied@otherdomain.com > >> This type of logic works well for the Max Message size rules, to have size >> restrictions for certain domains than others, but for this ruleset file >> which is type (AllMatch) as per docs, it doesn't use same logic. >> >> > Correct, as it's an "AllMatch". This means that it will archive to all > of the places and addresses specified by all the matching rules. That > seemed a sensible thing to do at the time, and I still believe is what > most people will want. > > If you want to make it a FirstMatch, edit > /usr/lib/MailScanner/MailScanner/ConfigDefs.pl and move this line: > ArchiveMail > from the [All,Other] section to the [First,Other] section. > Then restart MailScanner, and you will have changed the logic it uses. > Dead easy. > Remember to re-apply the change when you next upgrade MailScanner, as > changes you make to that file will be lost during the upgrade process. > > Jules > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- ShipMail Now 30% Faster From shuttlebox at gmail.com Mon Sep 17 17:20:51 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Sep 17 17:20:54 2007 Subject: ArchiveMail Exclusions In-Reply-To: <18a501c7f93f$ef6d1db0$ce475910$@com> References: <0ab401c7f642$7c334e00$7499ea00$@com> <46E9A42E.8090206@ecs.soton.ac.uk> <10cf01c7f70c$c7bd2b00$57378100$@com> <46EBE421.1070400@ecs.soton.ac.uk> <18a501c7f93f$ef6d1db0$ce475910$@com> Message-ID: <625385e30709170920x5e6a911ekca0a1556da07a4cc@mail.gmail.com> On 9/17/07, Stephen Conway wrote: > Hello Julien: > > Yes, sorry I think I wasn't clear what I was asking. I know that if you > enter as an action here an e-mail address that messages will go to that > e-mail. But as I have seen, this sends a 'copy' of the message to the > address (meaning that a copy still goes to the original recipient). Is > there a way for example, putting a ! in front of the address, where the > message is actually forwarded (not copy) to the other address? No, you do that with the normal actions (non spam, spam, high scoring spam). Make a ruleset that contains something like: To: user@domain.com forward another.user@domain.com FromOrTo: default deliver You change the default line to what you normally use for the respective action. -- /peter From MailScanner at ecs.soton.ac.uk Mon Sep 17 17:44:49 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 17 17:45:05 2007 Subject: Admin Guide Question In-Reply-To: <46EE7A9C.3080302@ocosa.com> References: <46EDEBC6.2010408@ocosa.com> <1190015382.25710.0.camel@gblades-suse.linguaphone-intranet.co.uk> <46EE7A9C.3080302@ocosa.com> Message-ID: <46EEAF01.1070205@ecs.soton.ac.uk> OCOSA ListAcct wrote: > > Ok thanks Gareth...I could not find a valid link to purchase There's a dirty great big "BUY" button on www.mailscanner.info. Why not use that? > so I asked then I navigated back to the home page of MailScanner and > saw that lulu is where the book is located. It's on CafePress (if you're West of the Atlantic) and Lulu (if you're East of the Atlantic). > > Have you purchased the book? Is it in detail? How is it? > > Gareth wrote: >> The best thing to do would be to buy a copy of the book. >> >> On Mon, 2007-09-17 at 03:51, OCOSA ListAcct wrote: >> >>> Hello, >>> >>> I was wondering if anyone had a copy of the MailScanner >>> Administrators Guide the latest via pdf or know of any guides for >>> CentOS 5? I am really looking for a detailed guide to get a feel for >>> how MailScanner works and how I can implement this software with our >>> current systems. Any help is appreciated!!! >>> >>> Otis >>> >> >> > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Mon Sep 17 17:46:26 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 17 17:46:46 2007 Subject: High scoring spam rules file In-Reply-To: References: Message-ID: <46EEAF62.5000703@ecs.soton.ac.uk> The ":" is irrelevant. It's the "to" that matters, MailScanner doesn't care much for punctuation, put it in if it makes you happy :-) Martin.Hepworth wrote: > Dee > > I put > > To: domain.com delete > > You put > > To domain.com delete > > (you missed out a ':' after the "To") > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of mailinglist >> Sent: 17 September 2007 14:52 >> To: MailScanner discussion >> Subject: RE: High scoring spam rules file >> >> Shouldn't be a typo there I still can't see it if there is. >> >> Yes I restarted Mailscanner after this but no joy. >> >> Dee >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> Martin.Hepworth >> Sent: 17 September 2007 14:35 >> To: MailScanner discussion >> Subject: RE: High scoring spam rules file >> >> Assumee there's a deliberate typo there.. >> >> To: somedomain.com delete >> To: other.domain.com delete >> FromOrTo: default deliver header "X-Spam-Status: Yes" >> >> And you restarted mailscanner after this change? >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of mailinglist >>> Sent: 17 September 2007 14:28 >>> To: MailScanner discussion >>> Subject: High scoring spam rules file >>> >>> Hi All, >>> >>> >>> >>> I tried to do different things with high scoring spam >>> depending on the domain it's sent to and have done the following. >>> >>> >>> >>> Created file called high.spam.rules in the mailscanner etc rules folder >>> >>> >>> >>> # Default Rules for high scoring spam. >>> >>> To somedomain.com delete >>> >>> To other.domain.com delete >>> >>> FromOrTo: default deliver header "X-Spam- >>> Status: Yes" >>> >>> >>> >>> Then edited Mailscanner.conf >>> >>> >>> >>> High Scoring Spam Actions = /opt/Mailscanner/etc/rules/high.spam.rules >>> >>> >>> >>> But it isn't deleting the high scoring junk any ideas? >>> >>> >>> >>> Dee >>> >> >> >> >> ********************************************************************** >> Confidentiality : This e-mail and any attachments are intended for the >> addressee only and may be confidential. If they come to you in error >> you must take no action based on them, nor must you copy or show them >> to anyone. Please advise the sender by replying to this e-mail >> immediately and then delete the original from your computer. >> Opinion : Any opinions expressed in this e-mail are entirely those of >> the author and unless specifically stated to the contrary, are not >> necessarily those of the author's employer. >> Security Warning : Internet e-mail is not necessarily a secure >> communications medium and can be subject to data corruption. We advise >> that you consider this fact when e-mailing us. >> Viruses : We have taken steps to ensure that this e-mail and any >> attachments are free from known viruses but in keeping with good >> computing practice, you should ensure that they are virus free. >> >> Red Lion 49 Ltd T/A Solid State Logic >> Registered as a limited company in England and Wales >> (Company No:5362730) >> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >> United Kingdom >> ********************************************************************** >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Mon Sep 17 17:54:57 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 17 17:55:59 2007 Subject: ArchiveMail Exclusions In-Reply-To: <18a501c7f93f$ef6d1db0$ce475910$@com> References: <0ab401c7f642$7c334e00$7499ea00$@com> <46E9A42E.8090206@ecs.soton.ac.uk> <10cf01c7f70c$c7bd2b00$57378100$@com> <46EBE421.1070400@ecs.soton.ac.uk> <18a501c7f93f$ef6d1db0$ce475910$@com> Message-ID: <46EEB161.4040105@ecs.soton.ac.uk> Stephen Conway wrote: > Hello Julien: > > Yes, sorry I think I wasn't clear what I was asking. I know that if you > enter as an action here an e-mail address that messages will go to that > e-mail. But as I have seen, this sends a 'copy' of the message to the > address (meaning that a copy still goes to the original recipient). Is > there a way for example, putting a ! in front of the address, where the > message is actually forwarded (not copy) to the other address? > Do that with non-spam actions, spam actions and high-scoring spam actions. > Also, I have another item as well. I have blacklist file, and it seems that > if MailScanner sees another 'X-Spam: No' flag in the message, that it will > not block the message even if on the black list. Any way to bypass this, to > make MailScanner scan for Spam even if the message has been scanned by > another Relay server before? > That's not happening. MailScanner doesn't rely on *anything* in the headers to control scanning, as everything in the headers can be forged by a spammer or virus writer. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Saturday, September 15, 2007 9:55 AM > To: MailScanner discussion > Subject: Re: ArchiveMail Exclusions > > As it says right at the top of the comment about Archive Mail =, you can > include > > # Space-separated list of any combination of > # 1. email addresses to which mail should be forwarded, > # 2. directory names where you want mail to be stored, > # 3. file names (they must already exist!) to which mail will be appended > # in "mbox" format suitable for most Unix mail systems. > > Stephen Conway wrote: > >> Hello Julien: >> >> Thanks very much for that. Seems to work OK. >> >> One other question, is there a way using ArchiveMail to forward messages >> instead of just make an archive? >> >> Ex: >> >> To: *@domain.com !somegroupmailbox@otherdomain.com >> >> Thanks, >> >> Steve >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian >> Field >> Sent: Thursday, September 13, 2007 4:57 PM >> To: MailScanner discussion >> Subject: Re: ArchiveMail Exclusions >> >> Stephen, >> >> Stephen Conway wrote: >> >> >>> Hello: >>> >>> I have the requirement to archive mail for some senders to a certain >>> >>> >> address >> >> >>> but not if certain senders are matched, I have put the following but it >>> still always archives, any way to configure this? >>> >>> From: *@dontcopydomain.com and To: @domaintobecopied.com >>> no >>> >>> >>> >> That will attempt to archive the mail to a directory called "no" which >> isn't what you meant. To archive nothing, you just leave it blank, so >> this is what you meant: >> From: dontcopydomain.com and to: domaintobecopied.com >> >> >>> From: *@* and To: @domaintobecopied.com >>> usertobecopied@otherdomain.com >>> >>> >>> >> That (the second line) is the same as saying >> To: domaintobecopied.com usertobecopied@otherdomain.com >> >> >>> This type of logic works well for the Max Message size rules, to have >>> > size > >>> restrictions for certain domains than others, but for this ruleset file >>> which is type (AllMatch) as per docs, it doesn't use same logic. >>> >>> >>> >> Correct, as it's an "AllMatch". This means that it will archive to all >> of the places and addresses specified by all the matching rules. That >> seemed a sensible thing to do at the time, and I still believe is what >> most people will want. >> >> If you want to make it a FirstMatch, edit >> /usr/lib/MailScanner/MailScanner/ConfigDefs.pl and move this line: >> ArchiveMail >> from the [All,Other] section to the [First,Other] section. >> Then restart MailScanner, and you will have changed the logic it uses. >> Dead easy. >> Remember to re-apply the change when you next upgrade MailScanner, as >> changes you make to that file will be lost during the upgrade process. >> >> Jules >> >> >> > > Jules > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Mon Sep 17 19:04:15 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Sep 17 19:05:09 2007 Subject: format error: can't find EOCD signature In-Reply-To: References: Message-ID: Simon Jones spake the following on 9/14/2007 6:02 AM: > Hi, ok been playing with the debug tool :) > > What can cause the following when running mailscanner --debug > --debug-sa? > > [20434] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=3.88, > head-points=3.88, learned-points=0 > [20434] dbg: learn: auto-learn? no: inside auto-learn thresholds, not > considered ham or spam No one commented on this error. It just means that the message was outside the auto-learn thresholds. > Ignore errors about failing to find EOCD signature > format error: can't find EOCD signature > at /usr/sbin/MailScanner line 820 > Stopping now as you are debugging me. > > This is on a different machine to the previous problems with the choked > hold directory btw. > > Simon Jones > -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Sep 17 19:06:33 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Sep 17 19:10:27 2007 Subject: format error: can't find EOCD signature In-Reply-To: References: <223f97700709140656y70970258oc75ff81842e477bb@mail.gmail.com> Message-ID: Simon Jones spake the following on 9/14/2007 6:58 AM: > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Glenn Steen >> Sent: 14 September 2007 14:56 >> To: MailScanner discussion >> Subject: Re: format error: can't find EOCD signature >> >> On 14/09/2007, Simon Jones wrote: >>> Hi, ok been playing with the debug tool :) >>> >> (snip) >>> Ignore errors about failing to find EOCD signature >> The above is the only really important line to read, concernuing this. >> >> Cheers >> -- >> -- Glenn >> email: glenn < dot > steen < at > gmail < dot > com >> work: glenn < dot > steen < at > ap1 < dot > se > > Ok, but what does it mean? More importantly is it causing me problems? > The machine seems to scan OK but I can't get bayes to work so it is > slightly less effective than the other servers at detecting junk. Has the machine seen the required 200 hams and spams to start the database? If you already have other systems at the same location, you could always dump the bayes from a good working system and restore to the new one, or put bayes in sql and let all the systems share it. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Sep 17 19:14:52 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Sep 17 19:16:15 2007 Subject: Queue control? In-Reply-To: <223f97700709150242g46b3d9bfq2fe4d83a634354b1@mail.gmail.com> References: <46EB27AD.60905@whidbey.com> <46EB4171.6000404@maddoc.net> <46EB4DFA.8030101@whidbey.com> <223f97700709150242g46b3d9bfq2fe4d83a634354b1@mail.gmail.com> Message-ID: Glenn Steen spake the following on 9/15/2007 2:42 AM: > On 15/09/2007, G. Armour Van Horn wrote: >> Doc Schneider wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> G. Armour Van Horn wrote: >> >> >> Some unspeakable person flooded Hotmail with spam that looked like it >> came from me overnight, and I'm struggling under the onslaught of error >> messages. Hotmail is pumping the messages in, and as long as the load >> average is under 12 the system is accepting them, but for the most part >> they're just piling up and not being delivered to the local user. >> >> Earlier this afternoon there were so many files in mqueue.in that I >> couldn't run ls to see how bad it was. I renamed the directory and >> created a new one, and not it has over 12,000 files in it, which must >> mean there are over 6,000 more messages waiting to be processed. >> >> I don't really want to read them all, but I do want to get them >> processed so I can read the valid mail that is certainly hidden in there. >> >> I tried bumping the Max children from the default up to 20 to see if >> that would force it to start delivering the mail, but that when my load >> average hit 16 I stopped MailScanner. (I did "service MailScanner stop" >> at a load average of just under 16, it didn't actually stop until the >> load average had hit 25.) Obviously that wasn't the right approach, so >> now I've set it down to 3 children which is keeping the memory use and >> load average within reason, but it still isn't delivering any mail. >> >> Is there something I can do to force the system to devote at least some >> resources to working through the queue instead of just piling it higher? >> >> Van >> >> >> >> service MailScanner stop >> service MailScanner startout (this will stop all incoming mail and will >> just process mail being held in mqueue.in) >> >> HTH >> >> - -- >> - -Doc >> Lincoln, NE. >> http://www.genealogyforyou.com/ >> http://www.cairnproductions.com/ >> >> Actually, it looks to me like that just lets Sendmail process the mail >> being held in mqueue. The problem is, there isn't anything there. If I >> understand this correctly, it is MailScanner that takes the messages from >> mqueue.in and moves them to mqueue, which is the part that isn't happening. >> >> I tried to modify the "start" section of /etc/init.d/MailScanner to start >> both the outbound Sendmail and MailScanner, but that wasn't as simple as I >> hoped. Right now I'm moving massive chunks of mail from the mqueue.in (and >> backups thereof) into mqueue, then using the "startout" option, which is >> working. Tedious, but it's working. > > You can do as Doc suggests, then run check_MailScanner, which will > start mailscanner... and start filling that outgoing queue. > >> Of course, if Hotmail has another million messages for me when I start the >> standard MailScanner back up I don't know what I can do about it. > > You might want to temporarily blacklist the sending servers in you MTA > or use an FW rule against them. One would think that the i....s would > know to scan everything and not bounce bad things. Sigh. If it > persists, one could seriously consider some form of action against > them.... even legal... > > I, and probably everyone else here, sympathise with you/your situation.... > > Cheers Since Hotmail is Microsoft, he will probably have to stand in line for the legal action. I would just block hotmail.com in the access file (sendmail) and re-enable it after a few days when they expire and fail the messages. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From dnsadmin at 1bigthink.com Mon Sep 17 19:20:19 2007 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Mon Sep 17 19:20:36 2007 Subject: Admin Guide Question In-Reply-To: <46EDEBC6.2010408@ocosa.com> References: <46EDEBC6.2010408@ocosa.com> Message-ID: <200709171820.l8HIKadt032710@mxt.1bigthink.com> At 10:51 PM 9/16/2007, you wrote: >Hello, > >I was wondering if anyone had a copy of the MailScanner >Administrators Guide the latest via pdf or know of any guides for >CentOS 5? I am really looking for a detailed guide to get a feel for >how MailScanner works and how I can implement this software with our >current systems. Any help is appreciated!!! Aside from the book, you could also download a copy of the program, itself and browse the MailScanner.conf file, as it is meticulously commented/documented. Cheers! From dgottsc at emory.edu Mon Sep 17 19:30:12 2007 From: dgottsc at emory.edu (Gottschalk, David) Date: Mon Sep 17 19:30:25 2007 Subject: Queue control? In-Reply-To: References: <46EB27AD.60905@whidbey.com> <46EB4171.6000404@maddoc.net> <46EB4DFA.8030101@whidbey.com> <223f97700709150242g46b3d9bfq2fe4d83a634354b1@mail.gmail.com> Message-ID: <8D2EFA3D9FD29C45BCEC3B532F0E2308413589FC5D@RDPEXCH2.Eu.Emory.Edu> That's the way to go. Block them entirely for about 5 days. David Gottschalk UTS Infrastructure Technology Services david.gottschalk@emory.edu -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva Sent: Monday, September 17, 2007 2:15 PM To: mailscanner@lists.mailscanner.info Subject: Re: Queue control? Glenn Steen spake the following on 9/15/2007 2:42 AM: > On 15/09/2007, G. Armour Van Horn wrote: >> Doc Schneider wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> G. Armour Van Horn wrote: >> >> >> Some unspeakable person flooded Hotmail with spam that looked like it >> came from me overnight, and I'm struggling under the onslaught of error >> messages. Hotmail is pumping the messages in, and as long as the load >> average is under 12 the system is accepting them, but for the most part >> they're just piling up and not being delivered to the local user. >> >> Earlier this afternoon there were so many files in mqueue.in that I >> couldn't run ls to see how bad it was. I renamed the directory and >> created a new one, and not it has over 12,000 files in it, which must >> mean there are over 6,000 more messages waiting to be processed. >> >> I don't really want to read them all, but I do want to get them >> processed so I can read the valid mail that is certainly hidden in there. >> >> I tried bumping the Max children from the default up to 20 to see if >> that would force it to start delivering the mail, but that when my load >> average hit 16 I stopped MailScanner. (I did "service MailScanner stop" >> at a load average of just under 16, it didn't actually stop until the >> load average had hit 25.) Obviously that wasn't the right approach, so >> now I've set it down to 3 children which is keeping the memory use and >> load average within reason, but it still isn't delivering any mail. >> >> Is there something I can do to force the system to devote at least some >> resources to working through the queue instead of just piling it higher? >> >> Van >> >> >> >> service MailScanner stop >> service MailScanner startout (this will stop all incoming mail and will >> just process mail being held in mqueue.in) >> >> HTH >> >> - -- >> - -Doc >> Lincoln, NE. >> http://www.genealogyforyou.com/ >> http://www.cairnproductions.com/ >> >> Actually, it looks to me like that just lets Sendmail process the mail >> being held in mqueue. The problem is, there isn't anything there. If I >> understand this correctly, it is MailScanner that takes the messages from >> mqueue.in and moves them to mqueue, which is the part that isn't happening. >> >> I tried to modify the "start" section of /etc/init.d/MailScanner to start >> both the outbound Sendmail and MailScanner, but that wasn't as simple as I >> hoped. Right now I'm moving massive chunks of mail from the mqueue.in (and >> backups thereof) into mqueue, then using the "startout" option, which is >> working. Tedious, but it's working. > > You can do as Doc suggests, then run check_MailScanner, which will > start mailscanner... and start filling that outgoing queue. > >> Of course, if Hotmail has another million messages for me when I start the >> standard MailScanner back up I don't know what I can do about it. > > You might want to temporarily blacklist the sending servers in you MTA > or use an FW rule against them. One would think that the i....s would > know to scan everything and not bounce bad things. Sigh. If it > persists, one could seriously consider some form of action against > them.... even legal... > > I, and probably everyone else here, sympathise with you/your situation.... > > Cheers Since Hotmail is Microsoft, he will probably have to stand in line for the legal action. I would just block hotmail.com in the access file (sendmail) and re-enable it after a few days when they expire and fail the messages. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From rcooper at dwford.com Mon Sep 17 19:30:22 2007 From: rcooper at dwford.com (Rick Cooper) Date: Mon Sep 17 19:30:27 2007 Subject: format error: can't find EOCD signature In-Reply-To: References: Message-ID: <044d01c7f958$cefc54b0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Scott Silva > Sent: Monday, September 17, 2007 2:04 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: format error: can't find EOCD signature > > Simon Jones spake the following on 9/14/2007 6:02 AM: > > Hi, ok been playing with the debug tool :) > > > > What can cause the following when running mailscanner --debug > > --debug-sa? > > > > [20434] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=3.88, > > head-points=3.88, learned-points=0 > > [20434] dbg: learn: auto-learn? no: inside auto-learn > thresholds, not > > considered ham or spam > > No one commented on this error. It just means that the > message was outside the > auto-learn thresholds. > [...] Actually I commented, and also posted a one line code snippet for Julian that would keep that error from every being seen in the first place. I just assumed he wasn't interested Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Mon Sep 17 19:27:08 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Sep 17 19:44:48 2007 Subject: High scoring spam rules file In-Reply-To: <200709171503.l8HF3CtU022867@www.asyouneed.com> References: <63adcb1ddc3c404daf96e8d7c0baa79f@solidstatelogic.com> <200709171503.l8HF3CtU022867@www.asyouneed.com> Message-ID: mailinglist spake the following on 9/17/2007 8:02 AM: > Not sure if this is right but I noticed in the log it was complaining about > high.spam.rules appearing to be a rules file and needing renaming to .rule > or .rules. Odd I thought so I renamed to highspam.rules and it is now > working. > > Also I removed the FromOrTo: for the default and changed it to just To: > > One of these actions appears to have fixed it. > > Thanks all. > > Dee AFAIR the rules parser wants the rule files to end in .rules -- I do believe it is in the docs and the comments. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From rgreen at trayerproducts.com Mon Sep 17 19:57:38 2007 From: rgreen at trayerproducts.com (Rodney Green) Date: Mon Sep 17 19:57:43 2007 Subject: Spam Free "Archive Mail" In-Reply-To: <46E50DE7.2040101@infoservers.net> References: <000601c7f2b7$77e0b2e0$64fefe0a@beauhqlo3ihx4g> <46E46C38.4090202@ecs.soton.ac.uk> <46E50DE7.2040101@infoservers.net> Message-ID: <31e7748d0709171157u10b6526co6e4d12aac4733a3@mail.gmail.com> On 9/10/07, Graham S. Jarvis wrote: > > > Hello All, > > I have tried to google the list for help on how to get the spam out of > the "Archive Mail" files. > The only thing I could find was: > (http://lists.mailscanner.info/pipermail/mailscanner/2006-March/059056.html) > but DrewB doesn't seem to be around any more. The way I've been collecting spam/virus free archives is to use the aliases mapping. I set up mail to be delivered to a specific user, i.e. "jdoe" in the aliases file (/etc/aliases) to both deliver to the user's mailbox file and a separate archive file. In /etc/aliases: jdoe: jdoe,/var/archive/jdoe.mbx This delivers spam/virus clean messages to both the user's account and the archive file at /var/archive/jdoe.mbx. This takes care of incoming e-mail. As for e-mail being sent by the user, I use the MailScanner archive rules. So in archive.rules I would have the following: FromOrTo: default no From: jdoe@domain.com /var/archive/jdoe.mbx This appends the outgoing mail sent by "jdoe" to the same archive file that the aliases file appends messages to. This is just the way I do it. It seems to work fine for me. I imagine some others will have input as to potential problems with this method though. :-) Rod From grupolistas at gmail.com Mon Sep 17 20:40:22 2007 From: grupolistas at gmail.com (infolistas listas) Date: Mon Sep 17 20:40:26 2007 Subject: Program MailScanner, 1 process(es), refused to die. Message-ID: <44c071aa0709171240m26f12bc3kc0397b2f92cc0508@mail.gmail.com> Could anyone help me with this? Program MailScanner, 1 process(es), refused to die. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070917/f40dc4d2/attachment.html From gsjarvis at infoservers.net Mon Sep 17 20:41:32 2007 From: gsjarvis at infoservers.net (Graham S. Jarvis) Date: Mon Sep 17 20:41:19 2007 Subject: Spam Free "Archive Mail" In-Reply-To: <31e7748d0709171157u10b6526co6e4d12aac4733a3@mail.gmail.com> References: <000601c7f2b7$77e0b2e0$64fefe0a@beauhqlo3ihx4g> <46E46C38.4090202@ecs.soton.ac.uk> <46E50DE7.2040101@infoservers.net> <31e7748d0709171157u10b6526co6e4d12aac4733a3@mail.gmail.com> Message-ID: <46EED86C.80509@infoservers.net> Rodney, Thanks for that idea. The problem I have is that the server running MailScanner doesn't have any users. Mail for each domain is being scanned and then routed to the final destination via a mailertable entry. We don't even know who/how many users there are for each domain. Thanks again for taking the time to post though! Regards to all, -Graham- Rodney Green wrote: > On 9/10/07, Graham S. Jarvis wrote: >> >> Hello All, >> >> I have tried to google the list for help on how to get the spam out of >> the "Archive Mail" files. >> The only thing I could find was: >> (http://lists.mailscanner.info/pipermail/mailscanner/2006-March/059056.html) >> but DrewB doesn't seem to be around any more. > > The way I've been collecting spam/virus free archives is to use the > aliases mapping. I set up mail to be delivered to a specific user, > i.e. "jdoe" in the aliases file (/etc/aliases) to both deliver to the > user's mailbox file and a separate archive file. > > In /etc/aliases: > > jdoe: jdoe,/var/archive/jdoe.mbx > > This delivers spam/virus clean messages to both the user's account and > the archive file at /var/archive/jdoe.mbx. This takes care of incoming > e-mail. > > As for e-mail being sent by the user, I use the MailScanner archive > rules. So in archive.rules I would have the following: > > FromOrTo: default no > From: jdoe@domain.com /var/archive/jdoe.mbx > > This appends the outgoing mail sent by "jdoe" to the same archive file > that the aliases file > appends messages to. > > This is just the way I do it. It seems to work fine for me. I imagine > some others will have input as to potential problems with this method > though. :-) > > Rod From MailScanner at ecs.soton.ac.uk Mon Sep 17 20:49:22 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 17 20:49:38 2007 Subject: Admin Guide Question In-Reply-To: <200709171820.l8HIKadt032710@mxt.1bigthink.com> References: <46EDEBC6.2010408@ocosa.com> <200709171820.l8HIKadt032710@mxt.1bigthink.com> Message-ID: <46EEDA42.1090004@ecs.soton.ac.uk> dnsadmin 1bigthink.com wrote: > At 10:51 PM 9/16/2007, you wrote: > >> Hello, >> >> I was wondering if anyone had a copy of the MailScanner >> Administrators Guide the latest via pdf or know of any guides for >> CentOS 5? I am really looking for a detailed guide to get a feel for >> how MailScanner works and how I can implement this software with our >> current systems. Any help is appreciated!!! > > Aside from the book, you could also download a copy of the program, > itself and browse the MailScanner.conf file, as it is meticulously > commented/documented. Note however that the documentation of each configuration option in the book is carefully done using a different wording from the docs in the MailScanner.conf file. So if you don't quite follow one version for a particular config option, you may well understand the other one better. I was very careful to write them independently, so they don't end up saying the same thing. The book also has the advantage that, instead of listing the options alphabetically or anything like that, every option is put in context along with its related options. So the book does add a lot of content that you won't get elsewhere. Buy it straight off the website www.mailscanner.info. Your money is perfectly safe, I am not involved in any of the transactions. There are 2 suppliers, the main one (CafePress for people west of the Atlantic) and a new deal I have recently arranged with Lulu for people east of the Atlantic, so you pay the minimum possible shipping costs. The book itself costs $40 or ?20 roughly, which I reckon is cheap for a specialist technical book these days. I might put the price up some time, once I have compared it with similar books in the USA. The UK price is certainly cheaper than similar books on other topics, in my view. It's my only source of income from MailScanner, apart from occasional contract jobs sorting out people's servers and getting them well setup. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Mon Sep 17 20:50:18 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 17 20:50:35 2007 Subject: High scoring spam rules file In-Reply-To: References: <63adcb1ddc3c404daf96e8d7c0baa79f@solidstatelogic.com> <200709171503.l8HF3CtU022867@www.asyouneed.com> Message-ID: <46EEDA7A.4050709@ecs.soton.ac.uk> Scott Silva wrote: > mailinglist spake the following on 9/17/2007 8:02 AM: >> Not sure if this is right but I noticed in the log it was complaining >> about >> high.spam.rules appearing to be a rules file and needing renaming to >> .rule >> or .rules. Odd I thought so I renamed to highspam.rules and it is now >> working. >> >> Also I removed the FromOrTo: for the default and changed it to just To: >> >> One of these actions appears to have fixed it. >> >> Thanks all. >> >> Dee > AFAIR the rules parser wants the rule files to end in .rules -- > I do believe it is in the docs and the comments. It doesn't always actually need it, but it does occasionally and tends to make it happier. So it's a good idea to make them end in .rules or .rule. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Mon Sep 17 20:51:46 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 17 20:52:06 2007 Subject: format error: can't find EOCD signature In-Reply-To: <044d01c7f958$cefc54b0$0301a8c0@SAHOMELT> References: <044d01c7f958$cefc54b0$0301a8c0@SAHOMELT> Message-ID: <46EEDAD2.3070909@ecs.soton.ac.uk> Rick Cooper wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Scott Silva > > Sent: Monday, September 17, 2007 2:04 PM > > To: mailscanner@lists.mailscanner.info > > Subject: Re: format error: can't find EOCD signature > > > > Simon Jones spake the following on 9/14/2007 6:02 AM: > > > Hi, ok been playing with the debug tool :) > > > > > > What can cause the following when running mailscanner --debug > > > --debug-sa? > > > > > > [20434] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=3.88, > > > head-points=3.88, learned-points=0 > > > [20434] dbg: learn: auto-learn? no: inside auto-learn > > thresholds, not > > > considered ham or spam > > > > No one commented on this error. It just means that the > > message was outside the > > auto-learn thresholds. > > > [...] > > > Actually I commented, and also posted a one line code snippet for Julian > that would keep that error from every being seen in the first place. I just > assumed he wasn't interested > He was interested, he just forgot to reply to the posting after he added the line to the source code (and credited the author with his patch in the Change Log). :-) Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Mon Sep 17 20:53:55 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 17 20:54:12 2007 Subject: Program MailScanner, 1 process(es), refused to die. In-Reply-To: <44c071aa0709171240m26f12bc3kc0397b2f92cc0508@mail.gmail.com> References: <44c071aa0709171240m26f12bc3kc0397b2f92cc0508@mail.gmail.com> Message-ID: <46EEDB53.4040107@ecs.soton.ac.uk> And what generated this? What operating system? What distribution? What version of MailScanner? What circumstances? A 1-line snipped of output from what might as well be a poetry generator is pretty useless to us. Sorry. infolistas listas wrote: > Could anyone help me with this? > > Program MailScanner, 1 process(es), refused to die. > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Mon Sep 17 21:01:59 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Sep 17 21:02:24 2007 Subject: Admin Guide Question In-Reply-To: <46EEDA42.1090004@ecs.soton.ac.uk> References: <46EDEBC6.2010408@ocosa.com> <200709171820.l8HIKadt032710@mxt.1bigthink.com> <46EEDA42.1090004@ecs.soton.ac.uk> Message-ID: Julian Field spake the following on 9/17/2007 12:49 PM: > > > dnsadmin 1bigthink.com wrote: >> At 10:51 PM 9/16/2007, you wrote: >> >>> Hello, >>> >>> I was wondering if anyone had a copy of the MailScanner >>> Administrators Guide the latest via pdf or know of any guides for >>> CentOS 5? I am really looking for a detailed guide to get a feel for >>> how MailScanner works and how I can implement this software with our >>> current systems. Any help is appreciated!!! >> >> Aside from the book, you could also download a copy of the program, >> itself and browse the MailScanner.conf file, as it is meticulously >> commented/documented. > Note however that the documentation of each configuration option in the > book is carefully done using a different wording from the docs in the > MailScanner.conf file. So if you don't quite follow one version for a > particular config option, you may well understand the other one better. > I was very careful to write them independently, so they don't end up > saying the same thing. > > The book also has the advantage that, instead of listing the options > alphabetically or anything like that, every option is put in context > along with its related options. > > So the book does add a lot of content that you won't get elsewhere. > > Buy it straight off the website www.mailscanner.info. Your money is > perfectly safe, I am not involved in any of the transactions. There are > 2 suppliers, the main one (CafePress for people west of the Atlantic) > and a new deal I have recently arranged with Lulu for people east of the > Atlantic, so you pay the minimum possible shipping costs. The book > itself costs $40 or ?20 roughly, which I reckon is cheap for a > specialist technical book these days. I might put the price up some > time, once I have compared it with similar books in the USA. The UK > price is certainly cheaper than similar books on other topics, in my > view. It's my only source of income from MailScanner, apart from > occasional contract jobs sorting out people's servers and getting them > well setup. > > Jules > If you keep it more reasonable, people are more likely to buy new copies every year or two. MailScanner has been such a moving target, and the options seem to be increasing exponentially. I do believe you have announced when a new version was available in the past, and maybe you could list the current version on the website so people might be more likely to know their version is "out of date". -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mrm at quantumcc.com Mon Sep 17 21:05:11 2007 From: mrm at quantumcc.com (Mike Masse) Date: Mon Sep 17 21:07:32 2007 Subject: Watermarking rehashed Message-ID: I've been bitten by the problem of Watermarking and OoO replies tripping the automatic spam designation. I like the idea of it and would reather not have to just turn it off. Is there any way to have the watermarking code just add spam points as opposed to automatically declaring a spam? Also, maybe I'm misunderstanding how watermarking works, but would it be possible to add a check in addition to the return path, in that the from: address gets looked at as well, and if the return path = null then it's a DSN, but if the from: address is not our domain, then it's not automatically backscatter? Mike From mikael at syska.dk Mon Sep 17 21:14:06 2007 From: mikael at syska.dk (Mikael Syska) Date: Mon Sep 17 21:12:28 2007 Subject: spams blacklist In-Reply-To: <44c071aa0709170752x6e6d1198rb8c6aa6404a6598f@mail.gmail.com> References: <44c071aa0709170752x6e6d1198rb8c6aa6404a6598f@mail.gmail.com> Message-ID: <46EEE00E.3040709@syska.dk> infolistas listas wrote: > Hi users, is it possible to blacklist all domains and only allow some > of them add whitelist?(only receive mail from specific domains) ohhh, that dont seem like a very good idea. > Is it possible to do that for specific users too? Yes ... with MailWatch ... and the BlackWhiteList module > Ex: user1 may send mail to anyone but can only receive from some > specific domains You could probebly write some rules to do that. > EX: user 2 may send mail to anyone and can receive mail from all domains This seems to be the default behavior ... ? send to all and receive from all, or am I mistaking something here... > How can I optimise mailscanner and spamassassin , they where working > well until saterday when I began to receive lots of spam? Maybe you have turned SA off, that might be the problem. Maybe runnning a very old SA ... there could be lots of problems. Join the SA mailing list .... you dont give much for us to go for .... you might as well just pay for getting mails scanned. > > Thanks > From grupolistas at gmail.com Mon Sep 17 21:18:46 2007 From: grupolistas at gmail.com (infolistas listas) Date: Mon Sep 17 21:18:49 2007 Subject: Program MailScanner, 1 process(es), refused to die. In-Reply-To: <46EEDB53.4040107@ecs.soton.ac.uk> References: <44c071aa0709171240m26f12bc3kc0397b2f92cc0508@mail.gmail.com> <46EEDB53.4040107@ecs.soton.ac.uk> Message-ID: <44c071aa0709171318o46c7c80apf2e7020c3be9f344@mail.gmail.com> And what generated this? - It happend after I added a couple of mail to the blacklist What operating system? - linux What distribution? - Ubuntu feisty What version of MailScanner? - This is MailScanner version 4.57.6 What circumstances? - adding blacklist domains on spamassassin A 1-line snipped of output from what might as well be a poetry generator is pretty useless to us. Sorry. 2007/9/17, Julian Field : > > And what generated this? What operating system? What distribution? What > version of MailScanner? What circumstances? > > A 1-line snipped of output from what might as well be a poetry generator > is pretty useless to us. Sorry. > > infolistas listas wrote: > > Could anyone help me with this? > > > > Program MailScanner, 1 process(es), refused to die. > > > > > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070917/82020ef1/attachment.html From mikael at syska.dk Mon Sep 17 21:24:29 2007 From: mikael at syska.dk (Mikael Syska) Date: Mon Sep 17 21:22:47 2007 Subject: fuzzyocr + mailscanner In-Reply-To: <1190038415.25715.14.camel@gblades-suse.linguaphone-intranet.co.uk> References: <44c071aa0709170655j4e0a1d18n638ad68905fe4062@mail.gmail.com> <1190038415.25715.14.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <46EEE27D.9040908@syska.dk> Hi, I use it on a FreeBSD 7.0-current system .... used the guide from http://fuzzyocr.own-hero.net/wiki/Installation-3.5.x and installed it from ports ... ( http://fuzzyocr.own-hero.net/wiki/Downloads - the 3.5.1 version ) works like a charm .... no problems what so ever ... and the image spam procentage is so low now, its not a problem ( in denmark ). // ouT Gareth wrote: > You need the SVN version of fuzzyocr if you are using spamassassin 3.2 > otherwise you wont get any results back. > The following URL gives some usefull information > http://www.freespamfilter.org/forum/viewforum.php?f=25 > > On Mon, 2007-09-17 at 14:55, infolistas listas wrote: > >> HI users, i just followed the >> http://www.howtoforge.com/fight_image_spam_with_fuzzyocr_spamassassin_p2 documentarion over fuzzyocr and spamassassin and i'm not really sure if it work, is there a way to conifgure fuzzyocr with mailscanner? >> >> Thanks >> >> >> ______________________________________________________________________ >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > From rcooper at dwford.com Mon Sep 17 21:38:08 2007 From: rcooper at dwford.com (Rick Cooper) Date: Mon Sep 17 21:38:20 2007 Subject: format error: can't find EOCD signature In-Reply-To: <46EEDAD2.3070909@ecs.soton.ac.uk> References: <044d01c7f958$cefc54b0$0301a8c0@SAHOMELT> <46EEDAD2.3070909@ecs.soton.ac.uk> Message-ID: <047b01c7f96a$ab3d4f40$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Julian Field > Sent: Monday, September 17, 2007 3:52 PM > To: MailScanner discussion > Subject: Re: format error: can't find EOCD signature > > > > Rick Cooper wrote: > > > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > > Behalf Of Scott Silva > > > Sent: Monday, September 17, 2007 2:04 PM > > > To: mailscanner@lists.mailscanner.info > > > Subject: Re: format error: can't find EOCD signature > > > > > > Simon Jones spake the following on 9/14/2007 6:02 AM: > > > > Hi, ok been playing with the debug tool :) > > > > > > > > What can cause the following when running mailscanner --debug > > > > --debug-sa? > > > > > > > > [20434] dbg: learn: auto-learn? ham=0.1, spam=12, > body-points=3.88, > > > > head-points=3.88, learned-points=0 > > > > [20434] dbg: learn: auto-learn? no: inside auto-learn > > > thresholds, not > > > > considered ham or spam > > > > > > No one commented on this error. It just means that the > > > message was outside the > > > auto-learn thresholds. > > > > > [...] > > > > > > Actually I commented, and also posted a one line code > snippet for Julian > > that would keep that error from every being seen in the > first place. I just > > assumed he wasn't interested > > > He was interested, he just forgot to reply to the posting > after he added > the line to the source code (and credited the author with > his patch in > the Change Log). [...] Oh I'm not the author, I remember seeing that or something similar a long time ago in a function for some program or another that used that perl module. If I could recall I would tell you where but it's not my original thought for certain. I just remember they used an empty function to replace the default handler as they also dumped anything that didn't evaluate to AZ_OK (undef would be same/same). But thanks! Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From list-mailscanner at linguaphone.com Mon Sep 17 21:51:20 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Sep 17 21:51:26 2007 Subject: fuzzyocr + mailscanner In-Reply-To: <46EEE27D.9040908@syska.dk> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Mikael > Syska > Sent: 17 September 2007 21:24 > To: MailScanner discussion > Subject: Re: fuzzyocr + mailscanner > > > Hi, > > I use it on a FreeBSD 7.0-current system .... used the guide from > http://fuzzyocr.own-hero.net/wiki/Installation-3.5.x > > and installed it from ports ... ( > http://fuzzyocr.own-hero.net/wiki/Downloads - the 3.5.1 version ) Make sure you read the 1st paragraph :) > works like a charm .... no problems what so ever ... and the image spam > procentage is so low now, its not a problem ( in denmark ). > From MailScanner at ecs.soton.ac.uk Mon Sep 17 22:04:26 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 17 22:04:53 2007 Subject: Admin Guide Question In-Reply-To: References: <46EDEBC6.2010408@ocosa.com> <200709171820.l8HIKadt032710@mxt.1bigthink.com> <46EEDA42.1090004@ecs.soton.ac.uk> Message-ID: <46EEEBDA.3090405@ecs.soton.ac.uk> Scott Silva wrote: > Julian Field spake the following on 9/17/2007 12:49 PM: >> >> >> dnsadmin 1bigthink.com wrote: >>> At 10:51 PM 9/16/2007, you wrote: >>> >>>> Hello, >>>> >>>> I was wondering if anyone had a copy of the MailScanner >>>> Administrators Guide the latest via pdf or know of any guides for >>>> CentOS 5? I am really looking for a detailed guide to get a feel >>>> for how MailScanner works and how I can implement this software >>>> with our current systems. Any help is appreciated!!! >>> >>> Aside from the book, you could also download a copy of the program, >>> itself and browse the MailScanner.conf file, as it is meticulously >>> commented/documented. >> Note however that the documentation of each configuration option in >> the book is carefully done using a different wording from the docs in >> the MailScanner.conf file. So if you don't quite follow one version >> for a particular config option, you may well understand the other one >> better. I was very careful to write them independently, so they don't >> end up saying the same thing. >> >> The book also has the advantage that, instead of listing the options >> alphabetically or anything like that, every option is put in context >> along with its related options. >> >> So the book does add a lot of content that you won't get elsewhere. >> >> Buy it straight off the website www.mailscanner.info. Your money is >> perfectly safe, I am not involved in any of the transactions. There >> are 2 suppliers, the main one (CafePress for people west of the >> Atlantic) and a new deal I have recently arranged with Lulu for >> people east of the Atlantic, so you pay the minimum possible shipping >> costs. The book itself costs $40 or ?20 roughly, which I reckon is >> cheap for a specialist technical book these days. I might put the >> price up some time, once I have compared it with similar books in the >> USA. The UK price is certainly cheaper than similar books on other >> topics, in my view. It's my only source of income from MailScanner, >> apart from occasional contract jobs sorting out people's servers and >> getting them well setup. >> >> Jules >> > If you keep it more reasonable, people are more likely to buy new > copies every year or two. Good thought. It didn't occur to me that people would update their copy. > MailScanner has been such a moving target, and the options seem to be > increasing exponentially. Every time I think it's pretty much a done job, someone comes up with something new they would like it to do! > I do believe you have announced when a new version was available in > the past, and maybe you could list the current version on the website > so people might be more likely to know their version is "out of date". Good idea. I'll have to check what is the current version of the book tomorrow morning. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Mon Sep 17 22:07:36 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 17 22:08:00 2007 Subject: Watermarking rehashed In-Reply-To: References: Message-ID: <46EEEC98.9000309@ecs.soton.ac.uk> Mike Masse wrote: > I've been bitten by the problem of Watermarking and OoO replies > tripping the automatic spam designation. I like the idea of it > and would reather not have to just turn it off. Is there any way to > have the watermarking code just add spam points as opposed to > automatically declaring a spam? I'll definitely take a look at doing that. > Also, maybe I'm misunderstanding how watermarking works, but would > it be possible to add a check in addition to the return path, in that > the from: address gets looked at as well, and if the return path = > null then it's a DSN, but if the from: address is not our domain, then > it's not automatically backscatter? I'm having a bit of a brain go-slow at the moment. Can you give me an example or two of what you mean? > > Mike > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From listacc at ocosa.com Mon Sep 17 22:10:06 2007 From: listacc at ocosa.com (OCOSA ListAcct) Date: Mon Sep 17 22:10:34 2007 Subject: Admin Guide Question In-Reply-To: <1190015382.25710.0.camel@gblades-suse.linguaphone-intranet.co.uk> References: <46EDEBC6.2010408@ocosa.com> <1190015382.25710.0.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <46EEED2E.5060803@ocosa.com> Thanks for the replies....I was just wondering because the cafe link said sorry book could not be found. I appreciate your help! I heard MailScanner was the best! Otis Gareth wrote: > The best thing to do would be to buy a copy of the book. > > On Mon, 2007-09-17 at 03:51, OCOSA ListAcct wrote: > >> Hello, >> >> I was wondering if anyone had a copy of the MailScanner Administrators >> Guide the latest via pdf or know of any guides for CentOS 5? I am really >> looking for a detailed guide to get a feel for how MailScanner works and >> how I can implement this software with our current systems. Any help is >> appreciated!!! >> >> Otis >> > > From listacc at ocosa.com Mon Sep 17 22:10:23 2007 From: listacc at ocosa.com (OCOSA ListAcct) Date: Mon Sep 17 22:10:51 2007 Subject: Admin Guide Question In-Reply-To: <46EEAF01.1070205@ecs.soton.ac.uk> References: <46EDEBC6.2010408@ocosa.com> <1190015382.25710.0.camel@gblades-suse.linguaphone-intranet.co.uk> <46EE7A9C.3080302@ocosa.com> <46EEAF01.1070205@ecs.soton.ac.uk> Message-ID: <46EEED3F.2040706@ocosa.com> Thanks for the replies....I was just wondering because the cafe link said sorry book could not be found. I appreciate your help! I heard MailScanner was the best! Otis Julian Field wrote: > > > OCOSA ListAcct wrote: >> >> Ok thanks Gareth...I could not find a valid link to purchase > There's a dirty great big "BUY" button on www.mailscanner.info. Why > not use that? >> so I asked then I navigated back to the home page of MailScanner and >> saw that lulu is where the book is located. > It's on CafePress (if you're West of the Atlantic) and Lulu (if you're > East of the Atlantic). >> >> Have you purchased the book? Is it in detail? How is it? >> >> Gareth wrote: >>> The best thing to do would be to buy a copy of the book. >>> >>> On Mon, 2007-09-17 at 03:51, OCOSA ListAcct wrote: >>> >>>> Hello, >>>> >>>> I was wondering if anyone had a copy of the MailScanner >>>> Administrators Guide the latest via pdf or know of any guides for >>>> CentOS 5? I am really looking for a detailed guide to get a feel >>>> for how MailScanner works and how I can implement this software >>>> with our current systems. Any help is appreciated!!! >>>> >>>> Otis >>>> >>> >>> >> > > Jules > From listacc at ocosa.com Mon Sep 17 22:10:31 2007 From: listacc at ocosa.com (OCOSA ListAcct) Date: Mon Sep 17 22:10:58 2007 Subject: Admin Guide Question In-Reply-To: <200709171820.l8HIKadt032710@mxt.1bigthink.com> References: <46EDEBC6.2010408@ocosa.com> <200709171820.l8HIKadt032710@mxt.1bigthink.com> Message-ID: <46EEED47.7030205@ocosa.com> Thanks for the replies....I was just wondering because the cafe link said sorry book could not be found. I appreciate your help! I heard MailScanner was the best! Otis dnsadmin 1bigthink.com wrote: > At 10:51 PM 9/16/2007, you wrote: > >> Hello, >> >> I was wondering if anyone had a copy of the MailScanner >> Administrators Guide the latest via pdf or know of any guides for >> CentOS 5? I am really looking for a detailed guide to get a feel for >> how MailScanner works and how I can implement this software with our >> current systems. Any help is appreciated!!! > > Aside from the book, you could also download a copy of the program, > itself and browse the MailScanner.conf file, as it is meticulously > commented/documented. > > Cheers! From listacc at ocosa.com Mon Sep 17 22:10:39 2007 From: listacc at ocosa.com (OCOSA ListAcct) Date: Mon Sep 17 22:11:07 2007 Subject: Admin Guide Question In-Reply-To: <46EEDA42.1090004@ecs.soton.ac.uk> References: <46EDEBC6.2010408@ocosa.com> <200709171820.l8HIKadt032710@mxt.1bigthink.com> <46EEDA42.1090004@ecs.soton.ac.uk> Message-ID: <46EEED4F.2000408@ocosa.com> Thanks for the replies....I was just wondering because the cafe link said sorry book could not be found. I appreciate your help! I heard MailScanner was the best! Otis Julian Field wrote: > > > dnsadmin 1bigthink.com wrote: >> At 10:51 PM 9/16/2007, you wrote: >> >>> Hello, >>> >>> I was wondering if anyone had a copy of the MailScanner >>> Administrators Guide the latest via pdf or know of any guides for >>> CentOS 5? I am really looking for a detailed guide to get a feel for >>> how MailScanner works and how I can implement this software with our >>> current systems. Any help is appreciated!!! >> >> Aside from the book, you could also download a copy of the program, >> itself and browse the MailScanner.conf file, as it is meticulously >> commented/documented. > Note however that the documentation of each configuration option in > the book is carefully done using a different wording from the docs in > the MailScanner.conf file. So if you don't quite follow one version > for a particular config option, you may well understand the other one > better. I was very careful to write them independently, so they don't > end up saying the same thing. > > The book also has the advantage that, instead of listing the options > alphabetically or anything like that, every option is put in context > along with its related options. > > So the book does add a lot of content that you won't get elsewhere. > > Buy it straight off the website www.mailscanner.info. Your money is > perfectly safe, I am not involved in any of the transactions. There > are 2 suppliers, the main one (CafePress for people west of the > Atlantic) and a new deal I have recently arranged with Lulu for people > east of the Atlantic, so you pay the minimum possible shipping costs. > The book itself costs $40 or ?20 roughly, which I reckon is cheap for > a specialist technical book these days. I might put the price up some > time, once I have compared it with similar books in the USA. The UK > price is certainly cheaper than similar books on other topics, in my > view. It's my only source of income from MailScanner, apart from > occasional contract jobs sorting out people's servers and getting them > well setup. > > Jules > From listacc at ocosa.com Mon Sep 17 22:10:46 2007 From: listacc at ocosa.com (OCOSA ListAcct) Date: Mon Sep 17 22:11:14 2007 Subject: Admin Guide Question In-Reply-To: References: <46EDEBC6.2010408@ocosa.com> <200709171820.l8HIKadt032710@mxt.1bigthink.com> <46EEDA42.1090004@ecs.soton.ac.uk> Message-ID: <46EEED56.7000005@ocosa.com> Thanks for the replies....I was just wondering because the cafe link said sorry book could not be found. I appreciate your help! I heard MailScanner was the best! Otis Scott Silva wrote: > Julian Field spake the following on 9/17/2007 12:49 PM: >> >> >> dnsadmin 1bigthink.com wrote: >>> At 10:51 PM 9/16/2007, you wrote: >>> >>>> Hello, >>>> >>>> I was wondering if anyone had a copy of the MailScanner >>>> Administrators Guide the latest via pdf or know of any guides for >>>> CentOS 5? I am really looking for a detailed guide to get a feel >>>> for how MailScanner works and how I can implement this software >>>> with our current systems. Any help is appreciated!!! >>> >>> Aside from the book, you could also download a copy of the program, >>> itself and browse the MailScanner.conf file, as it is meticulously >>> commented/documented. >> Note however that the documentation of each configuration option in >> the book is carefully done using a different wording from the docs in >> the MailScanner.conf file. So if you don't quite follow one version >> for a particular config option, you may well understand the other one >> better. I was very careful to write them independently, so they don't >> end up saying the same thing. >> >> The book also has the advantage that, instead of listing the options >> alphabetically or anything like that, every option is put in context >> along with its related options. >> >> So the book does add a lot of content that you won't get elsewhere. >> >> Buy it straight off the website www.mailscanner.info. Your money is >> perfectly safe, I am not involved in any of the transactions. There >> are 2 suppliers, the main one (CafePress for people west of the >> Atlantic) and a new deal I have recently arranged with Lulu for >> people east of the Atlantic, so you pay the minimum possible shipping >> costs. The book itself costs $40 or ?20 roughly, which I reckon is >> cheap for a specialist technical book these days. I might put the >> price up some time, once I have compared it with similar books in the >> USA. The UK price is certainly cheaper than similar books on other >> topics, in my view. It's my only source of income from MailScanner, >> apart from occasional contract jobs sorting out people's servers and >> getting them well setup. >> >> Jules >> > If you keep it more reasonable, people are more likely to buy new > copies every year or two. MailScanner has been such a moving target, > and the options seem to be increasing exponentially. > I do believe you have announced when a new version was available in > the past, and maybe you could list the current version on the website > so people might be more likely to know their version is "out of date". > From listacc at ocosa.com Mon Sep 17 22:10:57 2007 From: listacc at ocosa.com (OCOSA ListAcct) Date: Mon Sep 17 22:11:25 2007 Subject: Admin Guide Question In-Reply-To: <46EEEBDA.3090405@ecs.soton.ac.uk> References: <46EDEBC6.2010408@ocosa.com> <200709171820.l8HIKadt032710@mxt.1bigthink.com> <46EEDA42.1090004@ecs.soton.ac.uk> <46EEEBDA.3090405@ecs.soton.ac.uk> Message-ID: <46EEED61.3020805@ocosa.com> Thanks for the replies....I was just wondering because the cafe link said sorry book could not be found. I appreciate your help! I heard MailScanner was the best! Otis Julian Field wrote: > > > Scott Silva wrote: >> Julian Field spake the following on 9/17/2007 12:49 PM: >>> >>> >>> dnsadmin 1bigthink.com wrote: >>>> At 10:51 PM 9/16/2007, you wrote: >>>> >>>>> Hello, >>>>> >>>>> I was wondering if anyone had a copy of the MailScanner >>>>> Administrators Guide the latest via pdf or know of any guides for >>>>> CentOS 5? I am really looking for a detailed guide to get a feel >>>>> for how MailScanner works and how I can implement this software >>>>> with our current systems. Any help is appreciated!!! >>>> >>>> Aside from the book, you could also download a copy of the program, >>>> itself and browse the MailScanner.conf file, as it is meticulously >>>> commented/documented. >>> Note however that the documentation of each configuration option in >>> the book is carefully done using a different wording from the docs >>> in the MailScanner.conf file. So if you don't quite follow one >>> version for a particular config option, you may well understand the >>> other one better. I was very careful to write them independently, so >>> they don't end up saying the same thing. >>> >>> The book also has the advantage that, instead of listing the options >>> alphabetically or anything like that, every option is put in context >>> along with its related options. >>> >>> So the book does add a lot of content that you won't get elsewhere. >>> >>> Buy it straight off the website www.mailscanner.info. Your money is >>> perfectly safe, I am not involved in any of the transactions. There >>> are 2 suppliers, the main one (CafePress for people west of the >>> Atlantic) and a new deal I have recently arranged with Lulu for >>> people east of the Atlantic, so you pay the minimum possible >>> shipping costs. The book itself costs $40 or ?20 roughly, which I >>> reckon is cheap for a specialist technical book these days. I might >>> put the price up some time, once I have compared it with similar >>> books in the USA. The UK price is certainly cheaper than similar >>> books on other topics, in my view. It's my only source of income >>> from MailScanner, apart from occasional contract jobs sorting out >>> people's servers and getting them well setup. >>> >>> Jules >>> >> If you keep it more reasonable, people are more likely to buy new >> copies every year or two. > Good thought. It didn't occur to me that people would update their copy. >> MailScanner has been such a moving target, and the options seem to be >> increasing exponentially. > Every time I think it's pretty much a done job, someone comes up with > something new they would like it to do! >> I do believe you have announced when a new version was available in >> the past, and maybe you could list the current version on the website >> so people might be more likely to know their version is "out of date". > Good idea. I'll have to check what is the current version of the book > tomorrow morning. > > Jules > From MailScanner at ecs.soton.ac.uk Mon Sep 17 22:32:58 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 17 22:34:29 2007 Subject: Program MailScanner, 1 process(es), refused to die. In-Reply-To: <44c071aa0709171318o46c7c80apf2e7020c3be9f344@mail.gmail.com> References: <44c071aa0709171240m26f12bc3kc0397b2f92cc0508@mail.gmail.com> <46EEDB53.4040107@ecs.soton.ac.uk> <44c071aa0709171318o46c7c80apf2e7020c3be9f344@mail.gmail.com> Message-ID: <46EEF28A.3040506@ecs.soton.ac.uk> In which case that is being generated by something the Ubuntu guys have written, possibly part of their init.d script. It's not generated by anything I have written, so I can't really take responsibility for it. Jules. infolistas listas wrote: > And what generated this? > - It happend after I added a couple of mail to the blacklist > > What operating system? > - linux > > What distribution? > - Ubuntu feisty > What version of MailScanner? > - This is MailScanner version 4.57.6 > > What circumstances? > - adding blacklist domains on spamassassin > > A 1-line snipped of output from what might as well be a poetry generator > is pretty useless to us. Sorry. > > 2007/9/17, Julian Field >: > > And what generated this? What operating system? What distribution? > What > version of MailScanner? What circumstances? > > A 1-line snipped of output from what might as well be a poetry > generator > is pretty useless to us. Sorry. > > infolistas listas wrote: > > Could anyone help me with this? > > > > Program MailScanner, 1 process(es), refused to die. > > > > > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Mon Sep 17 22:38:58 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Sep 17 22:40:05 2007 Subject: Admin Guide Question In-Reply-To: <46EEEBDA.3090405@ecs.soton.ac.uk> References: <46EDEBC6.2010408@ocosa.com> <200709171820.l8HIKadt032710@mxt.1bigthink.com> <46EEDA42.1090004@ecs.soton.ac.uk> <46EEEBDA.3090405@ecs.soton.ac.uk> Message-ID: Julian Field spake the following on 9/17/2007 2:04 PM: > > > Scott Silva wrote: >> Julian Field spake the following on 9/17/2007 12:49 PM: >>> >>> >>> dnsadmin 1bigthink.com wrote: >>>> At 10:51 PM 9/16/2007, you wrote: >>>> >>>>> Hello, >>>>> >>>>> I was wondering if anyone had a copy of the MailScanner >>>>> Administrators Guide the latest via pdf or know of any guides for >>>>> CentOS 5? I am really looking for a detailed guide to get a feel >>>>> for how MailScanner works and how I can implement this software >>>>> with our current systems. Any help is appreciated!!! >>>> >>>> Aside from the book, you could also download a copy of the program, >>>> itself and browse the MailScanner.conf file, as it is meticulously >>>> commented/documented. >>> Note however that the documentation of each configuration option in >>> the book is carefully done using a different wording from the docs in >>> the MailScanner.conf file. So if you don't quite follow one version >>> for a particular config option, you may well understand the other one >>> better. I was very careful to write them independently, so they don't >>> end up saying the same thing. >>> >>> The book also has the advantage that, instead of listing the options >>> alphabetically or anything like that, every option is put in context >>> along with its related options. >>> >>> So the book does add a lot of content that you won't get elsewhere. >>> >>> Buy it straight off the website www.mailscanner.info. Your money is >>> perfectly safe, I am not involved in any of the transactions. There >>> are 2 suppliers, the main one (CafePress for people west of the >>> Atlantic) and a new deal I have recently arranged with Lulu for >>> people east of the Atlantic, so you pay the minimum possible shipping >>> costs. The book itself costs $40 or ?20 roughly, which I reckon is >>> cheap for a specialist technical book these days. I might put the >>> price up some time, once I have compared it with similar books in the >>> USA. The UK price is certainly cheaper than similar books on other >>> topics, in my view. It's my only source of income from MailScanner, >>> apart from occasional contract jobs sorting out people's servers and >>> getting them well setup. >>> >>> Jules >>> >> If you keep it more reasonable, people are more likely to buy new >> copies every year or two. > Good thought. It didn't occur to me that people would update their copy. >> MailScanner has been such a moving target, and the options seem to be >> increasing exponentially. > Every time I think it's pretty much a done job, someone comes up with > something new they would like it to do! >> I do believe you have announced when a new version was available in >> the past, and maybe you could list the current version on the website >> so people might be more likely to know their version is "out of date". > Good idea. I'll have to check what is the current version of the book > tomorrow morning. > > Jules > As I believe you saw in the multitude of postings from OCOSA ListAcct the Buy now button on the front page of the website comes up empty. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From listacc at ocosa.com Mon Sep 17 23:27:35 2007 From: listacc at ocosa.com (OCOSA ListAcct) Date: Mon Sep 17 23:28:05 2007 Subject: Admin Guide Question In-Reply-To: References: <46EDEBC6.2010408@ocosa.com> <200709171820.l8HIKadt032710@mxt.1bigthink.com> <46EEDA42.1090004@ecs.soton.ac.uk> <46EEEBDA.3090405@ecs.soton.ac.uk> Message-ID: <46EEFF57.5070005@ocosa.com> All subscribers to the list. I apologize for replying that many times to the list. I just hit the reply on the button I thought it was to he individual sender but I have seen the multitude of listings. If you can forgive me, I would appreciate it, as I meant no harm. Thank you! Otis Scott Silva wrote: > Julian Field spake the following on 9/17/2007 2:04 PM: >> >> >> Scott Silva wrote: >>> Julian Field spake the following on 9/17/2007 12:49 PM: >>>> >>>> >>>> dnsadmin 1bigthink.com wrote: >>>>> At 10:51 PM 9/16/2007, you wrote: >>>>> >>>>>> Hello, >>>>>> >>>>>> I was wondering if anyone had a copy of the MailScanner >>>>>> Administrators Guide the latest via pdf or know of any guides for >>>>>> CentOS 5? I am really looking for a detailed guide to get a feel >>>>>> for how MailScanner works and how I can implement this software >>>>>> with our current systems. Any help is appreciated!!! >>>>> >>>>> Aside from the book, you could also download a copy of the >>>>> program, itself and browse the MailScanner.conf file, as it is >>>>> meticulously commented/documented. >>>> Note however that the documentation of each configuration option in >>>> the book is carefully done using a different wording from the docs >>>> in the MailScanner.conf file. So if you don't quite follow one >>>> version for a particular config option, you may well understand the >>>> other one better. I was very careful to write them independently, >>>> so they don't end up saying the same thing. >>>> >>>> The book also has the advantage that, instead of listing the >>>> options alphabetically or anything like that, every option is put >>>> in context along with its related options. >>>> >>>> So the book does add a lot of content that you won't get elsewhere. >>>> >>>> Buy it straight off the website www.mailscanner.info. Your money is >>>> perfectly safe, I am not involved in any of the transactions. There >>>> are 2 suppliers, the main one (CafePress for people west of the >>>> Atlantic) and a new deal I have recently arranged with Lulu for >>>> people east of the Atlantic, so you pay the minimum possible >>>> shipping costs. The book itself costs $40 or ?20 roughly, which I >>>> reckon is cheap for a specialist technical book these days. I might >>>> put the price up some time, once I have compared it with similar >>>> books in the USA. The UK price is certainly cheaper than similar >>>> books on other topics, in my view. It's my only source of income >>>> from MailScanner, apart from occasional contract jobs sorting out >>>> people's servers and getting them well setup. >>>> >>>> Jules >>>> >>> If you keep it more reasonable, people are more likely to buy new >>> copies every year or two. >> Good thought. It didn't occur to me that people would update their copy. >>> MailScanner has been such a moving target, and the options seem to >>> be increasing exponentially. >> Every time I think it's pretty much a done job, someone comes up with >> something new they would like it to do! >>> I do believe you have announced when a new version was available in >>> the past, and maybe you could list the current version on the >>> website so people might be more likely to know their version is "out >>> of date". >> Good idea. I'll have to check what is the current version of the book >> tomorrow morning. >> >> Jules >> > As I believe you saw in the multitude of postings from OCOSA ListAcct > the Buy now button on the front page of the website comes up empty. > From ssilva at sgvwater.com Mon Sep 17 23:36:36 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Sep 17 23:37:04 2007 Subject: Admin Guide Question In-Reply-To: <46EEFF57.5070005@ocosa.com> References: <46EDEBC6.2010408@ocosa.com> <200709171820.l8HIKadt032710@mxt.1bigthink.com> <46EEDA42.1090004@ecs.soton.ac.uk> <46EEEBDA.3090405@ecs.soton.ac.uk> <46EEFF57.5070005@ocosa.com> Message-ID: OCOSA ListAcct spake the following on 9/17/2007 3:27 PM: > All subscribers to the list. I apologize for replying that many times to > the list. I just hit the reply on the button I thought it was to he > individual sender but I have seen the multitude of listings. If you can > forgive me, I would appreciate it, as I meant no harm. > > Thank you! > > Otis And forgive my rant. It has been a long day... with no end in sight. ;-) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From grupolistas at gmail.com Tue Sep 18 00:16:26 2007 From: grupolistas at gmail.com (infolistas listas) Date: Tue Sep 18 00:16:33 2007 Subject: dangerous content Message-ID: <44c071aa0709171616j6fda0802ia3a61e6d129d3313@mail.gmail.com> Hi all, I'm getting a problem from a specific user, when this users send an email to another specific user the mail arrives with the { dangerous content} flag. How can I solve this? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070917/c879b548/attachment.html From Robert.Horton at goodmanmfg.com Tue Sep 18 00:16:41 2007 From: Robert.Horton at goodmanmfg.com (Horton, Robert) Date: Tue Sep 18 00:16:44 2007 Subject: Admin Guide Question In-Reply-To: References: <46EDEBC6.2010408@ocosa.com> <200709171820.l8HIKadt032710@mxt.1bigthink.com> <46EEDA42.1090004@ecs.soton.ac.uk> <46EEEBDA.3090405@ecs.soton.ac.uk> Message-ID: <50678FBB708A9B4FB6B536F6F657883D028E9668@exch-gman.ad.goodmanmfg.com> If you're persistent enough you can get a working link (I think)...You have to click on the Buy Now from www.mailscanner.info, then click on the "MailScann Online Store" link, then click on the "main store" link on that page, then click the book, and finally click on add to cart. The Synopsis says it was updated in June 2007 but under product details says April 2004. -Robert -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva Sent: Monday, September 17, 2007 4:39 PM To: mailscanner@lists.mailscanner.info Subject: Re: Admin Guide Question Julian Field spake the following on 9/17/2007 2:04 PM: > > > Scott Silva wrote: >> Julian Field spake the following on 9/17/2007 12:49 PM: >>> >>> >>> dnsadmin 1bigthink.com wrote: >>>> At 10:51 PM 9/16/2007, you wrote: >>>> >>>>> Hello, >>>>> >>>>> I was wondering if anyone had a copy of the MailScanner >>>>> Administrators Guide the latest via pdf or know of any guides for >>>>> CentOS 5? I am really looking for a detailed guide to get a feel >>>>> for how MailScanner works and how I can implement this software >>>>> with our current systems. Any help is appreciated!!! >>>> >>>> Aside from the book, you could also download a copy of the program, >>>> itself and browse the MailScanner.conf file, as it is meticulously >>>> commented/documented. >>> Note however that the documentation of each configuration option in >>> the book is carefully done using a different wording from the docs in >>> the MailScanner.conf file. So if you don't quite follow one version >>> for a particular config option, you may well understand the other one >>> better. I was very careful to write them independently, so they don't >>> end up saying the same thing. >>> >>> The book also has the advantage that, instead of listing the options >>> alphabetically or anything like that, every option is put in context >>> along with its related options. >>> >>> So the book does add a lot of content that you won't get elsewhere. >>> >>> Buy it straight off the website www.mailscanner.info. Your money is >>> perfectly safe, I am not involved in any of the transactions. There >>> are 2 suppliers, the main one (CafePress for people west of the >>> Atlantic) and a new deal I have recently arranged with Lulu for >>> people east of the Atlantic, so you pay the minimum possible shipping >>> costs. The book itself costs $40 or ?20 roughly, which I reckon is >>> cheap for a specialist technical book these days. I might put the >>> price up some time, once I have compared it with similar books in the >>> USA. The UK price is certainly cheaper than similar books on other >>> topics, in my view. It's my only source of income from MailScanner, >>> apart from occasional contract jobs sorting out people's servers and >>> getting them well setup. >>> >>> Jules >>> >> If you keep it more reasonable, people are more likely to buy new >> copies every year or two. > Good thought. It didn't occur to me that people would update their copy. >> MailScanner has been such a moving target, and the options seem to be >> increasing exponentially. > Every time I think it's pretty much a done job, someone comes up with > something new they would like it to do! >> I do believe you have announced when a new version was available in >> the past, and maybe you could list the current version on the website >> so people might be more likely to know their version is "out of date". > Good idea. I'll have to check what is the current version of the book > tomorrow morning. > > Jules > As I believe you saw in the multitude of postings from OCOSA ListAcct the Buy now button on the front page of the website comes up empty. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! CONFIDENTIALITY NOTE: The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. Thank you. From grupolistas at gmail.com Tue Sep 18 00:18:52 2007 From: grupolistas at gmail.com (infolistas listas) Date: Tue Sep 18 00:18:56 2007 Subject: Program MailScanner, 1 process(es), refused to die. In-Reply-To: <46EEF28A.3040506@ecs.soton.ac.uk> References: <44c071aa0709171240m26f12bc3kc0397b2f92cc0508@mail.gmail.com> <46EEDB53.4040107@ecs.soton.ac.uk> <44c071aa0709171318o46c7c80apf2e7020c3be9f344@mail.gmail.com> <46EEF28A.3040506@ecs.soton.ac.uk> Message-ID: <44c071aa0709171618x38ed7adfre110c14928e6fa6c@mail.gmail.com> Thanks 2007/9/17, Julian Field : > > In which case that is being generated by something the Ubuntu guys have > written, possibly part of their init.d script. It's not generated by > anything I have written, so I can't really take responsibility for it. > > Jules. > > infolistas listas wrote: > > And what generated this? > > - It happend after I added a couple of mail to the blacklist > > > > What operating system? > > - linux > > > > What distribution? > > - Ubuntu feisty > > What version of MailScanner? > > - This is MailScanner version 4.57.6 > > > > What circumstances? > > - adding blacklist domains on spamassassin > > > > A 1-line snipped of output from what might as well be a poetry generator > > is pretty useless to us. Sorry. > > > > 2007/9/17, Julian Field > >: > > > > And what generated this? What operating system? What distribution? > > What > > version of MailScanner? What circumstances? > > > > A 1-line snipped of output from what might as well be a poetry > > generator > > is pretty useless to us. Sorry. > > > > infolistas listas wrote: > > > Could anyone help me with this? > > > > > > Program MailScanner, 1 process(es), refused to die. > > > > > > > > > > Jules > > > > -- > > Julian Field MEng CITP > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > > > MailScanner customisation, or any advanced system administration > help? > > Contact me at Jules@Jules.FM > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > For all your IT requirements visit www.transtec.co.uk > > > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > For all your IT requirements visit www.transtec.co.uk > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070917/6ce1d0c0/attachment.html From ssilva at sgvwater.com Tue Sep 18 00:30:21 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Sep 18 00:59:59 2007 Subject: dangerous content In-Reply-To: <44c071aa0709171616j6fda0802ia3a61e6d129d3313@mail.gmail.com> References: <44c071aa0709171616j6fda0802ia3a61e6d129d3313@mail.gmail.com> Message-ID: infolistas listas spake the following on 9/17/2007 4:16 PM: > Hi all, > I'm getting a problem from a specific user, > when this users send an email to another specific user the mail arrives > with the { dangerous content} flag. > How can I solve this? > > 1) Tell user to stop sending dangerous content. 2) Write ruleset to exempt the user from dangerous content rules. 3) Turn off dangerous content checking. You gave very limited info in your question, so I had to give a very general answer. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From rwahyudi at gmail.com Tue Sep 18 04:32:21 2007 From: rwahyudi at gmail.com (Rianto Wahyudi) Date: Tue Sep 18 04:30:26 2007 Subject: Shared MD5 Cache Message-ID: <46EF46C5.3070803@gmail.com> Hi All, Anyone manage to setup MySQL based Spamassassin Cache successfully ? What im trying to do here is to use centralized MySQL database for sacache since we have a couple of server running MailScanner. Regards, Rianto Wahyudi -- adela putri tirta belek -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070918/7ccfab2c/attachment.html From j.ede at birchenallhowden.co.uk Tue Sep 18 10:20:43 2007 From: j.ede at birchenallhowden.co.uk (Jason Ede) Date: Tue Sep 18 10:20:55 2007 Subject: Problem and resolution for problem on FC7 with Perl Message-ID: This is more for information in case someone else comes across this. After running yum updates and updating perl to perl-5.8.8-23.fc7 MailScanner would not start. The first line of the error message is is only avaliable with the XS version at /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 There are loads of errors to do with Zlib, Archive and Message modules. Eventually the cause was tracked down to a buggy Scalar::Util module (after some googling) Resolution wget http://search.cpan.org/CPAN/authors/id/G/GB/GBARR/Scalar-List-Utils-1.19.tar.gz tar xzvf Scalar-List-Utils-1.19.tar.gz cd Scalar-List-Utils-1.19 perl Makefile.PL make test make install Once that was done everything was fine and MailScanner started again and seems to be working fine. Jason ----------------------------------------------------------- The information in this e-mail and any attachments is confidential. It is intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, or person responsible for delivering this information to the intended recipient, please notify the sender or email postmaster@birchenallhowden.co.uk and delete it from your computer systems. Unless you are the intended recipient or his/her representative you are not authorised to, and must not, read, copy, distribute, use or retain this message or any part of it. All messages are scanned by Mailscanner and are believed to be clean. Recipients are advised to apply their own virus checks to any message on delivery. No liability is accepted by BirchenallHowden Ltd for any losses caused by viruses contracted during transit over the internet or present in any recieving system. BirchenallHowden Ltd, 53 Mowbray St, Sheffield S3 8EN. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070918/2970b856/attachment.html From ram at netcore.co.in Tue Sep 18 10:37:40 2007 From: ram at netcore.co.in (ram) Date: Tue Sep 18 10:38:02 2007 Subject: Mailscanner + postfix Mail loss Message-ID: <1190108260.7279.79.camel@localhost.localdomain> I am using mailscanner-4.59.4-2 and postfix 2.3.4 I have seen that at random some mails get lost. I can see from the logs , mails go to the queue and then disappear without trace. This happens so infrequently and so much at random that I dont know how to trace it down Is this happenning to anyone else ? Should I just upgarde MailScanner ? Thanks Ram From martinh at solidstatelogic.com Tue Sep 18 10:47:02 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Sep 18 10:47:08 2007 Subject: Mailscanner + postfix Mail loss In-Reply-To: <1190108260.7279.79.camel@localhost.localdomain> Message-ID: How did you install postfix? Multiple postfix instances or using the 'hold' queue method as in the wiki. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of ram > Sent: 18 September 2007 10:38 > To: MailScanner discussion > Subject: Mailscanner + postfix Mail loss > > I am using mailscanner-4.59.4-2 and postfix 2.3.4 > I have seen that at random some mails get lost. > > I can see from the logs , mails go to the queue and then disappear > without trace. This happens so infrequently and so much at random that I > dont know how to trace it down > > Is this happenning to anyone else ? > > Should I just upgarde MailScanner ? > > Thanks > Ram > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Tue Sep 18 10:51:59 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 18 10:52:47 2007 Subject: Admin Guide Question In-Reply-To: References: <46EDEBC6.2010408@ocosa.com> <200709171820.l8HIKadt032710@mxt.1bigthink.com> <46EEDA42.1090004@ecs.soton.ac.uk> <46EEEBDA.3090405@ecs.soton.ac.uk> Message-ID: <46EF9FBF.4050401@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > Julian Field spake the following on 9/17/2007 2:04 PM: >> >> >> Scott Silva wrote: >>> Julian Field spake the following on 9/17/2007 12:49 PM: >>>> >>>> >>>> dnsadmin 1bigthink.com wrote: >>>>> At 10:51 PM 9/16/2007, you wrote: >>>>> >>>>>> Hello, >>>>>> >>>>>> I was wondering if anyone had a copy of the MailScanner >>>>>> Administrators Guide the latest via pdf or know of any guides for >>>>>> CentOS 5? I am really looking for a detailed guide to get a feel >>>>>> for how MailScanner works and how I can implement this software >>>>>> with our current systems. Any help is appreciated!!! >>>>> >>>>> Aside from the book, you could also download a copy of the >>>>> program, itself and browse the MailScanner.conf file, as it is >>>>> meticulously commented/documented. >>>> Note however that the documentation of each configuration option in >>>> the book is carefully done using a different wording from the docs >>>> in the MailScanner.conf file. So if you don't quite follow one >>>> version for a particular config option, you may well understand the >>>> other one better. I was very careful to write them independently, >>>> so they don't end up saying the same thing. >>>> >>>> The book also has the advantage that, instead of listing the >>>> options alphabetically or anything like that, every option is put >>>> in context along with its related options. >>>> >>>> So the book does add a lot of content that you won't get elsewhere. >>>> >>>> Buy it straight off the website www.mailscanner.info. Your money is >>>> perfectly safe, I am not involved in any of the transactions. There >>>> are 2 suppliers, the main one (CafePress for people west of the >>>> Atlantic) and a new deal I have recently arranged with Lulu for >>>> people east of the Atlantic, so you pay the minimum possible >>>> shipping costs. The book itself costs $40 or ?20 roughly, which I >>>> reckon is cheap for a specialist technical book these days. I might >>>> put the price up some time, once I have compared it with similar >>>> books in the USA. The UK price is certainly cheaper than similar >>>> books on other topics, in my view. It's my only source of income >>>> from MailScanner, apart from occasional contract jobs sorting out >>>> people's servers and getting them well setup. >>>> >>>> Jules >>>> >>> If you keep it more reasonable, people are more likely to buy new >>> copies every year or two. >> Good thought. It didn't occur to me that people would update their copy. >>> MailScanner has been such a moving target, and the options seem to >>> be increasing exponentially. >> Every time I think it's pretty much a done job, someone comes up with >> something new they would like it to do! >>> I do believe you have announced when a new version was available in >>> the past, and maybe you could list the current version on the >>> website so people might be more likely to know their version is "out >>> of date". >> Good idea. I'll have to check what is the current version of the book >> tomorrow morning. >> >> Jules >> > As I believe you saw in the multitude of postings from OCOSA ListAcct > the Buy now button on the front page of the website comes up empty. > Fixed now. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFG75+/EfZZRxQVtlQRAgSRAKDFID8sdDNzEDq5c8lCykkRwsCgIgCeKwyq iaTpAORW2il6gKZZCbRnwlI= =X/ZN -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From grupolistas at gmail.com Tue Sep 18 12:45:39 2007 From: grupolistas at gmail.com (infolistas listas) Date: Tue Sep 18 12:45:42 2007 Subject: dangerous content In-Reply-To: References: <44c071aa0709171616j6fda0802ia3a61e6d129d3313@mail.gmail.com> Message-ID: <44c071aa0709180445h7dafe81dje36b68b89e784b9a@mail.gmail.com> That user isnt sending anything more than is set on the rules. ( atachments of all type are allowed to be send). Only 9 users are allowed to send attachments outside,all attachments are allowed inside domain, that user is one of them, the problem is only with her and another specific user, thats from our own domain. how do I turn the dangerous content checking out? will it interfeer with the incoming checking of outside domain? How can I make an exception for only one user? I couldnt find anything, that pointed to the problem , the only thing strange is that the messages coming from that user to the other specific user where requeued, nor mailscanner nor spamassassin pointed anything diferent. Do you need logs? Thanks 2007/9/17, Scott Silva : > > infolistas listas spake the following on 9/17/2007 4:16 PM: > > Hi all, > > I'm getting a problem from a specific user, > > when this users send an email to another specific user the mail arrives > > with the { dangerous content} flag. > > How can I solve this? > > > > > 1) Tell user to stop sending dangerous content. > 2) Write ruleset to exempt the user from dangerous content rules. > 3) Turn off dangerous content checking. > > You gave very limited info in your question, so I had to give a very > general > answer. > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070918/85fd0f20/attachment.html From ram at netcore.co.in Tue Sep 18 13:33:12 2007 From: ram at netcore.co.in (ram) Date: Tue Sep 18 13:33:26 2007 Subject: Mailscanner + postfix Mail loss In-Reply-To: References: Message-ID: <1190118792.7279.92.camel@localhost.localdomain> On Tue, 2007-09-18 at 10:47 +0100, Martin.Hepworth wrote: > How did you install postfix? Multiple postfix instances or using the 'hold' queue method as in the wiki. > The hold method , Obviously. All mails from Postfix go to hold, MS picks it put and requeues after scan. But some mails dont seem to get requeued Thanks Ram From MailScanner at ecs.soton.ac.uk Tue Sep 18 13:45:05 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 18 13:45:27 2007 Subject: Mailscanner + postfix Mail loss In-Reply-To: <1190108260.7279.79.camel@localhost.localdomain> References: <1190108260.7279.79.camel@localhost.localdomain> Message-ID: <46EFC851.6020208@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I would certainly start by upgrading MailScanner to the latest. This will only take a few minutes to do. ram wrote: > I am using mailscanner-4.59.4-2 and postfix 2.3.4 > I have seen that at random some mails get lost. > > I can see from the logs , mails go to the queue and then disappear > without trace. This happens so infrequently and so much at random that I > dont know how to trace it down > > Is this happenning to anyone else ? > > Should I just upgarde MailScanner ? > > Thanks > Ram > > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFG78hREfZZRxQVtlQRAlACAJ9I+Nxk+C1IqbV7EYu4j8NOowfTbACg0Jt0 SRGyHWzP9KHdz06ELiv182k= =7DmU -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From grupolistas at gmail.com Tue Sep 18 14:03:47 2007 From: grupolistas at gmail.com (infolistas listas) Date: Tue Sep 18 14:03:56 2007 Subject: dangerous content In-Reply-To: <44c071aa0709180445h7dafe81dje36b68b89e784b9a@mail.gmail.com> References: <44c071aa0709171616j6fda0802ia3a61e6d129d3313@mail.gmail.com> <44c071aa0709180445h7dafe81dje36b68b89e784b9a@mail.gmail.com> Message-ID: <44c071aa0709180603k42d74e49k953adfcf5f75c79c@mail.gmail.com> I was viewing the log I hope its usefull --- Sep 18 09:34:44 mailbeta MailScanner[30405]: Message AF5657FF98.75B99 from 10.10.10.49 (user1@mydomain.com.br) to mfplan.com.br is not spam, SpamAssassin (not cached, score=-102.971, required 3, autolearn=not spam, ALL_TRUSTED -1.80, AWL -0.38, BAYES_00 -2.60, BLANK_LINES_70_80 1.80, USER_IN_WHITELIST -100.00) Sep 18 09:34:44 mailbeta MailScanner[30405]: Spam Checks completed at 3925 bytes per second Sep 18 09:34:44 mailbeta MailScanner[30405]: Expanding TNEF archive at /var/spool/MailScanner/incoming/30405/AF5657FF98.75B99/winmail.dat Sep 18 09:34:44 mailbeta MailScanner[30836]: TNEF decoder failed with real error: Can't run tnef decoder: Arquivo ou diret??rio inexistente at /usr/share/MailScanner/MailScanner/TNEF.pm line 238. Sep 18 09:34:45 mailbeta MailScanner[30405]: Corrupt TNEF winmail.dat that cannot be analysed in message AF5657FF98.75B99 Sep 18 09:34:45 mailbeta MailScanner[30405]: Virus and Content Scanning: Starting Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option --unzip Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option --jar Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option --tar Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option --tgz Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option --deb Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option --max-ratio Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option --tempdir Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option --recursive (-r) Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option --unrar Sep 18 09:34:45 mailbeta MailScanner[30405]: /var/spool/MailScanner/incoming/30405/.: lstat() failed. ERROR Sep 18 09:34:45 mailbeta MailScanner[30405]: Filename Checks: Allowing AF5657FF98.75B99 msg-30405-6.txt Sep 18 09:34:45 mailbeta MailScanner[30405]: Filename Checks: Allowing AF5657FF98.75B99 winmail.dat (no rule matched) Sep 18 09:34:45 mailbeta MailScanner[30405]: Filename Checks: Allowing AF5657FF98.75B99 msg-30405-5.txt Sep 18 09:34:45 mailbeta MailScanner[30405]: Filetype Checks: Allowing AF5657FF98.75B99 winmail.dat (no match found) Sep 18 09:34:45 mailbeta MailScanner[30405]: Filetype Checks: Allowing AF5657FF98.75B99 msg-30405-6.txt Sep 18 09:34:45 mailbeta MailScanner[30405]: Filetype Checks: Allowing AF5657FF98.75B99 msg-30405-5.txt Sep 18 09:34:45 mailbeta MailScanner[30405]: Virus Scanning completed at 161675 bytes per second Sep 18 09:34:45 mailbeta MailScanner[30405]: Requeue: AF5657FF98.75B99 to 8FBF77FF99 Sep 18 09:34:45 mailbeta postfix/qmgr[30480]: 8FBF77FF99: from=< user1@mydomain.com.br>, size=2922, nrcpt=2 (queue active) Sep 18 09:34:45 mailbeta MailScanner[30405]: Cleaned: Delivered 1 cleaned messages Sep 18 09:34:45 mailbeta postfix/virtual[30737]: 8FBF77FF99: to=< user2@mydomain.com.br>, relay=virtual, delay=17, delays=17/0.01/0/0.02, dsn= 2.0.0, status=sent (delivered to maildir) Sep 18 09:34:45 mailbeta postfix/virtual[30739]: 8FBF77FF99: to=< getall@mydomain.com.br>, relay=virtual, delay=17, delays=17/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to maildir) Sep 18 09:34:45 mailbeta postfix/qmgr[30480]: 8FBF77FF99: removed Sep 18 09:34:45 mailbeta postfix[30846]: error: to submit mail, use the Postfix sendmail command Sep 18 09:34:45 mailbeta postfix[30846]: fatal: the postfix command is reserved for the superuser Sep 18 09:34:45 mailbeta imapd: Connection, ip=[::ffff:10.10.10.29] 2007/9/18, infolistas listas : > > That user isnt sending anything more than is set on the rules. ( > atachments of all type are allowed to be send). Only 9 users are allowed to > send attachments outside,all attachments are allowed inside domain, that > user is one of them, the problem is only with her and another specific user, > thats from our own domain. > how do I turn the dangerous content checking out? will it interfeer with > the incoming checking of outside domain? > How can I make an exception for only one user? > I couldnt find anything, that pointed to the problem , the only thing > strange is that the messages coming from that user to the other specific > user where requeued, nor mailscanner nor spamassassin pointed anything > diferent. > Do you need logs? > Thanks > > 2007/9/17, Scott Silva : > > > > infolistas listas spake the following on 9/17/2007 4:16 PM: > > > Hi all, > > > I'm getting a problem from a specific user, > > > when this users send an email to another specific user the mail > > arrives > > > with the { dangerous content} flag. > > > How can I solve this? > > > > > > > > 1) Tell user to stop sending dangerous content. > > 2) Write ruleset to exempt the user from dangerous content rules. > > 3) Turn off dangerous content checking. > > > > You gave very limited info in your question, so I had to give a very > > general > > answer. > > > > -- > > > > MailScanner is like deodorant... > > You hope everybody uses it, and > > you notice quickly if they don't!!!! > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070918/ebf010d1/attachment.html From grupolistas at gmail.com Tue Sep 18 14:26:56 2007 From: grupolistas at gmail.com (infolistas listas) Date: Tue Sep 18 14:27:06 2007 Subject: dangerous content In-Reply-To: <44c071aa0709180603k42d74e49k953adfcf5f75c79c@mail.gmail.com> References: <44c071aa0709171616j6fda0802ia3a61e6d129d3313@mail.gmail.com> <44c071aa0709180445h7dafe81dje36b68b89e784b9a@mail.gmail.com> <44c071aa0709180603k42d74e49k953adfcf5f75c79c@mail.gmail.com> Message-ID: <44c071aa0709180626p6cc4f800xa9a7b08e8171872a@mail.gmail.com> Another log this time user1 sending to me, I didnt get the dangerous content message nor the Corrupt TNEF winmail.dat that cannot be analysed in message AF5657FF98.75B99 Sep 18 10:23:01 mailbeta MailScanner[31952]: Message BFF1F7FF98.052FB from 10.10.10.49 (user1@mydomain.com.br) to mfplan.com.br is not spam, SpamAssassin (not cached, score=-103.754, required 3, autolearn=not spam, ALL_TRUSTED -1.80, AWL 0.53, BAYES_00 -2.60, HTML_90_100 0.11, HTML_MESSAGE 0.00, USER_IN_WHITELIST -100.00) Sep 18 10:23:01 mailbeta MailScanner[31952]: Spam Checks completed at 3791 bytes per second Sep 18 10:23:02 mailbeta MailScanner[31952]: Virus and Content Scanning: Starting Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option --unzip Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option --jar Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option --tar Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option --tgz Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option --deb Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option --max-ratio Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option --tempdir Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option --recursive (-r) Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option --unrar Sep 18 10:23:02 mailbeta MailScanner[31952]: /var/spool/MailScanner/incoming/31952/.: lstat() failed. ERROR Sep 18 10:23:02 mailbeta MailScanner[31952]: Filename Checks: Allowing BFF1F7FF98.052FB msg-31952-4.txt Sep 18 10:23:02 mailbeta MailScanner[31952]: Filename Checks: Allowing BFF1F7FF98.052FB msg-31952-5.html (no rule matched) Sep 18 10:23:02 mailbeta MailScanner[31952]: Filename Checks: Allowing BFF1F7FF98.052FB COMUNICA%%C7%%C3O IN.doc (no rule matched) Sep 18 10:23:02 mailbeta MailScanner[31952]: Filetype Checks: Allowing BFF1F7FF98.052FB msg-31952-5.html Sep 18 10:23:02 mailbeta MailScanner[31952]: Filetype Checks: Allowing BFF1F7FF98.052FB msg-31952-4.txt Sep 18 10:23:02 mailbeta MailScanner[31952]: Filetype Checks: Allowing BFF1F7FF98.052FB COMUNICA%%C7%%C3O IN.doc (no match found) Sep 18 10:23:02 mailbeta MailScanner[31952]: Virus Scanning completed at 172635 bytes per second Sep 18 10:23:02 mailbeta MailScanner[31952]: Requeue: BFF1F7FF98.052FB to D0A537FF9B Sep 18 10:23:02 mailbeta postfix/qmgr[31781]: D0A537FF9B: from=< user1@mydomain.com.br>, size=46994, nrcpt=2 (queue active) Sep 18 10:23:02 mailbeta postfix/virtual[32275]: D0A537FF9B: to=< getall@mydomain.com.br>, relay=virtual, delay=13, delays=13/0.02/0/0.08, dsn=2.0.0, status=sent (delivered to maildir) Sep 18 10:23:02 mailbeta MailScanner[31952]: Uninfected: Delivered 1 messages Sep 18 10:23:02 mailbeta MailScanner[31952]: Virus Processing completed at 96012 bytes per second Sep 18 10:23:02 mailbeta MailScanner[31952]: Batch completed at 3562 bytes per second (45049 / 12) Sep 18 10:23:02 mailbeta MailScanner[31952]: Batch (1 message) processed in 12.65 seconds Sep 18 10:23:02 mailbeta MailScanner[31952]: New Batch: Scanning 1 messages, 32156 bytes Sep 18 10:23:02 mailbeta MailScanner[31952]: Spam Checks: Starting Sep 18 10:23:02 mailbeta postfix/virtual[32277]: D0A537FF9B: to=< teste@mydomain.com.br>, relay=virtual, delay=13, delays=13/0.08/0/0.07, dsn= 2.0.0, status=sent (delivered to maildir) Sep 18 10:23:02 mailbeta postfix/qmgr[31781]: D0A537FF9B: removed 2007/9/18, infolistas listas : > > I was viewing the log I hope its usefull > > --- > > Sep 18 09:34:44 mailbeta MailScanner[30405]: Message AF5657FF98.75B99 from > 10.10.10.49 (user1@mydomain.com.br ) to mfplan.com.br is not spam, > SpamAssassin (not cached, score=-102.971, required 3, autolearn=not spam, > ALL_TRUSTED -1.80, AWL -0.38, BAYES_00 -2.60, BLANK_LINES_70_80 1.80, > USER_IN_WHITELIST - 100.00) > Sep 18 09:34:44 mailbeta MailScanner[30405]: Spam Checks completed at 3925 > bytes per second > Sep 18 09:34:44 mailbeta MailScanner[30405]: Expanding TNEF archive at > /var/spool/MailScanner/incoming/30405/AF5657FF98.75B99/winmail.dat > Sep 18 09:34:44 mailbeta MailScanner[30836]: TNEF decoder failed with real > error: Can't run tnef decoder: Arquivo ou diret??rio inexistente at > /usr/share/MailScanner/MailScanner/TNEF.pm line 238. > Sep 18 09:34:45 mailbeta MailScanner[30405]: Corrupt TNEF winmail.dat that > cannot be analysed in message AF5657FF98.75B99 > Sep 18 09:34:45 mailbeta MailScanner[30405]: Virus and Content Scanning: > Starting > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option > --unzip > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option > --jar > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option > --tar > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option > --tgz > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option > --deb > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option > --max-ratio > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option > --tempdir > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option > --recursive (-r) > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option > --unrar > Sep 18 09:34:45 mailbeta MailScanner[30405]: > /var/spool/MailScanner/incoming/30405/.: lstat() failed. ERROR > Sep 18 09:34:45 mailbeta MailScanner[30405]: Filename Checks: Allowing > AF5657FF98.75B99 msg-30405-6.txt > Sep 18 09:34:45 mailbeta MailScanner[30405]: Filename Checks: Allowing > AF5657FF98.75B99 winmail.dat (no rule matched) > Sep 18 09:34:45 mailbeta MailScanner[30405]: Filename Checks: Allowing > AF5657FF98.75B99 msg-30405-5.txt > Sep 18 09:34:45 mailbeta MailScanner[30405]: Filetype Checks: Allowing > AF5657FF98.75B99 winmail.dat (no match found) > Sep 18 09:34:45 mailbeta MailScanner[30405]: Filetype Checks: Allowing > AF5657FF98.75B99 msg-30405-6.txt > Sep 18 09:34:45 mailbeta MailScanner[30405]: Filetype Checks: Allowing > AF5657FF98.75B99 msg-30405-5.txt > Sep 18 09:34:45 mailbeta MailScanner[30405]: Virus Scanning completed at > 161675 bytes per second > Sep 18 09:34:45 mailbeta MailScanner[30405]: Requeue: AF5657FF98.75B99 to > 8FBF77FF99 > Sep 18 09:34:45 mailbeta postfix/qmgr[30480]: 8FBF77FF99: from=< > user1@mydomain.com.br >, size=2922, nrcpt=2 (queue active) > Sep 18 09:34:45 mailbeta MailScanner[30405]: Cleaned: Delivered 1 cleaned > messages > Sep 18 09:34:45 mailbeta postfix/virtual[30737]: 8FBF77FF99: to=, > relay=virtual, delay=17, delays=17/0.01/0/0.02, dsn=2.0.0, status=sent > (delivered to maildir) > Sep 18 09:34:45 mailbeta postfix/virtual[30739]: 8FBF77FF99: to=, > relay=virtual, delay=17, delays=17/0.01/0/0.02, dsn=2.0.0, status=sent > (delivered to maildir) > Sep 18 09:34:45 mailbeta postfix/qmgr[30480]: 8FBF77FF99: removed > Sep 18 09:34:45 mailbeta postfix[30846]: error: to submit mail, use the > Postfix sendmail command > Sep 18 09:34:45 mailbeta postfix[30846]: fatal: the postfix command is > reserved for the superuser > Sep 18 09:34:45 mailbeta imapd: Connection, ip=[::ffff:10.10.10.29] > > 2007/9/18, infolistas listas : > > > > That user isnt sending anything more than is set on the rules. ( > > atachments of all type are allowed to be send). Only 9 users are allowed to > > send attachments outside,all attachments are allowed inside domain, that > > user is one of them, the problem is only with her and another specific user, > > thats from our own domain. > > how do I turn the dangerous content checking out? will it interfeer with > > the incoming checking of outside domain? > > How can I make an exception for only one user? > > I couldnt find anything, that pointed to the problem , the only thing > > strange is that the messages coming from that user to the other specific > > user where requeued, nor mailscanner nor spamassassin pointed anything > > diferent. > > Do you need logs? > > Thanks > > > > 2007/9/17, Scott Silva : > > > > > > infolistas listas spake the following on 9/17/2007 4:16 PM: > > > > Hi all, > > > > I'm getting a problem from a specific user, > > > > when this users send an email to another specific user the mail > > > arrives > > > > with the { dangerous content} flag. > > > > How can I solve this? > > > > > > > > > > > 1) Tell user to stop sending dangerous content. > > > 2) Write ruleset to exempt the user from dangerous content rules. > > > 3) Turn off dangerous content checking. > > > > > > You gave very limited info in your question, so I had to give a very > > > general > > > answer. > > > > > > -- > > > > > > MailScanner is like deodorant... > > > You hope everybody uses it, and > > > you notice quickly if they don't!!!! > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070918/2a7ca759/attachment.html From MailScanner at ecs.soton.ac.uk Tue Sep 18 14:39:43 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 18 14:40:06 2007 Subject: {Disarmed} Re: dangerous content In-Reply-To: <44c071aa0709180626p6cc4f800xa9a7b08e8171872a@mail.gmail.com> References: <44c071aa0709171616j6fda0802ia3a61e6d129d3313@mail.gmail.com> <44c071aa0709180445h7dafe81dje36b68b89e784b9a@mail.gmail.com> <44c071aa0709180603k42d74e49k953adfcf5f75c79c@mail.gmail.com> <44c071aa0709180626p6cc4f800xa9a7b08e8171872a@mail.gmail.com> Message-ID: <46EFD51F.6070706@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Your virus scanning is screwed up for starters. Run "MailScanner --lint" and post the output. Also please tell us the content of "Virus Scanners = " in MailScanner.conf, and your virus.scanners.conf file. You need to set TNEF Expander = internal in MailScanner.conf to get rid of the TNEF error you previously posted. infolistas listas wrote: > Another log this time user1 sending to me, I didnt get the dangerous > content message nor the Corrupt TNEF winmail.dat that cannot be > analysed in message AF5657FF98.75B99 > > Sep 18 10:23:01 mailbeta MailScanner[31952]: Message BFF1F7FF98.052FB > from *MailScanner warning: numerical links are often malicious:* > 10.10.10.49 ( user1@mydomain.com.br > ) to mfplan.com.br > is not spam, SpamAssassin (not cached, > score=-103.754, required 3, autolearn=not spam, ALL_TRUSTED -1.80, AWL > 0.53, BAYES_00 -2.60, HTML_90_100 0.11, HTML_MESSAGE 0.00, > USER_IN_WHITELIST -100.00) > Sep 18 10:23:01 mailbeta MailScanner[31952]: Spam Checks completed at > 3791 bytes per second > Sep 18 10:23:02 mailbeta MailScanner[31952]: Virus and Content > Scanning: Starting > Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option > --unzip > Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option > --jar > Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option > --tar > Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option > --tgz > Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option > --deb > Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option > --max-ratio > Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option > --tempdir > Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option > --recursive (-r) > Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option > --unrar > Sep 18 10:23:02 mailbeta MailScanner[31952]: > /var/spool/MailScanner/incoming/31952/.: lstat() failed. ERROR > Sep 18 10:23:02 mailbeta MailScanner[31952]: Filename Checks: Allowing > BFF1F7FF98.052FB msg-31952-4.txt > Sep 18 10:23:02 mailbeta MailScanner[31952]: Filename Checks: Allowing > BFF1F7FF98.052FB msg-31952-5.html (no rule matched) > Sep 18 10:23:02 mailbeta MailScanner[31952]: Filename Checks: Allowing > BFF1F7FF98.052FB COMUNICA%%C7%%C3O IN.doc (no rule matched) > Sep 18 10:23:02 mailbeta MailScanner[31952]: Filetype Checks: Allowing > BFF1F7FF98.052FB msg-31952-5.html > Sep 18 10:23:02 mailbeta MailScanner[31952]: Filetype Checks: Allowing > BFF1F7FF98.052FB msg-31952-4.txt > Sep 18 10:23:02 mailbeta MailScanner[31952]: Filetype Checks: Allowing > BFF1F7FF98.052FB COMUNICA%%C7%%C3O IN.doc (no match found) > Sep 18 10:23:02 mailbeta MailScanner[31952]: Virus Scanning completed > at 172635 bytes per second > Sep 18 10:23:02 mailbeta MailScanner[31952]: Requeue: BFF1F7FF98.052FB > to D0A537FF9B > Sep 18 10:23:02 mailbeta postfix/qmgr[31781]: D0A537FF9B: > from= >, > size=46994, nrcpt=2 (queue active) > Sep 18 10:23:02 mailbeta postfix/virtual[32275]: D0A537FF9B: > to=>, > relay=virtual, delay=13, delays=13/0.02/0/0.08, dsn= 2.0.0, > status=sent (delivered to maildir) > Sep 18 10:23:02 mailbeta MailScanner[31952]: Uninfected: Delivered 1 > messages > Sep 18 10:23:02 mailbeta MailScanner[31952]: Virus Processing > completed at 96012 bytes per second > Sep 18 10:23:02 mailbeta MailScanner[31952]: Batch completed at 3562 > bytes per second (45049 / 12) > Sep 18 10:23:02 mailbeta MailScanner[31952]: Batch (1 message) > processed in 12.65 seconds > Sep 18 10:23:02 mailbeta MailScanner[31952]: New Batch: Scanning 1 > messages, 32156 bytes > Sep 18 10:23:02 mailbeta MailScanner[31952]: Spam Checks: Starting > Sep 18 10:23:02 mailbeta postfix/virtual[32277]: D0A537FF9B: > to=>, > relay=virtual, delay=13, delays=13/0.08/0/0.07, dsn= 2.0.0, > status=sent (delivered to maildir) > Sep 18 10:23:02 mailbeta postfix/qmgr[31781]: D0A537FF9B: removed > > 2007/9/18, infolistas listas < grupolistas@gmail.com > >: > > I was viewing the log I hope its usefull > > --- > > Sep 18 09:34:44 mailbeta MailScanner[30405]: Message > AF5657FF98.75B99 from *MailScanner warning: numerical links are > often malicious:* 10.10.10.49 ( > user1@mydomain.com.br ) to > mfplan.com.br is not spam, SpamAssassin > (not cached, score=-102.971, required 3, autolearn=not spam, > ALL_TRUSTED - 1.80, AWL -0.38, BAYES_00 -2.60, BLANK_LINES_70_80 > 1.80, USER_IN_WHITELIST - 100.00) > Sep 18 09:34:44 mailbeta MailScanner[30405]: Spam Checks completed > at 3925 bytes per second > Sep 18 09:34:44 mailbeta MailScanner[30405]: Expanding TNEF > archive at > /var/spool/MailScanner/incoming/30405/AF5657FF98.75B99/winmail.dat > Sep 18 09:34:44 mailbeta MailScanner[30836]: TNEF decoder failed > with real error: Can't run tnef decoder: Arquivo ou diret??rio > inexistente at /usr/share/MailScanner/MailScanner/TNEF.pm line 238. > Sep 18 09:34:45 mailbeta MailScanner[30405]: Corrupt TNEF > winmail.dat that cannot be analysed in message AF5657FF98.75B99 > Sep 18 09:34:45 mailbeta MailScanner[30405]: Virus and Content > Scanning: Starting > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring > option --unzip > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring > option --jar > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring > option --tar > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring > option --tgz > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring > option --deb > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring > option --max-ratio > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring > option --tempdir > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring > option --recursive (-r) > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring > option --unrar > Sep 18 09:34:45 mailbeta MailScanner[30405]: > /var/spool/MailScanner/incoming/30405/.: lstat() failed. ERROR > Sep 18 09:34:45 mailbeta MailScanner[30405]: Filename Checks: > Allowing AF5657FF98.75B99 msg-30405-6.txt > Sep 18 09:34:45 mailbeta MailScanner[30405]: Filename Checks: > Allowing AF5657FF98.75B99 winmail.dat (no rule matched) > Sep 18 09:34:45 mailbeta MailScanner[30405]: Filename Checks: > Allowing AF5657FF98.75B99 msg-30405-5.txt > Sep 18 09:34:45 mailbeta MailScanner[30405]: Filetype Checks: > Allowing AF5657FF98.75B99 winmail.dat (no match found) > Sep 18 09:34:45 mailbeta MailScanner[30405]: Filetype Checks: > Allowing AF5657FF98.75B99 msg-30405-6.txt > Sep 18 09:34:45 mailbeta MailScanner[30405]: Filetype Checks: > Allowing AF5657FF98.75B99 msg-30405-5.txt > Sep 18 09:34:45 mailbeta MailScanner[30405]: Virus Scanning > completed at 161675 bytes per second > Sep 18 09:34:45 mailbeta MailScanner[30405]: Requeue: > AF5657FF98.75B99 to 8FBF77FF99 > Sep 18 09:34:45 mailbeta postfix/qmgr[30480]: 8FBF77FF99: from=< > user1@mydomain.com.br >, size=2922, > nrcpt=2 (queue active) > Sep 18 09:34:45 mailbeta MailScanner[30405]: Cleaned: Delivered 1 > cleaned messages > Sep 18 09:34:45 mailbeta postfix/virtual[30737]: 8FBF77FF99: to=< > user2@mydomain.com.br >, > relay=virtual, delay=17, delays=17/0.01/0/0.02, dsn=2.0.0, > status=sent (delivered to maildir) > Sep 18 09:34:45 mailbeta postfix/virtual[30739]: 8FBF77FF99: to=< > getall@mydomain.com.br >, > relay=virtual, delay=17, delays=17/0.01/0/0.02, dsn=2.0.0, > status=sent (delivered to maildir) > Sep 18 09:34:45 mailbeta postfix/qmgr[30480]: 8FBF77FF99: removed > Sep 18 09:34:45 mailbeta postfix[30846]: error: to submit mail, > use the Postfix sendmail command > Sep 18 09:34:45 mailbeta postfix[30846]: fatal: the postfix > command is reserved for the superuser > Sep 18 09:34:45 mailbeta imapd: Connection, > ip=[::ffff:*MailScanner warning: numerical links are often > malicious:* 10.10.10.29 ] > > 2007/9/18, infolistas listas >: > > That user isnt sending anything more than is set on the rules. > ( atachments of all type are allowed to be send). Only 9 > users are allowed to send attachments outside,all attachments > are allowed inside domain, that user is one of them, the > problem is only with her and another specific user, thats from > our own domain. > how do I turn the dangerous content checking out? will it > interfeer with the incoming checking of outside domain? > How can I make an exception for only one user? > I couldnt find anything, that pointed to the problem , the > only thing strange is that the messages coming from that user > to the other specific user where requeued, nor mailscanner nor > spamassassin pointed anything diferent. > Do you need logs? > Thanks > > 2007/9/17, Scott Silva >: > > infolistas listas spake the following on 9/17/2007 4:16 PM: > > Hi all, > > I'm getting a problem from a specific user, > > when this users send an email to another specific user > the mail arrives > > with the { dangerous content} flag. > > How can I solve this? > > > > > 1) Tell user to stop sending dangerous content. > 2) Write ruleset to exempt the user from dangerous content > rules. > 3) Turn off dangerous content checking. > > You gave very limited info in your question, so I had to > give a very general > answer. > > -- > > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > > > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFG79UfEfZZRxQVtlQRAuGWAJ415dyInWiK0+qXiKhZ6xxQCOQUqwCeOzoG Xx7wXWv9tpUDGPdWkKfoYHU= =4Bh6 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From list-mailscanner at linguaphone.com Tue Sep 18 16:09:30 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue Sep 18 16:09:38 2007 Subject: {Disarmed} Re: dangerous content In-Reply-To: <46EFD51F.6070706@ecs.soton.ac.uk> Message-ID: Also get your users to send emails in plain text or HTML format and not Rich Text format. Rich text format causes these TNEF files and its best avoided. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > Field > Sent: 18 September 2007 14:40 > To: MailScanner discussion > Subject: Re: {Disarmed} Re: dangerous content > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Your virus scanning is screwed up for starters. Run "MailScanner --lint" > and post the output. Also please tell us the content of "Virus Scanners > = " in MailScanner.conf, and your virus.scanners.conf file. > > You need to set > TNEF Expander = internal > in MailScanner.conf to get rid of the TNEF error you previously posted. > > infolistas listas wrote: > > Another log this time user1 sending to me, I didnt get the dangerous > > content message nor the Corrupt TNEF winmail.dat that cannot be > > analysed in message AF5657FF98.75B99 > > > > Sep 18 10:23:01 mailbeta MailScanner[31952]: Message BFF1F7FF98.052FB > > from *MailScanner warning: numerical links are often malicious:* > > 10.10.10.49 ( user1@mydomain.com.br > > ) to mfplan.com.br > > is not spam, SpamAssassin (not cached, > > score=-103.754, required 3, autolearn=not spam, ALL_TRUSTED -1.80, AWL > > 0.53, BAYES_00 -2.60, HTML_90_100 0.11, HTML_MESSAGE 0.00, > > USER_IN_WHITELIST -100.00) > > Sep 18 10:23:01 mailbeta MailScanner[31952]: Spam Checks completed at > > 3791 bytes per second > > Sep 18 10:23:02 mailbeta MailScanner[31952]: Virus and Content > > Scanning: Starting > > Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option > > --unzip > > Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option > > --jar > > Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option > > --tar > > Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option > > --tgz > > Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option > > --deb > > Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option > > --max-ratio > > Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option > > --tempdir > > Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option > > --recursive (-r) > > Sep 18 10:23:02 mailbeta MailScanner[31952]: WARNING: Ignoring option > > --unrar > > Sep 18 10:23:02 mailbeta MailScanner[31952]: > > /var/spool/MailScanner/incoming/31952/.: lstat() failed. ERROR > > Sep 18 10:23:02 mailbeta MailScanner[31952]: Filename Checks: Allowing > > BFF1F7FF98.052FB msg-31952-4.txt > > Sep 18 10:23:02 mailbeta MailScanner[31952]: Filename Checks: Allowing > > BFF1F7FF98.052FB msg-31952-5.html (no rule matched) > > Sep 18 10:23:02 mailbeta MailScanner[31952]: Filename Checks: Allowing > > BFF1F7FF98.052FB COMUNICA%%C7%%C3O IN.doc (no rule matched) > > Sep 18 10:23:02 mailbeta MailScanner[31952]: Filetype Checks: Allowing > > BFF1F7FF98.052FB msg-31952-5.html > > Sep 18 10:23:02 mailbeta MailScanner[31952]: Filetype Checks: Allowing > > BFF1F7FF98.052FB msg-31952-4.txt > > Sep 18 10:23:02 mailbeta MailScanner[31952]: Filetype Checks: Allowing > > BFF1F7FF98.052FB COMUNICA%%C7%%C3O IN.doc (no match found) > > Sep 18 10:23:02 mailbeta MailScanner[31952]: Virus Scanning completed > > at 172635 bytes per second > > Sep 18 10:23:02 mailbeta MailScanner[31952]: Requeue: BFF1F7FF98.052FB > > to D0A537FF9B > > Sep 18 10:23:02 mailbeta postfix/qmgr[31781]: D0A537FF9B: > > from= >, > > size=46994, nrcpt=2 (queue active) > > Sep 18 10:23:02 mailbeta postfix/virtual[32275]: D0A537FF9B: > > to=>, > > relay=virtual, delay=13, delays=13/0.02/0/0.08, dsn= 2.0.0, > > status=sent (delivered to maildir) > > Sep 18 10:23:02 mailbeta MailScanner[31952]: Uninfected: Delivered 1 > > messages > > Sep 18 10:23:02 mailbeta MailScanner[31952]: Virus Processing > > completed at 96012 bytes per second > > Sep 18 10:23:02 mailbeta MailScanner[31952]: Batch completed at 3562 > > bytes per second (45049 / 12) > > Sep 18 10:23:02 mailbeta MailScanner[31952]: Batch (1 message) > > processed in 12.65 seconds > > Sep 18 10:23:02 mailbeta MailScanner[31952]: New Batch: Scanning 1 > > messages, 32156 bytes > > Sep 18 10:23:02 mailbeta MailScanner[31952]: Spam Checks: Starting > > Sep 18 10:23:02 mailbeta postfix/virtual[32277]: D0A537FF9B: > > to=>, > > relay=virtual, delay=13, delays=13/0.08/0/0.07, dsn= 2.0.0, > > status=sent (delivered to maildir) > > Sep 18 10:23:02 mailbeta postfix/qmgr[31781]: D0A537FF9B: removed > > > > 2007/9/18, infolistas listas < grupolistas@gmail.com > > >: > > > > I was viewing the log I hope its usefull > > > > --- > > > > Sep 18 09:34:44 mailbeta MailScanner[30405]: Message > > AF5657FF98.75B99 from *MailScanner warning: numerical links are > > often malicious:* 10.10.10.49 ( > > user1@mydomain.com.br ) to > > mfplan.com.br is not spam, SpamAssassin > > (not cached, score=-102.971, required 3, autolearn=not spam, > > ALL_TRUSTED - 1.80, AWL -0.38, BAYES_00 -2.60, BLANK_LINES_70_80 > > 1.80, USER_IN_WHITELIST - 100.00) > > Sep 18 09:34:44 mailbeta MailScanner[30405]: Spam Checks completed > > at 3925 bytes per second > > Sep 18 09:34:44 mailbeta MailScanner[30405]: Expanding TNEF > > archive at > > /var/spool/MailScanner/incoming/30405/AF5657FF98.75B99/winmail.dat > > Sep 18 09:34:44 mailbeta MailScanner[30836]: TNEF decoder failed > > with real error: Can't run tnef decoder: Arquivo ou diret??rio > > inexistente at /usr/share/MailScanner/MailScanner/TNEF.pm line 238. > > Sep 18 09:34:45 mailbeta MailScanner[30405]: Corrupt TNEF > > winmail.dat that cannot be analysed in message AF5657FF98.75B99 > > Sep 18 09:34:45 mailbeta MailScanner[30405]: Virus and Content > > Scanning: Starting > > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring > > option --unzip > > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring > > option --jar > > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring > > option --tar > > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring > > option --tgz > > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring > > option --deb > > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring > > option --max-ratio > > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring > > option --tempdir > > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring > > option --recursive (-r) > > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring > > option --unrar > > Sep 18 09:34:45 mailbeta MailScanner[30405]: > > /var/spool/MailScanner/incoming/30405/.: lstat() failed. ERROR > > Sep 18 09:34:45 mailbeta MailScanner[30405]: Filename Checks: > > Allowing AF5657FF98.75B99 msg-30405-6.txt > > Sep 18 09:34:45 mailbeta MailScanner[30405]: Filename Checks: > > Allowing AF5657FF98.75B99 winmail.dat (no rule matched) > > Sep 18 09:34:45 mailbeta MailScanner[30405]: Filename Checks: > > Allowing AF5657FF98.75B99 msg-30405-5.txt > > Sep 18 09:34:45 mailbeta MailScanner[30405]: Filetype Checks: > > Allowing AF5657FF98.75B99 winmail.dat (no match found) > > Sep 18 09:34:45 mailbeta MailScanner[30405]: Filetype Checks: > > Allowing AF5657FF98.75B99 msg-30405-6.txt > > Sep 18 09:34:45 mailbeta MailScanner[30405]: Filetype Checks: > > Allowing AF5657FF98.75B99 msg-30405-5.txt > > Sep 18 09:34:45 mailbeta MailScanner[30405]: Virus Scanning > > completed at 161675 bytes per second > > Sep 18 09:34:45 mailbeta MailScanner[30405]: Requeue: > > AF5657FF98.75B99 to 8FBF77FF99 > > Sep 18 09:34:45 mailbeta postfix/qmgr[30480]: 8FBF77FF99: from=< > > user1@mydomain.com.br >, size=2922, > > nrcpt=2 (queue active) > > Sep 18 09:34:45 mailbeta MailScanner[30405]: Cleaned: Delivered 1 > > cleaned messages > > Sep 18 09:34:45 mailbeta postfix/virtual[30737]: 8FBF77FF99: to=< > > user2@mydomain.com.br >, > > relay=virtual, delay=17, delays=17/0.01/0/0.02, dsn=2.0.0, > > status=sent (delivered to maildir) > > Sep 18 09:34:45 mailbeta postfix/virtual[30739]: 8FBF77FF99: to=< > > getall@mydomain.com.br >, > > relay=virtual, delay=17, delays=17/0.01/0/0.02, dsn=2.0.0, > > status=sent (delivered to maildir) > > Sep 18 09:34:45 mailbeta postfix/qmgr[30480]: 8FBF77FF99: removed > > Sep 18 09:34:45 mailbeta postfix[30846]: error: to submit mail, > > use the Postfix sendmail command > > Sep 18 09:34:45 mailbeta postfix[30846]: fatal: the postfix > > command is reserved for the superuser > > Sep 18 09:34:45 mailbeta imapd: Connection, > > ip=[::ffff:*MailScanner warning: numerical links are often > > malicious:* 10.10.10.29 ] > > > > 2007/9/18, infolistas listas > >: > > > > That user isnt sending anything more than is set on the rules. > > ( atachments of all type are allowed to be send). Only 9 > > users are allowed to send attachments outside,all attachments > > are allowed inside domain, that user is one of them, the > > problem is only with her and another specific user, thats from > > our own domain. > > how do I turn the dangerous content checking out? will it > > interfeer with the incoming checking of outside domain? > > How can I make an exception for only one user? > > I couldnt find anything, that pointed to the problem , the > > only thing strange is that the messages coming from that user > > to the other specific user where requeued, nor mailscanner nor > > spamassassin pointed anything diferent. > > Do you need logs? > > Thanks > > > > 2007/9/17, Scott Silva > >: > > > > infolistas listas spake the following on 9/17/2007 4:16 PM: > > > Hi all, > > > I'm getting a problem from a specific user, > > > when this users send an email to another specific user > > the mail arrives > > > with the { dangerous content} flag. > > > How can I solve this? > > > > > > > > 1) Tell user to stop sending dangerous content. > > 2) Write ruleset to exempt the user from dangerous content > > rules. > > 3) Turn off dangerous content checking. > > > > You gave very limited info in your question, so I had to > > give a very general > > answer. > > > > -- > > > > MailScanner is like deodorant... > > You hope everybody uses it, and > > you notice quickly if they don't!!!! > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the > > website! > > > > > > > > > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.3 (Build 3017) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFG79UfEfZZRxQVtlQRAuGWAJ415dyInWiK0+qXiKhZ6xxQCOQUqwCeOzoG > Xx7wXWv9tpUDGPdWkKfoYHU= > =4Bh6 > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From simon at saq.co.uk Tue Sep 18 16:03:26 2007 From: simon at saq.co.uk (Simon Jones) Date: Tue Sep 18 16:13:44 2007 Subject: Config.pm error Message-ID: Hi, I've transferred config files from a working mailscanner box to a new machine to take up some load on the gateways but it doesn't process the hold queue. A debug returns the following problem, anyone please point me down the right track? Thanks! In Debugging mode, not forking... max message size is '40k' Undefined subroutine &MailScanner::CustomConfig::SQLSpamScores called at /usr/lib/MailScanner/MailScanner/Config.pm line 155 Simon J From iad.scoot at gmail.com Tue Sep 18 16:19:46 2007 From: iad.scoot at gmail.com (Iad Scoot) Date: Tue Sep 18 16:19:48 2007 Subject: mail w/ 2 extension Message-ID: <88bd43930709180819p79fffb0eqccf5346b0dbaf708@mail.gmail.com> Hi, Occasionally I receive legit email messages that include a "double extension" - i.e. "filename.xxx.yyy" where "yyy" can be several different extensions. The messages are protected with a specific Rights Management system that does this double extension when it is protecting documents that do not have native RMS capabilities (uses some type of encrypted envelope). The problem is that MS seems to eat them - as expected I get a filename warning message in place of the normal attachment but upon retrieving the messages from quarantine they are typically corrupted. Is there a way to exempt certain filetypes that are in this format - for example, say something that would see the filename structure " filename.txt.rmh" (regex might be ideal here for different file types) and allow it to pass? I do not want to simply rely on domain-level exemptions if possible as that (to me) would open a big hole in the protection. Thanks... -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070918/de8b370f/attachment.html From keith at 12345678.org Tue Sep 18 17:00:09 2007 From: keith at 12345678.org (keith) Date: Tue Sep 18 17:00:17 2007 Subject: Block spam message without sender address Message-ID: <20070918155840.M46044@12345678.org> Dear All, My client was tell to me , they always receive a large volume of spam message is no sender address, how I can block this type of message in MS, I checked the filename rules and the mailing archive said is related the Watermark feature, but still no idea, who can tell me how to do this. My MS is version 4.63 with spamassassin + DCC + pyzor + razor + Clamav + Kaspersky Thanks Keith -- From martinh at solidstatelogic.com Tue Sep 18 17:05:31 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Sep 18 17:05:40 2007 Subject: Block spam message without sender address In-Reply-To: <20070918155840.M46044@12345678.org> Message-ID: You got the actual email (with full headers etc) on a webpage/pastebin so we can run over our setup and see what SA rules trigger for us. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of keith > Sent: 18 September 2007 17:00 > To: mailscanner@lists.mailscanner.info > Subject: Block spam message without sender address > > Dear All, > My client was tell to me , they always receive a large volume of spam > message > is no sender address, how I can block this type of message in MS, I > checked > the filename rules and the mailing archive said is related the Watermark > feature, but still no idea, who can tell me how to do this. > > My MS is version 4.63 with spamassassin + DCC + pyzor + razor + Clamav + > Kaspersky > > Thanks > Keith > > -- > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From shuttlebox at gmail.com Tue Sep 18 17:40:05 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Sep 18 17:40:13 2007 Subject: mail w/ 2 extension In-Reply-To: <88bd43930709180819p79fffb0eqccf5346b0dbaf708@mail.gmail.com> References: <88bd43930709180819p79fffb0eqccf5346b0dbaf708@mail.gmail.com> Message-ID: <625385e30709180940k7fd5a0cfxe91f5aca3b99995@mail.gmail.com> On 9/18/07, Iad Scoot wrote: > Is there a way to exempt certain filetypes that are in this format - for > example, say something that would see the filename structure > "filename.txt.rmh" (regex might be ideal here for different file types) and > allow it to pass? I do not want to simply rely on domain-level exemptions if > possible as that (to me) would open a big hole in the protection. Just put allow-lines (e.g. allow filename.txt.rmh - -) above the double extension line in the filename.rules.conf-file. Or disable the double extension rule if you don't like it. -- /peter From mrm at quantumcc.com Tue Sep 18 17:58:15 2007 From: mrm at quantumcc.com (Mike Masse) Date: Tue Sep 18 18:01:08 2007 Subject: Performance between SpamAssassin 3.2.1 and 3.2.2 and 3.2.3 In-Reply-To: <223f97700708171351p3610ab37kba693ddc31ccb2c3@mail.gmail.com> References: <46C33DFC.8000101@sendit.nodak.edu> <8F2A53954C22554EB75D9643FCCE0C6B0472D477@MED-CORE03-MS1.med.wayne.edu> <8F2A53954C22554EB75D9643FCCE0C6B0472D498@MED-CORE03-MS1.med.wayne.edu> <223f97700708171351p3610ab37kba693ddc31ccb2c3@mail.gmail.com> Message-ID: Just wondering if anything new has come out about this issue. I've got 3.2.3 running, have applied the 5589 bug patch, disabled ASN and URIDNSBL like others have mentioned and it's still horribly slow around 1k/second. I have an identical system running 3.1.8 and it's about 10 times faster. I've tried looking at the debug output of spamassassin to see where the delay is actually occuring, but I'm not sure what to look for exactly. Mike Glenn Steen wrote: > On 17/08/07, Rose, Bobby wrote: >> Sorry I couldn't provide feedback yesterday because my research became >> skewed due to router issues at Michnet which is the backbone provider >> for all of the univs here in Michigan. >> >> It looks like 3.2.3 with the SA bug patch 5589 took care of the issues. >> After about 24k messages so far, my times and queue is normal. In fact, >> I've only see 6 Batches of 30s in my logs. Also the debug output of SA >> for the DNS timings are normal compare to what I was seeing with 3.2.3 >> without the patch. >> >> Bobby Rose > > Thanks Bobby, very good to know. > > Cheers From MailScanner at ecs.soton.ac.uk Tue Sep 18 18:04:25 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 18 18:04:41 2007 Subject: Config.pm error In-Reply-To: References: Message-ID: <46F00519.9000508@ecs.soton.ac.uk> That is because your MailScanner.conf refers to a custom function called &SQLSpamScores, and you haven't copied over the files from /usr/lib/MailScanner/MailScanner/CustomFunctions. Simon Jones wrote: > Hi, I've transferred config files from a working mailscanner box to a > new machine to take up some load on the gateways but it doesn't process > the hold queue. A debug returns the following problem, anyone please > point me down the right track? Thanks! > > In Debugging mode, not forking... > max message size is '40k' > Undefined subroutine &MailScanner::CustomConfig::SQLSpamScores called at > /usr/lib/MailScanner/MailScanner/Config.pm line 155 > > Simon J > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Tue Sep 18 18:12:46 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 18 18:13:01 2007 Subject: Performance between SpamAssassin 3.2.1 and 3.2.2 and 3.2.3 In-Reply-To: References: <46C33DFC.8000101@sendit.nodak.edu> <8F2A53954C22554EB75D9643FCCE0C6B0472D477@MED-CORE03-MS1.med.wayne.edu> <8F2A53954C22554EB75D9643FCCE0C6B0472D498@MED-CORE03-MS1.med.wayne.edu> <223f97700708171351p3610ab37kba693ddc31ccb2c3@mail.gmail.com> Message-ID: <46F0070E.1080200@ecs.soton.ac.uk> You need to run MailScanner with both the debug flags MailScanner --debug --debug-sa and thump Ctrl-S to stop the output when the output appears to stop at all. Thump Ctrl-Q to restart the output. You need to read just before and after the pause to see what it was trying to do at the time. Hope that helps, Jules. Mike Masse wrote: > Just wondering if anything new has come out about this issue. I've > got 3.2.3 running, have applied the 5589 bug patch, disabled ASN and > URIDNSBL like others have mentioned and it's still horribly slow > around 1k/second. I have an identical system running 3.1.8 and it's > about 10 times faster. I've tried looking at the debug output of > spamassassin to see where the delay is actually occuring, but I'm not > sure what to look for exactly. > > Mike > > Glenn Steen wrote: >> On 17/08/07, Rose, Bobby wrote: >>> Sorry I couldn't provide feedback yesterday because my research became >>> skewed due to router issues at Michnet which is the backbone provider >>> for all of the univs here in Michigan. >>> >>> It looks like 3.2.3 with the SA bug patch 5589 took care of the issues. >>> After about 24k messages so far, my times and queue is normal. In >>> fact, >>> I've only see 6 Batches of 30s in my logs. Also the debug output of SA >>> for the DNS timings are normal compare to what I was seeing with 3.2.3 >>> without the patch. >>> >>> Bobby Rose >> >> Thanks Bobby, very good to know. >> >> Cheers > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Tue Sep 18 18:29:05 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Sep 18 18:33:35 2007 Subject: dangerous content In-Reply-To: <44c071aa0709180603k42d74e49k953adfcf5f75c79c@mail.gmail.com> References: <44c071aa0709171616j6fda0802ia3a61e6d129d3313@mail.gmail.com> <44c071aa0709180445h7dafe81dje36b68b89e784b9a@mail.gmail.com> <44c071aa0709180603k42d74e49k953adfcf5f75c79c@mail.gmail.com> Message-ID: infolistas listas spake the following on 9/18/2007 6:03 AM: > I was viewing the log I hope its usefull > > --- > > Sep 18 09:34:44 mailbeta MailScanner[30405]: Message AF5657FF98.75B99 > from 10.10.10.49 (user1@mydomain.com.br > ) to mfplan.com.br > is not spam, SpamAssassin (not cached, score=-102.971, required 3, > autolearn=not spam, ALL_TRUSTED -1.80, AWL -0.38, BAYES_00 -2.60, > BLANK_LINES_70_80 1.80, USER_IN_WHITELIST - 100.00) > Sep 18 09:34:44 mailbeta MailScanner[30405]: Spam Checks completed at > 3925 bytes per second > Sep 18 09:34:44 mailbeta MailScanner[30405]: Expanding TNEF archive at > /var/spool/MailScanner/incoming/30405/AF5657FF98.75B99/winmail.dat > Sep 18 09:34:44 mailbeta MailScanner[30836]: TNEF decoder failed with > real error: Can't run tnef decoder: Arquivo ou diret??rio inexistente at > /usr/share/MailScanner/MailScanner/TNEF.pm line 238. > Sep 18 09:34:45 mailbeta MailScanner[30405]: Corrupt TNEF winmail.dat > that cannot be analysed in message AF5657FF98.75B99 > Sep 18 09:34:45 mailbeta MailScanner[30405]: Virus and Content Scanning: > Starting > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option > --unzip > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option --jar > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option --tar > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option --tgz > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option --deb > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option > --max-ratio > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option > --tempdir > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option > --recursive (-r) > Sep 18 09:34:45 mailbeta MailScanner[30405]: WARNING: Ignoring option > --unrar > Sep 18 09:34:45 mailbeta MailScanner[30405]: > /var/spool/MailScanner/incoming/30405/.: lstat() failed. ERROR > Sep 18 09:34:45 mailbeta MailScanner[30405]: Filename Checks: Allowing > AF5657FF98.75B99 msg-30405-6.txt > Sep 18 09:34:45 mailbeta MailScanner[30405]: Filename Checks: Allowing > AF5657FF98.75B99 winmail.dat (no rule matched) > Sep 18 09:34:45 mailbeta MailScanner[30405]: Filename Checks: Allowing > AF5657FF98.75B99 msg-30405-5.txt > Sep 18 09:34:45 mailbeta MailScanner[30405]: Filetype Checks: Allowing > AF5657FF98.75B99 winmail.dat (no match found) > Sep 18 09:34:45 mailbeta MailScanner[30405]: Filetype Checks: Allowing > AF5657FF98.75B99 msg-30405-6.txt > Sep 18 09:34:45 mailbeta MailScanner[30405]: Filetype Checks: Allowing > AF5657FF98.75B99 msg-30405-5.txt > Sep 18 09:34:45 mailbeta MailScanner[30405]: Virus Scanning completed at > 161675 bytes per second > Sep 18 09:34:45 mailbeta MailScanner[30405]: Requeue: AF5657FF98.75B99 > to 8FBF77FF99 > Sep 18 09:34:45 mailbeta postfix/qmgr[30480]: 8FBF77FF99: > from= >, size=2922, > nrcpt=2 (queue active) > Sep 18 09:34:45 mailbeta MailScanner[30405]: Cleaned: Delivered 1 > cleaned messages > Sep 18 09:34:45 mailbeta postfix/virtual[30737]: 8FBF77FF99: to=< > user2@mydomain.com.br >, relay=virtual, > delay=17, delays=17/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to > maildir) > Sep 18 09:34:45 mailbeta postfix/virtual[30739]: 8FBF77FF99: to=< > getall@mydomain.com.br >, relay=virtual, > delay=17, delays=17/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to > maildir) > Sep 18 09:34:45 mailbeta postfix/qmgr[30480]: 8FBF77FF99: removed > Sep 18 09:34:45 mailbeta postfix[30846]: error: to submit mail, use the > Postfix sendmail command > Sep 18 09:34:45 mailbeta postfix[30846]: fatal: the postfix command is > reserved for the superuser > Sep 18 09:34:45 mailbeta imapd: Connection, ip=[::ffff:10.10.10.29 > ] > Is this user sending mail with Microsoft Outlook? Have them set their sending format to HTML or Text instead of Rich Text. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From bbecken at aafp.org Tue Sep 18 17:26:45 2007 From: bbecken at aafp.org (Brad Beckenhauer) Date: Tue Sep 18 18:40:30 2007 Subject: OT: Rbldnsd and Spamhaus setup Message-ID: <46EFB5F5.D87E.0068.3@aafp.org> I'm configuring my servers to use Spamhaus datafeed service and I'm not convinced that MailScanner is using Rbldnsd as I still see queries to zen.spamhaus.org in the data queries log file. I though perhaps the queries might have been from spamassassin, so I set "skip_rbl_checks 1" in the mailscanner.cf and restarted MailScanner. I still had DNS queries appearing in the bind log file. I need another set of eyes to look at this config and tell me what I'm missing. Running: Centos 5.0, MailScanner v4.62.9 /etc/sysconfig/rbldnsd: # the first line tells rbldnsd to # chroot (-r) to /usr/local/dnsbl, and # then bind (-b) to 127.0.0.6 and # then (-f) fork child during reloads and # then (-w) specify the working directory where rbldnsd will find its files, RBLDNSD="dnsbl -r /usr/local/dnsbl -b 127.0.0.6 -f -w rbldnsd \ sbl.dnsbl:ip4set:sbl \ pbl.dnsbl:ip4trie:pbl \ xbl.dnsbl:ip4tset:xbl \ zen.dnsbl:ip4set:sbl \ zen.dnsbl:ip4trie:pbl \ zen.dnsbl:ip4tset:xbl " # eof /etc/named.conf: zone "dnsbl" IN { type forward; forward only; forwarders { 127.0.0.6; }; }; /etc/MailScanner/spam.lists.conf: spamhaus-ZEN-local dnsbl. <=== trailing period /etc/MailScanner/MailScanner.conf: Spam List = spamhaus-ZEN-local service rbldnsd restart MailScanner --lint > show ok service MailScanner restart thanks Brad From t.d.lee at durham.ac.uk Tue Sep 18 17:35:09 2007 From: t.d.lee at durham.ac.uk (David Lee) Date: Tue Sep 18 18:46:39 2007 Subject: MS startup times Message-ID: (MS 4.63.8; SA 3.2.3; but problem older than that.) In the normal course of events, our machines (dual processor Intel) cope OK with the load; messages are processed within a few seconds. But the "service MailScanner start" startup takes many elapsed minutes before anything at "real" actually happens. The load during this time is high, as the MS processes gobble CPU of over two minutes per process. Any thoughts? Our conf file includes: Max Children = 10 Rebuild Bayes Every = 3600 Wait During Bayes Rebuild = yes Might something there be relevant? Also, a simple "MailScanner --debug" or "MailScanner --lint" takes over two minutes. But "spamassassin --lint --debug" completes quickly, with no obvious errors. Have I overlooked anything obvious? -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From t.d.lee at durham.ac.uk Tue Sep 18 17:47:01 2007 From: t.d.lee at durham.ac.uk (David Lee) Date: Tue Sep 18 18:47:59 2007 Subject: MailScanner.conf and spam.assassin.prefs.conf consistency Message-ID: MailScanner.conf has a nice feature of defining "%org-name%" near the top, then using it further on, particularly for "X-%org-name%-MailScanner-..." headers. But spam.assassin.prefs.conf meanwhile requires some of these "X-..." headers to be hard-coded. Would it be possible for these (at least as default) to somehow be automatic from %org-name%"? I realise that SA needs to see the fully expanded form (thus different at every "org"), but could the sys.admin's version (default common across all "org"s) read "X-%org-name%-...", which MS/SA/something expand up for SA? Just a thought. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From dgottsc at emory.edu Tue Sep 18 18:52:22 2007 From: dgottsc at emory.edu (Gottschalk, David) Date: Tue Sep 18 18:52:33 2007 Subject: MS startup times In-Reply-To: References: Message-ID: <8D2EFA3D9FD29C45BCEC3B532F0E230841359FDCD7@RDPEXCH2.Eu.Emory.Edu> What virus scanner are you running? A older version of ClamAV is known to have long startup times reading signature files. David Gottschalk UTS Infrastructure Technology Services david.gottschalk@emory.edu -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of David Lee Sent: Tuesday, September 18, 2007 12:35 PM To: MailScanner discussion Subject: MS startup times (MS 4.63.8; SA 3.2.3; but problem older than that.) In the normal course of events, our machines (dual processor Intel) cope OK with the load; messages are processed within a few seconds. But the "service MailScanner start" startup takes many elapsed minutes before anything at "real" actually happens. The load during this time is high, as the MS processes gobble CPU of over two minutes per process. Any thoughts? Our conf file includes: Max Children = 10 Rebuild Bayes Every = 3600 Wait During Bayes Rebuild = yes Might something there be relevant? Also, a simple "MailScanner --debug" or "MailScanner --lint" takes over two minutes. But "spamassassin --lint --debug" completes quickly, with no obvious errors. Have I overlooked anything obvious? -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Sep 18 19:01:00 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 18 19:01:21 2007 Subject: OT: Rbldnsd and Spamhaus setup In-Reply-To: <46EFB5F5.D87E.0068.3@aafp.org> References: <46EFB5F5.D87E.0068.3@aafp.org> Message-ID: <46F0125C.5010603@ecs.soton.ac.uk> It's dead easy to set it up so they use the real domain names instead of your "dnsbl" zone, so you can leave all the SpamAssassin configuration alone. All you need is this: I start rbldnsd like this: XBL="xbl.spamhaus.org:ip4tset:xbl" PBL="pbl.spamhaus.org:ip4trie:pbl" SBL="sbl.spamhaus.org:ip4set:sbl" ZEN="zen.spamhaus.org:ip4set:sbl zen.spamhaus.org:ip4trie:pbl zen.spamhaus.org:ip4tset:xbl" WORKDIR="/var/lib/rbldns" BIND="127.0.0.6/53" /usr/local/sbin/rbldnsd -s /var/adm/rbldnsd.log -w $WORKDIR -b $BIND -4 -f $XBL $PBL $SBL $ZEN /var/lib/rbldns has ownership and permissions "drwxr-xr-x root other". In my named.conf for BIND I have this: zone "sbl.spamhaus.org" { type forward; forward only; forwarders { 127.0.0.6 port 53; }; }; zone "pbl.spamhaus.org" { type forward; forward only; forwarders { 127.0.0.6 port 53; }; }; zone "xbl.spamhaus.org" { type forward; forward only; forwarders { 127.0.0.6 port 53; }; }; zone "zen.spamhaus.org" { type forward; forward only; forwarders { 127.0.0.6 port 53; }; }; That's it. No changes required to any of your software, as this is using the original DNS zone names, just overloading them with local copies. Why the spamhaus docs don't just tell you to do this, rather than setting up new zones and having to change all your software, I don't know. It's dead easy. You can tell that rbldnsd is being called by looking in /var/adm/rbldnsd.log That will show you each zone and how many queries are being sent to rbldnsd for each of its zones. It writes 1 line per minute to the file. As an example, here's the last line of the file: (For clarity, I have put each "word" on a separate line) 1190138032 xbl.spamhaus.org:0:0:0:0:0 pbl.spamhaus.org:0:0:0:0:0 sbl.spamhaus.org:4295248:61703:4233545:252105889:446227926 zen.spamhaus.org:1903334:1216504:686830:112123108:155815602 *:6198582:1278207:4920375:364228997:602043528 So xbl and pbl are getting no hits (which is as expected), and sbl and zen are getting lots of hits (also as expected). Zen is used by my MailScanner setup, and sbl is used by SpamAssassin. I don't have to change any of my MailScanner or SpamAssassin configuration at all, making maintenance a heck of a lot easier. Brad Beckenhauer wrote: > I'm configuring my servers to use Spamhaus datafeed service and I'm not > convinced that MailScanner is using Rbldnsd as I still see queries to > zen.spamhaus.org in the data queries log file. > > I though perhaps the queries might have been from spamassassin, so I set > "skip_rbl_checks 1" in the mailscanner.cf and restarted MailScanner. I > still had DNS queries appearing in the bind log file. > > I need another set of eyes to look at this config and tell me what I'm > missing. > > Running: Centos 5.0, MailScanner v4.62.9 > > /etc/sysconfig/rbldnsd: > # the first line tells rbldnsd to > # chroot (-r) to /usr/local/dnsbl, and > # then bind (-b) to 127.0.0.6 and > # then (-f) fork child during reloads and > # then (-w) specify the working directory where rbldnsd will find its > files, > RBLDNSD="dnsbl -r /usr/local/dnsbl -b 127.0.0.6 -f -w rbldnsd \ > sbl.dnsbl:ip4set:sbl \ > pbl.dnsbl:ip4trie:pbl \ > xbl.dnsbl:ip4tset:xbl \ > zen.dnsbl:ip4set:sbl \ > zen.dnsbl:ip4trie:pbl \ > zen.dnsbl:ip4tset:xbl > " > # eof > > > /etc/named.conf: > zone "dnsbl" IN { > type forward; > forward only; > forwarders { 127.0.0.6; }; > }; > > > /etc/MailScanner/spam.lists.conf: > spamhaus-ZEN-local dnsbl. <=== trailing period > > > /etc/MailScanner/MailScanner.conf: > Spam List = spamhaus-ZEN-local > > service rbldnsd restart > MailScanner --lint > show ok > service MailScanner restart > > > thanks > Brad > > > > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Tue Sep 18 19:06:39 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 18 19:06:57 2007 Subject: MailScanner.conf and spam.assassin.prefs.conf consistency In-Reply-To: References: Message-ID: <46F013AF.1050205@ecs.soton.ac.uk> David Lee wrote: > MailScanner.conf has a nice feature of defining "%org-name%" near the top, > then using it further on, particularly for "X-%org-name%-MailScanner-..." > headers. > > But spam.assassin.prefs.conf meanwhile requires some of these "X-..." > headers to be hard-coded. Would it be possible for these (at least as > default) to somehow be automatic from %org-name%"? > No, sorry, can't do it. MailScanner doesn't know how to parse the spam.assassin.prefs.conf file. The only important one is the envelope sender header, which is checked by "MailScanner --lint" which uses a very simple approach to reading the spam.assassin.prefs.conf file which is just good enough to read this single setting. > I realise that SA needs to see the fully expanded form (thus different at > every "org"), but could the sys.admin's version (default common across all > "org"s) read "X-%org-name%-...", which MS/SA/something expand up for SA? > > Just a thought. > The only thing I could do would be to parse the file and generate a new one, but this would need to be put in /etc/mail/spamassassin, and it's rather a cardinal sin to overwrite anything in /etc, stuff like that should be in /var. But I'm not sure how to tell SpamAssassin to add somewhere under /var to the list of directories it reads for admin-level settings. All advice from others out there is gratefully received. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Tue Sep 18 19:08:56 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 18 19:10:08 2007 Subject: OT: Rbldnsd and Spamhaus setup In-Reply-To: <46F0125C.5010603@ecs.soton.ac.uk> References: <46EFB5F5.D87E.0068.3@aafp.org> <46F0125C.5010603@ecs.soton.ac.uk> Message-ID: <46F01438.2070901@ecs.soton.ac.uk> Julian Field wrote: > It's dead easy to set it up so they use the real domain names instead > of your "dnsbl" zone, so you can leave all the SpamAssassin > configuration alone. All you need is this: > > I start rbldnsd like this: > > XBL="xbl.spamhaus.org:ip4tset:xbl" > PBL="pbl.spamhaus.org:ip4trie:pbl" > SBL="sbl.spamhaus.org:ip4set:sbl" > ZEN="zen.spamhaus.org:ip4set:sbl zen.spamhaus.org:ip4trie:pbl > zen.spamhaus.org:ip4tset:xbl" > WORKDIR="/var/lib/rbldns" > BIND="127.0.0.6/53" > /usr/local/sbin/rbldnsd -s /var/adm/rbldnsd.log -w $WORKDIR -b $BIND > -4 -f $XBL $PBL $SBL $ZEN > > /var/lib/rbldns has ownership and permissions "drwxr-xr-x root other". > > In my named.conf for BIND I have this: > zone "sbl.spamhaus.org" { > type forward; > forward only; > forwarders { 127.0.0.6 port 53; }; > }; > zone "pbl.spamhaus.org" { > type forward; > forward only; > forwarders { 127.0.0.6 port 53; }; > }; zone "xbl.spamhaus.org" { > type forward; > forward only; > forwarders { 127.0.0.6 port 53; }; > }; zone "zen.spamhaus.org" { > type forward; > forward only; > forwarders { 127.0.0.6 port 53; }; > }; Sorry, the zones should obviously start on a new line (it got screwed up by my mail client). Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From shuttlebox at gmail.com Tue Sep 18 19:19:00 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Sep 18 19:19:03 2007 Subject: MailScanner.conf and spam.assassin.prefs.conf consistency In-Reply-To: <46F013AF.1050205@ecs.soton.ac.uk> References: <46F013AF.1050205@ecs.soton.ac.uk> Message-ID: <625385e30709181119rac45e0g567bad894da231b5@mail.gmail.com> On 9/18/07, Julian Field wrote: > No, sorry, can't do it. MailScanner doesn't know how to parse the > spam.assassin.prefs.conf file. The only important one is the envelope > sender header, which is checked by "MailScanner --lint" which uses a > very simple approach to reading the spam.assassin.prefs.conf file which > is just good enough to read this single setting. Could you add checks for the other lines usually containing %org-name% too? Isn't it just the lines about headers for SA to ignore? If they could be linted as well as the envelope_sender I think that would be more than enough. -- /peter From MailScanner at ecs.soton.ac.uk Tue Sep 18 19:28:23 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 18 19:29:00 2007 Subject: MailScanner.conf and spam.assassin.prefs.conf consistency In-Reply-To: <625385e30709181119rac45e0g567bad894da231b5@mail.gmail.com> References: <46F013AF.1050205@ecs.soton.ac.uk> <625385e30709181119rac45e0g567bad894da231b5@mail.gmail.com> Message-ID: <46F018C7.8090901@ecs.soton.ac.uk> shuttlebox wrote: > On 9/18/07, Julian Field wrote: > >> No, sorry, can't do it. MailScanner doesn't know how to parse the >> spam.assassin.prefs.conf file. The only important one is the envelope >> sender header, which is checked by "MailScanner --lint" which uses a >> very simple approach to reading the spam.assassin.prefs.conf file which >> is just good enough to read this single setting. >> > > Could you add checks for the other lines usually containing %org-name% > too? Isn't it just the lines about headers for SA to ignore? If they > could be linted as well as the envelope_sender I think that would be > more than enough. > Sure. What other lines should I be checking? Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From mike at tc3net.com Tue Sep 18 19:40:54 2007 From: mike at tc3net.com (Michael Baird) Date: Tue Sep 18 19:36:56 2007 Subject: OT: Rbldnsd and Spamhaus setup In-Reply-To: <46EFB5F5.D87E.0068.3@aafp.org> References: <46EFB5F5.D87E.0068.3@aafp.org> Message-ID: <46F01BB6.8060900@tc3net.com> Turn on logging in rbldnsd, you will quickly see if it is being utilized. Regards Michael Baird > I'm configuring my servers to use Spamhaus datafeed service and I'm not > convinced that MailScanner is using Rbldnsd as I still see queries to > zen.spamhaus.org in the data queries log file. > > I though perhaps the queries might have been from spamassassin, so I set > "skip_rbl_checks 1" in the mailscanner.cf and restarted MailScanner. I > still had DNS queries appearing in the bind log file. > > I need another set of eyes to look at this config and tell me what I'm > missing. > > Running: Centos 5.0, MailScanner v4.62.9 > > /etc/sysconfig/rbldnsd: > # the first line tells rbldnsd to > # chroot (-r) to /usr/local/dnsbl, and > # then bind (-b) to 127.0.0.6 and > # then (-f) fork child during reloads and > # then (-w) specify the working directory where rbldnsd will find its > files, > RBLDNSD="dnsbl -r /usr/local/dnsbl -b 127.0.0.6 -f -w rbldnsd \ > sbl.dnsbl:ip4set:sbl \ > pbl.dnsbl:ip4trie:pbl \ > xbl.dnsbl:ip4tset:xbl \ > zen.dnsbl:ip4set:sbl \ > zen.dnsbl:ip4trie:pbl \ > zen.dnsbl:ip4tset:xbl > " > # eof > > > /etc/named.conf: > zone "dnsbl" IN { > type forward; > forward only; > forwarders { 127.0.0.6; }; > }; > > > /etc/MailScanner/spam.lists.conf: > spamhaus-ZEN-local dnsbl. <=== trailing period > > > /etc/MailScanner/MailScanner.conf: > Spam List = spamhaus-ZEN-local > > service rbldnsd restart > MailScanner --lint > show ok > service MailScanner restart > > > thanks > Brad > > > > From sconway at wlnet.com Tue Sep 18 19:36:53 2007 From: sconway at wlnet.com (Stephen Conway) Date: Tue Sep 18 19:37:07 2007 Subject: ArchiveMail Exclusions In-Reply-To: <46EEB161.4040105@ecs.soton.ac.uk> References: <0ab401c7f642$7c334e00$7499ea00$@com> <46E9A42E.8090206@ecs.soton.ac.uk> <10cf01c7f70c$c7bd2b00$57378100$@com> <46EBE421.1070400@ecs.soton.ac.uk> <18a501c7f93f$ef6d1db0$ce475910$@com> <46EEB161.4040105@ecs.soton.ac.uk> Message-ID: <1bb901c7fa22$e2149420$a63dbc60$@com> Hello: Ok, I am trying now to do what I need but with Non-Spam-Actions. I have the forwarding working but there is one problem. We already have a custom function called "FleetActions" which is our default action for non-SPAM. If I specify this function as the action for Non-Spam in the MailScanner.conf as follows: Non Spam Actions = &FleetActions Then all works as it should, our custom function in CustomConfig.pm gets called. But, if I try to put it instead to a ruleset file as: Non Spam Actions = /opt/MailScanner/etc/rules/message.nonspam.rules Which is: From: *@domain.com and To: someuser@otherdomain.com fowardeduser@domain.com FromOrTo: default &FleetActions The messages that should be forwarded are working perfectly, the problem is that our custom function now doesn't get called and an error goes in log as follows: " Message l8IIKrLi013637 produced illegal Non-Spam Action "&fleetactions", so message is being delivered" So I guess the question is, is there a way inside a ruleset file for Non Spam Actions to specify a custom function found in CustomConfig.pm? Thanks, Steve -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Monday, September 17, 2007 12:55 PM To: MailScanner discussion Subject: Re: ArchiveMail Exclusions Stephen Conway wrote: > Hello Julien: > > Yes, sorry I think I wasn't clear what I was asking. I know that if you > enter as an action here an e-mail address that messages will go to that > e-mail. But as I have seen, this sends a 'copy' of the message to the > address (meaning that a copy still goes to the original recipient). Is > there a way for example, putting a ! in front of the address, where the > message is actually forwarded (not copy) to the other address? > Do that with non-spam actions, spam actions and high-scoring spam actions. > Also, I have another item as well. I have blacklist file, and it seems that > if MailScanner sees another 'X-Spam: No' flag in the message, that it will > not block the message even if on the black list. Any way to bypass this, to > make MailScanner scan for Spam even if the message has been scanned by > another Relay server before? > That's not happening. MailScanner doesn't rely on *anything* in the headers to control scanning, as everything in the headers can be forged by a spammer or virus writer. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Saturday, September 15, 2007 9:55 AM > To: MailScanner discussion > Subject: Re: ArchiveMail Exclusions > > As it says right at the top of the comment about Archive Mail =, you can > include > > # Space-separated list of any combination of > # 1. email addresses to which mail should be forwarded, > # 2. directory names where you want mail to be stored, > # 3. file names (they must already exist!) to which mail will be appended > # in "mbox" format suitable for most Unix mail systems. > > Stephen Conway wrote: > >> Hello Julien: >> >> Thanks very much for that. Seems to work OK. >> >> One other question, is there a way using ArchiveMail to forward messages >> instead of just make an archive? >> >> Ex: >> >> To: *@domain.com !somegroupmailbox@otherdomain.com >> >> Thanks, >> >> Steve >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian >> Field >> Sent: Thursday, September 13, 2007 4:57 PM >> To: MailScanner discussion >> Subject: Re: ArchiveMail Exclusions >> >> Stephen, >> >> Stephen Conway wrote: >> >> >>> Hello: >>> >>> I have the requirement to archive mail for some senders to a certain >>> >>> >> address >> >> >>> but not if certain senders are matched, I have put the following but it >>> still always archives, any way to configure this? >>> >>> From: *@dontcopydomain.com and To: @domaintobecopied.com >>> no >>> >>> >>> >> That will attempt to archive the mail to a directory called "no" which >> isn't what you meant. To archive nothing, you just leave it blank, so >> this is what you meant: >> From: dontcopydomain.com and to: domaintobecopied.com >> >> >>> From: *@* and To: @domaintobecopied.com >>> usertobecopied@otherdomain.com >>> >>> >>> >> That (the second line) is the same as saying >> To: domaintobecopied.com usertobecopied@otherdomain.com >> >> >>> This type of logic works well for the Max Message size rules, to have >>> > size > >>> restrictions for certain domains than others, but for this ruleset file >>> which is type (AllMatch) as per docs, it doesn't use same logic. >>> >>> >>> >> Correct, as it's an "AllMatch". This means that it will archive to all >> of the places and addresses specified by all the matching rules. That >> seemed a sensible thing to do at the time, and I still believe is what >> most people will want. >> >> If you want to make it a FirstMatch, edit >> /usr/lib/MailScanner/MailScanner/ConfigDefs.pl and move this line: >> ArchiveMail >> from the [All,Other] section to the [First,Other] section. >> Then restart MailScanner, and you will have changed the logic it uses. >> Dead easy. >> Remember to re-apply the change when you next upgrade MailScanner, as >> changes you make to that file will be lost during the upgrade process. >> >> Jules >> >> >> > > Jules > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- ShipMail Now 30% Faster From MailScanner at ecs.soton.ac.uk Tue Sep 18 20:01:41 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 18 20:01:56 2007 Subject: ArchiveMail Exclusions In-Reply-To: <1bb901c7fa22$e2149420$a63dbc60$@com> References: <0ab401c7f642$7c334e00$7499ea00$@com> <46E9A42E.8090206@ecs.soton.ac.uk> <10cf01c7f70c$c7bd2b00$57378100$@com> <46EBE421.1070400@ecs.soton.ac.uk> <18a501c7f93f$ef6d1db0$ce475910$@com> <46EEB161.4040105@ecs.soton.ac.uk> <1bb901c7fa22$e2149420$a63dbc60$@com> Message-ID: <46F02095.6040705@ecs.soton.ac.uk> You need to implement your ruleset as part of your Custom Function. Which means you'll need to find out how to add forwardeduser@domain.com to the list of message recipients. Take a look at the top of Message.pm and you'll see the message object properties list. There should be one there called "extrarecipients", which you should be able to add to. Also, read the function "HandleHamAndSpam" and you'll see how the spam actions are implemented. You need to copy bits of that functionality into your Custom Function. Hope that's enough to get you started. You can use a ruleset from inside a Custom Function, I worked out how to do that. But doing it the other way around is not so simple. Good luck! Jules. Stephen Conway wrote: > Hello: > > Ok, I am trying now to do what I need but with Non-Spam-Actions. I have the > forwarding working but there is one problem. We already have a custom > function called "FleetActions" which is our default action for non-SPAM. If > I specify this function as the action for Non-Spam in the MailScanner.conf > as follows: > > Non Spam Actions = &FleetActions > > Then all works as it should, our custom function in CustomConfig.pm gets > called. But, if I try to put it instead to a ruleset file as: > > Non Spam Actions = /opt/MailScanner/etc/rules/message.nonspam.rules > > Which is: > > From: *@domain.com and To: someuser@otherdomain.com > fowardeduser@domain.com > FromOrTo: default &FleetActions > > The messages that should be forwarded are working perfectly, the problem is > that our custom function now doesn't get called and an error goes in log as > follows: > > " Message l8IIKrLi013637 produced illegal Non-Spam Action "&fleetactions", > so message is being delivered" > > So I guess the question is, is there a way inside a ruleset file for Non > Spam Actions to specify a custom function found in CustomConfig.pm? > > Thanks, > > Steve > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Monday, September 17, 2007 12:55 PM > To: MailScanner discussion > Subject: Re: ArchiveMail Exclusions > > > > Stephen Conway wrote: > >> Hello Julien: >> >> Yes, sorry I think I wasn't clear what I was asking. I know that if you >> enter as an action here an e-mail address that messages will go to that >> e-mail. But as I have seen, this sends a 'copy' of the message to the >> address (meaning that a copy still goes to the original recipient). Is >> there a way for example, putting a ! in front of the address, where the >> message is actually forwarded (not copy) to the other address? >> >> > Do that with non-spam actions, spam actions and high-scoring spam actions. > >> Also, I have another item as well. I have blacklist file, and it seems >> > that > >> if MailScanner sees another 'X-Spam: No' flag in the message, that it will >> not block the message even if on the black list. Any way to bypass this, >> > to > >> make MailScanner scan for Spam even if the message has been scanned by >> another Relay server before? >> >> > That's not happening. MailScanner doesn't rely on *anything* in the > headers to control scanning, as everything in the headers can be forged > by a spammer or virus writer. > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian >> Field >> Sent: Saturday, September 15, 2007 9:55 AM >> To: MailScanner discussion >> Subject: Re: ArchiveMail Exclusions >> >> As it says right at the top of the comment about Archive Mail =, you can >> include >> >> # Space-separated list of any combination of >> # 1. email addresses to which mail should be forwarded, >> # 2. directory names where you want mail to be stored, >> # 3. file names (they must already exist!) to which mail will be appended >> # in "mbox" format suitable for most Unix mail systems. >> >> Stephen Conway wrote: >> >> >>> Hello Julien: >>> >>> Thanks very much for that. Seems to work OK. >>> >>> One other question, is there a way using ArchiveMail to forward messages >>> instead of just make an archive? >>> >>> Ex: >>> >>> To: *@domain.com !somegroupmailbox@otherdomain.com >>> >>> Thanks, >>> >>> Steve >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian >>> Field >>> Sent: Thursday, September 13, 2007 4:57 PM >>> To: MailScanner discussion >>> Subject: Re: ArchiveMail Exclusions >>> >>> Stephen, >>> >>> Stephen Conway wrote: >>> >>> >>> >>>> Hello: >>>> >>>> I have the requirement to archive mail for some senders to a certain >>>> >>>> >>>> >>> address >>> >>> >>> >>>> but not if certain senders are matched, I have put the following but it >>>> still always archives, any way to configure this? >>>> >>>> From: *@dontcopydomain.com and To: @domaintobecopied.com >>>> no >>>> >>>> >>>> >>>> >>> That will attempt to archive the mail to a directory called "no" which >>> isn't what you meant. To archive nothing, you just leave it blank, so >>> this is what you meant: >>> From: dontcopydomain.com and to: domaintobecopied.com >>> >>> >>> >>>> From: *@* and To: @domaintobecopied.com >>>> usertobecopied@otherdomain.com >>>> >>>> >>>> >>>> >>> That (the second line) is the same as saying >>> To: domaintobecopied.com usertobecopied@otherdomain.com >>> >>> >>> >>>> This type of logic works well for the Max Message size rules, to have >>>> >>>> >> size >> >> >>>> restrictions for certain domains than others, but for this ruleset file >>>> which is type (AllMatch) as per docs, it doesn't use same logic. >>>> >>>> >>>> >>>> >>> Correct, as it's an "AllMatch". This means that it will archive to all >>> of the places and addresses specified by all the matching rules. That >>> seemed a sensible thing to do at the time, and I still believe is what >>> most people will want. >>> >>> If you want to make it a FirstMatch, edit >>> /usr/lib/MailScanner/MailScanner/ConfigDefs.pl and move this line: >>> ArchiveMail >>> from the [All,Other] section to the [First,Other] section. >>> Then restart MailScanner, and you will have changed the logic it uses. >>> Dead easy. >>> Remember to re-apply the change when you next upgrade MailScanner, as >>> changes you make to that file will be lost during the upgrade process. >>> >>> Jules >>> >>> >>> >>> >> Jules >> >> >> > > Jules > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From bbecken at aafp.org Tue Sep 18 21:01:29 2007 From: bbecken at aafp.org (Brad Beckenhauer) Date: Tue Sep 18 21:02:38 2007 Subject: OT: Rbldnsd and Spamhaus setup References: <46EFB5F5.D87E.0068.3@aafp.org> <46F0125C.5010603@ecs.soton.ac.uk> Message-ID: <46EFE849.D87E.0068.3@aafp.org> Thanks Julian, That did the trick. I like how you set the XBL, PBL,SBL and ZEN and then used them to startup rbldnsd. Centos 5.0 has rbldnsd running as chroot, so I had to add adjust for running in chroot. Here's the /etc/sysconfig/rbldnsd config file for Centos 5.0/rbldnsd running in chroot. RBLDNSD="dnsbl -u nobody -r /usr/local/dnsbl \ -b 127.0.0.6 -f -w rbldnsd -s rbldnsd.log \ sbl.spamhaus.org:ip4set:sbl \ pbl.spamhaus.org:ip4trie:pbl \ xbl.spamhaus.org:ip4tset:xbl \ zen.spamhaus.org:ip4set:sbl \ zen.spamhaus.org:ip4trie:pbl \ zen.spamhaus.org:ip4tset:xbl " service rbldnsd start Don't forget to watch the log file size. thanks again, Brad >>> On 9/18/2007 at 1:01 PM, in message <46F0125C.5010603@ecs.soton.ac.uk>, Julian Field wrote: > It's dead easy to set it up so they use the real domain names instead of > your "dnsbl" zone, so you can leave all the SpamAssassin configuration > alone. All you need is this: > > I start rbldnsd like this: > > XBL="xbl.spamhaus.org:ip4tset:xbl" > PBL="pbl.spamhaus.org:ip4trie:pbl" > SBL="sbl.spamhaus.org:ip4set:sbl" > ZEN="zen.spamhaus.org:ip4set:sbl zen.spamhaus.org:ip4trie:pbl > zen.spamhaus.org:ip4tset:xbl" > WORKDIR="/var/lib/rbldns" > BIND="127.0.0.6/53" > /usr/local/sbin/rbldnsd -s /var/adm/rbldnsd.log -w $WORKDIR -b $BIND -4 > -f $XBL $PBL $SBL $ZEN > > /var/lib/rbldns has ownership and permissions "drwxr-xr-x root other". > > In my named.conf for BIND I have this: > zone "sbl.spamhaus.org" { > type forward; > forward only; > forwarders { 127.0.0.6 port 53; }; > }; > zone "pbl.spamhaus.org" { > type forward; > forward only; > forwarders { 127.0.0.6 port 53; }; > }; > zone "xbl.spamhaus.org" { > type forward; > forward only; > forwarders { 127.0.0.6 port 53; }; > }; > zone "zen.spamhaus.org" { > type forward; > forward only; > forwarders { 127.0.0.6 port 53; }; > }; > > That's it. > > No changes required to any of your software, as this is using the > original DNS zone names, just overloading them with local copies. > > Why the spamhaus docs don't just tell you to do this, rather than > setting up new zones and having to change all your software, I don't > know. It's dead easy. > > You can tell that rbldnsd is being called by looking in > /var/adm/rbldnsd.log > > That will show you each zone and how many queries are being sent to > rbldnsd for each of its zones. It writes 1 line per minute to the file. > As an example, here's the last line of the file: > (For clarity, I have put each "word" on a separate line) > > 1190138032 > xbl.spamhaus.org:0:0:0:0:0 > pbl.spamhaus.org:0:0:0:0:0 > sbl.spamhaus.org:4295248:61703:4233545:252105889:446227926 > zen.spamhaus.org:1903334:1216504:686830:112123108:155815602 > *:6198582:1278207:4920375:364228997:602043528 > > So xbl and pbl are getting no hits (which is as expected), and sbl and > zen are getting lots of hits (also as expected). Zen is used by my > MailScanner setup, and sbl is used by SpamAssassin. > > I don't have to change any of my MailScanner or SpamAssassin > configuration at all, making maintenance a heck of a lot easier. > > > > Brad Beckenhauer wrote: >> I'm configuring my servers to use Spamhaus datafeed service and I'm not >> convinced that MailScanner is using Rbldnsd as I still see queries to >> zen.spamhaus.org in the data queries log file. >> >> I though perhaps the queries might have been from spamassassin, so I set >> "skip_rbl_checks 1" in the mailscanner.cf and restarted MailScanner. I >> still had DNS queries appearing in the bind log file. >> >> I need another set of eyes to look at this config and tell me what I'm >> missing. >> >> Running: Centos 5.0, MailScanner v4.62.9 >> >> /etc/sysconfig/rbldnsd: >> # the first line tells rbldnsd to >> # chroot (-r) to /usr/local/dnsbl, and >> # then bind (-b) to 127.0.0.6 and >> # then (-f) fork child during reloads and >> # then (-w) specify the working directory where rbldnsd will find its >> files, >> RBLDNSD="dnsbl -r /usr/local/dnsbl -b 127.0.0.6 -f -w rbldnsd \ >> sbl.dnsbl:ip4set:sbl \ >> pbl.dnsbl:ip4trie:pbl \ >> xbl.dnsbl:ip4tset:xbl \ >> zen.dnsbl:ip4set:sbl \ >> zen.dnsbl:ip4trie:pbl \ >> zen.dnsbl:ip4tset:xbl >> " >> # eof >> >> >> /etc/named.conf: >> zone "dnsbl" IN { >> type forward; >> forward only; >> forwarders { 127.0.0.6; }; >> }; >> >> >> /etc/MailScanner/spam.lists.conf: >> spamhaus-ZEN-local dnsbl. <=== trailing period >> >> >> /etc/MailScanner/MailScanner.conf: >> Spam List = spamhaus-ZEN-local >> >> service rbldnsd restart >> MailScanner --lint > show ok >> service MailScanner restart >> >> >> thanks >> Brad >> >> >> >> >> > > Jules From mikael at syska.dk Tue Sep 18 22:52:42 2007 From: mikael at syska.dk (Mikael Syska) Date: Tue Sep 18 22:51:08 2007 Subject: Mailscanner + postfix Mail loss In-Reply-To: <46EFC851.6020208@ecs.soton.ac.uk> References: <1190108260.7279.79.camel@localhost.localdomain> <46EFC851.6020208@ecs.soton.ac.uk> Message-ID: <46F048AA.6030308@syska.dk> Hi, Thats also the best answer here .... What system(OS) are you running ? I also just saw in MailWatch after upgrading to 4.62.9 from FreeBSD ports that MailScanner now marks the "Non delivery failure" as spam ... witch I guess is a new function in that release .... so its worth upgrading. Spam Report:spam(no null-header or sender address) // ouT Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I would certainly start by upgrading MailScanner to the latest. This > will only take a few minutes to do. > > ram wrote: > >> I am using mailscanner-4.59.4-2 and postfix 2.3.4 >> I have seen that at random some mails get lost. >> >> I can see from the logs , mails go to the queue and then disappear >> without trace. This happens so infrequently and so much at random that I >> dont know how to trace it down >> >> Is this happenning to anyone else ? >> >> Should I just upgarde MailScanner ? >> >> Thanks >> Ram >> >> >> >> > > Jules > > - -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.3 (Build 3017) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFG78hREfZZRxQVtlQRAlACAJ9I+Nxk+C1IqbV7EYu4j8NOowfTbACg0Jt0 > SRGyHWzP9KHdz06ELiv182k= > =7DmU > -----END PGP SIGNATURE----- > > From MailScanner at ecs.soton.ac.uk Tue Sep 18 22:59:34 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 18 23:00:47 2007 Subject: Mailscanner + postfix Mail loss In-Reply-To: <46F048AA.6030308@syska.dk> References: <1190108260.7279.79.camel@localhost.localdomain> <46EFC851.6020208@ecs.soton.ac.uk> <46F048AA.6030308@syska.dk> Message-ID: <46F04A46.6000409@ecs.soton.ac.uk> Mikael Syska wrote: > Hi, > > Thats also the best answer here .... > > What system(OS) are you running ? > > I also just saw in MailWatch after upgrading to 4.62.9 from FreeBSD > ports that MailScanner now marks the "Non delivery failure" as spam > ... witch I guess is a new function in that release .... so its worth > upgrading. > > Spam Report:spam(no null-header or sender address) This is from the Watermarking feature. You might want to leave that switched off to start with until you're happy with how it works. In the next version, I have changed that message to say "watermark" instead of "null-header" as that makes more sense to people. > > // ouT > > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I would certainly start by upgrading MailScanner to the latest. This >> will only take a few minutes to do. >> >> ram wrote: >> >>> I am using mailscanner-4.59.4-2 and postfix 2.3.4 I have seen that >>> at random some mails get lost. >>> I can see from the logs , mails go to the queue and then disappear >>> without trace. This happens so infrequently and so much at random >>> that I >>> dont know how to trace it down >>> Is this happenning to anyone else ? >>> Should I just upgarde MailScanner ? >>> Thanks >>> Ram >>> >>> >>> >> >> Jules >> >> - -- Julian Field MEng CITP >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.6.3 (Build 3017) >> Comment: (pgp-secured) >> Charset: ISO-8859-1 >> >> wj8DBQFG78hREfZZRxQVtlQRAlACAJ9I+Nxk+C1IqbV7EYu4j8NOowfTbACg0Jt0 >> SRGyHWzP9KHdz06ELiv182k= >> =7DmU >> -----END PGP SIGNATURE----- >> >> > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From mikael at syska.dk Wed Sep 19 01:09:21 2007 From: mikael at syska.dk (Mikael Syska) Date: Wed Sep 19 01:07:45 2007 Subject: Mailscanner + postfix Mail loss In-Reply-To: <46F04A46.6000409@ecs.soton.ac.uk> References: <1190108260.7279.79.camel@localhost.localdomain> <46EFC851.6020208@ecs.soton.ac.uk> <46F048AA.6030308@syska.dk> <46F04A46.6000409@ecs.soton.ac.uk> Message-ID: <46F068B1.1060509@syska.dk> Hi, Julian Field wrote: > > > Mikael Syska wrote: >> Hi, >> >> Thats also the best answer here .... >> >> What system(OS) are you running ? >> >> I also just saw in MailWatch after upgrading to 4.62.9 from FreeBSD >> ports that MailScanner now marks the "Non delivery failure" as spam >> ... witch I guess is a new function in that release .... so its worth >> upgrading. >> >> Spam Report:spam(no null-header or sender address) > This is from the Watermarking feature. You might want to leave that > switched off to start with until you're happy with how it works. > > In the next version, I have changed that message to say "watermark" > instead of "null-header" as that makes more sense to people. Switched off ... then it would not catch all that spam I guess .... how would I then know if it really works ? btw ... we dont send though our MailScaner server .... so I guess I will turn watermaking off, as having this turned dont seem like a very good idea :-P as I just read though the docs ..... We have received 665000 mails .... whereas 10% of them are with no FROM address ( it also includes legit mails ) ..... so ... maybe just take all of them or .... I ******* **** thoose mails ... grrrrr > [snip] > Mikael Syska From t.d.lee at durham.ac.uk Wed Sep 19 08:54:20 2007 From: t.d.lee at durham.ac.uk (David Lee) Date: Wed Sep 19 08:54:46 2007 Subject: MS startup times In-Reply-To: <8D2EFA3D9FD29C45BCEC3B532F0E230841359FDCD7@RDPEXCH2.Eu.Emory.Edu> References: <8D2EFA3D9FD29C45BCEC3B532F0E230841359FDCD7@RDPEXCH2.Eu.Emory.Edu> Message-ID: On Tue, 18 Sep 2007, Gottschalk, David wrote: > What virus scanner are you running? > > A older version of ClamAV is known to have long startup times reading > signature files. Thanks for your reply. I am, indeed, running a somewhat outdated version of ClamAV. (Aside: local peculiarities are making upgrade awkward either by RPM or Julian's package at present.) A quick Google (clamav startup time) confirms the issue. Thanks for the pointer. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From jen at ah.dk Wed Sep 19 09:03:07 2007 From: jen at ah.dk (Jan Elmqvist Nielsen) Date: Wed Sep 19 09:03:45 2007 Subject: SV: Performance between SpamAssassin 3.2.1 and 3.2.2 and 3.2.3 In-Reply-To: References: <46C33DFC.8000101@sendit.nodak.edu> <8F2A53954C22554EB75D9643FCCE0C6B0472D477@MED-CORE03-MS1.med.wayne.edu> <8F2A53954C22554EB75D9643FCCE0C6B0472D498@MED-CORE03-MS1.med.wayne.edu> <223f97700708171351p3610ab37kba693ddc31ccb2c3@mail.gmail.com> Message-ID: <6FEBCA03F26F344484341AC71B6669D133F9FED1@nhsmail01.nhs.local> I have writing a small script that display scanning time taken from the maillog My system is running about 8,5 sec after the patch. Before the patch it was over 30 sec. /Jan Elmqvist Nielsen -----Oprindelig meddelelse----- Fra: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] P? vegne af Mike Masse Sendt: 18. september 2007 18:58 Til: mailscanner@lists.mailscanner.info Emne: Re: Performance between SpamAssassin 3.2.1 and 3.2.2 and 3.2.3 Just wondering if anything new has come out about this issue. I've got 3.2.3 running, have applied the 5589 bug patch, disabled ASN and URIDNSBL like others have mentioned and it's still horribly slow around 1k/second. I have an identical system running 3.1.8 and it's about 10 times faster. I've tried looking at the debug output of spamassassin to see where the delay is actually occuring, but I'm not sure what to look for exactly. Mike Glenn Steen wrote: > On 17/08/07, Rose, Bobby wrote: >> Sorry I couldn't provide feedback yesterday because my research >> became skewed due to router issues at Michnet which is the backbone >> provider for all of the univs here in Michigan. >> >> It looks like 3.2.3 with the SA bug patch 5589 took care of the issues. >> After about 24k messages so far, my times and queue is normal. In >> fact, I've only see 6 Batches of 30s in my logs. Also the debug >> output of SA for the DNS timings are normal compare to what I was >> seeing with 3.2.3 without the patch. >> >> Bobby Rose > > Thanks Bobby, very good to know. > > Cheers -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: scanningtime.zip Type: application/x-zip-compressed Size: 459 bytes Desc: scanningtime.zip Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070919/c8a1788c/scanningtime.bin From t.d.lee at durham.ac.uk Wed Sep 19 09:09:52 2007 From: t.d.lee at durham.ac.uk (David Lee) Date: Wed Sep 19 09:10:11 2007 Subject: MailScanner.conf and spam.assassin.prefs.conf consistency In-Reply-To: <46F013AF.1050205@ecs.soton.ac.uk> References: <46F013AF.1050205@ecs.soton.ac.uk> Message-ID: On Tue, 18 Sep 2007, Julian Field wrote: > David Lee wrote: > [...] > > I realise that SA needs to see the fully expanded form (thus different at > > every "org"), but could the sys.admin's version (default common across all > > "org"s) read "X-%org-name%-...", which MS/SA/something expand up for SA? > > > > Just a thought. > > > The only thing I could do would be to parse the file and generate a new > one, but this would need to be put in /etc/mail/spamassassin, and it's > rather a cardinal sin to overwrite anything in /etc, stuff like that > should be in /var. But I'm not sure how to tell SpamAssassin to add > somewhere under /var to the list of directories it reads for admin-level > settings. Thanks for the reply. [ Reminder: What I'm thinking of is along the lines of the MS package delivering a master, default "source" file containing "X-%org-name%..." then some procedure generating and maintaining the SA "production" file with those "%...%" variables expanded. ] There is decent precedent for source and production variants both to be alongside each other under "/etc"; namely sendmail's "aliases" and "aliases.db" (and other similar ".db" derivative files). The maintenance procedure might then be something (for instance) in MS's periodic reload machinery. More "blue sky" (day-dreaming): Might there be other MS/SA-related files that could benefit from such a "%...%" expansion mechanism? -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From alfrag at econ.soc.uoc.gr Wed Sep 19 09:24:10 2007 From: alfrag at econ.soc.uoc.gr (Alexandros G. Fragkiadakis) Date: Wed Sep 19 09:24:24 2007 Subject: Bad filename detected Message-ID: <46F0DCAA.2040309@econ.soc.uoc.gr> Hi all, Mailscanner gives me the following warnings: The following e-mails were found to have: Bad Filename Detected Sender: xxxxxx@xxx.xxx.xxx.xx IP Address: xxx.xxx.xxx.xxx Recipient: xxxx@xx.xx Subject: Re: xxx MessageID: 9691B2BB95.039CD Quarantine: /var/spool/MailScanner/quarantine/20070919/9691B2BB95.039CD Report: MailScanner: No programs allowed (msg-5333-73.txt) The user didn't send any attachments. I cannot understand why mailscanner has problem with this email. Any help? Regards, Alexandros -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Wed Sep 19 09:26:21 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Sep 19 09:26:24 2007 Subject: MailScanner.conf and spam.assassin.prefs.conf consistency In-Reply-To: <46F018C7.8090901@ecs.soton.ac.uk> References: <46F013AF.1050205@ecs.soton.ac.uk> <625385e30709181119rac45e0g567bad894da231b5@mail.gmail.com> <46F018C7.8090901@ecs.soton.ac.uk> Message-ID: <625385e30709190126w5678a631y75fa9fa962b7ca23@mail.gmail.com> On 9/18/07, Julian Field wrote: > shuttlebox wrote: > > Could you add checks for the other lines usually containing %org-name% > > too? Isn't it just the lines about headers for SA to ignore? If they > > could be linted as well as the envelope_sender I think that would be > > more than enough. > > > Sure. What other lines should I be checking? It should be only these four: bayes_ignore_header X-YOURDOMAIN-COM-MailScanner bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamCheck bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamScore bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-Information They could be checked against: Mail Header = X-%org-name%-MailScanner: Spam Header = X-%org-name%-MailScanner-SpamCheck: Spam Score Header = X-%org-name%-MailScanner-SpamScore: Information Header = X-%org-name%-MailScanner-Information: ...in the same way envelope_sender_header X-MailScanner-From is checked against: Envelope From Header = X-%org-name%-MailScanner-From: -- /peter From martinh at solidstatelogic.com Wed Sep 19 09:35:56 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Sep 19 09:36:00 2007 Subject: MailScanner.conf and spam.assassin.prefs.conf consistency In-Reply-To: <625385e30709190126w5678a631y75fa9fa962b7ca23@mail.gmail.com> Message-ID: <814b3e27f6e516458e71ee1945a1454c@solidstatelogic.com> Doesn't the install.sh script complain about all this anyway?? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of shuttlebox > Sent: 19 September 2007 09:26 > To: MailScanner discussion > Subject: Re: MailScanner.conf and spam.assassin.prefs.conf consistency > > On 9/18/07, Julian Field wrote: > > shuttlebox wrote: > > > Could you add checks for the other lines usually containing %org-name% > > > too? Isn't it just the lines about headers for SA to ignore? If they > > > could be linted as well as the envelope_sender I think that would be > > > more than enough. > > > > > Sure. What other lines should I be checking? > > It should be only these four: > > bayes_ignore_header X-YOURDOMAIN-COM-MailScanner > bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamCheck > bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamScore > bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-Information > > They could be checked against: > > Mail Header = X-%org-name%-MailScanner: > Spam Header = X-%org-name%-MailScanner-SpamCheck: > Spam Score Header = X-%org-name%-MailScanner-SpamScore: > Information Header = X-%org-name%-MailScanner-Information: > > ...in the same way envelope_sender_header X-MailScanner-From is checked > against: > > Envelope From Header = X-%org-name%-MailScanner-From: > > -- > /peter > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From shuttlebox at gmail.com Wed Sep 19 09:42:24 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Sep 19 09:42:26 2007 Subject: MailScanner.conf and spam.assassin.prefs.conf consistency In-Reply-To: <814b3e27f6e516458e71ee1945a1454c@solidstatelogic.com> References: <625385e30709190126w5678a631y75fa9fa962b7ca23@mail.gmail.com> <814b3e27f6e516458e71ee1945a1454c@solidstatelogic.com> Message-ID: <625385e30709190142n234bd228sea428dfcb6e43027@mail.gmail.com> On 9/19/07, Martin.Hepworth wrote: > Doesn't the install.sh script complain about all this anyway?? I'm not sure but many of us use something else than the install.sh script to install MailScanner. -- /peter From list-mailscanner at linguaphone.com Wed Sep 19 09:43:37 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Sep 19 09:43:52 2007 Subject: Any rule for this type of spam Message-ID: <1190191417.31038.1.camel@gblades-suse.linguaphone-intranet.co.uk> Does anyone have a rule or a suggestion for this type of spam email. Its the only one which occasionally makes it past our spam checks. -------------- next part -------------- An embedded message was scrubbed... From: "Elisabeth Isaac" Subject: +.).:[ +.-(:[[()+ +.*)+.) Date: Tue, 18 Sep 2007 15:15:00 -0600 Size: 57551 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070919/d125779b/attachment.mht From prandal at herefordshire.gov.uk Wed Sep 19 09:46:00 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Sep 19 09:46:06 2007 Subject: Performance between SpamAssassin 3.2.1 and 3.2.2 and 3.2.3 In-Reply-To: <6FEBCA03F26F344484341AC71B6669D133F9FED1@nhsmail01.nhs.local> References: <46C33DFC.8000101@sendit.nodak.edu><8F2A53954C22554EB75D9643FCCE0C6B0472D477@MED-CORE03-MS1.med.wayne.edu><8F2A53954C22554EB75D9643FCCE0C6B0472D498@MED-CORE03-MS1.med.wayne.edu><223f97700708171351p3610ab37kba693ddc31ccb2c3@mail.gmail.com> <6FEBCA03F26F344484341AC71B6669D133F9FED1@nhsmail01.nhs.local> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA01A0CE83@HC-MBX02.herefordshire.gov.uk> DNS timeouts were horribly broken in one or more of the SA 3.2.x series. SA 3.2.3 with the 5589 patch seems to do the right thing. And then you hit the incredible slowness of completewhois DNS lookups. I've disabled even trying to use them. in spam.assassin.prefs.conf I've put: score __RCVD_IN_WHOIS 0 score RCVD_IN_WHOIS_INVALID 0 score URIBL_COMPLETEWHOIS 0 That should help a lot. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Jan Elmqvist Nielsen > Sent: 19 September 2007 09:03 > To: 'MailScanner discussion' > Subject: SV: Performance between SpamAssassin 3.2.1 and 3.2.2 > and 3.2.3 > > > I have writing a small script that display scanning time > taken from the maillog > > My system is running about 8,5 sec after the patch. > Before the patch it was over 30 sec. > > /Jan Elmqvist Nielsen > > > -----Oprindelig meddelelse----- > Fra: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] P? vegne > af Mike Masse > Sendt: 18. september 2007 18:58 > Til: mailscanner@lists.mailscanner.info > Emne: Re: Performance between SpamAssassin 3.2.1 and 3.2.2 and 3.2.3 > > Just wondering if anything new has come out about this issue. > I've got > 3.2.3 running, have applied the 5589 bug patch, disabled ASN > and URIDNSBL like others have mentioned and it's still > horribly slow around > 1k/second. I have an identical system running 3.1.8 and > it's about 10 > times faster. I've tried looking at the debug output of > spamassassin to see where the delay is actually occuring, but > I'm not sure what to look for exactly. > > Mike > > Glenn Steen wrote: > > On 17/08/07, Rose, Bobby wrote: > >> Sorry I couldn't provide feedback yesterday because my research > >> became skewed due to router issues at Michnet which is the backbone > >> provider for all of the univs here in Michigan. > >> > >> It looks like 3.2.3 with the SA bug patch 5589 took care > of the issues. > >> After about 24k messages so far, my times and queue is normal. In > >> fact, I've only see 6 Batches of 30s in my logs. Also the debug > >> output of SA for the DNS timings are normal compare to what I was > >> seeing with 3.2.3 without the patch. > >> > >> Bobby Rose > > > > Thanks Bobby, very good to know. > > > > Cheers > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From list-mailscanner at linguaphone.com Wed Sep 19 09:46:53 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Sep 19 09:46:59 2007 Subject: Bad filename detected In-Reply-To: <46F0DCAA.2040309@econ.soc.uoc.gr> References: <46F0DCAA.2040309@econ.soc.uoc.gr> Message-ID: <1190191613.31038.5.camel@gblades-suse.linguaphone-intranet.co.uk> I am guessing that the attachment contains foreign text? The problem is caused by the 'file' command thinking it is an executable file. Executables dont have a common header so some foreight words at the start of the file can cause this problem. Yoy can remove the offending entries from the /usr/share/file/magic file. Search through the archives for more information on this. On Wed, 2007-09-19 at 09:24, Alexandros G. Fragkiadakis wrote: > Hi all, > > Mailscanner gives me the following warnings: > > The following e-mails were found to have: Bad Filename Detected > > Sender: xxxxxx@xxx.xxx.xxx.xx > > IP Address: xxx.xxx.xxx.xxx > Recipient: xxxx@xx.xx > Subject: Re: xxx > MessageID: 9691B2BB95.039CD > Quarantine: /var/spool/MailScanner/quarantine/20070919/9691B2BB95.039CD > Report: MailScanner: No programs allowed (msg-5333-73.txt) > > > The user didn't send any attachments. I cannot understand why > mailscanner has problem with this email. > > Any help? > > Regards, > > Alexandros > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. From martinh at solidstatelogic.com Wed Sep 19 09:48:08 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Sep 19 09:48:11 2007 Subject: Any rule for this type of spam In-Reply-To: <1190191417.31038.1.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <81a48e5b99204f41ae1f87db94956112@solidstatelogic.com> Gareth Put this on a web page/pastebin session with full headers and we can the see if any of us can trap it. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Gareth > Sent: 19 September 2007 09:44 > To: MailScanner discussion > Subject: Any rule for this type of spam > > Does anyone have a rule or a suggestion for this type of spam email. Its > the only one which occasionally makes it past our spam checks. ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From alfrag at econ.soc.uoc.gr Wed Sep 19 09:51:58 2007 From: alfrag at econ.soc.uoc.gr (Alexandros G. Fragkiadakis) Date: Wed Sep 19 09:52:08 2007 Subject: Bad filename detected In-Reply-To: <1190191613.31038.5.camel@gblades-suse.linguaphone-intranet.co.uk> References: <46F0DCAA.2040309@econ.soc.uoc.gr> <1190191613.31038.5.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <46F0E32E.4060800@econ.soc.uoc.gr> Gareth wrote: > I am guessing that the attachment contains foreign text? > The problem is caused by the 'file' command thinking it is an executable > file. Executables dont have a common header so some foreight words at > the start of the file can cause this problem. > Yoy can remove the offending entries from the /usr/share/file/magic > file. Search through the archives for more information on this. > > On Wed, 2007-09-19 at 09:24, Alexandros G. Fragkiadakis wrote: > >> Hi all, >> >> Mailscanner gives me the following warnings: >> >> The following e-mails were found to have: Bad Filename Detected >> >> Sender: xxxxxx@xxx.xxx.xxx.xx >> >> IP Address: xxx.xxx.xxx.xxx >> Recipient: xxxx@xx.xx >> Subject: Re: xxx >> MessageID: 9691B2BB95.039CD >> Quarantine: /var/spool/MailScanner/quarantine/20070919/9691B2BB95.039CD >> Report: MailScanner: No programs allowed (msg-5333-73.txt) >> >> >> The user didn't send any attachments. I cannot understand why >> mailscanner has problem with this email. >> >> Any help? >> >> Regards, >> >> Alexandros >> >> >> The user sends no attachments at all! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From list-mailscanner at linguaphone.com Wed Sep 19 09:56:34 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Sep 19 09:56:40 2007 Subject: Ideas for improved bayes learning Message-ID: <1190192194.31043.16.camel@gblades-suse.linguaphone-intranet.co.uk> Bayes normally autolearn a mail as being spam if the score is over 20. This is configurable. Many of us use RBLs on the MTA to reject known spam. I was thinking that it might be usefull to instead of rejecting the RBL mail, to accept it, train bayes using it and then discard it. However I believe that the RBL checks that spamassassin perform are on all the received lines and not just the IP address our mail servers received the mail from? If that is correct then I cannot simply assign a high score to the RBL checks and have mailscanner delete very high scoring mail. Ideally what I was thinking would for a couple of enhancements to Mailscanner :- 1) Add a new action of sa-learn-spam so the mail can be learnt. You can use a custom rule to fire this if a RBL matches so the mail is learnt and then deleted. 2) Incorporate MailScanners RBL feature (I assume this one only checks one received header) into the rules which can be used when writing a custom action. Its only an idea and not a request for the new feature. Personally MailScanner is working very well for us so at this time it is not worth allowing all the extra mail in just to improve the bayes effectivness. From simon at saq.co.uk Wed Sep 19 09:54:00 2007 From: simon at saq.co.uk (Simon Jones) Date: Wed Sep 19 10:04:19 2007 Subject: Config.pm error References: <46F00519.9000508@ecs.soton.ac.uk> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 18 September 2007 18:04 > To: MailScanner discussion > Subject: Re: Config.pm error > > That is because your MailScanner.conf refers to a custom function > called > &SQLSpamScores, and you haven't copied over the files from > /usr/lib/MailScanner/MailScanner/CustomFunctions. > > Simon Jones wrote: > > Hi, I've transferred config files from a working mailscanner box to a > > new machine to take up some load on the gateways but it doesn't > process > > the hold queue. A debug returns the following problem, anyone please > > point me down the right track? Thanks! > > > > In Debugging mode, not forking... > > max message size is '40k' > > Undefined subroutine &MailScanner::CustomConfig::SQLSpamScores called > at > > /usr/lib/MailScanner/MailScanner/Config.pm line 155 > > > > Simon J > > > > > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store Ahaaa! Of course, thanks Julian - fresh pair of eyes works every time :) From list-mailscanner at linguaphone.com Wed Sep 19 10:11:47 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Sep 19 10:11:57 2007 Subject: Any rule for this type of spam In-Reply-To: <81a48e5b99204f41ae1f87db94956112@solidstatelogic.com> References: <81a48e5b99204f41ae1f87db94956112@solidstatelogic.com> Message-ID: <1190193107.31037.18.camel@gblades-suse.linguaphone-intranet.co.uk> http://www.gbnetwork.co.uk/mailscanner/spam.txt On Wed, 2007-09-19 at 09:48, Martin.Hepworth wrote: > Gareth > > Put this on a web page/pastebin session with full headers and we can the see if any of us can trap it. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Gareth > > Sent: 19 September 2007 09:44 > > To: MailScanner discussion > > Subject: Any rule for this type of spam > > > > Does anyone have a rule or a suggestion for this type of spam email. Its > > the only one which occasionally makes it past our spam checks. > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** From list-mailscanner at linguaphone.com Wed Sep 19 10:15:29 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Sep 19 10:15:35 2007 Subject: Any rule for this type of spam In-Reply-To: <1190193107.31037.18.camel@gblades-suse.linguaphone-intranet.co.uk> References: <81a48e5b99204f41ae1f87db94956112@solidstatelogic.com> <1190193107.31037.18.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <1190193329.31037.20.camel@gblades-suse.linguaphone-intranet.co.uk> It appears as though sanesecurity is now detecting these. I wondered why I did not see my mail on the list ... :) On Wed, 2007-09-19 at 10:11, Gareth wrote: > http://www.gbnetwork.co.uk/mailscanner/spam.txt > > On Wed, 2007-09-19 at 09:48, Martin.Hepworth wrote: > > Gareth > > > > Put this on a web page/pastebin session with full headers and we can the see if any of us can trap it. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Gareth > > > Sent: 19 September 2007 09:44 > > > To: MailScanner discussion > > > Subject: Any rule for this type of spam > > > > > > Does anyone have a rule or a suggestion for this type of spam email. Its > > > the only one which occasionally makes it past our spam checks. > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are intended for the > > addressee only and may be confidential. If they come to you in error > > you must take no action based on them, nor must you copy or show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data corruption. We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales > > (Company No:5362730) > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > United Kingdom > > ********************************************************************** From glenn.steen at gmail.com Wed Sep 19 10:45:13 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Sep 19 10:45:14 2007 Subject: Bad filename detected In-Reply-To: <46F0E32E.4060800@econ.soc.uoc.gr> References: <46F0DCAA.2040309@econ.soc.uoc.gr> <1190191613.31038.5.camel@gblades-suse.linguaphone-intranet.co.uk> <46F0E32E.4060800@econ.soc.uoc.gr> Message-ID: <223f97700709190245n432d0f11xf6d1c04a1a6f5fd0@mail.gmail.com> On 19/09/2007, Alexandros G. Fragkiadakis wrote: > Gareth wrote: > > I am guessing that the attachment contains foreign text? > > The problem is caused by the 'file' command thinking it is an executable > > file. Executables dont have a common header so some foreight words at > > the start of the file can cause this problem. > > Yoy can remove the offending entries from the /usr/share/file/magic > > file. Search through the archives for more information on this. > > > > On Wed, 2007-09-19 at 09:24, Alexandros G. Fragkiadakis wrote: > > > >> Hi all, > >> > >> Mailscanner gives me the following warnings: > >> > >> The following e-mails were found to have: Bad Filename Detected > >> > >> Sender: xxxxxx@xxx.xxx.xxx.xx > >> > >> IP Address: xxx.xxx.xxx.xxx > >> Recipient: xxxx@xx.xx > >> Subject: Re: xxx > >> MessageID: 9691B2BB95.039CD > >> Quarantine: /var/spool/MailScanner/quarantine/20070919/9691B2BB95.039CD > >> Report: MailScanner: No programs allowed (msg-5333-73.txt) > >> > >> > >> The user didn't send any attachments. I cannot understand why > >> mailscanner has problem with this email. > >> > >> Any help? > >> > >> Regards, > >> > >> Alexandros > >> > >> > >> > > The user sends no attachments at all! > The "offending attachment" is likely the mails body text. if you look at the actual quarantined entry (in the filesystem), you can run the file command on the reported file ... just do: cd /var/spool/MailScanner/quarantine/20070919/9691B2BB95.039CD file msg-5333-73.txt ... and you'll see what the file command thinks about it. Likely it'll deem it something like "COM Executable (MS-DOS)", which is an over-optimistic one byte magic in some versions of file. Solutions? Hack you magic file, as already suggested (you need "compiler it" with "file -C" or somesuch ... look in the archives for the list.... all details are there:-), or update your file command to a version that isn't broken this particular way... or just disable the filetype checking (I wouldn't do that, it is effective...:-) by clearing out the File Command setting in /etc/MailScanner/MailScanner.conf ... Your choice where you go, what you do;). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Alistair.Carmichael at ntltravel.com Wed Sep 19 10:50:12 2007 From: Alistair.Carmichael at ntltravel.com (Alistair Carmichael) Date: Wed Sep 19 10:52:01 2007 Subject: Ideas for improved bayes learning In-Reply-To: <1190192194.31043.16.camel@gblades-suse.linguaphone-intranet.co.uk> References: <1190192194.31043.16.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <6EEC6D949794754FB8D83A4D87DF7168C95B2A@gh-redd-exch-01.redditch.ntltravel.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-> > > > bounces@lists.mailscanner.info] On Behalf Of Gareth > Sent: 19 September 2007 09:57 > To: MailScanner discussion > Subject: Ideas for improved bayes learning > > Bayes normally autolearn a mail as being spam if the score is over 20. > This is configurable. > Many of us use RBLs on the MTA to reject known spam. > > I was thinking that it might be usefull to instead of rejecting the RBL > mail, to accept it, train bayes using it and then discard it. > > However I believe that the RBL checks that spamassassin perform are on > all the received lines and not just the IP address our mail servers > received the mail from? > If that is correct then I cannot simply assign a high score to the RBL > checks and have mailscanner delete very high scoring mail. > > Ideally what I was thinking would for a couple of enhancements to > Mailscanner :- > > 1) Add a new action of sa-learn-spam so the mail can be learnt. You can > use a custom rule to fire this if a RBL matches so the mail is learnt > and then deleted. In theory this is a great idea however in practice you do find from time to time that mail servers which are on black lists are not just sending spam, for example a mis configured mail server acting as an open relay relaying both spam and ham, this would result in ham being fed into the spam bayes. > 2) Incorporate MailScanners RBL feature (I assume this one only checks > one received header) into the rules which can be used when writing a > custom action. > > Its only an idea and not a request for the new feature. Personally > MailScanner is working very well for us so at this time it is not worth > allowing all the extra mail in just to improve the bayes effectivness. I've set up a sort of custom block list on our own mailscanner servers in conjunction with mailwatch, a script runs every few minutes pulling all the client ips from maillog where the total number of highspam is the same as the total number of messages, I.e senders who have only sent high scoring spam and dump these into a second sql table. Then as I'm using the postfix-mysql MTA in smtpd_client_restrictions I have a check which queries this table, if the client is in here then they are rejected at the MTA level, feel free to mail me off list and I'll be happy to share my scripts and help that does this. You may be able to integrate bits of this with improving the auto learn (so high spam from a sender that has only sent high spam gets fed) -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. From iad.scoot at gmail.com Wed Sep 19 12:50:06 2007 From: iad.scoot at gmail.com (Iad Scoot) Date: Wed Sep 19 12:50:14 2007 Subject: mail w/ 2 extension In-Reply-To: <625385e30709180940k7fd5a0cfxe91f5aca3b99995@mail.gmail.com> References: <88bd43930709180819p79fffb0eqccf5346b0dbaf708@mail.gmail.com> <625385e30709180940k7fd5a0cfxe91f5aca3b99995@mail.gmail.com> Message-ID: <88bd43930709190450j5e9677c7o8860e1d0944fbffa@mail.gmail.com> Duh...why didn't I think of that?? Thanks....any thoughts on how to do fewer "allow" lines - maybe via regex or similar? For example, text files, image files, etc could both have the same ".yyy" extension but obviously different ".xxx" extensions. Thanks again, - Iad On 9/18/07, shuttlebox wrote: > > On 9/18/07, Iad Scoot wrote: > > Is there a way to exempt certain filetypes that are in this format - for > > example, say something that would see the filename structure > > "filename.txt.rmh" (regex might be ideal here for different file types) > and > > allow it to pass? I do not want to simply rely on domain-level > exemptions if > > possible as that (to me) would open a big hole in the protection. > > Just put allow-lines (e.g. allow filename.txt.rmh - -) above the > double extension line in the filename.rules.conf-file. Or disable the > double extension rule if you don't like it. > > -- > /peter > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070919/d0545a2e/attachment.html From steve.freegard at fsl.com Wed Sep 19 13:22:23 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Wed Sep 19 13:22:24 2007 Subject: Ideas for improved bayes learning In-Reply-To: <1190192194.31043.16.camel@gblades-suse.linguaphone-intranet.co.uk> References: <1190192194.31043.16.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <46F1147F.9090503@fsl.com> Hi Gareth, Gareth wrote: > Bayes normally autolearn a mail as being spam if the score is over 20. > This is configurable. > Many of us use RBLs on the MTA to reject known spam. > > I was thinking that it might be usefull to instead of rejecting the RBL > mail, to accept it, train bayes using it and then discard it. I had this idea too a while back. I discarded it for the following reasons: 1) Accepting mail that would be rejected at the MTA level is not practical for anything but low volume sites as the ratio of good mail to that of mail rejected due to blacklists is usually at least >5:1 (and that is the low end). 2) With bayes - it is desirable to balance the amount of mail learnt with even number of spam and ham tokens. Based on point 1 above - if you learn *all* mail for client on an RBL then you'll end up with way more spam tokens than ham tokens. 3) Training bayes is CPU intensive, this goes back to point 1. I don't have the numbers, but I think it would be more efficient to learn this in batch instead of individual messages. Doing this in MailScanner would cause the children to get held up doing the training instead of processing mail. > However I believe that the RBL checks that spamassassin perform are on > all the received lines and not just the IP address our mail servers > received the mail from? > If that is correct then I cannot simply assign a high score to the RBL > checks and have mailscanner delete very high scoring mail. Yes, this correct; SA works out which Received headers are trusted and which are untrusted, then tests them accordingly. I don't see any reason why you couldn't just score them high if you wanted though. > > Ideally what I was thinking would for a couple of enhancements to > Mailscanner :- > > 1) Add a new action of sa-learn-spam so the mail can be learnt. You can > use a custom rule to fire this if a RBL matches so the mail is learnt > and then deleted. > > 2) Incorporate MailScanners RBL feature (I assume this one only checks > one received header) into the rules which can be used when writing a > custom action. > > Its only an idea and not a request for the new feature. Personally > MailScanner is working very well for us so at this time it is not worth > allowing all the extra mail in just to improve the bayes effectivness. The only way I could come up with doing this effectively was to check the bayes statistics (this shows the ham and spam token counts) each day and checking to see if the spam token count is less than the ham count, then training bayes on n messages to make up the difference. It would be wildly inefficient to just let everything in from the MTA just to do this. You almost want to be able to tell MTA to send you a certain number of RBL messages per-hour and redirect them to a special mailbox (bypassing MailScanner) for training, but I wouldn't know how to attempt that in Sendmail or Postfix (I think Exim could do this with a few tricks I expect). Based on all of the above - I think the most efficient way to handle bayes is via mistake based training. Train it on any messages that it get classifies incorrectly and it will do the right thing in time. Cheers, Steve. From Denis.Beauchemin at USherbrooke.ca Wed Sep 19 13:17:45 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Sep 19 13:26:18 2007 Subject: Sanesecurity database corrupt! Message-ID: <46F11369.4090007@USherbrooke.ca> Hello all, This morning my 5 MS servers were not processing any email because the following file was corrupt: /usr/local/share/clamav/phish.ndb I tried to fetch a new one and it was still corrupt so I removed it from my servers and MS was happy again. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From stork at openenterprise.ca Wed Sep 19 13:33:22 2007 From: stork at openenterprise.ca (Johnny Stork) Date: Wed Sep 19 13:34:15 2007 Subject: Suggestions for Moving Mailscanner Message-ID: <46F11712.4040009@openenterprise.ca> My gateway server (running MS/MW on Sendmail and RHEL4), was recently hacked and so I plan to rebuild with CentOS 5x. Can someone suggest a method for moving my entire MS setup? I am guessing something along the lines of 1: Install the MS/Clam/SA packages on new system. 2: Export/import Mysql database 3: Copy over old mailscanner.conf files (and other files? -- *Johnny Stork* Business & Technology Consultant stork@openenterprise.ca -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070919/2a063411/attachment.html From shuttlebox at gmail.com Wed Sep 19 14:01:55 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Sep 19 14:01:58 2007 Subject: mail w/ 2 extension In-Reply-To: <88bd43930709190450j5e9677c7o8860e1d0944fbffa@mail.gmail.com> References: <88bd43930709180819p79fffb0eqccf5346b0dbaf708@mail.gmail.com> <625385e30709180940k7fd5a0cfxe91f5aca3b99995@mail.gmail.com> <88bd43930709190450j5e9677c7o8860e1d0944fbffa@mail.gmail.com> Message-ID: <625385e30709190601m6764f405m96bd78f5224921e1@mail.gmail.com> On 9/19/07, Iad Scoot wrote: > Duh...why didn't I think of that?? > > Thanks....any thoughts on how to do fewer "allow" lines - maybe via regex or > similar? For example, text files, image files, etc could both have the same > ".yyy" extension but obviously different ".xxx" extensions. Maybe something like: accept \.(xls|pdf|doc|zip)\.yyy$ - - -- /peter From list-mailscanner at linguaphone.com Wed Sep 19 14:04:39 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Sep 19 14:04:52 2007 Subject: Sanesecurity database corrupt! In-Reply-To: <46F11369.4090007@USherbrooke.ca> References: <46F11369.4090007@USherbrooke.ca> Message-ID: <1190207079.31044.40.camel@gblades-suse.linguaphone-intranet.co.uk> I have had this a couple of times this morning but the download script I use checks to see if the files are valid before attempting to use them :- gunzip: /var/tmp/clamdb/phish.ndb.gz: invalid compressed data--crc error gunzip: /var/tmp/clamdb/phish.ndb.gz: invalid compressed data--length error LibClamAV Error: Problem parsing database at line 5192 LibClamAV Error: Can't load /var/tmp/clamdb/phish.ndb: Malformed database ERROR: Malformed database ClamAV had a problem using /var/tmp/clamdb/phish.ndb! (error: 50) We will not move /var/tmp/clamdb/phish.ndb into the Database directory Renaming /var/tmp/clamdb/phish.ndb to /var/tmp/clamdb/phish.ndb.bad for you to check On Wed, 2007-09-19 at 13:17, Denis Beauchemin wrote: > Hello all, > > This morning my 5 MS servers were not processing any email because the > following file was corrupt: /usr/local/share/clamav/phish.ndb > > I tried to fetch a new one and it was still corrupt so I removed it from > my servers and MS was happy again. > > Denis > > -- > _ > ?v? Denis Beauchemin, analyste > /(_)\ Universit? de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From martinh at solidstatelogic.com Wed Sep 19 14:09:05 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Sep 19 14:09:09 2007 Subject: Any rule for this type of spam In-Reply-To: <1190191417.31038.1.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: Gareth Just got one here, here's now it scored for me.. X-Solid-State-Logic-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=9.27, required 5, BAYES_99 5.40, BOTNET_CLIENTWORDS 1.00, BOTNET_IPINHOSTNAME 1.00, DK_POLICY_SIGNSOME 0.00, HOST_MISMATCH_NET 0.31, RCVD_IN_BL_SPAMCOP_NET 1.56) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Gareth > Sent: 19 September 2007 09:44 > To: MailScanner discussion > Subject: Any rule for this type of spam > > Does anyone have a rule or a suggestion for this type of spam email. Its > the only one which occasionally makes it past our spam checks. ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From Denis.Beauchemin at USherbrooke.ca Wed Sep 19 14:18:04 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Sep 19 14:18:56 2007 Subject: Sanesecurity database corrupt! In-Reply-To: <1190207079.31044.40.camel@gblades-suse.linguaphone-intranet.co.uk> References: <46F11369.4090007@USherbrooke.ca> <1190207079.31044.40.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <46F1218C.5090700@USherbrooke.ca> Gareth a ?crit : > I have had this a couple of times this morning but the download script I > use checks to see if the files are valid before attempting to use them > :- > > > gunzip: /var/tmp/clamdb/phish.ndb.gz: invalid compressed data--crc error > > gunzip: /var/tmp/clamdb/phish.ndb.gz: invalid compressed data--length > error > LibClamAV Error: Problem parsing database at line 5192 > LibClamAV Error: Can't load /var/tmp/clamdb/phish.ndb: Malformed > database > ERROR: Malformed database > ClamAV had a problem using /var/tmp/clamdb/phish.ndb! (error: > 50) > We will not move /var/tmp/clamdb/phish.ndb into the Database > directory > Renaming /var/tmp/clamdb/phish.ndb to > /var/tmp/clamdb/phish.ndb.bad for you to check > > > > On Wed, 2007-09-19 at 13:17, Denis Beauchemin wrote: > >> Hello all, >> >> This morning my 5 MS servers were not processing any email because the >> following file was corrupt: /usr/local/share/clamav/phish.ndb >> >> I tried to fetch a new one and it was still corrupt so I removed it from >> my servers and MS was happy again. >> >> Gareth, Could you post your script please? Thanks! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From ram at netcore.co.in Wed Sep 19 14:22:43 2007 From: ram at netcore.co.in (ram) Date: Wed Sep 19 14:22:57 2007 Subject: Mailscanner + postfix Mail loss In-Reply-To: <46EFC851.6020208@ecs.soton.ac.uk> References: <1190108260.7279.79.camel@localhost.localdomain> <46EFC851.6020208@ecs.soton.ac.uk> Message-ID: <1190208163.19093.72.camel@localhost.localdomain> On Tue, 2007-09-18 at 13:45 +0100, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I would certainly start by upgrading MailScanner to the latest. This > will only take a few minutes to do. > I have done the upgrade but still today I say atleast one mail disappearing without trace Now I have MailScanner 4.63 ( latest-stable as of today) postfix-2.3.4 on Centos 4.4 ------------- grep 162A54747DD /var/log/maillog Sep 19 16:04:18 spam2 postfix/smtpd[22001]: 162A54747DD: client=unknown[210.212.203.3] Sep 19 16:04:24 spam2 postfix/cleanup[22875]: 162A54747DD: hold: header Received: from sender.tld (unknown [210.212.203.3])??by spam2.netcore.co.in (Postfix) with ESMTP id 162A54747DD??for ; Wed, 19 Sep 2007 16:04:17 +0530 (IST) from unknown[210.212.203.3]; from= to= proto=ESMTP helo= Sep 19 16:04:24 spam2 postfix/cleanup[22875]: 162A54747DD: message-id=<000b01c7fa82$55f46140$960ba8c0@MEGANA> ------------------------- That is it-- the queueid doesnt figure anywhere else in the entire maillog , nor is it there in the mailq Is this mail lost then ? Thanks Ram From list-mailscanner at linguaphone.com Wed Sep 19 14:29:02 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Sep 19 14:29:12 2007 Subject: Sanesecurity database corrupt! In-Reply-To: <46F1218C.5090700@USherbrooke.ca> References: <46F11369.4090007@USherbrooke.ca> <1190207079.31044.40.camel@gblades-suse.linguaphone-intranet.co.uk> <46F1218C.5090700@USherbrooke.ca> Message-ID: <1190208542.31043.49.camel@gblades-suse.linguaphone-intranet.co.uk> On Wed, 2007-09-19 at 14:18, Denis Beauchemin wrote: > Gareth, > > Could you post your script please? > > Thanks! > > Denis This is the script that was called 1b on the sanesecurity website. I dont know why it has not been marked as old and removed but it is still working fine for me. -------------- next part -------------- A non-text attachment was scrubbed... Name: UpdateSaneSecurity.sh.gz Type: application/x-gzip Size: 5864 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070919/a946de6d/UpdateSaneSecurity.sh.gz From martinh at solidstatelogic.com Wed Sep 19 14:29:09 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Sep 19 14:29:15 2007 Subject: Mailscanner + postfix Mail loss In-Reply-To: <1190208163.19093.72.camel@localhost.localdomain> Message-ID: <137454afd221134aa3a772946cdafc43@solidstatelogic.com> Ram Oh it's you guys - say hi to Rakesh for me ;-) Not in still the hold queue is it? Nothing in the maillog (which is where mailscanner logs by default)???? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of ram > Sent: 19 September 2007 14:23 > To: MailScanner discussion > Subject: Re: Mailscanner + postfix Mail loss > > On Tue, 2007-09-18 at 13:45 +0100, Julian Field wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > I would certainly start by upgrading MailScanner to the latest. This > > will only take a few minutes to do. > > > > > I have done the upgrade but still today I say atleast one mail > disappearing without trace > > Now I have > MailScanner 4.63 ( latest-stable as of today) > postfix-2.3.4 > on Centos 4.4 > > > > > > > ------------- > grep 162A54747DD /var/log/maillog > > Sep 19 16:04:18 spam2 postfix/smtpd[22001]: 162A54747DD: > client=unknown[210.212.203.3] > Sep 19 16:04:24 spam2 postfix/cleanup[22875]: 162A54747DD: hold: header > Received: from sender.tld (unknown [210.212.203.3])??by > spam2.netcore.co.in (Postfix) with ESMTP id 162A54747DD??for > ; Wed, 19 Sep 2007 16:04:17 +0530 (IST) from > unknown[210.212.203.3]; from= > to= proto=ESMTP helo= > Sep 19 16:04:24 spam2 postfix/cleanup[22875]: 162A54747DD: > message-id=<000b01c7fa82$55f46140$960ba8c0@MEGANA> > > ------------------------- > > > > That is it-- > the queueid doesnt figure anywhere else in the entire maillog , nor is > it there in the mailq > > Is this mail lost then ? > > Thanks > Ram > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Wed Sep 19 14:49:16 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Sep 19 14:49:34 2007 Subject: Sanesecurity database corrupt! In-Reply-To: <46F11369.4090007@USherbrooke.ca> References: <46F11369.4090007@USherbrooke.ca> Message-ID: <46F128DC.5030003@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Which is one of the many reasons you should use more than 1 virus scanner. Don't let your scanner become a single point of failure! Denis Beauchemin wrote: > Hello all, > > This morning my 5 MS servers were not processing any email because the > following file was corrupt: /usr/local/share/clamav/phish.ndb > > I tried to fetch a new one and it was still corrupt so I removed it > from my servers and MS was happy again. > > Denis > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: UTF-8 wj8DBQFG8SjcEfZZRxQVtlQRAvUMAKCWzRbJZPekzv9c25xAVoaix2MBrQCeNeEL zJPmPzPS6n8w3j+eJivw+xY= =pgSS -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Wed Sep 19 14:52:23 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Sep 19 14:52:42 2007 Subject: Mailscanner + postfix Mail loss In-Reply-To: <1190208163.19093.72.camel@localhost.localdomain> References: <1190108260.7279.79.camel@localhost.localdomain> <46EFC851.6020208@ecs.soton.ac.uk> <1190208163.19093.72.camel@localhost.localdomain> Message-ID: <46F12997.5060602@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ram wrote: > On Tue, 2007-09-18 at 13:45 +0100, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I would certainly start by upgrading MailScanner to the latest. This >> will only take a few minutes to do. >> >> > > > I have done the upgrade but still today I say atleast one mail > disappearing without trace > > Now I have > MailScanner 4.63 ( latest-stable as of today) > postfix-2.3.4 > on Centos 4.4 > > > > > > > ------------- > grep 162A54747DD /var/log/maillog > > Sep 19 16:04:18 spam2 postfix/smtpd[22001]: 162A54747DD: > client=unknown[210.212.203.3] > Sep 19 16:04:24 spam2 postfix/cleanup[22875]: 162A54747DD: hold: header > Received: from sender.tld (unknown [210.212.203.3])??by > spam2.netcore.co.in (Postfix) with ESMTP id 162A54747DD??for > ; Wed, 19 Sep 2007 16:04:17 +0530 (IST) from > unknown[210.212.203.3]; from= > to= proto=ESMTP helo= > Sep 19 16:04:24 spam2 postfix/cleanup[22875]: 162A54747DD: > message-id=<000b01c7fa82$55f46140$960ba8c0@MEGANA> > > ------------------------- > > > > That is it-- > the queueid doesnt figure anywhere else in the entire maillog , nor is > it there in the mailq > When the message is put in the postfix incoming queue, it is put in with a new queue id. You can't re-use queue ids like you can with all the other MTAs. So you won't see the queue id again. > Is this mail lost then ? > Not necessarily. > Thanks > Ram > > > > > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFG8SmYEfZZRxQVtlQRAhRhAKDX+KReA+s3d5qiRlrDr/MRb+WzbgCfbwgC sWRe3vnkI9RD5M6Y073jsJw= =0JW+ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From Denis.Beauchemin at USherbrooke.ca Wed Sep 19 15:55:51 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Sep 19 15:57:10 2007 Subject: Sanesecurity database corrupt! In-Reply-To: <46F128DC.5030003@ecs.soton.ac.uk> References: <46F11369.4090007@USherbrooke.ca> <46F128DC.5030003@ecs.soton.ac.uk> Message-ID: <46F13877.10106@USherbrooke.ca> Julian Field a ?crit : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Which is one of the many reasons you should use more than 1 virus > scanner. Don't let your scanner become a single point of failure! > > Julian, I use 3 AV (Clam, Bitdefender and McAfee) but the error with Sanesecurity prevented MS from scanning any email. It logged the following: Sep 19 08:05:01 smtpe4 MailScanner[17553]: ClamAV Module ERROR:: Could not load databases from /usr/local/share/clamav Processes appeared as defunct on ps: root 4223 6723 5 08:11 ? 00:00:03 [MailScanner] When something like this is happening, could MS revert to skip that AV engine? Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070919/05ff255d/smime.bin From ssilva at sgvwater.com Wed Sep 19 17:10:19 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Sep 19 17:10:42 2007 Subject: MailScanner.conf and spam.assassin.prefs.conf consistency In-Reply-To: References: <46F013AF.1050205@ecs.soton.ac.uk> Message-ID: David Lee spake the following on 9/19/2007 1:09 AM: > On Tue, 18 Sep 2007, Julian Field wrote: > >> David Lee wrote: >> [...] >>> I realise that SA needs to see the fully expanded form (thus different at >>> every "org"), but could the sys.admin's version (default common across all >>> "org"s) read "X-%org-name%-...", which MS/SA/something expand up for SA? >>> >>> Just a thought. >>> >> The only thing I could do would be to parse the file and generate a new >> one, but this would need to be put in /etc/mail/spamassassin, and it's >> rather a cardinal sin to overwrite anything in /etc, stuff like that >> should be in /var. But I'm not sure how to tell SpamAssassin to add >> somewhere under /var to the list of directories it reads for admin-level >> settings. > > Thanks for the reply. > > [ Reminder: What I'm thinking of is along the lines of the MS package > delivering a master, default "source" file containing "X-%org-name%..." > then some procedure generating and maintaining the SA "production" file > with those "%...%" variables expanded. ] > > There is decent precedent for source and production variants both to be > alongside each other under "/etc"; namely sendmail's "aliases" and > "aliases.db" (and other similar ".db" derivative files). > > The maintenance procedure might then be something (for instance) in MS's > periodic reload machinery. > > More "blue sky" (day-dreaming): Might there be other MS/SA-related files > that could benefit from such a "%...%" expansion mechanism? > > How about a sync_spamassassin_prefs script that you can run that; 1) checks the lines 2) offers to fix them for you, using sed or whatever Julian would like to work with. 3) It could also add and remove things (with permission) or just warn of options that are less than stellar, according to another file with sensible defaults in it. Sort of like the recent slowness of the completewhois lookups. That way, if you don't want it, you don't have to run it. It could be similar to the upgrade_mailscanner_conf script. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Sep 19 17:14:54 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Sep 19 17:20:08 2007 Subject: Bad filename detected In-Reply-To: <223f97700709190245n432d0f11xf6d1c04a1a6f5fd0@mail.gmail.com> References: <46F0DCAA.2040309@econ.soc.uoc.gr> <1190191613.31038.5.camel@gblades-suse.linguaphone-intranet.co.uk> <46F0E32E.4060800@econ.soc.uoc.gr> <223f97700709190245n432d0f11xf6d1c04a1a6f5fd0@mail.gmail.com> Message-ID: Glenn Steen spake the following on 9/19/2007 2:45 AM: > On 19/09/2007, Alexandros G. Fragkiadakis wrote: >> Gareth wrote: >>> I am guessing that the attachment contains foreign text? >>> The problem is caused by the 'file' command thinking it is an executable >>> file. Executables dont have a common header so some foreight words at >>> the start of the file can cause this problem. >>> Yoy can remove the offending entries from the /usr/share/file/magic >>> file. Search through the archives for more information on this. >>> >>> On Wed, 2007-09-19 at 09:24, Alexandros G. Fragkiadakis wrote: >>> >>>> Hi all, >>>> >>>> Mailscanner gives me the following warnings: >>>> >>>> The following e-mails were found to have: Bad Filename Detected >>>> >>>> Sender: xxxxxx@xxx.xxx.xxx.xx >>>> >>>> IP Address: xxx.xxx.xxx.xxx >>>> Recipient: xxxx@xx.xx >>>> Subject: Re: xxx >>>> MessageID: 9691B2BB95.039CD >>>> Quarantine: /var/spool/MailScanner/quarantine/20070919/9691B2BB95.039CD >>>> Report: MailScanner: No programs allowed (msg-5333-73.txt) >>>> >>>> >>>> The user didn't send any attachments. I cannot understand why >>>> mailscanner has problem with this email. >>>> >>>> Any help? >>>> >>>> Regards, >>>> >>>> Alexandros >>>> >>>> >>>> >> The user sends no attachments at all! >> > The "offending attachment" is likely the mails body text. if you look > at the actual quarantined entry (in the filesystem), you can run the > file command on the reported file ... just do: > cd /var/spool/MailScanner/quarantine/20070919/9691B2BB95.039CD > file msg-5333-73.txt > ... and you'll see what the file command thinks about it. Likely it'll > deem it something like "COM Executable (MS-DOS)", which is an > over-optimistic one byte magic in some versions of file. > Solutions? Hack you magic file, as already suggested (you need > "compiler it" with "file -C" or somesuch ... look in the archives for > the list.... all details are there:-), or update your file command to > a version that isn't broken this particular way... or just disable the > filetype checking (I wouldn't do that, it is effective...:-) by > clearing out the File Command setting in > /etc/MailScanner/MailScanner.conf ... Your choice where you go, what > you do;). > > Cheers The string" I'm free tomorrow" will trigger a quicktime file flag. It can be that simple. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From glenn.steen at gmail.com Wed Sep 19 18:06:50 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Sep 19 18:06:52 2007 Subject: Bad filename detected In-Reply-To: References: <46F0DCAA.2040309@econ.soc.uoc.gr> <1190191613.31038.5.camel@gblades-suse.linguaphone-intranet.co.uk> <46F0E32E.4060800@econ.soc.uoc.gr> <223f97700709190245n432d0f11xf6d1c04a1a6f5fd0@mail.gmail.com> Message-ID: <223f97700709191006p1fbfa541xa077f3bf488921ad@mail.gmail.com> On 19/09/2007, Scott Silva wrote: > Glenn Steen spake the following on 9/19/2007 2:45 AM: > > On 19/09/2007, Alexandros G. Fragkiadakis wrote: > >> Gareth wrote: > >>> I am guessing that the attachment contains foreign text? > >>> The problem is caused by the 'file' command thinking it is an executable > >>> file. Executables dont have a common header so some foreight words at > >>> the start of the file can cause this problem. > >>> Yoy can remove the offending entries from the /usr/share/file/magic > >>> file. Search through the archives for more information on this. > >>> > >>> On Wed, 2007-09-19 at 09:24, Alexandros G. Fragkiadakis wrote: > >>> > >>>> Hi all, > >>>> > >>>> Mailscanner gives me the following warnings: > >>>> > >>>> The following e-mails were found to have: Bad Filename Detected > >>>> > >>>> Sender: xxxxxx@xxx.xxx.xxx.xx > >>>> > >>>> IP Address: xxx.xxx.xxx.xxx > >>>> Recipient: xxxx@xx.xx > >>>> Subject: Re: xxx > >>>> MessageID: 9691B2BB95.039CD > >>>> Quarantine: /var/spool/MailScanner/quarantine/20070919/9691B2BB95.039CD > >>>> Report: MailScanner: No programs allowed (msg-5333-73.txt) > >>>> > >>>> > >>>> The user didn't send any attachments. I cannot understand why > >>>> mailscanner has problem with this email. > >>>> > >>>> Any help? > >>>> > >>>> Regards, > >>>> > >>>> Alexandros > >>>> > >>>> > >>>> > >> The user sends no attachments at all! > >> > > The "offending attachment" is likely the mails body text. if you look > > at the actual quarantined entry (in the filesystem), you can run the > > file command on the reported file ... just do: > > cd /var/spool/MailScanner/quarantine/20070919/9691B2BB95.039CD > > file msg-5333-73.txt > > ... and you'll see what the file command thinks about it. Likely it'll > > deem it something like "COM Executable (MS-DOS)", which is an > > over-optimistic one byte magic in some versions of file. > > Solutions? Hack you magic file, as already suggested (you need > > "compiler it" with "file -C" or somesuch ... look in the archives for > > the list.... all details are there:-), or update your file command to > > a version that isn't broken this particular way... or just disable the > > filetype checking (I wouldn't do that, it is effective...:-) by > > clearing out the File Command setting in > > /etc/MailScanner/MailScanner.conf ... Your choice where you go, what > > you do;). > > > > Cheers > The string" I'm free tomorrow" will trigger a quicktime file flag. It can be > that simple. > Yeah, sure... It's just that ISTR there being some common greek phrase that would match one of the idiotic 1-byte magics for COM files... And Alexandros seems to have a vaguely greek name... and domain ....:-):-) Cheers buddy -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ram at netcore.co.in Wed Sep 19 19:14:55 2007 From: ram at netcore.co.in (Ramprasad) Date: Wed Sep 19 19:15:55 2007 Subject: Mailscanner + postfix Mail loss In-Reply-To: <46F12997.5060602@ecs.soton.ac.uk> References: <1190108260.7279.79.camel@localhost.localdomain> <46EFC851.6020208@ecs.soton.ac.uk> <1190208163.19093.72.camel@localhost.localdomain> <46F12997.5060602@ecs.soton.ac.uk> Message-ID: <46F1671F.4090602@netcore.co.in> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > ram wrote: > >> On Tue, 2007-09-18 at 13:45 +0100, Julian Field wrote: >> >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> I would certainly start by upgrading MailScanner to the latest. This >>> will only take a few minutes to do. >>> >>> >>> >> I have done the upgrade but still today I say atleast one mail >> disappearing without trace >> >> Now I have >> MailScanner 4.63 ( latest-stable as of today) >> postfix-2.3.4 >> on Centos 4.4 >> >> >> >> >> >> >> ------------- >> grep 162A54747DD /var/log/maillog >> >> Sep 19 16:04:18 spam2 postfix/smtpd[22001]: 162A54747DD: >> client=unknown[210.212.203.3] >> Sep 19 16:04:24 spam2 postfix/cleanup[22875]: 162A54747DD: hold: header >> Received: from sender.tld (unknown [210.212.203.3])??by >> spam2.netcore.co.in (Postfix) with ESMTP id 162A54747DD??for >> ; Wed, 19 Sep 2007 16:04:17 +0530 (IST) from >> unknown[210.212.203.3]; from= >> to= proto=ESMTP helo= >> Sep 19 16:04:24 spam2 postfix/cleanup[22875]: 162A54747DD: >> message-id=<000b01c7fa82$55f46140$960ba8c0@MEGANA> >> >> ------------------------- >> >> >> >> That is it-- >> the queueid doesnt figure anywhere else in the entire maillog , nor is >> it there in the mailq >> >> > When the message is put in the postfix incoming queue, it is put in with > a new queue id. You can't re-use queue ids like you can with all the > other MTAs. So you won't see the queue id again. > >> Is this mail lost then ? >> >> > Not necessarily. > No but in all other mails if not marked high spam and deleted I can see lines like ( Requeue $QID.$RANDOM to $NEWQID) or $QID.$RANDOM action is delete Nevertheless , every mail must be trackable by the queueid. Actually now I am able to see some particular patterns of senders and recipients where this happens , If possible I will try to reproduce the system One more thing I have to mention is that I am also using a postfix Milter to do basic userlevel blacklist/whitelist and SPF checks. But these do not modify the mails other than adding a headder Thanks Ram Requeue From glenn.steen at gmail.com Wed Sep 19 19:44:13 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Sep 19 19:44:15 2007 Subject: Mailscanner + postfix Mail loss In-Reply-To: <46F1671F.4090602@netcore.co.in> References: <1190108260.7279.79.camel@localhost.localdomain> <46EFC851.6020208@ecs.soton.ac.uk> <1190208163.19093.72.camel@localhost.localdomain> <46F12997.5060602@ecs.soton.ac.uk> <46F1671F.4090602@netcore.co.in> Message-ID: <223f97700709191144n78f65881ja7118ed21727d138@mail.gmail.com> On 19/09/2007, Ramprasad wrote: > Julian Field wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > > > > ram wrote: > > > >> On Tue, 2007-09-18 at 13:45 +0100, Julian Field wrote: > >> > >> > >>> -----BEGIN PGP SIGNED MESSAGE----- > >>> Hash: SHA1 > >>> > >>> I would certainly start by upgrading MailScanner to the latest. This > >>> will only take a few minutes to do. > >>> > >>> > >>> > >> I have done the upgrade but still today I say atleast one mail > >> disappearing without trace > >> > >> Now I have > >> MailScanner 4.63 ( latest-stable as of today) > >> postfix-2.3.4 > >> on Centos 4.4 > >> > >> > >> > >> > >> > >> > >> ------------- > >> grep 162A54747DD /var/log/maillog > >> > >> Sep 19 16:04:18 spam2 postfix/smtpd[22001]: 162A54747DD: > >> client=unknown[210.212.203.3] > >> Sep 19 16:04:24 spam2 postfix/cleanup[22875]: 162A54747DD: hold: header > >> Received: from sender.tld (unknown [210.212.203.3])??by > >> spam2.netcore.co.in (Postfix) with ESMTP id 162A54747DD??for > >> ; Wed, 19 Sep 2007 16:04:17 +0530 (IST) from > >> unknown[210.212.203.3]; from= > >> to= proto=ESMTP helo= > >> Sep 19 16:04:24 spam2 postfix/cleanup[22875]: 162A54747DD: > >> message-id=<000b01c7fa82$55f46140$960ba8c0@MEGANA> > >> > >> ------------------------- > >> > >> > >> > >> That is it-- > >> the queueid doesnt figure anywhere else in the entire maillog , nor is > >> it there in the mailq > >> > >> > > When the message is put in the postfix incoming queue, it is put in with > > a new queue id. You can't re-use queue ids like you can with all the > > other MTAs. So you won't see the queue id again. > > > >> Is this mail lost then ? > >> > >> > > Not necessarily. > > > No but in all other mails if not marked high spam and deleted > I can see lines like ( Requeue $QID.$RANDOM to $NEWQID) > or > $QID.$RANDOM action is delete > > Nevertheless , every mail must be trackable by the queueid. Actually now > I am able to see some particular patterns of senders and recipients > where this happens , If possible I will try to reproduce the system > > > One more thing I have to mention is that I am also using a postfix > Milter to do basic userlevel blacklist/whitelist and SPF checks. But > these do not modify the mails other than adding a headder > > > Thanks > Ram > Well, now you really got _my_ attention... :-) It would be perfect if you can make a reproducible test-case... Then disable the milter and retry... What I (of course) want to know is if my milter support thingies affect this situation in any way... They shouldn't, but... who knows:-/ Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From R.Sterenborg at netsourcing.nl Thu Sep 20 07:53:03 2007 From: R.Sterenborg at netsourcing.nl (Rob Sterenborg) Date: Thu Sep 20 07:54:32 2007 Subject: Empty html/text signature config items Message-ID: <74ACEB3E6A055643A89B8CEC74C7BF2488E16A@WISENT.dcyb.net> Hi, When having empty "Inline HTML Signature" and "Inline Text Signature" config items, I'm getting syntax errors like below. (This also goes for "Inline HTML Warning" and "Inline Text Warning", perhaps others which I didn't try). Sep 20 08:42:05 test1 MailScanner[3138]: Syntax error(s) in configuration file: Sep 20 08:42:05 test1 MailScanner[3138]: Unrecognised keyword "inlinehtmlsignature" at line 1147 Sep 20 08:42:05 test1 MailScanner[3138]: Unrecognised keyword "inlinetextsignature" at line 1148 Sep 20 08:42:05 test1 MailScanner[3138]: Warning: syntax errors in /opt/MailScanner/etc/MailScanner.conf. However, having empty "Signature Image Filename" and "Signature Image Filename" does not give an error. Is this intentional? Grts, Rob From alfrag at econ.soc.uoc.gr Thu Sep 20 09:17:20 2007 From: alfrag at econ.soc.uoc.gr (Alexandros G. Fragkiadakis) Date: Thu Sep 20 09:21:36 2007 Subject: Bad filename detected In-Reply-To: <223f97700709191006p1fbfa541xa077f3bf488921ad@mail.gmail.com> References: <46F0DCAA.2040309@econ.soc.uoc.gr> <1190191613.31038.5.camel@gblades-suse.linguaphone-intranet.co.uk> <46F0E32E.4060800@econ.soc.uoc.gr> <223f97700709190245n432d0f11xf6d1c04a1a6f5fd0@mail.gmail.com> <223f97700709191006p1fbfa541xa077f3bf488921ad@mail.gmail.com> Message-ID: <46F22C90.5080503@econ.soc.uoc.gr> Glenn Steen wrote: > On 19/09/2007, Scott Silva wrote: > >> Glenn Steen spake the following on 9/19/2007 2:45 AM: >> >>> On 19/09/2007, Alexandros G. Fragkiadakis wrote: >>> >>>> Gareth wrote: >>>> >>>>> I am guessing that the attachment contains foreign text? >>>>> The problem is caused by the 'file' command thinking it is an executable >>>>> file. Executables dont have a common header so some foreight words at >>>>> the start of the file can cause this problem. >>>>> Yoy can remove the offending entries from the /usr/share/file/magic >>>>> file. Search through the archives for more information on this. >>>>> >>>>> On Wed, 2007-09-19 at 09:24, Alexandros G. Fragkiadakis wrote: >>>>> >>>>> >>>>>> Hi all, >>>>>> >>>>>> Mailscanner gives me the following warnings: >>>>>> >>>>>> The following e-mails were found to have: Bad Filename Detected >>>>>> >>>>>> Sender: xxxxxx@xxx.xxx.xxx.xx >>>>>> >>>>>> IP Address: xxx.xxx.xxx.xxx >>>>>> Recipient: xxxx@xx.xx >>>>>> Subject: Re: xxx >>>>>> MessageID: 9691B2BB95.039CD >>>>>> Quarantine: /var/spool/MailScanner/quarantine/20070919/9691B2BB95.039CD >>>>>> Report: MailScanner: No programs allowed (msg-5333-73.txt) >>>>>> >>>>>> >>>>>> The user didn't send any attachments. I cannot understand why >>>>>> mailscanner has problem with this email. >>>>>> >>>>>> Any help? >>>>>> >>>>>> Regards, >>>>>> >>>>>> Alexandros >>>>>> >>>>>> >>>>>> >>>>>> >>>> The user sends no attachments at all! >>>> >>>> >>> The "offending attachment" is likely the mails body text. if you look >>> at the actual quarantined entry (in the filesystem), you can run the >>> file command on the reported file ... just do: >>> cd /var/spool/MailScanner/quarantine/20070919/9691B2BB95.039CD >>> file msg-5333-73.txt >>> ... and you'll see what the file command thinks about it. Likely it'll >>> deem it something like "COM Executable (MS-DOS)", which is an >>> over-optimistic one byte magic in some versions of file. >>> Solutions? Hack you magic file, as already suggested (you need >>> "compiler it" with "file -C" or somesuch ... look in the archives for >>> the list.... all details are there:-), or update your file command to >>> a version that isn't broken this particular way... or just disable the >>> filetype checking (I wouldn't do that, it is effective...:-) by >>> clearing out the File Command setting in >>> /etc/MailScanner/MailScanner.conf ... Your choice where you go, what >>> you do;). >>> >>> Cheers >>> >> The string" I'm free tomorrow" will trigger a quicktime file flag. It can be >> that simple. >> >> > Yeah, sure... It's just that ISTR there being some common greek phrase > that would match one of the idiotic 1-byte magics for COM files... And > Alexandros seems to have a vaguely greek name... and domain ....:-):-) > > Cheers buddy > The file command gives me: "RFC 822 mail text" I'll try to update it, thanks for your help! Alexandros -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From iad.scoot at gmail.com Thu Sep 20 12:28:40 2007 From: iad.scoot at gmail.com (Iad Scoot) Date: Thu Sep 20 12:28:42 2007 Subject: mail w/ 2 extension In-Reply-To: <625385e30709190601m6764f405m96bd78f5224921e1@mail.gmail.com> References: <88bd43930709180819p79fffb0eqccf5346b0dbaf708@mail.gmail.com> <625385e30709180940k7fd5a0cfxe91f5aca3b99995@mail.gmail.com> <88bd43930709190450j5e9677c7o8860e1d0944fbffa@mail.gmail.com> <625385e30709190601m6764f405m96bd78f5224921e1@mail.gmail.com> Message-ID: <88bd43930709200428p25cdac91k6daf56d48c04c726@mail.gmail.com> I'll give it a try - gotta learn more about reg expressions :) Thanks... - Iad On 9/19/07, shuttlebox wrote: > > On 9/19/07, Iad Scoot wrote: > > Duh...why didn't I think of that?? > > > > Thanks....any thoughts on how to do fewer "allow" lines - maybe via > regex or > > similar? For example, text files, image files, etc could both have the > same > > ".yyy" extension but obviously different ".xxx" extensions. > > Maybe something like: > > accept \.(xls|pdf|doc|zip)\.yyy$ - - > > -- > /peter > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070920/41ab8090/attachment.html From ugob at lubik.ca Thu Sep 20 15:15:26 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Thu Sep 20 15:15:57 2007 Subject: Empty html/text signature config items In-Reply-To: <74ACEB3E6A055643A89B8CEC74C7BF2488E16A@WISENT.dcyb.net> References: <74ACEB3E6A055643A89B8CEC74C7BF2488E16A@WISENT.dcyb.net> Message-ID: Rob Sterenborg wrote: > Hi, > > When having empty "Inline HTML Signature" and "Inline Text Signature" > config items, I'm getting syntax errors like below. (This also goes for > "Inline HTML Warning" and "Inline Text Warning", perhaps others which I > didn't try). > > Sep 20 08:42:05 test1 MailScanner[3138]: Syntax error(s) in > configuration file: > Sep 20 08:42:05 test1 MailScanner[3138]: Unrecognised keyword > "inlinehtmlsignature" at line 1147 > Sep 20 08:42:05 test1 MailScanner[3138]: Unrecognised keyword > "inlinetextsignature" at line 1148 > Sep 20 08:42:05 test1 MailScanner[3138]: Warning: syntax errors in > /opt/MailScanner/etc/MailScanner.conf. > It is probably telling you that it can't find the configuration items, since they are emtpy. Why did you empty them? > However, having empty "Signature Image Filename" and "Signature Image > Filename" does not give an error. Is this intentional? > I think that this is an optionnal item. > > Grts, > Rob From Rich at GlaserTechnology.com Thu Sep 20 15:53:24 2007 From: Rich at GlaserTechnology.com (Rich Berrill) Date: Thu Sep 20 15:53:29 2007 Subject: Blacklist Subject Modification Message-ID: <86AE6EB9FC22024D91E76C0802A7D530341C44@glaser-sbs.Glaser.local> Greetings, I'm having a small issue with MailScanner and I was wondering if anyone else may have come up with a solution for this in the past. I have a user that when a message is blacklisted wants to have it given a specific subject heading rather than just {Spam} if the message was blacklisted. At present I don't see a way that this is possible, and a few days of searching archive and the web I haven't found an answer. I have decent Perl experience and if it involves changing a few files I have no issue doing that. Thanks for the help in advance, Rich -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070920/039fce64/attachment.html From m.anderlini at database.it Thu Sep 20 15:58:22 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Thu Sep 20 15:58:40 2007 Subject: How to block txt attachment spam In-Reply-To: References: <74ACEB3E6A055643A89B8CEC74C7BF2488E16A@WISENT.dcyb.net> Message-ID: <007201c7fb96$b02f3b20$2301a8c0@dbdomain.database.it> Hello, since two day we're receiving spam email with txt attachment. The subject and the test is in italian with porno contents. The subject and test could also change. Anyone could suggest some way to block it ? Best regards and sorry for my worst English. Marcello -- Messaggio verificato dal servizio antivirus di Database Informatica From martinh at solidstatelogic.com Thu Sep 20 16:05:14 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Sep 20 16:05:17 2007 Subject: How to block txt attachment spam In-Reply-To: <007201c7fb96$b02f3b20$2301a8c0@dbdomain.database.it> Message-ID: <0a0ada779fcb9644aa97ed5f1b64f077@solidstatelogic.com> Marcello Can you post the email (full headers etc) on a web site or pastebin for us to analyse. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Marcello Anderlini > Sent: 20 September 2007 15:58 > To: MailScanner discussion > Subject: How to block txt attachment spam > > Hello, since two day we're receiving spam email with txt attachment. > The subject and the test is in italian with porno contents. > The subject and test could also change. > > Anyone could suggest some way to block it ? > > Best regards and sorry for my worst English. > > Marcello > > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From m.anderlini at database.it Thu Sep 20 16:27:55 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Thu Sep 20 16:28:06 2007 Subject: R: How to block txt attachment spam In-Reply-To: <0a0ada779fcb9644aa97ed5f1b64f077@solidstatelogic.com> References: <007201c7fb96$b02f3b20$2301a8c0@dbdomain.database.it> <0a0ada779fcb9644aa97ed5f1b64f077@solidstatelogic.com> Message-ID: <007d01c7fb9a$d1179ef0$2301a8c0@dbdomain.database.it> Damn, I've just deleted it, when I get again I will post link to them thanks -----Messaggio originale----- Da: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Per conto di Martin.Hepworth Inviato: gioved? 20 settembre 2007 17.05 A: MailScanner discussion Oggetto: RE: How to block txt attachment spam Marcello Can you post the email (full headers etc) on a web site or pastebin for us to analyse. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Marcello Anderlini > Sent: 20 September 2007 15:58 > To: MailScanner discussion > Subject: How to block txt attachment spam > > Hello, since two day we're receiving spam email with txt attachment. > The subject and the test is in italian with porno contents. > The subject and test could also change. > > Anyone could suggest some way to block it ? > > Best regards and sorry for my worst English. > > Marcello > > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Messaggio verificato dal servizio antivirus di Database Informatica -- Messaggio verificato dal servizio antivirus di Database Informatica From mkettler at evi-inc.com Thu Sep 20 16:49:54 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Sep 20 16:50:18 2007 Subject: Any rule for this type of spam In-Reply-To: <1190191417.31038.1.camel@gblades-suse.linguaphone-intranet.co.uk> References: <1190191417.31038.1.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <46F296A2.6050403@evi-inc.com> Gareth wrote: > Does anyone have a rule or a suggestion for this type of spam email. Its > the only one which occasionally makes it past our spam checks. > > > ------------------------------------------------------------------------ > > Subject: > +.).:[ +.-(:[[()+ +.*)+.) For what it's worth, I've got a couple rules I wrote that will detect this kind of "garbage subject". However, they're not well tested, so I'd advise not cranking up the scores until you're sure they don't cause problems. L_SUBJ_15NONWORDS might FP on some emails with a lot of !'s in them, but 15 in a row is a LOT. L_SUBJ_NOWORDS might FP on emails with stupid subject lines that real people occasionally use, such as "...", so I'd be more careful with this one. header L_SUBJ_15NONWORDS Subject =~/\W{15}/ describe L_SUBJ_15NONWORDS Subject has 15 consecutive non-word characters score L_SUBJ_15NONWORDS 0.5 header __L_SUBJ_NOWORDS Subject !~ /[a-zA-Z0-9]/ header __L_SUBJ_NONEMPTY Subject =~ /./ meta L_SUBJ_NOWORDS (__L_SUBJ_NOWORDS && __L_SUBJ_NONEMPTY) describe L_SUBJ_NOWORDS Subject has no word chars and is nonempty score L_SUBJ_NOWORDS 0.5 From ssilva at sgvwater.com Thu Sep 20 17:09:40 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Sep 20 17:10:22 2007 Subject: Blacklist Subject Modification In-Reply-To: <86AE6EB9FC22024D91E76C0802A7D530341C44@glaser-sbs.Glaser.local> References: <86AE6EB9FC22024D91E76C0802A7D530341C44@glaser-sbs.Glaser.local> Message-ID: Rich Berrill spake the following on 9/20/2007 7:53 AM: > Greetings, > > I?m having a small issue with MailScanner and I was wondering if anyone > else may have come up with a solution for this in the past. I have a > user that when a message is blacklisted wants to have it given a > specific subject heading rather than just {Spam} if the message was > blacklisted. At present I don?t see a way that this is possible, and a > few days of searching archive and the web I haven?t found an answer. I > have decent Perl experience and if it involves changing a few files I > have no issue doing that. > > > > Thanks for the help in advance, > > Rich > Blacklisted mails aren't delivered, so what does it matter what the subject says? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From hvdkooij at vanderkooij.org Thu Sep 20 17:15:00 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Sep 20 17:15:13 2007 Subject: Blacklist Subject Modification In-Reply-To: <86AE6EB9FC22024D91E76C0802A7D530341C44@glaser-sbs.Glaser.local> References: <86AE6EB9FC22024D91E76C0802A7D530341C44@glaser-sbs.Glaser.local> Message-ID: On Thu, 20 Sep 2007, Rich Berrill wrote: > I'm having a small issue with MailScanner and I was wondering if anyone > else may have come up with a solution for this in the past. I have a > user that when a message is blacklisted wants to have it given a > specific subject heading rather than just {Spam} if the message was > blacklisted. At present I don't see a way that this is possible, and a > few days of searching archive and the web I haven't found an answer. I > have decent Perl experience and if it involves changing a few files I > have no issue doing that. If you blacklist at the MTA level then that information is not available. The SMTP connection is dropped before you even get the message. That is the whole point of blacklisting at the MTA level. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From Rich at GlaserTechnology.com Thu Sep 20 17:15:39 2007 From: Rich at GlaserTechnology.com (Rich Berrill) Date: Thu Sep 20 17:15:45 2007 Subject: Blacklist Subject Modification In-Reply-To: References: <86AE6EB9FC22024D91E76C0802A7D530341C44@glaser-sbs.Glaser.local> Message-ID: <86AE6EB9FC22024D91E76C0802A7D530341C54@glaser-sbs.Glaser.local> It does in the case that High Scoring Spam is being delivered with just header modification. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva Sent: Thursday, September 20, 2007 11:10 AM To: mailscanner@lists.mailscanner.info Subject: Re: Blacklist Subject Modification Rich Berrill spake the following on 9/20/2007 7:53 AM: > Greetings, > > I'm having a small issue with MailScanner and I was wondering if anyone > else may have come up with a solution for this in the past. I have a > user that when a message is blacklisted wants to have it given a > specific subject heading rather than just {Spam} if the message was > blacklisted. At present I don't see a way that this is possible, and a > few days of searching archive and the web I haven't found an answer. I > have decent Perl experience and if it involves changing a few files I > have no issue doing that. > > > > Thanks for the help in advance, > > Rich > Blacklisted mails aren't delivered, so what does it matter what the subject says? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- If this message is spam, or has been marked as spam by mistake please click on the link that is found below for instructions on how to correct this. http://mail.glasertechnology.com:8282 -- From derek at csolve.net Thu Sep 20 17:28:39 2007 From: derek at csolve.net (Derek Buttineau) Date: Thu Sep 20 17:29:23 2007 Subject: Blacklist Subject Modification In-Reply-To: <86AE6EB9FC22024D91E76C0802A7D530341C44@glaser-sbs.Glaser.local> References: <86AE6EB9FC22024D91E76C0802A7D530341C44@glaser-sbs.Glaser.local> Message-ID: <6851EAA6-591B-484E-9D22-EE0A7A15FF3E@csolve.net> On 2007-Sep-20, at 10:53 AM, Rich Berrill wrote: > I?m having a small issue with MailScanner and I was wondering if > anyone else may have come up with a solution for this in the past. > I have a user that when a message is blacklisted wants to have it > given a specific subject heading rather than just {Spam} if the > message was blacklisted. At present I don?t see a way that this is > possible, and a few days of searching archive and the web I haven?t > found an answer. I have decent Perl experience and if it involves > changing a few files I have no issue doing that. In the interim you could set "Definite Spam Is High Scoring" = yes, set your "High SpamAssassin Score" to something very high, and then set "High Scoring Spam Subject Text" to what you want it to say in MailScanner.conf. It may be useful to have the option of producing a different subject line for White Lists and Black lists, though I'm not sure how many installations would use it. -- Regards, Derek Buttineau Internet Systems Developer Compu-SOLVE Internet Services Compu-SOLVE Technologies, Inc Phone: 705-725-1212 x255 E-Mail: derek@csolve.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070920/bc458d37/attachment.html From mkettler at evi-inc.com Thu Sep 20 17:53:10 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Sep 20 17:53:34 2007 Subject: Blacklist Subject Modification In-Reply-To: References: <86AE6EB9FC22024D91E76C0802A7D530341C44@glaser-sbs.Glaser.local> Message-ID: <46F2A576.9020202@evi-inc.com> Scott Silva wrote: > Rich Berrill spake the following on 9/20/2007 7:53 AM: >> Greetings, >> >> I?m having a small issue with MailScanner and I was wondering if >> anyone else may have come up with a solution for this in the past. I >> have a user that when a message is blacklisted wants to have it given >> a specific subject heading rather than just {Spam} if the message was >> blacklisted. At present I don?t see a way that this is possible, and >> a few days of searching archive and the web I haven?t found an >> answer. I have decent Perl experience and if it involves changing a >> few files I have no issue doing that. >> >> >> >> Thanks for the help in advance, >> >> Rich >> > Blacklisted mails aren't delivered, so what does it matter what the > subject says? That depends on what you mean by "blacklisted". In the MailScanner context, by default blacklisted emails are tagged and delivered. Blacklisted at the MTA - not delivered. "Is Definitely Spam" in MailScanner - depends on your configuration, but by default, tagged and delivered. "blacklist_from" in SpamAssassin - depends on your configuration, but by default, tagged and delivered. From dgottsc at emory.edu Thu Sep 20 18:18:10 2007 From: dgottsc at emory.edu (Gottschalk, David) Date: Thu Sep 20 18:18:23 2007 Subject: E-mail address rewrites Message-ID: <8D2EFA3D9FD29C45BCEC3B532F0E230841359FE717@RDPEXCH2.Eu.Emory.Edu> Over the last few weeks, I've had users reporting that they are getting bounces when replying to messages saying 'user@msserver.edu' is a invalid user (where msserver is the hostname of one of my MailScanner relays). It's beginning to appear that something on these boxes is re-writing addresses while they are in transit. I have several examples where messages from one internal mail system travels through one of my five mail relays running mailscanner, and arrives with a re-written address address in the CC field. I know this is a strange, unique issue, but I could really use some help. I've looked around a lot on my servers to see if I could find any sources of this problem, but I've found nothing. I've also searched lots on google, and mailscanner list archives. Any help would be greatly appreciated. Below is my setup: Sendmail 8.13.1 MailScanner 4.60.8 David Gottschalk UTS Infrastructure Technology Services david.gottschalk@emory.edu -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070920/92a54a61/attachment.html From MailScanner at ecs.soton.ac.uk Thu Sep 20 18:28:46 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Sep 20 18:29:13 2007 Subject: E-mail address rewrites In-Reply-To: <8D2EFA3D9FD29C45BCEC3B532F0E230841359FE717@RDPEXCH2.Eu.Emory.Edu> References: <8D2EFA3D9FD29C45BCEC3B532F0E230841359FE717@RDPEXCH2.Eu.Emory.Edu> Message-ID: <46F2ADCE.7000201@ecs.soton.ac.uk> One thing I can tell you is that it isn't a MailScanner problem. MailScanner doesn't even know what Cc fields are :-) Let alone does it ever go anywhere near them. Jules. Gottschalk, David wrote: > > Over the last few weeks, I?ve had users reporting that they are > getting bounces when replying to messages saying ?user@msserver.edu > ? is a invalid user (where msserver is the > hostname of one of my MailScanner relays). It?s beginning to appear > that something on these boxes is re-writing addresses while they are > in transit. I have several examples where messages from one internal > mail system travels through one of my five mail relays running > mailscanner, and arrives with a re-written address address in the CC > field. I know this is a strange, unique issue, but I could really use > some help. I?ve looked around a lot on my servers to see if I could > find any sources of this problem, but I?ve found nothing. I?ve also > searched lots on google, and mailscanner list archives. Any help would > be greatly appreciated. Below is my setup: > > Sendmail 8.13.1 > > MailScanner 4.60.8 > > David Gottschalk > UTS Infrastructure Technology Services > david.gottschalk@emory.edu > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From dgottsc at emory.edu Thu Sep 20 18:32:51 2007 From: dgottsc at emory.edu (Gottschalk, David) Date: Thu Sep 20 18:33:04 2007 Subject: E-mail address rewrites In-Reply-To: <46F2ADCE.7000201@ecs.soton.ac.uk> References: <8D2EFA3D9FD29C45BCEC3B532F0E230841359FE717@RDPEXCH2.Eu.Emory.Edu> <46F2ADCE.7000201@ecs.soton.ac.uk> Message-ID: <8D2EFA3D9FD29C45BCEC3B532F0E230841359FE73E@RDPEXCH2.Eu.Emory.Edu> Interesting. I suspected that it could be a sendmail issue, because it is known to add domains to in complete addresses. Anyone have any ideas in this arena? David Gottschalk UTS Infrastructure Technology Services david.gottschalk@emory.edu -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, September 20, 2007 1:29 PM To: MailScanner discussion Subject: Re: E-mail address rewrites One thing I can tell you is that it isn't a MailScanner problem. MailScanner doesn't even know what Cc fields are :-) Let alone does it ever go anywhere near them. Jules. Gottschalk, David wrote: > > Over the last few weeks, I've had users reporting that they are > getting bounces when replying to messages saying 'user@msserver.edu > ' is a invalid user (where msserver is the > hostname of one of my MailScanner relays). It's beginning to appear > that something on these boxes is re-writing addresses while they are > in transit. I have several examples where messages from one internal > mail system travels through one of my five mail relays running > mailscanner, and arrives with a re-written address address in the CC > field. I know this is a strange, unique issue, but I could really use > some help. I've looked around a lot on my servers to see if I could > find any sources of this problem, but I've found nothing. I've also > searched lots on google, and mailscanner list archives. Any help would > be greatly appreciated. Below is my setup: > > Sendmail 8.13.1 > > MailScanner 4.60.8 > > David Gottschalk > UTS Infrastructure Technology Services > david.gottschalk@emory.edu > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Thu Sep 20 18:36:13 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Sep 20 18:36:35 2007 Subject: E-mail address rewrites In-Reply-To: <8D2EFA3D9FD29C45BCEC3B532F0E230841359FE717@RDPEXCH2.Eu.Emory.Edu> References: <8D2EFA3D9FD29C45BCEC3B532F0E230841359FE717@RDPEXCH2.Eu.Emory.Edu> Message-ID: Gottschalk, David spake the following on 9/20/2007 10:18 AM: > Over the last few weeks, I?ve had users reporting that they are getting > bounces when replying to messages saying ?user@msserver.edu > ? is a invalid user (where msserver is the > hostname of one of my MailScanner relays). It?s beginning to appear that > something on these boxes is re-writing addresses while they are in > transit. I have several examples where messages from one internal mail > system travels through one of my five mail relays running mailscanner, > and arrives with a re-written address address in the CC field. I know > this is a strange, unique issue, but I could really use some help. I?ve > looked around a lot on my servers to see if I could find any sources of > this problem, but I?ve found nothing. I?ve also searched lots on > google, and mailscanner list archives. Any help would be greatly > appreciated. Below is my setup: > > > > Sendmail 8.13.1 > > MailScanner 4.60.8 > > > > David Gottschalk > UTS Infrastructure Technology Services > david.gottschalk@emory.edu > > > Check every servers sendmail.mc ( or sendmail.cf if you edit them directly) for "masquerade as" settings. It sounds like one of them is set wrong. Start with the hostnamed server you already suspect. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From dgottsc at emory.edu Thu Sep 20 18:44:02 2007 From: dgottsc at emory.edu (Gottschalk, David) Date: Thu Sep 20 18:44:15 2007 Subject: E-mail address rewrites In-Reply-To: References: <8D2EFA3D9FD29C45BCEC3B532F0E230841359FE717@RDPEXCH2.Eu.Emory.Edu> Message-ID: <8D2EFA3D9FD29C45BCEC3B532F0E230841359FE766@RDPEXCH2.Eu.Emory.Edu> Thanks for the tip, but I already checked that. I do use that setting already though, but it is not a server hostname on any of the servers. David Gottschalk UTS Infrastructure Technology Services david.gottschalk@emory.edu -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva Sent: Thursday, September 20, 2007 1:36 PM To: mailscanner@lists.mailscanner.info Subject: Re: E-mail address rewrites Gottschalk, David spake the following on 9/20/2007 10:18 AM: > Over the last few weeks, I've had users reporting that they are getting > bounces when replying to messages saying 'user@msserver.edu > ' is a invalid user (where msserver is the > hostname of one of my MailScanner relays). It's beginning to appear that > something on these boxes is re-writing addresses while they are in > transit. I have several examples where messages from one internal mail > system travels through one of my five mail relays running mailscanner, > and arrives with a re-written address address in the CC field. I know > this is a strange, unique issue, but I could really use some help. I've > looked around a lot on my servers to see if I could find any sources of > this problem, but I've found nothing. I've also searched lots on > google, and mailscanner list archives. Any help would be greatly > appreciated. Below is my setup: > > > > Sendmail 8.13.1 > > MailScanner 4.60.8 > > > > David Gottschalk > UTS Infrastructure Technology Services > david.gottschalk@emory.edu > > > Check every servers sendmail.mc ( or sendmail.cf if you edit them directly) for "masquerade as" settings. It sounds like one of them is set wrong. Start with the hostnamed server you already suspect. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mwarpool at www-pros.com Thu Sep 20 21:57:37 2007 From: mwarpool at www-pros.com (Mark Warpool) Date: Thu Sep 20 21:58:05 2007 Subject: database is locked error Message-ID: Hi all, I've recently started getting a lot of these errors in my mail.warn log. Sep 20 16:48:37 mail03 MailScanner[25144]: database is locked(5) at dbdimp.c line 402 Sep 20 16:48:40 mail03 MailScanner[24966]: database is locked(5) at dbdimp.c line 402 Sep 20 16:49:08 mail03 MailScanner[25144]: database is locked(5) at dbdimp.c line 402 Sep 20 16:49:39 mail03 MailScanner[25144]: database is locked(5) at dbdimp.c line 402 My server is under extremely heavy load at the moment, doing about 30k - 40k messages per day. It's a SUSE 10.2 box with dual-dual core Opterons and 2GB of RAM. I've been running MailScanner for many years now on various different servers, but I've never run across this error before. It seems to be processing mail, however it also seems the mail is piling up and not processing as fast as I would normally expect it to. As of this writing, it has about 1000 messages in queue, where I normally am able to keep that to the 200 - 400 range. Any suggestions? TIA Mark Warpool Ideate Technology Solutions From lists at sequestered.net Thu Sep 20 22:42:39 2007 From: lists at sequestered.net (Jay Chandler) Date: Thu Sep 20 22:42:42 2007 Subject: New MailScanner Features Message-ID: <46F2E94F.1040207@sequestered.net> The new version of MailScanner has a few nifty features that I like-- particularly the watermarking. The issue I'm having is in getting the phishing bad list updated via cron. I build Mailscanner from the FreeBSD ports tree, and until today didn't realize there were cron scripts living in /usr/local/libexec that did useful things, like updating the virus scanners. I don't see a script in there for updating the bad list, nor can I find a reference to one anywhere. Has this just not been written yet, or did the port maintainer miss something? -- Jay Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: Bit rot From ssilva at sgvwater.com Thu Sep 20 23:06:29 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Sep 20 23:07:00 2007 Subject: New MailScanner Features In-Reply-To: <46F2E94F.1040207@sequestered.net> References: <46F2E94F.1040207@sequestered.net> Message-ID: Jay Chandler spake the following on 9/20/2007 2:42 PM: > The new version of MailScanner has a few nifty features that I like-- > particularly the watermarking. > > > The issue I'm having is in getting the phishing bad list updated via > cron. I build Mailscanner from the FreeBSD ports tree, and until today > didn't realize there were cron scripts living in /usr/local/libexec that > did useful things, like updating the virus scanners. > > I don't see a script in there for updating the bad list, nor can I find > a reference to one anywhere. Has this just not been written yet, or did > the port maintainer miss something? > There should be something like update_phishing_sites called from cron every day. Maybe the maintainer hasn't added the cron scripts yet. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From lists at sequestered.net Thu Sep 20 23:29:13 2007 From: lists at sequestered.net (Jay Chandler) Date: Thu Sep 20 23:29:15 2007 Subject: New MailScanner Features In-Reply-To: References: <46F2E94F.1040207@sequestered.net> Message-ID: <46F2F439.9010705@sequestered.net> Scott Silva wrote: > Jay Chandler spake the following on 9/20/2007 2:42 PM: >> The new version of MailScanner has a few nifty features that I like-- >> particularly the watermarking. >> >> >> The issue I'm having is in getting the phishing bad list updated via >> cron. I build Mailscanner from the FreeBSD ports tree, and until >> today didn't realize there were cron scripts living in >> /usr/local/libexec that did useful things, like updating the virus >> scanners. >> >> I don't see a script in there for updating the bad list, nor can I >> find a reference to one anywhere. Has this just not been written yet, >> or did the port maintainer miss something? >> > There should be something like update_phishing_sites called from cron > every day. Maybe the maintainer hasn't added the cron scripts yet. > Yeah, it's there, but it's solely targeting the whitelist, not the blacklist. Does someone have a copy of an update script that does what it's supposed to do that I can beat together, then submit as a patch? I'm rather surprised that the cron files aren't referenced in any of the installation procedure on FreeBSD-- I've been running MailScanner for almost a year now, and just discovered this aspect of things! -- Jay Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: Bit rot From mikael at syska.dk Thu Sep 20 23:42:56 2007 From: mikael at syska.dk (Mikael Syska) Date: Thu Sep 20 23:41:04 2007 Subject: database is locked error In-Reply-To: References: Message-ID: <46F2F770.4070804@syska.dk> Hi, I had the same issue ... was running 10 Childs .... just raised it to 16 .... and it solved my problem of messages pilling up. System specs are about the same ... I guess the server could handle 5 times as many mails .... think BitDefender takes much of the load ... so it would be removed since we are also running clamd. System is processing 20k mails per day now .... I have never seen that error before, but I guess its a DB specific thing .... and not related to MS. // ouT Mark Warpool wrote: > Hi all, > I've recently started getting a lot of these errors in my mail.warn log. > > Sep 20 16:48:37 mail03 MailScanner[25144]: database is locked(5) at > dbdimp.c line 402 > Sep 20 16:48:40 mail03 MailScanner[24966]: database is locked(5) at > dbdimp.c line 402 > Sep 20 16:49:08 mail03 MailScanner[25144]: database is locked(5) at > dbdimp.c line 402 > Sep 20 16:49:39 mail03 MailScanner[25144]: database is locked(5) at > dbdimp.c line 402 > > My server is under extremely heavy load at the moment, doing about 30k - 40k > messages per day. It's a SUSE 10.2 box with dual-dual core Opterons and 2GB > of RAM. I've been running MailScanner for many years now on various > different servers, but I've never run across this error before. > > It seems to be processing mail, however it also seems the mail is piling up > and not processing as fast as I would normally expect it to. As of this > writing, it has about 1000 messages in queue, where I normally am able to > keep that to the 200 - 400 range. > > Any suggestions? > > TIA > > Mark Warpool > Ideate Technology Solutions > > From ssilva at sgvwater.com Fri Sep 21 00:18:10 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Sep 21 00:19:10 2007 Subject: New MailScanner Features In-Reply-To: <46F2F439.9010705@sequestered.net> References: <46F2E94F.1040207@sequestered.net> <46F2F439.9010705@sequestered.net> Message-ID: Jay Chandler spake the following on 9/20/2007 3:29 PM: > Scott Silva wrote: >> Jay Chandler spake the following on 9/20/2007 2:42 PM: >>> The new version of MailScanner has a few nifty features that I like-- >>> particularly the watermarking. >>> >>> >>> The issue I'm having is in getting the phishing bad list updated via >>> cron. I build Mailscanner from the FreeBSD ports tree, and until >>> today didn't realize there were cron scripts living in >>> /usr/local/libexec that did useful things, like updating the virus >>> scanners. >>> >>> I don't see a script in there for updating the bad list, nor can I >>> find a reference to one anywhere. Has this just not been written >>> yet, or did the port maintainer miss something? >>> >> There should be something like update_phishing_sites called from cron >> every day. Maybe the maintainer hasn't added the cron scripts yet. >> > > Yeah, it's there, but it's solely targeting the whitelist, not the > blacklist. > > Does someone have a copy of an update script that does what it's > supposed to do that I can beat together, then submit as a patch? > > I'm rather surprised that the cron files aren't referenced in any of the > installation procedure on FreeBSD-- I've been running MailScanner for > almost a year now, and just discovered this aspect of things! > I think that came in 4.63. Is the ports version that current? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Fri Sep 21 00:22:07 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Sep 21 00:22:27 2007 Subject: database is locked error In-Reply-To: References: Message-ID: <46F3009F.30406@ecs.soton.ac.uk> This is usually caused by the SpamAssassin Cache db getting corrupted. Stop MailScanner, delete the db file in /var/spool/MailScanner/incoming and restart MailScanner. Then the errors and slowness will go away. Can someone add this one to the wiki please? Mark Warpool wrote: > Hi all, > I've recently started getting a lot of these errors in my mail.warn log. > > Sep 20 16:48:37 mail03 MailScanner[25144]: database is locked(5) at > dbdimp.c line 402 > Sep 20 16:48:40 mail03 MailScanner[24966]: database is locked(5) at > dbdimp.c line 402 > Sep 20 16:49:08 mail03 MailScanner[25144]: database is locked(5) at > dbdimp.c line 402 > Sep 20 16:49:39 mail03 MailScanner[25144]: database is locked(5) at > dbdimp.c line 402 > > My server is under extremely heavy load at the moment, doing about 30k - 40k > messages per day. It's a SUSE 10.2 box with dual-dual core Opterons and 2GB > of RAM. I've been running MailScanner for many years now on various > different servers, but I've never run across this error before. > > It seems to be processing mail, however it also seems the mail is piling up > and not processing as fast as I would normally expect it to. As of this > writing, it has about 1000 messages in queue, where I normally am able to > keep that to the 200 - 400 range. > > Any suggestions? > > TIA > > Mark Warpool > Ideate Technology Solutions > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Fri Sep 21 00:25:00 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Sep 21 00:25:21 2007 Subject: New MailScanner Features In-Reply-To: <46F2F439.9010705@sequestered.net> References: <46F2E94F.1040207@sequestered.net> <46F2F439.9010705@sequestered.net> Message-ID: <46F3014C.8020203@ecs.soton.ac.uk> Jay Chandler wrote: > Scott Silva wrote: >> Jay Chandler spake the following on 9/20/2007 2:42 PM: >>> The new version of MailScanner has a few nifty features that I >>> like-- particularly the watermarking. >>> >>> >>> The issue I'm having is in getting the phishing bad list updated via >>> cron. I build Mailscanner from the FreeBSD ports tree, and until >>> today didn't realize there were cron scripts living in >>> /usr/local/libexec that did useful things, like updating the virus >>> scanners. >>> >>> I don't see a script in there for updating the bad list, nor can I >>> find a reference to one anywhere. Has this just not been written >>> yet, or did the port maintainer miss something? >>> >> There should be something like update_phishing_sites called from cron >> every day. Maybe the maintainer hasn't added the cron scripts yet. >> > > Yeah, it's there, but it's solely targeting the whitelist, not the > blacklist. > > Does someone have a copy of an update script that does what it's > supposed to do that I can beat together, then submit as a patch? > > I'm rather surprised that the cron files aren't referenced in any of > the installation procedure on FreeBSD-- I've been running MailScanner > for almost a year now, and just discovered this aspect of things! There should be an hourly cron job running update_bad_phishing_sites. The guts of that script (minus all the copyright statements and the like) is below. #!/bin/sh PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/etc:/usr/local/bin:/usr/sfw/bin export PATH if [ -d /etc/MailScanner ]; then cd /etc/MailScanner else logger -p mail.warn -t update.bad.phishing.sites Cannot find MailScanner configuration directory, update failed. echo Cannot find MailScanner configuration directory. echo Auto-updates of phishing.bad.sites.conf will not happen. exit 1 fi wget http://www.mailscanner.eu/phishing.bad.sites.conf.master || \ curl -O http://www.mailscanner.eu/phishing.bad.sites.conf.master || \ ( logger -p mail.warn -t update.phishing.sites Cannot find wget or curl, update failed. ; echo Cannot find wget or curl to do phishing bad sites update. ; exit 1 ) if [ -s phishing.bad.sites.conf.master ]; then cp -f phishing.bad.sites.conf phishing.bad.sites.conf.old mv -f phishing.bad.sites.conf.master phishing.bad.sites.conf chmod a+r phishing.bad.sites.conf logger -p mail.info -t update.bad.phishing.sites Phishing bad sites list updated else logger -p mail.info -t update.bad.phishing.sites Phishing bad sites list update failed! fi rm -f phishing.bad.sites.conf.master exit 0 Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Fri Sep 21 00:22:30 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Sep 21 00:25:35 2007 Subject: database is locked error In-Reply-To: References: Message-ID: Mark Warpool spake the following on 9/20/2007 1:57 PM: > Hi all, > I've recently started getting a lot of these errors in my mail.warn log. > > Sep 20 16:48:37 mail03 MailScanner[25144]: database is locked(5) at > dbdimp.c line 402 > Sep 20 16:48:40 mail03 MailScanner[24966]: database is locked(5) at > dbdimp.c line 402 > Sep 20 16:49:08 mail03 MailScanner[25144]: database is locked(5) at > dbdimp.c line 402 > Sep 20 16:49:39 mail03 MailScanner[25144]: database is locked(5) at > dbdimp.c line 402 > > My server is under extremely heavy load at the moment, doing about 30k - 40k > messages per day. It's a SUSE 10.2 box with dual-dual core Opterons and 2GB > of RAM. I've been running MailScanner for many years now on various > different servers, but I've never run across this error before. > > It seems to be processing mail, however it also seems the mail is piling up > and not processing as fast as I would normally expect it to. As of this > writing, it has about 1000 messages in queue, where I normally am able to > keep that to the 200 - 400 range. > > Any suggestions? > > TIA > > Mark Warpool > Ideate Technology Solutions > That is from SQLite. Trey running analyze_SpamAssassin_cache and see if it can fix the db. Or you can just stop mailscanner long enough to kill the spamassassin cache db and restart. It might be harmless, but it could be slowing things down. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From mwarpool at www-pros.com Fri Sep 21 00:37:57 2007 From: mwarpool at www-pros.com (Mark Warpool) Date: Fri Sep 21 00:38:14 2007 Subject: database is locked error In-Reply-To: <46F3009F.30406@ecs.soton.ac.uk> References: <46F3009F.30406@ecs.soton.ac.uk> Message-ID: Julian, Thank you for your response. I had figured that it probably had something to do with the SA cache database, so stopping MS and deleting the cache was the first thing that I did. And I've since done it a couple more times, and it continues to surface. Any idea what might be causing the corruption, or what I can do to prevent it? This is MailScanner 4.61.7 btw (I forgot to mention that). -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, September 20, 2007 7:22 PM To: MailScanner discussion Subject: Re: database is locked error This is usually caused by the SpamAssassin Cache db getting corrupted. Stop MailScanner, delete the db file in /var/spool/MailScanner/incoming and restart MailScanner. Then the errors and slowness will go away. Can someone add this one to the wiki please? Mark Warpool wrote: > Hi all, > I've recently started getting a lot of these errors in my mail.warn log. > > Sep 20 16:48:37 mail03 MailScanner[25144]: database is locked(5) at > dbdimp.c line 402 > Sep 20 16:48:40 mail03 MailScanner[24966]: database is locked(5) at > dbdimp.c line 402 > Sep 20 16:49:08 mail03 MailScanner[25144]: database is locked(5) at > dbdimp.c line 402 > Sep 20 16:49:39 mail03 MailScanner[25144]: database is locked(5) at > dbdimp.c line 402 > > My server is under extremely heavy load at the moment, doing about 30k - 40k > messages per day. It's a SUSE 10.2 box with dual-dual core Opterons and 2GB > of RAM. I've been running MailScanner for many years now on various > different servers, but I've never run across this error before. > > It seems to be processing mail, however it also seems the mail is piling up > and not processing as fast as I would normally expect it to. As of this > writing, it has about 1000 messages in queue, where I normally am able to > keep that to the 200 - 400 range. > > Any suggestions? > > TIA > > Mark Warpool > Ideate Technology Solutions > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From lists at sequestered.net Fri Sep 21 00:40:26 2007 From: lists at sequestered.net (Jay Chandler) Date: Fri Sep 21 00:40:30 2007 Subject: New MailScanner Features In-Reply-To: References: <46F2E94F.1040207@sequestered.net> <46F2F439.9010705@sequestered.net> Message-ID: <46F304EA.3050007@sequestered.net> Scott Silva wrote: > I think that came in 4.63. Is the ports version that current? > > kwisatz# pkg_info | grep -i mails MailScanner-4.63.8 Powerful virus/spam scanning framework for mail gateways Yeah, that entire script isn't there. -- Jay Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: Bit rot From lists at sequestered.net Fri Sep 21 00:46:43 2007 From: lists at sequestered.net (Jay Chandler) Date: Fri Sep 21 00:46:46 2007 Subject: New MailScanner Features In-Reply-To: <46F3014C.8020203@ecs.soton.ac.uk> References: <46F2E94F.1040207@sequestered.net> <46F2F439.9010705@sequestered.net> <46F3014C.8020203@ecs.soton.ac.uk> Message-ID: <46F30663.7060104@sequestered.net> Julian Field wrote: > There should be an hourly cron job running update_bad_phishing_sites. > The guts of that script (minus all the copyright statements and the > like) is below. Thanks, Jules! Out of curiosity, how often should the other cron jobs be called? None of them are referenced in the documentation / install guidelines for FreeBSD, so if someone could enumerate them I'd appreciate it... -- Jay Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: Bit rot From jan-peter at koopmann.eu Fri Sep 21 09:09:40 2007 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Fri Sep 21 09:08:54 2007 Subject: New MailScanner Features In-Reply-To: References: <46F2E94F.1040207@sequestered.net> <46F2F439.9010705@sequestered.net> Message-ID: > I think that came in 4.63. Is the ports version that current? It was late but finally arrived a few days ago. Mea culpa. From martinh at solidstatelogic.com Fri Sep 21 09:11:37 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Sep 21 09:11:49 2007 Subject: New MailScanner Features In-Reply-To: <46F30663.7060104@sequestered.net> Message-ID: <2b557abf6db3cc4f8e804af1671d6c12@solidstatelogic.com> Jay My root crontab for MS related stuff looks like this... #mailwatch cleanup @daily /usr/local/bin/mysql mailscanner < /root/clean_maillog.sql #only if you have dcc installed @daily /var/dcc/libexec/updatedcc #clean out the archive 0 2 * * * /usr/local/bin/compress.mailarchive #clean the quarantine out 30 2 * * * /usr/local/bin/quarantine_maint.php --clean 0-59 * * * * /usr/local/bin/mailq.php 14,44 * * * * /opt/MailScanner/bin/update_virus_scanners #update SA using RDJ 30 4 * * 0 /usr/local/bin/rules_du_jour # updates for phishing safe sites 30 3 * * * /opt/MailScanner/bin/update_phishing_sites 27 * * * * /opt/MailScanner/bin/update_bad_phishing_sites -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jay Chandler > Sent: 21 September 2007 00:47 > To: MailScanner discussion > Subject: Re: New MailScanner Features > > Julian Field wrote: > > > There should be an hourly cron job running update_bad_phishing_sites. > > The guts of that script (minus all the copyright statements and the > > like) is below. > > Thanks, Jules! > > Out of curiosity, how often should the other cron jobs be called? None > of them are referenced in the documentation / install guidelines for > FreeBSD, so if someone could enumerate them I'd appreciate it... > > -- > Jay Chandler / KB1JWQ > Living Legend / Systems Exorcist > Today's Excuse: Bit rot > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From jan-peter at koopmann.eu Fri Sep 21 09:12:47 2007 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Fri Sep 21 09:12:00 2007 Subject: New MailScanner Features In-Reply-To: References: <46F2E94F.1040207@sequestered.net> <46F2F439.9010705@sequestered.net> Message-ID: Hello Jay, > Yeah, that entire script isn't there. which one exactly? I did not notice it in 4.63 and therefore probably did not include it in the port. Moreover the automatic processing of the Linux-like cron scripts is not trivial if you want to do it correctly. Due to some time constraints I decided to drop the cron script handling and ask for others to produce patches. From the Changes file: Version 4.62.9 ============== - Upgrade to 4.62.9 - update_spamassassin and update_spamassassin.cron are untouched again. I currently do not have enough time to get this running the FreeBSD way. Patches are welcome. Some cron scripts should be running without problems though. Any suggestions/patches are welcome! Regards, JP From martinh at solidstatelogic.com Fri Sep 21 09:30:33 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Sep 21 09:30:43 2007 Subject: New MailScanner Features In-Reply-To: Message-ID: JP The new update_bad_phishing_sites script -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Koopmann, Jan-Peter > Sent: 21 September 2007 09:13 > To: MailScanner discussion > Subject: RE: New MailScanner Features > > Hello Jay, > > > Yeah, that entire script isn't there. > > which one exactly? I did not notice it in 4.63 and therefore probably > did not include it in the port. > > Moreover the automatic processing of the Linux-like cron scripts is not > trivial if you want to do it correctly. Due to some time constraints I > decided to drop the cron script handling and ask for others to produce > patches. From the Changes file: > > Version 4.62.9 > ============== > - Upgrade to 4.62.9 > - update_spamassassin and update_spamassassin.cron are untouched again. > I > currently do not have enough time to get this running the FreeBSD way. > Patches are welcome. > > Some cron scripts should be running without problems though. Any > suggestions/patches are welcome! > > Regards, > JP > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Fri Sep 21 14:56:09 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Sep 21 14:56:43 2007 Subject: database is locked error In-Reply-To: References: <46F3009F.30406@ecs.soton.ac.uk> Message-ID: <46F3CD79.7000602@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All I can suggest is check that you have the latest DBD::SQLite installed. Mark Warpool wrote: > Julian, > Thank you for your response. I had figured that it probably had something > to do with the SA cache database, so stopping MS and deleting the cache was > the first thing that I did. And I've since done it a couple more times, and > it continues to surface. Any idea what might be causing the corruption, or > what I can do to prevent it? This is MailScanner 4.61.7 btw (I forgot to > mention that). > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Thursday, September 20, 2007 7:22 PM > To: MailScanner discussion > Subject: Re: database is locked error > > This is usually caused by the SpamAssassin Cache db getting corrupted. > Stop MailScanner, delete the db file in /var/spool/MailScanner/incoming > and restart MailScanner. Then the errors and slowness will go away. > > Can someone add this one to the wiki please? > > Mark Warpool wrote: > >> Hi all, >> I've recently started getting a lot of these errors in my mail.warn log. >> >> Sep 20 16:48:37 mail03 MailScanner[25144]: database is locked(5) at >> dbdimp.c line 402 >> Sep 20 16:48:40 mail03 MailScanner[24966]: database is locked(5) at >> dbdimp.c line 402 >> Sep 20 16:49:08 mail03 MailScanner[25144]: database is locked(5) at >> dbdimp.c line 402 >> Sep 20 16:49:39 mail03 MailScanner[25144]: database is locked(5) at >> dbdimp.c line 402 >> >> My server is under extremely heavy load at the moment, doing about 30k - >> > 40k > >> messages per day. It's a SUSE 10.2 box with dual-dual core Opterons and >> > 2GB > >> of RAM. I've been running MailScanner for many years now on various >> different servers, but I've never run across this error before. >> >> It seems to be processing mail, however it also seems the mail is piling >> > up > >> and not processing as fast as I would normally expect it to. As of this >> writing, it has about 1000 messages in queue, where I normally am able to >> keep that to the 200 - 400 range. >> >> Any suggestions? >> >> TIA >> >> Mark Warpool >> Ideate Technology Solutions >> >> >> > > Jules > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFG8815EfZZRxQVtlQRAu3bAKDai7E/VpL4qfG3eapI26ONNw/yYACeOjY0 P/B2RTu/2d8THVOqeBFTLWA= =UocY -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From postmaster at nxds.com Fri Sep 21 15:45:14 2007 From: postmaster at nxds.com (Nexus Postmaster) Date: Fri Sep 21 15:45:17 2007 Subject: Ruleset evaluation problem Message-ID: Hi, I've been experimenting with the watermarking feature using rulesets. I want to be able to exclude some users but include all other users of a domain from watermark checks. (Explicitly defined users don't get checked, but 'catch-alls' do). For example, FromOrTo: john.doe@example.com no FromOrTo: *@example.com??????? yes FromOrTo: default????????????? no However, it seems that the wildcard rule always wins no matter the order of the rules. The included max.message.size rules suggests that the first matching rule wins with this example: From:???? user@domain3.com?? 5M From:???? *@domain3.com???? 500K However, that doesn't seem to be the case with watermarking. Is there a way to achieve what I want or am I missing something? -- stephen From rgreen at trayerproducts.com Fri Sep 21 17:40:55 2007 From: rgreen at trayerproducts.com (Rodney Green) Date: Fri Sep 21 17:40:59 2007 Subject: MailScanner 4.57.6 and clamd Message-ID: <31e7748d0709210940w49d7f39dxc2ea10ef3ec620fc@mail.gmail.com> Hello, Will clamd work with MailScanner version 4.57.6? Thanks, Rod From martinh at solidstatelogic.com Fri Sep 21 17:49:27 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Sep 21 17:49:33 2007 Subject: MailScanner 4.57.6 and clamd In-Reply-To: <31e7748d0709210940w49d7f39dxc2ea10ef3ec620fc@mail.gmail.com> Message-ID: <1f8abe8d52ba5142bf88108796d609c6@solidstatelogic.com> No Update to latest and it will work nicely. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rodney Green > Sent: 21 September 2007 17:41 > To: MailScanner discussion > Subject: MailScanner 4.57.6 and clamd > > Hello, > > Will clamd work with MailScanner version 4.57.6? > > Thanks, > Rod > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From shuttlebox at gmail.com Fri Sep 21 17:54:06 2007 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Sep 21 17:54:19 2007 Subject: MailScanner 4.57.6 and clamd In-Reply-To: <31e7748d0709210940w49d7f39dxc2ea10ef3ec620fc@mail.gmail.com> References: <31e7748d0709210940w49d7f39dxc2ea10ef3ec620fc@mail.gmail.com> Message-ID: <625385e30709210954r7ff79d30v103875df83e76e93@mail.gmail.com> On 9/21/07, Rodney Green wrote: > Hello, > > Will clamd work with MailScanner version 4.57.6? No, it was added to 4.59.4. 1/5/2007 New in Version 4.59.4-2 ================================ Added support for clamdscan and clamd. Use "Virus Scanners = clamd". -- /peter From rgreen at trayerproducts.com Fri Sep 21 18:02:42 2007 From: rgreen at trayerproducts.com (Rodney Green) Date: Fri Sep 21 18:02:48 2007 Subject: MailScanner 4.57.6 and clamd In-Reply-To: <1f8abe8d52ba5142bf88108796d609c6@solidstatelogic.com> References: <31e7748d0709210940w49d7f39dxc2ea10ef3ec620fc@mail.gmail.com> <1f8abe8d52ba5142bf88108796d609c6@solidstatelogic.com> Message-ID: <31e7748d0709211002l3099805aya3eb365741c05ba2@mail.gmail.com> Thanks Martin. I'll have to do that upgrade one of these days. Perhaps this weekend I'll connect in from home and do it. On 9/21/07, Martin.Hepworth wrote: > No > > Update to latest and it will work nicely. > From ssilva at sgvwater.com Fri Sep 21 18:06:50 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Sep 21 18:10:13 2007 Subject: New MailScanner Features In-Reply-To: <2b557abf6db3cc4f8e804af1671d6c12@solidstatelogic.com> References: <46F30663.7060104@sequestered.net> <2b557abf6db3cc4f8e804af1671d6c12@solidstatelogic.com> Message-ID: Martin.Hepworth spake the following on 9/21/2007 1:11 AM: > Jay > > My root crontab for MS related stuff looks like this... > > #mailwatch cleanup > @daily /usr/local/bin/mysql mailscanner < /root/clean_maillog.sql > #only if you have dcc installed > @daily /var/dcc/libexec/updatedcc > #clean out the archive > 0 2 * * * /usr/local/bin/compress.mailarchive > #clean the quarantine out > 30 2 * * * /usr/local/bin/quarantine_maint.php --clean > 0-59 * * * * /usr/local/bin/mailq.php > 14,44 * * * * /opt/MailScanner/bin/update_virus_scanners > #update SA using RDJ > 30 4 * * 0 /usr/local/bin/rules_du_jour > # updates for phishing safe sites > 30 3 * * * /opt/MailScanner/bin/update_phishing_sites > 27 * * * * /opt/MailScanner/bin/update_bad_phishing_sites I have been running mailq.php every 5 min. instead of every minute. It was overlapping occasionally and erroring out. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From sconway at wlnet.com Fri Sep 21 18:20:29 2007 From: sconway at wlnet.com (Stephen Conway) Date: Fri Sep 21 18:20:33 2007 Subject: ArchiveMail Exclusions In-Reply-To: <46F02095.6040705@ecs.soton.ac.uk> References: <0ab401c7f642$7c334e00$7499ea00$@com> <46E9A42E.8090206@ecs.soton.ac.uk> <10cf01c7f70c$c7bd2b00$57378100$@com> <46EBE421.1070400@ecs.soton.ac.uk> <18a501c7f93f$ef6d1db0$ce475910$@com> <46EEB161.4040105@ecs.soton.ac.uk> <1bb901c7fa22$e2149420$a63dbc60$@com> <46F02095.6040705@ecs.soton.ac.uk> Message-ID: <0a4a01c7fc73$b52fb630$1f8f2290$@com> Hello: I have a small problem, for some reason my spam actions changes are not being applied. I have killed MailScanner, then restarted it, but still not catching: To: user@domain.com forward spam@domain.com FromOrTo: default store If I change to add the above rule, it is still always storing and no message goes to spam@domain.com Any ideas? Steve -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Tuesday, September 18, 2007 3:02 PM To: MailScanner discussion Subject: Re: ArchiveMail Exclusions You need to implement your ruleset as part of your Custom Function. Which means you'll need to find out how to add forwardeduser@domain.com to the list of message recipients. Take a look at the top of Message.pm and you'll see the message object properties list. There should be one there called "extrarecipients", which you should be able to add to. Also, read the function "HandleHamAndSpam" and you'll see how the spam actions are implemented. You need to copy bits of that functionality into your Custom Function. Hope that's enough to get you started. You can use a ruleset from inside a Custom Function, I worked out how to do that. But doing it the other way around is not so simple. Good luck! Jules. Stephen Conway wrote: > Hello: > > Ok, I am trying now to do what I need but with Non-Spam-Actions. I have the > forwarding working but there is one problem. We already have a custom > function called "FleetActions" which is our default action for non-SPAM. If > I specify this function as the action for Non-Spam in the MailScanner.conf > as follows: > > Non Spam Actions = &FleetActions > > Then all works as it should, our custom function in CustomConfig.pm gets > called. But, if I try to put it instead to a ruleset file as: > > Non Spam Actions = /opt/MailScanner/etc/rules/message.nonspam.rules > > Which is: > > From: *@domain.com and To: someuser@otherdomain.com > fowardeduser@domain.com > FromOrTo: default &FleetActions > > The messages that should be forwarded are working perfectly, the problem is > that our custom function now doesn't get called and an error goes in log as > follows: > > " Message l8IIKrLi013637 produced illegal Non-Spam Action "&fleetactions", > so message is being delivered" > > So I guess the question is, is there a way inside a ruleset file for Non > Spam Actions to specify a custom function found in CustomConfig.pm? > > Thanks, > > Steve > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Monday, September 17, 2007 12:55 PM > To: MailScanner discussion > Subject: Re: ArchiveMail Exclusions > > > > Stephen Conway wrote: > >> Hello Julien: >> >> Yes, sorry I think I wasn't clear what I was asking. I know that if you >> enter as an action here an e-mail address that messages will go to that >> e-mail. But as I have seen, this sends a 'copy' of the message to the >> address (meaning that a copy still goes to the original recipient). Is >> there a way for example, putting a ! in front of the address, where the >> message is actually forwarded (not copy) to the other address? >> >> > Do that with non-spam actions, spam actions and high-scoring spam actions. > >> Also, I have another item as well. I have blacklist file, and it seems >> > that > >> if MailScanner sees another 'X-Spam: No' flag in the message, that it will >> not block the message even if on the black list. Any way to bypass this, >> > to > >> make MailScanner scan for Spam even if the message has been scanned by >> another Relay server before? >> >> > That's not happening. MailScanner doesn't rely on *anything* in the > headers to control scanning, as everything in the headers can be forged > by a spammer or virus writer. > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian >> Field >> Sent: Saturday, September 15, 2007 9:55 AM >> To: MailScanner discussion >> Subject: Re: ArchiveMail Exclusions >> >> As it says right at the top of the comment about Archive Mail =, you can >> include >> >> # Space-separated list of any combination of >> # 1. email addresses to which mail should be forwarded, >> # 2. directory names where you want mail to be stored, >> # 3. file names (they must already exist!) to which mail will be appended >> # in "mbox" format suitable for most Unix mail systems. >> >> Stephen Conway wrote: >> >> >>> Hello Julien: >>> >>> Thanks very much for that. Seems to work OK. >>> >>> One other question, is there a way using ArchiveMail to forward messages >>> instead of just make an archive? >>> >>> Ex: >>> >>> To: *@domain.com !somegroupmailbox@otherdomain.com >>> >>> Thanks, >>> >>> Steve >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian >>> Field >>> Sent: Thursday, September 13, 2007 4:57 PM >>> To: MailScanner discussion >>> Subject: Re: ArchiveMail Exclusions >>> >>> Stephen, >>> >>> Stephen Conway wrote: >>> >>> >>> >>>> Hello: >>>> >>>> I have the requirement to archive mail for some senders to a certain >>>> >>>> >>>> >>> address >>> >>> >>> >>>> but not if certain senders are matched, I have put the following but it >>>> still always archives, any way to configure this? >>>> >>>> From: *@dontcopydomain.com and To: @domaintobecopied.com >>>> no >>>> >>>> >>>> >>>> >>> That will attempt to archive the mail to a directory called "no" which >>> isn't what you meant. To archive nothing, you just leave it blank, so >>> this is what you meant: >>> From: dontcopydomain.com and to: domaintobecopied.com >>> >>> >>> >>>> From: *@* and To: @domaintobecopied.com >>>> usertobecopied@otherdomain.com >>>> >>>> >>>> >>>> >>> That (the second line) is the same as saying >>> To: domaintobecopied.com usertobecopied@otherdomain.com >>> >>> >>> >>>> This type of logic works well for the Max Message size rules, to have >>>> >>>> >> size >> >> >>>> restrictions for certain domains than others, but for this ruleset file >>>> which is type (AllMatch) as per docs, it doesn't use same logic. >>>> >>>> >>>> >>>> >>> Correct, as it's an "AllMatch". This means that it will archive to all >>> of the places and addresses specified by all the matching rules. That >>> seemed a sensible thing to do at the time, and I still believe is what >>> most people will want. >>> >>> If you want to make it a FirstMatch, edit >>> /usr/lib/MailScanner/MailScanner/ConfigDefs.pl and move this line: >>> ArchiveMail >>> from the [All,Other] section to the [First,Other] section. >>> Then restart MailScanner, and you will have changed the logic it uses. >>> Dead easy. >>> Remember to re-apply the change when you next upgrade MailScanner, as >>> changes you make to that file will be lost during the upgrade process. >>> >>> Jules >>> >>> >>> >>> >> Jules >> >> >> > > Jules > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- ShipMail Now 30% Faster From list-mailscanner at linguaphone.com Fri Sep 21 20:24:29 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Fri Sep 21 20:24:38 2007 Subject: ANNOUNCE: mailwatch2rbl Message-ID: I have been chatting with Alistair Carmichael about a quick script he wrote to extract a list of IP addresses out of the mailwatch database which have only sent a number of spam emails and then automatically block them. I have now created something which seems to be fully functional at least for me. Alistair had a problem where php did not like the database library I am using but I have never seen this before and have used it on various boxes with a very large range of php versions. You can read basically how it works and download the current release from http://www.gbnetwork.co.uk/mailscanner/mailwatch2rbl/ The block table it generates is easy to use in Postfix and it can also generate a file compatible with rbldnsd. I am not sure what exim and sendmail can work with nativly but if someone would like to give me an example I will enable it to generate compatible files for them aswell. From MailScanner at ecs.soton.ac.uk Fri Sep 21 22:35:50 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Sep 21 22:36:08 2007 Subject: Ruleset evaluation problem In-Reply-To: References: Message-ID: <46F43936.7060800@ecs.soton.ac.uk> There are 3 classes of configuration options: "Simple", "First Match" and "All Matches". "Simple" ones can only be simple values, no rulesets. "First Match" matches on the first matching rule in the ruleset. "All Matches" matches all the matching rules in the ruleset, except for the "default" or "*@*" rule (unless no other rules match). "Use Watermarking" is an "All Matches" setting, so both you user@domain.com and *@domain.com rules match, and it applies the watermarking if any of the matches produce a "yes" result. "Max Message Size" is a "First Match" setting, so just the user@domain.com rule is used. I had to make a design decision for every configuration setting whether it made more sense for it to be a "First Match" or an "All Matches" type. If you want to change my design decision, edit /usr/lib/MailScanner/MailScanner/ConfigDefs.pl and move them between the "First" and "All" sections. Take a look through that file and you will soon understand the layout. Remember that any changes you make to that file will be overwritten by the next upgrade, as ConfigDefs.pl is not considered to be a normally user-editable configuration file. So turn any change you make into a patch and re-apply the patch when you upgrade. But there's nothing stopping you changing the file if you want to use a setting in a way I haven't provided for. That's the beauty of Open Source :-) Hope that explains it reasonably well, Jules. Nexus Postmaster wrote: > Hi, > > I've been experimenting with the watermarking feature using rulesets. I want to be able to exclude some users but include all other users of a domain from watermark checks. (Explicitly defined users don't get checked, but 'catch-alls' do). > > For example, > > FromOrTo: john.doe@example.com no > FromOrTo: *@example.com yes > FromOrTo: default no > > > However, it seems that the wildcard rule always wins no matter the order of the rules. > > The included max.message.size rules suggests that the first matching rule wins with this example: > > From: user@domain3.com 5M > From: *@domain3.com 500K > > However, that doesn't seem to be the case with watermarking. > > Is there a way to achieve what I want or am I missing something? > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Fri Sep 21 22:37:55 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Sep 21 22:38:14 2007 Subject: ArchiveMail Exclusions In-Reply-To: <0a4a01c7fc73$b52fb630$1f8f2290$@com> References: <0ab401c7f642$7c334e00$7499ea00$@com> <46E9A42E.8090206@ecs.soton.ac.uk> <10cf01c7f70c$c7bd2b00$57378100$@com> <46EBE421.1070400@ecs.soton.ac.uk> <18a501c7f93f$ef6d1db0$ce475910$@com> <46EEB161.4040105@ecs.soton.ac.uk> <1bb901c7fa22$e2149420$a63dbc60$@com> <46F02095.6040705@ecs.soton.ac.uk> <0a4a01c7fc73$b52fb630$1f8f2290$@com> Message-ID: <46F439B3.40302@ecs.soton.ac.uk> What version of MailScanner are you running? Have you checked the latest Change Log for any bugfixes to this code that are more recent than the version you are running? Stephen Conway wrote: > Hello: > > I have a small problem, for some reason my spam actions changes are not > being applied. I have killed MailScanner, then restarted it, but still not > catching: > > To: user@domain.com forward spam@domain.com > FromOrTo: default store > > If I change to add the above rule, it is still always storing and no message > goes to spam@domain.com > > Any ideas? > > Steve > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Tuesday, September 18, 2007 3:02 PM > To: MailScanner discussion > Subject: Re: ArchiveMail Exclusions > > You need to implement your ruleset as part of your Custom Function. > Which means you'll need to find out how to add forwardeduser@domain.com > to the list of message recipients. Take a look at the top of Message.pm > and you'll see the message object properties list. There should be one > there called "extrarecipients", which you should be able to add to. > Also, read the function "HandleHamAndSpam" and you'll see how the spam > actions are implemented. You need to copy bits of that functionality > into your Custom Function. > > Hope that's enough to get you started. > > You can use a ruleset from inside a Custom Function, I worked out how to > do that. But doing it the other way around is not so simple. > > Good luck! > Jules. > > > Stephen Conway wrote: > >> Hello: >> >> Ok, I am trying now to do what I need but with Non-Spam-Actions. I have >> > the > >> forwarding working but there is one problem. We already have a custom >> function called "FleetActions" which is our default action for non-SPAM. >> > If > >> I specify this function as the action for Non-Spam in the MailScanner.conf >> as follows: >> >> Non Spam Actions = &FleetActions >> >> Then all works as it should, our custom function in CustomConfig.pm gets >> called. But, if I try to put it instead to a ruleset file as: >> >> Non Spam Actions = /opt/MailScanner/etc/rules/message.nonspam.rules >> >> Which is: >> >> From: *@domain.com and To: someuser@otherdomain.com >> fowardeduser@domain.com >> FromOrTo: default &FleetActions >> >> The messages that should be forwarded are working perfectly, the problem >> > is > >> that our custom function now doesn't get called and an error goes in log >> > as > >> follows: >> >> " Message l8IIKrLi013637 produced illegal Non-Spam Action "&fleetactions", >> so message is being delivered" >> >> So I guess the question is, is there a way inside a ruleset file for Non >> Spam Actions to specify a custom function found in CustomConfig.pm? >> >> Thanks, >> >> Steve >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian >> Field >> Sent: Monday, September 17, 2007 12:55 PM >> To: MailScanner discussion >> Subject: Re: ArchiveMail Exclusions >> >> >> >> Stephen Conway wrote: >> >> >>> Hello Julien: >>> >>> Yes, sorry I think I wasn't clear what I was asking. I know that if you >>> enter as an action here an e-mail address that messages will go to that >>> e-mail. But as I have seen, this sends a 'copy' of the message to the >>> address (meaning that a copy still goes to the original recipient). Is >>> there a way for example, putting a ! in front of the address, where the >>> message is actually forwarded (not copy) to the other address? >>> >>> >>> >> Do that with non-spam actions, spam actions and high-scoring spam actions. >> >> >>> Also, I have another item as well. I have blacklist file, and it seems >>> >>> >> that >> >> >>> if MailScanner sees another 'X-Spam: No' flag in the message, that it >>> > will > >>> not block the message even if on the black list. Any way to bypass this, >>> >>> >> to >> >> >>> make MailScanner scan for Spam even if the message has been scanned by >>> another Relay server before? >>> >>> >>> >> That's not happening. MailScanner doesn't rely on *anything* in the >> headers to control scanning, as everything in the headers can be forged >> by a spammer or virus writer. >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian >>> Field >>> Sent: Saturday, September 15, 2007 9:55 AM >>> To: MailScanner discussion >>> Subject: Re: ArchiveMail Exclusions >>> >>> As it says right at the top of the comment about Archive Mail =, you can >>> include >>> >>> # Space-separated list of any combination of >>> # 1. email addresses to which mail should be forwarded, >>> # 2. directory names where you want mail to be stored, >>> # 3. file names (they must already exist!) to which mail will be appended >>> # in "mbox" format suitable for most Unix mail systems. >>> >>> Stephen Conway wrote: >>> >>> >>> >>>> Hello Julien: >>>> >>>> Thanks very much for that. Seems to work OK. >>>> >>>> One other question, is there a way using ArchiveMail to forward messages >>>> instead of just make an archive? >>>> >>>> Ex: >>>> >>>> To: *@domain.com !somegroupmailbox@otherdomain.com >>>> >>>> Thanks, >>>> >>>> Steve >>>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian >>>> Field >>>> Sent: Thursday, September 13, 2007 4:57 PM >>>> To: MailScanner discussion >>>> Subject: Re: ArchiveMail Exclusions >>>> >>>> Stephen, >>>> >>>> Stephen Conway wrote: >>>> >>>> >>>> >>>> >>>>> Hello: >>>>> >>>>> I have the requirement to archive mail for some senders to a certain >>>>> >>>>> >>>>> >>>>> >>>> address >>>> >>>> >>>> >>>> >>>>> but not if certain senders are matched, I have put the following but it >>>>> still always archives, any way to configure this? >>>>> >>>>> From: *@dontcopydomain.com and To: @domaintobecopied.com >>>>> no >>>>> >>>>> >>>>> >>>>> >>>>> >>>> That will attempt to archive the mail to a directory called "no" which >>>> isn't what you meant. To archive nothing, you just leave it blank, so >>>> this is what you meant: >>>> From: dontcopydomain.com and to: domaintobecopied.com >>>> >>>> >>>> >>>> >>>>> From: *@* and To: @domaintobecopied.com >>>>> usertobecopied@otherdomain.com >>>>> >>>>> >>>>> >>>>> >>>>> >>>> That (the second line) is the same as saying >>>> To: domaintobecopied.com usertobecopied@otherdomain.com >>>> >>>> >>>> >>>> >>>>> This type of logic works well for the Max Message size rules, to have >>>>> >>>>> >>>>> >>> size >>> >>> >>> >>>>> restrictions for certain domains than others, but for this ruleset file >>>>> which is type (AllMatch) as per docs, it doesn't use same logic. >>>>> >>>>> >>>>> >>>>> >>>>> >>>> Correct, as it's an "AllMatch". This means that it will archive to all >>>> of the places and addresses specified by all the matching rules. That >>>> seemed a sensible thing to do at the time, and I still believe is what >>>> most people will want. >>>> >>>> If you want to make it a FirstMatch, edit >>>> /usr/lib/MailScanner/MailScanner/ConfigDefs.pl and move this line: >>>> ArchiveMail >>>> from the [All,Other] section to the [First,Other] section. >>>> Then restart MailScanner, and you will have changed the logic it uses. >>>> Dead easy. >>>> Remember to re-apply the change when you next upgrade MailScanner, as >>>> changes you make to that file will be lost during the upgrade process. >>>> >>>> Jules >>>> >>>> >>>> >>>> >>>> >>> Jules >>> >>> >>> >>> >> Jules >> >> >> > > Jules > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From ssilva at sgvwater.com Sat Sep 22 00:05:29 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Sep 22 00:05:51 2007 Subject: ANNOUNCE: mailwatch2rbl In-Reply-To: References: Message-ID: Gareth spake the following on 9/21/2007 12:24 PM: > I have been chatting with Alistair Carmichael about a quick script he wrote > to extract a list of IP addresses out of the mailwatch database which have > only sent a number of spam emails and then automatically block them. > > I have now created something which seems to be fully functional at least for > me. Alistair had a problem where php did not like the database library I am > using but I have never seen this before and have used it on various boxes > with a very large range of php versions. > > You can read basically how it works and download the current release from > http://www.gbnetwork.co.uk/mailscanner/mailwatch2rbl/ > > The block table it generates is easy to use in Postfix and it can also > generate a file compatible with rbldnsd. I am not sure what exim and > sendmail can work with nativly but if someone would like to give me an > example I will enable it to generate compatible files for them aswell. > Sendmail access file is in the following format; ip address [tab] RFC message The hard part is expiring entries, not adding them. You can always cat them to the end of the file, but you need some magic to find an entry and remove it when the time limit is up. Here are a few generated by Vispan from my system; 85.118.111.254 550 5.5.0 No Spammers Allowed 58.225.149.228 550 5.5.0 No Spammers Allowed 218.240.114.209 550 5.5.0 No Spammers Allowed 69.147.64.37 550 5.5.0 No Spammers Allowed 68.142.201.96 550 5.5.0 No Spammers Allowed 129.41.237.74 550 5.5.0 No Spammers Allowed How about adding it to iptables? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From list-mailscanner at linguaphone.com Sat Sep 22 07:52:58 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Sat Sep 22 07:53:04 2007 Subject: ANNOUNCE: mailwatch2rbl In-Reply-To: Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Scott > Silva > Sent: 22 September 2007 00:05 > To: mailscanner@lists.mailscanner.info > Subject: Re: ANNOUNCE: mailwatch2rbl > > > Gareth spake the following on 9/21/2007 12:24 PM: > > I have been chatting with Alistair Carmichael about a quick > script he wrote > > to extract a list of IP addresses out of the mailwatch database > which have > > only sent a number of spam emails and then automatically block them. > > > > I have now created something which seems to be fully functional > at least for > > me. Alistair had a problem where php did not like the database > library I am > > using but I have never seen this before and have used it on > various boxes > > with a very large range of php versions. > > > > You can read basically how it works and download the current > release from > > http://www.gbnetwork.co.uk/mailscanner/mailwatch2rbl/ > > > > The block table it generates is easy to use in Postfix and it can also > > generate a file compatible with rbldnsd. I am not sure what exim and > > sendmail can work with nativly but if someone would like to give me an > > example I will enable it to generate compatible files for them aswell. > > > Sendmail access file is in the following format; > > ip address [tab] RFC message > The hard part is expiring entries, not adding them. You can > always cat them to > the end of the file, but you need some magic to find an entry and > remove it > when the time limit is up. My script stores the expiry date in the block table and expires any entries from it every time the script is run. Any text files are regenerated every time aswell. > > Here are a few generated by Vispan from my system; > > 85.118.111.254 550 5.5.0 No Spammers Allowed > 58.225.149.228 550 5.5.0 No Spammers Allowed > 218.240.114.209 550 5.5.0 No Spammers Allowed > 69.147.64.37 550 5.5.0 No Spammers Allowed > 68.142.201.96 550 5.5.0 No Spammers Allowed > 129.41.237.74 550 5.5.0 No Spammers Allowed > > How about adding it to iptables? I'll create another option where you can create any arbitary file that you want so that will allow you to create a suitable file for sendmail and postfix. I always create a temporary file first and I could check and only move it over the top of the mail file if the contents are different. That way I could implement a feature where a command could be run if the file changes and this could be used to reload iptables etc... From hvdkooij at vanderkooij.org Sat Sep 22 14:53:13 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Sep 22 14:53:21 2007 Subject: ANNOUNCE: mailwatch2rbl In-Reply-To: References: Message-ID: On Fri, 21 Sep 2007, Scott Silva wrote: > ip address [tab] RFC message > The hard part is expiring entries, not adding them. You can always cat them > to the end of the file, but you need some magic to find an entry and remove > it when the time limit is up. > > Here are a few generated by Vispan from my system; > > 85.118.111.254 550 5.5.0 No Spammers Allowed > 58.225.149.228 550 5.5.0 No Spammers Allowed > 218.240.114.209 550 5.5.0 No Spammers Allowed > 69.147.64.37 550 5.5.0 No Spammers Allowed > 68.142.201.96 550 5.5.0 No Spammers Allowed > 129.41.237.74 550 5.5.0 No Spammers Allowed > > How about adding it to iptables? If you drop SMTP session on the MTA it will be a final decision. If you break it at the TCP level it will be sent to your backup server which may not have these restrictions. I would discourage the use of TCP blocking techniques if favor of SMTP blocking actions. Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From MailScanner at ecs.soton.ac.uk Sat Sep 22 20:21:48 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Sep 22 20:22:16 2007 Subject: Release 4.64.1-1 beta Message-ID: <46F56B4C.3020705@ecs.soton.ac.uk> Hi folks! I have just released a beta of 4.64. Several minor features, and some bugfixes. It's been a relatively quiet month so far. ** Book News ** Please note that if you are east of the Atlantic, you can now get the MailScanner Book printed in the EU, with *much* lower shipping costs (and no import tax in the EU) than when you could only order it from the USA. You can get to the EU bookshop from the same advert in the top right corner of the www.mailscanner.info home page. Please also note that I updated the book this summer, so it is pretty well up to date. So if you have been holding off buying the book because of the price, you can buy it cheaper now! (It is still also available from the USA just as before) Download MailScanner as usual from www.mailscanner.info. The full Change Log is this: * New Features and Improvements * 1 The MailScanner book is now also available for purchase from the EU with much lower shipping costs. Go to www.lulu.com/mailscanner. 1 Solaris check_mailscanner code now uses pgrep. 1 "MailScanner -v" now lists version of Date::Parse which was missing. 1 Added "$datenumber" to the inline spam warning report. 1 "MailScanner --lint" now checks your %org-name% to ensure it only contains safe characters (i.e. a-z, A-Z, 0-9 and -). 1 Added "allow" rule to filename.rules.conf for the XML filenames inside Microsoft Office 2007 (e.g. *.docx) files which are actually archives. 1 F-Prot-6 autoupdater improved to tell you whether it actually downloaded a new virus signatures file or not. 1 Tar distro now includes ChangeLog. 1 "Treat Invalid Watermarks With No Sender as Spam" can now be set to a number greater than zero. This value will be added to the spam score. 1 Watermark spam header reports refer to them as "watermarks" and not "null headers" as that is easier to understand. * Fixes * 1 Now set the umask of the directory into which the TNEF attachments are unpacked by the external TNEF expander. Thanks to derek@csolve.net. 1 Fixed bug which caused crash when using a ruleset on "Filename Rules" setting when the file listed in the ruleset does not exist. Thanks to Ugo Bellevance. 1 Added line to stop EOCD Format errors being output in UnpackZip. Thanks to Rick Cooper. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Sat Sep 22 20:25:55 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Sep 22 20:26:23 2007 Subject: Release 4.64.1-1 beta Message-ID: <46F56C43.2030106@ecs.soton.ac.uk> Hi folks! I have just released a beta of 4.64. Several minor features, and some bugfixes. It's been a relatively quiet month so far. ** Book News ** Please note that if you are east of the Atlantic, you can now get the MailScanner Book printed in the EU, with *much* lower shipping costs (and no import tax in the EU) than when you could only order it from the USA. You can get to the EU bookshop from the same advert in the top right corner of the www.mailscanner.info home page. Please also note that I updated the book this summer, so it is pretty well up to date. So if you have been holding off buying the book because of the price, you can buy it cheaper now! (It is still also available from the USA just as before) Download MailScanner as usual from www.mailscanner.info. The full Change Log is this: * New Features and Improvements * 1 The MailScanner book is now also available for purchase from the EU with much lower shipping costs. Go to www.lulu.com/mailscanner. 1 Solaris check_mailscanner code now uses pgrep. 1 "MailScanner -v" now lists version of Date::Parse which was missing. 1 Added "$datenumber" to the inline spam warning report. 1 "MailScanner --lint" now checks your %org-name% to ensure it only contains safe characters (i.e. a-z, A-Z, 0-9 and -). 1 Added "allow" rule to filename.rules.conf for the XML filenames inside Microsoft Office 2007 (e.g. *.docx) files which are actually archives. 1 F-Prot-6 autoupdater improved to tell you whether it actually downloaded a new virus signatures file or not. 1 Tar distro now includes ChangeLog. 1 "Treat Invalid Watermarks With No Sender as Spam" can now be set to a number greater than zero. This value will be added to the spam score. 1 Watermark spam header reports refer to them as "watermarks" and not "null headers" as that is easier to understand. * Fixes * 1 Now set the umask of the directory into which the TNEF attachments are unpacked by the external TNEF expander. Thanks to derek@csolve.net. 1 Fixed bug which caused crash when using a ruleset on "Filename Rules" setting when the file listed in the ruleset does not exist. Thanks to Ugo Bellevance. 1 Added line to stop EOCD Format errors being output in UnpackZip. Thanks to Rick Cooper. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From stork at openenterprise.ca Sun Sep 23 17:56:34 2007 From: stork at openenterprise.ca (Johnny Stork) Date: Sun Sep 23 17:56:40 2007 Subject: Re-Installing Mailscanner- Cant any suggest any tips? Message-ID: <46F69AC2.3080506@openenterprise.ca> Well maybe a different subject line might ellicit a response. I am having to install MS on a newly built system and would like to try and transfer all settings and historical data to the new system. Any suggestions? I am guessing something along the lines of 1: Install the MS/Clam/SA packages on new system. 2: Export/import Mysql database 3: Copy over old mailscanner.conf files (and other files? -- *Johnny Stork* Business & Technology Consultant stork@openenterprise.ca -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070923/a6cad5ed/attachment.html From MailScanner at ecs.soton.ac.uk Sun Sep 23 18:26:50 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Sep 23 18:27:11 2007 Subject: Re-Installing Mailscanner- Cant any suggest any tips? In-Reply-To: <46F69AC2.3080506@openenterprise.ca> References: <46F69AC2.3080506@openenterprise.ca> Message-ID: <46F6A1DA.9080609@ecs.soton.ac.uk> Johnny Stork wrote: > Well maybe a different subject line might ellicit a response. I am > having to install MS on a newly built system and would like to try and > transfer all settings and historical data to the new system. Any > suggestions? > > I am guessing something along the lines of > > 1: Install the MS/Clam/SA packages on new system. > 2: Export/import Mysql database What does this contain? Have you been using MailWatch? MailScanner itself doesn't use any mysql database. > 3: Copy over old mailscanner.conf files (and other files? Make sure you keep the new MailScanner.conf from the new system, rename it to /etc/MailScaner/MailScanner.conf.rpmnew and then copy in the old one, then upgrade_MailScaner_conf. Do likewise for /etc/MailScanner/reports/*/languages.conf files too. > > > -- > *Johnny Stork* > Business & Technology Consultant > stork@openenterprise.ca > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From list-mailscanner at linguaphone.com Sun Sep 23 18:31:17 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Sun Sep 23 18:31:21 2007 Subject: Re-Installing Mailscanner- Cant any suggest any tips? In-Reply-To: <46F69AC2.3080506@openenterprise.ca> Message-ID: Thats basically it. Install MS/Clam/SA and Mailwatch which I assume you are using as you refer to a database. Dont forget to copy across the mailwatch plugins to mailscanners customfunctions directory. Then export and reimport the database. Then copy across the MS (/etc/Mailscanner) and SA (/etc/mail/spamassassin) configuration. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Johnny Stork Sent: 23 September 2007 17:57 To: MailScanner discussion Subject: Re-Installing Mailscanner- Cant any suggest any tips? Well maybe a different subject line might ellicit a response. I am having to install MS on a newly built system and would like to try and transfer all settings and historical data to the new system. Any suggestions? I am guessing something along the lines of 1: Install the MS/Clam/SA packages on new system. 2: Export/import Mysql database 3: Copy over old mailscanner.conf files (and other files? -- Johnny Stork Business & Technology Consultant stork@openenterprise.ca -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070923/9b78e520/attachment.html From stork at openenterprise.ca Sun Sep 23 18:45:50 2007 From: stork at openenterprise.ca (Johnny Stork) Date: Sun Sep 23 18:45:54 2007 Subject: Re-Installing Mailscanner- Cant any suggest any tips? In-Reply-To: <46F6A1DA.9080609@ecs.soton.ac.uk> References: <46F69AC2.3080506@openenterprise.ca> <46F6A1DA.9080609@ecs.soton.ac.uk> Message-ID: <46F6A64E.3070906@openenterprise.ca> Forgot to mention that, yes I was running mailwatch also, and CRM114 Julian Field wrote: > > > Johnny Stork wrote: >> Well maybe a different subject line might ellicit a response. I am >> having to install MS on a newly built system and would like to try >> and transfer all settings and historical data to the new system. Any >> suggestions? >> >> I am guessing something along the lines of >> >> 1: Install the MS/Clam/SA packages on new system. >> 2: Export/import Mysql database > What does this contain? Have you been using MailWatch? MailScanner > itself doesn't use any mysql database. >> 3: Copy over old mailscanner.conf files (and other files? > Make sure you keep the new MailScanner.conf from the new system, > rename it to /etc/MailScaner/MailScanner.conf.rpmnew and then copy in > the old one, then upgrade_MailScaner_conf. > Do likewise for /etc/MailScanner/reports/*/languages.conf files too. > >> >> >> -- >> *Johnny Stork* >> Business & Technology Consultant >> stork@openenterprise.ca >> > > Jules > -- *Johnny Stork* Business & Technology Consultant stork@openenterprise.ca From stork at openenterprise.ca Sun Sep 23 18:55:56 2007 From: stork at openenterprise.ca (Johnny Stork) Date: Sun Sep 23 18:56:03 2007 Subject: Re-Installing Mailscanner- Cant any suggest any tips? In-Reply-To: <46F6A1DA.9080609@ecs.soton.ac.uk> References: <46F69AC2.3080506@openenterprise.ca> <46F6A1DA.9080609@ecs.soton.ac.uk> Message-ID: <46F6A8AC.9050406@openenterprise.ca> What about things like the SA bayes database? Can I just copy over some directories Julian Field wrote: > > > Johnny Stork wrote: >> Well maybe a different subject line might ellicit a response. I am >> having to install MS on a newly built system and would like to try >> and transfer all settings and historical data to the new system. Any >> suggestions? >> >> I am guessing something along the lines of >> >> 1: Install the MS/Clam/SA packages on new system. >> 2: Export/import Mysql database > What does this contain? Have you been using MailWatch? MailScanner > itself doesn't use any mysql database. >> 3: Copy over old mailscanner.conf files (and other files? > Make sure you keep the new MailScanner.conf from the new system, > rename it to /etc/MailScaner/MailScanner.conf.rpmnew and then copy in > the old one, then upgrade_MailScaner_conf. > Do likewise for /etc/MailScanner/reports/*/languages.conf files too. > >> >> >> -- >> *Johnny Stork* >> Business & Technology Consultant >> stork@openenterprise.ca >> > > Jules > -- *Johnny Stork* Business & Technology Consultant stork@openenterprise.ca ______________________________________________ *Open Enterprise Solutions* /"Empowering Business With Open Solutions"/ http://www.openenterprise.ca *Mountain Hosting* /"Secure Hosting Solutions for Business"/ http://www.mountainhosting.ca *Dreamscape Media* /"Multimedia, Photography and VR Panorama's"/ http://www.dreamscapemedia.ca From list-mailscanner at linguaphone.com Sun Sep 23 19:19:25 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Sun Sep 23 19:19:31 2007 Subject: Re-Installing Mailscanner- Cant any suggest any tips? In-Reply-To: <46F6A8AC.9050406@openenterprise.ca> Message-ID: You can just copy across the bayes files. I normally have my bayes stored in the mysql database aswell. It saves a lot of permissions problems. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Johnny > Stork > Sent: 23 September 2007 18:56 > To: MailScanner discussion > Subject: Re: Re-Installing Mailscanner- Cant any suggest any tips? > > > What about things like the SA bayes database? Can I just copy over some > directories > > > Julian Field wrote: > > > > > > Johnny Stork wrote: > >> Well maybe a different subject line might ellicit a response. I am > >> having to install MS on a newly built system and would like to try > >> and transfer all settings and historical data to the new system. Any > >> suggestions? > >> > >> I am guessing something along the lines of > >> > >> 1: Install the MS/Clam/SA packages on new system. > >> 2: Export/import Mysql database > > What does this contain? Have you been using MailWatch? MailScanner > > itself doesn't use any mysql database. > >> 3: Copy over old mailscanner.conf files (and other files? > > Make sure you keep the new MailScanner.conf from the new system, > > rename it to /etc/MailScaner/MailScanner.conf.rpmnew and then copy in > > the old one, then upgrade_MailScaner_conf. > > Do likewise for /etc/MailScanner/reports/*/languages.conf files too. > > > >> > >> > >> -- > >> *Johnny Stork* > >> Business & Technology Consultant > >> stork@openenterprise.ca > >> > > > > Jules > > > > -- > *Johnny Stork* > Business & Technology Consultant > stork@openenterprise.ca > > ______________________________________________ > *Open Enterprise Solutions* > /"Empowering Business With Open Solutions"/ > http://www.openenterprise.ca > > *Mountain Hosting* > /"Secure Hosting Solutions for Business"/ > http://www.mountainhosting.ca > > *Dreamscape Media* > /"Multimedia, Photography and VR Panorama's"/ > http://www.dreamscapemedia.ca > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From hvdkooij at vanderkooij.org Mon Sep 24 00:07:09 2007 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Sep 24 00:07:19 2007 Subject: Re-Installing Mailscanner- Cant any suggest any tips? In-Reply-To: <46F69AC2.3080506@openenterprise.ca> References: <46F69AC2.3080506@openenterprise.ca> Message-ID: On Sun, 23 Sep 2007, Johnny Stork wrote: > Well maybe a different subject line might ellicit a response. I am having to > install MS on a newly built system and would like to try and transfer all > settings and historical data to the new system. Any suggestions? Let's go back to the real basic question you need to anser before you know how to do this. Why do you reinstall? - The old system is not working well. ==> Copying everything will most likely get similar results. - The old hardware is (almost) broken. ==> Use the backup/restore procedure you worked out when you declared it production ready. - ..... ==> ?????????????? Hugo. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for this quote of George Bernard Shaw.) From blazek at lake-coe.k12.ca.us Mon Sep 24 00:25:47 2007 From: blazek at lake-coe.k12.ca.us (Blaze King) Date: Mon Sep 24 00:25:18 2007 Subject: mailscanner restarts when using spamassassin Message-ID: Ok here's one that stumping me... This is a new installation... When I have "Use Spamassassin = yes" in MailScanner.conf, no messages are processed. When I set that to no, then everything works ok. spamassassin -D --lint doesn't produce any errors. Not sure if it's needed, but here's some background info: (also, as a note, I noticed while writing all this that sendmail is giving me some trouble... users can't send, but system messages and aliases still get sent... I don't know, maybe that's related) This is while installing onto a new server. Before installing MailScanner and because I was using MailWatch, I imported my old database into mysql on the new server. I followed the instructions in Quickinstall.txt: Installed http://www.mailscanner.info/files/4/install-Clam-0.91.2-SA-3.2.3.tar.gz, then installed MailScanner version 4.63.8-1 (also tried latest beta), upgraded conf file. After starting MailScanner, I see this in the maillog: This is with Spam Checks = Yes and Use Spamassassin = yes Sep 23 11:22:21 mail MailScanner[28810]: MailScanner E-Mail Virus Scanner version 4.64.1 starting... Sep 23 11:22:21 mail MailScanner[28810]: Read 797 hostnames from the phishing whitelist Sep 23 11:22:21 mail MailScanner[28810]: Read 1728 hostnames from the phishing blacklist Sep 23 11:22:21 mail MailScanner[28810]: Config: calling custom init function MailWatchLogging Sep 23 11:22:21 mail MailScanner[28810]: Started SQL Logging child Sep 23 11:22:21 mail MailScanner[28810]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Sep 23 11:22:21 mail MailScanner[28810]: Using SpamAssassin results cache Sep 23 11:22:21 mail MailScanner[28810]: Connected to SpamAssassin cache database Sep 23 11:22:26 mail MailScanner[28819]: MailScanner E-Mail Virus Scanner version 4.64.1 starting... Sep 23 11:22:26 mail MailScanner[28819]: Read 797 hostnames from the phishing whitelist Sep 23 11:22:26 mail MailScanner[28819]: Read 1728 hostnames from the phishing blacklist Sep 23 11:22:26 mail MailScanner[28819]: Config: calling custom init function MailWatchLogging Sep 23 11:22:26 mail MailScanner[28819]: Started SQL Logging child Sep 23 11:22:26 mail MailScanner[28819]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Sep 23 11:22:26 mail MailScanner[28819]: Using SpamAssassin results cache Sep 23 11:22:26 mail MailScanner[28819]: Connected to SpamAssassin cache database Sep 23 11:22:31 mail MailScanner[28822]: MailScanner E-Mail Virus Scanner version 4.64.1 starting... Sep 23 11:22:31 mail MailScanner[28822]: Read 797 hostnames from the phishing whitelist Sep 23 11:22:31 mail MailScanner[28822]: Read 1728 hostnames from the phishing blacklist Sep 23 11:22:31 mail MailScanner[28822]: Config: calling custom init function MailWatchLogging Sep 23 11:22:31 mail MailScanner[28822]: Started SQL Logging child Sep 23 11:22:31 mail MailScanner[28822]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Sep 23 11:22:31 mail MailScanner[28822]: Using SpamAssassin results cache Sep 23 11:22:31 mail MailScanner[28822]: Connected to SpamAssassin cache database (repeats over and over, same thing) Here's Spam Checks = Yes and Use Spamassassin = No Sep 23 11:24:42 mail MailScanner[29127]: MailScanner E-Mail Virus Scanner version 4.64.1 starting... Sep 23 11:24:42 mail MailScanner[29127]: Read 797 hostnames from the phishing whitelist Sep 23 11:24:42 mail MailScanner[29127]: Read 1728 hostnames from the phishing blacklist Sep 23 11:24:42 mail MailScanner[29127]: Config: calling custom init function MailWatchLogging Sep 23 11:24:42 mail MailScanner[29127]: Started SQL Logging child Sep 23 11:24:42 mail MailScanner[29127]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Sep 23 11:24:42 mail MailScanner[29127]: Using locktype = posix Sep 23 11:24:42 mail MailScanner[29127]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Sep 23 11:25:19 mail MailScanner[29124]: New Batch: Scanning 1 messages, 1520 bytes Sep 23 11:25:20 mail MailScanner[29124]: Spam Checks: Found 1 spam messages Sep 23 11:25:20 mail MailScanner[29124]: Virus and Content Scanning: Starting Sep 23 11:25:22 mail MailScanner[29124]: Uninfected: Delivered 1 messages Sep 23 11:25:22 mail MailScanner[29124]: Logging message l8NIPI9f029181 to SQL Sep 23 11:25:22 mail MailScanner[29091]: l8NIPI9f029181: Logged to MailWatch SQL (seems to work ok without spamassassin) Any ideas? Thanks! Blaze King Lake County Office of Education (707) 262-4147 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070923/d3ef8def/attachment.html From blazek at lake-coe.k12.ca.us Mon Sep 24 04:54:33 2007 From: blazek at lake-coe.k12.ca.us (Blaze King) Date: Mon Sep 24 04:54:06 2007 Subject: mailscanner restarts when using spamassassin In-Reply-To: References: Message-ID: An update: Sendmail is working fine now. (I had something wrong in the mc file). Now I've re-installed the tarball for ClamAV and SA and Mailscanner, doesn't seem to make any difference. I also used my old MailScanner.conf from my old server (ver. 4.58). Nothing changes the results I was finding below. Spam Checks work, but SpamAssassin isn't. Also, forgot to mention previously, this is on CentOS 5. On top of that my MailWatch install has a feature I forgot how to enable: Viewing the message body. Any ideas on what I'm probably doing wrong? Blaze King blazek@lake-coe.k12.ca.us From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Blaze King Sent: Sunday, September 23, 2007 4:26 PM To: mailscanner@lists.mailscanner.info Subject: mailscanner restarts when using spamassassin Ok here's one that stumping me... This is a new installation... When I have "Use Spamassassin = yes" in MailScanner.conf, no messages are processed. When I set that to no, then everything works ok. spamassassin -D --lint doesn't produce any errors. Not sure if it's needed, but here's some background info: (also, as a note, I noticed while writing all this that sendmail is giving me some trouble... users can't send, but system messages and aliases still get sent... I don't know, maybe that's related) This is while installing onto a new server. Before installing MailScanner and because I was using MailWatch, I imported my old database into mysql on the new server. I followed the instructions in Quickinstall.txt: Installed http://www.mailscanner.info/files/4/install-Clam-0.91.2-SA-3.2.3.tar.gz, then installed MailScanner version 4.63.8-1 (also tried latest beta), upgraded conf file. After starting MailScanner, I see this in the maillog: This is with Spam Checks = Yes and Use Spamassassin = yes Sep 23 11:22:21 mail MailScanner[28810]: MailScanner E-Mail Virus Scanner version 4.64.1 starting... Sep 23 11:22:21 mail MailScanner[28810]: Read 797 hostnames from the phishing whitelist Sep 23 11:22:21 mail MailScanner[28810]: Read 1728 hostnames from the phishing blacklist Sep 23 11:22:21 mail MailScanner[28810]: Config: calling custom init function MailWatchLogging Sep 23 11:22:21 mail MailScanner[28810]: Started SQL Logging child Sep 23 11:22:21 mail MailScanner[28810]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Sep 23 11:22:21 mail MailScanner[28810]: Using SpamAssassin results cache Sep 23 11:22:21 mail MailScanner[28810]: Connected to SpamAssassin cache database Sep 23 11:22:26 mail MailScanner[28819]: MailScanner E-Mail Virus Scanner version 4.64.1 starting... Sep 23 11:22:26 mail MailScanner[28819]: Read 797 hostnames from the phishing whitelist Sep 23 11:22:26 mail MailScanner[28819]: Read 1728 hostnames from the phishing blacklist Sep 23 11:22:26 mail MailScanner[28819]: Config: calling custom init function MailWatchLogging Sep 23 11:22:26 mail MailScanner[28819]: Started SQL Logging child Sep 23 11:22:26 mail MailScanner[28819]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Sep 23 11:22:26 mail MailScanner[28819]: Using SpamAssassin results cache Sep 23 11:22:26 mail MailScanner[28819]: Connected to SpamAssassin cache database Sep 23 11:22:31 mail MailScanner[28822]: MailScanner E-Mail Virus Scanner version 4.64.1 starting... Sep 23 11:22:31 mail MailScanner[28822]: Read 797 hostnames from the phishing whitelist Sep 23 11:22:31 mail MailScanner[28822]: Read 1728 hostnames from the phishing blacklist Sep 23 11:22:31 mail MailScanner[28822]: Config: calling custom init function MailWatchLogging Sep 23 11:22:31 mail MailScanner[28822]: Started SQL Logging child Sep 23 11:22:31 mail MailScanner[28822]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Sep 23 11:22:31 mail MailScanner[28822]: Using SpamAssassin results cache Sep 23 11:22:31 mail MailScanner[28822]: Connected to SpamAssassin cache database (repeats over and over, same thing) Here's Spam Checks = Yes and Use Spamassassin = No Sep 23 11:24:42 mail MailScanner[29127]: MailScanner E-Mail Virus Scanner version 4.64.1 starting... Sep 23 11:24:42 mail MailScanner[29127]: Read 797 hostnames from the phishing whitelist Sep 23 11:24:42 mail MailScanner[29127]: Read 1728 hostnames from the phishing blacklist Sep 23 11:24:42 mail MailScanner[29127]: Config: calling custom init function MailWatchLogging Sep 23 11:24:42 mail MailScanner[29127]: Started SQL Logging child Sep 23 11:24:42 mail MailScanner[29127]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Sep 23 11:24:42 mail MailScanner[29127]: Using locktype = posix Sep 23 11:24:42 mail MailScanner[29127]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Sep 23 11:25:19 mail MailScanner[29124]: New Batch: Scanning 1 messages, 1520 bytes Sep 23 11:25:20 mail MailScanner[29124]: Spam Checks: Found 1 spam messages Sep 23 11:25:20 mail MailScanner[29124]: Virus and Content Scanning: Starting Sep 23 11:25:22 mail MailScanner[29124]: Uninfected: Delivered 1 messages Sep 23 11:25:22 mail MailScanner[29124]: Logging message l8NIPI9f029181 to SQL Sep 23 11:25:22 mail MailScanner[29091]: l8NIPI9f029181: Logged to MailWatch SQL (seems to work ok without spamassassin) Any ideas? Thanks! Blaze King Lake County Office of Education (707) 262-4147 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070923/50917dc9/attachment.html From steve.freegard at fsl.com Mon Sep 24 09:18:27 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Mon Sep 24 09:18:27 2007 Subject: mailscanner restarts when using spamassassin In-Reply-To: References: Message-ID: <46F772D3.2070703@fsl.com> Blaze King wrote: > An update: > > > > Sendmail is working fine now. (I had something wrong in the mc file). > Now I?ve re-installed the tarball for ClamAV and SA and Mailscanner, > doesn?t seem to make any difference. I also used my old > MailScanner.conf from my old server (ver. 4.58). Nothing changes the > results I was finding below. Spam Checks work, but SpamAssassin isn?t. > Also, forgot to mention previously, this is on CentOS 5. Run the following: service MailScanner stop service MailScanner startin MailScanner --debug When the above command exits it should say 'Stopping now as you are debugging me....', if it doesn't then the last line will usually tell you the problem. > On top of that my MailWatch install has a feature I forgot how to > enable: Viewing the message body. Remembered to disable SELinux? Set the permissions correctly on your quarantine directory and sub-directories etc. It's all in the INSTALL docs. Regards, Steve. From martinh at solidstatelogic.com Mon Sep 24 09:04:24 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Sep 24 09:33:43 2007 Subject: mailscanner restarts when using spamassassin In-Reply-To: Message-ID: <75c93eb77bded240a7575e0a5ca8eb27@solidstatelogic.com> Blaze What does "MailScanner --debug --debug-sa" give you? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Blaze King > Sent: 24 September 2007 04:55 > To: MailScanner discussion > Subject: RE: mailscanner restarts when using spamassassin > > An update: > > > > Sendmail is working fine now. (I had something wrong in the mc file). > Now I've re-installed the tarball for ClamAV and SA and Mailscanner, > doesn't seem to make any difference. I also used my old MailScanner.conf > from my old server (ver. 4.58). Nothing changes the results I was finding > below. Spam Checks work, but SpamAssassin isn't. Also, forgot to mention > previously, this is on CentOS 5. > > > > On top of that my MailWatch install has a feature I forgot how to enable: > Viewing the message body. > > > > Any ideas on what I'm probably doing wrong? > > > > Blaze King > > blazek@lake-coe.k12.ca.us > > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Blaze King > Sent: Sunday, September 23, 2007 4:26 PM > To: mailscanner@lists.mailscanner.info > Subject: mailscanner restarts when using spamassassin > > > > Ok here's one that stumping me... > > > > This is a new installation... When I have "Use Spamassassin = yes" in > MailScanner.conf, no messages are processed. When I set that to no, then > everything works ok. spamassassin -D --lint doesn't produce any errors. > Not sure if it's needed, but here's some background info: > > > > (also, as a note, I noticed while writing all this that sendmail is giving > me some trouble... users can't send, but system messages and aliases still > get sent... I don't know, maybe that's related) > > > > This is while installing onto a new server. Before installing MailScanner > and because I was using MailWatch, I imported my old database into mysql > on the new server. > > > > I followed the instructions in Quickinstall.txt: Installed > http://www.mailscanner.info/files/4/install-Clam-0.91.2-SA-3.2.3.tar.gz, > then installed MailScanner version 4.63.8-1 (also tried latest beta), > upgraded conf file. After starting MailScanner, I see this in the > maillog: > > > > This is with Spam Checks = Yes and Use Spamassassin = yes > > > > Sep 23 11:22:21 mail MailScanner[28810]: MailScanner E-Mail Virus Scanner > version 4.64.1 starting... > Sep 23 11:22:21 mail MailScanner[28810]: Read 797 hostnames from the > phishing whitelist > Sep 23 11:22:21 mail MailScanner[28810]: Read 1728 hostnames from the > phishing blacklist > Sep 23 11:22:21 mail MailScanner[28810]: Config: calling custom init > function MailWatchLogging > Sep 23 11:22:21 mail MailScanner[28810]: Started SQL Logging child > Sep 23 11:22:21 mail MailScanner[28810]: SpamAssassin temporary working > directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > Sep 23 11:22:21 mail MailScanner[28810]: Using SpamAssassin results cache > Sep 23 11:22:21 mail MailScanner[28810]: Connected to SpamAssassin cache > database > Sep 23 11:22:26 mail MailScanner[28819]: MailScanner E-Mail Virus Scanner > version 4.64.1 starting... > Sep 23 11:22:26 mail MailScanner[28819]: Read 797 hostnames from the > phishing whitelist > Sep 23 11:22:26 mail MailScanner[28819]: Read 1728 hostnames from the > phishing blacklist > Sep 23 11:22:26 mail MailScanner[28819]: Config: calling custom init > function MailWatchLogging > Sep 23 11:22:26 mail MailScanner[28819]: Started SQL Logging child > Sep 23 11:22:26 mail MailScanner[28819]: SpamAssassin temporary working > directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > Sep 23 11:22:26 mail MailScanner[28819]: Using SpamAssassin results cache > Sep 23 11:22:26 mail MailScanner[28819]: Connected to SpamAssassin cache > database > Sep 23 11:22:31 mail MailScanner[28822]: MailScanner E-Mail Virus Scanner > version 4.64.1 starting... > Sep 23 11:22:31 mail MailScanner[28822]: Read 797 hostnames from the > phishing whitelist > Sep 23 11:22:31 mail MailScanner[28822]: Read 1728 hostnames from the > phishing blacklist > Sep 23 11:22:31 mail MailScanner[28822]: Config: calling custom init > function MailWatchLogging > Sep 23 11:22:31 mail MailScanner[28822]: Started SQL Logging child > Sep 23 11:22:31 mail MailScanner[28822]: SpamAssassin temporary working > directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > Sep 23 11:22:31 mail MailScanner[28822]: Using SpamAssassin results cache > Sep 23 11:22:31 mail MailScanner[28822]: Connected to SpamAssassin cache > database > > (repeats over and over, same thing) > > > > Here's Spam Checks = Yes and Use Spamassassin = No > > > > Sep 23 11:24:42 mail MailScanner[29127]: MailScanner E-Mail Virus Scanner > version 4.64.1 starting... > Sep 23 11:24:42 mail MailScanner[29127]: Read 797 hostnames from the > phishing whitelist > Sep 23 11:24:42 mail MailScanner[29127]: Read 1728 hostnames from the > phishing blacklist > Sep 23 11:24:42 mail MailScanner[29127]: Config: calling custom init > function MailWatchLogging > Sep 23 11:24:42 mail MailScanner[29127]: Started SQL Logging child > Sep 23 11:24:42 mail MailScanner[29127]: SpamAssassin temporary working > directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > Sep 23 11:24:42 mail MailScanner[29127]: Using locktype = posix > Sep 23 11:24:42 mail MailScanner[29127]: Creating hardcoded struct_flock > subroutine for linux (Linux-type) > Sep 23 11:25:19 mail MailScanner[29124]: New Batch: Scanning 1 messages, > 1520 bytes > Sep 23 11:25:20 mail MailScanner[29124]: Spam Checks: Found 1 spam > messages > Sep 23 11:25:20 mail MailScanner[29124]: Virus and Content Scanning: > Starting > Sep 23 11:25:22 mail MailScanner[29124]: Uninfected: Delivered 1 messages > Sep 23 11:25:22 mail MailScanner[29124]: Logging message l8NIPI9f029181 to > SQL > Sep 23 11:25:22 mail MailScanner[29091]: l8NIPI9f029181: Logged to > MailWatch SQL > > (seems to work ok without spamassassin) > > > > > > Any ideas? Thanks! > > > > Blaze King > > Lake County Office of Education > > (707) 262-4147 > > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From mikael at syska.dk Mon Sep 24 09:49:08 2007 From: mikael at syska.dk (mikael@syska.dk) Date: Mon Sep 24 09:49:33 2007 Subject: mailscanner restarts when using spamassassin In-Reply-To: References: Message-ID: <42562.130.225.184.24.1190623748.squirrel@mail.syska.dk> Hej, > > On top of that my MailWatch install has a feature I forgot how to > enable: Viewing the message body. You have to store the message ... you can enable it in MailScanner.conf ... "Non Spam Message Options = store deliver" or something like that ... // ouT From m.anderlini at database.it Mon Sep 24 11:18:18 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Mon Sep 24 11:18:37 2007 Subject: Garbage spam In-Reply-To: <42562.130.225.184.24.1190623748.squirrel@mail.syska.dk> References: <42562.130.225.184.24.1190623748.squirrel@mail.syska.dk> Message-ID: <000301c7fe94$39c78360$2301a8c0@dbdomain.database.it> Hello, I do not know if this issue has been already solved or talked about it, but during this day we are reciving this new kind of spam full of irregular caratter and spamassassin can not detect it as spam I've created this page with the full mail. http://tempsite.database.it/spam/trash.htm Could someone help me ? Thanks -- Messaggio verificato dal servizio antivirus di Database Informatica From prandal at herefordshire.gov.uk Mon Sep 24 11:36:06 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Sep 24 11:36:15 2007 Subject: Garbage spam In-Reply-To: <000301c7fe94$39c78360$2301a8c0@dbdomain.database.it> References: <42562.130.225.184.24.1190623748.squirrel@mail.syska.dk> <000301c7fe94$39c78360$2301a8c0@dbdomain.database.it> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA01A0D25F@HC-MBX02.herefordshire.gov.uk> off the top of my head: body ACGU /(?:A.?CGU|AC.?GU|ACG.?U)/ describe ACGU ACGU pump and dump scam score ACGU 15 Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Marcello Anderlini > Sent: 24 September 2007 11:18 > To: 'MailScanner discussion' > Subject: Garbage spam > > Hello, I do not know if this issue has been already solved or > talked about > it, but during this day we are reciving this new kind of spam full of > irregular caratter and spamassassin can not detect it as spam > > I've created this page with the full mail. > > http://tempsite.database.it/spam/trash.htm > > Could someone help me ? > > Thanks > > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From martinh at solidstatelogic.com Mon Sep 24 11:58:26 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Sep 24 11:58:41 2007 Subject: Garbage spam In-Reply-To: <000301c7fe94$39c78360$2301a8c0@dbdomain.database.it> Message-ID: <3fdbcd5bdaabf74aa0c801b1f34939de@solidstatelogic.com> Marcello Hit the following rules for me.. Content analysis details: (36.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.5 MISSING_HB_SEP Missing blank line between message header and body 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines 0.6 J_CHICKENPOX_22 BODY: {2}Letter - punctuation - {2}Letter 0.6 J_CHICKENPOX_23 BODY: {2}Letter - punctuation - {3}Letter 2.3 MANGLED_YOUR BODY: mangled your 0.6 J_CHICKENPOX_51 BODY: {5}Letter - punctuation - {1}Letter 2.3 MANGLED_TIME BODY: mangled time 2.3 MANGLED_INCLDN BODY: mangled including 0.6 J_CHICKENPOX_32 BODY: {3}Letter - punctuation - {2}Letter 2.3 MANGLED_GROWTH BODY: mangled growth 2.3 MANGLED_COMPNY BODY: mangled company 0.6 J_CHICKENPOX_14 BODY: {1}Letter - punctuation - {4}Letter 1.1 SARE_OBFU_POX_YOUR BODY: found apparent obfuscation of word used in spam 2.3 MANGLED_SMALL BODY: mangled small 0.6 J_CHICKENPOX_13 BODY: {1}Letter - punctuation - {3}Letter 3.9 FRT_PROFIT1 BODY: ReplaceTags: Profit (1) 0.6 J_CHICKENPOX_31 BODY: {3}Letter - punctuation - {1}Letter 1.1 local_OBFUDOM URI: Domain contains illegal characters 5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 1.8 MISSING_SUBJECT Missing Subject: header 0.5 FM_NO_TO FM_NO_TO 0.1 TO_CC_NONE No To: or Cc: header 2.5 FM_NO_FROM_OR_TO FM_NO_FROM_OR_TO What extra rules on spamassassin do you run? Check the SARE rules on www.rulesemporium.com/rules.htm along with Fred's and Jennifers rules on the other-rules.htm page -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Marcello Anderlini > Sent: 24 September 2007 11:18 > To: MailScanner discussion > Subject: Garbage spam > > Hello, I do not know if this issue has been already solved or talked about > it, but during this day we are reciving this new kind of spam full of > irregular caratter and spamassassin can not detect it as spam > > I've created this page with the full mail. > > http://tempsite.database.it/spam/trash.htm > > Could someone help me ? > > Thanks > > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From m.anderlini at database.it Mon Sep 24 12:02:33 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Mon Sep 24 12:02:44 2007 Subject: R: Garbage spam In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA01A0D25F@HC-MBX02.herefordshire.gov.uk> References: <42562.130.225.184.24.1190623748.squirrel@mail.syska.dk><000301c7fe94$39c78360$2301a8c0@dbdomain.database.it> <7EF0EE5CB3B263488C8C18823239BEBA01A0D25F@HC-MBX02.herefordshire.gov.uk> Message-ID: <000d01c7fe9a$689a4d70$2301a8c0@dbdomain.database.it> Thanks a lot, I will try Best regards -----Messaggio originale----- Da: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Per conto di Randal, Phil Inviato: luned? 24 settembre 2007 12.36 A: MailScanner discussion Oggetto: RE: Garbage spam off the top of my head: body ACGU /(?:A.?CGU|AC.?GU|ACG.?U)/ describe ACGU ACGU pump and dump scam score ACGU 15 Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Marcello Anderlini > Sent: 24 September 2007 11:18 > To: 'MailScanner discussion' > Subject: Garbage spam > > Hello, I do not know if this issue has been already solved or talked > about it, but during this day we are reciving this new kind of spam > full of irregular caratter and spamassassin can not detect it as spam > > I've created this page with the full mail. > > http://tempsite.database.it/spam/trash.htm > > Could someone help me ? > > Thanks > > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Messaggio verificato dal servizio antivirus di Database Informatica -- Messaggio verificato dal servizio antivirus di Database Informatica From prandal at herefordshire.gov.uk Mon Sep 24 12:17:21 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Sep 24 12:17:33 2007 Subject: Release 4.64.1-1 beta In-Reply-To: <46F56C43.2030106@ecs.soton.ac.uk> References: <46F56C43.2030106@ecs.soton.ac.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA01A0D280@HC-MBX02.herefordshire.gov.uk> Julian, The ======================================================================== === Ignore errors about failing to find EOCD signature ======================================================================== === in MailScanner --lint is now superfluous. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: 22 September 2007 20:26 > To: MailScanner discussion > Subject: Release 4.64.1-1 beta > > Hi folks! > > I have just released a beta of 4.64. > > Several minor features, and some bugfixes. It's been a > relatively quiet > month so far. > > ** Book News ** > Please note that if you are east of the Atlantic, you can now get the > MailScanner Book printed in the EU, with *much* lower shipping costs > (and no import tax in the EU) than when you could only order > it from the > USA. You can get to the EU bookshop from the same advert in the top > right corner of the www.mailscanner.info home page. Please also note > that I updated the book this summer, so it is pretty well up > to date. So > if you have been holding off buying the book because of the price, you > can buy it cheaper now! > (It is still also available from the USA just as before) > > Download MailScanner as usual from www.mailscanner.info. > > The full Change Log is this: > > * New Features and Improvements * > 1 The MailScanner book is now also available for purchase > from the EU with > much lower shipping costs. Go to www.lulu.com/mailscanner. > 1 Solaris check_mailscanner code now uses pgrep. > 1 "MailScanner -v" now lists version of Date::Parse which was missing. > 1 Added "$datenumber" to the inline spam warning report. > 1 "MailScanner --lint" now checks your %org-name% to ensure > it only contains > safe characters (i.e. a-z, A-Z, 0-9 and -). > 1 Added "allow" rule to filename.rules.conf for the XML > filenames inside > Microsoft Office 2007 (e.g. *.docx) files which are > actually archives. > 1 F-Prot-6 autoupdater improved to tell you whether it > actually downloaded > a new virus signatures file or not. > 1 Tar distro now includes ChangeLog. > 1 "Treat Invalid Watermarks With No Sender as Spam" can now > be set to a > number > greater than zero. This value will be added to the spam score. > 1 Watermark spam header reports refer to them as "watermarks" and not > "null headers" as that is easier to understand. > > * Fixes * > 1 Now set the umask of the directory into which the TNEF > attachments are > unpacked by the external TNEF expander. Thanks to derek@csolve.net. > 1 Fixed bug which caused crash when using a ruleset on > "Filename Rules" > setting > when the file listed in the ruleset does not exist. Thanks to Ugo > Bellevance. > 1 Added line to stop EOCD Format errors being output in > UnpackZip. Thanks to > Rick Cooper. > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From mailscanner at lists.com.ar Mon Sep 24 12:33:16 2007 From: mailscanner at lists.com.ar (Leonardo Helman) Date: Mon Sep 24 12:33:31 2007 Subject: Release 4.64.1-1 beta In-Reply-To: <46F56B4C.3020705@ecs.soton.ac.uk> References: <46F56B4C.3020705@ecs.soton.ac.uk> Message-ID: <1190633596.16380.6.camel@morticia.pert.com.ar> Hi have you seen my mail about the bug/feature with CustomFunctions and Virus Scanning? very short version When "Dangerous content scanning" is enabled, and Virus Scanning is a custom funcion, all the mails are virus checked despite the return value of the function. In the other mail, I wrote a long version (and quick and dirty workaround). When I'll have a little time for this I could code a patch for this. Saludos Leonardo Helman Pert Consultores Argentina On Sat, 2007-09-22 at 20:21 +0100, Julian Field wrote: > Hi folks! > > I have just released a beta of 4.64. > > Several minor features, and some bugfixes. It's been a relatively quiet > month so far. > > ** Book News ** > Please note that if you are east of the Atlantic, you can now get the > MailScanner Book printed in the EU, with *much* lower shipping costs > (and no import tax in the EU) than when you could only order it from the > USA. You can get to the EU bookshop from the same advert in the top > right corner of the www.mailscanner.info home page. Please also note > that I updated the book this summer, so it is pretty well up to date. So > if you have been holding off buying the book because of the price, you > can buy it cheaper now! > (It is still also available from the USA just as before) > > Download MailScanner as usual from www.mailscanner.info. > > The full Change Log is this: > > * New Features and Improvements * > 1 The MailScanner book is now also available for purchase from the EU with > much lower shipping costs. Go to www.lulu.com/mailscanner. > 1 Solaris check_mailscanner code now uses pgrep. > 1 "MailScanner -v" now lists version of Date::Parse which was missing. > 1 Added "$datenumber" to the inline spam warning report. > 1 "MailScanner --lint" now checks your %org-name% to ensure it only contains > safe characters (i.e. a-z, A-Z, 0-9 and -). > 1 Added "allow" rule to filename.rules.conf for the XML filenames inside > Microsoft Office 2007 (e.g. *.docx) files which are actually archives. > 1 F-Prot-6 autoupdater improved to tell you whether it actually downloaded > a new virus signatures file or not. > 1 Tar distro now includes ChangeLog. > 1 "Treat Invalid Watermarks With No Sender as Spam" can now be set to a > number > greater than zero. This value will be added to the spam score. > 1 Watermark spam header reports refer to them as "watermarks" and not > "null headers" as that is easier to understand. > > * Fixes * > 1 Now set the umask of the directory into which the TNEF attachments are > unpacked by the external TNEF expander. Thanks to derek@csolve.net. > 1 Fixed bug which caused crash when using a ruleset on "Filename Rules" > setting > when the file listed in the ruleset does not exist. Thanks to Ugo > Bellevance. > 1 Added line to stop EOCD Format errors being output in UnpackZip. Thanks to > Rick Cooper. > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > From list-mailscanner at linguaphone.com Mon Sep 24 12:47:38 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Sep 24 12:47:52 2007 Subject: ANNOUNCE: mailwatch2rbl In-Reply-To: References: Message-ID: <1190634458.12474.4.camel@gblades-suse.linguaphone-intranet.co.uk> Version 0.5 has now been released which allows you to create any text file and then run a command afterwards only if the contents of the file has changed. This should make it usable by sendmail users and hopefully any other system. An example of configuring postfix to directly access the database is also included. On Fri, 2007-09-21 at 20:24, Gareth wrote: > I have been chatting with Alistair Carmichael about a quick script he wrote > to extract a list of IP addresses out of the mailwatch database which have > only sent a number of spam emails and then automatically block them. > > I have now created something which seems to be fully functional at least for > me. Alistair had a problem where php did not like the database library I am > using but I have never seen this before and have used it on various boxes > with a very large range of php versions. > > You can read basically how it works and download the current release from > http://www.gbnetwork.co.uk/mailscanner/mailwatch2rbl/ > > The block table it generates is easy to use in Postfix and it can also > generate a file compatible with rbldnsd. I am not sure what exim and > sendmail can work with nativly but if someone would like to give me an > example I will enable it to generate compatible files for them aswell. From mailscanner at herald.co.uk Mon Sep 24 14:10:12 2007 From: mailscanner at herald.co.uk (mailscanner@herald.co.uk) Date: Mon Sep 24 14:10:20 2007 Subject: One user whitelisted, everyone gets the spam... Message-ID: <20070924131012.GA3205@mail.herald.co.uk> Hi folks, MailScanner 4.60.8 using ClamAV... For various long and dull reasons, we have a single user whose mail is not filtered by MailScanner; this is done by a "deliver" rule in a ruleset attached to Spam Actions. Annoyingly (to the other users...) this is causing spam to leak through to them, if mail's sent to a bunch of people including this user (where a "bunch" is fewer than 20, that being what "Ignore Spam Whitelist If Recipients Exceed" is currently set to). The worst example I've seen so far is a spam scoring 165 getting through... our usual "delete" threshold is 12. I thought about reducing the "Ignore Spam Whitelist" setting, but we do legitimately get emails in addressed to more users than these spams have been (12 - 15 users; the spams have been addressed to around 8 or so) Is there a relatively straightforward way of stopping this user's settings from affecting anyone else? (Politics sadly dictates that insisting on filtering his mail in the same way as everyone else's is not a viable way forward.) Thanks Mel From martinh at solidstatelogic.com Mon Sep 24 14:19:16 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Sep 24 14:19:21 2007 Subject: One user whitelisted, everyone gets the spam... In-Reply-To: <20070924131012.GA3205@mail.herald.co.uk> Message-ID: Mel Well you need to split the incoming email into individual recipients for this work properly. See the wiki for your MTA on how to do this.. Eg for sendmail its... "http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:split_mails_per_recipient" -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of mailscanner@herald.co.uk > Sent: 24 September 2007 14:10 > To: mailscanner@lists.mailscanner.info > Subject: One user whitelisted, everyone gets the spam... > > Hi folks, > > MailScanner 4.60.8 using ClamAV... > > For various long and dull reasons, we have a single user whose mail is > not filtered by MailScanner; this is done by a "deliver" rule in a > ruleset attached to Spam Actions. > > Annoyingly (to the other users...) this is causing spam to leak through > to them, if mail's sent to a bunch of people including this user (where > a "bunch" is fewer than 20, that being what "Ignore Spam Whitelist If > Recipients Exceed" is currently set to). The worst example I've seen so > far is a spam scoring 165 getting through... our usual "delete" > threshold is 12. > > I thought about reducing the "Ignore Spam Whitelist" setting, but we do > legitimately get emails in addressed to more users than these spams have > been (12 - 15 users; the spams have been addressed to around 8 or so) > > Is there a relatively straightforward way of stopping this user's > settings from affecting anyone else? (Politics sadly dictates that > insisting on filtering his mail in the same way as everyone else's is > not a viable way forward.) > > Thanks > > Mel > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From list-mailscanner at linguaphone.com Mon Sep 24 14:22:03 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Sep 24 14:22:16 2007 Subject: One user whitelisted, everyone gets the spam... In-Reply-To: <20070924131012.GA3205@mail.herald.co.uk> References: <20070924131012.GA3205@mail.herald.co.uk> Message-ID: <1190640122.12478.7.camel@gblades-suse.linguaphone-intranet.co.uk> The only way I know is to configure the MTA to only allow one recipient per message. The downside of this is that the mail to subsequent recipients will only be received when the sender retries which means there will be a delay. What MTA are you using? On Mon, 2007-09-24 at 14:10, mailscanner@herald.co.uk wrote: > Hi folks, > > MailScanner 4.60.8 using ClamAV... > > For various long and dull reasons, we have a single user whose mail is > not filtered by MailScanner; this is done by a "deliver" rule in a > ruleset attached to Spam Actions. > > Annoyingly (to the other users...) this is causing spam to leak through > to them, if mail's sent to a bunch of people including this user (where > a "bunch" is fewer than 20, that being what "Ignore Spam Whitelist If > Recipients Exceed" is currently set to). The worst example I've seen so > far is a spam scoring 165 getting through... our usual "delete" > threshold is 12. > > I thought about reducing the "Ignore Spam Whitelist" setting, but we do > legitimately get emails in addressed to more users than these spams have > been (12 - 15 users; the spams have been addressed to around 8 or so) > > Is there a relatively straightforward way of stopping this user's > settings from affecting anyone else? (Politics sadly dictates that > insisting on filtering his mail in the same way as everyone else's is > not a viable way forward.) > > Thanks > > Mel From mailscanner at herald.co.uk Mon Sep 24 14:25:46 2007 From: mailscanner at herald.co.uk (mailscanner@herald.co.uk) Date: Mon Sep 24 14:25:54 2007 Subject: One user whitelisted, everyone gets the spam... In-Reply-To: References: <20070924131012.GA3205@mail.herald.co.uk> Message-ID: <20070924132546.GA3782@mail.herald.co.uk> Hi Martin, On Mon, Sep 24, 2007 at 02:19:16PM +0100, Martin.Hepworth wrote: > Mel > > Well you need to split the incoming email into individual recipients for this work properly. > > See the wiki for your MTA on how to do this.. > > Eg for sendmail its... > > "http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:split_mails_per_recipient" > That's.... non-obvious (no wonder I couldn't find it when I went searching earlier!). Thanks -- I'll give it a go. -- cheers, Mel From uxbod at splatnix.net Mon Sep 24 14:25:51 2007 From: uxbod at splatnix.net (UxBoD) Date: Mon Sep 24 14:26:18 2007 Subject: MailScanner & Zenoss Message-ID: <18745390.801190640351110.JavaMail.root@office.splatnix.net> Hi, Is anybody using Zenoss to monitor MailScanner ? The issue I am having is that due to MailScanner showing its current state on the process line ie. Checking with SpamAssassin, Waiting for Messages there is no one process line to check and ensure MailScanner is running. Any ideas ? Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dave.list at pixelhammer.com Mon Sep 24 14:32:39 2007 From: dave.list at pixelhammer.com (DAve) Date: Mon Sep 24 14:34:49 2007 Subject: One user whitelisted, everyone gets the spam... In-Reply-To: <20070924131012.GA3205@mail.herald.co.uk> References: <20070924131012.GA3205@mail.herald.co.uk> Message-ID: <46F7BC77.2030103@pixelhammer.com> mailscanner@herald.co.uk wrote: > Hi folks, > > MailScanner 4.60.8 using ClamAV... > > For various long and dull reasons, we have a single user whose mail is > not filtered by MailScanner; this is done by a "deliver" rule in a > ruleset attached to Spam Actions. > > Annoyingly (to the other users...) this is causing spam to leak through > to them, if mail's sent to a bunch of people including this user (where > a "bunch" is fewer than 20, that being what "Ignore Spam Whitelist If > Recipients Exceed" is currently set to). The worst example I've seen so > far is a spam scoring 165 getting through... our usual "delete" > threshold is 12. > > I thought about reducing the "Ignore Spam Whitelist" setting, but we do > legitimately get emails in addressed to more users than these spams have > been (12 - 15 users; the spams have been addressed to around 8 or so) > > Is there a relatively straightforward way of stopping this user's > settings from affecting anyone else? (Politics sadly dictates that > insisting on filtering his mail in the same way as everyone else's is > not a viable way forward.) We were faced with exactly the same situation as you and solved the problem by splitting each multi-recipient message prior to the inqueue. Check the wiki for instructions on how to do that. for sendmail, http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:split_mails_per_recipient for postfix http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:split_mails_per_recipient DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. From martinh at solidstatelogic.com Mon Sep 24 14:46:47 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Sep 24 14:47:06 2007 Subject: One user whitelisted, everyone gets the spam... In-Reply-To: <20070924132546.GA3782@mail.herald.co.uk> Message-ID: <8df22727652f654ea913f6be77e612b9@solidstatelogic.com> Mel Well sort of not, but if you think about what should MS do if there's more than recipient and there's conflicting actions? Answer - it uses the Envelope-To: in order to decide which is only one recipient! So in order to achieve what you want you want, you need to split the email into it's individual receipts no matter what solution you use. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of mailscanner@herald.co.uk > Sent: 24 September 2007 14:26 > To: MailScanner discussion > Subject: Re: One user whitelisted, everyone gets the spam... > > Hi Martin, > > On Mon, Sep 24, 2007 at 02:19:16PM +0100, Martin.Hepworth > wrote: > > Mel > > > > Well you need to split the incoming email into individual recipients for > this work properly. > > > > See the wiki for your MTA on how to do this.. > > > > Eg for sendmail its... > > > > > "http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta: > sendmail:how_to:split_mails_per_recipient" > > > > That's.... non-obvious (no wonder I couldn't find it when I went > searching earlier!). Thanks -- I'll give it a go. -- cheers, Mel > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From derek at csolve.net Mon Sep 24 15:08:07 2007 From: derek at csolve.net (Derek Buttineau) Date: Mon Sep 24 15:09:02 2007 Subject: One user whitelisted, everyone gets the spam... In-Reply-To: <46F7BC77.2030103@pixelhammer.com> References: <20070924131012.GA3205@mail.herald.co.uk> <46F7BC77.2030103@pixelhammer.com> Message-ID: On 2007-Sep-24, at 9:32 AM, DAve wrote: > We were faced with exactly the same situation as you and solved the > problem by splitting each multi-recipient message prior to the > inqueue. > Check the wiki for instructions on how to do that. Speaking of splitting out recipients. Julian, would it be possible to get the attached patch incorporated into a future release of MailScanner? It's just a small adjustment to how the SA Caching is working, to allow for multiple recipients with different spam thresholds. We ran into this ages ago when we started splitting out recipients, and people complaining that spam was getting through even though it was over their threshold. -------------- next part -------------- A non-text attachment was scrubbed... Name: SA.pm.4.63.8.patch Type: application/octet-stream Size: 1542 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070924/dce77ba9/SA.pm.4.63.8.obj -------------- next part -------------- -- Regards, Derek Buttineau Internet Systems Developer Compu-SOLVE Internet Services Compu-SOLVE Technologies, Inc Phone: 705-725-1212 x255 E-Mail: derek@csolve.net From steve.freegard at fsl.com Mon Sep 24 15:23:03 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Mon Sep 24 15:23:03 2007 Subject: MailScanner & Zenoss In-Reply-To: <18745390.801190640351110.JavaMail.root@office.splatnix.net> References: <18745390.801190640351110.JavaMail.root@office.splatnix.net> Message-ID: <46F7C847.9050204@fsl.com> UxBoD wrote: > Hi, > > Is anybody using Zenoss to monitor MailScanner ? The issue I am having is that due to MailScanner showing its current state on the process line ie. Checking with SpamAssassin, Waiting for Messages there is no one process line to check and ensure MailScanner is running. > > Any ideas ? How about: [root@mail soaplite]# ps axf | grep `cat /var/run/MailScanner.pid` | grep -v grep 889 ? Ss 0:00 MailScanner: master waiting for children, sleeping Cheers, Steve. From uxbod at splatnix.net Mon Sep 24 15:36:57 2007 From: uxbod at splatnix.net (UxBoD) Date: Mon Sep 24 15:37:06 2007 Subject: MailScanner & Zenoss In-Reply-To: <46F7C847.9050204@fsl.com> Message-ID: <3512594.1071190644617496.JavaMail.root@office.splatnix.net> Steve, The problem is that even though Zenoss can use regex and detect all instances of MailScanner running, but even with the parent process changing its description line it can sometimes see it as a failure. Basically what it is doing is grabbing the process list from the SNMP tree. May have to write a zenoss script to do it, which is a pain, as clamd, postfix etc are all okay. Perhaps if MailScanner kept its parent process static with respect to the name ie. MailScanner and the child processes can report their own state. I would imagine that this could also occur on other monitoring systems IMHO. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Steve Freegard" To: "MailScanner discussion" Sent: Monday, September 24, 2007 3:23:03 PM (GMT) Europe/London Subject: Re: MailScanner & Zenoss UxBoD wrote: > Hi, > > Is anybody using Zenoss to monitor MailScanner ? The issue I am having is that due to MailScanner showing its current state on the process line ie. Checking with SpamAssassin, Waiting for Messages there is no one process line to check and ensure MailScanner is running. > > Any ideas ? How about: [root@mail soaplite]# ps axf | grep `cat /var/run/MailScanner.pid` | grep -v grep 889 ? Ss 0:00 MailScanner: master waiting for children, sleeping Cheers, Steve. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Sep 24 16:04:39 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 24 16:04:57 2007 Subject: One user whitelisted, everyone gets the spam... In-Reply-To: References: <20070924131012.GA3205@mail.herald.co.uk> <46F7BC77.2030103@pixelhammer.com> Message-ID: <46F7D207.6060700@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've changed the code a bit, but the logic is all there. Derek Buttineau wrote: > On 2007-Sep-24, at 9:32 AM, DAve wrote: > >> We were faced with exactly the same situation as you and solved the >> problem by splitting each multi-recipient message prior to the inqueue. >> Check the wiki for instructions on how to do that. > > Speaking of splitting out recipients. Julian, would it be possible to > get the attached patch incorporated into a future release of > MailScanner? It's just a small adjustment to how the SA Caching is > working, to allow for multiple recipients with different spam > thresholds. We ran into this ages ago when we started splitting out > recipients, and people complaining that spam was getting through even > though it was over their threshold. > > > -- > Regards, > > Derek Buttineau > Internet Systems Developer > Compu-SOLVE Internet Services > Compu-SOLVE Technologies, Inc > > Phone: 705-725-1212 x255 > E-Mail: derek@csolve.net > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFG99IHEfZZRxQVtlQRApDxAKD44yrqh02rUbb6K0Fh2r4sd6KyYgCg3/7U fPb7B9XEWJ8gksA/V6HNSSE= =1pYa -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From derek at csolve.net Mon Sep 24 16:12:02 2007 From: derek at csolve.net (Derek Buttineau) Date: Mon Sep 24 16:13:00 2007 Subject: One user whitelisted, everyone gets the spam... In-Reply-To: <46F7D207.6060700@ecs.soton.ac.uk> References: <20070924131012.GA3205@mail.herald.co.uk> <46F7BC77.2030103@pixelhammer.com> <46F7D207.6060700@ecs.soton.ac.uk> Message-ID: On 2007-Sep-24, at 11:04 AM, Julian Field wrote: > I've changed the code a bit, but the logic is all there. Thanks Julian :) -- Regards, Derek Buttineau Internet Systems Developer Compu-SOLVE Internet Services Compu-SOLVE Technologies, Inc Phone: 705-725-1212 x255 E-Mail: derek@csolve.net From blazek at lake-coe.k12.ca.us Mon Sep 24 16:37:25 2007 From: blazek at lake-coe.k12.ca.us (Blaze King) Date: Mon Sep 24 16:36:57 2007 Subject: mailscanner restarts when using spamassassin In-Reply-To: <75c93eb77bded240a7575e0a5ca8eb27@solidstatelogic.com> References: <75c93eb77bded240a7575e0a5ca8eb27@solidstatelogic.com> Message-ID: Here's what the debug gives me: [root@mail ~]# MailScanner --debug --debug-sa In Debugging mode, not forking... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp [21668] dbg: logger: adding facilities: all [21668] dbg: logger: logging level is DBG [21668] dbg: generic: SpamAssassin version 3.2.3 [21668] dbg: config: score set 0 chosen. [21668] dbg: util: running in taint mode? no [21668] dbg: dns: is Net::DNS::Resolver available? yes [21668] dbg: dns: Net::DNS version: 0.60 [21668] dbg: ignore: test message to precompile patterns and load modules [21668] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [21668] dbg: config: read file /etc/mail/spamassassin/init.pre [21668] dbg: config: read file /etc/mail/spamassassin/v310.pre [21668] dbg: config: read file /etc/mail/spamassassin/v312.pre [21668] dbg: config: using "/usr/share/spamassassin" for sys rules pre files [21668] dbg: config: using "/usr/share/spamassassin" for default rules dir [21668] dbg: config: read file /usr/share/spamassassin/10_default_prefs.cf [21668] dbg: config: read file /usr/share/spamassassin/10_misc.cf [21668] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf [21668] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf [21668] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf [21668] dbg: config: read file /usr/share/spamassassin/20_compensate.cf [21668] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf [21668] dbg: config: read file /usr/share/spamassassin/20_drugs.cf [21668] dbg: config: read file /usr/share/spamassassin/20_dynrdns.cf [21668] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf [21668] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf [21668] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf [21668] dbg: config: read file /usr/share/spamassassin/20_imageinfo.cf [21668] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf [21668] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf [21668] dbg: config: read file /usr/share/spamassassin/20_phrases.cf [21668] dbg: config: read file /usr/share/spamassassin/20_porn.cf [21668] dbg: config: read file /usr/share/spamassassin/20_ratware.cf [21668] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf [21668] dbg: config: read file /usr/share/spamassassin/20_vbounce.cf [21668] dbg: config: read file /usr/share/spamassassin/23_bayes.cf [21668] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf [21668] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf [21668] dbg: config: read file /usr/share/spamassassin/25_asn.cf [21668] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf [21668] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf [21668] dbg: config: read file /usr/share/spamassassin/25_dcc.cf [21668] dbg: config: read file /usr/share/spamassassin/25_dkim.cf [21668] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf [21668] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf [21668] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf [21668] dbg: config: read file /usr/share/spamassassin/25_razor2.cf [21668] dbg: config: read file /usr/share/spamassassin/25_replace.cf [21668] dbg: config: read file /usr/share/spamassassin/25_spf.cf [21668] dbg: config: read file /usr/share/spamassassin/25_textcat.cf [21668] dbg: config: read file /usr/share/spamassassin/25_uribl.cf [21668] dbg: config: read file /usr/share/spamassassin/30_text_de.cf [21668] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf [21668] dbg: config: read file /usr/share/spamassassin/30_text_it.cf [21668] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf [21668] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf [21668] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf [21668] dbg: config: read file /usr/share/spamassassin/50_scores.cf [21668] dbg: config: read file /usr/share/spamassassin/60_awl.cf [21668] dbg: config: read file /usr/share/spamassassin/60_shortcircuit.cf [21668] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf [21668] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf [21668] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf [21668] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf [21668] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf [21668] dbg: config: read file /usr/share/spamassassin/72_active.cf [21668] dbg: config: using "/etc/mail/spamassassin" for site rules dir [21668] dbg: config: read file /etc/mail/spamassassin/local.cf [21668] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry from @INC [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [21668] dbg: razor2: razor2 is available, version 2.84 [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC [21668] dbg: dcc: network tests on, registering DCC [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [21668] dbg: pyzor: network tests on, attempting Pyzor [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [21668] dbg: razor2: razor2 is available, version 2.84 [21668] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Razor2=HASH(0xb3cdb30), already registered [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [21668] dbg: reporter: network tests on, attempting SpamCop [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry from @INC [21668] dbg: plugin: did not register Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xb823524), already registered [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [21668] dbg: plugin: did not register Mail::SpamAssassin::Plugin::SPF=HASH(0xb7d3ed8), already registered [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [21668] dbg: plugin: did not register Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xb30a6a8), already registered config: configuration file "/usr/share/spamassassin/20_advance_fee.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line 372. [21668] info: config: configuration file "/usr/share/spamassassin/20_advance_fee.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file config: configuration file "/usr/share/spamassassin/20_body_tests.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line 372. [21668] info: config: configuration file "/usr/share/spamassassin/20_body_tests.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file config: configuration file "/usr/share/spamassassin/20_compensate.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line 372. [21668] info: config: configuration file "/usr/share/spamassassin/20_compensate.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file config: configuration file "/usr/share/spamassassin/20_dnsbl_tests.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line 372. [21668] info: config: configuration file "/usr/share/spamassassin/20_dnsbl_tests.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file config: configuration file "/usr/share/spamassassin/20_drugs.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line 372. [21668] info: config: configuration file "/usr/share/spamassassin/20_drugs.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file config: configuration file "/usr/share/spamassassin/20_fake_helo_tests.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line 372. [21668] info: config: configuration file "/usr/share/spamassassin/20_fake_helo_tests.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file config: configuration file "/usr/share/spamassassin/20_head_tests.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line 372. [21668] info: config: configuration file "/usr/share/spamassassin/20_head_tests.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file config: configuration file "/usr/share/spamassassin/20_html_tests.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line 372. [21668] info: config: configuration file "/usr/share/spamassassin/20_html_tests.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file config: configuration file "/usr/share/spamassassin/20_meta_tests.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line 372. [21668] info: config: configuration file "/usr/share/spamassassin/20_meta_tests.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file config: configuration file "/usr/share/spamassassin/20_net_tests.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line 372. [21668] info: config: configuration file "/usr/share/spamassassin/20_net_tests.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file config: configuration file "/usr/share/spamassassin/20_phrases.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line 372. [21668] info: config: configuration file "/usr/share/spamassassin/20_phrases.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file config: configuration file "/usr/share/spamassassin/20_porn.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line 372. [21668] info: config: configuration file "/usr/share/spamassassin/20_porn.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file config: configuration file "/usr/share/spamassassin/20_uri_tests.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line 372. [21668] info: config: configuration file "/usr/share/spamassassin/20_uri_tests.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file config: configuration file "/usr/share/spamassassin/23_bayes.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line 372. [21668] info: config: configuration file "/usr/share/spamassassin/23_bayes.cf" requires version 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you need to use the -C switch, or remove the old config files? Skipping this file config: 'uridnsbl_timeout' is obsolete, use 'rbl_timeout' instead at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/URIDNSBL.pm line 396. [21668] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA [21668] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E [21668] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E __MO_OL_F3B05 [21668] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF __XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01 [21668] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA [21668] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: HS_SUBJ_NEW_SOFTWARE [21668] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A [21668] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 __MO_OL_CF0C0 [21668] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15 KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6 [21668] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1 __XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8 [21668] dbg: rules: __XM_OL_5E7ED merged duplicates: __XM_OL_D03AB [21668] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 __MO_OL_ADFF7 [21668] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6 [21668] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB __MO_OL_7533E [21668] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40 [21668] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: __HAS_ANY_URI [21668] dbg: rules: __XM_OL_C7C33 merged duplicates: __XM_OL_C9068 __XM_OL_EF20B [21668] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E [21668] dbg: rules: __MO_OL_5E7ED merged duplicates: __MO_OL_C7C33 [21668] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8 [21668] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01 [21668] dbg: conf: finish parsing [21668] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xb8234a0) implements 'finish_parsing_end', priority 0 [21668] dbg: replacetags: replacing tags [21668] dbg: replacetags: done replacing tags [21668] dbg: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks [21668] dbg: config: score set 1 chosen. [21668] dbg: message: main message type: text/plain [21668] dbg: message: ---- MIME PARSER START ---- [21668] dbg: message: parsing normal part [21668] dbg: message: ---- MIME PARSER END ---- [21668] dbg: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks check: no loaded plugin implements 'check_main': cannot scan! at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 164. I see some errors that tell me SA is looking for an older version? And this error at the end, I have no idea where to start there. Blaze King Lake County Office of Education -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth Sent: Monday, September 24, 2007 1:04 AM To: MailScanner discussion Subject: RE: mailscanner restarts when using spamassassin Blaze What does "MailScanner --debug --debug-sa" give you? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Blaze King > Sent: 24 September 2007 04:55 > To: MailScanner discussion > Subject: RE: mailscanner restarts when using spamassassin > > An update: > > > > Sendmail is working fine now. (I had something wrong in the mc file). > Now I've re-installed the tarball for ClamAV and SA and Mailscanner, > doesn't seem to make any difference. I also used my old MailScanner.conf > from my old server (ver. 4.58). Nothing changes the results I was finding > below. Spam Checks work, but SpamAssassin isn't. Also, forgot to mention > previously, this is on CentOS 5. > > > > On top of that my MailWatch install has a feature I forgot how to enable: > Viewing the message body. > > > > Any ideas on what I'm probably doing wrong? > > > > Blaze King > > blazek@lake-coe.k12.ca.us > > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Blaze King > Sent: Sunday, September 23, 2007 4:26 PM > To: mailscanner@lists.mailscanner.info > Subject: mailscanner restarts when using spamassassin > > > > Ok here's one that stumping me... > > > > This is a new installation... When I have "Use Spamassassin = yes" in > MailScanner.conf, no messages are processed. When I set that to no, then > everything works ok. spamassassin -D --lint doesn't produce any errors. > Not sure if it's needed, but here's some background info: > > > > (also, as a note, I noticed while writing all this that sendmail is giving > me some trouble... users can't send, but system messages and aliases still > get sent... I don't know, maybe that's related) > > > > This is while installing onto a new server. Before installing MailScanner > and because I was using MailWatch, I imported my old database into mysql > on the new server. > > > > I followed the instructions in Quickinstall.txt: Installed > http://www.mailscanner.info/files/4/install-Clam-0.91.2-SA-3.2.3.tar.gz, > then installed MailScanner version 4.63.8-1 (also tried latest beta), > upgraded conf file. After starting MailScanner, I see this in the > maillog: > > > > This is with Spam Checks = Yes and Use Spamassassin = yes > > > > Sep 23 11:22:21 mail MailScanner[28810]: MailScanner E-Mail Virus Scanner > version 4.64.1 starting... > Sep 23 11:22:21 mail MailScanner[28810]: Read 797 hostnames from the > phishing whitelist > Sep 23 11:22:21 mail MailScanner[28810]: Read 1728 hostnames from the > phishing blacklist > Sep 23 11:22:21 mail MailScanner[28810]: Config: calling custom init > function MailWatchLogging > Sep 23 11:22:21 mail MailScanner[28810]: Started SQL Logging child > Sep 23 11:22:21 mail MailScanner[28810]: SpamAssassin temporary working > directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > Sep 23 11:22:21 mail MailScanner[28810]: Using SpamAssassin results cache > Sep 23 11:22:21 mail MailScanner[28810]: Connected to SpamAssassin cache > database > Sep 23 11:22:26 mail MailScanner[28819]: MailScanner E-Mail Virus Scanner > version 4.64.1 starting... > Sep 23 11:22:26 mail MailScanner[28819]: Read 797 hostnames from the > phishing whitelist > Sep 23 11:22:26 mail MailScanner[28819]: Read 1728 hostnames from the > phishing blacklist > Sep 23 11:22:26 mail MailScanner[28819]: Config: calling custom init > function MailWatchLogging > Sep 23 11:22:26 mail MailScanner[28819]: Started SQL Logging child > Sep 23 11:22:26 mail MailScanner[28819]: SpamAssassin temporary working > directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > Sep 23 11:22:26 mail MailScanner[28819]: Using SpamAssassin results cache > Sep 23 11:22:26 mail MailScanner[28819]: Connected to SpamAssassin cache > database > Sep 23 11:22:31 mail MailScanner[28822]: MailScanner E-Mail Virus Scanner > version 4.64.1 starting... > Sep 23 11:22:31 mail MailScanner[28822]: Read 797 hostnames from the > phishing whitelist > Sep 23 11:22:31 mail MailScanner[28822]: Read 1728 hostnames from the > phishing blacklist > Sep 23 11:22:31 mail MailScanner[28822]: Config: calling custom init > function MailWatchLogging > Sep 23 11:22:31 mail MailScanner[28822]: Started SQL Logging child > Sep 23 11:22:31 mail MailScanner[28822]: SpamAssassin temporary working > directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > Sep 23 11:22:31 mail MailScanner[28822]: Using SpamAssassin results cache > Sep 23 11:22:31 mail MailScanner[28822]: Connected to SpamAssassin cache > database > > (repeats over and over, same thing) > > > > Here's Spam Checks = Yes and Use Spamassassin = No > > > > Sep 23 11:24:42 mail MailScanner[29127]: MailScanner E-Mail Virus Scanner > version 4.64.1 starting... > Sep 23 11:24:42 mail MailScanner[29127]: Read 797 hostnames from the > phishing whitelist > Sep 23 11:24:42 mail MailScanner[29127]: Read 1728 hostnames from the > phishing blacklist > Sep 23 11:24:42 mail MailScanner[29127]: Config: calling custom init > function MailWatchLogging > Sep 23 11:24:42 mail MailScanner[29127]: Started SQL Logging child > Sep 23 11:24:42 mail MailScanner[29127]: SpamAssassin temporary working > directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > Sep 23 11:24:42 mail MailScanner[29127]: Using locktype = posix > Sep 23 11:24:42 mail MailScanner[29127]: Creating hardcoded struct_flock > subroutine for linux (Linux-type) > Sep 23 11:25:19 mail MailScanner[29124]: New Batch: Scanning 1 messages, > 1520 bytes > Sep 23 11:25:20 mail MailScanner[29124]: Spam Checks: Found 1 spam > messages > Sep 23 11:25:20 mail MailScanner[29124]: Virus and Content Scanning: > Starting > Sep 23 11:25:22 mail MailScanner[29124]: Uninfected: Delivered 1 messages > Sep 23 11:25:22 mail MailScanner[29124]: Logging message l8NIPI9f029181 to > SQL > Sep 23 11:25:22 mail MailScanner[29091]: l8NIPI9f029181: Logged to > MailWatch SQL > > (seems to work ok without spamassassin) > > > > > > Any ideas? Thanks! > > > > Blaze King > > Lake County Office of Education > > (707) 262-4147 > > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From martinh at solidstatelogic.com Mon Sep 24 16:55:13 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Sep 24 16:55:26 2007 Subject: mailscanner restarts when using spamassassin In-Reply-To: Message-ID: <08e3e91c8f20c44bac27b8419e76641c@solidstatelogic.com> Blaze Looks like you got 2 different spamassassins installed and MailScanner is looking for an 'old' one. I'd say you 'upgraded' SA using a different method to how you originally installed it.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Blaze King > Sent: 24 September 2007 16:37 > To: MailScanner discussion > Subject: RE: mailscanner restarts when using spamassassin > > Here's what the debug gives me: > > [root@mail ~]# MailScanner --debug --debug-sa > In Debugging mode, not forking... > SpamAssassin temp dir = > /var/spool/MailScanner/incoming/SpamAssassin-Temp > [21668] dbg: logger: adding facilities: all > [21668] dbg: logger: logging level is DBG > [21668] dbg: generic: SpamAssassin version 3.2.3 > [21668] dbg: config: score set 0 chosen. > [21668] dbg: util: running in taint mode? no > [21668] dbg: dns: is Net::DNS::Resolver available? yes > [21668] dbg: dns: Net::DNS version: 0.60 > [21668] dbg: ignore: test message to precompile patterns and load > modules > [21668] dbg: config: using "/etc/mail/spamassassin" for site rules pre > files > [21668] dbg: config: read file /etc/mail/spamassassin/init.pre > [21668] dbg: config: read file /etc/mail/spamassassin/v310.pre > [21668] dbg: config: read file /etc/mail/spamassassin/v312.pre > [21668] dbg: config: using "/usr/share/spamassassin" for sys rules pre > files > [21668] dbg: config: using "/usr/share/spamassassin" for default rules > dir > [21668] dbg: config: read file > /usr/share/spamassassin/10_default_prefs.cf > [21668] dbg: config: read file /usr/share/spamassassin/10_misc.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf > [21668] dbg: config: read file > /usr/share/spamassassin/20_anti_ratware.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_compensate.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_drugs.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_dynrdns.cf > [21668] dbg: config: read file > /usr/share/spamassassin/20_fake_helo_tests.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_imageinfo.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_phrases.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_porn.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_ratware.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_vbounce.cf > [21668] dbg: config: read file /usr/share/spamassassin/23_bayes.cf > [21668] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf > [21668] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf > [21668] dbg: config: read file /usr/share/spamassassin/25_asn.cf > [21668] dbg: config: read file > /usr/share/spamassassin/25_body_tests_es.cf > [21668] dbg: config: read file > /usr/share/spamassassin/25_body_tests_pl.cf > [21668] dbg: config: read file /usr/share/spamassassin/25_dcc.cf > [21668] dbg: config: read file /usr/share/spamassassin/25_dkim.cf > [21668] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf > [21668] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf > [21668] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf > [21668] dbg: config: read file /usr/share/spamassassin/25_razor2.cf > [21668] dbg: config: read file /usr/share/spamassassin/25_replace.cf > [21668] dbg: config: read file /usr/share/spamassassin/25_spf.cf > [21668] dbg: config: read file /usr/share/spamassassin/25_textcat.cf > [21668] dbg: config: read file /usr/share/spamassassin/25_uribl.cf > [21668] dbg: config: read file /usr/share/spamassassin/30_text_de.cf > [21668] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf > [21668] dbg: config: read file /usr/share/spamassassin/30_text_it.cf > [21668] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf > [21668] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf > [21668] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf > [21668] dbg: config: read file /usr/share/spamassassin/50_scores.cf > [21668] dbg: config: read file /usr/share/spamassassin/60_awl.cf > [21668] dbg: config: read file > /usr/share/spamassassin/60_shortcircuit.cf > [21668] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf > [21668] dbg: config: read file > /usr/share/spamassassin/60_whitelist_dk.cf > [21668] dbg: config: read file > /usr/share/spamassassin/60_whitelist_dkim.cf > [21668] dbg: config: read file > /usr/share/spamassassin/60_whitelist_spf.cf > [21668] dbg: config: read file > /usr/share/spamassassin/60_whitelist_subject.cf > [21668] dbg: config: read file /usr/share/spamassassin/72_active.cf > [21668] dbg: config: using "/etc/mail/spamassassin" for site rules dir > [21668] dbg: config: read file /etc/mail/spamassassin/local.cf > [21668] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from > @INC > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from > @INC > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry > from @INC > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from > @INC > [21668] dbg: razor2: razor2 is available, version 2.84 > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC > [21668] dbg: dcc: network tests on, registering DCC > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC > [21668] dbg: pyzor: network tests on, attempting Pyzor > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from > @INC > [21668] dbg: razor2: razor2 is available, version 2.84 > [21668] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::Razor2=HASH(0xb3cdb30), already registered > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from > @INC > [21668] dbg: reporter: network tests on, attempting SpamCop > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC > [21668] dbg: plugin: loading > Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC > [21668] dbg: plugin: loading > Mail::SpamAssassin::Plugin::WhiteListSubject from @INC > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from > @INC > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags > from @INC > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry > from @INC > [21668] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xb823524), already > registered > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > [21668] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::SPF=HASH(0xb7d3ed8), already registered > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from > @INC > [21668] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xb30a6a8), already registered > config: configuration file "/usr/share/spamassassin/20_advance_fee.cf" > requires version 3.001009 of SpamAssassin, but this is code version > 3.002003. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/20_advance_fee.cf" requires version 3.001009 of > SpamAssassin, but this is code version 3.002003. Maybe you need to use > the -C switch, or remove the old config files? Skipping this file > config: configuration file "/usr/share/spamassassin/20_body_tests.cf" > requires version 3.001009 of SpamAssassin, but this is code version > 3.002003. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/20_body_tests.cf" requires version 3.001009 of > SpamAssassin, but this is code version 3.002003. Maybe you need to use > the -C switch, or remove the old config files? Skipping this file > config: configuration file "/usr/share/spamassassin/20_compensate.cf" > requires version 3.001009 of SpamAssassin, but this is code version > 3.002003. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/20_compensate.cf" requires version 3.001009 of > SpamAssassin, but this is code version 3.002003. Maybe you need to use > the -C switch, or remove the old config files? Skipping this file > config: configuration file "/usr/share/spamassassin/20_dnsbl_tests.cf" > requires version 3.001009 of SpamAssassin, but this is code version > 3.002003. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/20_dnsbl_tests.cf" requires version 3.001009 of > SpamAssassin, but this is code version 3.002003. Maybe you need to use > the -C switch, or remove the old config files? Skipping this file > config: configuration file "/usr/share/spamassassin/20_drugs.cf" > requires version 3.001009 of SpamAssassin, but this is code version > 3.002003. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/20_drugs.cf" requires version 3.001009 of > SpamAssassin, but this is code version 3.002003. Maybe you need to use > the -C switch, or remove the old config files? Skipping this file > config: configuration file > "/usr/share/spamassassin/20_fake_helo_tests.cf" requires version > 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you > need to use the -C switch, or remove the old config files? Skipping this > file at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm > line 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/20_fake_helo_tests.cf" requires version > 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you > need to use the -C switch, or remove the old config files? Skipping this > file > config: configuration file "/usr/share/spamassassin/20_head_tests.cf" > requires version 3.001009 of SpamAssassin, but this is code version > 3.002003. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/20_head_tests.cf" requires version 3.001009 of > SpamAssassin, but this is code version 3.002003. Maybe you need to use > the -C switch, or remove the old config files? Skipping this file > config: configuration file "/usr/share/spamassassin/20_html_tests.cf" > requires version 3.001009 of SpamAssassin, but this is code version > 3.002003. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/20_html_tests.cf" requires version 3.001009 of > SpamAssassin, but this is code version 3.002003. Maybe you need to use > the -C switch, or remove the old config files? Skipping this file > config: configuration file "/usr/share/spamassassin/20_meta_tests.cf" > requires version 3.001009 of SpamAssassin, but this is code version > 3.002003. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/20_meta_tests.cf" requires version 3.001009 of > SpamAssassin, but this is code version 3.002003. Maybe you need to use > the -C switch, or remove the old config files? Skipping this file > config: configuration file "/usr/share/spamassassin/20_net_tests.cf" > requires version 3.001009 of SpamAssassin, but this is code version > 3.002003. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/20_net_tests.cf" requires version 3.001009 of > SpamAssassin, but this is code version 3.002003. Maybe you need to use > the -C switch, or remove the old config files? Skipping this file > config: configuration file "/usr/share/spamassassin/20_phrases.cf" > requires version 3.001009 of SpamAssassin, but this is code version > 3.002003. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/20_phrases.cf" requires version 3.001009 of > SpamAssassin, but this is code version 3.002003. Maybe you need to use > the -C switch, or remove the old config files? Skipping this file > config: configuration file "/usr/share/spamassassin/20_porn.cf" requires > version 3.001009 of SpamAssassin, but this is code version 3.002003. > Maybe you need to use the -C switch, or remove the old config files? > Skipping this file at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/20_porn.cf" requires version 3.001009 of > SpamAssassin, but this is code version 3.002003. Maybe you need to use > the -C switch, or remove the old config files? Skipping this file > config: configuration file "/usr/share/spamassassin/20_uri_tests.cf" > requires version 3.001009 of SpamAssassin, but this is code version > 3.002003. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/20_uri_tests.cf" requires version 3.001009 of > SpamAssassin, but this is code version 3.002003. Maybe you need to use > the -C switch, or remove the old config files? Skipping this file > config: configuration file "/usr/share/spamassassin/23_bayes.cf" > requires version 3.001009 of SpamAssassin, but this is code version > 3.002003. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/23_bayes.cf" requires version 3.001009 of > SpamAssassin, but this is code version 3.002003. Maybe you need to use > the -C switch, or remove the old config files? Skipping this file > config: 'uridnsbl_timeout' is obsolete, use 'rbl_timeout' instead at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/URIDNSBL.pm line > 396. > [21668] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA > [21668] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E > [21668] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E > __MO_OL_F3B05 > [21668] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 > __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF > __XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01 > [21668] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA > [21668] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: > HS_SUBJ_NEW_SOFTWARE > [21668] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A > [21668] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 > __MO_OL_CF0C0 > [21668] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15 > KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6 > [21668] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C > __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1 > __XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8 > [21668] dbg: rules: __XM_OL_5E7ED merged duplicates: __XM_OL_D03AB > [21668] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 > __MO_OL_ADFF7 > [21668] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6 > [21668] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB > __MO_OL_7533E > [21668] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40 > [21668] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: __HAS_ANY_URI > [21668] dbg: rules: __XM_OL_C7C33 merged duplicates: __XM_OL_C9068 > __XM_OL_EF20B > [21668] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E > [21668] dbg: rules: __MO_OL_5E7ED merged duplicates: __MO_OL_C7C33 > [21668] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8 > [21668] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01 > [21668] dbg: conf: finish parsing > [21668] dbg: plugin: > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xb8234a0) implements > 'finish_parsing_end', priority 0 > [21668] dbg: replacetags: replacing tags > [21668] dbg: replacetags: done replacing tags > [21668] dbg: bayes: no dbs present, cannot tie DB R/O: > /root/.spamassassin/bayes_toks > [21668] dbg: config: score set 1 chosen. > [21668] dbg: message: main message type: text/plain > [21668] dbg: message: ---- MIME PARSER START ---- > [21668] dbg: message: parsing normal part > [21668] dbg: message: ---- MIME PARSER END ---- > [21668] dbg: bayes: no dbs present, cannot tie DB R/O: > /root/.spamassassin/bayes_toks > check: no loaded plugin implements 'check_main': cannot scan! at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line > 164. > > I see some errors that tell me SA is looking for an older version? And > this error at the end, I have no idea where to start there. > > Blaze King > Lake County Office of Education > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Martin.Hepworth > Sent: Monday, September 24, 2007 1:04 AM > To: MailScanner discussion > Subject: RE: mailscanner restarts when using spamassassin > > Blaze > > What does "MailScanner --debug --debug-sa" give you? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Blaze King > > Sent: 24 September 2007 04:55 > > To: MailScanner discussion > > Subject: RE: mailscanner restarts when using spamassassin > > > > An update: > > > > > > > > Sendmail is working fine now. (I had something wrong in the mc file). > > Now I've re-installed the tarball for ClamAV and SA and Mailscanner, > > doesn't seem to make any difference. I also used my old > MailScanner.conf > > from my old server (ver. 4.58). Nothing changes the results I was > finding > > below. Spam Checks work, but SpamAssassin isn't. Also, forgot to > mention > > previously, this is on CentOS 5. > > > > > > > > On top of that my MailWatch install has a feature I forgot how to > enable: > > Viewing the message body. > > > > > > > > Any ideas on what I'm probably doing wrong? > > > > > > > > Blaze King > > > > blazek@lake-coe.k12.ca.us > > > > > > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Blaze King > > Sent: Sunday, September 23, 2007 4:26 PM > > To: mailscanner@lists.mailscanner.info > > Subject: mailscanner restarts when using spamassassin > > > > > > > > Ok here's one that stumping me... > > > > > > > > This is a new installation... When I have "Use Spamassassin = yes" in > > MailScanner.conf, no messages are processed. When I set that to no, > then > > everything works ok. spamassassin -D --lint doesn't produce any > errors. > > Not sure if it's needed, but here's some background info: > > > > > > > > (also, as a note, I noticed while writing all this that sendmail is > giving > > me some trouble... users can't send, but system messages and aliases > still > > get sent... I don't know, maybe that's related) > > > > > > > > This is while installing onto a new server. Before installing > MailScanner > > and because I was using MailWatch, I imported my old database into > mysql > > on the new server. > > > > > > > > I followed the instructions in Quickinstall.txt: Installed > > > http://www.mailscanner.info/files/4/install-Clam-0.91.2-SA-3.2.3.tar.gz, > > then installed MailScanner version 4.63.8-1 (also tried latest beta), > > upgraded conf file. After starting MailScanner, I see this in the > > maillog: > > > > > > > > This is with Spam Checks = Yes and Use Spamassassin = yes > > > > > > > > Sep 23 11:22:21 mail MailScanner[28810]: MailScanner E-Mail Virus > Scanner > > version 4.64.1 starting... > > Sep 23 11:22:21 mail MailScanner[28810]: Read 797 hostnames from the > > phishing whitelist > > Sep 23 11:22:21 mail MailScanner[28810]: Read 1728 hostnames from the > > phishing blacklist > > Sep 23 11:22:21 mail MailScanner[28810]: Config: calling custom init > > function MailWatchLogging > > Sep 23 11:22:21 mail MailScanner[28810]: Started SQL Logging child > > Sep 23 11:22:21 mail MailScanner[28810]: SpamAssassin temporary > working > > directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > > Sep 23 11:22:21 mail MailScanner[28810]: Using SpamAssassin results > cache > > Sep 23 11:22:21 mail MailScanner[28810]: Connected to SpamAssassin > cache > > database > > Sep 23 11:22:26 mail MailScanner[28819]: MailScanner E-Mail Virus > Scanner > > version 4.64.1 starting... > > Sep 23 11:22:26 mail MailScanner[28819]: Read 797 hostnames from the > > phishing whitelist > > Sep 23 11:22:26 mail MailScanner[28819]: Read 1728 hostnames from the > > phishing blacklist > > Sep 23 11:22:26 mail MailScanner[28819]: Config: calling custom init > > function MailWatchLogging > > Sep 23 11:22:26 mail MailScanner[28819]: Started SQL Logging child > > Sep 23 11:22:26 mail MailScanner[28819]: SpamAssassin temporary > working > > directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > > Sep 23 11:22:26 mail MailScanner[28819]: Using SpamAssassin results > cache > > Sep 23 11:22:26 mail MailScanner[28819]: Connected to SpamAssassin > cache > > database > > Sep 23 11:22:31 mail MailScanner[28822]: MailScanner E-Mail Virus > Scanner > > version 4.64.1 starting... > > Sep 23 11:22:31 mail MailScanner[28822]: Read 797 hostnames from the > > phishing whitelist > > Sep 23 11:22:31 mail MailScanner[28822]: Read 1728 hostnames from the > > phishing blacklist > > Sep 23 11:22:31 mail MailScanner[28822]: Config: calling custom init > > function MailWatchLogging > > Sep 23 11:22:31 mail MailScanner[28822]: Started SQL Logging child > > Sep 23 11:22:31 mail MailScanner[28822]: SpamAssassin temporary > working > > directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > > Sep 23 11:22:31 mail MailScanner[28822]: Using SpamAssassin results > cache > > Sep 23 11:22:31 mail MailScanner[28822]: Connected to SpamAssassin > cache > > database > > > > (repeats over and over, same thing) > > > > > > > > Here's Spam Checks = Yes and Use Spamassassin = No > > > > > > > > Sep 23 11:24:42 mail MailScanner[29127]: MailScanner E-Mail Virus > Scanner > > version 4.64.1 starting... > > Sep 23 11:24:42 mail MailScanner[29127]: Read 797 hostnames from the > > phishing whitelist > > Sep 23 11:24:42 mail MailScanner[29127]: Read 1728 hostnames from the > > phishing blacklist > > Sep 23 11:24:42 mail MailScanner[29127]: Config: calling custom init > > function MailWatchLogging > > Sep 23 11:24:42 mail MailScanner[29127]: Started SQL Logging child > > Sep 23 11:24:42 mail MailScanner[29127]: SpamAssassin temporary > working > > directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > > Sep 23 11:24:42 mail MailScanner[29127]: Using locktype = posix > > Sep 23 11:24:42 mail MailScanner[29127]: Creating hardcoded > struct_flock > > subroutine for linux (Linux-type) > > Sep 23 11:25:19 mail MailScanner[29124]: New Batch: Scanning 1 > messages, > > 1520 bytes > > Sep 23 11:25:20 mail MailScanner[29124]: Spam Checks: Found 1 spam > > messages > > Sep 23 11:25:20 mail MailScanner[29124]: Virus and Content Scanning: > > Starting > > Sep 23 11:25:22 mail MailScanner[29124]: Uninfected: Delivered 1 > messages > > Sep 23 11:25:22 mail MailScanner[29124]: Logging message > l8NIPI9f029181 to > > SQL > > Sep 23 11:25:22 mail MailScanner[29091]: l8NIPI9f029181: Logged to > > MailWatch SQL > > > > (seems to work ok without spamassassin) > > > > > > > > > > > > Any ideas? Thanks! > > > > > > > > Blaze King > > > > Lake County Office of Education > > > > (707) 262-4147 > > > > > > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From stork at openenterprise.ca Mon Sep 24 17:29:17 2007 From: stork at openenterprise.ca (Johnny Stork) Date: Mon Sep 24 17:29:21 2007 Subject: Second AV Scanner Suggestions Message-ID: <46F7E5DD.1070607@openenterprise.ca> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070924/8cda2b4e/attachment.html From martinh at solidstatelogic.com Mon Sep 24 17:37:16 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Sep 24 17:37:22 2007 Subject: Second AV Scanner Suggestions In-Reply-To: <46F7E5DD.1070607@openenterprise.ca> Message-ID: Johnny Amavisd/new etc is sort of like MailScanner in that it glues, sa, anti-virus and its own checks into one lump. So using amavisd-new won't buy you anything other than a higher load average ;-) Kapersky seems to rate well, as does f-prot. I use Sophos as an extra myself. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Johnny Stork > Sent: 24 September 2007 17:29 > To: MailScanner discussion > Subject: Second AV Scanner Suggestions > > I just went through a clean re-install of MS/SA etc and thought I might > like to add a second scanner beyond clamav. What would most people suggest > for a second av engine, maybe amavisd?. Are there any tips/howtos on > setting up some of these other engines? > > > > > -- > Johnny Stork > Business & Technology Consultant > stork@openenterprise.ca > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From mkettler at evi-inc.com Mon Sep 24 17:46:10 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Sep 24 17:46:23 2007 Subject: Second AV Scanner Suggestions In-Reply-To: <46F7E5DD.1070607@openenterprise.ca> References: <46F7E5DD.1070607@openenterprise.ca> Message-ID: <46F7E9D2.40503@evi-inc.com> Johnny Stork wrote: > I just went through a clean re-install of MS/SA etc and thought I might > like to add a second scanner beyond clamav. What would most people > suggest for a second av engine, maybe amavisd?. Amavis isn't a virus scanner. Amavis, like MailScanner, is a tool to integrate your choice of AV's into your mail system. Personally, I'd recommend bitdefender as a second AV engine. Last I checked they had a free linux command-line scanner that MS can use. > Are there any > tips/howtos on setting up some of these other engines? install it, and in MailScanner.conf and add the appropriate AV's to your "virus scanners" line: ie: Virus Scanners = clamav bitdefender See the comments above that line in MailScanner.conf for details. From list-mailscanner at linguaphone.com Mon Sep 24 18:01:35 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Sep 24 18:01:37 2007 Subject: Second AV Scanner Suggestions In-Reply-To: <46F7E9D2.40503@evi-inc.com> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Matt > Kettler > Sent: 24 September 2007 17:46 > To: MailScanner discussion > Subject: Re: Second AV Scanner Suggestions > > > Johnny Stork wrote: > > I just went through a clean re-install of MS/SA etc and thought I might > > like to add a second scanner beyond clamav. What would most people > > suggest for a second av engine, maybe amavisd?. > > Amavis isn't a virus scanner. Amavis, like MailScanner, is a tool > to integrate > your choice of AV's into your mail system. > > Personally, I'd recommend bitdefender as a second AV engine. Last > I checked they > had a free linux command-line scanner that MS can use. Unfortunetly the new release has a different license and is no longer free. From blazek at lake-coe.k12.ca.us Mon Sep 24 18:05:44 2007 From: blazek at lake-coe.k12.ca.us (Blaze King) Date: Mon Sep 24 18:05:12 2007 Subject: mailscanner restarts when using spamassassin In-Reply-To: <08e3e91c8f20c44bac27b8419e76641c@solidstatelogic.com> References: <08e3e91c8f20c44bac27b8419e76641c@solidstatelogic.com> Message-ID: Yum must have automatically updated SA from the initial install... Ok I removed that, re-installed Julian's script for Clam and SA, and now when I debug this is what I see: In Debugging mode, not forking... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp [21353] dbg: logger: adding facilities: all [21353] dbg: logger: logging level is DBG [21353] dbg: generic: SpamAssassin version 3.2.3 [21353] dbg: config: score set 0 chosen. [21353] dbg: util: running in taint mode? no [21353] dbg: dns: is Net::DNS::Resolver available? yes [21353] dbg: dns: Net::DNS version: 0.60 [21353] dbg: ignore: test message to precompile patterns and load modules [21353] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [21353] dbg: config: using "/usr/share/spamassassin" for sys rules pre files [21353] dbg: config: using "/usr/share/spamassassin" for default rules dir [21353] dbg: config: read file /usr/share/spamassassin/10_default_prefs.cf [21353] dbg: config: read file /usr/share/spamassassin/20_dynrdns.cf [21353] dbg: config: read file /usr/share/spamassassin/20_imageinfo.cf [21353] dbg: config: read file /usr/share/spamassassin/20_vbounce.cf [21353] dbg: config: read file /usr/share/spamassassin/25_asn.cf [21353] dbg: config: read file /usr/share/spamassassin/60_shortcircuit.cf [21353] dbg: config: read file /usr/share/spamassassin/72_active.cf [21353] dbg: config: using "/etc/mail/spamassassin" for site rules dir [21353] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf [21353] info: config: failed to parse line, skipping, in "/etc/mail/spamassassin/mailscanner.cf": use_auto_whitelist 0 [21353] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E [21353] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E __MO_OL_F3B05 [21353] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA [21353] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF __XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01 [21353] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA [21353] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: HS_SUBJ_NEW_SOFTWARE [21353] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A [21353] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 __MO_OL_CF0C0 [21353] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15 KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6 [21353] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1 __XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8 [21353] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 __MO_OL_ADFF7 [21353] dbg: rules: __XM_OL_5E7ED merged duplicates: __XM_OL_D03AB [21353] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6 [21353] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB __MO_OL_7533E [21353] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40 [21353] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: __HAS_ANY_URI [21353] dbg: rules: __XM_OL_C7C33 merged duplicates: __XM_OL_C9068 __XM_OL_EF20B [21353] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E [21353] dbg: rules: __MO_OL_5E7ED merged duplicates: __MO_OL_C7C33 [21353] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8 [21353] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01 [21353] dbg: conf: finish parsing [21353] dbg: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks [21353] dbg: config: score set 1 chosen. [21353] dbg: message: main message type: text/plain [21353] dbg: message: ---- MIME PARSER START ---- [21353] dbg: message: parsing normal part [21353] dbg: message: ---- MIME PARSER END ---- [21353] dbg: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks check: no loaded plugin implements 'check_main': cannot scan! at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 164. Blaze King Lake County Office of Education -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth Sent: Monday, September 24, 2007 8:55 AM To: MailScanner discussion Subject: RE: mailscanner restarts when using spamassassin Blaze Looks like you got 2 different spamassassins installed and MailScanner is looking for an 'old' one. I'd say you 'upgraded' SA using a different method to how you originally installed it.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Blaze King > Sent: 24 September 2007 16:37 > To: MailScanner discussion > Subject: RE: mailscanner restarts when using spamassassin > > Here's what the debug gives me: > > [root@mail ~]# MailScanner --debug --debug-sa > In Debugging mode, not forking... > SpamAssassin temp dir = > /var/spool/MailScanner/incoming/SpamAssassin-Temp > [21668] dbg: logger: adding facilities: all > [21668] dbg: logger: logging level is DBG > [21668] dbg: generic: SpamAssassin version 3.2.3 > [21668] dbg: config: score set 0 chosen. > [21668] dbg: util: running in taint mode? no > [21668] dbg: dns: is Net::DNS::Resolver available? yes > [21668] dbg: dns: Net::DNS version: 0.60 > [21668] dbg: ignore: test message to precompile patterns and load > modules > [21668] dbg: config: using "/etc/mail/spamassassin" for site rules pre > files > [21668] dbg: config: read file /etc/mail/spamassassin/init.pre > [21668] dbg: config: read file /etc/mail/spamassassin/v310.pre > [21668] dbg: config: read file /etc/mail/spamassassin/v312.pre > [21668] dbg: config: using "/usr/share/spamassassin" for sys rules pre > files > [21668] dbg: config: using "/usr/share/spamassassin" for default rules > dir > [21668] dbg: config: read file > /usr/share/spamassassin/10_default_prefs.cf > [21668] dbg: config: read file /usr/share/spamassassin/10_misc.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf > [21668] dbg: config: read file > /usr/share/spamassassin/20_anti_ratware.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_compensate.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_drugs.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_dynrdns.cf > [21668] dbg: config: read file > /usr/share/spamassassin/20_fake_helo_tests.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_imageinfo.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_phrases.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_porn.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_ratware.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf > [21668] dbg: config: read file /usr/share/spamassassin/20_vbounce.cf > [21668] dbg: config: read file /usr/share/spamassassin/23_bayes.cf > [21668] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf > [21668] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf > [21668] dbg: config: read file /usr/share/spamassassin/25_asn.cf > [21668] dbg: config: read file > /usr/share/spamassassin/25_body_tests_es.cf > [21668] dbg: config: read file > /usr/share/spamassassin/25_body_tests_pl.cf > [21668] dbg: config: read file /usr/share/spamassassin/25_dcc.cf > [21668] dbg: config: read file /usr/share/spamassassin/25_dkim.cf > [21668] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf > [21668] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf > [21668] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf > [21668] dbg: config: read file /usr/share/spamassassin/25_razor2.cf > [21668] dbg: config: read file /usr/share/spamassassin/25_replace.cf > [21668] dbg: config: read file /usr/share/spamassassin/25_spf.cf > [21668] dbg: config: read file /usr/share/spamassassin/25_textcat.cf > [21668] dbg: config: read file /usr/share/spamassassin/25_uribl.cf > [21668] dbg: config: read file /usr/share/spamassassin/30_text_de.cf > [21668] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf > [21668] dbg: config: read file /usr/share/spamassassin/30_text_it.cf > [21668] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf > [21668] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf > [21668] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf > [21668] dbg: config: read file /usr/share/spamassassin/50_scores.cf > [21668] dbg: config: read file /usr/share/spamassassin/60_awl.cf > [21668] dbg: config: read file > /usr/share/spamassassin/60_shortcircuit.cf > [21668] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf > [21668] dbg: config: read file > /usr/share/spamassassin/60_whitelist_dk.cf > [21668] dbg: config: read file > /usr/share/spamassassin/60_whitelist_dkim.cf > [21668] dbg: config: read file > /usr/share/spamassassin/60_whitelist_spf.cf > [21668] dbg: config: read file > /usr/share/spamassassin/60_whitelist_subject.cf > [21668] dbg: config: read file /usr/share/spamassassin/72_active.cf > [21668] dbg: config: using "/etc/mail/spamassassin" for site rules dir > [21668] dbg: config: read file /etc/mail/spamassassin/local.cf > [21668] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from > @INC > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from > @INC > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry > from @INC > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from > @INC > [21668] dbg: razor2: razor2 is available, version 2.84 > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC > [21668] dbg: dcc: network tests on, registering DCC > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC > [21668] dbg: pyzor: network tests on, attempting Pyzor > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from > @INC > [21668] dbg: razor2: razor2 is available, version 2.84 > [21668] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::Razor2=HASH(0xb3cdb30), already registered > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from > @INC > [21668] dbg: reporter: network tests on, attempting SpamCop > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC > [21668] dbg: plugin: loading > Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC > [21668] dbg: plugin: loading > Mail::SpamAssassin::Plugin::WhiteListSubject from @INC > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from > @INC > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags > from @INC > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry > from @INC > [21668] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xb823524), already > registered > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > [21668] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::SPF=HASH(0xb7d3ed8), already registered > [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from > @INC > [21668] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xb30a6a8), already registered > config: configuration file "/usr/share/spamassassin/20_advance_fee.cf" > requires version 3.001009 of SpamAssassin, but this is code version > 3.002003. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/20_advance_fee.cf" requires version 3.001009 of > SpamAssassin, but this is code version 3.002003. Maybe you need to use > the -C switch, or remove the old config files? Skipping this file > config: configuration file "/usr/share/spamassassin/20_body_tests.cf" > requires version 3.001009 of SpamAssassin, but this is code version > 3.002003. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/20_body_tests.cf" requires version 3.001009 of > SpamAssassin, but this is code version 3.002003. Maybe you need to use > the -C switch, or remove the old config files? Skipping this file > config: configuration file "/usr/share/spamassassin/20_compensate.cf" > requires version 3.001009 of SpamAssassin, but this is code version > 3.002003. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/20_compensate.cf" requires version 3.001009 of > SpamAssassin, but this is code version 3.002003. Maybe you need to use > the -C switch, or remove the old config files? Skipping this file > config: configuration file "/usr/share/spamassassin/20_dnsbl_tests.cf" > requires version 3.001009 of SpamAssassin, but this is code version > 3.002003. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/20_dnsbl_tests.cf" requires version 3.001009 of > SpamAssassin, but this is code version 3.002003. Maybe you need to use > the -C switch, or remove the old config files? Skipping this file > config: configuration file "/usr/share/spamassassin/20_drugs.cf" > requires version 3.001009 of SpamAssassin, but this is code version > 3.002003. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/20_drugs.cf" requires version 3.001009 of > SpamAssassin, but this is code version 3.002003. Maybe you need to use > the -C switch, or remove the old config files? Skipping this file > config: configuration file > "/usr/share/spamassassin/20_fake_helo_tests.cf" requires version > 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you > need to use the -C switch, or remove the old config files? Skipping this > file at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm > line 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/20_fake_helo_tests.cf" requires version > 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you > need to use the -C switch, or remove the old config files? Skipping this > file > config: configuration file "/usr/share/spamassassin/20_head_tests.cf" > requires version 3.001009 of SpamAssassin, but this is code version > 3.002003. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/20_head_tests.cf" requires version 3.001009 of > SpamAssassin, but this is code version 3.002003. Maybe you need to use > the -C switch, or remove the old config files? Skipping this file > config: configuration file "/usr/share/spamassassin/20_html_tests.cf" > requires version 3.001009 of SpamAssassin, but this is code version > 3.002003. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/20_html_tests.cf" requires version 3.001009 of > SpamAssassin, but this is code version 3.002003. Maybe you need to use > the -C switch, or remove the old config files? Skipping this file > config: configuration file "/usr/share/spamassassin/20_meta_tests.cf" > requires version 3.001009 of SpamAssassin, but this is code version > 3.002003. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/20_meta_tests.cf" requires version 3.001009 of > SpamAssassin, but this is code version 3.002003. Maybe you need to use > the -C switch, or remove the old config files? Skipping this file > config: configuration file "/usr/share/spamassassin/20_net_tests.cf" > requires version 3.001009 of SpamAssassin, but this is code version > 3.002003. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/20_net_tests.cf" requires version 3.001009 of > SpamAssassin, but this is code version 3.002003. Maybe you need to use > the -C switch, or remove the old config files? Skipping this file > config: configuration file "/usr/share/spamassassin/20_phrases.cf" > requires version 3.001009 of SpamAssassin, but this is code version > 3.002003. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/20_phrases.cf" requires version 3.001009 of > SpamAssassin, but this is code version 3.002003. Maybe you need to use > the -C switch, or remove the old config files? Skipping this file > config: configuration file "/usr/share/spamassassin/20_porn.cf" requires > version 3.001009 of SpamAssassin, but this is code version 3.002003. > Maybe you need to use the -C switch, or remove the old config files? > Skipping this file at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/20_porn.cf" requires version 3.001009 of > SpamAssassin, but this is code version 3.002003. Maybe you need to use > the -C switch, or remove the old config files? Skipping this file > config: configuration file "/usr/share/spamassassin/20_uri_tests.cf" > requires version 3.001009 of SpamAssassin, but this is code version > 3.002003. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/20_uri_tests.cf" requires version 3.001009 of > SpamAssassin, but this is code version 3.002003. Maybe you need to use > the -C switch, or remove the old config files? Skipping this file > config: configuration file "/usr/share/spamassassin/23_bayes.cf" > requires version 3.001009 of SpamAssassin, but this is code version > 3.002003. Maybe you need to use the -C switch, or remove the old config > files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > 372. > [21668] info: config: configuration file > "/usr/share/spamassassin/23_bayes.cf" requires version 3.001009 of > SpamAssassin, but this is code version 3.002003. Maybe you need to use > the -C switch, or remove the old config files? Skipping this file > config: 'uridnsbl_timeout' is obsolete, use 'rbl_timeout' instead at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/URIDNSBL.pm line > 396. > [21668] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA > [21668] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E > [21668] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E > __MO_OL_F3B05 > [21668] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 > __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF > __XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01 > [21668] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA > [21668] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: > HS_SUBJ_NEW_SOFTWARE > [21668] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A > [21668] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 > __MO_OL_CF0C0 > [21668] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15 > KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6 > [21668] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C > __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1 > __XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8 > [21668] dbg: rules: __XM_OL_5E7ED merged duplicates: __XM_OL_D03AB > [21668] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 > __MO_OL_ADFF7 > [21668] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6 > [21668] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB > __MO_OL_7533E > [21668] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40 > [21668] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: __HAS_ANY_URI > [21668] dbg: rules: __XM_OL_C7C33 merged duplicates: __XM_OL_C9068 > __XM_OL_EF20B > [21668] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E > [21668] dbg: rules: __MO_OL_5E7ED merged duplicates: __MO_OL_C7C33 > [21668] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8 > [21668] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01 > [21668] dbg: conf: finish parsing > [21668] dbg: plugin: > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xb8234a0) implements > 'finish_parsing_end', priority 0 > [21668] dbg: replacetags: replacing tags > [21668] dbg: replacetags: done replacing tags > [21668] dbg: bayes: no dbs present, cannot tie DB R/O: > /root/.spamassassin/bayes_toks > [21668] dbg: config: score set 1 chosen. > [21668] dbg: message: main message type: text/plain > [21668] dbg: message: ---- MIME PARSER START ---- > [21668] dbg: message: parsing normal part > [21668] dbg: message: ---- MIME PARSER END ---- > [21668] dbg: bayes: no dbs present, cannot tie DB R/O: > /root/.spamassassin/bayes_toks > check: no loaded plugin implements 'check_main': cannot scan! at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line > 164. > > I see some errors that tell me SA is looking for an older version? And > this error at the end, I have no idea where to start there. > > Blaze King > Lake County Office of Education > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Martin.Hepworth > Sent: Monday, September 24, 2007 1:04 AM > To: MailScanner discussion > Subject: RE: mailscanner restarts when using spamassassin > > Blaze > > What does "MailScanner --debug --debug-sa" give you? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Blaze King > > Sent: 24 September 2007 04:55 > > To: MailScanner discussion > > Subject: RE: mailscanner restarts when using spamassassin > > > > An update: > > > > > > > > Sendmail is working fine now. (I had something wrong in the mc file). > > Now I've re-installed the tarball for ClamAV and SA and Mailscanner, > > doesn't seem to make any difference. I also used my old > MailScanner.conf > > from my old server (ver. 4.58). Nothing changes the results I was > finding > > below. Spam Checks work, but SpamAssassin isn't. Also, forgot to > mention > > previously, this is on CentOS 5. > > > > > > > > On top of that my MailWatch install has a feature I forgot how to > enable: > > Viewing the message body. > > > > > > > > Any ideas on what I'm probably doing wrong? > > > > > > > > Blaze King > > > > blazek@lake-coe.k12.ca.us > > > > > > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Blaze King > > Sent: Sunday, September 23, 2007 4:26 PM > > To: mailscanner@lists.mailscanner.info > > Subject: mailscanner restarts when using spamassassin > > > > > > > > Ok here's one that stumping me... > > > > > > > > This is a new installation... When I have "Use Spamassassin = yes" in > > MailScanner.conf, no messages are processed. When I set that to no, > then > > everything works ok. spamassassin -D --lint doesn't produce any > errors. > > Not sure if it's needed, but here's some background info: > > > > > > > > (also, as a note, I noticed while writing all this that sendmail is > giving > > me some trouble... users can't send, but system messages and aliases > still > > get sent... I don't know, maybe that's related) > > > > > > > > This is while installing onto a new server. Before installing > MailScanner > > and because I was using MailWatch, I imported my old database into > mysql > > on the new server. > > > > > > > > I followed the instructions in Quickinstall.txt: Installed > > > http://www.mailscanner.info/files/4/install-Clam-0.91.2-SA-3.2.3.tar.gz, > > then installed MailScanner version 4.63.8-1 (also tried latest beta), > > upgraded conf file. After starting MailScanner, I see this in the > > maillog: > > > > > > > > This is with Spam Checks = Yes and Use Spamassassin = yes > > > > > > > > Sep 23 11:22:21 mail MailScanner[28810]: MailScanner E-Mail Virus > Scanner > > version 4.64.1 starting... > > Sep 23 11:22:21 mail MailScanner[28810]: Read 797 hostnames from the > > phishing whitelist > > Sep 23 11:22:21 mail MailScanner[28810]: Read 1728 hostnames from the > > phishing blacklist > > Sep 23 11:22:21 mail MailScanner[28810]: Config: calling custom init > > function MailWatchLogging > > Sep 23 11:22:21 mail MailScanner[28810]: Started SQL Logging child > > Sep 23 11:22:21 mail MailScanner[28810]: SpamAssassin temporary > working > > directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > > Sep 23 11:22:21 mail MailScanner[28810]: Using SpamAssassin results > cache > > Sep 23 11:22:21 mail MailScanner[28810]: Connected to SpamAssassin > cache > > database > > Sep 23 11:22:26 mail MailScanner[28819]: MailScanner E-Mail Virus > Scanner > > version 4.64.1 starting... > > Sep 23 11:22:26 mail MailScanner[28819]: Read 797 hostnames from the > > phishing whitelist > > Sep 23 11:22:26 mail MailScanner[28819]: Read 1728 hostnames from the > > phishing blacklist > > Sep 23 11:22:26 mail MailScanner[28819]: Config: calling custom init > > function MailWatchLogging > > Sep 23 11:22:26 mail MailScanner[28819]: Started SQL Logging child > > Sep 23 11:22:26 mail MailScanner[28819]: SpamAssassin temporary > working > > directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > > Sep 23 11:22:26 mail MailScanner[28819]: Using SpamAssassin results > cache > > Sep 23 11:22:26 mail MailScanner[28819]: Connected to SpamAssassin > cache > > database > > Sep 23 11:22:31 mail MailScanner[28822]: MailScanner E-Mail Virus > Scanner > > version 4.64.1 starting... > > Sep 23 11:22:31 mail MailScanner[28822]: Read 797 hostnames from the > > phishing whitelist > > Sep 23 11:22:31 mail MailScanner[28822]: Read 1728 hostnames from the > > phishing blacklist > > Sep 23 11:22:31 mail MailScanner[28822]: Config: calling custom init > > function MailWatchLogging > > Sep 23 11:22:31 mail MailScanner[28822]: Started SQL Logging child > > Sep 23 11:22:31 mail MailScanner[28822]: SpamAssassin temporary > working > > directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > > Sep 23 11:22:31 mail MailScanner[28822]: Using SpamAssassin results > cache > > Sep 23 11:22:31 mail MailScanner[28822]: Connected to SpamAssassin > cache > > database > > > > (repeats over and over, same thing) > > > > > > > > Here's Spam Checks = Yes and Use Spamassassin = No > > > > > > > > Sep 23 11:24:42 mail MailScanner[29127]: MailScanner E-Mail Virus > Scanner > > version 4.64.1 starting... > > Sep 23 11:24:42 mail MailScanner[29127]: Read 797 hostnames from the > > phishing whitelist > > Sep 23 11:24:42 mail MailScanner[29127]: Read 1728 hostnames from the > > phishing blacklist > > Sep 23 11:24:42 mail MailScanner[29127]: Config: calling custom init > > function MailWatchLogging > > Sep 23 11:24:42 mail MailScanner[29127]: Started SQL Logging child > > Sep 23 11:24:42 mail MailScanner[29127]: SpamAssassin temporary > working > > directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > > Sep 23 11:24:42 mail MailScanner[29127]: Using locktype = posix > > Sep 23 11:24:42 mail MailScanner[29127]: Creating hardcoded > struct_flock > > subroutine for linux (Linux-type) > > Sep 23 11:25:19 mail MailScanner[29124]: New Batch: Scanning 1 > messages, > > 1520 bytes > > Sep 23 11:25:20 mail MailScanner[29124]: Spam Checks: Found 1 spam > > messages > > Sep 23 11:25:20 mail MailScanner[29124]: Virus and Content Scanning: > > Starting > > Sep 23 11:25:22 mail MailScanner[29124]: Uninfected: Delivered 1 > messages > > Sep 23 11:25:22 mail MailScanner[29124]: Logging message > l8NIPI9f029181 to > > SQL > > Sep 23 11:25:22 mail MailScanner[29091]: l8NIPI9f029181: Logged to > > MailWatch SQL > > > > (seems to work ok without spamassassin) > > > > > > > > > > > > Any ideas? Thanks! > > > > > > > > Blaze King > > > > Lake County Office of Education > > > > (707) 262-4147 > > > > > > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Kevin_Miller at ci.juneau.ak.us Mon Sep 24 18:08:20 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Sep 24 18:07:49 2007 Subject: Second AV Scanner Suggestions In-Reply-To: <46F7E5DD.1070607@openenterprise.ca> References: <46F7E5DD.1070607@openenterprise.ca> Message-ID: I'm partial to F-Secure - seems to do a good job for us at a reasonable price... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Johnny Stork Sent: Monday, September 24, 2007 8:29 AM To: MailScanner discussion Subject: Second AV Scanner Suggestions I just went through a clean re-install of MS/SA etc and thought I might like to add a second scanner beyond clamav. What would most people suggest for a second av engine, maybe amavisd?. Are there any tips/howtos on setting up some of these other engines? -- Johnny Stork Business & Technology Consultant stork@openenterprise.ca From mkettler at evi-inc.com Mon Sep 24 18:11:01 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Sep 24 18:11:18 2007 Subject: Second AV Scanner Suggestions In-Reply-To: References: Message-ID: <46F7EFA5.9020202@evi-inc.com> Gareth wrote: >> Personally, I'd recommend bitdefender as a second AV engine. Last >> I checked they >> had a free linux command-line scanner that MS can use. > > Unfortunetly the new release has a different license and is no longer free. > Ahh, I see you are correct. It's now free for "personal use only" (ie: home use). No commercial or business use is allowed for free anymore. See also: http://download.bitdefender.com/SMB/Workstation_Security_and_Management/BitDefender_Antivirus_Scanner_for_Unices/Unix/Current/EN/Version_7.x/Linux/EULA http://www.bitdefender.com/site/Buy/description/39/BitDefender-Antivirus-Scanner-for-Unices.html From dyioulos at firstbhph.com Mon Sep 24 18:33:43 2007 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Mon Sep 24 18:32:52 2007 Subject: Second AV Scanner Suggestions In-Reply-To: <46F7EFA5.9020202@evi-inc.com> References: <46F7EFA5.9020202@evi-inc.com> Message-ID: <200709241333.44303.dyioulos@firstbhph.com> On Monday 24 September 2007 1:11 pm, Matt Kettler wrote: > Gareth wrote: > >> Personally, I'd recommend bitdefender as a second AV engine. Last > >> I checked they > >> had a free linux command-line scanner that MS can use. > > > > Unfortunetly the new release has a different license and is no longer > > free. > > Ahh, I see you are correct. It's now free for "personal use only" (ie: home > use). No commercial or business use is allowed for free anymore. > > > See also: > > http://download.bitdefender.com/SMB/Workstation_Security_and_Management/Bit >Defender_Antivirus_Scanner_for_Unices/Unix/Current/EN/Version_7.x/Linux/EULA > > http://www.bitdefender.com/site/Buy/description/39/BitDefender-Antivirus-Sc >anner-for-Unices.html > > -- Does that license now apply to the once-available console version? Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From list-mailscanner at linguaphone.com Mon Sep 24 18:47:22 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Sep 24 18:47:28 2007 Subject: Second AV Scanner Suggestions In-Reply-To: <200709241333.44303.dyioulos@firstbhph.com> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Dimitri > Yioulos > Sent: 24 September 2007 18:34 > To: MailScanner discussion > Subject: Re: Second AV Scanner Suggestions > > > On Monday 24 September 2007 1:11 pm, Matt Kettler wrote: > > Gareth wrote: > > >> Personally, I'd recommend bitdefender as a second AV engine. Last > > >> I checked they > > >> had a free linux command-line scanner that MS can use. > > > > > > Unfortunetly the new release has a different license and is no longer > > > free. > > > > Ahh, I see you are correct. It's now free for "personal use > only" (ie: home > > use). No commercial or business use is allowed for free anymore. > > > > > > See also: > > > > > http://download.bitdefender.com/SMB/Workstation_Security_and_Manag > ement/Bit > >Defender_Antivirus_Scanner_for_Unices/Unix/Current/EN/Version_7.x > /Linux/EULA > > > > > http://www.bitdefender.com/site/Buy/description/39/BitDefender-Ant > ivirus-Sc > >anner-for-Unices.html > > > > -- > > Does that license now apply to the once-available console version? > They cant change the version after the fact so no it doesnt. I expect they will stop supporting and making signatures for the old version at some point though. From dyioulos at firstbhph.com Mon Sep 24 18:57:01 2007 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Mon Sep 24 18:56:07 2007 Subject: Second AV Scanner Suggestions In-Reply-To: References: Message-ID: <200709241357.01840.dyioulos@firstbhph.com> On Monday 24 September 2007 1:47 pm, Gareth wrote: > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Dimitri > > Yioulos > > Sent: 24 September 2007 18:34 > > To: MailScanner discussion > > Subject: Re: Second AV Scanner Suggestions > > > > On Monday 24 September 2007 1:11 pm, Matt Kettler wrote: > > > Gareth wrote: > > > >> Personally, I'd recommend bitdefender as a second AV engine. Last > > > >> I checked they > > > >> had a free linux command-line scanner that MS can use. > > > > > > > > Unfortunetly the new release has a different license and is no longer > > > > free. > > > > > > Ahh, I see you are correct. It's now free for "personal use > > > > only" (ie: home > > > > > use). No commercial or business use is allowed for free anymore. > > > > > > > > > See also: > > > > http://download.bitdefender.com/SMB/Workstation_Security_and_Manag > > ement/Bit > > > > >Defender_Antivirus_Scanner_for_Unices/Unix/Current/EN/Version_7.x > > > > /Linux/EULA > > > > > > http://www.bitdefender.com/site/Buy/description/39/BitDefender-Ant > > ivirus-Sc > > > > >anner-for-Unices.html > > > > > > -- > > > > Does that license now apply to the once-available console version? > > They cant change the version after the fact so no it doesnt. I expect they > will stop supporting and making signatures for the old version at some > point though. > Bummer. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Sep 24 18:57:27 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 24 18:57:59 2007 Subject: mailscanner restarts when using spamassassin In-Reply-To: References: <08e3e91c8f20c44bac27b8419e76641c@solidstatelogic.com> Message-ID: <46F7FA87.8000006@ecs.soton.ac.uk> Blaze King wrote: > Yum must have automatically updated SA from the initial install... Ok I > removed that, re-installed Julian's script for Clam and SA, and now when > I debug this is what I see: > > check: no loaded plugin implements 'check_main': cannot scan! at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line > 164. > You have screwed your /etc/mail/spamassassin/*.pre files. The following lines must appear in v320.pre, as well as a whole load of other loadplugin lines: # Check - Provides main check functionality # loadplugin Mail::SpamAssassin::Plugin::Check Otherwise SpamAssassin won't actually do anything! > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Martin.Hepworth > Sent: Monday, September 24, 2007 8:55 AM > To: MailScanner discussion > Subject: RE: mailscanner restarts when using spamassassin > > Blaze > > Looks like you got 2 different spamassassins installed and MailScanner > is looking for an 'old' one. > > I'd say you 'upgraded' SA using a different method to how you originally > installed it.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Blaze King >> Sent: 24 September 2007 16:37 >> To: MailScanner discussion >> Subject: RE: mailscanner restarts when using spamassassin >> >> Here's what the debug gives me: >> >> [root@mail ~]# MailScanner --debug --debug-sa >> In Debugging mode, not forking... >> SpamAssassin temp dir = >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >> [21668] dbg: logger: adding facilities: all >> [21668] dbg: logger: logging level is DBG >> [21668] dbg: generic: SpamAssassin version 3.2.3 >> [21668] dbg: config: score set 0 chosen. >> [21668] dbg: util: running in taint mode? no >> [21668] dbg: dns: is Net::DNS::Resolver available? yes >> [21668] dbg: dns: Net::DNS version: 0.60 >> [21668] dbg: ignore: test message to precompile patterns and load >> modules >> [21668] dbg: config: using "/etc/mail/spamassassin" for site rules pre >> files >> [21668] dbg: config: read file /etc/mail/spamassassin/init.pre >> [21668] dbg: config: read file /etc/mail/spamassassin/v310.pre >> [21668] dbg: config: read file /etc/mail/spamassassin/v312.pre >> [21668] dbg: config: using "/usr/share/spamassassin" for sys rules pre >> files >> [21668] dbg: config: using "/usr/share/spamassassin" for default rules >> dir >> [21668] dbg: config: read file >> /usr/share/spamassassin/10_default_prefs.cf >> [21668] dbg: config: read file /usr/share/spamassassin/10_misc.cf >> [21668] dbg: config: read file >> > /usr/share/spamassassin/20_advance_fee.cf > >> [21668] dbg: config: read file >> /usr/share/spamassassin/20_anti_ratware.cf >> [21668] dbg: config: read file >> > /usr/share/spamassassin/20_body_tests.cf > >> [21668] dbg: config: read file >> > /usr/share/spamassassin/20_compensate.cf > >> [21668] dbg: config: read file >> > /usr/share/spamassassin/20_dnsbl_tests.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/20_drugs.cf >> [21668] dbg: config: read file /usr/share/spamassassin/20_dynrdns.cf >> [21668] dbg: config: read file >> /usr/share/spamassassin/20_fake_helo_tests.cf >> [21668] dbg: config: read file >> > /usr/share/spamassassin/20_head_tests.cf > >> [21668] dbg: config: read file >> > /usr/share/spamassassin/20_html_tests.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/20_imageinfo.cf >> [21668] dbg: config: read file >> > /usr/share/spamassassin/20_meta_tests.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf >> [21668] dbg: config: read file /usr/share/spamassassin/20_phrases.cf >> [21668] dbg: config: read file /usr/share/spamassassin/20_porn.cf >> [21668] dbg: config: read file /usr/share/spamassassin/20_ratware.cf >> [21668] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf >> [21668] dbg: config: read file /usr/share/spamassassin/20_vbounce.cf >> [21668] dbg: config: read file /usr/share/spamassassin/23_bayes.cf >> [21668] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf >> [21668] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf >> [21668] dbg: config: read file /usr/share/spamassassin/25_asn.cf >> [21668] dbg: config: read file >> /usr/share/spamassassin/25_body_tests_es.cf >> [21668] dbg: config: read file >> /usr/share/spamassassin/25_body_tests_pl.cf >> [21668] dbg: config: read file /usr/share/spamassassin/25_dcc.cf >> [21668] dbg: config: read file /usr/share/spamassassin/25_dkim.cf >> [21668] dbg: config: read file >> > /usr/share/spamassassin/25_domainkeys.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf >> [21668] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf >> [21668] dbg: config: read file /usr/share/spamassassin/25_razor2.cf >> [21668] dbg: config: read file /usr/share/spamassassin/25_replace.cf >> [21668] dbg: config: read file /usr/share/spamassassin/25_spf.cf >> [21668] dbg: config: read file /usr/share/spamassassin/25_textcat.cf >> [21668] dbg: config: read file /usr/share/spamassassin/25_uribl.cf >> [21668] dbg: config: read file /usr/share/spamassassin/30_text_de.cf >> [21668] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf >> [21668] dbg: config: read file /usr/share/spamassassin/30_text_it.cf >> [21668] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf >> [21668] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf >> [21668] dbg: config: read file >> > /usr/share/spamassassin/30_text_pt_br.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/50_scores.cf >> [21668] dbg: config: read file /usr/share/spamassassin/60_awl.cf >> [21668] dbg: config: read file >> /usr/share/spamassassin/60_shortcircuit.cf >> [21668] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf >> [21668] dbg: config: read file >> /usr/share/spamassassin/60_whitelist_dk.cf >> [21668] dbg: config: read file >> /usr/share/spamassassin/60_whitelist_dkim.cf >> [21668] dbg: config: read file >> /usr/share/spamassassin/60_whitelist_spf.cf >> [21668] dbg: config: read file >> /usr/share/spamassassin/60_whitelist_subject.cf >> [21668] dbg: config: read file /usr/share/spamassassin/72_active.cf >> [21668] dbg: config: using "/etc/mail/spamassassin" for site rules dir >> [21668] dbg: config: read file /etc/mail/spamassassin/local.cf >> [21668] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from >> @INC >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from >> @INC >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry >> from @INC >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from >> @INC >> [21668] dbg: razor2: razor2 is available, version 2.84 >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC >> [21668] dbg: dcc: network tests on, registering DCC >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from >> > @INC > >> [21668] dbg: pyzor: network tests on, attempting Pyzor >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from >> @INC >> [21668] dbg: razor2: razor2 is available, version 2.84 >> [21668] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::Razor2=HASH(0xb3cdb30), already registered >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from >> @INC >> [21668] dbg: reporter: network tests on, attempting SpamCop >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC >> [21668] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >> [21668] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader >> > from > >> @INC >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags >> from @INC >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry >> from @INC >> [21668] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xb823524), already >> registered >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC >> [21668] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::SPF=HASH(0xb7d3ed8), already registered >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from >> @INC >> [21668] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xb30a6a8), already >> > registered > >> config: configuration file "/usr/share/spamassassin/20_advance_fee.cf" >> requires version 3.001009 of SpamAssassin, but this is code version >> 3.002003. Maybe you need to use the -C switch, or remove the old >> > config > >> files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/20_advance_fee.cf" requires version 3.001009 >> > of > >> SpamAssassin, but this is code version 3.002003. Maybe you need to use >> the -C switch, or remove the old config files? Skipping this file >> config: configuration file "/usr/share/spamassassin/20_body_tests.cf" >> requires version 3.001009 of SpamAssassin, but this is code version >> 3.002003. Maybe you need to use the -C switch, or remove the old >> > config > >> files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/20_body_tests.cf" requires version 3.001009 >> > of > >> SpamAssassin, but this is code version 3.002003. Maybe you need to use >> the -C switch, or remove the old config files? Skipping this file >> config: configuration file "/usr/share/spamassassin/20_compensate.cf" >> requires version 3.001009 of SpamAssassin, but this is code version >> 3.002003. Maybe you need to use the -C switch, or remove the old >> > config > >> files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/20_compensate.cf" requires version 3.001009 >> > of > >> SpamAssassin, but this is code version 3.002003. Maybe you need to use >> the -C switch, or remove the old config files? Skipping this file >> config: configuration file "/usr/share/spamassassin/20_dnsbl_tests.cf" >> requires version 3.001009 of SpamAssassin, but this is code version >> 3.002003. Maybe you need to use the -C switch, or remove the old >> > config > >> files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/20_dnsbl_tests.cf" requires version 3.001009 >> > of > >> SpamAssassin, but this is code version 3.002003. Maybe you need to use >> the -C switch, or remove the old config files? Skipping this file >> config: configuration file "/usr/share/spamassassin/20_drugs.cf" >> requires version 3.001009 of SpamAssassin, but this is code version >> 3.002003. Maybe you need to use the -C switch, or remove the old >> > config > >> files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/20_drugs.cf" requires version 3.001009 of >> SpamAssassin, but this is code version 3.002003. Maybe you need to use >> the -C switch, or remove the old config files? Skipping this file >> config: configuration file >> "/usr/share/spamassassin/20_fake_helo_tests.cf" requires version >> 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you >> need to use the -C switch, or remove the old config files? Skipping >> > this > >> file at >> > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm > >> line 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/20_fake_helo_tests.cf" requires version >> 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you >> need to use the -C switch, or remove the old config files? Skipping >> > this > >> file >> config: configuration file "/usr/share/spamassassin/20_head_tests.cf" >> requires version 3.001009 of SpamAssassin, but this is code version >> 3.002003. Maybe you need to use the -C switch, or remove the old >> > config > >> files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/20_head_tests.cf" requires version 3.001009 >> > of > >> SpamAssassin, but this is code version 3.002003. Maybe you need to use >> the -C switch, or remove the old config files? Skipping this file >> config: configuration file "/usr/share/spamassassin/20_html_tests.cf" >> requires version 3.001009 of SpamAssassin, but this is code version >> 3.002003. Maybe you need to use the -C switch, or remove the old >> > config > >> files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/20_html_tests.cf" requires version 3.001009 >> > of > >> SpamAssassin, but this is code version 3.002003. Maybe you need to use >> the -C switch, or remove the old config files? Skipping this file >> config: configuration file "/usr/share/spamassassin/20_meta_tests.cf" >> requires version 3.001009 of SpamAssassin, but this is code version >> 3.002003. Maybe you need to use the -C switch, or remove the old >> > config > >> files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/20_meta_tests.cf" requires version 3.001009 >> > of > >> SpamAssassin, but this is code version 3.002003. Maybe you need to use >> the -C switch, or remove the old config files? Skipping this file >> config: configuration file "/usr/share/spamassassin/20_net_tests.cf" >> requires version 3.001009 of SpamAssassin, but this is code version >> 3.002003. Maybe you need to use the -C switch, or remove the old >> > config > >> files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/20_net_tests.cf" requires version 3.001009 of >> SpamAssassin, but this is code version 3.002003. Maybe you need to use >> the -C switch, or remove the old config files? Skipping this file >> config: configuration file "/usr/share/spamassassin/20_phrases.cf" >> requires version 3.001009 of SpamAssassin, but this is code version >> 3.002003. Maybe you need to use the -C switch, or remove the old >> > config > >> files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/20_phrases.cf" requires version 3.001009 of >> SpamAssassin, but this is code version 3.002003. Maybe you need to use >> the -C switch, or remove the old config files? Skipping this file >> config: configuration file "/usr/share/spamassassin/20_porn.cf" >> > requires > >> version 3.001009 of SpamAssassin, but this is code version 3.002003. >> Maybe you need to use the -C switch, or remove the old config files? >> Skipping this file at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/20_porn.cf" requires version 3.001009 of >> SpamAssassin, but this is code version 3.002003. Maybe you need to use >> the -C switch, or remove the old config files? Skipping this file >> config: configuration file "/usr/share/spamassassin/20_uri_tests.cf" >> requires version 3.001009 of SpamAssassin, but this is code version >> 3.002003. Maybe you need to use the -C switch, or remove the old >> > config > >> files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/20_uri_tests.cf" requires version 3.001009 of >> SpamAssassin, but this is code version 3.002003. Maybe you need to use >> the -C switch, or remove the old config files? Skipping this file >> config: configuration file "/usr/share/spamassassin/23_bayes.cf" >> requires version 3.001009 of SpamAssassin, but this is code version >> 3.002003. Maybe you need to use the -C switch, or remove the old >> > config > >> files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/23_bayes.cf" requires version 3.001009 of >> SpamAssassin, but this is code version 3.002003. Maybe you need to use >> the -C switch, or remove the old config files? Skipping this file >> config: 'uridnsbl_timeout' is obsolete, use 'rbl_timeout' instead at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/URIDNSBL.pm >> > line > >> 396. >> [21668] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA >> [21668] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E >> [21668] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E >> __MO_OL_F3B05 >> [21668] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 >> __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF >> __XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01 >> [21668] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA >> [21668] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: >> HS_SUBJ_NEW_SOFTWARE >> [21668] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A >> [21668] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 >> __MO_OL_CF0C0 >> [21668] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15 >> KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6 >> [21668] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C >> __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1 >> __XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8 >> [21668] dbg: rules: __XM_OL_5E7ED merged duplicates: __XM_OL_D03AB >> [21668] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 >> __MO_OL_ADFF7 >> [21668] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6 >> [21668] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB >> __MO_OL_7533E >> [21668] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40 >> [21668] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: __HAS_ANY_URI >> [21668] dbg: rules: __XM_OL_C7C33 merged duplicates: __XM_OL_C9068 >> __XM_OL_EF20B >> [21668] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E >> [21668] dbg: rules: __MO_OL_5E7ED merged duplicates: __MO_OL_C7C33 >> [21668] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8 >> [21668] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01 >> [21668] dbg: conf: finish parsing >> [21668] dbg: plugin: >> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xb8234a0) implements >> 'finish_parsing_end', priority 0 >> [21668] dbg: replacetags: replacing tags >> [21668] dbg: replacetags: done replacing tags >> [21668] dbg: bayes: no dbs present, cannot tie DB R/O: >> /root/.spamassassin/bayes_toks >> [21668] dbg: config: score set 1 chosen. >> [21668] dbg: message: main message type: text/plain >> [21668] dbg: message: ---- MIME PARSER START ---- >> [21668] dbg: message: parsing normal part >> [21668] dbg: message: ---- MIME PARSER END ---- >> [21668] dbg: bayes: no dbs present, cannot tie DB R/O: >> /root/.spamassassin/bayes_toks >> check: no loaded plugin implements 'check_main': cannot scan! at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line >> 164. >> >> I see some errors that tell me SA is looking for an older version? >> > And > >> this error at the end, I have no idea where to start there. >> >> Blaze King >> Lake County Office of Education >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> Martin.Hepworth >> Sent: Monday, September 24, 2007 1:04 AM >> To: MailScanner discussion >> Subject: RE: mailscanner restarts when using spamassassin >> >> Blaze >> >> What does "MailScanner --debug --debug-sa" give you? >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> > [mailto:mailscanner- > >>> bounces@lists.mailscanner.info] On Behalf Of Blaze King >>> Sent: 24 September 2007 04:55 >>> To: MailScanner discussion >>> Subject: RE: mailscanner restarts when using spamassassin >>> >>> An update: >>> >>> >>> >>> Sendmail is working fine now. (I had something wrong in the mc >>> > file). > >>> Now I've re-installed the tarball for ClamAV and SA and Mailscanner, >>> doesn't seem to make any difference. I also used my old >>> >> MailScanner.conf >> >>> from my old server (ver. 4.58). Nothing changes the results I was >>> >> finding >> >>> below. Spam Checks work, but SpamAssassin isn't. Also, forgot to >>> >> mention >> >>> previously, this is on CentOS 5. >>> >>> >>> >>> On top of that my MailWatch install has a feature I forgot how to >>> >> enable: >> >>> Viewing the message body. >>> >>> >>> >>> Any ideas on what I'm probably doing wrong? >>> >>> >>> >>> Blaze King >>> >>> blazek@lake-coe.k12.ca.us >>> >>> >>> >>> From: mailscanner-bounces@lists.mailscanner.info >>> > [mailto:mailscanner- > >>> bounces@lists.mailscanner.info] On Behalf Of Blaze King >>> Sent: Sunday, September 23, 2007 4:26 PM >>> To: mailscanner@lists.mailscanner.info >>> Subject: mailscanner restarts when using spamassassin >>> >>> >>> >>> Ok here's one that stumping me... >>> >>> >>> >>> This is a new installation... When I have "Use Spamassassin = yes" >>> > in > >>> MailScanner.conf, no messages are processed. When I set that to no, >>> >> then >> >>> everything works ok. spamassassin -D --lint doesn't produce any >>> >> errors. >> >>> Not sure if it's needed, but here's some background info: >>> >>> >>> >>> (also, as a note, I noticed while writing all this that sendmail is >>> >> giving >> >>> me some trouble... users can't send, but system messages and >>> > aliases > >> still >> >>> get sent... I don't know, maybe that's related) >>> >>> >>> >>> This is while installing onto a new server. Before installing >>> >> MailScanner >> >>> and because I was using MailWatch, I imported my old database into >>> >> mysql >> >>> on the new server. >>> >>> >>> >>> I followed the instructions in Quickinstall.txt: Installed >>> >>> > http://www.mailscanner.info/files/4/install-Clam-0.91.2-SA-3.2.3.tar.gz, > >>> then installed MailScanner version 4.63.8-1 (also tried latest >>> > beta), > >>> upgraded conf file. After starting MailScanner, I see this in the >>> maillog: >>> >>> >>> >>> This is with Spam Checks = Yes and Use Spamassassin = yes >>> >>> >>> >>> Sep 23 11:22:21 mail MailScanner[28810]: MailScanner E-Mail Virus >>> >> Scanner >> >>> version 4.64.1 starting... >>> Sep 23 11:22:21 mail MailScanner[28810]: Read 797 hostnames from the >>> phishing whitelist >>> Sep 23 11:22:21 mail MailScanner[28810]: Read 1728 hostnames from >>> > the > >>> phishing blacklist >>> Sep 23 11:22:21 mail MailScanner[28810]: Config: calling custom init >>> function MailWatchLogging >>> Sep 23 11:22:21 mail MailScanner[28810]: Started SQL Logging child >>> Sep 23 11:22:21 mail MailScanner[28810]: SpamAssassin temporary >>> >> working >> >>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp >>> Sep 23 11:22:21 mail MailScanner[28810]: Using SpamAssassin results >>> >> cache >> >>> Sep 23 11:22:21 mail MailScanner[28810]: Connected to SpamAssassin >>> >> cache >> >>> database >>> Sep 23 11:22:26 mail MailScanner[28819]: MailScanner E-Mail Virus >>> >> Scanner >> >>> version 4.64.1 starting... >>> Sep 23 11:22:26 mail MailScanner[28819]: Read 797 hostnames from the >>> phishing whitelist >>> Sep 23 11:22:26 mail MailScanner[28819]: Read 1728 hostnames from >>> > the > >>> phishing blacklist >>> Sep 23 11:22:26 mail MailScanner[28819]: Config: calling custom init >>> function MailWatchLogging >>> Sep 23 11:22:26 mail MailScanner[28819]: Started SQL Logging child >>> Sep 23 11:22:26 mail MailScanner[28819]: SpamAssassin temporary >>> >> working >> >>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp >>> Sep 23 11:22:26 mail MailScanner[28819]: Using SpamAssassin results >>> >> cache >> >>> Sep 23 11:22:26 mail MailScanner[28819]: Connected to SpamAssassin >>> >> cache >> >>> database >>> Sep 23 11:22:31 mail MailScanner[28822]: MailScanner E-Mail Virus >>> >> Scanner >> >>> version 4.64.1 starting... >>> Sep 23 11:22:31 mail MailScanner[28822]: Read 797 hostnames from the >>> phishing whitelist >>> Sep 23 11:22:31 mail MailScanner[28822]: Read 1728 hostnames from >>> > the > >>> phishing blacklist >>> Sep 23 11:22:31 mail MailScanner[28822]: Config: calling custom init >>> function MailWatchLogging >>> Sep 23 11:22:31 mail MailScanner[28822]: Started SQL Logging child >>> Sep 23 11:22:31 mail MailScanner[28822]: SpamAssassin temporary >>> >> working >> >>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp >>> Sep 23 11:22:31 mail MailScanner[28822]: Using SpamAssassin results >>> >> cache >> >>> Sep 23 11:22:31 mail MailScanner[28822]: Connected to SpamAssassin >>> >> cache >> >>> database >>> >>> (repeats over and over, same thing) >>> >>> >>> >>> Here's Spam Checks = Yes and Use Spamassassin = No >>> >>> >>> >>> Sep 23 11:24:42 mail MailScanner[29127]: MailScanner E-Mail Virus >>> >> Scanner >> >>> version 4.64.1 starting... >>> Sep 23 11:24:42 mail MailScanner[29127]: Read 797 hostnames from the >>> phishing whitelist >>> Sep 23 11:24:42 mail MailScanner[29127]: Read 1728 hostnames from >>> > the > >>> phishing blacklist >>> Sep 23 11:24:42 mail MailScanner[29127]: Config: calling custom init >>> function MailWatchLogging >>> Sep 23 11:24:42 mail MailScanner[29127]: Started SQL Logging child >>> Sep 23 11:24:42 mail MailScanner[29127]: SpamAssassin temporary >>> >> working >> >>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp >>> Sep 23 11:24:42 mail MailScanner[29127]: Using locktype = posix >>> Sep 23 11:24:42 mail MailScanner[29127]: Creating hardcoded >>> >> struct_flock >> >>> subroutine for linux (Linux-type) >>> Sep 23 11:25:19 mail MailScanner[29124]: New Batch: Scanning 1 >>> >> messages, >> >>> 1520 bytes >>> Sep 23 11:25:20 mail MailScanner[29124]: Spam Checks: Found 1 spam >>> messages >>> Sep 23 11:25:20 mail MailScanner[29124]: Virus and Content Scanning: >>> Starting >>> Sep 23 11:25:22 mail MailScanner[29124]: Uninfected: Delivered 1 >>> >> messages >> >>> Sep 23 11:25:22 mail MailScanner[29124]: Logging message >>> >> l8NIPI9f029181 to >> >>> SQL >>> Sep 23 11:25:22 mail MailScanner[29091]: l8NIPI9f029181: Logged to >>> MailWatch SQL >>> >>> (seems to work ok without spamassassin) >>> >>> >>> >>> >>> >>> Any ideas? Thanks! >>> >>> >>> >>> Blaze King >>> >>> Lake County Office of Education >>> >>> (707) 262-4147 >>> >>> >>> >> >> >> >> ********************************************************************** >> Confidentiality : This e-mail and any attachments are intended for the >> addressee only and may be confidential. If they come to you in error >> you must take no action based on them, nor must you copy or show them >> to anyone. Please advise the sender by replying to this e-mail >> immediately and then delete the original from your computer. >> Opinion : Any opinions expressed in this e-mail are entirely those of >> the author and unless specifically stated to the contrary, are not >> necessarily those of the author's employer. >> Security Warning : Internet e-mail is not necessarily a secure >> communications medium and can be subject to data corruption. We advise >> that you consider this fact when e-mailing us. >> Viruses : We have taken steps to ensure that this e-mail and any >> attachments are free from known viruses but in keeping with good >> computing practice, you should ensure that they are virus free. >> >> Red Lion 49 Ltd T/A Solid State Logic >> Registered as a limited company in England and Wales >> (Company No:5362730) >> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >> United Kingdom >> ********************************************************************** >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From stork at openenterprise.ca Mon Sep 24 19:01:55 2007 From: stork at openenterprise.ca (Johnny Stork) Date: Mon Sep 24 19:01:59 2007 Subject: Second AV Scanner Suggestions In-Reply-To: <200709241357.01840.dyioulos@firstbhph.com> References: <200709241357.01840.dyioulos@firstbhph.com> Message-ID: <46F7FB93.4050703@openenterprise.ca> Thanks to everyone that has responded. I went with BitDefender. Now how can I confirm it is actually being used? I updated "Virus Scanners = clamd bitdefender" but how do I know its being used? Dimitri Yioulos wrote: > On Monday 24 September 2007 1:47 pm, Gareth wrote: > >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Dimitri >>> Yioulos >>> Sent: 24 September 2007 18:34 >>> To: MailScanner discussion >>> Subject: Re: Second AV Scanner Suggestions >>> >>> On Monday 24 September 2007 1:11 pm, Matt Kettler wrote: >>> >>>> Gareth wrote: >>>> >>>>>> Personally, I'd recommend bitdefender as a second AV engine. Last >>>>>> I checked they >>>>>> had a free linux command-line scanner that MS can use. >>>>>> >>>>> Unfortunetly the new release has a different license and is no longer >>>>> free. >>>>> >>>> Ahh, I see you are correct. It's now free for "personal use >>>> >>> only" (ie: home >>> >>> >>>> use). No commercial or business use is allowed for free anymore. >>>> >>>> >>>> See also: >>>> >>> http://download.bitdefender.com/SMB/Workstation_Security_and_Manag >>> ement/Bit >>> >>> >>>> Defender_Antivirus_Scanner_for_Unices/Unix/Current/EN/Version_7.x >>>> >>> /Linux/EULA >>> >>> >>> http://www.bitdefender.com/site/Buy/description/39/BitDefender-Ant >>> ivirus-Sc >>> >>> >>>> anner-for-Unices.html >>>> >>>> -- >>>> >>> Does that license now apply to the once-available console version? >>> >> They cant change the version after the fact so no it doesnt. I expect they >> will stop supporting and making signatures for the old version at some >> point though. >> >> > > Bummer. > > From MailScanner at ecs.soton.ac.uk Mon Sep 24 19:03:59 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 24 19:04:15 2007 Subject: Second AV Scanner Suggestions In-Reply-To: <46F7E5DD.1070607@openenterprise.ca> References: <46F7E5DD.1070607@openenterprise.ca> Message-ID: <46F7FC0F.20703@ecs.soton.ac.uk> My personal preferences are for f-prot and sophos, as I always run 3 to be on the safe side. But they do cost money. But there again, the total solution is still much, much cheaper than paying someone like MessageLabs or Ironport for their solutions to the problem. Once you have installed other scanners, be sure to MailScanner --lint to be sure your scanners are all being called successfully. You should get a report from each of your installed scanners. My supplied virus.scanners.conf file is set ready for each of the virus scanners if you install them to their default location, as dictated by their own installers. If you install them elsewhere, you will need to tweak your /etc/MailScanner/virus.scanners.conf. The output of "MailScanner --lint" will clearly show you if you have the settings correct. You should *not* edit the -wrapper or -autoupdate scripts, the only changes needed are in virus.scanners.conf. Jules. Johnny Stork wrote: > I just went through a clean re-install of MS/SA etc and thought I > might like to add a second scanner beyond clamav. What would most > people suggest for a second av engine, maybe amavisd?. Are there any > tips/howtos on setting up some of these other engines? > > > -- > *Johnny Stork* > Business & Technology Consultant > stork@openenterprise.ca > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From Kevin_Miller at ci.juneau.ak.us Mon Sep 24 19:08:36 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Sep 24 19:08:09 2007 Subject: Second AV Scanner Suggestions In-Reply-To: <46F7FB93.4050703@openenterprise.ca> References: <200709241357.01840.dyioulos@firstbhph.com> <46F7FB93.4050703@openenterprise.ca> Message-ID: Johnny Stork wrote: > Thanks to everyone that has responded. I went with BitDefender. > > Now how can I confirm it is actually being used? I updated "Virus > Scanners = clamd bitdefender" but how do I know its being used? > > Dimitri Yioulos wrote: Send yourself the eicar test pattern. Both clam and bitdefender should tag it... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From MailScanner at ecs.soton.ac.uk Mon Sep 24 19:13:49 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 24 19:14:16 2007 Subject: Second AV Scanner Suggestions In-Reply-To: <46F7FB93.4050703@openenterprise.ca> References: <200709241357.01840.dyioulos@firstbhph.com> <46F7FB93.4050703@openenterprise.ca> Message-ID: <46F7FE5D.4060607@ecs.soton.ac.uk> Johnny Stork wrote: > Thanks to everyone that has responded. I went with BitDefender. > > Now how can I confirm it is actually being used? I updated "Virus > Scanners = clamd bitdefender" but how do I know its being used? MailScanner --lint > > Dimitri Yioulos wrote: >> On Monday 24 September 2007 1:47 pm, Gareth wrote: >> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of >>>> Dimitri >>>> Yioulos >>>> Sent: 24 September 2007 18:34 >>>> To: MailScanner discussion >>>> Subject: Re: Second AV Scanner Suggestions >>>> >>>> On Monday 24 September 2007 1:11 pm, Matt Kettler wrote: >>>> >>>>> Gareth wrote: >>>>> >>>>>>> Personally, I'd recommend bitdefender as a second AV engine. Last >>>>>>> I checked they >>>>>>> had a free linux command-line scanner that MS can use. >>>>>>> >>>>>> Unfortunetly the new release has a different license and is no >>>>>> longer >>>>>> free. >>>>>> >>>>> Ahh, I see you are correct. It's now free for "personal use >>>>> >>>> only" (ie: home >>>> >>>> >>>>> use). No commercial or business use is allowed for free anymore. >>>>> >>>>> >>>>> See also: >>>>> >>>> http://download.bitdefender.com/SMB/Workstation_Security_and_Manag >>>> ement/Bit >>>> >>>> >>>>> Defender_Antivirus_Scanner_for_Unices/Unix/Current/EN/Version_7.x >>>>> >>>> /Linux/EULA >>>> >>>> >>>> http://www.bitdefender.com/site/Buy/description/39/BitDefender-Ant >>>> ivirus-Sc >>>> >>>> >>>>> anner-for-Unices.html >>>>> >>>>> -- >>>>> >>>> Does that license now apply to the once-available console version? >>>> >>> They cant change the version after the fact so no it doesnt. I >>> expect they >>> will stop supporting and making signatures for the old version at some >>> point though. >>> >>> >> >> Bummer. >> >> > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From glenn.steen at gmail.com Mon Sep 24 19:17:28 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Sep 24 19:17:30 2007 Subject: Second AV Scanner Suggestions In-Reply-To: <46F7FB93.4050703@openenterprise.ca> References: <200709241357.01840.dyioulos@firstbhph.com> <46F7FB93.4050703@openenterprise.ca> Message-ID: <223f97700709241117hb1d8f45n76443671e2e03d78@mail.gmail.com> On 24/09/2007, Johnny Stork wrote: > Thanks to everyone that has responded. I went with BitDefender. > > Now how can I confirm it is actually being used? I updated "Virus > Scanners = clamd bitdefender" but how do I know its being used? > MailScanner --lint ... if you have a reasonably fresh install of MS, that will do a test run with EICAR for all your defined scanners. If I'd choose anything extra ATM, I would be a bit ... hesitant... about BitDefender. It is a tad "fat" on resources. It does do a good job (I've been happy with BDC, ClamAV and McAfee (which we have "for free" by way of our site license), each has taken turn in "getting at the bad stuff", don't get me wrong), but ... the new version needs support (I've been away for a while, haven't checked the latest beta of MS... might be there:) in MS... It installs to a new location and has renamed the scanner from bdc to bdscanner... and maybe more... I'd look elsewhere... f-prot, f-secure ... there are a lot of scanners out there that do an OK job. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Mon Sep 24 19:24:43 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 24 19:25:01 2007 Subject: Second AV Scanner Suggestions In-Reply-To: References: <200709241357.01840.dyioulos@firstbhph.com> <46F7FB93.4050703@openenterprise.ca> Message-ID: <46F800EB.80604@ecs.soton.ac.uk> Kevin Miller wrote: > Johnny Stork wrote: > >> Thanks to everyone that has responded. I went with BitDefender. >> >> Now how can I confirm it is actually being used? I updated "Virus >> Scanners = clamd bitdefender" but how do I know its being used? >> >> Dimitri Yioulos wrote: >> > > Send yourself the eicar test pattern. Both clam and bitdefender should > tag it... > That's effectively what "MailScanner --lint" does. It contains a copy of a fake email message with the Eicar test pattern in it, suitably encoded so that no scanner will ever find it hidden in the MailScanner code, so you can perform a real test while still ensuring that MailScanner itself won't get caught by any virus scanners. Apparently, Amavis (I think that's what it was) used to try to do this, but didn't hide the Eicar copy well enough and it triggered virus scanners making it impossible to download and install on many sites. Talk about shooting yourself in the foot! :-) Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Mon Sep 24 19:29:29 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 24 19:30:05 2007 Subject: Second AV Scanner Suggestions In-Reply-To: <223f97700709241117hb1d8f45n76443671e2e03d78@mail.gmail.com> References: <200709241357.01840.dyioulos@firstbhph.com> <46F7FB93.4050703@openenterprise.ca> <223f97700709241117hb1d8f45n76443671e2e03d78@mail.gmail.com> Message-ID: <46F80209.7020508@ecs.soton.ac.uk> Glenn Steen wrote: > On 24/09/2007, Johnny Stork wrote: > >> Thanks to everyone that has responded. I went with BitDefender. >> >> Now how can I confirm it is actually being used? I updated "Virus >> Scanners = clamd bitdefender" but how do I know its being used? >> >> > MailScanner --lint > ... if you have a reasonably fresh install of MS, that will do a test > run with EICAR for all your defined scanners. > > If I'd choose anything extra ATM, I would be a bit ... hesitant... > about BitDefender. It is a tad "fat" on resources. It does do a good > job (I've been happy with BDC, ClamAV and McAfee (which we have "for > free" by way of our site license), each has taken turn in "getting at > the bad stuff", don't get me wrong), but ... the new version needs > support (I've been away for a while, haven't checked the latest beta > of MS... might be there:) in MS... It installs to a new location and > has renamed the scanner from bdc to bdscanner... and maybe more... > What changes do you think I need to make to the distribution? I didn't know about this. > I'd look elsewhere... f-prot, f-secure ... there are a lot of scanners > out there that do an OK job. > One of the reasons I like f-prot is that it is very light on resources and is very fast. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From stork at openenterprise.ca Mon Sep 24 19:30:37 2007 From: stork at openenterprise.ca (Johnny Stork) Date: Mon Sep 24 19:30:40 2007 Subject: Second AV Scanner Suggestions In-Reply-To: <46F7FC0F.20703@ecs.soton.ac.uk> References: <46F7E5DD.1070607@openenterprise.ca> <46F7FC0F.20703@ecs.soton.ac.uk> Message-ID: <46F8024D.3090008@openenterprise.ca> Thanks Julian. Below is my lint test and it appears that the bitdefender scanner is not found. I downloaded and installed BD from "BitDefender-scanner-7.5-4.linux-gcc3x.i586.rpm.run" and seems to put the scanner here. [root@gateway MailScanner]# whereis bdscan bdscan: /usr/bin/bdscan /opt/BitDefender-scanner/bin/bdscan So I updated virus.scanners.conf. to show "bitdefender /usr/lib/MailScanner/bitdefender-wrapper /opt/BitDefender-scanner" Mailscanner Lint Test: [root@gateway MailScanner]# MailScanner --lint Checking version numbers... Version number in MailScanner.conf (4.63.8) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamd bitdefender" Found these virus scanners installed: clamavmodule =========================================================================== Ignore errors about failing to find EOCD signature format error: can't find EOCD signature at /usr/sbin/MailScanner line 458 cat: /tmp/log.bdc.351: No such file or directory rm: cannot remove `/tmp/log.bdc.351': No such file or directory =========================================================================== If any of your virus scanners (clamavmodule) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Julian Field wrote: > My personal preferences are for f-prot and sophos, as I always run 3 > to be on the safe side. But they do cost money. But there again, the > total solution is still much, much cheaper than paying someone like > MessageLabs or Ironport for their solutions to the problem. > > Once you have installed other scanners, be sure to > MailScanner --lint > to be sure your scanners are all being called successfully. You should > get a report from each of your installed scanners. > > My supplied virus.scanners.conf file is set ready for each of the > virus scanners if you install them to their default location, as > dictated by their own installers. If you install them elsewhere, you > will need to tweak your /etc/MailScanner/virus.scanners.conf. The > output of "MailScanner --lint" will clearly show you if you have the > settings correct. > > You should *not* edit the -wrapper or -autoupdate scripts, the only > changes needed are in virus.scanners.conf. > > Jules. > > Johnny Stork wrote: >> I just went through a clean re-install of MS/SA etc and thought I >> might like to add a second scanner beyond clamav. What would most >> people suggest for a second av engine, maybe amavisd?. Are there any >> tips/howtos on setting up some of these other engines? >> >> >> -- >> *Johnny Stork* >> Business & Technology Consultant >> stork@openenterprise.ca >> > > Jules > -- *Johnny Stork* Business & Technology Consultant stork@openenterprise.ca From rgreen at trayerproducts.com Mon Sep 24 19:43:34 2007 From: rgreen at trayerproducts.com (Rodney Green) Date: Mon Sep 24 19:43:38 2007 Subject: MailScanner and the postfix hold queue Message-ID: <31e7748d0709241143k285723fald325504b4106b6cd@mail.gmail.com> Hello, Has anyone using postfix and MailScanner investigated using the smtpd_data_restrictions postfix config parameter to hold incoming e-mail? This would be used instead of placing the HOLD statement in the header_checks config file. smtpd_data_restrictions = permit_mynetworks check_client_access static:HOLD The above would allow local mail from internal clients to bypass MailScanner, I think. Anything else would be put in the HOLD queue for MailScanner to scan. Any thoughts on this? Thanks, Rod -- "A computer once beat me at chess, but it was no match for me at kick boxing." - Emo Philips From ssilva at sgvwater.com Mon Sep 24 20:00:46 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Sep 24 20:01:14 2007 Subject: Second AV Scanner Suggestions In-Reply-To: <46F8024D.3090008@openenterprise.ca> References: <46F7E5DD.1070607@openenterprise.ca> <46F7FC0F.20703@ecs.soton.ac.uk> <46F8024D.3090008@openenterprise.ca> Message-ID: Johnny Stork spake the following on 9/24/2007 11:30 AM: > Thanks Julian. Below is my lint test and it appears that the bitdefender > scanner is not found. I downloaded and installed BD from > "BitDefender-scanner-7.5-4.linux-gcc3x.i586.rpm.run" and seems to put > the scanner here. > > [root@gateway MailScanner]# whereis bdscan > bdscan: /usr/bin/bdscan /opt/BitDefender-scanner/bin/bdscan > > > So I updated virus.scanners.conf. to show > > "bitdefender /usr/lib/MailScanner/bitdefender-wrapper > /opt/BitDefender-scanner" > > > Mailscanner Lint Test: > > [root@gateway MailScanner]# MailScanner --lint > Checking version numbers... > Version number in MailScanner.conf (4.63.8) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin reported no errors. > MailScanner.conf says "Virus Scanners = clamd bitdefender" > Found these virus scanners installed: clamavmodule > =========================================================================== > Ignore errors about failing to find EOCD signature > format error: can't find EOCD signature > at /usr/sbin/MailScanner line 458 > cat: /tmp/log.bdc.351: No such file or directory > rm: cannot remove `/tmp/log.bdc.351': No such file or directory > =========================================================================== > > If any of your virus scanners (clamavmodule) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its virus.scanners.conf. > MailScanner support was written for bitdefender 7.0 and 7.1. I think it might need an update for the new version. Also, I think the new version is not free except for personal use, and needs a license file to run past the demo time. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Sep 24 20:03:21 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Sep 24 20:05:08 2007 Subject: MailScanner and the postfix hold queue In-Reply-To: <31e7748d0709241143k285723fald325504b4106b6cd@mail.gmail.com> References: <31e7748d0709241143k285723fald325504b4106b6cd@mail.gmail.com> Message-ID: Rodney Green spake the following on 9/24/2007 11:43 AM: > Hello, > > Has anyone using postfix and MailScanner investigated using the > smtpd_data_restrictions postfix config parameter to hold incoming > e-mail? This would be used instead of placing the HOLD statement in > the header_checks config file. > > > smtpd_data_restrictions = > permit_mynetworks > check_client_access static:HOLD > > The above would allow local mail from internal clients to bypass > MailScanner, I think. Anything > else would be put in the HOLD queue for MailScanner to scan. > > Any thoughts on this? > > Thanks, > Rod > Internal clients can get infected also, and you probably are not wise to exempt them from scanning. You would be amazed at how hard someone will try to get something they think they want or they think is OK even if I.T. says no. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From blazek at lake-coe.k12.ca.us Mon Sep 24 20:11:55 2007 From: blazek at lake-coe.k12.ca.us (Blaze King) Date: Mon Sep 24 20:11:22 2007 Subject: i screwed spamassassin In-Reply-To: <46F7FA87.8000006@ecs.soton.ac.uk> References: <08e3e91c8f20c44bac27b8419e76641c@solidstatelogic.com> <46F7FA87.8000006@ecs.soton.ac.uk> Message-ID: Changed the subject per Julian's comment. So that was it. I must have copied something wrong... Well now I notice I don't have a 50_scores.cf in /usr/share/spamassassin. So spamassassin is working, but obviously is missing the majority of its scoring. I copied 50_scores.cf from my old config to the new spot, but spamassassin isn't looking for it. Blaze King Director of Technology Lake County Office of Education (707) 262-4147 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Monday, September 24, 2007 10:57 AM To: MailScanner discussion Subject: Re: mailscanner restarts when using spamassassin Blaze King wrote: > Yum must have automatically updated SA from the initial install... Ok I > removed that, re-installed Julian's script for Clam and SA, and now when > I debug this is what I see: > > check: no loaded plugin implements 'check_main': cannot scan! at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line > 164. > You have screwed your /etc/mail/spamassassin/*.pre files. The following lines must appear in v320.pre, as well as a whole load of other loadplugin lines: # Check - Provides main check functionality # loadplugin Mail::SpamAssassin::Plugin::Check Otherwise SpamAssassin won't actually do anything! > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Martin.Hepworth > Sent: Monday, September 24, 2007 8:55 AM > To: MailScanner discussion > Subject: RE: mailscanner restarts when using spamassassin > > Blaze > > Looks like you got 2 different spamassassins installed and MailScanner > is looking for an 'old' one. > > I'd say you 'upgraded' SA using a different method to how you originally > installed it.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Blaze King >> Sent: 24 September 2007 16:37 >> To: MailScanner discussion >> Subject: RE: mailscanner restarts when using spamassassin >> >> Here's what the debug gives me: >> >> [root@mail ~]# MailScanner --debug --debug-sa >> In Debugging mode, not forking... >> SpamAssassin temp dir = >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >> [21668] dbg: logger: adding facilities: all >> [21668] dbg: logger: logging level is DBG >> [21668] dbg: generic: SpamAssassin version 3.2.3 >> [21668] dbg: config: score set 0 chosen. >> [21668] dbg: util: running in taint mode? no >> [21668] dbg: dns: is Net::DNS::Resolver available? yes >> [21668] dbg: dns: Net::DNS version: 0.60 >> [21668] dbg: ignore: test message to precompile patterns and load >> modules >> [21668] dbg: config: using "/etc/mail/spamassassin" for site rules pre >> files >> [21668] dbg: config: read file /etc/mail/spamassassin/init.pre >> [21668] dbg: config: read file /etc/mail/spamassassin/v310.pre >> [21668] dbg: config: read file /etc/mail/spamassassin/v312.pre >> [21668] dbg: config: using "/usr/share/spamassassin" for sys rules pre >> files >> [21668] dbg: config: using "/usr/share/spamassassin" for default rules >> dir >> [21668] dbg: config: read file >> /usr/share/spamassassin/10_default_prefs.cf >> [21668] dbg: config: read file /usr/share/spamassassin/10_misc.cf >> [21668] dbg: config: read file >> > /usr/share/spamassassin/20_advance_fee.cf > >> [21668] dbg: config: read file >> /usr/share/spamassassin/20_anti_ratware.cf >> [21668] dbg: config: read file >> > /usr/share/spamassassin/20_body_tests.cf > >> [21668] dbg: config: read file >> > /usr/share/spamassassin/20_compensate.cf > >> [21668] dbg: config: read file >> > /usr/share/spamassassin/20_dnsbl_tests.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/20_drugs.cf >> [21668] dbg: config: read file /usr/share/spamassassin/20_dynrdns.cf >> [21668] dbg: config: read file >> /usr/share/spamassassin/20_fake_helo_tests.cf >> [21668] dbg: config: read file >> > /usr/share/spamassassin/20_head_tests.cf > >> [21668] dbg: config: read file >> > /usr/share/spamassassin/20_html_tests.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/20_imageinfo.cf >> [21668] dbg: config: read file >> > /usr/share/spamassassin/20_meta_tests.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf >> [21668] dbg: config: read file /usr/share/spamassassin/20_phrases.cf >> [21668] dbg: config: read file /usr/share/spamassassin/20_porn.cf >> [21668] dbg: config: read file /usr/share/spamassassin/20_ratware.cf >> [21668] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf >> [21668] dbg: config: read file /usr/share/spamassassin/20_vbounce.cf >> [21668] dbg: config: read file /usr/share/spamassassin/23_bayes.cf >> [21668] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf >> [21668] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf >> [21668] dbg: config: read file /usr/share/spamassassin/25_asn.cf >> [21668] dbg: config: read file >> /usr/share/spamassassin/25_body_tests_es.cf >> [21668] dbg: config: read file >> /usr/share/spamassassin/25_body_tests_pl.cf >> [21668] dbg: config: read file /usr/share/spamassassin/25_dcc.cf >> [21668] dbg: config: read file /usr/share/spamassassin/25_dkim.cf >> [21668] dbg: config: read file >> > /usr/share/spamassassin/25_domainkeys.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf >> [21668] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf >> [21668] dbg: config: read file /usr/share/spamassassin/25_razor2.cf >> [21668] dbg: config: read file /usr/share/spamassassin/25_replace.cf >> [21668] dbg: config: read file /usr/share/spamassassin/25_spf.cf >> [21668] dbg: config: read file /usr/share/spamassassin/25_textcat.cf >> [21668] dbg: config: read file /usr/share/spamassassin/25_uribl.cf >> [21668] dbg: config: read file /usr/share/spamassassin/30_text_de.cf >> [21668] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf >> [21668] dbg: config: read file /usr/share/spamassassin/30_text_it.cf >> [21668] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf >> [21668] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf >> [21668] dbg: config: read file >> > /usr/share/spamassassin/30_text_pt_br.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/50_scores.cf >> [21668] dbg: config: read file /usr/share/spamassassin/60_awl.cf >> [21668] dbg: config: read file >> /usr/share/spamassassin/60_shortcircuit.cf >> [21668] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf >> [21668] dbg: config: read file >> /usr/share/spamassassin/60_whitelist_dk.cf >> [21668] dbg: config: read file >> /usr/share/spamassassin/60_whitelist_dkim.cf >> [21668] dbg: config: read file >> /usr/share/spamassassin/60_whitelist_spf.cf >> [21668] dbg: config: read file >> /usr/share/spamassassin/60_whitelist_subject.cf >> [21668] dbg: config: read file /usr/share/spamassassin/72_active.cf >> [21668] dbg: config: using "/etc/mail/spamassassin" for site rules dir >> [21668] dbg: config: read file /etc/mail/spamassassin/local.cf >> [21668] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from >> @INC >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from >> @INC >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry >> from @INC >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from >> @INC >> [21668] dbg: razor2: razor2 is available, version 2.84 >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC >> [21668] dbg: dcc: network tests on, registering DCC >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from >> > @INC > >> [21668] dbg: pyzor: network tests on, attempting Pyzor >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from >> @INC >> [21668] dbg: razor2: razor2 is available, version 2.84 >> [21668] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::Razor2=HASH(0xb3cdb30), already registered >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from >> @INC >> [21668] dbg: reporter: network tests on, attempting SpamCop >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC >> [21668] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >> [21668] dbg: plugin: loading >> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader >> > from > >> @INC >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags >> from @INC >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry >> from @INC >> [21668] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xb823524), already >> registered >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC >> [21668] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::SPF=HASH(0xb7d3ed8), already registered >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from >> @INC >> [21668] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xb30a6a8), already >> > registered > >> config: configuration file "/usr/share/spamassassin/20_advance_fee.cf" >> requires version 3.001009 of SpamAssassin, but this is code version >> 3.002003. Maybe you need to use the -C switch, or remove the old >> > config > >> files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/20_advance_fee.cf" requires version 3.001009 >> > of > >> SpamAssassin, but this is code version 3.002003. Maybe you need to use >> the -C switch, or remove the old config files? Skipping this file >> config: configuration file "/usr/share/spamassassin/20_body_tests.cf" >> requires version 3.001009 of SpamAssassin, but this is code version >> 3.002003. Maybe you need to use the -C switch, or remove the old >> > config > >> files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/20_body_tests.cf" requires version 3.001009 >> > of > >> SpamAssassin, but this is code version 3.002003. Maybe you need to use >> the -C switch, or remove the old config files? Skipping this file >> config: configuration file "/usr/share/spamassassin/20_compensate.cf" >> requires version 3.001009 of SpamAssassin, but this is code version >> 3.002003. Maybe you need to use the -C switch, or remove the old >> > config > >> files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/20_compensate.cf" requires version 3.001009 >> > of > >> SpamAssassin, but this is code version 3.002003. Maybe you need to use >> the -C switch, or remove the old config files? Skipping this file >> config: configuration file "/usr/share/spamassassin/20_dnsbl_tests.cf" >> requires version 3.001009 of SpamAssassin, but this is code version >> 3.002003. Maybe you need to use the -C switch, or remove the old >> > config > >> files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/20_dnsbl_tests.cf" requires version 3.001009 >> > of > >> SpamAssassin, but this is code version 3.002003. Maybe you need to use >> the -C switch, or remove the old config files? Skipping this file >> config: configuration file "/usr/share/spamassassin/20_drugs.cf" >> requires version 3.001009 of SpamAssassin, but this is code version >> 3.002003. Maybe you need to use the -C switch, or remove the old >> > config > >> files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/20_drugs.cf" requires version 3.001009 of >> SpamAssassin, but this is code version 3.002003. Maybe you need to use >> the -C switch, or remove the old config files? Skipping this file >> config: configuration file >> "/usr/share/spamassassin/20_fake_helo_tests.cf" requires version >> 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you >> need to use the -C switch, or remove the old config files? Skipping >> > this > >> file at >> > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm > >> line 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/20_fake_helo_tests.cf" requires version >> 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe you >> need to use the -C switch, or remove the old config files? Skipping >> > this > >> file >> config: configuration file "/usr/share/spamassassin/20_head_tests.cf" >> requires version 3.001009 of SpamAssassin, but this is code version >> 3.002003. Maybe you need to use the -C switch, or remove the old >> > config > >> files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/20_head_tests.cf" requires version 3.001009 >> > of > >> SpamAssassin, but this is code version 3.002003. Maybe you need to use >> the -C switch, or remove the old config files? Skipping this file >> config: configuration file "/usr/share/spamassassin/20_html_tests.cf" >> requires version 3.001009 of SpamAssassin, but this is code version >> 3.002003. Maybe you need to use the -C switch, or remove the old >> > config > >> files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/20_html_tests.cf" requires version 3.001009 >> > of > >> SpamAssassin, but this is code version 3.002003. Maybe you need to use >> the -C switch, or remove the old config files? Skipping this file >> config: configuration file "/usr/share/spamassassin/20_meta_tests.cf" >> requires version 3.001009 of SpamAssassin, but this is code version >> 3.002003. Maybe you need to use the -C switch, or remove the old >> > config > >> files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/20_meta_tests.cf" requires version 3.001009 >> > of > >> SpamAssassin, but this is code version 3.002003. Maybe you need to use >> the -C switch, or remove the old config files? Skipping this file >> config: configuration file "/usr/share/spamassassin/20_net_tests.cf" >> requires version 3.001009 of SpamAssassin, but this is code version >> 3.002003. Maybe you need to use the -C switch, or remove the old >> > config > >> files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/20_net_tests.cf" requires version 3.001009 of >> SpamAssassin, but this is code version 3.002003. Maybe you need to use >> the -C switch, or remove the old config files? Skipping this file >> config: configuration file "/usr/share/spamassassin/20_phrases.cf" >> requires version 3.001009 of SpamAssassin, but this is code version >> 3.002003. Maybe you need to use the -C switch, or remove the old >> > config > >> files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/20_phrases.cf" requires version 3.001009 of >> SpamAssassin, but this is code version 3.002003. Maybe you need to use >> the -C switch, or remove the old config files? Skipping this file >> config: configuration file "/usr/share/spamassassin/20_porn.cf" >> > requires > >> version 3.001009 of SpamAssassin, but this is code version 3.002003. >> Maybe you need to use the -C switch, or remove the old config files? >> Skipping this file at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/20_porn.cf" requires version 3.001009 of >> SpamAssassin, but this is code version 3.002003. Maybe you need to use >> the -C switch, or remove the old config files? Skipping this file >> config: configuration file "/usr/share/spamassassin/20_uri_tests.cf" >> requires version 3.001009 of SpamAssassin, but this is code version >> 3.002003. Maybe you need to use the -C switch, or remove the old >> > config > >> files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/20_uri_tests.cf" requires version 3.001009 of >> SpamAssassin, but this is code version 3.002003. Maybe you need to use >> the -C switch, or remove the old config files? Skipping this file >> config: configuration file "/usr/share/spamassassin/23_bayes.cf" >> requires version 3.001009 of SpamAssassin, but this is code version >> 3.002003. Maybe you need to use the -C switch, or remove the old >> > config > >> files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> [21668] info: config: configuration file >> "/usr/share/spamassassin/23_bayes.cf" requires version 3.001009 of >> SpamAssassin, but this is code version 3.002003. Maybe you need to use >> the -C switch, or remove the old config files? Skipping this file >> config: 'uridnsbl_timeout' is obsolete, use 'rbl_timeout' instead at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/URIDNSBL.pm >> > line > >> 396. >> [21668] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA >> [21668] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E >> [21668] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E >> __MO_OL_F3B05 >> [21668] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 >> __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF >> __XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01 >> [21668] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA >> [21668] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: >> HS_SUBJ_NEW_SOFTWARE >> [21668] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A >> [21668] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 >> __MO_OL_CF0C0 >> [21668] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15 >> KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6 >> [21668] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C >> __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1 >> __XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8 >> [21668] dbg: rules: __XM_OL_5E7ED merged duplicates: __XM_OL_D03AB >> [21668] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 >> __MO_OL_ADFF7 >> [21668] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6 >> [21668] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB >> __MO_OL_7533E >> [21668] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40 >> [21668] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: __HAS_ANY_URI >> [21668] dbg: rules: __XM_OL_C7C33 merged duplicates: __XM_OL_C9068 >> __XM_OL_EF20B >> [21668] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E >> [21668] dbg: rules: __MO_OL_5E7ED merged duplicates: __MO_OL_C7C33 >> [21668] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8 >> [21668] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01 >> [21668] dbg: conf: finish parsing >> [21668] dbg: plugin: >> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xb8234a0) implements >> 'finish_parsing_end', priority 0 >> [21668] dbg: replacetags: replacing tags >> [21668] dbg: replacetags: done replacing tags >> [21668] dbg: bayes: no dbs present, cannot tie DB R/O: >> /root/.spamassassin/bayes_toks >> [21668] dbg: config: score set 1 chosen. >> [21668] dbg: message: main message type: text/plain >> [21668] dbg: message: ---- MIME PARSER START ---- >> [21668] dbg: message: parsing normal part >> [21668] dbg: message: ---- MIME PARSER END ---- >> [21668] dbg: bayes: no dbs present, cannot tie DB R/O: >> /root/.spamassassin/bayes_toks >> check: no loaded plugin implements 'check_main': cannot scan! at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line >> 164. >> >> I see some errors that tell me SA is looking for an older version? >> > And > >> this error at the end, I have no idea where to start there. >> >> Blaze King >> Lake County Office of Education >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> Martin.Hepworth >> Sent: Monday, September 24, 2007 1:04 AM >> To: MailScanner discussion >> Subject: RE: mailscanner restarts when using spamassassin >> >> Blaze >> >> What does "MailScanner --debug --debug-sa" give you? >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> > [mailto:mailscanner- > >>> bounces@lists.mailscanner.info] On Behalf Of Blaze King >>> Sent: 24 September 2007 04:55 >>> To: MailScanner discussion >>> Subject: RE: mailscanner restarts when using spamassassin >>> >>> An update: >>> >>> >>> >>> Sendmail is working fine now. (I had something wrong in the mc >>> > file). > >>> Now I've re-installed the tarball for ClamAV and SA and Mailscanner, >>> doesn't seem to make any difference. I also used my old >>> >> MailScanner.conf >> >>> from my old server (ver. 4.58). Nothing changes the results I was >>> >> finding >> >>> below. Spam Checks work, but SpamAssassin isn't. Also, forgot to >>> >> mention >> >>> previously, this is on CentOS 5. >>> >>> >>> >>> On top of that my MailWatch install has a feature I forgot how to >>> >> enable: >> >>> Viewing the message body. >>> >>> >>> >>> Any ideas on what I'm probably doing wrong? >>> >>> >>> >>> Blaze King >>> >>> blazek@lake-coe.k12.ca.us >>> >>> >>> >>> From: mailscanner-bounces@lists.mailscanner.info >>> > [mailto:mailscanner- > >>> bounces@lists.mailscanner.info] On Behalf Of Blaze King >>> Sent: Sunday, September 23, 2007 4:26 PM >>> To: mailscanner@lists.mailscanner.info >>> Subject: mailscanner restarts when using spamassassin >>> >>> >>> >>> Ok here's one that stumping me... >>> >>> >>> >>> This is a new installation... When I have "Use Spamassassin = yes" >>> > in > >>> MailScanner.conf, no messages are processed. When I set that to no, >>> >> then >> >>> everything works ok. spamassassin -D --lint doesn't produce any >>> >> errors. >> >>> Not sure if it's needed, but here's some background info: >>> >>> >>> >>> (also, as a note, I noticed while writing all this that sendmail is >>> >> giving >> >>> me some trouble... users can't send, but system messages and >>> > aliases > >> still >> >>> get sent... I don't know, maybe that's related) >>> >>> >>> >>> This is while installing onto a new server. Before installing >>> >> MailScanner >> >>> and because I was using MailWatch, I imported my old database into >>> >> mysql >> >>> on the new server. >>> >>> >>> >>> I followed the instructions in Quickinstall.txt: Installed >>> >>> > http://www.mailscanner.info/files/4/install-Clam-0.91.2-SA-3.2.3.tar.gz, > >>> then installed MailScanner version 4.63.8-1 (also tried latest >>> > beta), > >>> upgraded conf file. After starting MailScanner, I see this in the >>> maillog: >>> >>> >>> >>> This is with Spam Checks = Yes and Use Spamassassin = yes >>> >>> >>> >>> Sep 23 11:22:21 mail MailScanner[28810]: MailScanner E-Mail Virus >>> >> Scanner >> >>> version 4.64.1 starting... >>> Sep 23 11:22:21 mail MailScanner[28810]: Read 797 hostnames from the >>> phishing whitelist >>> Sep 23 11:22:21 mail MailScanner[28810]: Read 1728 hostnames from >>> > the > >>> phishing blacklist >>> Sep 23 11:22:21 mail MailScanner[28810]: Config: calling custom init >>> function MailWatchLogging >>> Sep 23 11:22:21 mail MailScanner[28810]: Started SQL Logging child >>> Sep 23 11:22:21 mail MailScanner[28810]: SpamAssassin temporary >>> >> working >> >>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp >>> Sep 23 11:22:21 mail MailScanner[28810]: Using SpamAssassin results >>> >> cache >> >>> Sep 23 11:22:21 mail MailScanner[28810]: Connected to SpamAssassin >>> >> cache >> >>> database >>> Sep 23 11:22:26 mail MailScanner[28819]: MailScanner E-Mail Virus >>> >> Scanner >> >>> version 4.64.1 starting... >>> Sep 23 11:22:26 mail MailScanner[28819]: Read 797 hostnames from the >>> phishing whitelist >>> Sep 23 11:22:26 mail MailScanner[28819]: Read 1728 hostnames from >>> > the > >>> phishing blacklist >>> Sep 23 11:22:26 mail MailScanner[28819]: Config: calling custom init >>> function MailWatchLogging >>> Sep 23 11:22:26 mail MailScanner[28819]: Started SQL Logging child >>> Sep 23 11:22:26 mail MailScanner[28819]: SpamAssassin temporary >>> >> working >> >>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp >>> Sep 23 11:22:26 mail MailScanner[28819]: Using SpamAssassin results >>> >> cache >> >>> Sep 23 11:22:26 mail MailScanner[28819]: Connected to SpamAssassin >>> >> cache >> >>> database >>> Sep 23 11:22:31 mail MailScanner[28822]: MailScanner E-Mail Virus >>> >> Scanner >> >>> version 4.64.1 starting... >>> Sep 23 11:22:31 mail MailScanner[28822]: Read 797 hostnames from the >>> phishing whitelist >>> Sep 23 11:22:31 mail MailScanner[28822]: Read 1728 hostnames from >>> > the > >>> phishing blacklist >>> Sep 23 11:22:31 mail MailScanner[28822]: Config: calling custom init >>> function MailWatchLogging >>> Sep 23 11:22:31 mail MailScanner[28822]: Started SQL Logging child >>> Sep 23 11:22:31 mail MailScanner[28822]: SpamAssassin temporary >>> >> working >> >>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp >>> Sep 23 11:22:31 mail MailScanner[28822]: Using SpamAssassin results >>> >> cache >> >>> Sep 23 11:22:31 mail MailScanner[28822]: Connected to SpamAssassin >>> >> cache >> >>> database >>> >>> (repeats over and over, same thing) >>> >>> >>> >>> Here's Spam Checks = Yes and Use Spamassassin = No >>> >>> >>> >>> Sep 23 11:24:42 mail MailScanner[29127]: MailScanner E-Mail Virus >>> >> Scanner >> >>> version 4.64.1 starting... >>> Sep 23 11:24:42 mail MailScanner[29127]: Read 797 hostnames from the >>> phishing whitelist >>> Sep 23 11:24:42 mail MailScanner[29127]: Read 1728 hostnames from >>> > the > >>> phishing blacklist >>> Sep 23 11:24:42 mail MailScanner[29127]: Config: calling custom init >>> function MailWatchLogging >>> Sep 23 11:24:42 mail MailScanner[29127]: Started SQL Logging child >>> Sep 23 11:24:42 mail MailScanner[29127]: SpamAssassin temporary >>> >> working >> >>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp >>> Sep 23 11:24:42 mail MailScanner[29127]: Using locktype = posix >>> Sep 23 11:24:42 mail MailScanner[29127]: Creating hardcoded >>> >> struct_flock >> >>> subroutine for linux (Linux-type) >>> Sep 23 11:25:19 mail MailScanner[29124]: New Batch: Scanning 1 >>> >> messages, >> >>> 1520 bytes >>> Sep 23 11:25:20 mail MailScanner[29124]: Spam Checks: Found 1 spam >>> messages >>> Sep 23 11:25:20 mail MailScanner[29124]: Virus and Content Scanning: >>> Starting >>> Sep 23 11:25:22 mail MailScanner[29124]: Uninfected: Delivered 1 >>> >> messages >> >>> Sep 23 11:25:22 mail MailScanner[29124]: Logging message >>> >> l8NIPI9f029181 to >> >>> SQL >>> Sep 23 11:25:22 mail MailScanner[29091]: l8NIPI9f029181: Logged to >>> MailWatch SQL >>> >>> (seems to work ok without spamassassin) >>> >>> >>> >>> >>> >>> Any ideas? Thanks! >>> >>> >>> >>> Blaze King >>> >>> Lake County Office of Education >>> >>> (707) 262-4147 >>> >>> >>> >> >> >> >> ********************************************************************** >> Confidentiality : This e-mail and any attachments are intended for the >> addressee only and may be confidential. If they come to you in error >> you must take no action based on them, nor must you copy or show them >> to anyone. Please advise the sender by replying to this e-mail >> immediately and then delete the original from your computer. >> Opinion : Any opinions expressed in this e-mail are entirely those of >> the author and unless specifically stated to the contrary, are not >> necessarily those of the author's employer. >> Security Warning : Internet e-mail is not necessarily a secure >> communications medium and can be subject to data corruption. We advise >> that you consider this fact when e-mailing us. >> Viruses : We have taken steps to ensure that this e-mail and any >> attachments are free from known viruses but in keeping with good >> computing practice, you should ensure that they are virus free. >> >> Red Lion 49 Ltd T/A Solid State Logic >> Registered as a limited company in England and Wales >> (Company No:5362730) >> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >> United Kingdom >> ********************************************************************** >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Sep 24 20:20:55 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 24 20:21:34 2007 Subject: Second AV Scanner Suggestions In-Reply-To: <46F8024D.3090008@openenterprise.ca> References: <46F7E5DD.1070607@openenterprise.ca> <46F7FC0F.20703@ecs.soton.ac.uk> <46F8024D.3090008@openenterprise.ca> Message-ID: <46F80E17.6050803@ecs.soton.ac.uk> In which case, please try this: 1) In /etc/MailScanner/virus.scanners.conf, set this bitdefender /usr/lib/MailScanner/bitdefender-wrapper /opt/BitDefender-scanner/bin 2) In /usr/lib/MailScanner/bitdefender-wrapper, change this line (around line 33) prog=bdc to this prog=bdscan Please give this a go and let me know if it works. Also, please try this for the bitdefender-autoupdate: 1) Change this line (around line 132) my $bitDefBinary = "bdc"; to this my $bitDefBinary = "bdscan"; 2) Run update_virus_scanners Check the contents of /var/log/bitdefender_updater.log to see if it worked or not. If someone can send me a fully-licensed version of BitDefender I'll try to get all this stuff working for you. Does the widely-used free version require these changes as well as the new one? Will I break everyone's bitdefender-based systems if I change this? Otherwise I'll try to make it work with the old setup and the new one at the same time. Jules. Johnny Stork wrote: > Thanks Julian. Below is my lint test and it appears that the > bitdefender scanner is not found. I downloaded and installed BD from > "BitDefender-scanner-7.5-4.linux-gcc3x.i586.rpm.run" and seems to put > the scanner here. > > [root@gateway MailScanner]# whereis bdscan > bdscan: /usr/bin/bdscan /opt/BitDefender-scanner/bin/bdscan > > > So I updated virus.scanners.conf. to show > > "bitdefender /usr/lib/MailScanner/bitdefender-wrapper > /opt/BitDefender-scanner" > > > Mailscanner Lint Test: > > [root@gateway MailScanner]# MailScanner --lint > Checking version numbers... > Version number in MailScanner.conf (4.63.8) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin reported no errors. > MailScanner.conf says "Virus Scanners = clamd bitdefender" > Found these virus scanners installed: clamavmodule > =========================================================================== > > Ignore errors about failing to find EOCD signature > format error: can't find EOCD signature > at /usr/sbin/MailScanner line 458 > cat: /tmp/log.bdc.351: No such file or directory > rm: cannot remove `/tmp/log.bdc.351': No such file or directory > =========================================================================== > > > If any of your virus scanners (clamavmodule) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its > virus.scanners.conf. > > > > Julian Field wrote: >> My personal preferences are for f-prot and sophos, as I always run 3 >> to be on the safe side. But they do cost money. But there again, the >> total solution is still much, much cheaper than paying someone like >> MessageLabs or Ironport for their solutions to the problem. >> >> Once you have installed other scanners, be sure to >> MailScanner --lint >> to be sure your scanners are all being called successfully. You >> should get a report from each of your installed scanners. >> >> My supplied virus.scanners.conf file is set ready for each of the >> virus scanners if you install them to their default location, as >> dictated by their own installers. If you install them elsewhere, you >> will need to tweak your /etc/MailScanner/virus.scanners.conf. The >> output of "MailScanner --lint" will clearly show you if you have the >> settings correct. >> >> You should *not* edit the -wrapper or -autoupdate scripts, the only >> changes needed are in virus.scanners.conf. >> >> Jules. >> >> Johnny Stork wrote: >>> I just went through a clean re-install of MS/SA etc and thought I >>> might like to add a second scanner beyond clamav. What would most >>> people suggest for a second av engine, maybe amavisd?. Are there any >>> tips/howtos on setting up some of these other engines? >>> >>> >>> -- >>> *Johnny Stork* >>> Business & Technology Consultant >>> stork@openenterprise.ca >>> >> >> Jules >> > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Mon Sep 24 20:25:30 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 24 20:25:46 2007 Subject: MailScanner and the postfix hold queue In-Reply-To: References: <31e7748d0709241143k285723fald325504b4106b6cd@mail.gmail.com> Message-ID: <46F80F2A.2090005@ecs.soton.ac.uk> Scott Silva wrote: > Rodney Green spake the following on 9/24/2007 11:43 AM: >> Hello, >> >> Has anyone using postfix and MailScanner investigated using the >> smtpd_data_restrictions postfix config parameter to hold incoming >> e-mail? This would be used instead of placing the HOLD statement in >> the header_checks config file. >> >> >> smtpd_data_restrictions = >> permit_mynetworks >> check_client_access static:HOLD >> >> The above would allow local mail from internal clients to bypass >> MailScanner, I think. Anything >> else would be put in the HOLD queue for MailScanner to scan. >> >> Any thoughts on this? >> >> Thanks, >> Rod >> > Internal clients can get infected also, and you probably are not wise > to exempt them from scanning. You would be amazed at how hard someone > will try to get something they think they want or they think is OK > even if I.T. says no. And if you ever let a virus out of your site, you better be prepared for some lawyer-happy recipient to try to sue you for negligence in not virus-scanning your outgoing mail when you have systems in place that could be set up to do it :-( You also don't want to get blacklisted if one of your internal machines is ever infected by a botnet. Traditionally, the boss's laptop is the most likely offender in this case :-) There are a thousand other reasons why exempting *any* mail from complete virus, malware and spam content checking is A Bad Thing(tm). Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Mon Sep 24 20:26:33 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 24 20:27:12 2007 Subject: Second AV Scanner Suggestions In-Reply-To: References: <46F7E5DD.1070607@openenterprise.ca> <46F7FC0F.20703@ecs.soton.ac.uk> <46F8024D.3090008@openenterprise.ca> Message-ID: <46F80F69.1040805@ecs.soton.ac.uk> Scott Silva wrote: > Johnny Stork spake the following on 9/24/2007 11:30 AM: >> Thanks Julian. Below is my lint test and it appears that the >> bitdefender scanner is not found. I downloaded and installed BD from >> "BitDefender-scanner-7.5-4.linux-gcc3x.i586.rpm.run" and seems to put >> the scanner here. >> >> [root@gateway MailScanner]# whereis bdscan >> bdscan: /usr/bin/bdscan /opt/BitDefender-scanner/bin/bdscan >> >> >> So I updated virus.scanners.conf. to show >> >> "bitdefender /usr/lib/MailScanner/bitdefender-wrapper >> /opt/BitDefender-scanner" >> >> >> Mailscanner Lint Test: >> >> [root@gateway MailScanner]# MailScanner --lint >> Checking version numbers... >> Version number in MailScanner.conf (4.63.8) is correct. >> >> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >> >> Checking for SpamAssassin errors (if you use it)... >> SpamAssassin temp dir = >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >> SpamAssassin reported no errors. >> MailScanner.conf says "Virus Scanners = clamd bitdefender" >> Found these virus scanners installed: clamavmodule >> =========================================================================== >> >> Ignore errors about failing to find EOCD signature >> format error: can't find EOCD signature >> at /usr/sbin/MailScanner line 458 >> cat: /tmp/log.bdc.351: No such file or directory >> rm: cannot remove `/tmp/log.bdc.351': No such file or directory >> =========================================================================== >> >> >> If any of your virus scanners (clamavmodule) >> are not listed there, you should check that they are installed correctly >> and that MailScanner is finding them correctly via its >> virus.scanners.conf. >> > MailScanner support was written for bitdefender 7.0 and 7.1. I think > it might need an update for the new version. > Also, I think the new version is not free except for personal use, and > needs a license file to run past the demo time. Please can you send me the download URL and a valid licence file? (Send the licence off-list!) Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Mon Sep 24 20:28:15 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 24 20:28:47 2007 Subject: i screwed spamassassin In-Reply-To: References: <08e3e91c8f20c44bac27b8419e76641c@solidstatelogic.com> <46F7FA87.8000006@ecs.soton.ac.uk> Message-ID: <46F80FCF.3010307@ecs.soton.ac.uk> Once you've done an sa-update, it won't be using the files in /usr/share/spamassassin anyway, it will be using the stuff under /var/lib/spamassassin instead. Do a "sa-update -D" first time, to make sure it is working. You might need to download and install a GPG key for it, it tells you what to type. Blaze King wrote: > Changed the subject per Julian's comment. > > So that was it. I must have copied something wrong... > > Well now I notice I don't have a 50_scores.cf in > /usr/share/spamassassin. So spamassassin is working, but obviously is > missing the majority of its scoring. I copied 50_scores.cf from my old > config to the new spot, but spamassassin isn't looking for it. > > Blaze King > Director of Technology > Lake County Office of Education > (707) 262-4147 > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Monday, September 24, 2007 10:57 AM > To: MailScanner discussion > Subject: Re: mailscanner restarts when using spamassassin > > > > Blaze King wrote: > >> Yum must have automatically updated SA from the initial install... Ok >> > I > >> removed that, re-installed Julian's script for Clam and SA, and now >> > when > >> I debug this is what I see: >> >> check: no loaded plugin implements 'check_main': cannot scan! at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line >> 164. >> >> > You have screwed your /etc/mail/spamassassin/*.pre files. The following > lines must appear in v320.pre, as well as a whole load of other > loadplugin lines: > > # Check - Provides main check functionality > # > loadplugin Mail::SpamAssassin::Plugin::Check > > Otherwise SpamAssassin won't actually do anything! > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> Martin.Hepworth >> Sent: Monday, September 24, 2007 8:55 AM >> To: MailScanner discussion >> Subject: RE: mailscanner restarts when using spamassassin >> >> Blaze >> >> Looks like you got 2 different spamassassins installed and MailScanner >> is looking for an 'old' one. >> >> I'd say you 'upgraded' SA using a different method to how you >> > originally > >> installed it.. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Blaze King >>> Sent: 24 September 2007 16:37 >>> To: MailScanner discussion >>> Subject: RE: mailscanner restarts when using spamassassin >>> >>> Here's what the debug gives me: >>> >>> [root@mail ~]# MailScanner --debug --debug-sa >>> In Debugging mode, not forking... >>> SpamAssassin temp dir = >>> /var/spool/MailScanner/incoming/SpamAssassin-Temp >>> [21668] dbg: logger: adding facilities: all >>> [21668] dbg: logger: logging level is DBG >>> [21668] dbg: generic: SpamAssassin version 3.2.3 >>> [21668] dbg: config: score set 0 chosen. >>> [21668] dbg: util: running in taint mode? no >>> [21668] dbg: dns: is Net::DNS::Resolver available? yes >>> [21668] dbg: dns: Net::DNS version: 0.60 >>> [21668] dbg: ignore: test message to precompile patterns and load >>> modules >>> [21668] dbg: config: using "/etc/mail/spamassassin" for site rules >>> > pre > >>> files >>> [21668] dbg: config: read file /etc/mail/spamassassin/init.pre >>> [21668] dbg: config: read file /etc/mail/spamassassin/v310.pre >>> [21668] dbg: config: read file /etc/mail/spamassassin/v312.pre >>> [21668] dbg: config: using "/usr/share/spamassassin" for sys rules >>> > pre > >>> files >>> [21668] dbg: config: using "/usr/share/spamassassin" for default >>> > rules > >>> dir >>> [21668] dbg: config: read file >>> /usr/share/spamassassin/10_default_prefs.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/10_misc.cf >>> [21668] dbg: config: read file >>> >>> >> /usr/share/spamassassin/20_advance_fee.cf >> >> >>> [21668] dbg: config: read file >>> /usr/share/spamassassin/20_anti_ratware.cf >>> [21668] dbg: config: read file >>> >>> >> /usr/share/spamassassin/20_body_tests.cf >> >> >>> [21668] dbg: config: read file >>> >>> >> /usr/share/spamassassin/20_compensate.cf >> >> >>> [21668] dbg: config: read file >>> >>> >> /usr/share/spamassassin/20_dnsbl_tests.cf >> >> >>> [21668] dbg: config: read file /usr/share/spamassassin/20_drugs.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/20_dynrdns.cf >>> [21668] dbg: config: read file >>> /usr/share/spamassassin/20_fake_helo_tests.cf >>> [21668] dbg: config: read file >>> >>> >> /usr/share/spamassassin/20_head_tests.cf >> >> >>> [21668] dbg: config: read file >>> >>> >> /usr/share/spamassassin/20_html_tests.cf >> >> >>> [21668] dbg: config: read file >>> > /usr/share/spamassassin/20_imageinfo.cf > >>> [21668] dbg: config: read file >>> >>> >> /usr/share/spamassassin/20_meta_tests.cf >> >> >>> [21668] dbg: config: read file >>> > /usr/share/spamassassin/20_net_tests.cf > >>> [21668] dbg: config: read file /usr/share/spamassassin/20_phrases.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/20_porn.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/20_ratware.cf >>> [21668] dbg: config: read file >>> > /usr/share/spamassassin/20_uri_tests.cf > >>> [21668] dbg: config: read file /usr/share/spamassassin/20_vbounce.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/23_bayes.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf >>> [21668] dbg: config: read file >>> > /usr/share/spamassassin/25_antivirus.cf > >>> [21668] dbg: config: read file /usr/share/spamassassin/25_asn.cf >>> [21668] dbg: config: read file >>> /usr/share/spamassassin/25_body_tests_es.cf >>> [21668] dbg: config: read file >>> /usr/share/spamassassin/25_body_tests_pl.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/25_dcc.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/25_dkim.cf >>> [21668] dbg: config: read file >>> >>> >> /usr/share/spamassassin/25_domainkeys.cf >> >> >>> [21668] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/25_razor2.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/25_replace.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/25_spf.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/25_textcat.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/25_uribl.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/30_text_de.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/30_text_it.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf >>> [21668] dbg: config: read file >>> >>> >> /usr/share/spamassassin/30_text_pt_br.cf >> >> >>> [21668] dbg: config: read file /usr/share/spamassassin/50_scores.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/60_awl.cf >>> [21668] dbg: config: read file >>> /usr/share/spamassassin/60_shortcircuit.cf >>> [21668] dbg: config: read file >>> > /usr/share/spamassassin/60_whitelist.cf > >>> [21668] dbg: config: read file >>> /usr/share/spamassassin/60_whitelist_dk.cf >>> [21668] dbg: config: read file >>> /usr/share/spamassassin/60_whitelist_dkim.cf >>> [21668] dbg: config: read file >>> /usr/share/spamassassin/60_whitelist_spf.cf >>> [21668] dbg: config: read file >>> /usr/share/spamassassin/60_whitelist_subject.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/72_active.cf >>> [21668] dbg: config: using "/etc/mail/spamassassin" for site rules >>> > dir > >>> [21668] dbg: config: read file /etc/mail/spamassassin/local.cf >>> [21668] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL >>> > from > >>> @INC >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash >>> > from > >>> @INC >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from >>> > @INC > >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry >>> from @INC >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from >>> @INC >>> [21668] dbg: razor2: razor2 is available, version 2.84 >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from >>> > @INC > >>> [21668] dbg: dcc: network tests on, registering DCC >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from >>> >>> >> @INC >> >> >>> [21668] dbg: pyzor: network tests on, attempting Pyzor >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from >>> @INC >>> [21668] dbg: razor2: razor2 is available, version 2.84 >>> [21668] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::Razor2=HASH(0xb3cdb30), already >>> > registered > >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from >>> @INC >>> [21668] dbg: reporter: network tests on, attempting SpamCop >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from >>> > @INC > >>> [21668] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >>> [21668] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader >>> >>> >> from >> >> >>> @INC >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags >>> from @INC >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry >>> from @INC >>> [21668] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xb823524), already >>> registered >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from >>> > @INC > >>> [21668] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::SPF=HASH(0xb7d3ed8), already registered >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL >>> > from > >>> @INC >>> [21668] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xb30a6a8), already >>> >>> >> registered >> >> >>> config: configuration file >>> > "/usr/share/spamassassin/20_advance_fee.cf" > >>> requires version 3.001009 of SpamAssassin, but this is code version >>> 3.002003. Maybe you need to use the -C switch, or remove the old >>> >>> >> config >> >> >>> files? Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/20_advance_fee.cf" requires version 3.001009 >>> >>> >> of >> >> >>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>> > use > >>> the -C switch, or remove the old config files? Skipping this file >>> config: configuration file "/usr/share/spamassassin/20_body_tests.cf" >>> requires version 3.001009 of SpamAssassin, but this is code version >>> 3.002003. Maybe you need to use the -C switch, or remove the old >>> >>> >> config >> >> >>> files? Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/20_body_tests.cf" requires version 3.001009 >>> >>> >> of >> >> >>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>> > use > >>> the -C switch, or remove the old config files? Skipping this file >>> config: configuration file "/usr/share/spamassassin/20_compensate.cf" >>> requires version 3.001009 of SpamAssassin, but this is code version >>> 3.002003. Maybe you need to use the -C switch, or remove the old >>> >>> >> config >> >> >>> files? Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/20_compensate.cf" requires version 3.001009 >>> >>> >> of >> >> >>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>> > use > >>> the -C switch, or remove the old config files? Skipping this file >>> config: configuration file >>> > "/usr/share/spamassassin/20_dnsbl_tests.cf" > >>> requires version 3.001009 of SpamAssassin, but this is code version >>> 3.002003. Maybe you need to use the -C switch, or remove the old >>> >>> >> config >> >> >>> files? Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/20_dnsbl_tests.cf" requires version 3.001009 >>> >>> >> of >> >> >>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>> > use > >>> the -C switch, or remove the old config files? Skipping this file >>> config: configuration file "/usr/share/spamassassin/20_drugs.cf" >>> requires version 3.001009 of SpamAssassin, but this is code version >>> 3.002003. Maybe you need to use the -C switch, or remove the old >>> >>> >> config >> >> >>> files? Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/20_drugs.cf" requires version 3.001009 of >>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>> > use > >>> the -C switch, or remove the old config files? Skipping this file >>> config: configuration file >>> "/usr/share/spamassassin/20_fake_helo_tests.cf" requires version >>> 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe >>> > you > >>> need to use the -C switch, or remove the old config files? Skipping >>> >>> >> this >> >> >>> file at >>> >>> >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm >> >> >>> line 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/20_fake_helo_tests.cf" requires version >>> 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe >>> > you > >>> need to use the -C switch, or remove the old config files? Skipping >>> >>> >> this >> >> >>> file >>> config: configuration file "/usr/share/spamassassin/20_head_tests.cf" >>> requires version 3.001009 of SpamAssassin, but this is code version >>> 3.002003. Maybe you need to use the -C switch, or remove the old >>> >>> >> config >> >> >>> files? Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/20_head_tests.cf" requires version 3.001009 >>> >>> >> of >> >> >>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>> > use > >>> the -C switch, or remove the old config files? Skipping this file >>> config: configuration file "/usr/share/spamassassin/20_html_tests.cf" >>> requires version 3.001009 of SpamAssassin, but this is code version >>> 3.002003. Maybe you need to use the -C switch, or remove the old >>> >>> >> config >> >> >>> files? Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/20_html_tests.cf" requires version 3.001009 >>> >>> >> of >> >> >>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>> > use > >>> the -C switch, or remove the old config files? Skipping this file >>> config: configuration file "/usr/share/spamassassin/20_meta_tests.cf" >>> requires version 3.001009 of SpamAssassin, but this is code version >>> 3.002003. Maybe you need to use the -C switch, or remove the old >>> >>> >> config >> >> >>> files? Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/20_meta_tests.cf" requires version 3.001009 >>> >>> >> of >> >> >>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>> > use > >>> the -C switch, or remove the old config files? Skipping this file >>> config: configuration file "/usr/share/spamassassin/20_net_tests.cf" >>> requires version 3.001009 of SpamAssassin, but this is code version >>> 3.002003. Maybe you need to use the -C switch, or remove the old >>> >>> >> config >> >> >>> files? Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/20_net_tests.cf" requires version 3.001009 >>> > of > >>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>> > use > >>> the -C switch, or remove the old config files? Skipping this file >>> config: configuration file "/usr/share/spamassassin/20_phrases.cf" >>> requires version 3.001009 of SpamAssassin, but this is code version >>> 3.002003. Maybe you need to use the -C switch, or remove the old >>> >>> >> config >> >> >>> files? Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/20_phrases.cf" requires version 3.001009 of >>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>> > use > >>> the -C switch, or remove the old config files? Skipping this file >>> config: configuration file "/usr/share/spamassassin/20_porn.cf" >>> >>> >> requires >> >> >>> version 3.001009 of SpamAssassin, but this is code version 3.002003. >>> Maybe you need to use the -C switch, or remove the old config files? >>> Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/20_porn.cf" requires version 3.001009 of >>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>> > use > >>> the -C switch, or remove the old config files? Skipping this file >>> config: configuration file "/usr/share/spamassassin/20_uri_tests.cf" >>> requires version 3.001009 of SpamAssassin, but this is code version >>> 3.002003. Maybe you need to use the -C switch, or remove the old >>> >>> >> config >> >> >>> files? Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/20_uri_tests.cf" requires version 3.001009 >>> > of > >>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>> > use > >>> the -C switch, or remove the old config files? Skipping this file >>> config: configuration file "/usr/share/spamassassin/23_bayes.cf" >>> requires version 3.001009 of SpamAssassin, but this is code version >>> 3.002003. Maybe you need to use the -C switch, or remove the old >>> >>> >> config >> >> >>> files? Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/23_bayes.cf" requires version 3.001009 of >>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>> > use > >>> the -C switch, or remove the old config files? Skipping this file >>> config: 'uridnsbl_timeout' is obsolete, use 'rbl_timeout' instead at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/URIDNSBL.pm >>> >>> >> line >> >> >>> 396. >>> [21668] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA >>> [21668] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E >>> [21668] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E >>> __MO_OL_F3B05 >>> [21668] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 >>> __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF >>> __XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01 >>> [21668] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA >>> [21668] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: >>> HS_SUBJ_NEW_SOFTWARE >>> [21668] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A >>> [21668] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 >>> __MO_OL_CF0C0 >>> [21668] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15 >>> KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6 >>> [21668] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C >>> __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1 >>> __XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8 >>> [21668] dbg: rules: __XM_OL_5E7ED merged duplicates: __XM_OL_D03AB >>> [21668] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 >>> __MO_OL_ADFF7 >>> [21668] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6 >>> [21668] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB >>> __MO_OL_7533E >>> [21668] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40 >>> [21668] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: >>> > __HAS_ANY_URI > >>> [21668] dbg: rules: __XM_OL_C7C33 merged duplicates: __XM_OL_C9068 >>> __XM_OL_EF20B >>> [21668] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E >>> [21668] dbg: rules: __MO_OL_5E7ED merged duplicates: __MO_OL_C7C33 >>> [21668] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8 >>> [21668] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01 >>> [21668] dbg: conf: finish parsing >>> [21668] dbg: plugin: >>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xb8234a0) implements >>> 'finish_parsing_end', priority 0 >>> [21668] dbg: replacetags: replacing tags >>> [21668] dbg: replacetags: done replacing tags >>> [21668] dbg: bayes: no dbs present, cannot tie DB R/O: >>> /root/.spamassassin/bayes_toks >>> [21668] dbg: config: score set 1 chosen. >>> [21668] dbg: message: main message type: text/plain >>> [21668] dbg: message: ---- MIME PARSER START ---- >>> [21668] dbg: message: parsing normal part >>> [21668] dbg: message: ---- MIME PARSER END ---- >>> [21668] dbg: bayes: no dbs present, cannot tie DB R/O: >>> /root/.spamassassin/bayes_toks >>> check: no loaded plugin implements 'check_main': cannot scan! at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line >>> 164. >>> >>> I see some errors that tell me SA is looking for an older version? >>> >>> >> And >> >> >>> this error at the end, I have no idea where to start there. >>> >>> Blaze King >>> Lake County Office of Education >>> >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>> Martin.Hepworth >>> Sent: Monday, September 24, 2007 1:04 AM >>> To: MailScanner discussion >>> Subject: RE: mailscanner restarts when using spamassassin >>> >>> Blaze >>> >>> What does "MailScanner --debug --debug-sa" give you? >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> >>>> >> [mailto:mailscanner- >> >> >>>> bounces@lists.mailscanner.info] On Behalf Of Blaze King >>>> Sent: 24 September 2007 04:55 >>>> To: MailScanner discussion >>>> Subject: RE: mailscanner restarts when using spamassassin >>>> >>>> An update: >>>> >>>> >>>> >>>> Sendmail is working fine now. (I had something wrong in the mc >>>> >>>> >> file). >> >> >>>> Now I've re-installed the tarball for ClamAV and SA and Mailscanner, >>>> doesn't seem to make any difference. I also used my old >>>> >>>> >>> MailScanner.conf >>> >>> >>>> from my old server (ver. 4.58). Nothing changes the results I was >>>> >>>> >>> finding >>> >>> >>>> below. Spam Checks work, but SpamAssassin isn't. Also, forgot to >>>> >>>> >>> mention >>> >>> >>>> previously, this is on CentOS 5. >>>> >>>> >>>> >>>> On top of that my MailWatch install has a feature I forgot how to >>>> >>>> >>> enable: >>> >>> >>>> Viewing the message body. >>>> >>>> >>>> >>>> Any ideas on what I'm probably doing wrong? >>>> >>>> >>>> >>>> Blaze King >>>> >>>> blazek@lake-coe.k12.ca.us >>>> >>>> >>>> >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> >>>> >> [mailto:mailscanner- >> >> >>>> bounces@lists.mailscanner.info] On Behalf Of Blaze King >>>> Sent: Sunday, September 23, 2007 4:26 PM >>>> To: mailscanner@lists.mailscanner.info >>>> Subject: mailscanner restarts when using spamassassin >>>> >>>> >>>> >>>> Ok here's one that stumping me... >>>> >>>> >>>> >>>> This is a new installation... When I have "Use Spamassassin = yes" >>>> >>>> >> in >> >> >>>> MailScanner.conf, no messages are processed. When I set that to no, >>>> >>>> >>> then >>> >>> >>>> everything works ok. spamassassin -D --lint doesn't produce any >>>> >>>> >>> errors. >>> >>> >>>> Not sure if it's needed, but here's some background info: >>>> >>>> >>>> >>>> (also, as a note, I noticed while writing all this that sendmail is >>>> >>>> >>> giving >>> >>> >>>> me some trouble... users can't send, but system messages and >>>> >>>> >> aliases >> >> >>> still >>> >>> >>>> get sent... I don't know, maybe that's related) >>>> >>>> >>>> >>>> This is while installing onto a new server. Before installing >>>> >>>> >>> MailScanner >>> >>> >>>> and because I was using MailWatch, I imported my old database into >>>> >>>> >>> mysql >>> >>> >>>> on the new server. >>>> >>>> >>>> >>>> I followed the instructions in Quickinstall.txt: Installed >>>> >>>> >>>> > http://www.mailscanner.info/files/4/install-Clam-0.91.2-SA-3.2.3.tar.gz, > >> >> >>>> then installed MailScanner version 4.63.8-1 (also tried latest >>>> >>>> >> beta), >> >> >>>> upgraded conf file. After starting MailScanner, I see this in the >>>> maillog: >>>> >>>> >>>> >>>> This is with Spam Checks = Yes and Use Spamassassin = yes >>>> >>>> >>>> >>>> Sep 23 11:22:21 mail MailScanner[28810]: MailScanner E-Mail Virus >>>> >>>> >>> Scanner >>> >>> >>>> version 4.64.1 starting... >>>> Sep 23 11:22:21 mail MailScanner[28810]: Read 797 hostnames from the >>>> phishing whitelist >>>> Sep 23 11:22:21 mail MailScanner[28810]: Read 1728 hostnames from >>>> >>>> >> the >> >> >>>> phishing blacklist >>>> Sep 23 11:22:21 mail MailScanner[28810]: Config: calling custom init >>>> function MailWatchLogging >>>> Sep 23 11:22:21 mail MailScanner[28810]: Started SQL Logging child >>>> Sep 23 11:22:21 mail MailScanner[28810]: SpamAssassin temporary >>>> >>>> >>> working >>> >>> >>>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>> Sep 23 11:22:21 mail MailScanner[28810]: Using SpamAssassin results >>>> >>>> >>> cache >>> >>> >>>> Sep 23 11:22:21 mail MailScanner[28810]: Connected to SpamAssassin >>>> >>>> >>> cache >>> >>> >>>> database >>>> Sep 23 11:22:26 mail MailScanner[28819]: MailScanner E-Mail Virus >>>> >>>> >>> Scanner >>> >>> >>>> version 4.64.1 starting... >>>> Sep 23 11:22:26 mail MailScanner[28819]: Read 797 hostnames from the >>>> phishing whitelist >>>> Sep 23 11:22:26 mail MailScanner[28819]: Read 1728 hostnames from >>>> >>>> >> the >> >> >>>> phishing blacklist >>>> Sep 23 11:22:26 mail MailScanner[28819]: Config: calling custom init >>>> function MailWatchLogging >>>> Sep 23 11:22:26 mail MailScanner[28819]: Started SQL Logging child >>>> Sep 23 11:22:26 mail MailScanner[28819]: SpamAssassin temporary >>>> >>>> >>> working >>> >>> >>>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>> Sep 23 11:22:26 mail MailScanner[28819]: Using SpamAssassin results >>>> >>>> >>> cache >>> >>> >>>> Sep 23 11:22:26 mail MailScanner[28819]: Connected to SpamAssassin >>>> >>>> >>> cache >>> >>> >>>> database >>>> Sep 23 11:22:31 mail MailScanner[28822]: MailScanner E-Mail Virus >>>> >>>> >>> Scanner >>> >>> >>>> version 4.64.1 starting... >>>> Sep 23 11:22:31 mail MailScanner[28822]: Read 797 hostnames from the >>>> phishing whitelist >>>> Sep 23 11:22:31 mail MailScanner[28822]: Read 1728 hostnames from >>>> >>>> >> the >> >> >>>> phishing blacklist >>>> Sep 23 11:22:31 mail MailScanner[28822]: Config: calling custom init >>>> function MailWatchLogging >>>> Sep 23 11:22:31 mail MailScanner[28822]: Started SQL Logging child >>>> Sep 23 11:22:31 mail MailScanner[28822]: SpamAssassin temporary >>>> >>>> >>> working >>> >>> >>>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>> Sep 23 11:22:31 mail MailScanner[28822]: Using SpamAssassin results >>>> >>>> >>> cache >>> >>> >>>> Sep 23 11:22:31 mail MailScanner[28822]: Connected to SpamAssassin >>>> >>>> >>> cache >>> >>> >>>> database >>>> >>>> (repeats over and over, same thing) >>>> >>>> >>>> >>>> Here's Spam Checks = Yes and Use Spamassassin = No >>>> >>>> >>>> >>>> Sep 23 11:24:42 mail MailScanner[29127]: MailScanner E-Mail Virus >>>> >>>> >>> Scanner >>> >>> >>>> version 4.64.1 starting... >>>> Sep 23 11:24:42 mail MailScanner[29127]: Read 797 hostnames from the >>>> phishing whitelist >>>> Sep 23 11:24:42 mail MailScanner[29127]: Read 1728 hostnames from >>>> >>>> >> the >> >> >>>> phishing blacklist >>>> Sep 23 11:24:42 mail MailScanner[29127]: Config: calling custom init >>>> function MailWatchLogging >>>> Sep 23 11:24:42 mail MailScanner[29127]: Started SQL Logging child >>>> Sep 23 11:24:42 mail MailScanner[29127]: SpamAssassin temporary >>>> >>>> >>> working >>> >>> >>>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>> Sep 23 11:24:42 mail MailScanner[29127]: Using locktype = posix >>>> Sep 23 11:24:42 mail MailScanner[29127]: Creating hardcoded >>>> >>>> >>> struct_flock >>> >>> >>>> subroutine for linux (Linux-type) >>>> Sep 23 11:25:19 mail MailScanner[29124]: New Batch: Scanning 1 >>>> >>>> >>> messages, >>> >>> >>>> 1520 bytes >>>> Sep 23 11:25:20 mail MailScanner[29124]: Spam Checks: Found 1 spam >>>> messages >>>> Sep 23 11:25:20 mail MailScanner[29124]: Virus and Content Scanning: >>>> Starting >>>> Sep 23 11:25:22 mail MailScanner[29124]: Uninfected: Delivered 1 >>>> >>>> >>> messages >>> >>> >>>> Sep 23 11:25:22 mail MailScanner[29124]: Logging message >>>> >>>> >>> l8NIPI9f029181 to >>> >>> >>>> SQL >>>> Sep 23 11:25:22 mail MailScanner[29091]: l8NIPI9f029181: Logged to >>>> MailWatch SQL >>>> >>>> (seems to work ok without spamassassin) >>>> >>>> >>>> >>>> >>>> >>>> Any ideas? Thanks! >>>> >>>> >>>> >>>> Blaze King >>>> >>>> Lake County Office of Education >>>> >>>> (707) 262-4147 >>>> >>>> >>>> >>>> >>> >>> >>> > ********************************************************************** > >>> Confidentiality : This e-mail and any attachments are intended for >>> > the > >>> addressee only and may be confidential. If they come to you in error >>> you must take no action based on them, nor must you copy or show them >>> to anyone. Please advise the sender by replying to this e-mail >>> immediately and then delete the original from your computer. >>> Opinion : Any opinions expressed in this e-mail are entirely those of >>> the author and unless specifically stated to the contrary, are not >>> necessarily those of the author's employer. >>> Security Warning : Internet e-mail is not necessarily a secure >>> communications medium and can be subject to data corruption. We >>> > advise > >>> that you consider this fact when e-mailing us. >>> Viruses : We have taken steps to ensure that this e-mail and any >>> attachments are free from known viruses but in keeping with good >>> computing practice, you should ensure that they are virus free. >>> >>> Red Lion 49 Ltd T/A Solid State Logic >>> Registered as a limited company in England and Wales >>> (Company No:5362730) >>> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >>> United Kingdom >>> >>> > ********************************************************************** > >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> >> ********************************************************************** >> Confidentiality : This e-mail and any attachments are intended for the >> > > >> addressee only and may be confidential. If they come to you in error >> you must take no action based on them, nor must you copy or show them >> to anyone. Please advise the sender by replying to this e-mail >> immediately and then delete the original from your computer. >> Opinion : Any opinions expressed in this e-mail are entirely those of >> the author and unless specifically stated to the contrary, are not >> necessarily those of the author's employer. >> Security Warning : Internet e-mail is not necessarily a secure >> communications medium and can be subject to data corruption. We advise >> > > >> that you consider this fact when e-mailing us. >> Viruses : We have taken steps to ensure that this e-mail and any >> attachments are free from known viruses but in keeping with good >> computing practice, you should ensure that they are virus free. >> >> Red Lion 49 Ltd T/A Solid State Logic >> Registered as a limited company in England and Wales >> (Company No:5362730) >> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >> United Kingdom >> ********************************************************************** >> >> >> > > Jules > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From martinh at solidstatelogic.com Mon Sep 24 20:31:28 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Sep 24 20:31:35 2007 Subject: i screwed spamassassin In-Reply-To: Message-ID: <96d27b9d28de674ebe9da735ea4ace82@solidstatelogic.com> Blaze I'd start again with the SA install. All the perl stuff could be having issues... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Blaze King > Sent: 24 September 2007 20:12 > To: MailScanner discussion > Subject: i screwed spamassassin > > Changed the subject per Julian's comment. > > So that was it. I must have copied something wrong... > > Well now I notice I don't have a 50_scores.cf in > /usr/share/spamassassin. So spamassassin is working, but obviously is > missing the majority of its scoring. I copied 50_scores.cf from my old > config to the new spot, but spamassassin isn't looking for it. > > Blaze King > Director of Technology > Lake County Office of Education > (707) 262-4147 > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Monday, September 24, 2007 10:57 AM > To: MailScanner discussion > Subject: Re: mailscanner restarts when using spamassassin > > > > Blaze King wrote: > > Yum must have automatically updated SA from the initial install... Ok > I > > removed that, re-installed Julian's script for Clam and SA, and now > when > > I debug this is what I see: > > > > check: no loaded plugin implements 'check_main': cannot scan! at > > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line > > 164. > > > You have screwed your /etc/mail/spamassassin/*.pre files. The following > lines must appear in v320.pre, as well as a whole load of other > loadplugin lines: > > # Check - Provides main check functionality > # > loadplugin Mail::SpamAssassin::Plugin::Check > > Otherwise SpamAssassin won't actually do anything! > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > Martin.Hepworth > > Sent: Monday, September 24, 2007 8:55 AM > > To: MailScanner discussion > > Subject: RE: mailscanner restarts when using spamassassin > > > > Blaze > > > > Looks like you got 2 different spamassassins installed and MailScanner > > is looking for an 'old' one. > > > > I'd say you 'upgraded' SA using a different method to how you > originally > > installed it.. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Blaze King > >> Sent: 24 September 2007 16:37 > >> To: MailScanner discussion > >> Subject: RE: mailscanner restarts when using spamassassin > >> > >> Here's what the debug gives me: > >> > >> [root@mail ~]# MailScanner --debug --debug-sa > >> In Debugging mode, not forking... > >> SpamAssassin temp dir = > >> /var/spool/MailScanner/incoming/SpamAssassin-Temp > >> [21668] dbg: logger: adding facilities: all > >> [21668] dbg: logger: logging level is DBG > >> [21668] dbg: generic: SpamAssassin version 3.2.3 > >> [21668] dbg: config: score set 0 chosen. > >> [21668] dbg: util: running in taint mode? no > >> [21668] dbg: dns: is Net::DNS::Resolver available? yes > >> [21668] dbg: dns: Net::DNS version: 0.60 > >> [21668] dbg: ignore: test message to precompile patterns and load > >> modules > >> [21668] dbg: config: using "/etc/mail/spamassassin" for site rules > pre > >> files > >> [21668] dbg: config: read file /etc/mail/spamassassin/init.pre > >> [21668] dbg: config: read file /etc/mail/spamassassin/v310.pre > >> [21668] dbg: config: read file /etc/mail/spamassassin/v312.pre > >> [21668] dbg: config: using "/usr/share/spamassassin" for sys rules > pre > >> files > >> [21668] dbg: config: using "/usr/share/spamassassin" for default > rules > >> dir > >> [21668] dbg: config: read file > >> /usr/share/spamassassin/10_default_prefs.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/10_misc.cf > >> [21668] dbg: config: read file > >> > > /usr/share/spamassassin/20_advance_fee.cf > > > >> [21668] dbg: config: read file > >> /usr/share/spamassassin/20_anti_ratware.cf > >> [21668] dbg: config: read file > >> > > /usr/share/spamassassin/20_body_tests.cf > > > >> [21668] dbg: config: read file > >> > > /usr/share/spamassassin/20_compensate.cf > > > >> [21668] dbg: config: read file > >> > > /usr/share/spamassassin/20_dnsbl_tests.cf > > > >> [21668] dbg: config: read file /usr/share/spamassassin/20_drugs.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/20_dynrdns.cf > >> [21668] dbg: config: read file > >> /usr/share/spamassassin/20_fake_helo_tests.cf > >> [21668] dbg: config: read file > >> > > /usr/share/spamassassin/20_head_tests.cf > > > >> [21668] dbg: config: read file > >> > > /usr/share/spamassassin/20_html_tests.cf > > > >> [21668] dbg: config: read file > /usr/share/spamassassin/20_imageinfo.cf > >> [21668] dbg: config: read file > >> > > /usr/share/spamassassin/20_meta_tests.cf > > > >> [21668] dbg: config: read file > /usr/share/spamassassin/20_net_tests.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/20_phrases.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/20_porn.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/20_ratware.cf > >> [21668] dbg: config: read file > /usr/share/spamassassin/20_uri_tests.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/20_vbounce.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/23_bayes.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf > >> [21668] dbg: config: read file > /usr/share/spamassassin/25_antivirus.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/25_asn.cf > >> [21668] dbg: config: read file > >> /usr/share/spamassassin/25_body_tests_es.cf > >> [21668] dbg: config: read file > >> /usr/share/spamassassin/25_body_tests_pl.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/25_dcc.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/25_dkim.cf > >> [21668] dbg: config: read file > >> > > /usr/share/spamassassin/25_domainkeys.cf > > > >> [21668] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/25_razor2.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/25_replace.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/25_spf.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/25_textcat.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/25_uribl.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/30_text_de.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/30_text_it.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf > >> [21668] dbg: config: read file > >> > > /usr/share/spamassassin/30_text_pt_br.cf > > > >> [21668] dbg: config: read file /usr/share/spamassassin/50_scores.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/60_awl.cf > >> [21668] dbg: config: read file > >> /usr/share/spamassassin/60_shortcircuit.cf > >> [21668] dbg: config: read file > /usr/share/spamassassin/60_whitelist.cf > >> [21668] dbg: config: read file > >> /usr/share/spamassassin/60_whitelist_dk.cf > >> [21668] dbg: config: read file > >> /usr/share/spamassassin/60_whitelist_dkim.cf > >> [21668] dbg: config: read file > >> /usr/share/spamassassin/60_whitelist_spf.cf > >> [21668] dbg: config: read file > >> /usr/share/spamassassin/60_whitelist_subject.cf > >> [21668] dbg: config: read file /usr/share/spamassassin/72_active.cf > >> [21668] dbg: config: using "/etc/mail/spamassassin" for site rules > dir > >> [21668] dbg: config: read file /etc/mail/spamassassin/local.cf > >> [21668] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf > >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL > from > >> @INC > >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash > from > >> @INC > >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from > @INC > >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry > >> from @INC > >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from > >> @INC > >> [21668] dbg: razor2: razor2 is available, version 2.84 > >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from > @INC > >> [21668] dbg: dcc: network tests on, registering DCC > >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from > >> > > @INC > > > >> [21668] dbg: pyzor: network tests on, attempting Pyzor > >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from > >> @INC > >> [21668] dbg: razor2: razor2 is available, version 2.84 > >> [21668] dbg: plugin: did not register > >> Mail::SpamAssassin::Plugin::Razor2=HASH(0xb3cdb30), already > registered > >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from > >> @INC > >> [21668] dbg: reporter: network tests on, attempting SpamCop > >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from > @INC > >> [21668] dbg: plugin: loading > >> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC > >> [21668] dbg: plugin: loading > >> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC > >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader > >> > > from > > > >> @INC > >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags > >> from @INC > >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry > >> from @INC > >> [21668] dbg: plugin: did not register > >> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xb823524), already > >> registered > >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from > @INC > >> [21668] dbg: plugin: did not register > >> Mail::SpamAssassin::Plugin::SPF=HASH(0xb7d3ed8), already registered > >> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL > from > >> @INC > >> [21668] dbg: plugin: did not register > >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xb30a6a8), already > >> > > registered > > > >> config: configuration file > "/usr/share/spamassassin/20_advance_fee.cf" > >> requires version 3.001009 of SpamAssassin, but this is code version > >> 3.002003. Maybe you need to use the -C switch, or remove the old > >> > > config > > > >> files? Skipping this file at > >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > >> 372. > >> [21668] info: config: configuration file > >> "/usr/share/spamassassin/20_advance_fee.cf" requires version 3.001009 > >> > > of > > > >> SpamAssassin, but this is code version 3.002003. Maybe you need to > use > >> the -C switch, or remove the old config files? Skipping this file > >> config: configuration file "/usr/share/spamassassin/20_body_tests.cf" > >> requires version 3.001009 of SpamAssassin, but this is code version > >> 3.002003. Maybe you need to use the -C switch, or remove the old > >> > > config > > > >> files? Skipping this file at > >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > >> 372. > >> [21668] info: config: configuration file > >> "/usr/share/spamassassin/20_body_tests.cf" requires version 3.001009 > >> > > of > > > >> SpamAssassin, but this is code version 3.002003. Maybe you need to > use > >> the -C switch, or remove the old config files? Skipping this file > >> config: configuration file "/usr/share/spamassassin/20_compensate.cf" > >> requires version 3.001009 of SpamAssassin, but this is code version > >> 3.002003. Maybe you need to use the -C switch, or remove the old > >> > > config > > > >> files? Skipping this file at > >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > >> 372. > >> [21668] info: config: configuration file > >> "/usr/share/spamassassin/20_compensate.cf" requires version 3.001009 > >> > > of > > > >> SpamAssassin, but this is code version 3.002003. Maybe you need to > use > >> the -C switch, or remove the old config files? Skipping this file > >> config: configuration file > "/usr/share/spamassassin/20_dnsbl_tests.cf" > >> requires version 3.001009 of SpamAssassin, but this is code version > >> 3.002003. Maybe you need to use the -C switch, or remove the old > >> > > config > > > >> files? Skipping this file at > >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > >> 372. > >> [21668] info: config: configuration file > >> "/usr/share/spamassassin/20_dnsbl_tests.cf" requires version 3.001009 > >> > > of > > > >> SpamAssassin, but this is code version 3.002003. Maybe you need to > use > >> the -C switch, or remove the old config files? Skipping this file > >> config: configuration file "/usr/share/spamassassin/20_drugs.cf" > >> requires version 3.001009 of SpamAssassin, but this is code version > >> 3.002003. Maybe you need to use the -C switch, or remove the old > >> > > config > > > >> files? Skipping this file at > >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > >> 372. > >> [21668] info: config: configuration file > >> "/usr/share/spamassassin/20_drugs.cf" requires version 3.001009 of > >> SpamAssassin, but this is code version 3.002003. Maybe you need to > use > >> the -C switch, or remove the old config files? Skipping this file > >> config: configuration file > >> "/usr/share/spamassassin/20_fake_helo_tests.cf" requires version > >> 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe > you > >> need to use the -C switch, or remove the old config files? Skipping > >> > > this > > > >> file at > >> > > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm > > > >> line 372. > >> [21668] info: config: configuration file > >> "/usr/share/spamassassin/20_fake_helo_tests.cf" requires version > >> 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe > you > >> need to use the -C switch, or remove the old config files? Skipping > >> > > this > > > >> file > >> config: configuration file "/usr/share/spamassassin/20_head_tests.cf" > >> requires version 3.001009 of SpamAssassin, but this is code version > >> 3.002003. Maybe you need to use the -C switch, or remove the old > >> > > config > > > >> files? Skipping this file at > >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > >> 372. > >> [21668] info: config: configuration file > >> "/usr/share/spamassassin/20_head_tests.cf" requires version 3.001009 > >> > > of > > > >> SpamAssassin, but this is code version 3.002003. Maybe you need to > use > >> the -C switch, or remove the old config files? Skipping this file > >> config: configuration file "/usr/share/spamassassin/20_html_tests.cf" > >> requires version 3.001009 of SpamAssassin, but this is code version > >> 3.002003. Maybe you need to use the -C switch, or remove the old > >> > > config > > > >> files? Skipping this file at > >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > >> 372. > >> [21668] info: config: configuration file > >> "/usr/share/spamassassin/20_html_tests.cf" requires version 3.001009 > >> > > of > > > >> SpamAssassin, but this is code version 3.002003. Maybe you need to > use > >> the -C switch, or remove the old config files? Skipping this file > >> config: configuration file "/usr/share/spamassassin/20_meta_tests.cf" > >> requires version 3.001009 of SpamAssassin, but this is code version > >> 3.002003. Maybe you need to use the -C switch, or remove the old > >> > > config > > > >> files? Skipping this file at > >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > >> 372. > >> [21668] info: config: configuration file > >> "/usr/share/spamassassin/20_meta_tests.cf" requires version 3.001009 > >> > > of > > > >> SpamAssassin, but this is code version 3.002003. Maybe you need to > use > >> the -C switch, or remove the old config files? Skipping this file > >> config: configuration file "/usr/share/spamassassin/20_net_tests.cf" > >> requires version 3.001009 of SpamAssassin, but this is code version > >> 3.002003. Maybe you need to use the -C switch, or remove the old > >> > > config > > > >> files? Skipping this file at > >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > >> 372. > >> [21668] info: config: configuration file > >> "/usr/share/spamassassin/20_net_tests.cf" requires version 3.001009 > of > >> SpamAssassin, but this is code version 3.002003. Maybe you need to > use > >> the -C switch, or remove the old config files? Skipping this file > >> config: configuration file "/usr/share/spamassassin/20_phrases.cf" > >> requires version 3.001009 of SpamAssassin, but this is code version > >> 3.002003. Maybe you need to use the -C switch, or remove the old > >> > > config > > > >> files? Skipping this file at > >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > >> 372. > >> [21668] info: config: configuration file > >> "/usr/share/spamassassin/20_phrases.cf" requires version 3.001009 of > >> SpamAssassin, but this is code version 3.002003. Maybe you need to > use > >> the -C switch, or remove the old config files? Skipping this file > >> config: configuration file "/usr/share/spamassassin/20_porn.cf" > >> > > requires > > > >> version 3.001009 of SpamAssassin, but this is code version 3.002003. > >> Maybe you need to use the -C switch, or remove the old config files? > >> Skipping this file at > >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > >> 372. > >> [21668] info: config: configuration file > >> "/usr/share/spamassassin/20_porn.cf" requires version 3.001009 of > >> SpamAssassin, but this is code version 3.002003. Maybe you need to > use > >> the -C switch, or remove the old config files? Skipping this file > >> config: configuration file "/usr/share/spamassassin/20_uri_tests.cf" > >> requires version 3.001009 of SpamAssassin, but this is code version > >> 3.002003. Maybe you need to use the -C switch, or remove the old > >> > > config > > > >> files? Skipping this file at > >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > >> 372. > >> [21668] info: config: configuration file > >> "/usr/share/spamassassin/20_uri_tests.cf" requires version 3.001009 > of > >> SpamAssassin, but this is code version 3.002003. Maybe you need to > use > >> the -C switch, or remove the old config files? Skipping this file > >> config: configuration file "/usr/share/spamassassin/23_bayes.cf" > >> requires version 3.001009 of SpamAssassin, but this is code version > >> 3.002003. Maybe you need to use the -C switch, or remove the old > >> > > config > > > >> files? Skipping this file at > >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line > >> 372. > >> [21668] info: config: configuration file > >> "/usr/share/spamassassin/23_bayes.cf" requires version 3.001009 of > >> SpamAssassin, but this is code version 3.002003. Maybe you need to > use > >> the -C switch, or remove the old config files? Skipping this file > >> config: 'uridnsbl_timeout' is obsolete, use 'rbl_timeout' instead at > >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/URIDNSBL.pm > >> > > line > > > >> 396. > >> [21668] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA > >> [21668] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E > >> [21668] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E > >> __MO_OL_F3B05 > >> [21668] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 > >> __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF > >> __XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01 > >> [21668] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA > >> [21668] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: > >> HS_SUBJ_NEW_SOFTWARE > >> [21668] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A > >> [21668] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 > >> __MO_OL_CF0C0 > >> [21668] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15 > >> KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6 > >> [21668] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C > >> __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1 > >> __XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8 > >> [21668] dbg: rules: __XM_OL_5E7ED merged duplicates: __XM_OL_D03AB > >> [21668] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 > >> __MO_OL_ADFF7 > >> [21668] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6 > >> [21668] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB > >> __MO_OL_7533E > >> [21668] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40 > >> [21668] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: > __HAS_ANY_URI > >> [21668] dbg: rules: __XM_OL_C7C33 merged duplicates: __XM_OL_C9068 > >> __XM_OL_EF20B > >> [21668] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E > >> [21668] dbg: rules: __MO_OL_5E7ED merged duplicates: __MO_OL_C7C33 > >> [21668] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8 > >> [21668] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01 > >> [21668] dbg: conf: finish parsing > >> [21668] dbg: plugin: > >> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xb8234a0) implements > >> 'finish_parsing_end', priority 0 > >> [21668] dbg: replacetags: replacing tags > >> [21668] dbg: replacetags: done replacing tags > >> [21668] dbg: bayes: no dbs present, cannot tie DB R/O: > >> /root/.spamassassin/bayes_toks > >> [21668] dbg: config: score set 1 chosen. > >> [21668] dbg: message: main message type: text/plain > >> [21668] dbg: message: ---- MIME PARSER START ---- > >> [21668] dbg: message: parsing normal part > >> [21668] dbg: message: ---- MIME PARSER END ---- > >> [21668] dbg: bayes: no dbs present, cannot tie DB R/O: > >> /root/.spamassassin/bayes_toks > >> check: no loaded plugin implements 'check_main': cannot scan! at > >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line > >> 164. > >> > >> I see some errors that tell me SA is looking for an older version? > >> > > And > > > >> this error at the end, I have no idea where to start there. > >> > >> Blaze King > >> Lake County Office of Education > >> > >> > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > >> Martin.Hepworth > >> Sent: Monday, September 24, 2007 1:04 AM > >> To: MailScanner discussion > >> Subject: RE: mailscanner restarts when using spamassassin > >> > >> Blaze > >> > >> What does "MailScanner --debug --debug-sa" give you? > >> > >> -- > >> Martin Hepworth > >> Snr Systems Administrator > >> Solid State Logic > >> Tel: +44 (0)1865 842300 > >> > >> > >>> -----Original Message----- > >>> From: mailscanner-bounces@lists.mailscanner.info > >>> > > [mailto:mailscanner- > > > >>> bounces@lists.mailscanner.info] On Behalf Of Blaze King > >>> Sent: 24 September 2007 04:55 > >>> To: MailScanner discussion > >>> Subject: RE: mailscanner restarts when using spamassassin > >>> > >>> An update: > >>> > >>> > >>> > >>> Sendmail is working fine now. (I had something wrong in the mc > >>> > > file). > > > >>> Now I've re-installed the tarball for ClamAV and SA and Mailscanner, > >>> doesn't seem to make any difference. I also used my old > >>> > >> MailScanner.conf > >> > >>> from my old server (ver. 4.58). Nothing changes the results I was > >>> > >> finding > >> > >>> below. Spam Checks work, but SpamAssassin isn't. Also, forgot to > >>> > >> mention > >> > >>> previously, this is on CentOS 5. > >>> > >>> > >>> > >>> On top of that my MailWatch install has a feature I forgot how to > >>> > >> enable: > >> > >>> Viewing the message body. > >>> > >>> > >>> > >>> Any ideas on what I'm probably doing wrong? > >>> > >>> > >>> > >>> Blaze King > >>> > >>> blazek@lake-coe.k12.ca.us > >>> > >>> > >>> > >>> From: mailscanner-bounces@lists.mailscanner.info > >>> > > [mailto:mailscanner- > > > >>> bounces@lists.mailscanner.info] On Behalf Of Blaze King > >>> Sent: Sunday, September 23, 2007 4:26 PM > >>> To: mailscanner@lists.mailscanner.info > >>> Subject: mailscanner restarts when using spamassassin > >>> > >>> > >>> > >>> Ok here's one that stumping me... > >>> > >>> > >>> > >>> This is a new installation... When I have "Use Spamassassin = yes" > >>> > > in > > > >>> MailScanner.conf, no messages are processed. When I set that to no, > >>> > >> then > >> > >>> everything works ok. spamassassin -D --lint doesn't produce any > >>> > >> errors. > >> > >>> Not sure if it's needed, but here's some background info: > >>> > >>> > >>> > >>> (also, as a note, I noticed while writing all this that sendmail is > >>> > >> giving > >> > >>> me some trouble... users can't send, but system messages and > >>> > > aliases > > > >> still > >> > >>> get sent... I don't know, maybe that's related) > >>> > >>> > >>> > >>> This is while installing onto a new server. Before installing > >>> > >> MailScanner > >> > >>> and because I was using MailWatch, I imported my old database into > >>> > >> mysql > >> > >>> on the new server. > >>> > >>> > >>> > >>> I followed the instructions in Quickinstall.txt: Installed > >>> > >>> > > > http://www.mailscanner.info/files/4/install-Clam-0.91.2-SA-3.2.3.tar.gz, > > > >>> then installed MailScanner version 4.63.8-1 (also tried latest > >>> > > beta), > > > >>> upgraded conf file. After starting MailScanner, I see this in the > >>> maillog: > >>> > >>> > >>> > >>> This is with Spam Checks = Yes and Use Spamassassin = yes > >>> > >>> > >>> > >>> Sep 23 11:22:21 mail MailScanner[28810]: MailScanner E-Mail Virus > >>> > >> Scanner > >> > >>> version 4.64.1 starting... > >>> Sep 23 11:22:21 mail MailScanner[28810]: Read 797 hostnames from the > >>> phishing whitelist > >>> Sep 23 11:22:21 mail MailScanner[28810]: Read 1728 hostnames from > >>> > > the > > > >>> phishing blacklist > >>> Sep 23 11:22:21 mail MailScanner[28810]: Config: calling custom init > >>> function MailWatchLogging > >>> Sep 23 11:22:21 mail MailScanner[28810]: Started SQL Logging child > >>> Sep 23 11:22:21 mail MailScanner[28810]: SpamAssassin temporary > >>> > >> working > >> > >>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > >>> Sep 23 11:22:21 mail MailScanner[28810]: Using SpamAssassin results > >>> > >> cache > >> > >>> Sep 23 11:22:21 mail MailScanner[28810]: Connected to SpamAssassin > >>> > >> cache > >> > >>> database > >>> Sep 23 11:22:26 mail MailScanner[28819]: MailScanner E-Mail Virus > >>> > >> Scanner > >> > >>> version 4.64.1 starting... > >>> Sep 23 11:22:26 mail MailScanner[28819]: Read 797 hostnames from the > >>> phishing whitelist > >>> Sep 23 11:22:26 mail MailScanner[28819]: Read 1728 hostnames from > >>> > > the > > > >>> phishing blacklist > >>> Sep 23 11:22:26 mail MailScanner[28819]: Config: calling custom init > >>> function MailWatchLogging > >>> Sep 23 11:22:26 mail MailScanner[28819]: Started SQL Logging child > >>> Sep 23 11:22:26 mail MailScanner[28819]: SpamAssassin temporary > >>> > >> working > >> > >>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > >>> Sep 23 11:22:26 mail MailScanner[28819]: Using SpamAssassin results > >>> > >> cache > >> > >>> Sep 23 11:22:26 mail MailScanner[28819]: Connected to SpamAssassin > >>> > >> cache > >> > >>> database > >>> Sep 23 11:22:31 mail MailScanner[28822]: MailScanner E-Mail Virus > >>> > >> Scanner > >> > >>> version 4.64.1 starting... > >>> Sep 23 11:22:31 mail MailScanner[28822]: Read 797 hostnames from the > >>> phishing whitelist > >>> Sep 23 11:22:31 mail MailScanner[28822]: Read 1728 hostnames from > >>> > > the > > > >>> phishing blacklist > >>> Sep 23 11:22:31 mail MailScanner[28822]: Config: calling custom init > >>> function MailWatchLogging > >>> Sep 23 11:22:31 mail MailScanner[28822]: Started SQL Logging child > >>> Sep 23 11:22:31 mail MailScanner[28822]: SpamAssassin temporary > >>> > >> working > >> > >>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > >>> Sep 23 11:22:31 mail MailScanner[28822]: Using SpamAssassin results > >>> > >> cache > >> > >>> Sep 23 11:22:31 mail MailScanner[28822]: Connected to SpamAssassin > >>> > >> cache > >> > >>> database > >>> > >>> (repeats over and over, same thing) > >>> > >>> > >>> > >>> Here's Spam Checks = Yes and Use Spamassassin = No > >>> > >>> > >>> > >>> Sep 23 11:24:42 mail MailScanner[29127]: MailScanner E-Mail Virus > >>> > >> Scanner > >> > >>> version 4.64.1 starting... > >>> Sep 23 11:24:42 mail MailScanner[29127]: Read 797 hostnames from the > >>> phishing whitelist > >>> Sep 23 11:24:42 mail MailScanner[29127]: Read 1728 hostnames from > >>> > > the > > > >>> phishing blacklist > >>> Sep 23 11:24:42 mail MailScanner[29127]: Config: calling custom init > >>> function MailWatchLogging > >>> Sep 23 11:24:42 mail MailScanner[29127]: Started SQL Logging child > >>> Sep 23 11:24:42 mail MailScanner[29127]: SpamAssassin temporary > >>> > >> working > >> > >>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > >>> Sep 23 11:24:42 mail MailScanner[29127]: Using locktype = posix > >>> Sep 23 11:24:42 mail MailScanner[29127]: Creating hardcoded > >>> > >> struct_flock > >> > >>> subroutine for linux (Linux-type) > >>> Sep 23 11:25:19 mail MailScanner[29124]: New Batch: Scanning 1 > >>> > >> messages, > >> > >>> 1520 bytes > >>> Sep 23 11:25:20 mail MailScanner[29124]: Spam Checks: Found 1 spam > >>> messages > >>> Sep 23 11:25:20 mail MailScanner[29124]: Virus and Content Scanning: > >>> Starting > >>> Sep 23 11:25:22 mail MailScanner[29124]: Uninfected: Delivered 1 > >>> > >> messages > >> > >>> Sep 23 11:25:22 mail MailScanner[29124]: Logging message > >>> > >> l8NIPI9f029181 to > >> > >>> SQL > >>> Sep 23 11:25:22 mail MailScanner[29091]: l8NIPI9f029181: Logged to > >>> MailWatch SQL > >>> > >>> (seems to work ok without spamassassin) > >>> > >>> > >>> > >>> > >>> > >>> Any ideas? Thanks! > >>> > >>> > >>> > >>> Blaze King > >>> > >>> Lake County Office of Education > >>> > >>> (707) 262-4147 > >>> > >>> > >>> > >> > >> > >> > >> > ********************************************************************** > >> Confidentiality : This e-mail and any attachments are intended for > the > >> addressee only and may be confidential. If they come to you in error > >> you must take no action based on them, nor must you copy or show them > >> to anyone. Please advise the sender by replying to this e-mail > >> immediately and then delete the original from your computer. > >> Opinion : Any opinions expressed in this e-mail are entirely those of > >> the author and unless specifically stated to the contrary, are not > >> necessarily those of the author's employer. > >> Security Warning : Internet e-mail is not necessarily a secure > >> communications medium and can be subject to data corruption. We > advise > >> that you consider this fact when e-mailing us. > >> Viruses : We have taken steps to ensure that this e-mail and any > >> attachments are free from known viruses but in keeping with good > >> computing practice, you should ensure that they are virus free. > >> > >> Red Lion 49 Ltd T/A Solid State Logic > >> Registered as a limited company in England and Wales > >> (Company No:5362730) > >> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > >> United Kingdom > >> > ********************************************************************** > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are intended for the > > > addressee only and may be confidential. If they come to you in error > > you must take no action based on them, nor must you copy or show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data corruption. We advise > > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales > > (Company No:5362730) > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > United Kingdom > > ********************************************************************** > > > > > > Jules > > -- > Julian Field MEng CITP > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > For all your IT requirements visit www.transtec.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From stork at openenterprise.ca Mon Sep 24 20:32:14 2007 From: stork at openenterprise.ca (Johnny Stork) Date: Mon Sep 24 20:32:19 2007 Subject: Second AV Scanner Suggestions In-Reply-To: <46F80F69.1040805@ecs.soton.ac.uk> References: <46F7E5DD.1070607@openenterprise.ca> <46F7FC0F.20703@ecs.soton.ac.uk> <46F8024D.3090008@openenterprise.ca> <46F80F69.1040805@ecs.soton.ac.uk> Message-ID: <46F810BE.6020400@openenterprise.ca> I didnt realize there was no free version of bitdefender, or is there?? After making your changes Julian everythings seems fine and I can see in the bitdefender_updater.log a reference to the required license key. [root@gateway bayes]# cat /var/log/bitdefender_updater.log Mon Sep 24 12:27:42 2007 -----> Starting update... Mon Sep 24 12:27:42 2007 *** You're now protected against -3 viruses ... Mon Sep 24 12:27:42 2007 Starting update using BDC built-in function... Mon Sep 24 12:29:04 2007 BitDefender update completed Mon Sep 24 12:29:04 2007 Following the changes: Mon Sep 24 12:29:06 2007 BitDefender Antivirus Scanner v7.60825 Linux-i686 Mon Sep 24 12:29:06 2007 Copyright (C) 1996-2006 Softwin SRL. All rights reserved. Mon Sep 24 12:29:06 2007 Trial key found. 29 days remaining. Mon Sep 24 12:29:07 2007 Mon Sep 24 12:29:07 2007 Engine signatures: 511954 Mon Sep 24 12:29:07 2007 Scan engines: 15 Mon Sep 24 12:29:07 2007 Archive engines: 39 Mon Sep 24 12:29:07 2007 Unpack engines: 6 Mon Sep 24 12:29:07 2007 Mail engines: 6 Mon Sep 24 12:29:07 2007 System engines: 2 Mon Sep 24 12:29:07 2007 Update time GMT: Thu Oct 26 03:43:45 2006 Mon Sep 24 12:29:07 2007 Version: 7.09642 Mon Sep 24 12:29:07 2007 License expire date: Oct 24 2007 Mon Sep 24 12:29:07 2007 Mon Sep 24 12:29:07 2007 *** You're now protected against -3 viruses ... Mon Sep 24 12:29:07 2007 ------> Update was succesful... Julian Field wrote: > > > Scott Silva wrote: >> Johnny Stork spake the following on 9/24/2007 11:30 AM: >>> Thanks Julian. Below is my lint test and it appears that the >>> bitdefender scanner is not found. I downloaded and installed BD from >>> "BitDefender-scanner-7.5-4.linux-gcc3x.i586.rpm.run" and seems to >>> put the scanner here. >>> >>> [root@gateway MailScanner]# whereis bdscan >>> bdscan: /usr/bin/bdscan /opt/BitDefender-scanner/bin/bdscan >>> >>> >>> So I updated virus.scanners.conf. to show >>> >>> "bitdefender /usr/lib/MailScanner/bitdefender-wrapper >>> /opt/BitDefender-scanner" >>> >>> >>> Mailscanner Lint Test: >>> >>> [root@gateway MailScanner]# MailScanner --lint >>> Checking version numbers... >>> Version number in MailScanner.conf (4.63.8) is correct. >>> >>> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >>> >>> Checking for SpamAssassin errors (if you use it)... >>> SpamAssassin temp dir = >>> /var/spool/MailScanner/incoming/SpamAssassin-Temp >>> SpamAssassin reported no errors. >>> MailScanner.conf says "Virus Scanners = clamd bitdefender" >>> Found these virus scanners installed: clamavmodule >>> =========================================================================== >>> >>> Ignore errors about failing to find EOCD signature >>> format error: can't find EOCD signature >>> at /usr/sbin/MailScanner line 458 >>> cat: /tmp/log.bdc.351: No such file or directory >>> rm: cannot remove `/tmp/log.bdc.351': No such file or directory >>> =========================================================================== >>> >>> >>> If any of your virus scanners (clamavmodule) >>> are not listed there, you should check that they are installed >>> correctly >>> and that MailScanner is finding them correctly via its >>> virus.scanners.conf. >>> >> MailScanner support was written for bitdefender 7.0 and 7.1. I think >> it might need an update for the new version. >> Also, I think the new version is not free except for personal use, >> and needs a license file to run past the demo time. > Please can you send me the download URL and a valid licence file? > (Send the licence off-list!) > > Jules > -- *Johnny Stork* From MailScanner at ecs.soton.ac.uk Mon Sep 24 20:43:34 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 24 20:43:51 2007 Subject: i screwed spamassassin In-Reply-To: <96d27b9d28de674ebe9da735ea4ace82@solidstatelogic.com> References: <96d27b9d28de674ebe9da735ea4ace82@solidstatelogic.com> Message-ID: <46F81366.7020609@ecs.soton.ac.uk> Start by doing rpm -e spamassassin just in case you have an RPM install of it as well. Then download and install my ClamAV+SA package from www.mailscanner.info/downloads.html, you can choose whether it installs ClamAV or not as well, it asks you at run-time. Martin.Hepworth wrote: > Blaze > > I'd start again with the SA install. All the perl stuff could be having issues... > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From mailscanner at slackadelic.com Mon Sep 24 20:44:19 2007 From: mailscanner at slackadelic.com (Matt Hayes) Date: Mon Sep 24 20:44:27 2007 Subject: Second AV Scanner Suggestions In-Reply-To: <46F810BE.6020400@openenterprise.ca> References: <46F7E5DD.1070607@openenterprise.ca> <46F7FC0F.20703@ecs.soton.ac.uk> <46F8024D.3090008@openenterprise.ca> <46F80F69.1040805@ecs.soton.ac.uk> <46F810BE.6020400@openenterprise.ca> Message-ID: <46F81393.4090603@slackadelic.com> Johnny Stork wrote: > I didnt realize there was no free version of bitdefender, or is there?? > This I would like to know as well. I tried to implement bitdefender and got the same results. However, I just gave up. :) Figured if it isn't free.. forget about it... -Matt From Denis.Beauchemin at USherbrooke.ca Mon Sep 24 20:55:10 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Sep 24 20:57:14 2007 Subject: Second AV Scanner Suggestions In-Reply-To: <46F810BE.6020400@openenterprise.ca> References: <46F7E5DD.1070607@openenterprise.ca> <46F7FC0F.20703@ecs.soton.ac.uk> <46F8024D.3090008@openenterprise.ca> <46F80F69.1040805@ecs.soton.ac.uk> <46F810BE.6020400@openenterprise.ca> Message-ID: <46F8161E.40406@USherbrooke.ca> Johnny Stork a ?crit : > Mon Sep 24 12:29:07 2007 *** You're now protected against -3 > viruses ... This new version doesn't seem to catch many viruses... ;-) Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From sconway at wlnet.com Mon Sep 24 21:01:00 2007 From: sconway at wlnet.com (Stephen Conway) Date: Mon Sep 24 21:01:15 2007 Subject: ArchiveMail Exclusions In-Reply-To: <46F439B3.40302@ecs.soton.ac.uk> References: <0ab401c7f642$7c334e00$7499ea00$@com> <46E9A42E.8090206@ecs.soton.ac.uk> <10cf01c7f70c$c7bd2b00$57378100$@com> <46EBE421.1070400@ecs.soton.ac.uk> <18a501c7f93f$ef6d1db0$ce475910$@com> <46EEB161.4040105@ecs.soton.ac.uk> <1bb901c7fa22$e2149420$a63dbc60$@com> <46F02095.6040705@ecs.soton.ac.uk> <0a4a01c7fc73$b52fb630$1f8f2290$@com> <46F439B3.40302@ecs.soton.ac.uk> Message-ID: <139601c7fee5$a2a00370$e7e00a50$@com> Hello Julian: Upon further review of my settings, I found that I was changing the file for 'low scoring spam' only, since the addresses which I was adding to the blacklist would come as high scoring SPAM which the default was only to STORE, then that's why the setting was not working. I have set all SPAM now to look at the spam.actions.rules file and now it works. Thanks, Steve -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Friday, September 21, 2007 5:38 PM To: MailScanner discussion Subject: Re: ArchiveMail Exclusions What version of MailScanner are you running? Have you checked the latest Change Log for any bugfixes to this code that are more recent than the version you are running? Stephen Conway wrote: > Hello: > > I have a small problem, for some reason my spam actions changes are not > being applied. I have killed MailScanner, then restarted it, but still not > catching: > > To: user@domain.com forward spam@domain.com > FromOrTo: default store > > If I change to add the above rule, it is still always storing and no message > goes to spam@domain.com > > Any ideas? > > Steve > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Tuesday, September 18, 2007 3:02 PM > To: MailScanner discussion > Subject: Re: ArchiveMail Exclusions > > You need to implement your ruleset as part of your Custom Function. > Which means you'll need to find out how to add forwardeduser@domain.com > to the list of message recipients. Take a look at the top of Message.pm > and you'll see the message object properties list. There should be one > there called "extrarecipients", which you should be able to add to. > Also, read the function "HandleHamAndSpam" and you'll see how the spam > actions are implemented. You need to copy bits of that functionality > into your Custom Function. > > Hope that's enough to get you started. > > You can use a ruleset from inside a Custom Function, I worked out how to > do that. But doing it the other way around is not so simple. > > Good luck! > Jules. > > > Stephen Conway wrote: > >> Hello: >> >> Ok, I am trying now to do what I need but with Non-Spam-Actions. I have >> > the > >> forwarding working but there is one problem. We already have a custom >> function called "FleetActions" which is our default action for non-SPAM. >> > If > >> I specify this function as the action for Non-Spam in the MailScanner.conf >> as follows: >> >> Non Spam Actions = &FleetActions >> >> Then all works as it should, our custom function in CustomConfig.pm gets >> called. But, if I try to put it instead to a ruleset file as: >> >> Non Spam Actions = /opt/MailScanner/etc/rules/message.nonspam.rules >> >> Which is: >> >> From: *@domain.com and To: someuser@otherdomain.com >> fowardeduser@domain.com >> FromOrTo: default &FleetActions >> >> The messages that should be forwarded are working perfectly, the problem >> > is > >> that our custom function now doesn't get called and an error goes in log >> > as > >> follows: >> >> " Message l8IIKrLi013637 produced illegal Non-Spam Action "&fleetactions", >> so message is being delivered" >> >> So I guess the question is, is there a way inside a ruleset file for Non >> Spam Actions to specify a custom function found in CustomConfig.pm? >> >> Thanks, >> >> Steve >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian >> Field >> Sent: Monday, September 17, 2007 12:55 PM >> To: MailScanner discussion >> Subject: Re: ArchiveMail Exclusions >> >> >> >> Stephen Conway wrote: >> >> >>> Hello Julien: >>> >>> Yes, sorry I think I wasn't clear what I was asking. I know that if you >>> enter as an action here an e-mail address that messages will go to that >>> e-mail. But as I have seen, this sends a 'copy' of the message to the >>> address (meaning that a copy still goes to the original recipient). Is >>> there a way for example, putting a ! in front of the address, where the >>> message is actually forwarded (not copy) to the other address? >>> >>> >>> >> Do that with non-spam actions, spam actions and high-scoring spam actions. >> >> >>> Also, I have another item as well. I have blacklist file, and it seems >>> >>> >> that >> >> >>> if MailScanner sees another 'X-Spam: No' flag in the message, that it >>> > will > >>> not block the message even if on the black list. Any way to bypass this, >>> >>> >> to >> >> >>> make MailScanner scan for Spam even if the message has been scanned by >>> another Relay server before? >>> >>> >>> >> That's not happening. MailScanner doesn't rely on *anything* in the >> headers to control scanning, as everything in the headers can be forged >> by a spammer or virus writer. >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian >>> Field >>> Sent: Saturday, September 15, 2007 9:55 AM >>> To: MailScanner discussion >>> Subject: Re: ArchiveMail Exclusions >>> >>> As it says right at the top of the comment about Archive Mail =, you can >>> include >>> >>> # Space-separated list of any combination of >>> # 1. email addresses to which mail should be forwarded, >>> # 2. directory names where you want mail to be stored, >>> # 3. file names (they must already exist!) to which mail will be appended >>> # in "mbox" format suitable for most Unix mail systems. >>> >>> Stephen Conway wrote: >>> >>> >>> >>>> Hello Julien: >>>> >>>> Thanks very much for that. Seems to work OK. >>>> >>>> One other question, is there a way using ArchiveMail to forward messages >>>> instead of just make an archive? >>>> >>>> Ex: >>>> >>>> To: *@domain.com !somegroupmailbox@otherdomain.com >>>> >>>> Thanks, >>>> >>>> Steve >>>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian >>>> Field >>>> Sent: Thursday, September 13, 2007 4:57 PM >>>> To: MailScanner discussion >>>> Subject: Re: ArchiveMail Exclusions >>>> >>>> Stephen, >>>> >>>> Stephen Conway wrote: >>>> >>>> >>>> >>>> >>>>> Hello: >>>>> >>>>> I have the requirement to archive mail for some senders to a certain >>>>> >>>>> >>>>> >>>>> >>>> address >>>> >>>> >>>> >>>> >>>>> but not if certain senders are matched, I have put the following but it >>>>> still always archives, any way to configure this? >>>>> >>>>> From: *@dontcopydomain.com and To: @domaintobecopied.com >>>>> no >>>>> >>>>> >>>>> >>>>> >>>>> >>>> That will attempt to archive the mail to a directory called "no" which >>>> isn't what you meant. To archive nothing, you just leave it blank, so >>>> this is what you meant: >>>> From: dontcopydomain.com and to: domaintobecopied.com >>>> >>>> >>>> >>>> >>>>> From: *@* and To: @domaintobecopied.com >>>>> usertobecopied@otherdomain.com >>>>> >>>>> >>>>> >>>>> >>>>> >>>> That (the second line) is the same as saying >>>> To: domaintobecopied.com usertobecopied@otherdomain.com >>>> >>>> >>>> >>>> >>>>> This type of logic works well for the Max Message size rules, to have >>>>> >>>>> >>>>> >>> size >>> >>> >>> >>>>> restrictions for certain domains than others, but for this ruleset file >>>>> which is type (AllMatch) as per docs, it doesn't use same logic. >>>>> >>>>> >>>>> >>>>> >>>>> >>>> Correct, as it's an "AllMatch". This means that it will archive to all >>>> of the places and addresses specified by all the matching rules. That >>>> seemed a sensible thing to do at the time, and I still believe is what >>>> most people will want. >>>> >>>> If you want to make it a FirstMatch, edit >>>> /usr/lib/MailScanner/MailScanner/ConfigDefs.pl and move this line: >>>> ArchiveMail >>>> from the [All,Other] section to the [First,Other] section. >>>> Then restart MailScanner, and you will have changed the logic it uses. >>>> Dead easy. >>>> Remember to re-apply the change when you next upgrade MailScanner, as >>>> changes you make to that file will be lost during the upgrade process. >>>> >>>> Jules >>>> >>>> >>>> >>>> >>>> >>> Jules >>> >>> >>> >>> >> Jules >> >> >> > > Jules > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- ShipMail Now 30% Faster From blazek at lake-coe.k12.ca.us Mon Sep 24 21:20:17 2007 From: blazek at lake-coe.k12.ca.us (Blaze King) Date: Mon Sep 24 21:19:46 2007 Subject: i screwed spamassassin In-Reply-To: <46F80FCF.3010307@ecs.soton.ac.uk> References: <08e3e91c8f20c44bac27b8419e76641c@solidstatelogic.com> <46F7FA87.8000006@ecs.soton.ac.uk> <46F80FCF.3010307@ecs.soton.ac.uk> Message-ID: This might be something... even after re-installing SA with the script from the website, I don't have sa-update on my system. Blaze King Lake County Office of Education -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Monday, September 24, 2007 12:28 PM To: MailScanner discussion Subject: Re: i screwed spamassassin Once you've done an sa-update, it won't be using the files in /usr/share/spamassassin anyway, it will be using the stuff under /var/lib/spamassassin instead. Do a "sa-update -D" first time, to make sure it is working. You might need to download and install a GPG key for it, it tells you what to type. Blaze King wrote: > Changed the subject per Julian's comment. > > So that was it. I must have copied something wrong... > > Well now I notice I don't have a 50_scores.cf in > /usr/share/spamassassin. So spamassassin is working, but obviously is > missing the majority of its scoring. I copied 50_scores.cf from my old > config to the new spot, but spamassassin isn't looking for it. > > Blaze King > Director of Technology > Lake County Office of Education > (707) 262-4147 > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Monday, September 24, 2007 10:57 AM > To: MailScanner discussion > Subject: Re: mailscanner restarts when using spamassassin > > > > Blaze King wrote: > >> Yum must have automatically updated SA from the initial install... Ok >> > I > >> removed that, re-installed Julian's script for Clam and SA, and now >> > when > >> I debug this is what I see: >> >> check: no loaded plugin implements 'check_main': cannot scan! at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line >> 164. >> >> > You have screwed your /etc/mail/spamassassin/*.pre files. The following > lines must appear in v320.pre, as well as a whole load of other > loadplugin lines: > > # Check - Provides main check functionality > # > loadplugin Mail::SpamAssassin::Plugin::Check > > Otherwise SpamAssassin won't actually do anything! > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> Martin.Hepworth >> Sent: Monday, September 24, 2007 8:55 AM >> To: MailScanner discussion >> Subject: RE: mailscanner restarts when using spamassassin >> >> Blaze >> >> Looks like you got 2 different spamassassins installed and MailScanner >> is looking for an 'old' one. >> >> I'd say you 'upgraded' SA using a different method to how you >> > originally > >> installed it.. >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Blaze King >>> Sent: 24 September 2007 16:37 >>> To: MailScanner discussion >>> Subject: RE: mailscanner restarts when using spamassassin >>> >>> Here's what the debug gives me: >>> >>> [root@mail ~]# MailScanner --debug --debug-sa >>> In Debugging mode, not forking... >>> SpamAssassin temp dir = >>> /var/spool/MailScanner/incoming/SpamAssassin-Temp >>> [21668] dbg: logger: adding facilities: all >>> [21668] dbg: logger: logging level is DBG >>> [21668] dbg: generic: SpamAssassin version 3.2.3 >>> [21668] dbg: config: score set 0 chosen. >>> [21668] dbg: util: running in taint mode? no >>> [21668] dbg: dns: is Net::DNS::Resolver available? yes >>> [21668] dbg: dns: Net::DNS version: 0.60 >>> [21668] dbg: ignore: test message to precompile patterns and load >>> modules >>> [21668] dbg: config: using "/etc/mail/spamassassin" for site rules >>> > pre > >>> files >>> [21668] dbg: config: read file /etc/mail/spamassassin/init.pre >>> [21668] dbg: config: read file /etc/mail/spamassassin/v310.pre >>> [21668] dbg: config: read file /etc/mail/spamassassin/v312.pre >>> [21668] dbg: config: using "/usr/share/spamassassin" for sys rules >>> > pre > >>> files >>> [21668] dbg: config: using "/usr/share/spamassassin" for default >>> > rules > >>> dir >>> [21668] dbg: config: read file >>> /usr/share/spamassassin/10_default_prefs.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/10_misc.cf >>> [21668] dbg: config: read file >>> >>> >> /usr/share/spamassassin/20_advance_fee.cf >> >> >>> [21668] dbg: config: read file >>> /usr/share/spamassassin/20_anti_ratware.cf >>> [21668] dbg: config: read file >>> >>> >> /usr/share/spamassassin/20_body_tests.cf >> >> >>> [21668] dbg: config: read file >>> >>> >> /usr/share/spamassassin/20_compensate.cf >> >> >>> [21668] dbg: config: read file >>> >>> >> /usr/share/spamassassin/20_dnsbl_tests.cf >> >> >>> [21668] dbg: config: read file /usr/share/spamassassin/20_drugs.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/20_dynrdns.cf >>> [21668] dbg: config: read file >>> /usr/share/spamassassin/20_fake_helo_tests.cf >>> [21668] dbg: config: read file >>> >>> >> /usr/share/spamassassin/20_head_tests.cf >> >> >>> [21668] dbg: config: read file >>> >>> >> /usr/share/spamassassin/20_html_tests.cf >> >> >>> [21668] dbg: config: read file >>> > /usr/share/spamassassin/20_imageinfo.cf > >>> [21668] dbg: config: read file >>> >>> >> /usr/share/spamassassin/20_meta_tests.cf >> >> >>> [21668] dbg: config: read file >>> > /usr/share/spamassassin/20_net_tests.cf > >>> [21668] dbg: config: read file /usr/share/spamassassin/20_phrases.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/20_porn.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/20_ratware.cf >>> [21668] dbg: config: read file >>> > /usr/share/spamassassin/20_uri_tests.cf > >>> [21668] dbg: config: read file /usr/share/spamassassin/20_vbounce.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/23_bayes.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf >>> [21668] dbg: config: read file >>> > /usr/share/spamassassin/25_antivirus.cf > >>> [21668] dbg: config: read file /usr/share/spamassassin/25_asn.cf >>> [21668] dbg: config: read file >>> /usr/share/spamassassin/25_body_tests_es.cf >>> [21668] dbg: config: read file >>> /usr/share/spamassassin/25_body_tests_pl.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/25_dcc.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/25_dkim.cf >>> [21668] dbg: config: read file >>> >>> >> /usr/share/spamassassin/25_domainkeys.cf >> >> >>> [21668] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/25_razor2.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/25_replace.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/25_spf.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/25_textcat.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/25_uribl.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/30_text_de.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/30_text_it.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf >>> [21668] dbg: config: read file >>> >>> >> /usr/share/spamassassin/30_text_pt_br.cf >> >> >>> [21668] dbg: config: read file /usr/share/spamassassin/50_scores.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/60_awl.cf >>> [21668] dbg: config: read file >>> /usr/share/spamassassin/60_shortcircuit.cf >>> [21668] dbg: config: read file >>> > /usr/share/spamassassin/60_whitelist.cf > >>> [21668] dbg: config: read file >>> /usr/share/spamassassin/60_whitelist_dk.cf >>> [21668] dbg: config: read file >>> /usr/share/spamassassin/60_whitelist_dkim.cf >>> [21668] dbg: config: read file >>> /usr/share/spamassassin/60_whitelist_spf.cf >>> [21668] dbg: config: read file >>> /usr/share/spamassassin/60_whitelist_subject.cf >>> [21668] dbg: config: read file /usr/share/spamassassin/72_active.cf >>> [21668] dbg: config: using "/etc/mail/spamassassin" for site rules >>> > dir > >>> [21668] dbg: config: read file /etc/mail/spamassassin/local.cf >>> [21668] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL >>> > from > >>> @INC >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash >>> > from > >>> @INC >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from >>> > @INC > >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry >>> from @INC >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from >>> @INC >>> [21668] dbg: razor2: razor2 is available, version 2.84 >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from >>> > @INC > >>> [21668] dbg: dcc: network tests on, registering DCC >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from >>> >>> >> @INC >> >> >>> [21668] dbg: pyzor: network tests on, attempting Pyzor >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from >>> @INC >>> [21668] dbg: razor2: razor2 is available, version 2.84 >>> [21668] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::Razor2=HASH(0xb3cdb30), already >>> > registered > >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from >>> @INC >>> [21668] dbg: reporter: network tests on, attempting SpamCop >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from >>> > @INC > >>> [21668] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >>> [21668] dbg: plugin: loading >>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader >>> >>> >> from >> >> >>> @INC >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags >>> from @INC >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry >>> from @INC >>> [21668] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xb823524), already >>> registered >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from >>> > @INC > >>> [21668] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::SPF=HASH(0xb7d3ed8), already registered >>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL >>> > from > >>> @INC >>> [21668] dbg: plugin: did not register >>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xb30a6a8), already >>> >>> >> registered >> >> >>> config: configuration file >>> > "/usr/share/spamassassin/20_advance_fee.cf" > >>> requires version 3.001009 of SpamAssassin, but this is code version >>> 3.002003. Maybe you need to use the -C switch, or remove the old >>> >>> >> config >> >> >>> files? Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/20_advance_fee.cf" requires version 3.001009 >>> >>> >> of >> >> >>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>> > use > >>> the -C switch, or remove the old config files? Skipping this file >>> config: configuration file "/usr/share/spamassassin/20_body_tests.cf" >>> requires version 3.001009 of SpamAssassin, but this is code version >>> 3.002003. Maybe you need to use the -C switch, or remove the old >>> >>> >> config >> >> >>> files? Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/20_body_tests.cf" requires version 3.001009 >>> >>> >> of >> >> >>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>> > use > >>> the -C switch, or remove the old config files? Skipping this file >>> config: configuration file "/usr/share/spamassassin/20_compensate.cf" >>> requires version 3.001009 of SpamAssassin, but this is code version >>> 3.002003. Maybe you need to use the -C switch, or remove the old >>> >>> >> config >> >> >>> files? Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/20_compensate.cf" requires version 3.001009 >>> >>> >> of >> >> >>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>> > use > >>> the -C switch, or remove the old config files? Skipping this file >>> config: configuration file >>> > "/usr/share/spamassassin/20_dnsbl_tests.cf" > >>> requires version 3.001009 of SpamAssassin, but this is code version >>> 3.002003. Maybe you need to use the -C switch, or remove the old >>> >>> >> config >> >> >>> files? Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/20_dnsbl_tests.cf" requires version 3.001009 >>> >>> >> of >> >> >>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>> > use > >>> the -C switch, or remove the old config files? Skipping this file >>> config: configuration file "/usr/share/spamassassin/20_drugs.cf" >>> requires version 3.001009 of SpamAssassin, but this is code version >>> 3.002003. Maybe you need to use the -C switch, or remove the old >>> >>> >> config >> >> >>> files? Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/20_drugs.cf" requires version 3.001009 of >>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>> > use > >>> the -C switch, or remove the old config files? Skipping this file >>> config: configuration file >>> "/usr/share/spamassassin/20_fake_helo_tests.cf" requires version >>> 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe >>> > you > >>> need to use the -C switch, or remove the old config files? Skipping >>> >>> >> this >> >> >>> file at >>> >>> >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm >> >> >>> line 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/20_fake_helo_tests.cf" requires version >>> 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe >>> > you > >>> need to use the -C switch, or remove the old config files? Skipping >>> >>> >> this >> >> >>> file >>> config: configuration file "/usr/share/spamassassin/20_head_tests.cf" >>> requires version 3.001009 of SpamAssassin, but this is code version >>> 3.002003. Maybe you need to use the -C switch, or remove the old >>> >>> >> config >> >> >>> files? Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/20_head_tests.cf" requires version 3.001009 >>> >>> >> of >> >> >>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>> > use > >>> the -C switch, or remove the old config files? Skipping this file >>> config: configuration file "/usr/share/spamassassin/20_html_tests.cf" >>> requires version 3.001009 of SpamAssassin, but this is code version >>> 3.002003. Maybe you need to use the -C switch, or remove the old >>> >>> >> config >> >> >>> files? Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/20_html_tests.cf" requires version 3.001009 >>> >>> >> of >> >> >>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>> > use > >>> the -C switch, or remove the old config files? Skipping this file >>> config: configuration file "/usr/share/spamassassin/20_meta_tests.cf" >>> requires version 3.001009 of SpamAssassin, but this is code version >>> 3.002003. Maybe you need to use the -C switch, or remove the old >>> >>> >> config >> >> >>> files? Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/20_meta_tests.cf" requires version 3.001009 >>> >>> >> of >> >> >>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>> > use > >>> the -C switch, or remove the old config files? Skipping this file >>> config: configuration file "/usr/share/spamassassin/20_net_tests.cf" >>> requires version 3.001009 of SpamAssassin, but this is code version >>> 3.002003. Maybe you need to use the -C switch, or remove the old >>> >>> >> config >> >> >>> files? Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/20_net_tests.cf" requires version 3.001009 >>> > of > >>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>> > use > >>> the -C switch, or remove the old config files? Skipping this file >>> config: configuration file "/usr/share/spamassassin/20_phrases.cf" >>> requires version 3.001009 of SpamAssassin, but this is code version >>> 3.002003. Maybe you need to use the -C switch, or remove the old >>> >>> >> config >> >> >>> files? Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/20_phrases.cf" requires version 3.001009 of >>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>> > use > >>> the -C switch, or remove the old config files? Skipping this file >>> config: configuration file "/usr/share/spamassassin/20_porn.cf" >>> >>> >> requires >> >> >>> version 3.001009 of SpamAssassin, but this is code version 3.002003. >>> Maybe you need to use the -C switch, or remove the old config files? >>> Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/20_porn.cf" requires version 3.001009 of >>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>> > use > >>> the -C switch, or remove the old config files? Skipping this file >>> config: configuration file "/usr/share/spamassassin/20_uri_tests.cf" >>> requires version 3.001009 of SpamAssassin, but this is code version >>> 3.002003. Maybe you need to use the -C switch, or remove the old >>> >>> >> config >> >> >>> files? Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/20_uri_tests.cf" requires version 3.001009 >>> > of > >>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>> > use > >>> the -C switch, or remove the old config files? Skipping this file >>> config: configuration file "/usr/share/spamassassin/23_bayes.cf" >>> requires version 3.001009 of SpamAssassin, but this is code version >>> 3.002003. Maybe you need to use the -C switch, or remove the old >>> >>> >> config >> >> >>> files? Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> [21668] info: config: configuration file >>> "/usr/share/spamassassin/23_bayes.cf" requires version 3.001009 of >>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>> > use > >>> the -C switch, or remove the old config files? Skipping this file >>> config: 'uridnsbl_timeout' is obsolete, use 'rbl_timeout' instead at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/URIDNSBL.pm >>> >>> >> line >> >> >>> 396. >>> [21668] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA >>> [21668] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E >>> [21668] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E >>> __MO_OL_F3B05 >>> [21668] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 >>> __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF >>> __XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01 >>> [21668] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA >>> [21668] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: >>> HS_SUBJ_NEW_SOFTWARE >>> [21668] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A >>> [21668] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 >>> __MO_OL_CF0C0 >>> [21668] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15 >>> KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6 >>> [21668] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C >>> __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1 >>> __XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8 >>> [21668] dbg: rules: __XM_OL_5E7ED merged duplicates: __XM_OL_D03AB >>> [21668] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 >>> __MO_OL_ADFF7 >>> [21668] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6 >>> [21668] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB >>> __MO_OL_7533E >>> [21668] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40 >>> [21668] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: >>> > __HAS_ANY_URI > >>> [21668] dbg: rules: __XM_OL_C7C33 merged duplicates: __XM_OL_C9068 >>> __XM_OL_EF20B >>> [21668] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E >>> [21668] dbg: rules: __MO_OL_5E7ED merged duplicates: __MO_OL_C7C33 >>> [21668] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8 >>> [21668] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01 >>> [21668] dbg: conf: finish parsing >>> [21668] dbg: plugin: >>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xb8234a0) implements >>> 'finish_parsing_end', priority 0 >>> [21668] dbg: replacetags: replacing tags >>> [21668] dbg: replacetags: done replacing tags >>> [21668] dbg: bayes: no dbs present, cannot tie DB R/O: >>> /root/.spamassassin/bayes_toks >>> [21668] dbg: config: score set 1 chosen. >>> [21668] dbg: message: main message type: text/plain >>> [21668] dbg: message: ---- MIME PARSER START ---- >>> [21668] dbg: message: parsing normal part >>> [21668] dbg: message: ---- MIME PARSER END ---- >>> [21668] dbg: bayes: no dbs present, cannot tie DB R/O: >>> /root/.spamassassin/bayes_toks >>> check: no loaded plugin implements 'check_main': cannot scan! at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line >>> 164. >>> >>> I see some errors that tell me SA is looking for an older version? >>> >>> >> And >> >> >>> this error at the end, I have no idea where to start there. >>> >>> Blaze King >>> Lake County Office of Education >>> >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>> Martin.Hepworth >>> Sent: Monday, September 24, 2007 1:04 AM >>> To: MailScanner discussion >>> Subject: RE: mailscanner restarts when using spamassassin >>> >>> Blaze >>> >>> What does "MailScanner --debug --debug-sa" give you? >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> >>>> >> [mailto:mailscanner- >> >> >>>> bounces@lists.mailscanner.info] On Behalf Of Blaze King >>>> Sent: 24 September 2007 04:55 >>>> To: MailScanner discussion >>>> Subject: RE: mailscanner restarts when using spamassassin >>>> >>>> An update: >>>> >>>> >>>> >>>> Sendmail is working fine now. (I had something wrong in the mc >>>> >>>> >> file). >> >> >>>> Now I've re-installed the tarball for ClamAV and SA and Mailscanner, >>>> doesn't seem to make any difference. I also used my old >>>> >>>> >>> MailScanner.conf >>> >>> >>>> from my old server (ver. 4.58). Nothing changes the results I was >>>> >>>> >>> finding >>> >>> >>>> below. Spam Checks work, but SpamAssassin isn't. Also, forgot to >>>> >>>> >>> mention >>> >>> >>>> previously, this is on CentOS 5. >>>> >>>> >>>> >>>> On top of that my MailWatch install has a feature I forgot how to >>>> >>>> >>> enable: >>> >>> >>>> Viewing the message body. >>>> >>>> >>>> >>>> Any ideas on what I'm probably doing wrong? >>>> >>>> >>>> >>>> Blaze King >>>> >>>> blazek@lake-coe.k12.ca.us >>>> >>>> >>>> >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> >>>> >> [mailto:mailscanner- >> >> >>>> bounces@lists.mailscanner.info] On Behalf Of Blaze King >>>> Sent: Sunday, September 23, 2007 4:26 PM >>>> To: mailscanner@lists.mailscanner.info >>>> Subject: mailscanner restarts when using spamassassin >>>> >>>> >>>> >>>> Ok here's one that stumping me... >>>> >>>> >>>> >>>> This is a new installation... When I have "Use Spamassassin = yes" >>>> >>>> >> in >> >> >>>> MailScanner.conf, no messages are processed. When I set that to no, >>>> >>>> >>> then >>> >>> >>>> everything works ok. spamassassin -D --lint doesn't produce any >>>> >>>> >>> errors. >>> >>> >>>> Not sure if it's needed, but here's some background info: >>>> >>>> >>>> >>>> (also, as a note, I noticed while writing all this that sendmail is >>>> >>>> >>> giving >>> >>> >>>> me some trouble... users can't send, but system messages and >>>> >>>> >> aliases >> >> >>> still >>> >>> >>>> get sent... I don't know, maybe that's related) >>>> >>>> >>>> >>>> This is while installing onto a new server. Before installing >>>> >>>> >>> MailScanner >>> >>> >>>> and because I was using MailWatch, I imported my old database into >>>> >>>> >>> mysql >>> >>> >>>> on the new server. >>>> >>>> >>>> >>>> I followed the instructions in Quickinstall.txt: Installed >>>> >>>> >>>> > http://www.mailscanner.info/files/4/install-Clam-0.91.2-SA-3.2.3.tar.gz, > >> >> >>>> then installed MailScanner version 4.63.8-1 (also tried latest >>>> >>>> >> beta), >> >> >>>> upgraded conf file. After starting MailScanner, I see this in the >>>> maillog: >>>> >>>> >>>> >>>> This is with Spam Checks = Yes and Use Spamassassin = yes >>>> >>>> >>>> >>>> Sep 23 11:22:21 mail MailScanner[28810]: MailScanner E-Mail Virus >>>> >>>> >>> Scanner >>> >>> >>>> version 4.64.1 starting... >>>> Sep 23 11:22:21 mail MailScanner[28810]: Read 797 hostnames from the >>>> phishing whitelist >>>> Sep 23 11:22:21 mail MailScanner[28810]: Read 1728 hostnames from >>>> >>>> >> the >> >> >>>> phishing blacklist >>>> Sep 23 11:22:21 mail MailScanner[28810]: Config: calling custom init >>>> function MailWatchLogging >>>> Sep 23 11:22:21 mail MailScanner[28810]: Started SQL Logging child >>>> Sep 23 11:22:21 mail MailScanner[28810]: SpamAssassin temporary >>>> >>>> >>> working >>> >>> >>>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>> Sep 23 11:22:21 mail MailScanner[28810]: Using SpamAssassin results >>>> >>>> >>> cache >>> >>> >>>> Sep 23 11:22:21 mail MailScanner[28810]: Connected to SpamAssassin >>>> >>>> >>> cache >>> >>> >>>> database >>>> Sep 23 11:22:26 mail MailScanner[28819]: MailScanner E-Mail Virus >>>> >>>> >>> Scanner >>> >>> >>>> version 4.64.1 starting... >>>> Sep 23 11:22:26 mail MailScanner[28819]: Read 797 hostnames from the >>>> phishing whitelist >>>> Sep 23 11:22:26 mail MailScanner[28819]: Read 1728 hostnames from >>>> >>>> >> the >> >> >>>> phishing blacklist >>>> Sep 23 11:22:26 mail MailScanner[28819]: Config: calling custom init >>>> function MailWatchLogging >>>> Sep 23 11:22:26 mail MailScanner[28819]: Started SQL Logging child >>>> Sep 23 11:22:26 mail MailScanner[28819]: SpamAssassin temporary >>>> >>>> >>> working >>> >>> >>>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>> Sep 23 11:22:26 mail MailScanner[28819]: Using SpamAssassin results >>>> >>>> >>> cache >>> >>> >>>> Sep 23 11:22:26 mail MailScanner[28819]: Connected to SpamAssassin >>>> >>>> >>> cache >>> >>> >>>> database >>>> Sep 23 11:22:31 mail MailScanner[28822]: MailScanner E-Mail Virus >>>> >>>> >>> Scanner >>> >>> >>>> version 4.64.1 starting... >>>> Sep 23 11:22:31 mail MailScanner[28822]: Read 797 hostnames from the >>>> phishing whitelist >>>> Sep 23 11:22:31 mail MailScanner[28822]: Read 1728 hostnames from >>>> >>>> >> the >> >> >>>> phishing blacklist >>>> Sep 23 11:22:31 mail MailScanner[28822]: Config: calling custom init >>>> function MailWatchLogging >>>> Sep 23 11:22:31 mail MailScanner[28822]: Started SQL Logging child >>>> Sep 23 11:22:31 mail MailScanner[28822]: SpamAssassin temporary >>>> >>>> >>> working >>> >>> >>>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>> Sep 23 11:22:31 mail MailScanner[28822]: Using SpamAssassin results >>>> >>>> >>> cache >>> >>> >>>> Sep 23 11:22:31 mail MailScanner[28822]: Connected to SpamAssassin >>>> >>>> >>> cache >>> >>> >>>> database >>>> >>>> (repeats over and over, same thing) >>>> >>>> >>>> >>>> Here's Spam Checks = Yes and Use Spamassassin = No >>>> >>>> >>>> >>>> Sep 23 11:24:42 mail MailScanner[29127]: MailScanner E-Mail Virus >>>> >>>> >>> Scanner >>> >>> >>>> version 4.64.1 starting... >>>> Sep 23 11:24:42 mail MailScanner[29127]: Read 797 hostnames from the >>>> phishing whitelist >>>> Sep 23 11:24:42 mail MailScanner[29127]: Read 1728 hostnames from >>>> >>>> >> the >> >> >>>> phishing blacklist >>>> Sep 23 11:24:42 mail MailScanner[29127]: Config: calling custom init >>>> function MailWatchLogging >>>> Sep 23 11:24:42 mail MailScanner[29127]: Started SQL Logging child >>>> Sep 23 11:24:42 mail MailScanner[29127]: SpamAssassin temporary >>>> >>>> >>> working >>> >>> >>>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>> Sep 23 11:24:42 mail MailScanner[29127]: Using locktype = posix >>>> Sep 23 11:24:42 mail MailScanner[29127]: Creating hardcoded >>>> >>>> >>> struct_flock >>> >>> >>>> subroutine for linux (Linux-type) >>>> Sep 23 11:25:19 mail MailScanner[29124]: New Batch: Scanning 1 >>>> >>>> >>> messages, >>> >>> >>>> 1520 bytes >>>> Sep 23 11:25:20 mail MailScanner[29124]: Spam Checks: Found 1 spam >>>> messages >>>> Sep 23 11:25:20 mail MailScanner[29124]: Virus and Content Scanning: >>>> Starting >>>> Sep 23 11:25:22 mail MailScanner[29124]: Uninfected: Delivered 1 >>>> >>>> >>> messages >>> >>> >>>> Sep 23 11:25:22 mail MailScanner[29124]: Logging message >>>> >>>> >>> l8NIPI9f029181 to >>> >>> >>>> SQL >>>> Sep 23 11:25:22 mail MailScanner[29091]: l8NIPI9f029181: Logged to >>>> MailWatch SQL >>>> >>>> (seems to work ok without spamassassin) >>>> >>>> >>>> >>>> >>>> >>>> Any ideas? Thanks! >>>> >>>> >>>> >>>> Blaze King >>>> >>>> Lake County Office of Education >>>> >>>> (707) 262-4147 >>>> >>>> >>>> >>>> >>> >>> >>> > ********************************************************************** > >>> Confidentiality : This e-mail and any attachments are intended for >>> > the > >>> addressee only and may be confidential. If they come to you in error >>> you must take no action based on them, nor must you copy or show them >>> to anyone. Please advise the sender by replying to this e-mail >>> immediately and then delete the original from your computer. >>> Opinion : Any opinions expressed in this e-mail are entirely those of >>> the author and unless specifically stated to the contrary, are not >>> necessarily those of the author's employer. >>> Security Warning : Internet e-mail is not necessarily a secure >>> communications medium and can be subject to data corruption. We >>> > advise > >>> that you consider this fact when e-mailing us. >>> Viruses : We have taken steps to ensure that this e-mail and any >>> attachments are free from known viruses but in keeping with good >>> computing practice, you should ensure that they are virus free. >>> >>> Red Lion 49 Ltd T/A Solid State Logic >>> Registered as a limited company in England and Wales >>> (Company No:5362730) >>> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >>> United Kingdom >>> >>> > ********************************************************************** > >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> >> ********************************************************************** >> Confidentiality : This e-mail and any attachments are intended for the >> > > >> addressee only and may be confidential. If they come to you in error >> you must take no action based on them, nor must you copy or show them >> to anyone. Please advise the sender by replying to this e-mail >> immediately and then delete the original from your computer. >> Opinion : Any opinions expressed in this e-mail are entirely those of >> the author and unless specifically stated to the contrary, are not >> necessarily those of the author's employer. >> Security Warning : Internet e-mail is not necessarily a secure >> communications medium and can be subject to data corruption. We advise >> > > >> that you consider this fact when e-mailing us. >> Viruses : We have taken steps to ensure that this e-mail and any >> attachments are free from known viruses but in keeping with good >> computing practice, you should ensure that they are virus free. >> >> Red Lion 49 Ltd T/A Solid State Logic >> Registered as a limited company in England and Wales >> (Company No:5362730) >> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >> United Kingdom >> ********************************************************************** >> >> >> > > Jules > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Mon Sep 24 21:11:15 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Sep 24 21:30:31 2007 Subject: Second AV Scanner Suggestions In-Reply-To: <46F80E17.6050803@ecs.soton.ac.uk> References: <46F7E5DD.1070607@openenterprise.ca> <46F7FC0F.20703@ecs.soton.ac.uk> <46F8024D.3090008@openenterprise.ca> <46F80E17.6050803@ecs.soton.ac.uk> Message-ID: Julian Field spake the following on 9/24/2007 12:20 PM: > In which case, please try this: > 1) In /etc/MailScanner/virus.scanners.conf, set this > bitdefender /usr/lib/MailScanner/bitdefender-wrapper > /opt/BitDefender-scanner/bin > 2) In /usr/lib/MailScanner/bitdefender-wrapper, change this line (around > line 33) > prog=bdc > to this > prog=bdscan > > Please give this a go and let me know if it works. > > Also, please try this for the bitdefender-autoupdate: > 1) Change this line (around line 132) > my $bitDefBinary = "bdc"; > to this > my $bitDefBinary = "bdscan"; > 2) Run update_virus_scanners > > Check the contents of /var/log/bitdefender_updater.log to see if it > worked or not. > > If someone can send me a fully-licensed version of BitDefender I'll try > to get all this stuff working for you. Does the widely-used free version > require these changes as well as the new one? Will I break everyone's > bitdefender-based systems if I change this? > > Otherwise I'll try to make it work with the old setup and the new one at > the same time. > > Jules. > > Johnny Stork wrote: >> Thanks Julian. Below is my lint test and it appears that the >> bitdefender scanner is not found. I downloaded and installed BD from >> "BitDefender-scanner-7.5-4.linux-gcc3x.i586.rpm.run" and seems to put >> the scanner here. >> >> [root@gateway MailScanner]# whereis bdscan >> bdscan: /usr/bin/bdscan /opt/BitDefender-scanner/bin/bdscan >> >> >> So I updated virus.scanners.conf. to show >> >> "bitdefender /usr/lib/MailScanner/bitdefender-wrapper >> /opt/BitDefender-scanner" >> >> >> Mailscanner Lint Test: >> >> [root@gateway MailScanner]# MailScanner --lint >> Checking version numbers... >> Version number in MailScanner.conf (4.63.8) is correct. >> >> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >> >> Checking for SpamAssassin errors (if you use it)... >> SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp >> SpamAssassin reported no errors. >> MailScanner.conf says "Virus Scanners = clamd bitdefender" >> Found these virus scanners installed: clamavmodule >> =========================================================================== >> >> Ignore errors about failing to find EOCD signature >> format error: can't find EOCD signature >> at /usr/sbin/MailScanner line 458 >> cat: /tmp/log.bdc.351: No such file or directory >> rm: cannot remove `/tmp/log.bdc.351': No such file or directory >> =========================================================================== >> >> >> If any of your virus scanners (clamavmodule) >> are not listed there, you should check that they are installed correctly >> and that MailScanner is finding them correctly via its >> virus.scanners.conf. >> >> >> >> Julian Field wrote: >>> My personal preferences are for f-prot and sophos, as I always run 3 >>> to be on the safe side. But they do cost money. But there again, the >>> total solution is still much, much cheaper than paying someone like >>> MessageLabs or Ironport for their solutions to the problem. >>> >>> Once you have installed other scanners, be sure to >>> MailScanner --lint >>> to be sure your scanners are all being called successfully. You >>> should get a report from each of your installed scanners. >>> >>> My supplied virus.scanners.conf file is set ready for each of the >>> virus scanners if you install them to their default location, as >>> dictated by their own installers. If you install them elsewhere, you >>> will need to tweak your /etc/MailScanner/virus.scanners.conf. The >>> output of "MailScanner --lint" will clearly show you if you have the >>> settings correct. >>> >>> You should *not* edit the -wrapper or -autoupdate scripts, the only >>> changes needed are in virus.scanners.conf. >>> >>> Jules. >>> >>> Johnny Stork wrote: >>>> I just went through a clean re-install of MS/SA etc and thought I >>>> might like to add a second scanner beyond clamav. What would most >>>> people suggest for a second av engine, maybe amavisd?. Are there any >>>> tips/howtos on setting up some of these other engines? >>>> >>>> >>>> -- >>>> *Johnny Stork* >>>> Business & Technology Consultant >>>> stork@openenterprise.ca >>>> >>> >>> Jules >>> >> > > Jules > I am not sure of the implications of passing on the old free version to those who asked. Any comments? It was originally freeware, but not open sourced. Would it be any different than places like softpedia? I wouldn't want to be liable for any possible lawsuits for distributing something that was free, but is now removed by the original manufacturer. But I found the original "rpm" version on a google. http://files.filefront.com/BitDefender+Linux+Edition+v713+RPM/;5012841;/fileinfo.html and the generic .run file http://gentoo.osuosl.org/distfiles/BitDefender-Console-Antivirus-7.1-3.linux-gcc3x.i386.run Google is your friend!! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Mon Sep 24 21:19:30 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Sep 24 21:38:36 2007 Subject: Second AV Scanner Suggestions In-Reply-To: <46F8161E.40406@USherbrooke.ca> References: <46F7E5DD.1070607@openenterprise.ca> <46F7FC0F.20703@ecs.soton.ac.uk> <46F8024D.3090008@openenterprise.ca> <46F80F69.1040805@ecs.soton.ac.uk> <46F810BE.6020400@openenterprise.ca> <46F8161E.40406@USherbrooke.ca> Message-ID: Denis Beauchemin spake the following on 9/24/2007 12:55 PM: > Johnny Stork a ?crit : >> Mon Sep 24 12:29:07 2007 *** You're now protected against -3 >> viruses ... > This new version doesn't seem to catch many viruses... ;-) > > Denis > It looks as if it finds less than zero. I guess that is 3 false positives. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Mon Sep 24 22:44:20 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Sep 24 22:46:02 2007 Subject: i screwed spamassassin In-Reply-To: References: <08e3e91c8f20c44bac27b8419e76641c@solidstatelogic.com> <46F7FA87.8000006@ecs.soton.ac.uk> <46F80FCF.3010307@ecs.soton.ac.uk> Message-ID: <46F82FB4.9000406@ecs.soton.ac.uk> Check it's not just your $PATH being out of date. sa-update should be in /usr/bin. It's a Perl script. Blaze King wrote: > This might be something... even after re-installing SA with the script > from the website, I don't have sa-update on my system. > > Blaze King > Lake County Office of Education > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Monday, September 24, 2007 12:28 PM > To: MailScanner discussion > Subject: Re: i screwed spamassassin > > Once you've done an sa-update, it won't be using the files in > /usr/share/spamassassin anyway, it will be using the stuff under > /var/lib/spamassassin instead. Do a "sa-update -D" first time, to make > sure it is working. You might need to download and install a GPG key for > > it, it tells you what to type. > > Blaze King wrote: > >> Changed the subject per Julian's comment. >> >> So that was it. I must have copied something wrong... >> >> Well now I notice I don't have a 50_scores.cf in >> /usr/share/spamassassin. So spamassassin is working, but obviously is >> missing the majority of its scoring. I copied 50_scores.cf from my >> > old > >> config to the new spot, but spamassassin isn't looking for it. >> >> Blaze King >> Director of Technology >> Lake County Office of Education >> (707) 262-4147 >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> > Julian > >> Field >> Sent: Monday, September 24, 2007 10:57 AM >> To: MailScanner discussion >> Subject: Re: mailscanner restarts when using spamassassin >> >> >> >> Blaze King wrote: >> >> >>> Yum must have automatically updated SA from the initial install... >>> > Ok > >>> >>> >> I >> >> >>> removed that, re-installed Julian's script for Clam and SA, and now >>> >>> >> when >> >> >>> I debug this is what I see: >>> >>> check: no loaded plugin implements 'check_main': cannot scan! at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line >>> 164. >>> >>> >>> >> You have screwed your /etc/mail/spamassassin/*.pre files. The >> > following > >> lines must appear in v320.pre, as well as a whole load of other >> loadplugin lines: >> >> # Check - Provides main check functionality >> # >> loadplugin Mail::SpamAssassin::Plugin::Check >> >> Otherwise SpamAssassin won't actually do anything! >> >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>> Martin.Hepworth >>> Sent: Monday, September 24, 2007 8:55 AM >>> To: MailScanner discussion >>> Subject: RE: mailscanner restarts when using spamassassin >>> >>> Blaze >>> >>> Looks like you got 2 different spamassassins installed and >>> > MailScanner > >>> is looking for an 'old' one. >>> >>> I'd say you 'upgraded' SA using a different method to how you >>> >>> >> originally >> >> >>> installed it.. >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> > [mailto:mailscanner- > >>>> bounces@lists.mailscanner.info] On Behalf Of Blaze King >>>> Sent: 24 September 2007 16:37 >>>> To: MailScanner discussion >>>> Subject: RE: mailscanner restarts when using spamassassin >>>> >>>> Here's what the debug gives me: >>>> >>>> [root@mail ~]# MailScanner --debug --debug-sa >>>> In Debugging mode, not forking... >>>> SpamAssassin temp dir = >>>> /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>> [21668] dbg: logger: adding facilities: all >>>> [21668] dbg: logger: logging level is DBG >>>> [21668] dbg: generic: SpamAssassin version 3.2.3 >>>> [21668] dbg: config: score set 0 chosen. >>>> [21668] dbg: util: running in taint mode? no >>>> [21668] dbg: dns: is Net::DNS::Resolver available? yes >>>> [21668] dbg: dns: Net::DNS version: 0.60 >>>> [21668] dbg: ignore: test message to precompile patterns and load >>>> modules >>>> [21668] dbg: config: using "/etc/mail/spamassassin" for site rules >>>> >>>> >> pre >> >> >>>> files >>>> [21668] dbg: config: read file /etc/mail/spamassassin/init.pre >>>> [21668] dbg: config: read file /etc/mail/spamassassin/v310.pre >>>> [21668] dbg: config: read file /etc/mail/spamassassin/v312.pre >>>> [21668] dbg: config: using "/usr/share/spamassassin" for sys rules >>>> >>>> >> pre >> >> >>>> files >>>> [21668] dbg: config: using "/usr/share/spamassassin" for default >>>> >>>> >> rules >> >> >>>> dir >>>> [21668] dbg: config: read file >>>> /usr/share/spamassassin/10_default_prefs.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/10_misc.cf >>>> [21668] dbg: config: read file >>>> >>>> >>>> >>> /usr/share/spamassassin/20_advance_fee.cf >>> >>> >>> >>>> [21668] dbg: config: read file >>>> /usr/share/spamassassin/20_anti_ratware.cf >>>> [21668] dbg: config: read file >>>> >>>> >>>> >>> /usr/share/spamassassin/20_body_tests.cf >>> >>> >>> >>>> [21668] dbg: config: read file >>>> >>>> >>>> >>> /usr/share/spamassassin/20_compensate.cf >>> >>> >>> >>>> [21668] dbg: config: read file >>>> >>>> >>>> >>> /usr/share/spamassassin/20_dnsbl_tests.cf >>> >>> >>> >>>> [21668] dbg: config: read file /usr/share/spamassassin/20_drugs.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/20_dynrdns.cf >>>> [21668] dbg: config: read file >>>> /usr/share/spamassassin/20_fake_helo_tests.cf >>>> [21668] dbg: config: read file >>>> >>>> >>>> >>> /usr/share/spamassassin/20_head_tests.cf >>> >>> >>> >>>> [21668] dbg: config: read file >>>> >>>> >>>> >>> /usr/share/spamassassin/20_html_tests.cf >>> >>> >>> >>>> [21668] dbg: config: read file >>>> >>>> >> /usr/share/spamassassin/20_imageinfo.cf >> >> >>>> [21668] dbg: config: read file >>>> >>>> >>>> >>> /usr/share/spamassassin/20_meta_tests.cf >>> >>> >>> >>>> [21668] dbg: config: read file >>>> >>>> >> /usr/share/spamassassin/20_net_tests.cf >> >> >>>> [21668] dbg: config: read file /usr/share/spamassassin/20_phrases.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/20_porn.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/20_ratware.cf >>>> [21668] dbg: config: read file >>>> >>>> >> /usr/share/spamassassin/20_uri_tests.cf >> >> >>>> [21668] dbg: config: read file /usr/share/spamassassin/20_vbounce.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/23_bayes.cf >>>> [21668] dbg: config: read file >>>> > /usr/share/spamassassin/25_accessdb.cf > >>>> [21668] dbg: config: read file >>>> >>>> >> /usr/share/spamassassin/25_antivirus.cf >> >> >>>> [21668] dbg: config: read file /usr/share/spamassassin/25_asn.cf >>>> [21668] dbg: config: read file >>>> /usr/share/spamassassin/25_body_tests_es.cf >>>> [21668] dbg: config: read file >>>> /usr/share/spamassassin/25_body_tests_pl.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/25_dcc.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/25_dkim.cf >>>> [21668] dbg: config: read file >>>> >>>> >>>> >>> /usr/share/spamassassin/25_domainkeys.cf >>> >>> >>> >>>> [21668] dbg: config: read file >>>> > /usr/share/spamassassin/25_hashcash.cf > >>>> [21668] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/25_razor2.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/25_replace.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/25_spf.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/25_textcat.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/25_uribl.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/30_text_de.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/30_text_it.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf >>>> [21668] dbg: config: read file >>>> >>>> >>>> >>> /usr/share/spamassassin/30_text_pt_br.cf >>> >>> >>> >>>> [21668] dbg: config: read file /usr/share/spamassassin/50_scores.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/60_awl.cf >>>> [21668] dbg: config: read file >>>> /usr/share/spamassassin/60_shortcircuit.cf >>>> [21668] dbg: config: read file >>>> >>>> >> /usr/share/spamassassin/60_whitelist.cf >> >> >>>> [21668] dbg: config: read file >>>> /usr/share/spamassassin/60_whitelist_dk.cf >>>> [21668] dbg: config: read file >>>> /usr/share/spamassassin/60_whitelist_dkim.cf >>>> [21668] dbg: config: read file >>>> /usr/share/spamassassin/60_whitelist_spf.cf >>>> [21668] dbg: config: read file >>>> /usr/share/spamassassin/60_whitelist_subject.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/72_active.cf >>>> [21668] dbg: config: using "/etc/mail/spamassassin" for site rules >>>> >>>> >> dir >> >> >>>> [21668] dbg: config: read file /etc/mail/spamassassin/local.cf >>>> [21668] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf >>>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL >>>> >>>> >> from >> >> >>>> @INC >>>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash >>>> >>>> >> from >> >> >>>> @INC >>>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from >>>> >>>> >> @INC >> >> >>>> [21668] dbg: plugin: loading >>>> > Mail::SpamAssassin::Plugin::RelayCountry > >>>> from @INC >>>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from >>>> @INC >>>> [21668] dbg: razor2: razor2 is available, version 2.84 >>>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from >>>> >>>> >> @INC >> >> >>>> [21668] dbg: dcc: network tests on, registering DCC >>>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from >>>> >>>> >>>> >>> @INC >>> >>> >>> >>>> [21668] dbg: pyzor: network tests on, attempting Pyzor >>>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from >>>> @INC >>>> [21668] dbg: razor2: razor2 is available, version 2.84 >>>> [21668] dbg: plugin: did not register >>>> Mail::SpamAssassin::Plugin::Razor2=HASH(0xb3cdb30), already >>>> >>>> >> registered >> >> >>>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop >>>> > from > >>>> @INC >>>> [21668] dbg: reporter: network tests on, attempting SpamCop >>>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from >>>> >>>> >> @INC >> >> >>>> [21668] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >>>> [21668] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >>>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader >>>> >>>> >>>> >>> from >>> >>> >>> >>>> @INC >>>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags >>>> from @INC >>>> [21668] dbg: plugin: loading >>>> > Mail::SpamAssassin::Plugin::RelayCountry > >>>> from @INC >>>> [21668] dbg: plugin: did not register >>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xb823524), already >>>> registered >>>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from >>>> >>>> >> @INC >> >> >>>> [21668] dbg: plugin: did not register >>>> Mail::SpamAssassin::Plugin::SPF=HASH(0xb7d3ed8), already registered >>>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL >>>> >>>> >> from >> >> >>>> @INC >>>> [21668] dbg: plugin: did not register >>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xb30a6a8), already >>>> >>>> >>>> >>> registered >>> >>> >>> >>>> config: configuration file >>>> >>>> >> "/usr/share/spamassassin/20_advance_fee.cf" >> >> >>>> requires version 3.001009 of SpamAssassin, but this is code version >>>> 3.002003. Maybe you need to use the -C switch, or remove the old >>>> >>>> >>>> >>> config >>> >>> >>> >>>> files? Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>>> 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/20_advance_fee.cf" requires version >>>> > 3.001009 > >>>> >>>> >>>> >>> of >>> >>> >>> >>>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>>> >>>> >> use >> >> >>>> the -C switch, or remove the old config files? Skipping this file >>>> config: configuration file >>>> > "/usr/share/spamassassin/20_body_tests.cf" > >>>> requires version 3.001009 of SpamAssassin, but this is code version >>>> 3.002003. Maybe you need to use the -C switch, or remove the old >>>> >>>> >>>> >>> config >>> >>> >>> >>>> files? Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>>> 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/20_body_tests.cf" requires version 3.001009 >>>> >>>> >>>> >>> of >>> >>> >>> >>>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>>> >>>> >> use >> >> >>>> the -C switch, or remove the old config files? Skipping this file >>>> config: configuration file >>>> > "/usr/share/spamassassin/20_compensate.cf" > >>>> requires version 3.001009 of SpamAssassin, but this is code version >>>> 3.002003. Maybe you need to use the -C switch, or remove the old >>>> >>>> >>>> >>> config >>> >>> >>> >>>> files? Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>>> 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/20_compensate.cf" requires version 3.001009 >>>> >>>> >>>> >>> of >>> >>> >>> >>>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>>> >>>> >> use >> >> >>>> the -C switch, or remove the old config files? Skipping this file >>>> config: configuration file >>>> >>>> >> "/usr/share/spamassassin/20_dnsbl_tests.cf" >> >> >>>> requires version 3.001009 of SpamAssassin, but this is code version >>>> 3.002003. Maybe you need to use the -C switch, or remove the old >>>> >>>> >>>> >>> config >>> >>> >>> >>>> files? Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>>> 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/20_dnsbl_tests.cf" requires version >>>> > 3.001009 > >>>> >>>> >>>> >>> of >>> >>> >>> >>>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>>> >>>> >> use >> >> >>>> the -C switch, or remove the old config files? Skipping this file >>>> config: configuration file "/usr/share/spamassassin/20_drugs.cf" >>>> requires version 3.001009 of SpamAssassin, but this is code version >>>> 3.002003. Maybe you need to use the -C switch, or remove the old >>>> >>>> >>>> >>> config >>> >>> >>> >>>> files? Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>>> 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/20_drugs.cf" requires version 3.001009 of >>>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>>> >>>> >> use >> >> >>>> the -C switch, or remove the old config files? Skipping this file >>>> config: configuration file >>>> "/usr/share/spamassassin/20_fake_helo_tests.cf" requires version >>>> 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe >>>> >>>> >> you >> >> >>>> need to use the -C switch, or remove the old config files? Skipping >>>> >>>> >>>> >>> this >>> >>> >>> >>>> file at >>>> >>>> >>>> >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm >>> >>> >>> >>>> line 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/20_fake_helo_tests.cf" requires version >>>> 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe >>>> >>>> >> you >> >> >>>> need to use the -C switch, or remove the old config files? Skipping >>>> >>>> >>>> >>> this >>> >>> >>> >>>> file >>>> config: configuration file >>>> > "/usr/share/spamassassin/20_head_tests.cf" > >>>> requires version 3.001009 of SpamAssassin, but this is code version >>>> 3.002003. Maybe you need to use the -C switch, or remove the old >>>> >>>> >>>> >>> config >>> >>> >>> >>>> files? Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>>> 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/20_head_tests.cf" requires version 3.001009 >>>> >>>> >>>> >>> of >>> >>> >>> >>>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>>> >>>> >> use >> >> >>>> the -C switch, or remove the old config files? Skipping this file >>>> config: configuration file >>>> > "/usr/share/spamassassin/20_html_tests.cf" > >>>> requires version 3.001009 of SpamAssassin, but this is code version >>>> 3.002003. Maybe you need to use the -C switch, or remove the old >>>> >>>> >>>> >>> config >>> >>> >>> >>>> files? Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>>> 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/20_html_tests.cf" requires version 3.001009 >>>> >>>> >>>> >>> of >>> >>> >>> >>>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>>> >>>> >> use >> >> >>>> the -C switch, or remove the old config files? Skipping this file >>>> config: configuration file >>>> > "/usr/share/spamassassin/20_meta_tests.cf" > >>>> requires version 3.001009 of SpamAssassin, but this is code version >>>> 3.002003. Maybe you need to use the -C switch, or remove the old >>>> >>>> >>>> >>> config >>> >>> >>> >>>> files? Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>>> 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/20_meta_tests.cf" requires version 3.001009 >>>> >>>> >>>> >>> of >>> >>> >>> >>>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>>> >>>> >> use >> >> >>>> the -C switch, or remove the old config files? Skipping this file >>>> config: configuration file "/usr/share/spamassassin/20_net_tests.cf" >>>> requires version 3.001009 of SpamAssassin, but this is code version >>>> 3.002003. Maybe you need to use the -C switch, or remove the old >>>> >>>> >>>> >>> config >>> >>> >>> >>>> files? Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>>> 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/20_net_tests.cf" requires version 3.001009 >>>> >>>> >> of >> >> >>>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>>> >>>> >> use >> >> >>>> the -C switch, or remove the old config files? Skipping this file >>>> config: configuration file "/usr/share/spamassassin/20_phrases.cf" >>>> requires version 3.001009 of SpamAssassin, but this is code version >>>> 3.002003. Maybe you need to use the -C switch, or remove the old >>>> >>>> >>>> >>> config >>> >>> >>> >>>> files? Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>>> 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/20_phrases.cf" requires version 3.001009 of >>>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>>> >>>> >> use >> >> >>>> the -C switch, or remove the old config files? Skipping this file >>>> config: configuration file "/usr/share/spamassassin/20_porn.cf" >>>> >>>> >>>> >>> requires >>> >>> >>> >>>> version 3.001009 of SpamAssassin, but this is code version 3.002003. >>>> Maybe you need to use the -C switch, or remove the old config files? >>>> Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>>> 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/20_porn.cf" requires version 3.001009 of >>>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>>> >>>> >> use >> >> >>>> the -C switch, or remove the old config files? Skipping this file >>>> config: configuration file "/usr/share/spamassassin/20_uri_tests.cf" >>>> requires version 3.001009 of SpamAssassin, but this is code version >>>> 3.002003. Maybe you need to use the -C switch, or remove the old >>>> >>>> >>>> >>> config >>> >>> >>> >>>> files? Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>>> 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/20_uri_tests.cf" requires version 3.001009 >>>> >>>> >> of >> >> >>>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>>> >>>> >> use >> >> >>>> the -C switch, or remove the old config files? Skipping this file >>>> config: configuration file "/usr/share/spamassassin/23_bayes.cf" >>>> requires version 3.001009 of SpamAssassin, but this is code version >>>> 3.002003. Maybe you need to use the -C switch, or remove the old >>>> >>>> >>>> >>> config >>> >>> >>> >>>> files? Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>>> 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/23_bayes.cf" requires version 3.001009 of >>>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>>> >>>> >> use >> >> >>>> the -C switch, or remove the old config files? Skipping this file >>>> config: 'uridnsbl_timeout' is obsolete, use 'rbl_timeout' instead at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/URIDNSBL.pm >>>> >>>> >>>> >>> line >>> >>> >>> >>>> 396. >>>> [21668] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA >>>> [21668] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E >>>> [21668] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E >>>> __MO_OL_F3B05 >>>> [21668] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 >>>> __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A >>>> > __XM_OL_812FF > >>>> __XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01 >>>> [21668] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA >>>> [21668] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: >>>> HS_SUBJ_NEW_SOFTWARE >>>> [21668] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A >>>> [21668] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 >>>> __MO_OL_CF0C0 >>>> [21668] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15 >>>> KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6 >>>> [21668] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C >>>> __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 >>>> > __XM_OL_B30D1 > >>>> __XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8 >>>> [21668] dbg: rules: __XM_OL_5E7ED merged duplicates: __XM_OL_D03AB >>>> [21668] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 >>>> __MO_OL_ADFF7 >>>> [21668] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6 >>>> [21668] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB >>>> __MO_OL_7533E >>>> [21668] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40 >>>> [21668] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: >>>> >>>> >> __HAS_ANY_URI >> >> >>>> [21668] dbg: rules: __XM_OL_C7C33 merged duplicates: __XM_OL_C9068 >>>> __XM_OL_EF20B >>>> [21668] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E >>>> [21668] dbg: rules: __MO_OL_5E7ED merged duplicates: __MO_OL_C7C33 >>>> [21668] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8 >>>> [21668] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01 >>>> [21668] dbg: conf: finish parsing >>>> [21668] dbg: plugin: >>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xb8234a0) implements >>>> 'finish_parsing_end', priority 0 >>>> [21668] dbg: replacetags: replacing tags >>>> [21668] dbg: replacetags: done replacing tags >>>> [21668] dbg: bayes: no dbs present, cannot tie DB R/O: >>>> /root/.spamassassin/bayes_toks >>>> [21668] dbg: config: score set 1 chosen. >>>> [21668] dbg: message: main message type: text/plain >>>> [21668] dbg: message: ---- MIME PARSER START ---- >>>> [21668] dbg: message: parsing normal part >>>> [21668] dbg: message: ---- MIME PARSER END ---- >>>> [21668] dbg: bayes: no dbs present, cannot tie DB R/O: >>>> /root/.spamassassin/bayes_toks >>>> check: no loaded plugin implements 'check_main': cannot scan! at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm >>>> > line > >>>> 164. >>>> >>>> I see some errors that tell me SA is looking for an older version? >>>> >>>> >>>> >>> And >>> >>> >>> >>>> this error at the end, I have no idea where to start there. >>>> >>>> Blaze King >>>> Lake County Office of Education >>>> >>>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>>> Martin.Hepworth >>>> Sent: Monday, September 24, 2007 1:04 AM >>>> To: MailScanner discussion >>>> Subject: RE: mailscanner restarts when using spamassassin >>>> >>>> Blaze >>>> >>>> What does "MailScanner --debug --debug-sa" give you? >>>> >>>> -- >>>> Martin Hepworth >>>> Snr Systems Administrator >>>> Solid State Logic >>>> Tel: +44 (0)1865 842300 >>>> >>>> >>>> >>>> >>>>> -----Original Message----- >>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>> >>>>> >>>>> >>> [mailto:mailscanner- >>> >>> >>> >>>>> bounces@lists.mailscanner.info] On Behalf Of Blaze King >>>>> Sent: 24 September 2007 04:55 >>>>> To: MailScanner discussion >>>>> Subject: RE: mailscanner restarts when using spamassassin >>>>> >>>>> An update: >>>>> >>>>> >>>>> >>>>> Sendmail is working fine now. (I had something wrong in the mc >>>>> >>>>> >>>>> >>> file). >>> >>> >>> >>>>> Now I've re-installed the tarball for ClamAV and SA and >>>>> > Mailscanner, > >>>>> doesn't seem to make any difference. I also used my old >>>>> >>>>> >>>>> >>>> MailScanner.conf >>>> >>>> >>>> >>>>> from my old server (ver. 4.58). Nothing changes the results I was >>>>> >>>>> >>>>> >>>> finding >>>> >>>> >>>> >>>>> below. Spam Checks work, but SpamAssassin isn't. Also, forgot to >>>>> >>>>> >>>>> >>>> mention >>>> >>>> >>>> >>>>> previously, this is on CentOS 5. >>>>> >>>>> >>>>> >>>>> On top of that my MailWatch install has a feature I forgot how to >>>>> >>>>> >>>>> >>>> enable: >>>> >>>> >>>> >>>>> Viewing the message body. >>>>> >>>>> >>>>> >>>>> Any ideas on what I'm probably doing wrong? >>>>> >>>>> >>>>> >>>>> Blaze King >>>>> >>>>> blazek@lake-coe.k12.ca.us >>>>> >>>>> >>>>> >>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>> >>>>> >>>>> >>> [mailto:mailscanner- >>> >>> >>> >>>>> bounces@lists.mailscanner.info] On Behalf Of Blaze King >>>>> Sent: Sunday, September 23, 2007 4:26 PM >>>>> To: mailscanner@lists.mailscanner.info >>>>> Subject: mailscanner restarts when using spamassassin >>>>> >>>>> >>>>> >>>>> Ok here's one that stumping me... >>>>> >>>>> >>>>> >>>>> This is a new installation... When I have "Use Spamassassin = yes" >>>>> >>>>> >>>>> >>> in >>> >>> >>> >>>>> MailScanner.conf, no messages are processed. When I set that to >>>>> > no, > >>>>> >>>>> >>>>> >>>> then >>>> >>>> >>>> >>>>> everything works ok. spamassassin -D --lint doesn't produce any >>>>> >>>>> >>>>> >>>> errors. >>>> >>>> >>>> >>>>> Not sure if it's needed, but here's some background info: >>>>> >>>>> >>>>> >>>>> (also, as a note, I noticed while writing all this that sendmail is >>>>> >>>>> >>>>> >>>> giving >>>> >>>> >>>> >>>>> me some trouble... users can't send, but system messages and >>>>> >>>>> >>>>> >>> aliases >>> >>> >>> >>>> still >>>> >>>> >>>> >>>>> get sent... I don't know, maybe that's related) >>>>> >>>>> >>>>> >>>>> This is while installing onto a new server. Before installing >>>>> >>>>> >>>>> >>>> MailScanner >>>> >>>> >>>> >>>>> and because I was using MailWatch, I imported my old database into >>>>> >>>>> >>>>> >>>> mysql >>>> >>>> >>>> >>>>> on the new server. >>>>> >>>>> >>>>> >>>>> I followed the instructions in Quickinstall.txt: Installed >>>>> >>>>> >>>>> >>>>> > http://www.mailscanner.info/files/4/install-Clam-0.91.2-SA-3.2.3.tar.gz, > >> >> >>> >>> >>> >>>>> then installed MailScanner version 4.63.8-1 (also tried latest >>>>> >>>>> >>>>> >>> beta), >>> >>> >>> >>>>> upgraded conf file. After starting MailScanner, I see this in the >>>>> maillog: >>>>> >>>>> >>>>> >>>>> This is with Spam Checks = Yes and Use Spamassassin = yes >>>>> >>>>> >>>>> >>>>> Sep 23 11:22:21 mail MailScanner[28810]: MailScanner E-Mail Virus >>>>> >>>>> >>>>> >>>> Scanner >>>> >>>> >>>> >>>>> version 4.64.1 starting... >>>>> Sep 23 11:22:21 mail MailScanner[28810]: Read 797 hostnames from >>>>> > the > >>>>> phishing whitelist >>>>> Sep 23 11:22:21 mail MailScanner[28810]: Read 1728 hostnames from >>>>> >>>>> >>>>> >>> the >>> >>> >>> >>>>> phishing blacklist >>>>> Sep 23 11:22:21 mail MailScanner[28810]: Config: calling custom >>>>> > init > >>>>> function MailWatchLogging >>>>> Sep 23 11:22:21 mail MailScanner[28810]: Started SQL Logging child >>>>> Sep 23 11:22:21 mail MailScanner[28810]: SpamAssassin temporary >>>>> >>>>> >>>>> >>>> working >>>> >>>> >>>> >>>>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>>> Sep 23 11:22:21 mail MailScanner[28810]: Using SpamAssassin results >>>>> >>>>> >>>>> >>>> cache >>>> >>>> >>>> >>>>> Sep 23 11:22:21 mail MailScanner[28810]: Connected to SpamAssassin >>>>> >>>>> >>>>> >>>> cache >>>> >>>> >>>> >>>>> database >>>>> Sep 23 11:22:26 mail MailScanner[28819]: MailScanner E-Mail Virus >>>>> >>>>> >>>>> >>>> Scanner >>>> >>>> >>>> >>>>> version 4.64.1 starting... >>>>> Sep 23 11:22:26 mail MailScanner[28819]: Read 797 hostnames from >>>>> > the > >>>>> phishing whitelist >>>>> Sep 23 11:22:26 mail MailScanner[28819]: Read 1728 hostnames from >>>>> >>>>> >>>>> >>> the >>> >>> >>> >>>>> phishing blacklist >>>>> Sep 23 11:22:26 mail MailScanner[28819]: Config: calling custom >>>>> > init > >>>>> function MailWatchLogging >>>>> Sep 23 11:22:26 mail MailScanner[28819]: Started SQL Logging child >>>>> Sep 23 11:22:26 mail MailScanner[28819]: SpamAssassin temporary >>>>> >>>>> >>>>> >>>> working >>>> >>>> >>>> >>>>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>>> Sep 23 11:22:26 mail MailScanner[28819]: Using SpamAssassin results >>>>> >>>>> >>>>> >>>> cache >>>> >>>> >>>> >>>>> Sep 23 11:22:26 mail MailScanner[28819]: Connected to SpamAssassin >>>>> >>>>> >>>>> >>>> cache >>>> >>>> >>>> >>>>> database >>>>> Sep 23 11:22:31 mail MailScanner[28822]: MailScanner E-Mail Virus >>>>> >>>>> >>>>> >>>> Scanner >>>> >>>> >>>> >>>>> version 4.64.1 starting... >>>>> Sep 23 11:22:31 mail MailScanner[28822]: Read 797 hostnames from >>>>> > the > >>>>> phishing whitelist >>>>> Sep 23 11:22:31 mail MailScanner[28822]: Read 1728 hostnames from >>>>> >>>>> >>>>> >>> the >>> >>> >>> >>>>> phishing blacklist >>>>> Sep 23 11:22:31 mail MailScanner[28822]: Config: calling custom >>>>> > init > >>>>> function MailWatchLogging >>>>> Sep 23 11:22:31 mail MailScanner[28822]: Started SQL Logging child >>>>> Sep 23 11:22:31 mail MailScanner[28822]: SpamAssassin temporary >>>>> >>>>> >>>>> >>>> working >>>> >>>> >>>> >>>>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>>> Sep 23 11:22:31 mail MailScanner[28822]: Using SpamAssassin results >>>>> >>>>> >>>>> >>>> cache >>>> >>>> >>>> >>>>> Sep 23 11:22:31 mail MailScanner[28822]: Connected to SpamAssassin >>>>> >>>>> >>>>> >>>> cache >>>> >>>> >>>> >>>>> database >>>>> >>>>> (repeats over and over, same thing) >>>>> >>>>> >>>>> >>>>> Here's Spam Checks = Yes and Use Spamassassin = No >>>>> >>>>> >>>>> >>>>> Sep 23 11:24:42 mail MailScanner[29127]: MailScanner E-Mail Virus >>>>> >>>>> >>>>> >>>> Scanner >>>> >>>> >>>> >>>>> version 4.64.1 starting... >>>>> Sep 23 11:24:42 mail MailScanner[29127]: Read 797 hostnames from >>>>> > the > >>>>> phishing whitelist >>>>> Sep 23 11:24:42 mail MailScanner[29127]: Read 1728 hostnames from >>>>> >>>>> >>>>> >>> the >>> >>> >>> >>>>> phishing blacklist >>>>> Sep 23 11:24:42 mail MailScanner[29127]: Config: calling custom >>>>> > init > >>>>> function MailWatchLogging >>>>> Sep 23 11:24:42 mail MailScanner[29127]: Started SQL Logging child >>>>> Sep 23 11:24:42 mail MailScanner[29127]: SpamAssassin temporary >>>>> >>>>> >>>>> >>>> working >>>> >>>> >>>> >>>>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>>> Sep 23 11:24:42 mail MailScanner[29127]: Using locktype = posix >>>>> Sep 23 11:24:42 mail MailScanner[29127]: Creating hardcoded >>>>> >>>>> >>>>> >>>> struct_flock >>>> >>>> >>>> >>>>> subroutine for linux (Linux-type) >>>>> Sep 23 11:25:19 mail MailScanner[29124]: New Batch: Scanning 1 >>>>> >>>>> >>>>> >>>> messages, >>>> >>>> >>>> >>>>> 1520 bytes >>>>> Sep 23 11:25:20 mail MailScanner[29124]: Spam Checks: Found 1 spam >>>>> messages >>>>> Sep 23 11:25:20 mail MailScanner[29124]: Virus and Content >>>>> > Scanning: > >>>>> Starting >>>>> Sep 23 11:25:22 mail MailScanner[29124]: Uninfected: Delivered 1 >>>>> >>>>> >>>>> >>>> messages >>>> >>>> >>>> >>>>> Sep 23 11:25:22 mail MailScanner[29124]: Logging message >>>>> >>>>> >>>>> >>>> l8NIPI9f029181 to >>>> >>>> >>>> >>>>> SQL >>>>> Sep 23 11:25:22 mail MailScanner[29091]: l8NIPI9f029181: Logged to >>>>> MailWatch SQL >>>>> >>>>> (seems to work ok without spamassassin) >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> Any ideas? Thanks! >>>>> >>>>> >>>>> >>>>> Blaze King >>>>> >>>>> Lake County Office of Education >>>>> >>>>> (707) 262-4147 >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>> >> ********************************************************************** >> >> >>>> Confidentiality : This e-mail and any attachments are intended for >>>> >>>> >> the >> >> >>>> addressee only and may be confidential. If they come to you in error >>>> you must take no action based on them, nor must you copy or show >>>> > them > >>>> to anyone. Please advise the sender by replying to this e-mail >>>> immediately and then delete the original from your computer. >>>> Opinion : Any opinions expressed in this e-mail are entirely those >>>> > of > >>>> the author and unless specifically stated to the contrary, are not >>>> necessarily those of the author's employer. >>>> Security Warning : Internet e-mail is not necessarily a secure >>>> communications medium and can be subject to data corruption. We >>>> >>>> >> advise >> >> >>>> that you consider this fact when e-mailing us. >>>> Viruses : We have taken steps to ensure that this e-mail and any >>>> attachments are free from known viruses but in keeping with good >>>> computing practice, you should ensure that they are virus free. >>>> >>>> Red Lion 49 Ltd T/A Solid State Logic >>>> Registered as a limited company in England and Wales >>>> (Company No:5362730) >>>> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >>>> United Kingdom >>>> >>>> >>>> >> ********************************************************************** >> >> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>> >>> > ********************************************************************** > >>> Confidentiality : This e-mail and any attachments are intended for >>> > the > >>> >>> >> >> >>> addressee only and may be confidential. If they come to you in error >>> you must take no action based on them, nor must you copy or show them >>> > > >>> to anyone. Please advise the sender by replying to this e-mail >>> immediately and then delete the original from your computer. >>> Opinion : Any opinions expressed in this e-mail are entirely those of >>> > > >>> the author and unless specifically stated to the contrary, are not >>> necessarily those of the author's employer. >>> Security Warning : Internet e-mail is not necessarily a secure >>> communications medium and can be subject to data corruption. We >>> > advise > >>> >>> >> >> >>> that you consider this fact when e-mailing us. >>> Viruses : We have taken steps to ensure that this e-mail and any >>> attachments are free from known viruses but in keeping with good >>> computing practice, you should ensure that they are virus free. >>> >>> Red Lion 49 Ltd T/A Solid State Logic >>> Registered as a limited company in England and Wales >>> (Company No:5362730) >>> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >>> United Kingdom >>> >>> > ********************************************************************** > >>> >>> >>> >> Jules >> >> >> > > Jules > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From blazek at lake-coe.k12.ca.us Mon Sep 24 23:02:52 2007 From: blazek at lake-coe.k12.ca.us (Blaze King) Date: Mon Sep 24 23:02:20 2007 Subject: i screwed spamassassin In-Reply-To: <46F82FB4.9000406@ecs.soton.ac.uk> References: <08e3e91c8f20c44bac27b8419e76641c@solidstatelogic.com> <46F7FA87.8000006@ecs.soton.ac.uk> <46F80FCF.3010307@ecs.soton.ac.uk> <46F82FB4.9000406@ecs.soton.ac.uk> Message-ID: In /usr/bin I only have sa-compile, no sa-update. I do however have sa-update on my old HDD as part of my previous install. Blaze King Director of Technology Lake County Office of Education (707) 262-4147 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Monday, September 24, 2007 2:44 PM To: MailScanner discussion Subject: Re: i screwed spamassassin Check it's not just your $PATH being out of date. sa-update should be in /usr/bin. It's a Perl script. Blaze King wrote: > This might be something... even after re-installing SA with the script > from the website, I don't have sa-update on my system. > > Blaze King > Lake County Office of Education > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Monday, September 24, 2007 12:28 PM > To: MailScanner discussion > Subject: Re: i screwed spamassassin > > Once you've done an sa-update, it won't be using the files in > /usr/share/spamassassin anyway, it will be using the stuff under > /var/lib/spamassassin instead. Do a "sa-update -D" first time, to make > sure it is working. You might need to download and install a GPG key for > > it, it tells you what to type. > > Blaze King wrote: > >> Changed the subject per Julian's comment. >> >> So that was it. I must have copied something wrong... >> >> Well now I notice I don't have a 50_scores.cf in >> /usr/share/spamassassin. So spamassassin is working, but obviously is >> missing the majority of its scoring. I copied 50_scores.cf from my >> > old > >> config to the new spot, but spamassassin isn't looking for it. >> >> Blaze King >> Director of Technology >> Lake County Office of Education >> (707) 262-4147 >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> > Julian > >> Field >> Sent: Monday, September 24, 2007 10:57 AM >> To: MailScanner discussion >> Subject: Re: mailscanner restarts when using spamassassin >> >> >> >> Blaze King wrote: >> >> >>> Yum must have automatically updated SA from the initial install... >>> > Ok > >>> >>> >> I >> >> >>> removed that, re-installed Julian's script for Clam and SA, and now >>> >>> >> when >> >> >>> I debug this is what I see: >>> >>> check: no loaded plugin implements 'check_main': cannot scan! at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line >>> 164. >>> >>> >>> >> You have screwed your /etc/mail/spamassassin/*.pre files. The >> > following > >> lines must appear in v320.pre, as well as a whole load of other >> loadplugin lines: >> >> # Check - Provides main check functionality >> # >> loadplugin Mail::SpamAssassin::Plugin::Check >> >> Otherwise SpamAssassin won't actually do anything! >> >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>> Martin.Hepworth >>> Sent: Monday, September 24, 2007 8:55 AM >>> To: MailScanner discussion >>> Subject: RE: mailscanner restarts when using spamassassin >>> >>> Blaze >>> >>> Looks like you got 2 different spamassassins installed and >>> > MailScanner > >>> is looking for an 'old' one. >>> >>> I'd say you 'upgraded' SA using a different method to how you >>> >>> >> originally >> >> >>> installed it.. >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> > [mailto:mailscanner- > >>>> bounces@lists.mailscanner.info] On Behalf Of Blaze King >>>> Sent: 24 September 2007 16:37 >>>> To: MailScanner discussion >>>> Subject: RE: mailscanner restarts when using spamassassin >>>> >>>> Here's what the debug gives me: >>>> >>>> [root@mail ~]# MailScanner --debug --debug-sa >>>> In Debugging mode, not forking... >>>> SpamAssassin temp dir = >>>> /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>> [21668] dbg: logger: adding facilities: all >>>> [21668] dbg: logger: logging level is DBG >>>> [21668] dbg: generic: SpamAssassin version 3.2.3 >>>> [21668] dbg: config: score set 0 chosen. >>>> [21668] dbg: util: running in taint mode? no >>>> [21668] dbg: dns: is Net::DNS::Resolver available? yes >>>> [21668] dbg: dns: Net::DNS version: 0.60 >>>> [21668] dbg: ignore: test message to precompile patterns and load >>>> modules >>>> [21668] dbg: config: using "/etc/mail/spamassassin" for site rules >>>> >>>> >> pre >> >> >>>> files >>>> [21668] dbg: config: read file /etc/mail/spamassassin/init.pre >>>> [21668] dbg: config: read file /etc/mail/spamassassin/v310.pre >>>> [21668] dbg: config: read file /etc/mail/spamassassin/v312.pre >>>> [21668] dbg: config: using "/usr/share/spamassassin" for sys rules >>>> >>>> >> pre >> >> >>>> files >>>> [21668] dbg: config: using "/usr/share/spamassassin" for default >>>> >>>> >> rules >> >> >>>> dir >>>> [21668] dbg: config: read file >>>> /usr/share/spamassassin/10_default_prefs.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/10_misc.cf >>>> [21668] dbg: config: read file >>>> >>>> >>>> >>> /usr/share/spamassassin/20_advance_fee.cf >>> >>> >>> >>>> [21668] dbg: config: read file >>>> /usr/share/spamassassin/20_anti_ratware.cf >>>> [21668] dbg: config: read file >>>> >>>> >>>> >>> /usr/share/spamassassin/20_body_tests.cf >>> >>> >>> >>>> [21668] dbg: config: read file >>>> >>>> >>>> >>> /usr/share/spamassassin/20_compensate.cf >>> >>> >>> >>>> [21668] dbg: config: read file >>>> >>>> >>>> >>> /usr/share/spamassassin/20_dnsbl_tests.cf >>> >>> >>> >>>> [21668] dbg: config: read file /usr/share/spamassassin/20_drugs.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/20_dynrdns.cf >>>> [21668] dbg: config: read file >>>> /usr/share/spamassassin/20_fake_helo_tests.cf >>>> [21668] dbg: config: read file >>>> >>>> >>>> >>> /usr/share/spamassassin/20_head_tests.cf >>> >>> >>> >>>> [21668] dbg: config: read file >>>> >>>> >>>> >>> /usr/share/spamassassin/20_html_tests.cf >>> >>> >>> >>>> [21668] dbg: config: read file >>>> >>>> >> /usr/share/spamassassin/20_imageinfo.cf >> >> >>>> [21668] dbg: config: read file >>>> >>>> >>>> >>> /usr/share/spamassassin/20_meta_tests.cf >>> >>> >>> >>>> [21668] dbg: config: read file >>>> >>>> >> /usr/share/spamassassin/20_net_tests.cf >> >> >>>> [21668] dbg: config: read file /usr/share/spamassassin/20_phrases.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/20_porn.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/20_ratware.cf >>>> [21668] dbg: config: read file >>>> >>>> >> /usr/share/spamassassin/20_uri_tests.cf >> >> >>>> [21668] dbg: config: read file /usr/share/spamassassin/20_vbounce.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/23_bayes.cf >>>> [21668] dbg: config: read file >>>> > /usr/share/spamassassin/25_accessdb.cf > >>>> [21668] dbg: config: read file >>>> >>>> >> /usr/share/spamassassin/25_antivirus.cf >> >> >>>> [21668] dbg: config: read file /usr/share/spamassassin/25_asn.cf >>>> [21668] dbg: config: read file >>>> /usr/share/spamassassin/25_body_tests_es.cf >>>> [21668] dbg: config: read file >>>> /usr/share/spamassassin/25_body_tests_pl.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/25_dcc.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/25_dkim.cf >>>> [21668] dbg: config: read file >>>> >>>> >>>> >>> /usr/share/spamassassin/25_domainkeys.cf >>> >>> >>> >>>> [21668] dbg: config: read file >>>> > /usr/share/spamassassin/25_hashcash.cf > >>>> [21668] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/25_razor2.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/25_replace.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/25_spf.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/25_textcat.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/25_uribl.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/30_text_de.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/30_text_it.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf >>>> [21668] dbg: config: read file >>>> >>>> >>>> >>> /usr/share/spamassassin/30_text_pt_br.cf >>> >>> >>> >>>> [21668] dbg: config: read file /usr/share/spamassassin/50_scores.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/60_awl.cf >>>> [21668] dbg: config: read file >>>> /usr/share/spamassassin/60_shortcircuit.cf >>>> [21668] dbg: config: read file >>>> >>>> >> /usr/share/spamassassin/60_whitelist.cf >> >> >>>> [21668] dbg: config: read file >>>> /usr/share/spamassassin/60_whitelist_dk.cf >>>> [21668] dbg: config: read file >>>> /usr/share/spamassassin/60_whitelist_dkim.cf >>>> [21668] dbg: config: read file >>>> /usr/share/spamassassin/60_whitelist_spf.cf >>>> [21668] dbg: config: read file >>>> /usr/share/spamassassin/60_whitelist_subject.cf >>>> [21668] dbg: config: read file /usr/share/spamassassin/72_active.cf >>>> [21668] dbg: config: using "/etc/mail/spamassassin" for site rules >>>> >>>> >> dir >> >> >>>> [21668] dbg: config: read file /etc/mail/spamassassin/local.cf >>>> [21668] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf >>>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL >>>> >>>> >> from >> >> >>>> @INC >>>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash >>>> >>>> >> from >> >> >>>> @INC >>>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from >>>> >>>> >> @INC >> >> >>>> [21668] dbg: plugin: loading >>>> > Mail::SpamAssassin::Plugin::RelayCountry > >>>> from @INC >>>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from >>>> @INC >>>> [21668] dbg: razor2: razor2 is available, version 2.84 >>>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from >>>> >>>> >> @INC >> >> >>>> [21668] dbg: dcc: network tests on, registering DCC >>>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from >>>> >>>> >>>> >>> @INC >>> >>> >>> >>>> [21668] dbg: pyzor: network tests on, attempting Pyzor >>>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from >>>> @INC >>>> [21668] dbg: razor2: razor2 is available, version 2.84 >>>> [21668] dbg: plugin: did not register >>>> Mail::SpamAssassin::Plugin::Razor2=HASH(0xb3cdb30), already >>>> >>>> >> registered >> >> >>>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop >>>> > from > >>>> @INC >>>> [21668] dbg: reporter: network tests on, attempting SpamCop >>>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from >>>> >>>> >> @INC >> >> >>>> [21668] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >>>> [21668] dbg: plugin: loading >>>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >>>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader >>>> >>>> >>>> >>> from >>> >>> >>> >>>> @INC >>>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags >>>> from @INC >>>> [21668] dbg: plugin: loading >>>> > Mail::SpamAssassin::Plugin::RelayCountry > >>>> from @INC >>>> [21668] dbg: plugin: did not register >>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xb823524), already >>>> registered >>>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from >>>> >>>> >> @INC >> >> >>>> [21668] dbg: plugin: did not register >>>> Mail::SpamAssassin::Plugin::SPF=HASH(0xb7d3ed8), already registered >>>> [21668] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL >>>> >>>> >> from >> >> >>>> @INC >>>> [21668] dbg: plugin: did not register >>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xb30a6a8), already >>>> >>>> >>>> >>> registered >>> >>> >>> >>>> config: configuration file >>>> >>>> >> "/usr/share/spamassassin/20_advance_fee.cf" >> >> >>>> requires version 3.001009 of SpamAssassin, but this is code version >>>> 3.002003. Maybe you need to use the -C switch, or remove the old >>>> >>>> >>>> >>> config >>> >>> >>> >>>> files? Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>>> 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/20_advance_fee.cf" requires version >>>> > 3.001009 > >>>> >>>> >>>> >>> of >>> >>> >>> >>>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>>> >>>> >> use >> >> >>>> the -C switch, or remove the old config files? Skipping this file >>>> config: configuration file >>>> > "/usr/share/spamassassin/20_body_tests.cf" > >>>> requires version 3.001009 of SpamAssassin, but this is code version >>>> 3.002003. Maybe you need to use the -C switch, or remove the old >>>> >>>> >>>> >>> config >>> >>> >>> >>>> files? Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>>> 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/20_body_tests.cf" requires version 3.001009 >>>> >>>> >>>> >>> of >>> >>> >>> >>>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>>> >>>> >> use >> >> >>>> the -C switch, or remove the old config files? Skipping this file >>>> config: configuration file >>>> > "/usr/share/spamassassin/20_compensate.cf" > >>>> requires version 3.001009 of SpamAssassin, but this is code version >>>> 3.002003. Maybe you need to use the -C switch, or remove the old >>>> >>>> >>>> >>> config >>> >>> >>> >>>> files? Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>>> 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/20_compensate.cf" requires version 3.001009 >>>> >>>> >>>> >>> of >>> >>> >>> >>>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>>> >>>> >> use >> >> >>>> the -C switch, or remove the old config files? Skipping this file >>>> config: configuration file >>>> >>>> >> "/usr/share/spamassassin/20_dnsbl_tests.cf" >> >> >>>> requires version 3.001009 of SpamAssassin, but this is code version >>>> 3.002003. Maybe you need to use the -C switch, or remove the old >>>> >>>> >>>> >>> config >>> >>> >>> >>>> files? Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>>> 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/20_dnsbl_tests.cf" requires version >>>> > 3.001009 > >>>> >>>> >>>> >>> of >>> >>> >>> >>>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>>> >>>> >> use >> >> >>>> the -C switch, or remove the old config files? Skipping this file >>>> config: configuration file "/usr/share/spamassassin/20_drugs.cf" >>>> requires version 3.001009 of SpamAssassin, but this is code version >>>> 3.002003. Maybe you need to use the -C switch, or remove the old >>>> >>>> >>>> >>> config >>> >>> >>> >>>> files? Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>>> 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/20_drugs.cf" requires version 3.001009 of >>>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>>> >>>> >> use >> >> >>>> the -C switch, or remove the old config files? Skipping this file >>>> config: configuration file >>>> "/usr/share/spamassassin/20_fake_helo_tests.cf" requires version >>>> 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe >>>> >>>> >> you >> >> >>>> need to use the -C switch, or remove the old config files? Skipping >>>> >>>> >>>> >>> this >>> >>> >>> >>>> file at >>>> >>>> >>>> >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm >>> >>> >>> >>>> line 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/20_fake_helo_tests.cf" requires version >>>> 3.001009 of SpamAssassin, but this is code version 3.002003. Maybe >>>> >>>> >> you >> >> >>>> need to use the -C switch, or remove the old config files? Skipping >>>> >>>> >>>> >>> this >>> >>> >>> >>>> file >>>> config: configuration file >>>> > "/usr/share/spamassassin/20_head_tests.cf" > >>>> requires version 3.001009 of SpamAssassin, but this is code version >>>> 3.002003. Maybe you need to use the -C switch, or remove the old >>>> >>>> >>>> >>> config >>> >>> >>> >>>> files? Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>>> 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/20_head_tests.cf" requires version 3.001009 >>>> >>>> >>>> >>> of >>> >>> >>> >>>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>>> >>>> >> use >> >> >>>> the -C switch, or remove the old config files? Skipping this file >>>> config: configuration file >>>> > "/usr/share/spamassassin/20_html_tests.cf" > >>>> requires version 3.001009 of SpamAssassin, but this is code version >>>> 3.002003. Maybe you need to use the -C switch, or remove the old >>>> >>>> >>>> >>> config >>> >>> >>> >>>> files? Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>>> 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/20_html_tests.cf" requires version 3.001009 >>>> >>>> >>>> >>> of >>> >>> >>> >>>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>>> >>>> >> use >> >> >>>> the -C switch, or remove the old config files? Skipping this file >>>> config: configuration file >>>> > "/usr/share/spamassassin/20_meta_tests.cf" > >>>> requires version 3.001009 of SpamAssassin, but this is code version >>>> 3.002003. Maybe you need to use the -C switch, or remove the old >>>> >>>> >>>> >>> config >>> >>> >>> >>>> files? Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>>> 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/20_meta_tests.cf" requires version 3.001009 >>>> >>>> >>>> >>> of >>> >>> >>> >>>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>>> >>>> >> use >> >> >>>> the -C switch, or remove the old config files? Skipping this file >>>> config: configuration file "/usr/share/spamassassin/20_net_tests.cf" >>>> requires version 3.001009 of SpamAssassin, but this is code version >>>> 3.002003. Maybe you need to use the -C switch, or remove the old >>>> >>>> >>>> >>> config >>> >>> >>> >>>> files? Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>>> 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/20_net_tests.cf" requires version 3.001009 >>>> >>>> >> of >> >> >>>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>>> >>>> >> use >> >> >>>> the -C switch, or remove the old config files? Skipping this file >>>> config: configuration file "/usr/share/spamassassin/20_phrases.cf" >>>> requires version 3.001009 of SpamAssassin, but this is code version >>>> 3.002003. Maybe you need to use the -C switch, or remove the old >>>> >>>> >>>> >>> config >>> >>> >>> >>>> files? Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>>> 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/20_phrases.cf" requires version 3.001009 of >>>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>>> >>>> >> use >> >> >>>> the -C switch, or remove the old config files? Skipping this file >>>> config: configuration file "/usr/share/spamassassin/20_porn.cf" >>>> >>>> >>>> >>> requires >>> >>> >>> >>>> version 3.001009 of SpamAssassin, but this is code version 3.002003. >>>> Maybe you need to use the -C switch, or remove the old config files? >>>> Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>>> 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/20_porn.cf" requires version 3.001009 of >>>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>>> >>>> >> use >> >> >>>> the -C switch, or remove the old config files? Skipping this file >>>> config: configuration file "/usr/share/spamassassin/20_uri_tests.cf" >>>> requires version 3.001009 of SpamAssassin, but this is code version >>>> 3.002003. Maybe you need to use the -C switch, or remove the old >>>> >>>> >>>> >>> config >>> >>> >>> >>>> files? Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>>> 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/20_uri_tests.cf" requires version 3.001009 >>>> >>>> >> of >> >> >>>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>>> >>>> >> use >> >> >>>> the -C switch, or remove the old config files? Skipping this file >>>> config: configuration file "/usr/share/spamassassin/23_bayes.cf" >>>> requires version 3.001009 of SpamAssassin, but this is code version >>>> 3.002003. Maybe you need to use the -C switch, or remove the old >>>> >>>> >>>> >>> config >>> >>> >>> >>>> files? Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line >>>> 372. >>>> [21668] info: config: configuration file >>>> "/usr/share/spamassassin/23_bayes.cf" requires version 3.001009 of >>>> SpamAssassin, but this is code version 3.002003. Maybe you need to >>>> >>>> >> use >> >> >>>> the -C switch, or remove the old config files? Skipping this file >>>> config: 'uridnsbl_timeout' is obsolete, use 'rbl_timeout' instead at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/URIDNSBL.pm >>>> >>>> >>>> >>> line >>> >>> >>> >>>> 396. >>>> [21668] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA >>>> [21668] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E >>>> [21668] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E >>>> __MO_OL_F3B05 >>>> [21668] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 >>>> __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A >>>> > __XM_OL_812FF > >>>> __XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01 >>>> [21668] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA >>>> [21668] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: >>>> HS_SUBJ_NEW_SOFTWARE >>>> [21668] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A >>>> [21668] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 >>>> __MO_OL_CF0C0 >>>> [21668] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15 >>>> KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6 >>>> [21668] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C >>>> __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 >>>> > __XM_OL_B30D1 > >>>> __XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8 >>>> [21668] dbg: rules: __XM_OL_5E7ED merged duplicates: __XM_OL_D03AB >>>> [21668] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 >>>> __MO_OL_ADFF7 >>>> [21668] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6 >>>> [21668] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB >>>> __MO_OL_7533E >>>> [21668] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40 >>>> [21668] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: >>>> >>>> >> __HAS_ANY_URI >> >> >>>> [21668] dbg: rules: __XM_OL_C7C33 merged duplicates: __XM_OL_C9068 >>>> __XM_OL_EF20B >>>> [21668] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E >>>> [21668] dbg: rules: __MO_OL_5E7ED merged duplicates: __MO_OL_C7C33 >>>> [21668] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8 >>>> [21668] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01 >>>> [21668] dbg: conf: finish parsing >>>> [21668] dbg: plugin: >>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xb8234a0) implements >>>> 'finish_parsing_end', priority 0 >>>> [21668] dbg: replacetags: replacing tags >>>> [21668] dbg: replacetags: done replacing tags >>>> [21668] dbg: bayes: no dbs present, cannot tie DB R/O: >>>> /root/.spamassassin/bayes_toks >>>> [21668] dbg: config: score set 1 chosen. >>>> [21668] dbg: message: main message type: text/plain >>>> [21668] dbg: message: ---- MIME PARSER START ---- >>>> [21668] dbg: message: parsing normal part >>>> [21668] dbg: message: ---- MIME PARSER END ---- >>>> [21668] dbg: bayes: no dbs present, cannot tie DB R/O: >>>> /root/.spamassassin/bayes_toks >>>> check: no loaded plugin implements 'check_main': cannot scan! at >>>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm >>>> > line > >>>> 164. >>>> >>>> I see some errors that tell me SA is looking for an older version? >>>> >>>> >>>> >>> And >>> >>> >>> >>>> this error at the end, I have no idea where to start there. >>>> >>>> Blaze King >>>> Lake County Office of Education >>>> >>>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>>> Martin.Hepworth >>>> Sent: Monday, September 24, 2007 1:04 AM >>>> To: MailScanner discussion >>>> Subject: RE: mailscanner restarts when using spamassassin >>>> >>>> Blaze >>>> >>>> What does "MailScanner --debug --debug-sa" give you? >>>> >>>> -- >>>> Martin Hepworth >>>> Snr Systems Administrator >>>> Solid State Logic >>>> Tel: +44 (0)1865 842300 >>>> >>>> >>>> >>>> >>>>> -----Original Message----- >>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>> >>>>> >>>>> >>> [mailto:mailscanner- >>> >>> >>> >>>>> bounces@lists.mailscanner.info] On Behalf Of Blaze King >>>>> Sent: 24 September 2007 04:55 >>>>> To: MailScanner discussion >>>>> Subject: RE: mailscanner restarts when using spamassassin >>>>> >>>>> An update: >>>>> >>>>> >>>>> >>>>> Sendmail is working fine now. (I had something wrong in the mc >>>>> >>>>> >>>>> >>> file). >>> >>> >>> >>>>> Now I've re-installed the tarball for ClamAV and SA and >>>>> > Mailscanner, > >>>>> doesn't seem to make any difference. I also used my old >>>>> >>>>> >>>>> >>>> MailScanner.conf >>>> >>>> >>>> >>>>> from my old server (ver. 4.58). Nothing changes the results I was >>>>> >>>>> >>>>> >>>> finding >>>> >>>> >>>> >>>>> below. Spam Checks work, but SpamAssassin isn't. Also, forgot to >>>>> >>>>> >>>>> >>>> mention >>>> >>>> >>>> >>>>> previously, this is on CentOS 5. >>>>> >>>>> >>>>> >>>>> On top of that my MailWatch install has a feature I forgot how to >>>>> >>>>> >>>>> >>>> enable: >>>> >>>> >>>> >>>>> Viewing the message body. >>>>> >>>>> >>>>> >>>>> Any ideas on what I'm probably doing wrong? >>>>> >>>>> >>>>> >>>>> Blaze King >>>>> >>>>> blazek@lake-coe.k12.ca.us >>>>> >>>>> >>>>> >>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>> >>>>> >>>>> >>> [mailto:mailscanner- >>> >>> >>> >>>>> bounces@lists.mailscanner.info] On Behalf Of Blaze King >>>>> Sent: Sunday, September 23, 2007 4:26 PM >>>>> To: mailscanner@lists.mailscanner.info >>>>> Subject: mailscanner restarts when using spamassassin >>>>> >>>>> >>>>> >>>>> Ok here's one that stumping me... >>>>> >>>>> >>>>> >>>>> This is a new installation... When I have "Use Spamassassin = yes" >>>>> >>>>> >>>>> >>> in >>> >>> >>> >>>>> MailScanner.conf, no messages are processed. When I set that to >>>>> > no, > >>>>> >>>>> >>>>> >>>> then >>>> >>>> >>>> >>>>> everything works ok. spamassassin -D --lint doesn't produce any >>>>> >>>>> >>>>> >>>> errors. >>>> >>>> >>>> >>>>> Not sure if it's needed, but here's some background info: >>>>> >>>>> >>>>> >>>>> (also, as a note, I noticed while writing all this that sendmail is >>>>> >>>>> >>>>> >>>> giving >>>> >>>> >>>> >>>>> me some trouble... users can't send, but system messages and >>>>> >>>>> >>>>> >>> aliases >>> >>> >>> >>>> still >>>> >>>> >>>> >>>>> get sent... I don't know, maybe that's related) >>>>> >>>>> >>>>> >>>>> This is while installing onto a new server. Before installing >>>>> >>>>> >>>>> >>>> MailScanner >>>> >>>> >>>> >>>>> and because I was using MailWatch, I imported my old database into >>>>> >>>>> >>>>> >>>> mysql >>>> >>>> >>>> >>>>> on the new server. >>>>> >>>>> >>>>> >>>>> I followed the instructions in Quickinstall.txt: Installed >>>>> >>>>> >>>>> >>>>> > http://www.mailscanner.info/files/4/install-Clam-0.91.2-SA-3.2.3.tar.gz, > >> >> >>> >>> >>> >>>>> then installed MailScanner version 4.63.8-1 (also tried latest >>>>> >>>>> >>>>> >>> beta), >>> >>> >>> >>>>> upgraded conf file. After starting MailScanner, I see this in the >>>>> maillog: >>>>> >>>>> >>>>> >>>>> This is with Spam Checks = Yes and Use Spamassassin = yes >>>>> >>>>> >>>>> >>>>> Sep 23 11:22:21 mail MailScanner[28810]: MailScanner E-Mail Virus >>>>> >>>>> >>>>> >>>> Scanner >>>> >>>> >>>> >>>>> version 4.64.1 starting... >>>>> Sep 23 11:22:21 mail MailScanner[28810]: Read 797 hostnames from >>>>> > the > >>>>> phishing whitelist >>>>> Sep 23 11:22:21 mail MailScanner[28810]: Read 1728 hostnames from >>>>> >>>>> >>>>> >>> the >>> >>> >>> >>>>> phishing blacklist >>>>> Sep 23 11:22:21 mail MailScanner[28810]: Config: calling custom >>>>> > init > >>>>> function MailWatchLogging >>>>> Sep 23 11:22:21 mail MailScanner[28810]: Started SQL Logging child >>>>> Sep 23 11:22:21 mail MailScanner[28810]: SpamAssassin temporary >>>>> >>>>> >>>>> >>>> working >>>> >>>> >>>> >>>>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>>> Sep 23 11:22:21 mail MailScanner[28810]: Using SpamAssassin results >>>>> >>>>> >>>>> >>>> cache >>>> >>>> >>>> >>>>> Sep 23 11:22:21 mail MailScanner[28810]: Connected to SpamAssassin >>>>> >>>>> >>>>> >>>> cache >>>> >>>> >>>> >>>>> database >>>>> Sep 23 11:22:26 mail MailScanner[28819]: MailScanner E-Mail Virus >>>>> >>>>> >>>>> >>>> Scanner >>>> >>>> >>>> >>>>> version 4.64.1 starting... >>>>> Sep 23 11:22:26 mail MailScanner[28819]: Read 797 hostnames from >>>>> > the > >>>>> phishing whitelist >>>>> Sep 23 11:22:26 mail MailScanner[28819]: Read 1728 hostnames from >>>>> >>>>> >>>>> >>> the >>> >>> >>> >>>>> phishing blacklist >>>>> Sep 23 11:22:26 mail MailScanner[28819]: Config: calling custom >>>>> > init > >>>>> function MailWatchLogging >>>>> Sep 23 11:22:26 mail MailScanner[28819]: Started SQL Logging child >>>>> Sep 23 11:22:26 mail MailScanner[28819]: SpamAssassin temporary >>>>> >>>>> >>>>> >>>> working >>>> >>>> >>>> >>>>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>>> Sep 23 11:22:26 mail MailScanner[28819]: Using SpamAssassin results >>>>> >>>>> >>>>> >>>> cache >>>> >>>> >>>> >>>>> Sep 23 11:22:26 mail MailScanner[28819]: Connected to SpamAssassin >>>>> >>>>> >>>>> >>>> cache >>>> >>>> >>>> >>>>> database >>>>> Sep 23 11:22:31 mail MailScanner[28822]: MailScanner E-Mail Virus >>>>> >>>>> >>>>> >>>> Scanner >>>> >>>> >>>> >>>>> version 4.64.1 starting... >>>>> Sep 23 11:22:31 mail MailScanner[28822]: Read 797 hostnames from >>>>> > the > >>>>> phishing whitelist >>>>> Sep 23 11:22:31 mail MailScanner[28822]: Read 1728 hostnames from >>>>> >>>>> >>>>> >>> the >>> >>> >>> >>>>> phishing blacklist >>>>> Sep 23 11:22:31 mail MailScanner[28822]: Config: calling custom >>>>> > init > >>>>> function MailWatchLogging >>>>> Sep 23 11:22:31 mail MailScanner[28822]: Started SQL Logging child >>>>> Sep 23 11:22:31 mail MailScanner[28822]: SpamAssassin temporary >>>>> >>>>> >>>>> >>>> working >>>> >>>> >>>> >>>>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>>> Sep 23 11:22:31 mail MailScanner[28822]: Using SpamAssassin results >>>>> >>>>> >>>>> >>>> cache >>>> >>>> >>>> >>>>> Sep 23 11:22:31 mail MailScanner[28822]: Connected to SpamAssassin >>>>> >>>>> >>>>> >>>> cache >>>> >>>> >>>> >>>>> database >>>>> >>>>> (repeats over and over, same thing) >>>>> >>>>> >>>>> >>>>> Here's Spam Checks = Yes and Use Spamassassin = No >>>>> >>>>> >>>>> >>>>> Sep 23 11:24:42 mail MailScanner[29127]: MailScanner E-Mail Virus >>>>> >>>>> >>>>> >>>> Scanner >>>> >>>> >>>> >>>>> version 4.64.1 starting... >>>>> Sep 23 11:24:42 mail MailScanner[29127]: Read 797 hostnames from >>>>> > the > >>>>> phishing whitelist >>>>> Sep 23 11:24:42 mail MailScanner[29127]: Read 1728 hostnames from >>>>> >>>>> >>>>> >>> the >>> >>> >>> >>>>> phishing blacklist >>>>> Sep 23 11:24:42 mail MailScanner[29127]: Config: calling custom >>>>> > init > >>>>> function MailWatchLogging >>>>> Sep 23 11:24:42 mail MailScanner[29127]: Started SQL Logging child >>>>> Sep 23 11:24:42 mail MailScanner[29127]: SpamAssassin temporary >>>>> >>>>> >>>>> >>>> working >>>> >>>> >>>> >>>>> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>>> Sep 23 11:24:42 mail MailScanner[29127]: Using locktype = posix >>>>> Sep 23 11:24:42 mail MailScanner[29127]: Creating hardcoded >>>>> >>>>> >>>>> >>>> struct_flock >>>> >>>> >>>> >>>>> subroutine for linux (Linux-type) >>>>> Sep 23 11:25:19 mail MailScanner[29124]: New Batch: Scanning 1 >>>>> >>>>> >>>>> >>>> messages, >>>> >>>> >>>> >>>>> 1520 bytes >>>>> Sep 23 11:25:20 mail MailScanner[29124]: Spam Checks: Found 1 spam >>>>> messages >>>>> Sep 23 11:25:20 mail MailScanner[29124]: Virus and Content >>>>> > Scanning: > >>>>> Starting >>>>> Sep 23 11:25:22 mail MailScanner[29124]: Uninfected: Delivered 1 >>>>> >>>>> >>>>> >>>> messages >>>> >>>> >>>> >>>>> Sep 23 11:25:22 mail MailScanner[29124]: Logging message >>>>> >>>>> >>>>> >>>> l8NIPI9f029181 to >>>> >>>> >>>> >>>>> SQL >>>>> Sep 23 11:25:22 mail MailScanner[29091]: l8NIPI9f029181: Logged to >>>>> MailWatch SQL >>>>> >>>>> (seems to work ok without spamassassin) >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> Any ideas? Thanks! >>>>> >>>>> >>>>> >>>>> Blaze King >>>>> >>>>> Lake County Office of Education >>>>> >>>>> (707) 262-4147 >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>> >> ********************************************************************** >> >> >>>> Confidentiality : This e-mail and any attachments are intended for >>>> >>>> >> the >> >> >>>> addressee only and may be confidential. If they come to you in error >>>> you must take no action based on them, nor must you copy or show >>>> > them > >>>> to anyone. Please advise the sender by replying to this e-mail >>>> immediately and then delete the original from your computer. >>>> Opinion : Any opinions expressed in this e-mail are entirely those >>>> > of > >>>> the author and unless specifically stated to the contrary, are not >>>> necessarily those of the author's employer. >>>> Security Warning : Internet e-mail is not necessarily a secure >>>> communications medium and can be subject to data corruption. We >>>> >>>> >> advise >> >> >>>> that you consider this fact when e-mailing us. >>>> Viruses : We have taken steps to ensure that this e-mail and any >>>> attachments are free from known viruses but in keeping with good >>>> computing practice, you should ensure that they are virus free. >>>> >>>> Red Lion 49 Ltd T/A Solid State Logic >>>> Registered as a limited company in England and Wales >>>> (Company No:5362730) >>>> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >>>> United Kingdom >>>> >>>> >>>> >> ********************************************************************** >> >> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>> >>> > ********************************************************************** > >>> Confidentiality : This e-mail and any attachments are intended for >>> > the > >>> >>> >> >> >>> addressee only and may be confidential. If they come to you in error >>> you must take no action based on them, nor must you copy or show them >>> > > >>> to anyone. Please advise the sender by replying to this e-mail >>> immediately and then delete the original from your computer. >>> Opinion : Any opinions expressed in this e-mail are entirely those of >>> > > >>> the author and unless specifically stated to the contrary, are not >>> necessarily those of the author's employer. >>> Security Warning : Internet e-mail is not necessarily a secure >>> communications medium and can be subject to data corruption. We >>> > advise > >>> >>> >> >> >>> that you consider this fact when e-mailing us. >>> Viruses : We have taken steps to ensure that this e-mail and any >>> attachments are free from known viruses but in keeping with good >>> computing practice, you should ensure that they are virus free. >>> >>> Red Lion 49 Ltd T/A Solid State Logic >>> Registered as a limited company in England and Wales >>> (Company No:5362730) >>> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >>> United Kingdom >>> >>> > ********************************************************************** > >>> >>> >>> >> Jules >> >> >> > > Jules > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From stork at openenterprise.ca Mon Sep 24 23:20:54 2007 From: stork at openenterprise.ca (Johnny Stork) Date: Mon Sep 24 23:21:00 2007 Subject: Installing and Configuring DCC Message-ID: <46F83846.8050300@openenterprise.ca> Well I think I am moving along with this fresh MS re-install but I seem to be having trouble with DCC. I believe razor2 and pyzor are working fine, and I actually followed some of the steps from the url below, but I dont think DCC is working or configured correctly. http://www.leap-cf.org/presentations/MailScanner/MailScanner.html #### But when I try to start the DCC service I get [root@gateway bayes]# service DCC start start-grey-dccd: cannot start greylist dcccd because dccd has not been installed start-dccifd: cannot start dccifd because it has not been installed ##### And in /var/log/maillog I see these Sep 24 15:18:03 gateway dccproc[12504]: sendto(dcc1.dcc-servers.net (209.169.14.29,6277)) from 0.0.0.0,33157: Operation not permitted #####I have also opened outoing/incoming udp ports 6277 ######cddd info returms the following: [root@gateway bayes]# cdcc info # 09/24/07 15:18:53 PDT /var/dcc/map # Re-resolve names after 16:53:54 # 12 total, 0 working servers # skipping asking DCC server 974 seconds more IPv6 off dcc1.dcc-servers.net,- RTT+1000 ms anon # 136.161.101.6,- # not answering # 209.169.14.29,- # not answering # 209.169.14.30,- # not answering dcc2.dcc-servers.net,- RTT+1000 ms anon # 203.81.36.6,- # not answering # 216.240.97.12,- # not answering dcc3.dcc-servers.net,- RTT+1000 ms anon # 64.124.52.232,- # not answering # 216.134.200.215,- # not answering dcc4.dcc-servers.net,- RTT+1000 ms anon # 194.228.41.73,- # not answering # 209.169.14.27,- # not answering dcc5.dcc-servers.net,- RTT+1000 ms anon # 67.66.138.141,- # not answering # 80.69.8.186,- # not answering # 192.84.137.21,- # not answering -- *Johnny Stork* Business & Technology Consultant stork@openenterprise.ca From blazek at lake-coe.k12.ca.us Mon Sep 24 23:42:07 2007 From: blazek at lake-coe.k12.ca.us (Blaze King) Date: Mon Sep 24 23:41:31 2007 Subject: mailwatch feature - viewing message body In-Reply-To: <46F772D3.2070703@fsl.com> References: <46F772D3.2070703@fsl.com> Message-ID: SELinux is disabled, the permissions on the quarantine directory are the same since last install (it's a remote Windows filesystem mounted with CIFS). The link to view the message body in MailWatch just isn't there. Blaze King -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Freegard Sent: Monday, September 24, 2007 1:18 AM To: MailScanner discussion Subject: Re: mailscanner restarts when using spamassassin Blaze King wrote: > On top of that my MailWatch install has a feature I forgot how to > enable: Viewing the message body. Remembered to disable SELinux? Set the permissions correctly on your quarantine directory and sub-directories etc. It's all in the INSTALL docs. Regards, Steve. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mkettler at evi-inc.com Tue Sep 25 00:10:23 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Sep 25 00:11:08 2007 Subject: Installing and Configuring DCC In-Reply-To: <46F83846.8050300@openenterprise.ca> References: <46F83846.8050300@openenterprise.ca> Message-ID: <46F843DF.2020300@evi-inc.com> Johnny Stork wrote: > Well I think I am moving along with this fresh MS re-install but I seem > to be having trouble with DCC. I believe razor2 and pyzor are working > fine, and I actually followed some of the steps from the url below, but > I dont think DCC is working or configured correctly. > > http://www.leap-cf.org/presentations/MailScanner/MailScanner.html > > > #### But when I try to start the DCC service I get > > [root@gateway bayes]# service DCC start > start-grey-dccd: cannot start greylist dcccd because dccd has not been > installed > start-dccifd: cannot start dccifd because it has not been installed Normally you don't need to run DCC as a service in order to use it within SpamAssassin. That said, if you were going to run it as a service on anything but a very large network, you'd probably want to run dccifd, but you didn't install that component of DCC. This isn't really that big a deal, but does shave a few milliseconds off each DCC check. If you had a very large network (> 100k emails a day) you'd use dccd, but that's getting a bit more advanced. using dccd is usually done for bandwidth reasons. Floods are large, but above 100k emails/day the total bandwidth used by all the queries is larger than the floods. > > #####I have also opened outoing/incoming udp ports 6277 > > ######cddd info returms the following: > > > [root@gateway bayes]# cdcc info > # 09/24/07 15:18:53 PDT /var/dcc/map > # Re-resolve names after 16:53:54 # 12 total, 0 working servers > # skipping asking DCC server 974 seconds more > IPv6 off > > dcc1.dcc-servers.net,- RTT+1000 ms anon > # 136.161.101.6,- # not answering > # 209.169.14.29,- # not answering > # 209.169.14.30,- # not answering Are you sure you opened udp 6277? Does running cdcc RTT as root (which forces a retest of all the servers, where info does not) show anything different? From glenn.steen at gmail.com Tue Sep 25 08:50:53 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Sep 25 08:50:56 2007 Subject: Second AV Scanner Suggestions In-Reply-To: <46F80209.7020508@ecs.soton.ac.uk> References: <200709241357.01840.dyioulos@firstbhph.com> <46F7FB93.4050703@openenterprise.ca> <223f97700709241117hb1d8f45n76443671e2e03d78@mail.gmail.com> <46F80209.7020508@ecs.soton.ac.uk> Message-ID: <223f97700709250050q1f6b8f7dwa7286dff970a7b10@mail.gmail.com> On 24/09/2007, Julian Field wrote: > > > Glenn Steen wrote: > > On 24/09/2007, Johnny Stork wrote: > > > >> Thanks to everyone that has responded. I went with BitDefender. > >> > >> Now how can I confirm it is actually being used? I updated "Virus > >> Scanners = clamd bitdefender" but how do I know its being used? > >> > >> > > MailScanner --lint > > ... if you have a reasonably fresh install of MS, that will do a test > > run with EICAR for all your defined scanners. > > > > If I'd choose anything extra ATM, I would be a bit ... hesitant... > > about BitDefender. It is a tad "fat" on resources. It does do a good > > job (I've been happy with BDC, ClamAV and McAfee (which we have "for > > free" by way of our site license), each has taken turn in "getting at > > the bad stuff", don't get me wrong), but ... the new version needs > > support (I've been away for a while, haven't checked the latest beta > > of MS... might be there:) in MS... It installs to a new location and > > has renamed the scanner from bdc to bdscanner... and maybe more... > > > What changes do you think I need to make to the distribution? I didn't > know about this. There was a thread about it (amongst other things) last week, or the week before... What I *think* is needed is basically a test for bdc or bdscan (and a change to the install directory in virus.scanners.conf)... perhaps a change to use double-dash on the long options (if you don't do that already... I'm busy playing DBA this week... don't have time to check things properly:-). The new package installs to /opt/Bitdefender-scanner, so that change should be trivial. My suspiocion is that they've basically changed as little as possible, just enough to foist the new license on us... If you have the 7.0/7.1 RPM installed, the install of the 7.5 package will replace it... Kind of shows what they think:-). Anyway, it _should_ be rather trivial to implement support for the latest and greatest release:-). I still think it worth the effort, supporting it as a truly commercial scanner... But as said above... I'm fairly busy with real work ATM, being DBA and FW-adm virtually at the same time, putting out the fires that "just happened" during the long weekend ... Kind of a punishment for having fun in Italy:-):-). > > I'd look elsewhere... f-prot, f-secure ... there are a lot of scanners > > out there that do an OK job. > > > One of the reasons I like f-prot is that it is very light on resources > and is very fast. > > Jules > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Sep 25 08:56:40 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Sep 25 08:56:42 2007 Subject: Second AV Scanner Suggestions In-Reply-To: <46F80E17.6050803@ecs.soton.ac.uk> References: <46F7E5DD.1070607@openenterprise.ca> <46F7FC0F.20703@ecs.soton.ac.uk> <46F8024D.3090008@openenterprise.ca> <46F80E17.6050803@ecs.soton.ac.uk> Message-ID: <223f97700709250056p203b9016w4f21d908d58bfefd@mail.gmail.com> On 24/09/2007, Julian Field wrote: > In which case, please try this: > 1) In /etc/MailScanner/virus.scanners.conf, set this > bitdefender /usr/lib/MailScanner/bitdefender-wrapper > /opt/BitDefender-scanner/bin > 2) In /usr/lib/MailScanner/bitdefender-wrapper, change this line (around > line 33) > prog=bdc > to this > prog=bdscan > > Please give this a go and let me know if it works. > > Also, please try this for the bitdefender-autoupdate: > 1) Change this line (around line 132) > my $bitDefBinary = "bdc"; > to this > my $bitDefBinary = "bdscan"; > 2) Run update_virus_scanners > > Check the contents of /var/log/bitdefender_updater.log to see if it > worked or not. > > If someone can send me a fully-licensed version of BitDefender I'll try > to get all this stuff working for you. Does the widely-used free version > require these changes as well as the new one? No. > Will I break everyone's > bitdefender-based systems if I change this? Yes. > Otherwise I'll try to make it work with the old setup and the new one at > the same time. That would be best. As one can suspect, it seems they see it as a natural progression... While we (who use the old bdc thing) don't:-D. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Sep 25 09:00:12 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Sep 25 09:00:15 2007 Subject: Second AV Scanner Suggestions In-Reply-To: <46F81393.4090603@slackadelic.com> References: <46F7E5DD.1070607@openenterprise.ca> <46F7FC0F.20703@ecs.soton.ac.uk> <46F8024D.3090008@openenterprise.ca> <46F80F69.1040805@ecs.soton.ac.uk> <46F810BE.6020400@openenterprise.ca> <46F81393.4090603@slackadelic.com> Message-ID: <223f97700709250100o691fd9bej963202fd13b5b31@mail.gmail.com> On 24/09/2007, Matt Hayes wrote: > Johnny Stork wrote: > > I didnt realize there was no free version of bitdefender, or is there?? > > > > This I would like to know as well. I tried to implement bitdefender and > got the same results. However, I just gave up. :) Figured if it isn't > free.. forget about it... > > -Matt > The whole sum of that is: Not any more, at least not for anything other than personal use... And then you cannot include/use it in _ANY FORM OF SCRIPT AT ALL_.... Which is pretty useless, don't you think?;-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Sep 25 10:05:05 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Sep 25 10:05:07 2007 Subject: One user whitelisted, everyone gets the spam... In-Reply-To: <1190640122.12478.7.camel@gblades-suse.linguaphone-intranet.co.uk> References: <20070924131012.GA3205@mail.herald.co.uk> <1190640122.12478.7.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <223f97700709250205y5b599ba1q64adbe4f6bdaaf4a@mail.gmail.com> On 24/09/2007, Gareth wrote: > The only way I know is to configure the MTA to only allow one recipient > per message. The downside of this is that the mail to subsequent > recipients will only be received when the sender retries which means > there will be a delay. ? Not to my knowledge (and I wrote the "hackish" entry for postfix recipient splitting;-). The delay for Postfix is due to the need of a two inscance setup, not because of retry delays. The delay is very marginal, in most cases. If we did it at the SMTP stage, you would be correct, but the splitting is done (in the PF case) at delivery, hence the need for a dual-instance setup (where MailScanner&the hold-thing come into play in "the second" instance). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From m.anderlini at database.it Tue Sep 25 12:01:21 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Tue Sep 25 12:01:33 2007 Subject: Can not update rules_du_jour In-Reply-To: <223f97700709250205y5b599ba1q64adbe4f6bdaaf4a@mail.gmail.com> References: <20070924131012.GA3205@mail.herald.co.uk><1190640122.12478.7.camel@gblades-suse.linguaphone-intranet.co.uk> <223f97700709250205y5b599ba1q64adbe4f6bdaaf4a@mail.gmail.com> Message-ID: <008601c7ff63$67d95510$2301a8c0@dbdomain.database.it> Hello, I run manualy rules_du_jour_wrapper, I've noticed that rules never gets updated. For example for this rules I get this msg: =========================== 70_sare_stocks.cf was up to date [skipped downloading of http://rulesemporium.com/rules/70_sare_stocks.cf ] ... No files updated; No restart required. =========================== And this is similar for all other rules. What could be wrong ? Thanks a lot -- Messaggio verificato dal servizio antivirus di Database Informatica From a.peacock at chime.ucl.ac.uk Tue Sep 25 12:09:55 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Tue Sep 25 12:10:00 2007 Subject: Can not update rules_du_jour In-Reply-To: <008601c7ff63$67d95510$2301a8c0@dbdomain.database.it> References: <20070924131012.GA3205@mail.herald.co.uk><1190640122.12478.7.camel@gblades-suse.linguaphone-intranet.co.uk> <223f97700709250205y5b599ba1q64adbe4f6bdaaf4a@mail.gmail.com> <008601c7ff63$67d95510$2301a8c0@dbdomain.database.it> Message-ID: <46F8EC83.8090108@chime.ucl.ac.uk> Marcello Anderlini wrote: > Hello, I run manualy rules_du_jour_wrapper, I've noticed that rules never > gets updated. > For example for this rules I get this msg: > =========================== > 70_sare_stocks.cf was up to date [skipped downloading of > http://rulesemporium.com/rules/70_sare_stocks.cf ] ... > No files updated; No restart required. > =========================== > > And this is similar for all other rules. > > What could be wrong ? Check the RulesEmporium web site to see if they have actually been updated recently. I don't think there has been any updated or new rules for a while. But I have changed to using sa-update instead of rules_du_jour. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "A CAT scan should take less time than a PET scan. For a CAT scan, they're only looking for one thing, whereas a PET scan could result in a lot of things." - Carl Princi, 2002/07/19 From martinh at solidstatelogic.com Tue Sep 25 12:10:02 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Sep 25 12:10:08 2007 Subject: Can not update rules_du_jour In-Reply-To: <008601c7ff63$67d95510$2301a8c0@dbdomain.database.it> Message-ID: <1cee5bbc1ccbbd46848bbaee818b410d@solidstatelogic.com> Perhaps the rules haven't been updated! -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Marcello Anderlini > Sent: 25 September 2007 12:01 > To: MailScanner discussion > Subject: Can not update rules_du_jour > > Hello, I run manualy rules_du_jour_wrapper, I've noticed that rules never > gets updated. > For example for this rules I get this msg: > =========================== > 70_sare_stocks.cf was up to date [skipped downloading of > http://rulesemporium.com/rules/70_sare_stocks.cf ] ... > No files updated; No restart required. > =========================== > > And this is similar for all other rules. > > What could be wrong ? > > Thanks a lot > > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From ms-list at alexb.ch Tue Sep 25 12:10:58 2007 From: ms-list at alexb.ch (Alex Broens) Date: Tue Sep 25 12:11:02 2007 Subject: Can not update rules_du_jour In-Reply-To: <008601c7ff63$67d95510$2301a8c0@dbdomain.database.it> References: <20070924131012.GA3205@mail.herald.co.uk><1190640122.12478.7.camel@gblades-suse.linguaphone-intranet.co.uk> <223f97700709250205y5b599ba1q64adbe4f6bdaaf4a@mail.gmail.com> <008601c7ff63$67d95510$2301a8c0@dbdomain.database.it> Message-ID: <46F8ECC2.4050603@alexb.ch> On 9/25/2007 1:01 PM, Marcello Anderlini wrote: > Hello, I run manualy rules_du_jour_wrapper, I've noticed that rules never > gets updated. > For example for this rules I get this msg: > =========================== > 70_sare_stocks.cf was up to date [skipped downloading of > http://rulesemporium.com/rules/70_sare_stocks.cf ] ... > No files updated; No restart required. > =========================== > > And this is similar for all other rules. > > What could be wrong ? > maybe SARE hasn't updated the files in ages? :-) # Modified: 2007-08-18 .-) Alex From martelm at quark.vsc.edu Tue Sep 25 13:00:20 2007 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Tue Sep 25 13:00:44 2007 Subject: MailScanner 4.63.8 lint errors Message-ID: Greetings! I'm trying to upgrade to the latest version of MailScanner and --lint is giving me this output. Any thoughts as to what it means ? This is on an older RedHat 7.3 box, that is scheduled to be rebuilt soon. Thanks! [root@hemlock bin]# ./MailScanner --lint Checking version numbers... Version number in MailScanner.conf (4.63.8) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamav bitdefender f-prot" Found these virus scanners installed: bitdefender, clamav, mcafee, f-prot =========================================================================== Ignore errors about failing to find EOCD signature sysseek() on unopened filehandle at /opt/MailScanner/lib/MailScanner/SMDiskStore.pm line 608. sysseek() on unopened filehandle at /opt/MailScanner/lib/MailScanner/SMDiskStore.pm line 609. sysseek() on unopened filehandle at /opt/MailScanner/lib/MailScanner/SMDiskStore.pm line 620. sysseek() on unopened filehandle at /opt/MailScanner/lib/MailScanner/SMDiskStore.pm line 621. format error: can't find EOCD signature at ./MailScanner line 458 Use of uninitialized value in concatenation (.) or string at /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2652, line 1. Use of uninitialized value in numeric gt (>) at /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2060, line 3. Argument "4.6.6" isn't numeric in numeric gt (>) at /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2060, line 4. Use of uninitialized value in numeric gt (>) at /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2060, line 7. Use of uninitialized value in numeric gt (>) at /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2060, line 8. Use of uninitialized value in numeric gt (>) at /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2060, line 9. Use of uninitialized value in numeric gt (>) at /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2060, line 10. Use of uninitialized value in numeric gt (>) at /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2060, line 11. Use of uninitialized value in hash element at /opt/MailScanner/lib/MailScanner/SweepOther.pm line 165. Use of uninitialized value in length at /opt/MailScanner/lib/MailScanner/SweepOther.pm line 131, line 8. Use of uninitialized value in hash element at /opt/MailScanner/lib/MailScanner/SweepOther.pm line 415. =========================================================================== Virus Scanner test reports: ClamAV said "eicar.com contains Eicar-Test-Signature" Bitdefender said "Found virus EICAR-Test-File (not a virus) in file eicar.com" F-Prot said "./1/eicar.com Infection: EICAR_Test_File" If any of your virus scanners (bitdefender,clamav,mcafee,f-prot) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. commit ineffective with AutoCommit enabled at /opt/MailScanner/lib/MailScanner/CustomFunctions/MailWatch.pm line 93, line 1. Commmit ineffective while AutoCommit is on at /opt/MailScanner/lib/MailScanner/CustomFunctions/MailWatch.pm line 93, line 1. [root@hemlock bin]# Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 From m.anderlini at database.it Tue Sep 25 13:05:38 2007 From: m.anderlini at database.it (Marcello Anderlini) Date: Tue Sep 25 13:05:53 2007 Subject: R: Can not update rules_du_jour In-Reply-To: <46F8ECC2.4050603@alexb.ch> References: <20070924131012.GA3205@mail.herald.co.uk><1190640122.12478.7.camel@gblades-suse.linguaphone-intranet.co.uk> <223f97700709250205y5b599ba1q64adbe4f6bdaaf4a@mail.gmail.com><008601c7ff63$67d95510$2301a8c0@dbdomain.database.it> <46F8ECC2.4050603@alexb.ch> Message-ID: <008701c7ff6c$62b7c4f0$2301a8c0@dbdomain.database.it> It could be so what other rules do you suggest to use ? I'm getting new kind of spam that spamassassin can not detect. The main plugins I'm using are razor, fuzzy-ocr and blacklist at smtp level. Thanks a lot -----Messaggio originale----- Da: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Per conto di Alex Broens Inviato: marted? 25 settembre 2007 13.11 A: MailScanner discussion Oggetto: Re: Can not update rules_du_jour On 9/25/2007 1:01 PM, Marcello Anderlini wrote: > Hello, I run manualy rules_du_jour_wrapper, I've noticed that rules > never gets updated. > For example for this rules I get this msg: > =========================== > 70_sare_stocks.cf was up to date [skipped downloading of > http://rulesemporium.com/rules/70_sare_stocks.cf ] ... > No files updated; No restart required. > =========================== > > And this is similar for all other rules. > > What could be wrong ? > maybe SARE hasn't updated the files in ages? :-) # Modified: 2007-08-18 .-) Alex -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Messaggio verificato dal servizio antivirus di Database Informatica -- Messaggio verificato dal servizio antivirus di Database Informatica From martelm at quark.vsc.edu Tue Sep 25 13:15:36 2007 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Tue Sep 25 13:15:44 2007 Subject: MailScanner 4.63.8 lint errors In-Reply-To: References: Message-ID: --On September 25, 2007 8:00:20 AM -0400 "Michael H. Martel" wrote: > Greetings! I'm trying to upgrade to the latest version of MailScanner > and --lint is giving me this output. I meant to include this too, but I'm getting senile. [root@hemlock bin]# ./MailScanner --version Running on Linux hemlock.vsc.edu 2.4.20-28.7smp #1 SMP Thu Dec 18 11:18:31 EST 2003 i686 unknown This is Red Hat Linux release 7.3 (Valhalla) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.63.8 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.04 Carp 1.119 Convert::BinHex 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.18 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.22 IO 1.13 IO::File 1.13 IO::Pipe 1.71 Mail::Header 1.86 Math::BigInt 3.07 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.07 MIME::QuotedPrint 5.420 MIME::Tools 0.11 Net::CIDR 1.09 POSIX 1.19 Scalar::Util 1.78 Socket 1.4 Sys::Hostname::Long 0.17 Sys::Syslog 1.9707 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.28 Archive::Tar 0.21 bignum missing Business::ISBN missing Business::ISBN::Data 0.17 Convert::TNEF missing Data::Dump 1.814 DB_File 1.13 DBD::SQLite 1.56 DBI 1.14 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 missing Encode::Detect 0.17008 Error 0.18 ExtUtils::CBuilder missing ExtUtils::ParseXS 0.44 Inline 1.06 IO::String 1.04 IO::Zlib 2.20 IP::Country missing Mail::ClamAV 3.002003 Mail::SpamAssassin v2.005 Mail::SPF 1.997 Mail::SPF::Query 0.19 Math::BigRat 0.2808 Module::Build 0.18 Net::CIDR::Lite 0.60 Net::DNS v0.003 Net::DNS::Resolver::Programmable 0.32 Net::LDAP 4.007 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.64 Test::Harness missing Test::Manifest 1.95 Text::Balanced 1.35 URI 0.7203 version missing YAML [root@hemlock bin]# Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 From list-mailscanner at linguaphone.com Tue Sep 25 14:00:46 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue Sep 25 14:01:15 2007 Subject: R: Can not update rules_du_jour In-Reply-To: <008701c7ff6c$62b7c4f0$2301a8c0@dbdomain.database.it> References: <20070924131012.GA3205@mail.herald.co.uk> <1190640122.12478.7.camel@gblades-suse.linguaphone-intranet.co.uk> <223f97700709250205y5b599ba1q64adbe4f6bdaaf4a@mail.gmail.com> <008601c7ff63$67d95510$2301a8c0@dbdomain.database.it> <46F8ECC2.4050603@alexb.ch> <008701c7ff6c$62b7c4f0$2301a8c0@dbdomain.database.it> Message-ID: <1190725246.15500.13.camel@gblades-suse.linguaphone-intranet.co.uk> http://www.gbnetwork.co.uk/mailscanner/ lists the setup I am using. Lots of links to plugins and additional rules there. On Tue, 2007-09-25 at 13:05, Marcello Anderlini wrote: > It could be so what other rules do you suggest to use ? > > I'm getting new kind of spam that spamassassin can not detect. > The main plugins I'm using are razor, fuzzy-ocr and blacklist at smtp level. > > Thanks a lot > > -----Messaggio originale----- > Da: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] Per conto di Alex Broens > Inviato: marted? 25 settembre 2007 13.11 > A: MailScanner discussion > Oggetto: Re: Can not update rules_du_jour > > On 9/25/2007 1:01 PM, Marcello Anderlini wrote: > > Hello, I run manualy rules_du_jour_wrapper, I've noticed that rules > > never gets updated. > > For example for this rules I get this msg: > > =========================== > > 70_sare_stocks.cf was up to date [skipped downloading of > > http://rulesemporium.com/rules/70_sare_stocks.cf ] ... > > No files updated; No restart required. > > =========================== > > > > And this is similar for all other rules. > > > > What could be wrong ? > > > > maybe SARE hasn't updated the files in ages? :-) > > # Modified: 2007-08-18 > > .-) > > Alex > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > > > -- > Messaggio verificato dal servizio antivirus di Database Informatica From MailScanner at ecs.soton.ac.uk Tue Sep 25 14:13:15 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 25 14:13:36 2007 Subject: MailScanner 4.63.8 lint errors In-Reply-To: References: Message-ID: <46F9096B.2050001@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Can you temporarily try setting "MTA = sendmail" and then try the command again? Michael H. Martel wrote: > Greetings! I'm trying to upgrade to the latest version of MailScanner > and --lint is giving me this output. > > Any thoughts as to what it means ? This is on an older RedHat 7.3 > box, that is scheduled to be rebuilt soon. > > Thanks! > > [root@hemlock bin]# ./MailScanner --lint > Checking version numbers... > Version number in MailScanner.conf (4.63.8) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin reported no errors. > MailScanner.conf says "Virus Scanners = clamav bitdefender f-prot" > Found these virus scanners installed: bitdefender, clamav, mcafee, f-prot > =========================================================================== > > Ignore errors about failing to find EOCD signature > sysseek() on unopened filehandle at > /opt/MailScanner/lib/MailScanner/SMDiskStore.pm line 608. > sysseek() on unopened filehandle at > /opt/MailScanner/lib/MailScanner/SMDiskStore.pm line 609. > sysseek() on unopened filehandle at > /opt/MailScanner/lib/MailScanner/SMDiskStore.pm line 620. > sysseek() on unopened filehandle at > /opt/MailScanner/lib/MailScanner/SMDiskStore.pm line 621. > format error: can't find EOCD signature > at ./MailScanner line 458 > Use of uninitialized value in concatenation (.) or string at > /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2652, > line 1. > Use of uninitialized value in numeric gt (>) at > /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2060, > line 3. > Argument "4.6.6" isn't numeric in numeric gt (>) at > /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2060, > line 4. > Use of uninitialized value in numeric gt (>) at > /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2060, > line 7. > Use of uninitialized value in numeric gt (>) at > /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2060, > line 8. > Use of uninitialized value in numeric gt (>) at > /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2060, > line 9. > Use of uninitialized value in numeric gt (>) at > /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2060, > line 10. > Use of uninitialized value in numeric gt (>) at > /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2060, > line 11. > Use of uninitialized value in hash element at > /opt/MailScanner/lib/MailScanner/SweepOther.pm line 165. > Use of uninitialized value in length at > /opt/MailScanner/lib/MailScanner/SweepOther.pm line 131, line 8. > Use of uninitialized value in hash element at > /opt/MailScanner/lib/MailScanner/SweepOther.pm line 415. > =========================================================================== > > Virus Scanner test reports: > ClamAV said "eicar.com contains Eicar-Test-Signature" > Bitdefender said "Found virus EICAR-Test-File (not a virus) in file > eicar.com" > F-Prot said "./1/eicar.com Infection: EICAR_Test_File" > > If any of your virus scanners (bitdefender,clamav,mcafee,f-prot) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its > virus.scanners.conf. > commit ineffective with AutoCommit enabled at > /opt/MailScanner/lib/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 1. > Commmit ineffective while AutoCommit is on at > /opt/MailScanner/lib/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 1. > [root@hemlock bin]# > > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFG+QlsEfZZRxQVtlQRApxfAJ97csJRNWf/M1lTxVpdGHm0lqL2SACg5vJe F+RRLi8kKfF+gIlJgmh8hOQ= =/LfZ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From martelm at quark.vsc.edu Tue Sep 25 14:16:02 2007 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Tue Sep 25 14:16:12 2007 Subject: MailScanner 4.63.8 lint errors In-Reply-To: <46F9096B.2050001@ecs.soton.ac.uk> References: <46F9096B.2050001@ecs.soton.ac.uk> Message-ID: <05D8D119421EF7BB67DB535B@sherlockholmes.local> --On September 25, 2007 2:13:15 PM +0100 Julian Field wrote: > Can you temporarily try setting "MTA = sendmail" and then try the > command again? I already have this in my MailScanner.conf # Set whether to use postfix, sendmail, exim or zmailer. # If you are using postfix, then see the "SpamAssassin User State Dir" # setting near the end of this file MTA = sendmail Is that the one you wanted me to set ? Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 From mailscanner at slackadelic.com Tue Sep 25 14:36:24 2007 From: mailscanner at slackadelic.com (Matt Hayes) Date: Tue Sep 25 14:36:30 2007 Subject: Second AV Scanner Suggestions In-Reply-To: <223f97700709250100o691fd9bej963202fd13b5b31@mail.gmail.com> References: <46F7E5DD.1070607@openenterprise.ca> <46F7FC0F.20703@ecs.soton.ac.uk> <46F8024D.3090008@openenterprise.ca> <46F80F69.1040805@ecs.soton.ac.uk> <46F810BE.6020400@openenterprise.ca> <46F81393.4090603@slackadelic.com> <223f97700709250100o691fd9bej963202fd13b5b31@mail.gmail.com> Message-ID: <46F90ED8.5080604@slackadelic.com> Glenn Steen wrote: > On 24/09/2007, Matt Hayes wrote: >> Johnny Stork wrote: >>> I didnt realize there was no free version of bitdefender, or is there?? >>> >> This I would like to know as well. I tried to implement bitdefender and >> got the same results. However, I just gave up. :) Figured if it isn't >> free.. forget about it... >> >> -Matt >> > The whole sum of that is: Not any more, at least not for anything > other than personal use... And then you cannot include/use it in _ANY > FORM OF SCRIPT AT ALL_.... Which is pretty useless, don't you > think?;-) > > Cheers Yeah.. kind of defeats the purpose. -Matt From MailScanner at ecs.soton.ac.uk Tue Sep 25 14:48:22 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 25 14:48:45 2007 Subject: MailScanner 4.63.8 lint errors In-Reply-To: <05D8D119421EF7BB67DB535B@sherlockholmes.local> References: <46F9096B.2050001@ecs.soton.ac.uk> <05D8D119421EF7BB67DB535B@sherlockholmes.local> Message-ID: <46F911A6.2070205@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael H. Martel wrote: > --On September 25, 2007 2:13:15 PM +0100 Julian Field > wrote: > >> Can you temporarily try setting "MTA = sendmail" and then try the >> command again? > > I already have this in my MailScanner.conf > > # Set whether to use postfix, sendmail, exim or zmailer. > # If you are using postfix, then see the "SpamAssassin User State Dir" > # setting near the end of this file > MTA = sendmail > > Is that the one you wanted me to set ? Yes > > > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > > Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFG+RGnEfZZRxQVtlQRAmEFAKCznMcqCwkX//W64O0uhg/dkUYDZACeJJlJ 9/ua76I+uB33O3BqVG0wdwA= =f4i4 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From Kit at simplysites.co.uk Tue Sep 25 14:52:37 2007 From: Kit at simplysites.co.uk (Kit Wong) Date: Tue Sep 25 14:53:23 2007 Subject: Including popip.db into whitelist Message-ID: Hi All I have searched everywhere on the internet for an answer and have decided to email those who know. I have mailscanner/spamassassin running + MailWatch. I have noticed the a lot of my client's emails are getting scanner and some are marked as spam. Since the server uses pop-before-smtp a list of valid ip address are stored within popip.db Is there a way of dynamically querying popip.db to not scan emails from those ips. I have already whitelisted/bypassed 127.0.0.1 as described on a post somewhere. Adding domain names which are hosted on the server will not work due to spoof emails. Hope someone can help Kit From martelm at quark.vsc.edu Tue Sep 25 14:53:49 2007 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Tue Sep 25 14:54:06 2007 Subject: MailScanner 4.63.8 lint errors In-Reply-To: <46F911A6.2070205@ecs.soton.ac.uk> References: <46F9096B.2050001@ecs.soton.ac.uk> <05D8D119421EF7BB67DB535B@sherlockholmes.local> <46F911A6.2070205@ecs.soton.ac.uk> Message-ID: <1DE53A4C1F9F3DD6D20EA52C@sherlockholmes.local> --On September 25, 2007 2:48:22 PM +0100 Julian Field wrote: > Yes Ok. I amde sure that was set, and did it again, with the same results. [root@hemlock bin]# ./MailScanner --lint Checking version numbers... Version number in MailScanner.conf (4.63.8) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamav bitdefender f-prot" Found these virus scanners installed: bitdefender, clamav, mcafee, f-prot =========================================================================== Ignore errors about failing to find EOCD signature sysseek() on unopened filehandle at /opt/MailScanner/lib/MailScanner/SMDiskStore.pm line 608. sysseek() on unopened filehandle at /opt/MailScanner/lib/MailScanner/SMDiskStore.pm line 609. sysseek() on unopened filehandle at /opt/MailScanner/lib/MailScanner/SMDiskStore.pm line 620. sysseek() on unopened filehandle at /opt/MailScanner/lib/MailScanner/SMDiskStore.pm line 621. format error: can't find EOCD signature at ./MailScanner line 458 Use of uninitialized value in concatenation (.) or string at /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2652, line 1. Use of uninitialized value in numeric gt (>) at /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2060, line 3. Argument "4.6.8" isn't numeric in numeric gt (>) at /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2060, line 4. Use of uninitialized value in numeric gt (>) at /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2060, line 7. Use of uninitialized value in numeric gt (>) at /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2060, line 8. Use of uninitialized value in numeric gt (>) at /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2060, line 9. Use of uninitialized value in numeric gt (>) at /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2060, line 10. Use of uninitialized value in numeric gt (>) at /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 2060, line 11. Use of uninitialized value in hash element at /opt/MailScanner/lib/MailScanner/SweepOther.pm line 165. Use of uninitialized value in length at /opt/MailScanner/lib/MailScanner/SweepOther.pm line 131, line 8. Use of uninitialized value in hash element at /opt/MailScanner/lib/MailScanner/SweepOther.pm line 415. =========================================================================== Virus Scanner test reports: ClamAV said "eicar.com contains Eicar-Test-Signature" Bitdefender said "Found virus EICAR-Test-File (not a virus) in file eicar.com" F-Prot said "./1/eicar.com Infection: EICAR_Test_File" If any of your virus scanners (bitdefender,clamav,mcafee,f-prot) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. commit ineffective with AutoCommit enabled at /opt/MailScanner/lib/MailScanner/CustomFunctions/MailWatch.pm line 93, line 1. Commmit ineffective while AutoCommit is on at /opt/MailScanner/lib/MailScanner/CustomFunctions/MailWatch.pm line 93, line 1. [root@hemlock bin]# Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 From simon at saq.co.uk Tue Sep 25 15:45:14 2007 From: simon at saq.co.uk (Simon Jones) Date: Tue Sep 25 15:55:41 2007 Subject: stubborn quarantine Message-ID: I've a message stuck in quarantine but not sure why, even when I release it the darn machine won't send it on - here's the log: Sep 25 15:39:47 db1 postfix/smtpd[27126]: 3119A442813A: client=host.domain.co.uk[127.0.0.1] Sep 25 15:39:47 db1 postfix/cleanup[27147]: 3119A442813A: hold: header Received: from localhost (db1.domain.co.uk [127.0.0.1])??by host.domain.co.uk (Postfix) with ESMTP id 3119A442813A??for ; Tue, 25 Sep 2007 15:39:47 +0100 (BST) from host.domain.co.uk[127.0.0.1]; from= to= proto=ESMTP helo= Sep 25 15:39:47 db1 postfix/cleanup[27147]: 3119A442813A: message-id=<20070925143947.3119A442813A@host.domain.co.uk> Sep 25 15:39:47 db1 MailScanner[27181]: Expanding TNEF archive at /var/spool/MailScanner/incoming/27181/3119A442813A.26347/winmail.dat Sep 25 15:39:47 db1 MailScanner[27181]: Corrupt TNEF winmail.dat that cannot be analysed in message 3119A442813A.26347 Sep 25 15:39:49 db1 MailScanner[27181]: Saved entire message to /var/spool/MailScanner/quarantine/20070925/3119A442813A.26347 Sep 25 15:39:49 db1 MailScanner[27181]: Requeue: 3119A442813A.26347 to 7E47A442813B Sep 25 15:39:49 db1 MailScanner[27181]: Logging message 3119A442813A.26347 to SQL Sep 25 15:39:49 db1 MailScanner[27137]: 3119A442813A.26347: Logged to MailWatch SQL I have localhost in my /etc/MailScanner/rules/scan.messages.rules file From: localhost no Simon From romulo at interop.com.br Tue Sep 25 16:13:21 2007 From: romulo at interop.com.br (Romulo Giordani. Boschetti) Date: Tue Sep 25 16:17:31 2007 Subject: Not Send Information About "Blocked Size Attachments" In-Reply-To: <28710248.1851190666951808.JavaMail.root@correio.interop.com.br> Message-ID: <17059247.791190733201169.JavaMail.root@correio.interop.com.br> Hi, Is there any way to do not send any notification to recipient about "Blocked Size Attachments" ? Today I had examined the source code of MailScanner and edited the file " MessageBatch.pm ", and had modify the function " DeliverCleaned ". How could I turn it a "Rule" inside MailScanner? Could you please direct me where I find more information about MailScanner Development ? Best regards, --------------------------------------------------- R?mulo Giordani Boschetti Analista de Suporte LPI LEVEL 3 Interop Fone: 51 3216.7000 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070925/a0e27e91/attachment.html From ssilva at sgvwater.com Tue Sep 25 17:38:38 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Sep 25 17:50:59 2007 Subject: Second AV Scanner Suggestions In-Reply-To: <223f97700709250056p203b9016w4f21d908d58bfefd@mail.gmail.com> References: <46F7E5DD.1070607@openenterprise.ca> <46F7FC0F.20703@ecs.soton.ac.uk> <46F8024D.3090008@openenterprise.ca> <46F80E17.6050803@ecs.soton.ac.uk> <223f97700709250056p203b9016w4f21d908d58bfefd@mail.gmail.com> Message-ID: on 9/25/2007 12:56 AM Glenn Steen spake the following: > On 24/09/2007, Julian Field wrote: >> In which case, please try this: >> 1) In /etc/MailScanner/virus.scanners.conf, set this >> bitdefender /usr/lib/MailScanner/bitdefender-wrapper >> /opt/BitDefender-scanner/bin >> 2) In /usr/lib/MailScanner/bitdefender-wrapper, change this line (around >> line 33) >> prog=bdc >> to this >> prog=bdscan >> >> Please give this a go and let me know if it works. >> >> Also, please try this for the bitdefender-autoupdate: >> 1) Change this line (around line 132) >> my $bitDefBinary = "bdc"; >> to this >> my $bitDefBinary = "bdscan"; >> 2) Run update_virus_scanners >> >> Check the contents of /var/log/bitdefender_updater.log to see if it >> worked or not. >> >> If someone can send me a fully-licensed version of BitDefender I'll try >> to get all this stuff working for you. Does the widely-used free version >> require these changes as well as the new one? > No. > >> Will I break everyone's >> bitdefender-based systems if I change this? > Yes. > >> Otherwise I'll try to make it work with the old setup and the new one at >> the same time. > That would be best. As one can suspect, it seems they see it as a > natural progression... While we (who use the old bdc thing) don't:-D. > > Cheers I guess goodwill and community spirit is a tough business model to earn a profit with ;-D -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Tue Sep 25 17:43:45 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Sep 25 17:55:40 2007 Subject: Including popip.db into whitelist In-Reply-To: References: Message-ID: on 9/25/2007 6:52 AM Kit Wong spake the following: > Hi All > I have searched everywhere on the internet for an answer and have > decided to email those who know. > I have mailscanner/spamassassin running + MailWatch. I have noticed the > a lot of my client's emails are getting scanner and some are marked as > spam. Since the server uses pop-before-smtp a list of valid ip address > are stored within popip.db > > Is there a way of dynamically querying popip.db to not scan emails from > those ips. I have already whitelisted/bypassed 127.0.0.1 as described on > a post somewhere. > > Adding domain names which are hosted on the server will not work due to > spoof emails. > > Hope someone can help > Kit > > > Are they getting marked as spam because they are on dynamic ip's or are they getting marked as spam because they look spammy? One is easy to fix, but the other will start getting your server on blacklists. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From fviero at gmail.com Tue Sep 25 19:01:36 2007 From: fviero at gmail.com (Fabio Viero) Date: Tue Sep 25 19:01:37 2007 Subject: Not Send Information About "Blocked Size Attachments" In-Reply-To: <17059247.791190733201169.JavaMail.root@correio.interop.com.br> References: <28710248.1851190666951808.JavaMail.root@correio.interop.com.br> <17059247.791190733201169.JavaMail.root@correio.interop.com.br> Message-ID: On 9/25/07, Romulo Giordani. Boschetti wrote: > > > Hi, > > Is there any way to do not send any notification to recipient about > "Blocked Size Attachments" ? > > Today I had examined the source code of MailScanner and edited the file > "MessageBatch.pm", and had modify the function "DeliverCleaned". How could I > turn it a "Rule" inside MailScanner? > > Could you please direct me where I find more information about MailScanner > Development ? > > Best regards, > > --------------------------------------------------- > R?mulo Giordani Boschetti > Analista de Suporte > LPI LEVEL 3 > Interop > Fone: 51 3216.7000 > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Did you try setting: Deleted Size Message Report = %report-dir%/deleted.size.message.txt To Deleted Size Message Report = This may sound silly but i found you went the hard way. Maybe you haven?t tried some KISS philosophy (Keep It Simple Stupid) ;) don?t get angry about the Stupid, it?s just a say... From Denis.Beauchemin at USherbrooke.ca Tue Sep 25 19:05:06 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Sep 25 19:07:50 2007 Subject: OT: redirection, a bad idea??? Message-ID: <46F94DD2.7000509@USherbrooke.ca> Hello all, The PHB are talking about redirecting grad students' local email accounts to some other external account they read more frequently. All students get a @USherbrooke.ca email address in their first year. PHB would like to continue sending emails to grad students at their @USherbrooke.ca email address after they left but instead of being stored on our servers, it would be redirected (probably through a LDAP lookup) to some external email address they would provide us. If implemented, will our servers risk getting blacklisted by others? If so, how could I still redirect the emails without too much trouble? Thanks! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3595 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070925/62215848/smime.bin From ssilva at sgvwater.com Tue Sep 25 19:22:17 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Sep 25 19:25:13 2007 Subject: OT: redirection, a bad idea??? In-Reply-To: <46F94DD2.7000509@USherbrooke.ca> References: <46F94DD2.7000509@USherbrooke.ca> Message-ID: on 9/25/2007 11:05 AM Denis Beauchemin spake the following: > Hello all, > > The PHB are talking about redirecting grad students' local email > accounts to some other external account they read more frequently. All > students get a @USherbrooke.ca email address in their first year. PHB > would like to continue sending emails to grad students at their > @USherbrooke.ca email address after they left but instead of being > stored on our servers, it would be redirected (probably through a LDAP > lookup) to some external email address they would provide us. > > If implemented, will our servers risk getting blacklisted by others? If > so, how could I still redirect the emails without too much trouble? > > Thanks! > > Denis > If you spam test and virus scan the mail before forwarding it, you might be OK. But you always run the risk of people who think "Report as Spam" is the same as "unsubscribe". You are always liable for "any" mail that leaves your system, no matter where it originates from. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From jaearick at colby.edu Tue Sep 25 19:23:18 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Tue Sep 25 19:28:38 2007 Subject: 4.63.8: sa rules and DCC confusion Message-ID: Gang, I admit to being a bit rusty here, things always worked before... I see no evidence in a MailScanner debug run that either DCC is being used, or that the SA /var/opt state rules are being used. Help.... I have DCC 1.3.60 running as a daemon from /opt/dcc/bin, with the dccifd= socket located in /opt/dcc. My /opt/MailScanner/etc/spam.assassin.prefs.conf file says: ifplugin Mail::SpamAssassin::Plugin::DCC use_dcc 1 dcc_path /opt/dcc/bin/dccproc dcc_home /opt/dcc endif But the MailScanner debug output says: [23329] dbg: config: read file /etc/mail/spamassassin/init.pre [23329] dbg: config: read file /etc/mail/spamassassin/v310.pre [23329] dbg: config: read file /etc/mail/spamassassin/v312.pre [23329] dbg: config: read file /etc/mail/spamassassin/v320.pre ... [23329] dbg: dcc: dccifd is not available: no r/w dccifd socket found [23329] dbg: dcc: dccproc is not available: no dccproc executable found [23329] dbg: dcc: dccifd and dccproc are not available, disabling DCC I see no evidence that /opt/MailScanner/etc/spam.assassin.prefs.conf ever gets used. My MailScanner.conf has: SpamAssassin User State Dir = /var/spool/spamassassin SpamAssassin Site Rules Dir = /etc/mail/spamassassin SpamAssassin Local Rules Dir = /etc/mail/spamassassin SpamAssassin Local State Dir = /var/opt Likewise, I see no evidence that the latest sa-update rules in /var/opt/spamassassin/3.002003 ever get used, from the MailScanner debug output. What have I messed up here? Jeff Earickson Colby College From jaearick at colby.edu Tue Sep 25 19:31:20 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Tue Sep 25 19:33:31 2007 Subject: OT: redirection, a bad idea??? In-Reply-To: <46F94DD2.7000509@USherbrooke.ca> References: <46F94DD2.7000509@USherbrooke.ca> Message-ID: On Tue, 25 Sep 2007, Denis Beauchemin wrote: > Date: Tue, 25 Sep 2007 14:05:06 -0400 > From: Denis Beauchemin > Reply-To: MailScanner discussion > To: MailScanner > Subject: OT: redirection, a bad idea??? > > Hello all, > > The PHB are talking about redirecting grad students' local email accounts to > some other external account they read more frequently. All students get a > @USherbrooke.ca email address in their first year. PHB would like to > continue sending emails to grad students at their @USherbrooke.ca email > address after they left but instead of being stored on our servers, it would > be redirected (probably through a LDAP lookup) to some external email address > they would provide us. > > If implemented, will our servers risk getting blacklisted by others? If so, > how could I still redirect the emails without too much trouble? > > Thanks! > > Denis Denis, Do you mean redirect or forward? To me, a redirect means "bounce the email back to the sender with new address information, eg User has moved, please try ". A forward is a (silent) retransmit of email to another address, which may or may not work. Our policy is: 1) We will only redirect (for six months) emails for graduates and terminated employees. We will NOT forward if you are gone for good. We want to advertise your new address for you. 2) We will only forward on a temporary basis if you are off-campus but otherwise still a student or faculty, eg semester abroad. We will NOT forward if you are on-campus, period. We don't care how much you like Gmail. In general, I discourage off-campus forwards. Forwarding for indefinite periods of time is a bad idea, IMHO. Jeff Earickson Colby College From Denis.Beauchemin at USherbrooke.ca Tue Sep 25 19:47:14 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Sep 25 19:48:25 2007 Subject: OT: redirection, a bad idea??? In-Reply-To: References: <46F94DD2.7000509@USherbrooke.ca> Message-ID: <46F957B2.5040701@USherbrooke.ca> Jeff A. Earickson a ?crit : > On Tue, 25 Sep 2007, Denis Beauchemin wrote: > >> Hello all, >> >> The PHB are talking about redirecting grad students' local email >> accounts to some other external account they read more frequently. >> All students get a @USherbrooke.ca email address in their first >> year. PHB would like to continue sending emails to grad students at >> their @USherbrooke.ca email address after they left but instead of >> being stored on our servers, it would be redirected (probably through >> a LDAP lookup) to some external email address they would provide us. >> >> If implemented, will our servers risk getting blacklisted by others? >> If so, how could I still redirect the emails without too much trouble? >> > > Denis, > > Do you mean redirect or forward? To me, a redirect means "bounce the > email back to the sender with new address information, eg > User has moved, please try ". A forward is a (silent) > retransmit of email to another address, which may or may not work. > > Our policy is: > > 1) We will only redirect (for six months) emails for graduates and > terminated employees. We will NOT forward if you are gone for good. > We want to advertise your new address for you. > > 2) We will only forward on a temporary basis if you are off-campus > but otherwise still a student or faculty, eg semester abroad. We > will NOT forward if you are on-campus, period. We don't care how > much you like Gmail. In general, I discourage off-campus forwards. > > Forwarding for indefinite periods of time is a bad idea, IMHO. > > Jeff Earickson > Colby College Jeff, You are right... what we are planning to do is a forward, not a redirect! Sorry for the confusion. We do not allow forwarding for active students/staff but are planning on implementing it for graduate students. All outbound email is scanned for virus/spam. Should I be worried? Thanks! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From martelm at quark.vsc.edu Tue Sep 25 19:57:17 2007 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Tue Sep 25 19:57:27 2007 Subject: MailScanner 4.63.8 lint errors In-Reply-To: References: Message-ID: <5AC0B608D9BA30B6C5063F92@sherlockholmes.local> --On September 25, 2007 8:00:20 AM -0400 "Michael H. Martel" wrote: > Greetings! I'm trying to upgrade to the latest version of MailScanner > and --lint is giving me this output. I installed 4.63.8 on my backup box, which is CentOS 4.5, and it worked fine. Hmm. I did a MailScanner --version on both boxes and started upgrading the Optional modules. Once I upgraded all the optional modules to be at the same revision or higher than my backup box, the --lint now completes with no errors. Hmm. How odd. Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 From ssilva at sgvwater.com Tue Sep 25 19:59:08 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Sep 25 20:01:06 2007 Subject: 4.63.8: sa rules and DCC confusion In-Reply-To: References: Message-ID: on 9/25/2007 11:23 AM Jeff A. Earickson spake the following: > Gang, > > I admit to being a bit rusty here, things always worked before... > I see no evidence in a MailScanner debug run that either DCC is being > used, or that the SA /var/opt state rules are > being used. Help.... > > I have DCC 1.3.60 running as a daemon from /opt/dcc/bin, > with the dccifd= socket located in /opt/dcc. My > /opt/MailScanner/etc/spam.assassin.prefs.conf file says: > > ifplugin Mail::SpamAssassin::Plugin::DCC > use_dcc 1 > dcc_path /opt/dcc/bin/dccproc > dcc_home /opt/dcc > endif > > But the MailScanner debug output says: > > [23329] dbg: config: read file /etc/mail/spamassassin/init.pre > [23329] dbg: config: read file /etc/mail/spamassassin/v310.pre > [23329] dbg: config: read file /etc/mail/spamassassin/v312.pre > [23329] dbg: config: read file /etc/mail/spamassassin/v320.pre > ... > [23329] dbg: dcc: dccifd is not available: no r/w dccifd socket found > [23329] dbg: dcc: dccproc is not available: no dccproc executable found > [23329] dbg: dcc: dccifd and dccproc are not available, disabling DCC > > I see no evidence that /opt/MailScanner/etc/spam.assassin.prefs.conf > ever gets used. My MailScanner.conf has: > > SpamAssassin User State Dir = /var/spool/spamassassin > SpamAssassin Site Rules Dir = /etc/mail/spamassassin > SpamAssassin Local Rules Dir = /etc/mail/spamassassin > SpamAssassin Local State Dir = /var/opt > > Likewise, I see no evidence that the latest sa-update rules > in /var/opt/spamassassin/3.002003 ever get used, from the MailScanner > debug output. > > What have I messed up here? > > Jeff Earickson > Colby College > > Can your mailscanner run-as-user access the dcc_home directory to get to the socket? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From jaearick at colby.edu Tue Sep 25 20:06:12 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Tue Sep 25 20:06:32 2007 Subject: 4.63.8: sa rules and DCC confusion In-Reply-To: References: Message-ID: On Tue, 25 Sep 2007, Scott Silva wrote: >> >> Likewise, I see no evidence that the latest sa-update rules >> in /var/opt/spamassassin/3.002003 ever get used, from the MailScanner >> debug output. >> >> What have I messed up here? >> >> Jeff Earickson >> Colby College >> >> > Can your mailscanner run-as-user access the dcc_home directory to get to the > socket? Since MailScanner runs as root, yes. Methinks the whole thing is a misconfiguration with SpamAssassin, pointing to the wrong directory somehow... Jeff Earickson Colby College From MailScanner at ecs.soton.ac.uk Tue Sep 25 20:09:40 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 25 20:10:03 2007 Subject: Not Send Information About "Blocked Size Attachments" In-Reply-To: References: <28710248.1851190666951808.JavaMail.root@correio.interop.com.br> <17059247.791190733201169.JavaMail.root@correio.interop.com.br> Message-ID: <46F95CF4.506@ecs.soton.ac.uk> Fabio Viero wrote: > On 9/25/07, Romulo Giordani. Boschetti wrote: > >> Hi, >> >> Is there any way to do not send any notification to recipient about >> "Blocked Size Attachments" ? >> It usually better to block large messages at the MTA, saves all the resources used by MailScanner unpacking the things in the first place. >> Today I had examined the source code of MailScanner and edited the file >> "MessageBatch.pm", and had modify the function "DeliverCleaned". How could I >> turn it a "Rule" inside MailScanner? >> Not very easily. >> Could you please direct me where I find more information about MailScanner >> Development ? >> I do it :-) >> Best regards, >> >> --------------------------------------------------- >> R?mulo Giordani Boschetti >> Analista de Suporte >> LPI LEVEL 3 >> Interop >> Fone: 51 3216.7000 >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> > Did you try setting: > > Deleted Size Message Report = %report-dir%/deleted.size.message.txt > > To > > Deleted Size Message Report = > > This may sound silly but i found you went the hard way. Maybe you > haven?t tried some KISS philosophy (Keep It Simple Stupid) ;) don?t > get angry about the Stupid, it?s just a say... > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Tue Sep 25 20:21:06 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 25 20:21:24 2007 Subject: OT: redirection, a bad idea??? In-Reply-To: <46F957B2.5040701@USherbrooke.ca> References: <46F94DD2.7000509@USherbrooke.ca> <46F957B2.5040701@USherbrooke.ca> Message-ID: <46F95FA2.9050402@ecs.soton.ac.uk> Denis Beauchemin wrote: > Jeff A. Earickson a ?crit : >> On Tue, 25 Sep 2007, Denis Beauchemin wrote: >> >>> Hello all, >>> >>> The PHB are talking about redirecting grad students' local email >>> accounts to some other external account they read more frequently. >>> All students get a @USherbrooke.ca email address in their first >>> year. PHB would like to continue sending emails to grad students at >>> their @USherbrooke.ca email address after they left but instead of >>> being stored on our servers, it would be redirected (probably >>> through a LDAP lookup) to some external email address they would >>> provide us. >>> >>> If implemented, will our servers risk getting blacklisted by >>> others? If so, how could I still redirect the emails without too >>> much trouble? >>> >> >> Denis, >> >> Do you mean redirect or forward? To me, a redirect means "bounce the >> email back to the sender with new address information, eg >> User has moved, please try ". A forward is a (silent) >> retransmit of email to another address, which may or may not work. >> >> Our policy is: >> >> 1) We will only redirect (for six months) emails for graduates and >> terminated employees. We will NOT forward if you are gone for good. >> We want to advertise your new address for you. >> >> 2) We will only forward on a temporary basis if you are off-campus >> but otherwise still a student or faculty, eg semester abroad. We >> will NOT forward if you are on-campus, period. We don't care how >> much you like Gmail. In general, I discourage off-campus forwards. >> >> Forwarding for indefinite periods of time is a bad idea, IMHO. >> >> Jeff Earickson >> Colby College > Jeff, > > You are right... what we are planning to do is a forward, not a > redirect! Sorry for the confusion. > > We do not allow forwarding for active students/staff but are planning > on implementing it for graduate students. > > All outbound email is scanned for virus/spam. > > Should I be worried? We run a old-university-username@zepler.net alumni mail forwarding service for all our ex-students and ex-staff. We scan everything on its way in and on its way out, and we don't have any problems at all. They have web access to a page that lets them change their forwarding address, and to change their password. The password is started from their old-university-username password as it was when they left us. It all works very nicely. But we allow forwarding for all our current students and staff too. If they prefer to use gmail, then we let them. Overseas students may have very valid reasons for not accessing our email service while they are away from Southampton. Some countries (and companies) in the world restrict external (ie out-of-country or out-of-company) access to various services. It's up to them to ensure they get all their work mail, so we encourage those students to forward it *and* deliver it locally to their work account. Failure to receive an email is not considered a valid excuse for late delivery of coursework, unless many such complaints have been received about the same missing message from different people. That would be sufficient evidence to prove the problem was indeed at our end, if a lot of people didn't get the message. The answer doesn't always have to be "no, you can't do it", certainly not in a world-leading educational environment :-) Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From martelm at quark.vsc.edu Tue Sep 25 20:27:11 2007 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Tue Sep 25 20:27:21 2007 Subject: waiting for children to die : Process did not exit cleanly Message-ID: <91B823FF3DAA9404D45088CF@sherlockholmes.local> Greetings! Now that I've upgraded to 4.63.8-1, I'm seeing this message in my messages log. Sep 25 14:54:53 hemlock MailScanner: waiting for children to die: Process did not exit cleanly, returned 0 with signal 11 Sep 25 14:55:25 hemlock last message repeated 2 times Sep 25 14:56:40 hemlock last message repeated 5 times Sep 25 14:57:42 hemlock last message repeated 4 times I found where this error is generated in the code, but I'm not exactly sure what's causing it. Anybody seen this before ? Thanks! Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 From MailScanner at ecs.soton.ac.uk Tue Sep 25 20:28:18 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 25 20:28:35 2007 Subject: 4.63.8: sa rules and DCC confusion In-Reply-To: References: Message-ID: <46F96152.8000903@ecs.soton.ac.uk> Jeff A. Earickson wrote: > Gang, > > I admit to being a bit rusty here, things always worked before... > I see no evidence in a MailScanner debug run that either DCC is being > used, or that the SA /var/opt state rules are > being used. Help.... > > I have DCC 1.3.60 running as a daemon from /opt/dcc/bin, > with the dccifd= socket located in /opt/dcc. My > /opt/MailScanner/etc/spam.assassin.prefs.conf These days, you should have a link in /etc/mail/spamassassin/mailscanner.cf that points to /opt/MailScanner/etc/spam.assassin.prefs.conf. If you don't, then your spam.assassin.prefs.conf file will never be used. A quick "ls -alu /opt/MailScanner/etc" will show you that (the "u" flag makes it show the "last used" datestamp, instead of the 'last modified' datestamp you get by default). > file says: > > ifplugin Mail::SpamAssassin::Plugin::DCC > use_dcc 1 > dcc_path /opt/dcc/bin/dccproc > dcc_home /opt/dcc > endif > > But the MailScanner debug output says: > > [23329] dbg: config: read file /etc/mail/spamassassin/init.pre > [23329] dbg: config: read file /etc/mail/spamassassin/v310.pre > [23329] dbg: config: read file /etc/mail/spamassassin/v312.pre > [23329] dbg: config: read file /etc/mail/spamassassin/v320.pre > ... > [23329] dbg: dcc: dccifd is not available: no r/w dccifd socket found > [23329] dbg: dcc: dccproc is not available: no dccproc executable found > [23329] dbg: dcc: dccifd and dccproc are not available, disabling DCC > > I see no evidence that /opt/MailScanner/etc/spam.assassin.prefs.conf > ever gets used. My MailScanner.conf has: > > SpamAssassin User State Dir = /var/spool/spamassassin > SpamAssassin Site Rules Dir = /etc/mail/spamassassin > SpamAssassin Local Rules Dir = /etc/mail/spamassassin > SpamAssassin Local State Dir = /var/opt I leave these all as the default (blank) values. SA picks up the /var/lib/spamassassin by default, but I'm not sure which setting you want to change to set the rules dir for your updated rules. A quick "ls -alutr" will sort by "last used" (ie last time it was read) datestamp, which will easily show you what files are being used and when. Makes diagnosing this stuff a breeze. > > Likewise, I see no evidence that the latest sa-update rules > in /var/opt/spamassassin/3.002003 ever get used, from the MailScanner > debug output. > > What have I messed up here? > > Jeff Earickson > Colby College > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Tue Sep 25 20:35:18 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 25 20:36:23 2007 Subject: waiting for children to die : Process did not exit cleanly In-Reply-To: <91B823FF3DAA9404D45088CF@sherlockholmes.local> References: <91B823FF3DAA9404D45088CF@sherlockholmes.local> Message-ID: <46F962F6.8060601@ecs.soton.ac.uk> Have you run "MailScanner --debug" and "MailScanner --lint" ? Michael H. Martel wrote: > Greetings! > > Now that I've upgraded to 4.63.8-1, I'm seeing this message in my > messages log. > > Sep 25 14:54:53 hemlock MailScanner: waiting for children to die: > Process did not exit cleanly, returned 0 with signal 11 > Sep 25 14:55:25 hemlock last message repeated 2 times > Sep 25 14:56:40 hemlock last message repeated 5 times > Sep 25 14:57:42 hemlock last message repeated 4 times > > I found where this error is generated in the code, but I'm not exactly > sure what's causing it. > > Anybody seen this before ? > > Thanks! > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From Denis.Beauchemin at USherbrooke.ca Tue Sep 25 20:42:47 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Sep 25 20:44:00 2007 Subject: OT: redirection, a bad idea??? In-Reply-To: <46F95FA2.9050402@ecs.soton.ac.uk> References: <46F94DD2.7000509@USherbrooke.ca> <46F957B2.5040701@USherbrooke.ca> <46F95FA2.9050402@ecs.soton.ac.uk> Message-ID: <46F964B7.4060707@USherbrooke.ca> Julian Field a ?crit : > > > Denis Beauchemin wrote: >> Jeff A. Earickson a ?crit : >>> On Tue, 25 Sep 2007, Denis Beauchemin wrote: >>> >>>> Hello all, >>>> >>>> The PHB are talking about redirecting grad students' local email >>>> accounts to some other external account they read more frequently. >>>> All students get a @USherbrooke.ca email address in their first >>>> year. PHB would like to continue sending emails to grad students >>>> at their @USherbrooke.ca email address after they left but instead >>>> of being stored on our servers, it would be redirected (probably >>>> through a LDAP lookup) to some external email address they would >>>> provide us. >>>> >>>> If implemented, will our servers risk getting blacklisted by >>>> others? If so, how could I still redirect the emails without too >>>> much trouble? >>>> >>> >>> Denis, >>> >>> Do you mean redirect or forward? To me, a redirect means "bounce the >>> email back to the sender with new address information, eg >>> User has moved, please try ". A forward is a (silent) >>> retransmit of email to another address, which may or may not work. >>> >>> Our policy is: >>> >>> 1) We will only redirect (for six months) emails for graduates and >>> terminated employees. We will NOT forward if you are gone for good. >>> We want to advertise your new address for you. >>> >>> 2) We will only forward on a temporary basis if you are off-campus >>> but otherwise still a student or faculty, eg semester abroad. We >>> will NOT forward if you are on-campus, period. We don't care how >>> much you like Gmail. In general, I discourage off-campus forwards. >>> >>> Forwarding for indefinite periods of time is a bad idea, IMHO. >>> >>> Jeff Earickson >>> Colby College >> Jeff, >> >> You are right... what we are planning to do is a forward, not a >> redirect! Sorry for the confusion. >> >> We do not allow forwarding for active students/staff but are planning >> on implementing it for graduate students. >> >> All outbound email is scanned for virus/spam. >> >> Should I be worried? > We run a old-university-username@zepler.net alumni mail forwarding > service for all our ex-students and ex-staff. We scan everything on > its way in and on its way out, and we don't have any problems at all. > They have web access to a page that lets them change their forwarding > address, and to change their password. The password is started from > their old-university-username password as it was when they left us. > It all works very nicely. > > But we allow forwarding for all our current students and staff too. If > they prefer to use gmail, then we let them. Overseas students may have > very valid reasons for not accessing our email service while they are > away from Southampton. Some countries (and companies) in the world > restrict external (ie out-of-country or out-of-company) access to > various services. It's up to them to ensure they get all their work > mail, so we encourage those students to forward it *and* deliver it > locally to their work account. Failure to receive an email is not > considered a valid excuse for late delivery of coursework, unless many > such complaints have been received about the same missing message from > different people. That would be sufficient evidence to prove the > problem was indeed at our end, if a lot of people didn't get the message. > > The answer doesn't always have to be "no, you can't do it", certainly > not in a world-leading educational environment :-) > > Jules > Julian, The site www.zepler.net is quite interesting! I will make sure all people that will work on our email forwarding service look at it. It is really similar to what we want to do. Using a different domain name is also a good thing because all students and staff now share the same @usherbrooke.ca domain, creating more and more address conflicts over time: people use firstname.lastname@usherbrooke.ca as their email address; if a conflict arises, the newer person will have the choice of adding a number or middle initial to his email address but this is not really satisfying, IMO. By removing grad students' email address from the USherbrooke.ca domain, this problem will not get worse every year... but I just realized it will now move to the new domain name instead... oh well... Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From ssilva at sgvwater.com Tue Sep 25 20:55:48 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Sep 25 20:56:14 2007 Subject: OT: redirection, a bad idea??? In-Reply-To: <46F964B7.4060707@USherbrooke.ca> References: <46F94DD2.7000509@USherbrooke.ca> <46F957B2.5040701@USherbrooke.ca> <46F95FA2.9050402@ecs.soton.ac.uk> <46F964B7.4060707@USherbrooke.ca> Message-ID: on 9/25/2007 12:42 PM Denis Beauchemin spake the following: > Julian Field a ?crit : >> >> >> Denis Beauchemin wrote: >>> Jeff A. Earickson a ?crit : >>>> On Tue, 25 Sep 2007, Denis Beauchemin wrote: >>>> >>>>> Hello all, >>>>> >>>>> The PHB are talking about redirecting grad students' local email >>>>> accounts to some other external account they read more frequently. >>>>> All students get a @USherbrooke.ca email address in their first >>>>> year. PHB would like to continue sending emails to grad students >>>>> at their @USherbrooke.ca email address after they left but instead >>>>> of being stored on our servers, it would be redirected (probably >>>>> through a LDAP lookup) to some external email address they would >>>>> provide us. >>>>> >>>>> If implemented, will our servers risk getting blacklisted by >>>>> others? If so, how could I still redirect the emails without too >>>>> much trouble? >>>>> >>>> >>>> Denis, >>>> >>>> Do you mean redirect or forward? To me, a redirect means "bounce the >>>> email back to the sender with new address information, eg >>>> User has moved, please try ". A forward is a (silent) >>>> retransmit of email to another address, which may or may not work. >>>> >>>> Our policy is: >>>> >>>> 1) We will only redirect (for six months) emails for graduates and >>>> terminated employees. We will NOT forward if you are gone for good. >>>> We want to advertise your new address for you. >>>> >>>> 2) We will only forward on a temporary basis if you are off-campus >>>> but otherwise still a student or faculty, eg semester abroad. We >>>> will NOT forward if you are on-campus, period. We don't care how >>>> much you like Gmail. In general, I discourage off-campus forwards. >>>> >>>> Forwarding for indefinite periods of time is a bad idea, IMHO. >>>> >>>> Jeff Earickson >>>> Colby College >>> Jeff, >>> >>> You are right... what we are planning to do is a forward, not a >>> redirect! Sorry for the confusion. >>> >>> We do not allow forwarding for active students/staff but are planning >>> on implementing it for graduate students. >>> >>> All outbound email is scanned for virus/spam. >>> >>> Should I be worried? >> We run a old-university-username@zepler.net alumni mail forwarding >> service for all our ex-students and ex-staff. We scan everything on >> its way in and on its way out, and we don't have any problems at all. >> They have web access to a page that lets them change their forwarding >> address, and to change their password. The password is started from >> their old-university-username password as it was when they left us. >> It all works very nicely. >> >> But we allow forwarding for all our current students and staff too. If >> they prefer to use gmail, then we let them. Overseas students may have >> very valid reasons for not accessing our email service while they are >> away from Southampton. Some countries (and companies) in the world >> restrict external (ie out-of-country or out-of-company) access to >> various services. It's up to them to ensure they get all their work >> mail, so we encourage those students to forward it *and* deliver it >> locally to their work account. Failure to receive an email is not >> considered a valid excuse for late delivery of coursework, unless many >> such complaints have been received about the same missing message from >> different people. That would be sufficient evidence to prove the >> problem was indeed at our end, if a lot of people didn't get the message. >> >> The answer doesn't always have to be "no, you can't do it", certainly >> not in a world-leading educational environment :-) >> >> Jules >> > Julian, > > The site www.zepler.net is quite interesting! I will make sure all > people that will work on our email forwarding service look at it. It is > really similar to what we want to do. > Using a different domain name is also a good thing because all students > and staff now share the same @usherbrooke.ca domain, creating more and > more address conflicts over time: people use > firstname.lastname@usherbrooke.ca as their email address; if a conflict > arises, the newer person will have the choice of adding a number or > middle initial to his email address but this is not really satisfying, > IMO. By removing grad students' email address from the USherbrooke.ca > domain, this problem will not get worse every year... but I just > realized it will now move to the new domain name instead... oh well... > > Denis > It looks like it has another benefit. If the site does get blacklisted, the main mail servers will still be free to function. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Tue Sep 25 21:04:15 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Sep 25 21:05:31 2007 Subject: OT: redirection, a bad idea??? In-Reply-To: <46F964B7.4060707@USherbrooke.ca> References: <46F94DD2.7000509@USherbrooke.ca> <46F957B2.5040701@USherbrooke.ca> <46F95FA2.9050402@ecs.soton.ac.uk> <46F964B7.4060707@USherbrooke.ca> Message-ID: <46F969BF.3050203@ecs.soton.ac.uk> Denis Beauchemin wrote: > Julian Field a ?crit : >> >> >> Denis Beauchemin wrote: >>> Jeff A. Earickson a ?crit : >>>> On Tue, 25 Sep 2007, Denis Beauchemin wrote: >>>> >>>>> Hello all, >>>>> >>>>> The PHB are talking about redirecting grad students' local email >>>>> accounts to some other external account they read more frequently. >>>>> All students get a @USherbrooke.ca email address in their first >>>>> year. PHB would like to continue sending emails to grad students >>>>> at their @USherbrooke.ca email address after they left but instead >>>>> of being stored on our servers, it would be redirected (probably >>>>> through a LDAP lookup) to some external email address they would >>>>> provide us. >>>>> >>>>> If implemented, will our servers risk getting blacklisted by >>>>> others? If so, how could I still redirect the emails without too >>>>> much trouble? >>>>> >>>> >>>> Denis, >>>> >>>> Do you mean redirect or forward? To me, a redirect means "bounce the >>>> email back to the sender with new address information, eg >>>> User has moved, please try ". A forward is a (silent) >>>> retransmit of email to another address, which may or may not work. >>>> >>>> Our policy is: >>>> >>>> 1) We will only redirect (for six months) emails for graduates and >>>> terminated employees. We will NOT forward if you are gone for good. >>>> We want to advertise your new address for you. >>>> >>>> 2) We will only forward on a temporary basis if you are off-campus >>>> but otherwise still a student or faculty, eg semester abroad. We >>>> will NOT forward if you are on-campus, period. We don't care how >>>> much you like Gmail. In general, I discourage off-campus forwards. >>>> >>>> Forwarding for indefinite periods of time is a bad idea, IMHO. >>>> >>>> Jeff Earickson >>>> Colby College >>> Jeff, >>> >>> You are right... what we are planning to do is a forward, not a >>> redirect! Sorry for the confusion. >>> >>> We do not allow forwarding for active students/staff but are >>> planning on implementing it for graduate students. >>> >>> All outbound email is scanned for virus/spam. >>> >>> Should I be worried? >> We run a old-university-username@zepler.net alumni mail forwarding >> service for all our ex-students and ex-staff. We scan everything on >> its way in and on its way out, and we don't have any problems at all. >> They have web access to a page that lets them change their forwarding >> address, and to change their password. The password is started from >> their old-university-username password as it was when they left us. >> It all works very nicely. >> >> But we allow forwarding for all our current students and staff too. >> If they prefer to use gmail, then we let them. Overseas students may >> have very valid reasons for not accessing our email service while >> they are away from Southampton. Some countries (and companies) in the >> world restrict external (ie out-of-country or out-of-company) access >> to various services. It's up to them to ensure they get all their >> work mail, so we encourage those students to forward it *and* deliver >> it locally to their work account. Failure to receive an email is not >> considered a valid excuse for late delivery of coursework, unless >> many such complaints have been received about the same missing >> message from different people. That would be sufficient evidence to >> prove the problem was indeed at our end, if a lot of people didn't >> get the message. >> >> The answer doesn't always have to be "no, you can't do it", certainly >> not in a world-leading educational environment :-) >> >> Jules >> > Julian, > > The site www.zepler.net is quite interesting! I will make sure all > people that will work on our email forwarding service look at it. It > is really similar to what we want to do. > Using a different domain name is also a good thing because all > students and staff now share the same @usherbrooke.ca domain, creating > more and more address conflicts over time: people use > firstname.lastname@usherbrooke.ca as their email address; if a > conflict arises, the newer person will have the choice of adding a > number or middle initial to his email address but this is not really > satisfying, IMO. By removing grad students' email address from the > USherbrooke.ca domain, this problem will not get worse every year... > but I just realized it will now move to the new domain name > instead... oh well... Our usernames issued to students include the year they first registered, so this problem doesn't get worse with time, they don't re-use usernames as they don't need to. We went for a separate domain for various reasons, one of which was to make it obvious they weren't able to send mail pretending to be someone still working for us. We handle all the email forwarding with nothing more than a cron job using a database which generates a virtusertable in sendmail. Nice and simple. It's all handled by my main dept MX servers and mail system, so there isn't any separate mail system to be administered for zepler.net in addition to the main one. So it doesn't add any extra maintenance work at all, other than 1 table on our database server, and a script and a cron entry on each of the MX servers. And they get all the same anti-spam and anti-virus tools they are used to getting when they had a "real" work account when they worked/studied here. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From romulo at interop.com.br Tue Sep 25 23:08:01 2007 From: romulo at interop.com.br (Romulo Giordani. Boschetti) Date: Tue Sep 25 23:12:19 2007 Subject: Not Send Information About "Blocked Size Attachments" In-Reply-To: <46F95CF4.506@ecs.soton.ac.uk> Message-ID: <14051109.1991190758081992.JavaMail.root@correio.interop.com.br> Hi Julian, >> Hi, >> >> Is there any way to do not send any notification to recipient about >> "Blocked Size Attachments" ? >> >>It usually better to block large messages at the MTA, saves all the >>resources used by MailScanner unpacking the things in the first place. I need to save the e-mail into quarantine, for that I need filtering into MailScanner and not into MTA. >> Today I had examined the source code of MailScanner and edited the file >> "MessageBatch.pm", and had modify the function "DeliverCleaned". How could I >> turn it a "Rule" inside MailScanner? >> >> Not very easily. Yes, I know. But I would like help you. >> Could you please direct me where I find more information about MailScanner >> Development ? >> >> I do it :-) Thanks. Can You send me documents about development ? Again Thanks ... Um Abra?o --------------------------------------------------- R?mulo Giordani Boschetti Analista de Suporte LPI LEVEL 3 Interop Fone: 51 3216.7000 ----- Mensagem Original ----- De: "Julian Field" Para: "MailScanner discussion" Enviar: Ter?a-feira, 25 de Setembro de 2007 16h09min40s (GMT-0300) America/Sao_Paulo Assunto: Re: Not Send Information About "Blocked Size Attachments" Fabio Viero wrote: > On 9/25/07, Romulo Giordani. Boschetti wrote: > >> Hi, >> >> Is there any way to do not send any notification to recipient about >> "Blocked Size Attachments" ? >> It usually better to block large messages at the MTA, saves all the resources used by MailScanner unpacking the things in the first place. >> Today I had examined the source code of MailScanner and edited the file >> "MessageBatch.pm", and had modify the function "DeliverCleaned". How could I >> turn it a "Rule" inside MailScanner? >> Not very easily. >> Could you please direct me where I find more information about MailScanner >> Development ? >> I do it :-) >> Best regards, >> >> --------------------------------------------------- >> R?mulo Giordani Boschetti >> Analista de Suporte >> LPI LEVEL 3 >> Interop >> Fone: 51 3216.7000 >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> > Did you try setting: > > Deleted Size Message Report = %report-dir%/deleted.size.message.txt > > To > > Deleted Size Message Report = > > This may sound silly but i found you went the hard way. Maybe you > haven?t tried some KISS philosophy (Keep It Simple Stupid) ;) don?t > get angry about the Stupid, it?s just a say... > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070925/0021b133/attachment.html From ugob at lubik.ca Tue Sep 25 23:38:22 2007 From: ugob at lubik.ca (Ugo Bellavance) Date: Tue Sep 25 23:38:41 2007 Subject: OT: redirection, a bad idea??? In-Reply-To: <46F94DD2.7000509@USherbrooke.ca> References: <46F94DD2.7000509@USherbrooke.ca> Message-ID: Denis Beauchemin wrote: > Hello all, > > The PHB are talking about redirecting grad students' local email > accounts to some other external account they read more frequently. All > students get a @USherbrooke.ca email address in their first year. PHB > would like to continue sending emails to grad students at their > @USherbrooke.ca email address after they left but instead of being > stored on our servers, it would be redirected (probably through a LDAP > lookup) to some external email address they would provide us. > > If implemented, will our servers risk getting blacklisted by others? If > so, how could I still redirect the emails without too much trouble? > > Thanks! > > Denis > Be carefull with SPF, as you will breaking it, as any forwarder does. Ugo From martelm at quark.vsc.edu Wed Sep 26 09:44:36 2007 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Wed Sep 26 09:44:47 2007 Subject: waiting for children to die : Process did not exit cleanly In-Reply-To: <46F962F6.8060601@ecs.soton.ac.uk> References: <91B823FF3DAA9404D45088CF@sherlockholmes.local> <46F962F6.8060601@ecs.soton.ac.uk> Message-ID: --On Tuesday, September 25, 2007 8:35 PM +0100 Julian Field wrote: > Have you run "MailScanner --debug" and "MailScanner --lint" ? --lint yes, --debug no. Here's the lint, nice and clean. [root@hemlock bin]# ./MailScanner --lint Checking version numbers... Version number in MailScanner.conf (4.63.8) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamav bitdefender f-prot" Found these virus scanners installed: bitdefender, clamav, mcafee, f-prot =========================================================================== Ignore errors about failing to find EOCD signature format error: can't find EOCD signature at ./MailScanner line 458 =========================================================================== Virus Scanner test reports: ClamAV said "eicar.com contains Eicar-Test-Signature" Bitdefender said "Found virus EICAR-Test-File (not a virus) in file eicar.com" F-Prot said "./1/eicar.com Infection: EICAR_Test_File" If any of your virus scanners (bitdefender,clamav,mcafee,f-prot) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. [root@hemlock bin]# Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 From Kit at simplysites.co.uk Wed Sep 26 09:54:19 2007 From: Kit at simplysites.co.uk (Kit Wong) Date: Wed Sep 26 09:55:09 2007 Subject: Including popip.db into whitelist In-Reply-To: References: Message-ID: -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva Sent: 25 September 2007 17:44 To: mailscanner@lists.mailscanner.info Subject: Re: Including popip.db into whitelist on 9/25/2007 6:52 AM Kit Wong spake the following: > Hi All > I have searched everywhere on the internet for an answer and have > decided to email those who know. > I have mailscanner/spamassassin running + MailWatch. I have noticed the > a lot of my client's emails are getting scanner and some are marked as > spam. Since the server uses pop-before-smtp a list of valid ip address > are stored within popip.db > > Is there a way of dynamically querying popip.db to not scan emails from > those ips. I have already whitelisted/bypassed 127.0.0.1 as described on > a post somewhere. > > Adding domain names which are hosted on the server will not work due to > spoof emails. > > Hope someone can help > Kit > > > Are they getting marked as spam because they are on dynamic ip's or are they getting marked as spam because they look spammy? One is easy to fix, but the other will start getting your server on blacklists. -- ---------------------------------------- I am not too concerned about what the content is on the email, its just that the popip.db holds valid ips that have been successfully logged in via pop. Emails from ips listed within the db shouldn't need to be scanned. Its just if there is a simple way of including this list then it would make life easier. MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From martelm at quark.vsc.edu Wed Sep 26 09:46:48 2007 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Wed Sep 26 10:07:22 2007 Subject: waiting for children to die : Process did not exit cleanly In-Reply-To: <46F962F6.8060601@ecs.soton.ac.uk> References: <91B823FF3DAA9404D45088CF@sherlockholmes.local> <46F962F6.8060601@ecs.soton.ac.uk> Message-ID: --On Tuesday, September 25, 2007 8:35 PM +0100 Julian Field wrote: > Have you run "MailScanner --debug" and "MailScanner --lint" ? --debug, looks ok, until the segmentation fault at the end. hmm ... [root@hemlock bin]# ./MailScanner --debug In Debugging mode, not forking... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp Ignore errors about failing to find EOCD signature format error: can't find EOCD signature at ./MailScanner line 923 format error: can't find EOCD signature at ./MailScanner line 923 format error: can't find EOCD signature at ./MailScanner line 923 format error: can't find EOCD signature at ./MailScanner line 923 format error: can't find EOCD signature at ./MailScanner line 923 format error: can't find EOCD signature at ./MailScanner line 923 format error: can't find EOCD signature at ./MailScanner line 923 format error: can't find EOCD signature at ./MailScanner line 923 format error: can't find EOCD signature at ./MailScanner line 923 format error: can't find EOCD signature at ./MailScanner line 923 format error: can't find EOCD signature at ./MailScanner line 923 format error: can't find EOCD signature at ./MailScanner line 923 format error: can't find EOCD signature at ./MailScanner line 923 format error: can't find EOCD signature at ./MailScanner line 923 format error: can't find EOCD signature at ./MailScanner line 923 format error: can't find EOCD signature at ./MailScanner line 923 format error: can't find EOCD signature at ./MailScanner line 923 Segmentation fault [root@hemlock bin]# Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 From martelm at quark.vsc.edu Wed Sep 26 10:15:04 2007 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Wed Sep 26 10:15:13 2007 Subject: waiting for children to die : Process did not exit cleanly In-Reply-To: <46F962F6.8060601@ecs.soton.ac.uk> References: <91B823FF3DAA9404D45088CF@sherlockholmes.local> <46F962F6.8060601@ecs.soton.ac.uk> Message-ID: --On Tuesday, September 25, 2007 8:35 PM +0100 Julian Field wrote: > Have you run "MailScanner --debug" and "MailScanner --lint" ? Found it. Garbage message in the Mail queue that MailScanner was dying on. Dang, I just deleted it too, I didn't even think you might want to see it to find out why. Thanks for the help! Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 From martinh at solidstatelogic.com Wed Sep 26 10:18:07 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Sep 26 10:18:06 2007 Subject: waiting for children to die : Process did not exit cleanly In-Reply-To: Message-ID: Michael Can we have "MailScanner --debug --debug-sa" And "MailScanner -v" please -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Michael H. Martel > Sent: 26 September 2007 09:47 > To: MailScanner discussion > Subject: Re: waiting for children to die : Process did not exit cleanly > > --On Tuesday, September 25, 2007 8:35 PM +0100 Julian Field > wrote: > > > Have you run "MailScanner --debug" and "MailScanner --lint" ? > > --debug, looks ok, until the segmentation fault at the end. hmm ... > > [root@hemlock bin]# ./MailScanner --debug > In Debugging mode, not forking... > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > Ignore errors about failing to find EOCD signature > format error: can't find EOCD signature > at ./MailScanner line 923 > format error: can't find EOCD signature > at ./MailScanner line 923 > format error: can't find EOCD signature > at ./MailScanner line 923 > format error: can't find EOCD signature > at ./MailScanner line 923 > format error: can't find EOCD signature > at ./MailScanner line 923 > format error: can't find EOCD signature > at ./MailScanner line 923 > format error: can't find EOCD signature > at ./MailScanner line 923 > format error: can't find EOCD signature > at ./MailScanner line 923 > format error: can't find EOCD signature > at ./MailScanner line 923 > format error: can't find EOCD signature > at ./MailScanner line 923 > format error: can't find EOCD signature > at ./MailScanner line 923 > format error: can't find EOCD signature > at ./MailScanner line 923 > format error: can't find EOCD signature > at ./MailScanner line 923 > format error: can't find EOCD signature > at ./MailScanner line 923 > format error: can't find EOCD signature > at ./MailScanner line 923 > format error: can't find EOCD signature > at ./MailScanner line 923 > format error: can't find EOCD signature > at ./MailScanner line 923 > Segmentation fault > [root@hemlock bin]# > > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From simon at saq.co.uk Wed Sep 26 10:32:07 2007 From: simon at saq.co.uk (Simon Jones) Date: Wed Sep 26 10:42:36 2007 Subject: stubborn quarantine References: Message-ID: Sorted, new config file on the rebuilt system didn't point to the scan.messages.rules file > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Simon Jones > Sent: 25 September 2007 15:45 > To: MailScanner discussion > Subject: stubborn quarantine > > I've a message stuck in quarantine but not sure why, even when I > release > it the darn machine won't send it on - here's the log: > > Sep 25 15:39:47 db1 postfix/smtpd[27126]: 3119A442813A: > client=host.domain.co.uk[127.0.0.1] > Sep 25 15:39:47 db1 postfix/cleanup[27147]: 3119A442813A: hold: header > Received: from localhost (db1.domain.co.uk [127.0.0.1])??by > host.domain.co.uk (Postfix) with ESMTP id 3119A442813A??for > ; Tue, 25 Sep 2007 15:39:47 +0100 (BST) from > host.domain.co.uk[127.0.0.1]; from= > to= proto=ESMTP helo= > Sep 25 15:39:47 db1 postfix/cleanup[27147]: 3119A442813A: > message-id=<20070925143947.3119A442813A@host.domain.co.uk> > Sep 25 15:39:47 db1 MailScanner[27181]: Expanding TNEF archive at > /var/spool/MailScanner/incoming/27181/3119A442813A.26347/winmail.dat > Sep 25 15:39:47 db1 MailScanner[27181]: Corrupt TNEF winmail.dat that > cannot be analysed in message 3119A442813A.26347 > Sep 25 15:39:49 db1 MailScanner[27181]: Saved entire message to > /var/spool/MailScanner/quarantine/20070925/3119A442813A.26347 > Sep 25 15:39:49 db1 MailScanner[27181]: Requeue: 3119A442813A.26347 to > 7E47A442813B > Sep 25 15:39:49 db1 MailScanner[27181]: Logging message > 3119A442813A.26347 to SQL > Sep 25 15:39:49 db1 MailScanner[27137]: 3119A442813A.26347: Logged to > MailWatch SQL > > I have localhost in my /etc/MailScanner/rules/scan.messages.rules file > > From: localhost no > > Simon > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From P.G.M.Peters at utwente.nl Wed Sep 26 12:03:03 2007 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Wed Sep 26 12:03:12 2007 Subject: OT: redirection, a bad idea??? In-Reply-To: References: <46F94DD2.7000509@USherbrooke.ca> <46F957B2.5040701@USherbrooke.ca> <46F95FA2.9050402@ecs.soton.ac.uk> <46F964B7.4060707@USherbrooke.ca> Message-ID: <46FA3C67.3030306@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote on 25-9-2007 21:55: >> The site www.zepler.net is quite interesting! I will make sure all >> people that will work on our email forwarding service look at it. It >> is really similar to what we want to do. We offer the same service to out graduate students. We don't have a special domain but want to show the association with the university in the address: http://www.alumnus.utwente.nl/ >> Using a different domain name is also a good thing because all >> students and staff now share the same @usherbrooke.ca domain, creating >> more and more address conflicts over time: people use >> firstname.lastname@usherbrooke.ca as their email address; if a >> conflict arises, the newer person will have the choice of adding a >> number or middle initial to his email address but this is not really >> satisfying, IMO. By removing grad students' email address from the >> USherbrooke.ca domain, this problem will not get worse every year... >> but I just realized it will now move to the new domain name >> instead... oh well... Out students have addresses @student.utwente.nl while the staff has @utwente.nl addresses. But still we have conflicts. In the past addresses @student.utwente.nl got reused but since a number of our graduated students decided to start a new study (sometimes after a decade) we have decided to reserve those addresses. They get a initials.lastname@student.utwente.nl. Then they get initials.lastname@alumnus.utwente.nl. When they start a new study they (and people sending to them) get confused when they don't get initials.lastname@student.utwente.nl again. The initials part can be replace by their first name. > It looks like it has another benefit. If the site does get blacklisted, > the main mail servers will still be free to function. We do the forwarding on our MX servers. So these would be the ones getting blocked. Everybody sending e-mail from inside should use our outgoing servers. These are different (at least different IP addresses). But this does not mean we don't have problems with blacklisting. The forwarding will stop when the MX servers are blacklisted. BTW, our MX servers are blacklisted in the blacklist.zap lists. We don't know for sure because they are Microsoft blacklists that are used inside Exchange when IMF is configured. The MX servers are probably on that list because they deliver a lot of spam to our Exchange servers. - -- Peter Peters, senior beheerder (Security) Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG+jxnelLo80lrIdIRAvixAJ9vyFIi42yV32WMB6z+ioyIzQTsKQCff/v+ tUzejdZ5Or9oggO5Az0SOMY= =lTCV -----END PGP SIGNATURE----- From P.G.M.Peters at utwente.nl Wed Sep 26 12:04:26 2007 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Wed Sep 26 12:04:33 2007 Subject: OT: redirection, a bad idea??? In-Reply-To: References: <46F94DD2.7000509@USherbrooke.ca> Message-ID: <46FA3CBA.4070401@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ugo Bellavance wrote on 26-9-2007 0:38: > Be carefull with SPF, as you will breaking it, as any forwarder does. I wouldn't mind breaking something broken like that. - -- Peter Peters, senior beheerder (Security) Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG+jy5elLo80lrIdIRAh+qAJ9Rq5SHRdXN3siLJAixPNbU2zlRAwCfVtQW lE5ZI+fyr4ZHcYeU8XUH4n0= =2FFt -----END PGP SIGNATURE----- From jaearick at colby.edu Wed Sep 26 15:09:08 2007 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Sep 26 15:09:23 2007 Subject: 4.63.8: sa rules and DCC confusion In-Reply-To: <46F96152.8000903@ecs.soton.ac.uk> References: <46F96152.8000903@ecs.soton.ac.uk> Message-ID: On Tue, 25 Sep 2007, Julian Field wrote: > These days, you should have a link in /etc/mail/spamassassin/mailscanner.cf > that points to /opt/MailScanner/etc/spam.assassin.prefs.conf. Thank you. Adding this got DCC in use again. >> SpamAssassin User State Dir = /var/spool/spamassassin >> SpamAssassin Site Rules Dir = /etc/mail/spamassassin >> SpamAssassin Local Rules Dir = /etc/mail/spamassassin >> SpamAssassin Local State Dir = /var/opt > I leave these all as the default (blank) values. SA picks up the > /var/lib/spamassassin by default, but I'm not sure which setting you want to > change to set the rules dir for your updated rules. > > A quick "ls -alutr" will sort by "last used" (ie last time it was read) > datestamp, which will easily show you what files are being used and when. > Makes diagnosing this stuff a breeze. > I have added this to my alias list in csh, thanks. Your comment about blank SpamAssassin settings made me carefully compare my MailScanner.conf file versus the default, and bring many more of my settings back in line with your defaults. This got my debug output to show that /var/opt/spamassassin/3.002003/* cf files is now in use. Hooray! Thanks, Jeff Earickson Colby College From ssilva at sgvwater.com Wed Sep 26 17:48:30 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Sep 26 17:52:14 2007 Subject: Including popip.db into whitelist In-Reply-To: References: Message-ID: on 9/26/2007 1:54 AM Kit Wong spake the following: > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott > Silva > Sent: 25 September 2007 17:44 > To: mailscanner@lists.mailscanner.info > Subject: Re: Including popip.db into whitelist > > on 9/25/2007 6:52 AM Kit Wong spake the following: >> Hi All >> I have searched everywhere on the internet for an answer and have >> decided to email those who know. >> I have mailscanner/spamassassin running + MailWatch. I have noticed > the >> a lot of my client's emails are getting scanner and some are marked > as >> spam. Since the server uses pop-before-smtp a list of valid ip address >> are stored within popip.db >> >> Is there a way of dynamically querying popip.db to not scan emails > from >> those ips. I have already whitelisted/bypassed 127.0.0.1 as described > on >> a post somewhere. >> >> Adding domain names which are hosted on the server will not work due > to >> spoof emails. >> >> Hope someone can help >> Kit >> >> >> > Are they getting marked as spam because they are on dynamic ip's or are > they > getting marked as spam because they look spammy? > One is easy to fix, but the other will start getting your server on > blacklists. > -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Sep 26 18:03:26 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Sep 26 18:04:06 2007 Subject: Including popip.db into whitelist In-Reply-To: References: Message-ID: on 9/26/2007 1:54 AM Kit Wong spake the following: > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott > Silva > Sent: 25 September 2007 17:44 > To: mailscanner@lists.mailscanner.info > Subject: Re: Including popip.db into whitelist > > on 9/25/2007 6:52 AM Kit Wong spake the following: >> Hi All >> I have searched everywhere on the internet for an answer and have >> decided to email those who know. >> I have mailscanner/spamassassin running + MailWatch. I have noticed > the >> a lot of my client's emails are getting scanner and some are marked > as >> spam. Since the server uses pop-before-smtp a list of valid ip address >> are stored within popip.db >> >> Is there a way of dynamically querying popip.db to not scan emails > from >> those ips. I have already whitelisted/bypassed 127.0.0.1 as described > on >> a post somewhere. >> >> Adding domain names which are hosted on the server will not work due > to >> spoof emails. >> >> Hope someone can help >> Kit >> >> >> > Are they getting marked as spam because they are on dynamic ip's or are > they > getting marked as spam because they look spammy? > One is easy to fix, but the other will start getting your server on > blacklists. > >I am not too concerned about what the content is on the email, its just >that the popip.db holds valid ips that have been successfully logged in >via pop. Emails from ips listed within the db shouldn't need to be >scanned. Its just if there is a simple way of including this list then >it would make life easier. You could have remote users come in on a different port like 587 and have that go to a different queue. Or find a way to add a authed header with something like mimedefang, or see if you can write a rule in spamassassin to check if they are authed and give a negative score. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From carock at epconline.com Wed Sep 26 18:23:15 2007 From: carock at epconline.com (Chuck Rock) Date: Wed Sep 26 18:23:19 2007 Subject: messages backing up - help In-Reply-To: Message-ID: <04f401c80061$ec9f4df0$8c007f0a@epctech.com> I am running FreeBSD 6.2 with MailScanner 4.61.7 and ClamAV 0.91.2 on a Dual Xeon 3.0GHz with 2 Gig RAM server. This box is just a pre-filter to do AV scan and the basic RBL and phishing scan. No spamassasin filtering on this server. I have been messing with the Max Children, Max Unscanned Messages Per Scan and Max Unsafe Messages Per Scan to find the magic numbers to get mail to prcess through this server smoothly. Max Children = 30 Max Unscanned Messages Per Scan = 40 Max Unsafe Messages Per Scan = 40 Max Normal Queue Size = 5 Current queue has 5000 messages waiting to be scanned. ---------------------------- smtp1(1600):[/usr/local/etc/MailScanner]-#ps auxww | grep MailS | wc -l 17 smtp1(1601):[/usr/local/etc/MailScanner]-#w 12:18PM up 30 days, 2:38, 2 users, load averages: 1.47, 1.35, 1.37 Sep 26 12:18:25 smtp1 MailScanner[83495]: Batch (40 messages) processed in 52.51 seconds --------------------------- smtp1(1613):[/usr/local/etc/MailScanner]-#ps auxww | grep MailS | wc -l 32 smtp1(1614):[/usr/local/etc/MailScanner]-#w 12:20PM up 30 days, 2:40, 2 users, load averages: 0.53, 1.10, 1.27 Sep 26 12:20:40 smtp1 MailScanner[83502]: Batch (40 messages) processed in 182.66 seconds I can't find it. I grep the mail logs for the scan seconds and I find this. Sep 26 12:00:49 smtp1 MailScanner[78986]: Batch (40 messages) processed in 221.82 seconds Sep 26 12:01:07 smtp1 MailScanner[78940]: Batch (40 messages) processed in 239.80 seconds Sep 26 12:01:09 smtp1 MailScanner[79037]: Batch (40 messages) processed in 237.63 seconds Then: Sep 26 12:08:46 smtp1 MailScanner[79484]: Batch (40 messages) processed in 667.70 seconds Sep 26 12:08:53 smtp1 MailScanner[79207]: Batch (40 messages) processed in 691.09 seconds Sep 26 12:08:56 smtp1 MailScanner[79329]: Batch (40 messages) processed in 678.39 seconds And this time will continue to climb. Earlier it was: Sep 26 11:52:53 smtp1 MailScanner[64885]: Batch (40 messages) processed in 1272.42 seconds Sep 26 11:52:54 smtp1 MailScanner[65051]: Batch (40 messages) processed in 1291.63 seconds Sep 26 11:53:36 smtp1 MailScanner[66205]: Batch (40 messages) processed in 1186.13 seconds I restarted MailScanner and it goes back down for a short time. I have another server similar specs, FreeBSD 6.1, 4 Gig RAM, Dual Xeon 2.8GHz same MailScanner and Clam version. It's time also climbs, but takes a long time and the /var/spool/mqueue.in directory doesn't fill up with messages waiting to scan. This server can handle about twice as much throughput as the other. I also have the MailScanner.conf settings as above set higher. This one has 20 children with 80 messages per scan. The time rarely gets above 300 seconds in the mail logs. How can I troubleshoot this? Obviously it's not going to be fixed by tweaking those MailScanner settings above. I just don't have any idea why the scan times creep up like that. Any ideas? Thanks, Chuck From mike at vesol.com Wed Sep 26 18:32:20 2007 From: mike at vesol.com (Mike Kercher) Date: Wed Sep 26 18:32:38 2007 Subject: messages backing up - help References: <04f401c80061$ec9f4df0$8c007f0a@epctech.com> Message-ID: <6115482898C59848B35DB9D491C9A28E06F3E0@srv1.home.middlefinger.net> Is your DNS functioning? ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Chuck Rock Sent: Wed 9/26/2007 12:23 PM To: 'MailScanner discussion' Subject: messages backing up - help I am running FreeBSD 6.2 with MailScanner 4.61.7 and ClamAV 0.91.2 on a Dual Xeon 3.0GHz with 2 Gig RAM server. This box is just a pre-filter to do AV scan and the basic RBL and phishing scan. No spamassasin filtering on this server. I have been messing with the Max Children, Max Unscanned Messages Per Scan and Max Unsafe Messages Per Scan to find the magic numbers to get mail to prcess through this server smoothly. Max Children = 30 Max Unscanned Messages Per Scan = 40 Max Unsafe Messages Per Scan = 40 Max Normal Queue Size = 5 Current queue has 5000 messages waiting to be scanned. ---------------------------- smtp1(1600):[/usr/local/etc/MailScanner]-#ps auxww | grep MailS | wc -l 17 smtp1(1601):[/usr/local/etc/MailScanner]-#w 12:18PM up 30 days, 2:38, 2 users, load averages: 1.47, 1.35, 1.37 Sep 26 12:18:25 smtp1 MailScanner[83495]: Batch (40 messages) processed in 52.51 seconds --------------------------- smtp1(1613):[/usr/local/etc/MailScanner]-#ps auxww | grep MailS | wc -l 32 smtp1(1614):[/usr/local/etc/MailScanner]-#w 12:20PM up 30 days, 2:40, 2 users, load averages: 0.53, 1.10, 1.27 Sep 26 12:20:40 smtp1 MailScanner[83502]: Batch (40 messages) processed in 182.66 seconds I can't find it. I grep the mail logs for the scan seconds and I find this. Sep 26 12:00:49 smtp1 MailScanner[78986]: Batch (40 messages) processed in 221.82 seconds Sep 26 12:01:07 smtp1 MailScanner[78940]: Batch (40 messages) processed in 239.80 seconds Sep 26 12:01:09 smtp1 MailScanner[79037]: Batch (40 messages) processed in 237.63 seconds Then: Sep 26 12:08:46 smtp1 MailScanner[79484]: Batch (40 messages) processed in 667.70 seconds Sep 26 12:08:53 smtp1 MailScanner[79207]: Batch (40 messages) processed in 691.09 seconds Sep 26 12:08:56 smtp1 MailScanner[79329]: Batch (40 messages) processed in 678.39 seconds And this time will continue to climb. Earlier it was: Sep 26 11:52:53 smtp1 MailScanner[64885]: Batch (40 messages) processed in 1272.42 seconds Sep 26 11:52:54 smtp1 MailScanner[65051]: Batch (40 messages) processed in 1291.63 seconds Sep 26 11:53:36 smtp1 MailScanner[66205]: Batch (40 messages) processed in 1186.13 seconds I restarted MailScanner and it goes back down for a short time. I have another server similar specs, FreeBSD 6.1, 4 Gig RAM, Dual Xeon 2.8GHz same MailScanner and Clam version. It's time also climbs, but takes a long time and the /var/spool/mqueue.in directory doesn't fill up with messages waiting to scan. This server can handle about twice as much throughput as the other. I also have the MailScanner.conf settings as above set higher. This one has 20 children with 80 messages per scan. The time rarely gets above 300 seconds in the mail logs. How can I troubleshoot this? Obviously it's not going to be fixed by tweaking those MailScanner settings above. I just don't have any idea why the scan times creep up like that. Any ideas? Thanks, Chuck -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 5559 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070926/096ff820/attachment.bin From list-mailscanner at linguaphone.com Wed Sep 26 18:36:39 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Sep 26 18:36:47 2007 Subject: messages backing up - help In-Reply-To: <04f401c80061$ec9f4df0$8c007f0a@epctech.com> Message-ID: I would reduce the max children down to 10. The recomended setting is 5 children per processor and 1GB of ram per processor. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Chuck > Rock > Sent: 26 September 2007 18:23 > To: 'MailScanner discussion' > Subject: messages backing up - help > > > I am running FreeBSD 6.2 with MailScanner 4.61.7 and ClamAV > 0.91.2 on a Dual > Xeon 3.0GHz with 2 Gig RAM server. > > This box is just a pre-filter to do AV scan and the basic RBL and phishing > scan. No spamassasin filtering on this server. > > I have been messing with the Max Children, Max Unscanned Messages Per Scan > and Max Unsafe Messages Per Scan to find the magic numbers to get mail to > prcess through this server smoothly. > > Max Children = 30 > Max Unscanned Messages Per Scan = 40 > Max Unsafe Messages Per Scan = 40 > Max Normal Queue Size = 5 > > Current queue has 5000 messages waiting to be scanned. > ---------------------------- > smtp1(1600):[/usr/local/etc/MailScanner]-#ps auxww | grep MailS | wc -l > 17 > smtp1(1601):[/usr/local/etc/MailScanner]-#w > 12:18PM up 30 days, 2:38, 2 users, load averages: 1.47, 1.35, 1.37 > > Sep 26 12:18:25 smtp1 MailScanner[83495]: Batch (40 messages) processed in > 52.51 seconds > --------------------------- > smtp1(1613):[/usr/local/etc/MailScanner]-#ps auxww | grep MailS | wc -l > 32 > smtp1(1614):[/usr/local/etc/MailScanner]-#w > 12:20PM up 30 days, 2:40, 2 users, load averages: 0.53, 1.10, 1.27 > > Sep 26 12:20:40 smtp1 MailScanner[83502]: Batch (40 messages) processed in > 182.66 seconds > > I can't find it. > > I grep the mail logs for the scan seconds and I find this. > > Sep 26 12:00:49 smtp1 MailScanner[78986]: Batch (40 messages) processed in > 221.82 seconds > Sep 26 12:01:07 smtp1 MailScanner[78940]: Batch (40 messages) processed in > 239.80 seconds > Sep 26 12:01:09 smtp1 MailScanner[79037]: Batch (40 messages) processed in > 237.63 seconds > > Then: > > Sep 26 12:08:46 smtp1 MailScanner[79484]: Batch (40 messages) processed in > 667.70 seconds > Sep 26 12:08:53 smtp1 MailScanner[79207]: Batch (40 messages) processed in > 691.09 seconds > Sep 26 12:08:56 smtp1 MailScanner[79329]: Batch (40 messages) processed in > 678.39 seconds > > And this time will continue to climb. > > Earlier it was: > Sep 26 11:52:53 smtp1 MailScanner[64885]: Batch (40 messages) processed in > 1272.42 seconds > Sep 26 11:52:54 smtp1 MailScanner[65051]: Batch (40 messages) processed in > 1291.63 seconds > Sep 26 11:53:36 smtp1 MailScanner[66205]: Batch (40 messages) processed in > 1186.13 seconds > > I restarted MailScanner and it goes back down for a short time. > > I have another server similar specs, FreeBSD 6.1, 4 Gig RAM, Dual Xeon > 2.8GHz same MailScanner and Clam version. It's time also climbs, > but takes a > long time and the /var/spool/mqueue.in directory doesn't fill up with > messages waiting to scan. This server can handle about twice as much > throughput as the other. I also have the MailScanner.conf > settings as above > set higher. This one has 20 children with 80 messages per scan. The time > rarely gets above 300 seconds in the mail logs. > > How can I troubleshoot this? Obviously it's not going to be fixed by > tweaking those MailScanner settings above. I just don't have any idea why > the scan times creep up like that. > > Any ideas? > > Thanks, > Chuck > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From list-mailscanner at linguaphone.com Wed Sep 26 18:37:25 2007 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Sep 26 18:37:29 2007 Subject: messages backing up - help In-Reply-To: <6115482898C59848B35DB9D491C9A28E06F3E0@srv1.home.middlefinger.net> Message-ID: And also are you running a local caching nameserver and not just pointing the DNS to a different box. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Mike > Kercher > Sent: 26 September 2007 18:32 > To: MailScanner discussion > Subject: RE: messages backing up - help > > > Is your DNS functioning? > > ________________________________ > > From: mailscanner-bounces@lists.mailscanner.info on behalf of Chuck Rock > Sent: Wed 9/26/2007 12:23 PM > To: 'MailScanner discussion' > Subject: messages backing up - help > > > > I am running FreeBSD 6.2 with MailScanner 4.61.7 and ClamAV 0.91.2 on a > Dual > Xeon 3.0GHz with 2 Gig RAM server. > > This box is just a pre-filter to do AV scan and the basic RBL and > phishing > scan. No spamassasin filtering on this server. > > I have been messing with the Max Children, Max Unscanned Messages Per > Scan > and Max Unsafe Messages Per Scan to find the magic numbers to get mail > to > prcess through this server smoothly. > > Max Children = 30 > Max Unscanned Messages Per Scan = 40 > Max Unsafe Messages Per Scan = 40 > Max Normal Queue Size = 5 > > Current queue has 5000 messages waiting to be scanned. > ---------------------------- > smtp1(1600):[/usr/local/etc/MailScanner]-#ps auxww | grep MailS | wc -l > 17 > smtp1(1601):[/usr/local/etc/MailScanner]-#w > 12:18PM up 30 days, 2:38, 2 users, load averages: 1.47, 1.35, 1.37 > > Sep 26 12:18:25 smtp1 MailScanner[83495]: Batch (40 messages) processed > in > 52.51 seconds > --------------------------- > smtp1(1613):[/usr/local/etc/MailScanner]-#ps auxww | grep MailS | wc -l > 32 > smtp1(1614):[/usr/local/etc/MailScanner]-#w > 12:20PM up 30 days, 2:40, 2 users, load averages: 0.53, 1.10, 1.27 > > Sep 26 12:20:40 smtp1 MailScanner[83502]: Batch (40 messages) processed > in > 182.66 seconds > > I can't find it. > > I grep the mail logs for the scan seconds and I find this. > > Sep 26 12:00:49 smtp1 MailScanner[78986]: Batch (40 messages) processed > in > 221.82 seconds > Sep 26 12:01:07 smtp1 MailScanner[78940]: Batch (40 messages) processed > in > 239.80 seconds > Sep 26 12:01:09 smtp1 MailScanner[79037]: Batch (40 messages) processed > in > 237.63 seconds > > Then: > > Sep 26 12:08:46 smtp1 MailScanner[79484]: Batch (40 messages) processed > in > 667.70 seconds > Sep 26 12:08:53 smtp1 MailScanner[79207]: Batch (40 messages) processed > in > 691.09 seconds > Sep 26 12:08:56 smtp1 MailScanner[79329]: Batch (40 messages) processed > in > 678.39 seconds > > And this time will continue to climb. > > Earlier it was: > Sep 26 11:52:53 smtp1 MailScanner[64885]: Batch (40 messages) processed > in > 1272.42 seconds > Sep 26 11:52:54 smtp1 MailScanner[65051]: Batch (40 messages) processed > in > 1291.63 seconds > Sep 26 11:53:36 smtp1 MailScanner[66205]: Batch (40 messages) processed > in > 1186.13 seconds > > I restarted MailScanner and it goes back down for a short time. > > I have another server similar specs, FreeBSD 6.1, 4 Gig RAM, Dual Xeon > 2.8GHz same MailScanner and Clam version. It's time also climbs, but > takes a > long time and the /var/spool/mqueue.in directory doesn't fill up with > messages waiting to scan. This server can handle about twice as much > throughput as the other. I also have the MailScanner.conf settings as > above > set higher. This one has 20 children with 80 messages per scan. The time > rarely gets above 300 seconds in the mail logs. > > How can I troubleshoot this? Obviously it's not going to be fixed by > tweaking those MailScanner settings above. I just don't have any idea > why > the scan times creep up like that. > > Any ideas? > > Thanks, > Chuck > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From Denis.Beauchemin at USherbrooke.ca Wed Sep 26 18:38:53 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Sep 26 18:39:10 2007 Subject: messages backing up - help In-Reply-To: <04f401c80061$ec9f4df0$8c007f0a@epctech.com> References: <04f401c80061$ec9f4df0$8c007f0a@epctech.com> Message-ID: <46FA992D.9090305@USherbrooke.ca> Chuck Rock a ?crit : > I am running FreeBSD 6.2 with MailScanner 4.61.7 and ClamAV 0.91.2 on a Dual > Xeon 3.0GHz with 2 Gig RAM server. > > This box is just a pre-filter to do AV scan and the basic RBL and phishing > scan. No spamassasin filtering on this server. > > I have been messing with the Max Children, Max Unscanned Messages Per Scan > and Max Unsafe Messages Per Scan to find the magic numbers to get mail to > prcess through this server smoothly. > > Max Children = 30 > Max Unscanned Messages Per Scan = 40 > Max Unsafe Messages Per Scan = 40 > Max Normal Queue Size = 5 > > > Chuck, First, I would not have changed Max Normal Queue Size to such a low value. Basically you tell MS to never deliver emails in FIFO order, but to use a random order instead. Max Children is also a tad on the high side... That being said, I think you may have a DNS problem. Do you have a local caching-nameserver? If not, you should. RBL relies heavily on DNS! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From mike at tc3net.com Wed Sep 26 18:43:27 2007 From: mike at tc3net.com (Michael Baird) Date: Wed Sep 26 18:43:14 2007 Subject: messages backing up - help In-Reply-To: <04f401c80061$ec9f4df0$8c007f0a@epctech.com> References: <04f401c80061$ec9f4df0$8c007f0a@epctech.com> Message-ID: <46FA9A3F.3040009@tc3net.com> Something is way off, those batch times are terrible, especially without spamassassin running. Have you tried running MailScanner in debug mode, and watching it process a batch interactively to see where all the time is being spent? I'd lower Max Children way down, say 5 and work up from there, and see if it speeds up your batch time, too many simultaneous scan's of mailqueue could be at issue, or too many clamav processes. Regards Michael Baird > I am running FreeBSD 6.2 with MailScanner 4.61.7 and ClamAV 0.91.2 on a Dual > Xeon 3.0GHz with 2 Gig RAM server. > > This box is just a pre-filter to do AV scan and the basic RBL and phishing > scan. No spamassasin filtering on this server. > > I have been messing with the Max Children, Max Unscanned Messages Per Scan > and Max Unsafe Messages Per Scan to find the magic numbers to get mail to > prcess through this server smoothly. > > Max Children = 30 > Max Unscanned Messages Per Scan = 40 > Max Unsafe Messages Per Scan = 40 > Max Normal Queue Size = 5 > > Current queue has 5000 messages waiting to be scanned. > ---------------------------- > smtp1(1600):[/usr/local/etc/MailScanner]-#ps auxww | grep MailS | wc -l > 17 > smtp1(1601):[/usr/local/etc/MailScanner]-#w > 12:18PM up 30 days, 2:38, 2 users, load averages: 1.47, 1.35, 1.37 > > Sep 26 12:18:25 smtp1 MailScanner[83495]: Batch (40 messages) processed in > 52.51 seconds > --------------------------- > smtp1(1613):[/usr/local/etc/MailScanner]-#ps auxww | grep MailS | wc -l > 32 > smtp1(1614):[/usr/local/etc/MailScanner]-#w > 12:20PM up 30 days, 2:40, 2 users, load averages: 0.53, 1.10, 1.27 > > Sep 26 12:20:40 smtp1 MailScanner[83502]: Batch (40 messages) processed in > 182.66 seconds > > I can't find it. > > I grep the mail logs for the scan seconds and I find this. > > Sep 26 12:00:49 smtp1 MailScanner[78986]: Batch (40 messages) processed in > 221.82 seconds > Sep 26 12:01:07 smtp1 MailScanner[78940]: Batch (40 messages) processed in > 239.80 seconds > Sep 26 12:01:09 smtp1 MailScanner[79037]: Batch (40 messages) processed in > 237.63 seconds > > Then: > > Sep 26 12:08:46 smtp1 MailScanner[79484]: Batch (40 messages) processed in > 667.70 seconds > Sep 26 12:08:53 smtp1 MailScanner[79207]: Batch (40 messages) processed in > 691.09 seconds > Sep 26 12:08:56 smtp1 MailScanner[79329]: Batch (40 messages) processed in > 678.39 seconds > > And this time will continue to climb. > > Earlier it was: > Sep 26 11:52:53 smtp1 MailScanner[64885]: Batch (40 messages) processed in > 1272.42 seconds > Sep 26 11:52:54 smtp1 MailScanner[65051]: Batch (40 messages) processed in > 1291.63 seconds > Sep 26 11:53:36 smtp1 MailScanner[66205]: Batch (40 messages) processed in > 1186.13 seconds > > I restarted MailScanner and it goes back down for a short time. > > I have another server similar specs, FreeBSD 6.1, 4 Gig RAM, Dual Xeon > 2.8GHz same MailScanner and Clam version. It's time also climbs, but takes a > long time and the /var/spool/mqueue.in directory doesn't fill up with > messages waiting to scan. This server can handle about twice as much > throughput as the other. I also have the MailScanner.conf settings as above > set higher. This one has 20 children with 80 messages per scan. The time > rarely gets above 300 seconds in the mail logs. > > How can I troubleshoot this? Obviously it's not going to be fixed by > tweaking those MailScanner settings above. I just don't have any idea why > the scan times creep up like that. > > Any ideas? > > Thanks, > Chuck > From carock at epconline.com Wed Sep 26 18:58:30 2007 From: carock at epconline.com (Chuck Rock) Date: Wed Sep 26 18:58:36 2007 Subject: messages backing up - help In-Reply-To: <46FA9A3F.3040009@tc3net.com> Message-ID: <050a01c80066$d92f0260$8c007f0a@epctech.com> Excelent, I will try some of these suggestions and let you know. FYI, I am using a local install of Bind on the server that is flying through the mail. I didn't think of that before. I am working on creating and using my own RBL locally to help weed out offenders to my local network. I thought the MailScanner went from LIFO (normal working) to FIFO when the Max Normal Queue size was hit. At one point I had new mail flowing immediately through and older messages delivered sometimes days later. I lowered the queue size to make sure older messages were delivered before newer ones. The server that's flying through mail also has these settings. Max Children = 20 Max Unscanned Messages Per Scan = 80 Max Unsafe Messages Per Scan = 80 Max Normal Queue Size = 5 The load avg on that server is normally around 15 with about 600,000 messages through it in the last 34 hours. I'll get back with you on my fix if something works. Thank you all very much. Chuck -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Michael Baird Sent: Wednesday, September 26, 2007 12:43 PM To: MailScanner discussion Subject: Re: messages backing up - help Something is way off, those batch times are terrible, especially without spamassassin running. Have you tried running MailScanner in debug mode, and watching it process a batch interactively to see where all the time is being spent? I'd lower Max Children way down, say 5 and work up from there, and see if it speeds up your batch time, too many simultaneous scan's of mailqueue could be at issue, or too many clamav processes. Regards Michael Baird > I am running FreeBSD 6.2 with MailScanner 4.61.7 and ClamAV 0.91.2 on a Dual > Xeon 3.0GHz with 2 Gig RAM server. > > This box is just a pre-filter to do AV scan and the basic RBL and phishing > scan. No spamassasin filtering on this server. > > I have been messing with the Max Children, Max Unscanned Messages Per Scan > and Max Unsafe Messages Per Scan to find the magic numbers to get mail to > prcess through this server smoothly. > > Max Children = 30 > Max Unscanned Messages Per Scan = 40 > Max Unsafe Messages Per Scan = 40 > Max Normal Queue Size = 5 > > Current queue has 5000 messages waiting to be scanned. > ---------------------------- > smtp1(1600):[/usr/local/etc/MailScanner]-#ps auxww | grep MailS | wc -l > 17 > smtp1(1601):[/usr/local/etc/MailScanner]-#w > 12:18PM up 30 days, 2:38, 2 users, load averages: 1.47, 1.35, 1.37 > > Sep 26 12:18:25 smtp1 MailScanner[83495]: Batch (40 messages) processed in > 52.51 seconds > --------------------------- > smtp1(1613):[/usr/local/etc/MailScanner]-#ps auxww | grep MailS | wc -l > 32 > smtp1(1614):[/usr/local/etc/MailScanner]-#w > 12:20PM up 30 days, 2:40, 2 users, load averages: 0.53, 1.10, 1.27 > > Sep 26 12:20:40 smtp1 MailScanner[83502]: Batch (40 messages) processed in > 182.66 seconds > > I can't find it. > > I grep the mail logs for the scan seconds and I find this. > > Sep 26 12:00:49 smtp1 MailScanner[78986]: Batch (40 messages) processed in > 221.82 seconds > Sep 26 12:01:07 smtp1 MailScanner[78940]: Batch (40 messages) processed in > 239.80 seconds > Sep 26 12:01:09 smtp1 MailScanner[79037]: Batch (40 messages) processed in > 237.63 seconds > > Then: > > Sep 26 12:08:46 smtp1 MailScanner[79484]: Batch (40 messages) processed in > 667.70 seconds > Sep 26 12:08:53 smtp1 MailScanner[79207]: Batch (40 messages) processed in > 691.09 seconds > Sep 26 12:08:56 smtp1 MailScanner[79329]: Batch (40 messages) processed in > 678.39 seconds > > And this time will continue to climb. > > Earlier it was: > Sep 26 11:52:53 smtp1 MailScanner[64885]: Batch (40 messages) processed in > 1272.42 seconds > Sep 26 11:52:54 smtp1 MailScanner[65051]: Batch (40 messages) processed in > 1291.63 seconds > Sep 26 11:53:36 smtp1 MailScanner[66205]: Batch (40 messages) processed in > 1186.13 seconds > > I restarted MailScanner and it goes back down for a short time. > > I have another server similar specs, FreeBSD 6.1, 4 Gig RAM, Dual Xeon > 2.8GHz same MailScanner and Clam version. It's time also climbs, but takes a > long time and the /var/spool/mqueue.in directory doesn't fill up with > messages waiting to scan. This server can handle about twice as much > throughput as the other. I also have the MailScanner.conf settings as above > set higher. This one has 20 children with 80 messages per scan. The time > rarely gets above 300 seconds in the mail logs. > > How can I troubleshoot this? Obviously it's not going to be fixed by > tweaking those MailScanner settings above. I just don't have any idea why > the scan times creep up like that. > > Any ideas? > > Thanks, > Chuck > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Carl.Andrews at crackerbarrel.com Wed Sep 26 19:14:51 2007 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 455) Date: Wed Sep 26 19:14:54 2007 Subject: Spam/Trojan RTF In-Reply-To: <113A0DFC086C984AB9EFDF6B8614F07501E43418@exchange03.CBOCS.com> Message-ID: <113A0DFC086C984AB9EFDF6B8614F07501E4341A@exchange03.CBOCS.com> http://www.news.com/Trojan-attack-targets-top-executives/2100-7349_3-620 9930 .html http://www.darkreading.com/document.asp?doc_id=134229&WT.svl=news1_2 Anyone have a sample of this new(?) spam/trojan? Is the RTF actually and executable or does it open in Office and run a macro; can RTF's contain macros? If I disallow executables will it be blocked? Thanks! Carl -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070926/b7879678/attachment.html From ssilva at sgvwater.com Wed Sep 26 20:29:42 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Sep 26 20:32:29 2007 Subject: messages backing up - help In-Reply-To: <04f401c80061$ec9f4df0$8c007f0a@epctech.com> References: <04f401c80061$ec9f4df0$8c007f0a@epctech.com> Message-ID: on 9/26/2007 10:23 AM Chuck Rock spake the following: > I am running FreeBSD 6.2 with MailScanner 4.61.7 and ClamAV 0.91.2 on a Dual > Xeon 3.0GHz with 2 Gig RAM server. > > This box is just a pre-filter to do AV scan and the basic RBL and phishing > scan. No spamassasin filtering on this server. > > I have been messing with the Max Children, Max Unscanned Messages Per Scan > and Max Unsafe Messages Per Scan to find the magic numbers to get mail to > prcess through this server smoothly. > > Max Children = 30 > Max Unscanned Messages Per Scan = 40 > Max Unsafe Messages Per Scan = 40 > Max Normal Queue Size = 5 30 children might be a little high for 2 gigs of ram, but since you aren't using spamassassin, it might be OK. The other server has only 20 children, and double the ram, and it operates better. Have you tried running clamd and using it to scan? Are you running caching nameserver on the box since you are doing RPL lookups? > > Current queue has 5000 messages waiting to be scanned. > ---------------------------- > smtp1(1600):[/usr/local/etc/MailScanner]-#ps auxww | grep MailS | wc -l > 17 > smtp1(1601):[/usr/local/etc/MailScanner]-#w > 12:18PM up 30 days, 2:38, 2 users, load averages: 1.47, 1.35, 1.37 > > Sep 26 12:18:25 smtp1 MailScanner[83495]: Batch (40 messages) processed in > 52.51 seconds > --------------------------- > smtp1(1613):[/usr/local/etc/MailScanner]-#ps auxww | grep MailS | wc -l > 32 > smtp1(1614):[/usr/local/etc/MailScanner]-#w > 12:20PM up 30 days, 2:40, 2 users, load averages: 0.53, 1.10, 1.27 > > Sep 26 12:20:40 smtp1 MailScanner[83502]: Batch (40 messages) processed in > 182.66 seconds > > I can't find it. > > I grep the mail logs for the scan seconds and I find this. > > Sep 26 12:00:49 smtp1 MailScanner[78986]: Batch (40 messages) processed in > 221.82 seconds > Sep 26 12:01:07 smtp1 MailScanner[78940]: Batch (40 messages) processed in > 239.80 seconds > Sep 26 12:01:09 smtp1 MailScanner[79037]: Batch (40 messages) processed in > 237.63 seconds > > Then: > > Sep 26 12:08:46 smtp1 MailScanner[79484]: Batch (40 messages) processed in > 667.70 seconds > Sep 26 12:08:53 smtp1 MailScanner[79207]: Batch (40 messages) processed in > 691.09 seconds > Sep 26 12:08:56 smtp1 MailScanner[79329]: Batch (40 messages) processed in > 678.39 seconds > > And this time will continue to climb. > > Earlier it was: > Sep 26 11:52:53 smtp1 MailScanner[64885]: Batch (40 messages) processed in > 1272.42 seconds > Sep 26 11:52:54 smtp1 MailScanner[65051]: Batch (40 messages) processed in > 1291.63 seconds > Sep 26 11:53:36 smtp1 MailScanner[66205]: Batch (40 messages) processed in > 1186.13 seconds > > I restarted MailScanner and it goes back down for a short time. > > I have another server similar specs, FreeBSD 6.1, 4 Gig RAM, Dual Xeon > 2.8GHz same MailScanner and Clam version. It's time also climbs, but takes a > long time and the /var/spool/mqueue.in directory doesn't fill up with > messages waiting to scan. This server can handle about twice as much > throughput as the other. I also have the MailScanner.conf settings as above > set higher. This one has 20 children with 80 messages per scan. The time > rarely gets above 300 seconds in the mail logs. > > How can I troubleshoot this? Obviously it's not going to be fixed by > tweaking those MailScanner settings above. I just don't have any idea why > the scan times creep up like that. > > Any ideas? > > Thanks, > Chuck > -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From MailScanner at ecs.soton.ac.uk Wed Sep 26 20:54:55 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Sep 26 20:55:17 2007 Subject: Spam/Trojan RTF In-Reply-To: <113A0DFC086C984AB9EFDF6B8614F07501E4341A@exchange03.CBOCS.com> References: <113A0DFC086C984AB9EFDF6B8614F07501E4341A@exchange03.CBOCS.com> Message-ID: <46FAB90F.4020701@ecs.soton.ac.uk> Have you got any examples of it? The 2nd document you link to here says that the RTF contains a link to an executable, not the executable itself, which makes more sense. It doesn't go into enough detail to infer anything else. Andrews Carl 455 wrote: > http://www.news.com/Trojan-attack-targets-top-executives/2100-7349_3-6209930 > .html > > > > http://www.darkreading.com/document.asp?doc_id=134229&WT.svl=news1_2 > > > > Anyone have a sample of this new(?) spam/trojan? Is the RTF > actually and executable or does it open in Office and run a macro; > can RTF's contain macros? If I disallow executables will it be > blocked? > > Thanks! > Carl > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Wed Sep 26 22:33:57 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Sep 26 22:34:20 2007 Subject: GPL v3 Message-ID: <46FAD045.3080705@ecs.soton.ac.uk> I'm sure there are several of you who understand the new GPL v3 better than I do. What would be the consequences of me moving MailScanner to the GPL v3? Are there any other licences that might be a better choice than any of the GPLs? (Please state your standpoint if answering any of this lot!). Thanks, Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From lists at sequestered.net Wed Sep 26 22:58:52 2007 From: lists at sequestered.net (Jay Chandler) Date: Wed Sep 26 22:58:56 2007 Subject: sa-update question Message-ID: <46FAD61C.3000402@sequestered.net> Howdy! I've built a channelfile for sa-update, and it appears to work correctly. [97849] dbg: channel: attempting channel updates.spamassassin.org [97849] dbg: channel: update directory /var/db/spamassassin/3.002003/updates_spamassassin_org [97849] dbg: channel: channel cf file /var/db/spamassassin/3.002003/updates_spamassassin_org.cf [97849] dbg: channel: channel pre file /var/db/spamassassin/3.002003/updates_spamassassin_org.pre [97849] dbg: channel: metadata version = 578932 However, I don't see any reference to /usr/local/etc/mail/spamassassin/ (the rules directory that MS's implementation of SA uses), and the date on the files within it are all from back when I built the box. Is a diff done at some point, or do I need to be referencing /var/db/spamassassin/3.002003 in my MailScanner config? -- Jay Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: We're upgrading /dev/null From prandal at herefordshire.gov.uk Wed Sep 26 23:29:59 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Sep 26 23:30:18 2007 Subject: messages backing up - help In-Reply-To: <050a01c80066$d92f0260$8c007f0a@epctech.com> References: <46FA9A3F.3040009@tc3net.com> <050a01c80066$d92f0260$8c007f0a@epctech.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03CF08@HC-MBX02.herefordshire.gov.uk> Chuck, Which RBLs are you checking in MailScanner? Phil -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Chuck Rock Sent: 26 September 2007 18:59 To: 'MailScanner discussion' Subject: RE: messages backing up - help Excelent, I will try some of these suggestions and let you know. FYI, I am using a local install of Bind on the server that is flying through the mail. I didn't think of that before. I am working on creating and using my own RBL locally to help weed out offenders to my local network. I thought the MailScanner went from LIFO (normal working) to FIFO when the Max Normal Queue size was hit. At one point I had new mail flowing immediately through and older messages delivered sometimes days later. I lowered the queue size to make sure older messages were delivered before newer ones. The server that's flying through mail also has these settings. Max Children = 20 Max Unscanned Messages Per Scan = 80 Max Unsafe Messages Per Scan = 80 Max Normal Queue Size = 5 The load avg on that server is normally around 15 with about 600,000 messages through it in the last 34 hours. I'll get back with you on my fix if something works. Thank you all very much. Chuck -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Michael Baird Sent: Wednesday, September 26, 2007 12:43 PM To: MailScanner discussion Subject: Re: messages backing up - help Something is way off, those batch times are terrible, especially without spamassassin running. Have you tried running MailScanner in debug mode, and watching it process a batch interactively to see where all the time is being spent? I'd lower Max Children way down, say 5 and work up from there, and see if it speeds up your batch time, too many simultaneous scan's of mailqueue could be at issue, or too many clamav processes. Regards Michael Baird > I am running FreeBSD 6.2 with MailScanner 4.61.7 and ClamAV 0.91.2 on a Dual > Xeon 3.0GHz with 2 Gig RAM server. > > This box is just a pre-filter to do AV scan and the basic RBL and phishing > scan. No spamassasin filtering on this server. > > I have been messing with the Max Children, Max Unscanned Messages Per Scan > and Max Unsafe Messages Per Scan to find the magic numbers to get mail to > prcess through this server smoothly. > > Max Children = 30 > Max Unscanned Messages Per Scan = 40 > Max Unsafe Messages Per Scan = 40 > Max Normal Queue Size = 5 > > Current queue has 5000 messages waiting to be scanned. > ---------------------------- > smtp1(1600):[/usr/local/etc/MailScanner]-#ps auxww | grep MailS | wc -l > 17 > smtp1(1601):[/usr/local/etc/MailScanner]-#w > 12:18PM up 30 days, 2:38, 2 users, load averages: 1.47, 1.35, 1.37 > > Sep 26 12:18:25 smtp1 MailScanner[83495]: Batch (40 messages) processed in > 52.51 seconds > --------------------------- > smtp1(1613):[/usr/local/etc/MailScanner]-#ps auxww | grep MailS | wc -l > 32 > smtp1(1614):[/usr/local/etc/MailScanner]-#w > 12:20PM up 30 days, 2:40, 2 users, load averages: 0.53, 1.10, 1.27 > > Sep 26 12:20:40 smtp1 MailScanner[83502]: Batch (40 messages) processed in > 182.66 seconds > > I can't find it. > > I grep the mail logs for the scan seconds and I find this. > > Sep 26 12:00:49 smtp1 MailScanner[78986]: Batch (40 messages) processed in > 221.82 seconds > Sep 26 12:01:07 smtp1 MailScanner[78940]: Batch (40 messages) processed in > 239.80 seconds > Sep 26 12:01:09 smtp1 MailScanner[79037]: Batch (40 messages) processed in > 237.63 seconds > > Then: > > Sep 26 12:08:46 smtp1 MailScanner[79484]: Batch (40 messages) processed in > 667.70 seconds > Sep 26 12:08:53 smtp1 MailScanner[79207]: Batch (40 messages) processed in > 691.09 seconds > Sep 26 12:08:56 smtp1 MailScanner[79329]: Batch (40 messages) processed in > 678.39 seconds > > And this time will continue to climb. > > Earlier it was: > Sep 26 11:52:53 smtp1 MailScanner[64885]: Batch (40 messages) processed in > 1272.42 seconds > Sep 26 11:52:54 smtp1 MailScanner[65051]: Batch (40 messages) processed in > 1291.63 seconds > Sep 26 11:53:36 smtp1 MailScanner[66205]: Batch (40 messages) processed in > 1186.13 seconds > > I restarted MailScanner and it goes back down for a short time. > > I have another server similar specs, FreeBSD 6.1, 4 Gig RAM, Dual Xeon > 2.8GHz same MailScanner and Clam version. It's time also climbs, but takes a > long time and the /var/spool/mqueue.in directory doesn't fill up with > messages waiting to scan. This server can handle about twice as much > throughput as the other. I also have the MailScanner.conf settings as above > set higher. This one has 20 children with 80 messages per scan. The time > rarely gets above 300 seconds in the mail logs. > > How can I troubleshoot this? Obviously it's not going to be fixed by > tweaking those MailScanner settings above. I just don't have any idea why > the scan times creep up like that. > > Any ideas? > > Thanks, > Chuck > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From saldaris at lib.uoc.gr Thu Sep 27 09:26:15 2007 From: saldaris at lib.uoc.gr (=?iso-8859-7?B?zOHt/Ovn8iDT4evk3PHn8g==?=) Date: Thu Sep 27 09:25:16 2007 Subject: No Programs allowed Message-ID: <01c401c800e0$11fd0cd0$386c3493@it56> Following the message 2007-May/072991.html I have this exact problem: e-mails encoded UTF-8 (greek language), are identified as programs. My mail server runs on FC7 with the latest Mailscanner, Clamav, postfix Because I did not understand exactly your solution suggested, can you please explain: 1. Should I edit the "magic" file and add a new rule or sth else? 2. Which one file is the appropriate? /usr/share/file/magic /usr/share/misc/magic /usr/share/magic Thank you Manolis Saldaris From a.peacock at chime.ucl.ac.uk Thu Sep 27 12:01:30 2007 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu Sep 27 12:01:38 2007 Subject: sa-update question In-Reply-To: <46FAD61C.3000402@sequestered.net> References: <46FAD61C.3000402@sequestered.net> Message-ID: <46FB8D8A.9090906@chime.ucl.ac.uk> Hi, Jay Chandler wrote: > Howdy! > > I've built a channelfile for sa-update, and it appears to work correctly. > > [97849] dbg: channel: attempting channel updates.spamassassin.org > [97849] dbg: channel: update directory > /var/db/spamassassin/3.002003/updates_spamassassin_org > [97849] dbg: channel: channel cf file > /var/db/spamassassin/3.002003/updates_spamassassin_org.cf > [97849] dbg: channel: channel pre file > /var/db/spamassassin/3.002003/updates_spamassassin_org.pre > [97849] dbg: channel: metadata version = 578932 > > However, I don't see any reference to /usr/local/etc/mail/spamassassin/ > (the rules directory that MS's implementation of SA uses), and the date > on the files within it are all from back when I built the box. > > Is a diff done at some point, or do I need to be referencing > /var/db/spamassassin/3.002003 in my MailScanner config? If your MailScanner is recent enough, you shouldn't need to change anything, have a look in MailScanner.conf for "SpamAssassin Local State Dir": "# The rules created by the "sa-update" tool are searched for here. # This directory contains the 3.001001/updates_spamassassin_org # directory structure beneath it. # Only un-comment this setting once you have proved that the sa-update # cron job has run successfully and has created a directory structure under # the spamassassin directory within this one and has put some *.cf files in # there. Otherwise it will ignore all your current rules! # The default location may be /var/opt on Solaris systems. SpamAssassin Local State Dir = # /var/lib/spamassassin" Basically, SA on its own knows to use the newer rules in the /var/lib... hierachy over and above any others. This initially caused problems in MailScanner, but Julian very quickly made MailScanner work by default in this setup. Can't remember the version that this changed in, but it was a while ago. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "A CAT scan should take less time than a PET scan. For a CAT scan, they're only looking for one thing, whereas a PET scan could result in a lot of things." - Carl Princi, 2002/07/19 From sbanderson at impromed.com Thu Sep 27 15:46:21 2007 From: sbanderson at impromed.com (Scott B. Anderson) Date: Thu Sep 27 15:46:40 2007 Subject: GPL v3 In-Reply-To: <46FAD045.3080705@ecs.soton.ac.uk> References: <46FAD045.3080705@ecs.soton.ac.uk> Message-ID: The text of GPL v3 is here: http://www.gnu.org/licenses/gpl.html The FAQ for GPL in general is here: http://www.gnu.org/licenses/gpl-faq.html From the FAQ: "What does it mean to say that two licenses are "compatible"? In order to combine two programs (or substantial parts of them) into a larger work, you need to have permission to use both programs in this way. If the two programs' licenses permit this, they are compatible. If there is no way to satisfy both licenses at once, they are incompatible. For some licenses, the way in which the combination is made may affect whether they are compatible--for instance, they may allow linking two modules together, but not allow merging their code into one module. Just to install two separate programs in the same system, it is not necessary that their licenses be compatible, because this does not combine them into a larger work." I'm not sure A) how the FSF/GNU would view MailScanner with the plugins, and SpamAssassin, and ClamAV, after all they are more or less separate installations via cpan or your rpm (the use of which might cause more headaches) installs. Is anyone here enough of a legal expert to determine what the effect on MailScanner might be if SpamAssassin or ClamAV went to GPL v3 ? I just checked clamav 0.91.1 and it uses GPL v2. SpamAssassin uses the Apache license v2.0. Scott Anderson -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Wednesday, September 26, 2007 4:34 PM To: MailScanner discussion Subject: GPL v3 I'm sure there are several of you who understand the new GPL v3 better than I do. What would be the consequences of me moving MailScanner to the GPL v3? Are there any other licences that might be a better choice than any of the GPLs? (Please state your standpoint if answering any of this lot!). Thanks, Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Richard.Frovarp at sendit.nodak.edu Thu Sep 27 16:25:12 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Thu Sep 27 16:25:17 2007 Subject: GPL v3 In-Reply-To: References: <46FAD045.3080705@ecs.soton.ac.uk> Message-ID: <46FBCB58.1050801@sendit.nodak.edu> Scott B. Anderson wrote: > > > I'm not sure A) how the FSF/GNU would view MailScanner with the plugins, and SpamAssassin, and ClamAV, after all they are more or less separate installations via cpan or your rpm (the use of which might cause more headaches) installs. > > Is anyone here enough of a legal expert to determine what the effect on MailScanner might be if SpamAssassin or ClamAV went to GPL v3 ? I just checked clamav 0.91.1 and it uses GPL v2. SpamAssassin uses the Apache license v2.0. > > Scott Anderson > SpamAssassin won't be going to GPL. They'll stick with the ASF license so long as they are an ASF project. The ASF license is not compatible with GPL. From Richard.Frovarp at sendit.nodak.edu Thu Sep 27 16:30:40 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Thu Sep 27 16:30:43 2007 Subject: GPL v3 In-Reply-To: <46FAD045.3080705@ecs.soton.ac.uk> References: <46FAD045.3080705@ecs.soton.ac.uk> Message-ID: <46FBCCA0.4000606@sendit.nodak.edu> Julian Field wrote: > I'm sure there are several of you who understand the new GPL v3 better > than I do. > What would be the consequences of me moving MailScanner to the GPL v3? > > Are there any other licences that might be a better choice than any of > the GPLs? (Please state your standpoint if answering any of this lot!). > > Thanks, > > Jules > Doesn't MailScanner already fall under GPL v3, if I so choose? I don't know what the consequences would be if you forced everyone to use GPL v3 instead of just providing the option to use it. From martinh at solidstatelogic.com Thu Sep 27 16:44:54 2007 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Sep 27 16:45:13 2007 Subject: GPL v3 In-Reply-To: <46FBCCA0.4000606@sendit.nodak.edu> Message-ID: BSD - http://www.itwire.com/content/view/14361/1091/ To quote from the licence template itself: "Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: "Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. "Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. "Neither the name of the nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission." The third condition here would help with the 3 companies I've heard of that are taking the MailScanner code and perhaps not feeding anything back (code or money). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Richard Frovarp > Sent: 27 September 2007 16:31 > To: MailScanner discussion > Subject: Re: GPL v3 > > Julian Field wrote: > > I'm sure there are several of you who understand the new GPL v3 better > > than I do. > > What would be the consequences of me moving MailScanner to the GPL v3? > > > > Are there any other licences that might be a better choice than any of > > the GPLs? (Please state your standpoint if answering any of this lot!). > > > > Thanks, > > > > Jules > > > > Doesn't MailScanner already fall under GPL v3, if I so choose? I don't > know what the consequences would be if you forced everyone to use GPL v3 > instead of just providing the option to use it. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From ssilva at sgvwater.com Thu Sep 27 17:02:33 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Sep 27 17:07:03 2007 Subject: GPL v3 In-Reply-To: References: <46FAD045.3080705@ecs.soton.ac.uk> Message-ID: on 9/27/2007 7:46 AM Scott B. Anderson spake the following: > The text of GPL v3 is here: http://www.gnu.org/licenses/gpl.html > The FAQ for GPL in general is here: http://www.gnu.org/licenses/gpl-faq.html > > > From the FAQ: > "What does it mean to say that two licenses are "compatible"? > > In order to combine two programs (or substantial parts of them) into a larger work, you need to have permission to use both programs in this way. If the two programs' licenses permit this, they are compatible. If there is no way to satisfy both licenses at once, they are incompatible. > > For some licenses, the way in which the combination is made may affect whether they are compatible--for instance, they may allow linking two modules together, but not allow merging their code into one module. > > Just to install two separate programs in the same system, it is not necessary that their licenses be compatible, because this does not combine them into a larger work." > > > > I'm not sure A) how the FSF/GNU would view MailScanner with the plugins, and SpamAssassin, and ClamAV, after all they are more or less separate installations via cpan or your rpm (the use of which might cause more headaches) installs. > > Is anyone here enough of a legal expert to determine what the effect on MailScanner might be if SpamAssassin or ClamAV went to GPL v3 ? I just checked clamav 0.91.1 and it uses GPL v2. SpamAssassin uses the Apache license v2.0. > > Scott Anderson But spamassassin and clamav are not compiled into MailScanner, they are separate programs compiled independently. Just because they interact has no bearing on the license of MailScanner. Otherwise, if GCC was set to GPL3, then every program you compiled on a system would also be GPL3 if the interaction went that way. What Julian would have to look at would be any contributed code that was added under an incompatible license. Lets say if I had written one of the modules and given it to Julian, but specified a BSD license, Julian would have to re-design that module, or I would have to change the licensing. Julian, you might need to make some sort of statement that all contributed code needs to be GPL and enforce it. I know that you usually re-code most contributions into you coding style, so you are probably fairly safe. Julian, you might need to check with Fortress to see if GPL3 interferes with your commercial ventures with them. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From Kevin_Miller at ci.juneau.ak.us Thu Sep 27 17:19:11 2007 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Sep 27 17:18:35 2007 Subject: GPL v3 In-Reply-To: <46FBCCA0.4000606@sendit.nodak.edu> References: <46FAD045.3080705@ecs.soton.ac.uk> <46FBCCA0.4000606@sendit.nodak.edu> Message-ID: Richard Frovarp wrote: > > Doesn't MailScanner already fall under GPL v3, if I so choose? I don't > know what the consequences would be if you forced everyone to use GPL > v3 instead of just providing the option to use it. No, because you don't own it - Jules does. As the owner he alone can determine how he wants to license it. As far as I know, it's just under the GPL 2 license. If you wrote some extensions to it, you could license them under GPL 3, but I don't think that would affect the entire work... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From jon at radel.com Thu Sep 27 17:37:30 2007 From: jon at radel.com (Jon Radel) Date: Thu Sep 27 17:37:55 2007 Subject: GPL v3 In-Reply-To: References: <46FAD045.3080705@ecs.soton.ac.uk> <46FBCCA0.4000606@sendit.nodak.edu> Message-ID: <46FBDC4A.6020204@radel.com> Kevin Miller wrote: > Richard Frovarp wrote: >> Doesn't MailScanner already fall under GPL v3, if I so choose? I don't >> know what the consequences would be if you forced everyone to use GPL >> v3 instead of just providing the option to use it. > > No, because you don't own it - Jules does. As the owner he alone can > determine how he wants to license it. As far as I know, it's just under > the GPL 2 license. If you wrote some extensions to it, you could > license them under GPL 3, but I don't think that would affect the entire > work... Perhaps you should read how Julian has licensed it before assuming anything: # MailScanner - SMTP E-Mail Virus Scanner # Copyright (C) 2002 Julian Field # # $Id: install.rpm-fns.sh 2499 2004-07-25 21:29:46Z jkf $ # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. which is pretty common, but not universal, for material licensed under GPL 2. :-) --Jon Radel jon@radel.com -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2890 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070927/08be47f6/smime.bin From Richard.Frovarp at sendit.nodak.edu Thu Sep 27 19:32:33 2007 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Thu Sep 27 19:32:36 2007 Subject: GPL v3 In-Reply-To: References: Message-ID: <46FBF741.4010501@sendit.nodak.edu> Martin.Hepworth wrote: > BSD - > > http://www.itwire.com/content/view/14361/1091/ > > To quote from the licence template itself: "Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: > > "Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. > "Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. > "Neither the name of the nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission." > > > > The third condition here would help with the 3 companies I've heard of that are taking the MailScanner code and perhaps not feeding anything back (code or money). > Yeah, but the BSD license allows them to take the code, change the code, and sell it without giving out the code. They couldn't use the MailScanner name due to the third condition. However, it wouldn't stop them from contributing nothing back. In fact the BSD would allow them to get away with it. The GPL makes them provide the source to those that acquire their products if the customer asks. From ssilva at sgvwater.com Thu Sep 27 19:47:08 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Sep 27 19:47:33 2007 Subject: GPL v3 In-Reply-To: References: <46FBCCA0.4000606@sendit.nodak.edu> Message-ID: on 9/27/2007 8:44 AM Martin.Hepworth spake the following: > BSD - > > http://www.itwire.com/content/view/14361/1091/ > > To quote from the licence template itself: "Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: > > "Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. > "Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. > "Neither the name of the nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission." > > > > The third condition here would help with the 3 companies I've heard of that are taking the MailScanner code and perhaps not feeding anything back (code or money). > What are the three companies doing this? Just curious... Inquiring minds want to know . I always wodered if Opencomputing was doing that (Openprotect). -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Thu Sep 27 19:57:53 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Sep 27 19:58:12 2007 Subject: GPL v3 In-Reply-To: References: <46FBCCA0.4000606@sendit.nodak.edu> Message-ID: on 9/27/2007 11:47 AM Scott Silva spake the following: > on 9/27/2007 8:44 AM Martin.Hepworth spake the following: >> BSD - >> >> http://www.itwire.com/content/view/14361/1091/ >> >> To quote from the licence template itself: "Redistribution and use in >> source and binary forms, with or without modification, are permitted >> provided that the following conditions are met: >> >> "Redistributions of source code must retain the above copyright >> notice, this list of conditions and the following disclaimer. >> "Redistributions in binary form must reproduce the above copyright >> notice, this list of conditions and the following disclaimer in the >> documentation and/or other materials provided with the distribution. >> "Neither the name of the nor the names of its >> contributors may be used to endorse or promote products derived from >> this software without specific prior written permission." >> >> >> >> The third condition here would help with the 3 companies I've heard of >> that are taking the MailScanner code and perhaps not feeding anything >> back (code or money). >> > What are the three companies doing this? > Just curious... Inquiring minds want to know . > I always wodered if Opencomputing was doing that (Openprotect). But they do contribute the sa-update channel for the sare rules. Replying to myself ... I must have postfix running somewhere. ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From glenn.steen at gmail.com Thu Sep 27 20:16:29 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Sep 27 20:16:33 2007 Subject: GPL v3 In-Reply-To: References: <46FBCCA0.4000606@sendit.nodak.edu> Message-ID: <223f97700709271216i1b6eaf29m5d1be2ffc65f1752@mail.gmail.com> On 27/09/2007, Scott Silva wrote: > on 9/27/2007 11:47 AM Scott Silva spake the following: > > on 9/27/2007 8:44 AM Martin.Hepworth spake the following: > >> BSD - > >> > >> http://www.itwire.com/content/view/14361/1091/ > >> > >> To quote from the licence template itself: "Redistribution and use in > >> source and binary forms, with or without modification, are permitted > >> provided that the following conditions are met: > >> > >> "Redistributions of source code must retain the above copyright > >> notice, this list of conditions and the following disclaimer. > >> "Redistributions in binary form must reproduce the above copyright > >> notice, this list of conditions and the following disclaimer in the > >> documentation and/or other materials provided with the distribution. > >> "Neither the name of the nor the names of its > >> contributors may be used to endorse or promote products derived from > >> this software without specific prior written permission." > >> > >> > >> > >> The third condition here would help with the 3 companies I've heard of > >> that are taking the MailScanner code and perhaps not feeding anything > >> back (code or money). > >> > > What are the three companies doing this? > > Just curious... Inquiring minds want to know . > > I always wodered if Opencomputing was doing that (Openprotect). > But they do contribute the sa-update channel for the sare rules. > Replying to myself ... I must have postfix running somewhere. ;-P Wellcome to the family:-D;-) My view on all this license stuff is ... why change? Newer license/higher version number doesn't necessarily mean "better". What goal do you aim at Jules? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From lists at sequestered.net Thu Sep 27 21:33:30 2007 From: lists at sequestered.net (Jay Chandler) Date: Thu Sep 27 21:33:35 2007 Subject: sa-update question In-Reply-To: <46FB8D8A.9090906@chime.ucl.ac.uk> References: <46FAD61C.3000402@sequestered.net> <46FB8D8A.9090906@chime.ucl.ac.uk> Message-ID: <46FC139A.2090006@sequestered.net> Anthony Peacock wrote: > Hi, > > > "# The rules created by the "sa-update" tool are searched for here. > # This directory contains the 3.001001/updates_spamassassin_org > # directory structure beneath it. > # Only un-comment this setting once you have proved that the sa-update > # cron job has run successfully and has created a directory structure under > # the spamassassin directory within this one and has put some *.cf files in > # there. Otherwise it will ignore all your current rules! > # The default location may be /var/opt on Solaris systems. > SpamAssassin Local State Dir = # /var/lib/spamassassin" > > Basically, SA on its own knows to use the newer rules in the /var/lib... > hierachy over and above any others. This initially caused problems in > MailScanner, but Julian very quickly made MailScanner work by default in > this setup. Can't remember the version that this changed in, but it was > a while ago. Fantastic! And even though there are several "version" directories underneath it, it knows where to go? -- Jay Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: We're upgrading /dev/null From slacker.ar at gmail.com Thu Sep 27 21:39:32 2007 From: slacker.ar at gmail.com (Dario Hernan) Date: Thu Sep 27 21:39:35 2007 Subject: Error in mailscanner with ID's duplicated Message-ID: <9bc19ef30709271339s979e7d9k30a6466406efa4c1@mail.gmail.com> Hi all! I have a problem with mailscanner, in the maillog file appears errors of unlinking this is the error: grep Unlinking /var/log/maillog Sep 23 08:32:27 xxxxxx MailScanner[16352]: Unlinking /var/spool/mqueue.in/qfl8NDW7N0015922 failed: No such file or directory Sep 23 08:32:27 xxxxxx MailScanner[16352]: Unlinking /var/spool/mqueue.in/dfl8NDW7N0015922 failed: No such file or directory I was looking in google, but all posts talk about the lock type. in my conhnfiguration the lock type is posix. sendmail version is 8.13.8 SpamAssassin version 3.2.1 the version of the mailscanner is the lastest can anybody help me?? Thanks in advance Dario From mkettler at evi-inc.com Thu Sep 27 21:50:12 2007 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Sep 27 21:50:42 2007 Subject: Error in mailscanner with ID's duplicated In-Reply-To: <9bc19ef30709271339s979e7d9k30a6466406efa4c1@mail.gmail.com> References: <9bc19ef30709271339s979e7d9k30a6466406efa4c1@mail.gmail.com> Message-ID: <46FC1784.2080903@evi-inc.com> Dario Hernan wrote: > Hi all! I have a problem with mailscanner, in the maillog file appears > errors of unlinking > > this is the error: > > grep Unlinking /var/log/maillog > Sep 23 08:32:27 xxxxxx MailScanner[16352]: Unlinking > /var/spool/mqueue.in/qfl8NDW7N0015922 failed: No such file or > directory > Sep 23 08:32:27 xxxxxx MailScanner[16352]: Unlinking > /var/spool/mqueue.in/dfl8NDW7N0015922 failed: No such file or > directory > > I was looking in google, but all posts talk about the lock type. > in my conhnfiguration the lock type is posix. > > sendmail version is 8.13.8 > SpamAssassin version 3.2.1 > the version of the mailscanner is the lastest Check your MailScanner.conf. Is Lock Type = posix? (you should only need flock for 8.12.x versions of sendmail) From ssilva at sgvwater.com Thu Sep 27 21:57:39 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Sep 27 21:57:59 2007 Subject: sa-update question In-Reply-To: <46FC139A.2090006@sequestered.net> References: <46FAD61C.3000402@sequestered.net> <46FB8D8A.9090906@chime.ucl.ac.uk> <46FC139A.2090006@sequestered.net> Message-ID: on 9/27/2007 1:33 PM Jay Chandler spake the following: > Anthony Peacock wrote: >> Hi, >> > >> >> "# The rules created by the "sa-update" tool are searched for here. >> # This directory contains the 3.001001/updates_spamassassin_org >> # directory structure beneath it. >> # Only un-comment this setting once you have proved that the sa-update >> # cron job has run successfully and has created a directory structure >> under >> # the spamassassin directory within this one and has put some *.cf >> files in >> # there. Otherwise it will ignore all your current rules! >> # The default location may be /var/opt on Solaris systems. >> SpamAssassin Local State Dir = # /var/lib/spamassassin" >> >> Basically, SA on its own knows to use the newer rules in the >> /var/lib... hierachy over and above any others. This initially caused >> problems in MailScanner, but Julian very quickly made MailScanner work >> by default in this setup. Can't remember the version that this >> changed in, but it was a while ago. > > Fantastic! > > And even though there are several "version" directories underneath it, > it knows where to go? > > When you upgrade spamassassin, you can usually get rid of the older versions update directories if you want to free the space. The upgrade doe not remove them, nor does sa-update. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From Carl.Andrews at crackerbarrel.com Thu Sep 27 22:04:52 2007 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 455) Date: Thu Sep 27 22:04:55 2007 Subject: Spam/Trojan RTF In-Reply-To: <46FAB90F.4020701@ecs.soton.ac.uk> Message-ID: <113A0DFC086C984AB9EFDF6B8614F07501E4344D@exchange03.CBOCS.com> Nope, no examples. I was hoping someone on the list would have one. Our firewall will stop any executable downloads, I just wanted to make certain it did not come in with email. Thanks! -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Wednesday, September 26, 2007 2:55 PM To: MailScanner discussion Subject: Re: Spam/Trojan RTF Have you got any examples of it? The 2nd document you link to here says that the RTF contains a link to an executable, not the executable itself, which makes more sense. It doesn't go into enough detail to infer anything else. Andrews Carl 455 wrote: > http://www.news.com/Trojan-attack-targets-top-executives/2100-7349_3-6 > 209930 > .html > > > > http://www.darkreading.com/document.asp?doc_id=134229&WT.svl=news1_2 > > > > > Anyone have a sample of this new(?) spam/trojan? Is the RTF > actually and executable or does it open in Office and run a macro; > can RTF's contain macros? If I disallow executables will it be > blocked? > > Thanks! > Carl > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Thu Sep 27 22:01:35 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Sep 27 22:05:14 2007 Subject: Error in mailscanner with ID's duplicated In-Reply-To: <9bc19ef30709271339s979e7d9k30a6466406efa4c1@mail.gmail.com> References: <9bc19ef30709271339s979e7d9k30a6466406efa4c1@mail.gmail.com> Message-ID: on 9/27/2007 1:39 PM Dario Hernan spake the following: > Hi all! I have a problem with mailscanner, in the maillog file appears > errors of unlinking > > this is the error: > > grep Unlinking /var/log/maillog > Sep 23 08:32:27 xxxxxx MailScanner[16352]: Unlinking > /var/spool/mqueue.in/qfl8NDW7N0015922 failed: No such file or > directory > Sep 23 08:32:27 xxxxxx MailScanner[16352]: Unlinking > /var/spool/mqueue.in/dfl8NDW7N0015922 failed: No such file or > directory > > I was looking in google, but all posts talk about the lock type. > in my conhnfiguration the lock type is posix. > > sendmail version is 8.13.8 > SpamAssassin version 3.2.1 > the version of the mailscanner is the lastest > > can anybody help me?? > > Thanks in advance > Dario That looks like something removed or renamed the files before mailscanner was done. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From slacker.ar at gmail.com Thu Sep 27 22:13:11 2007 From: slacker.ar at gmail.com (Dario Hernan) Date: Thu Sep 27 22:13:14 2007 Subject: Error in mailscanner with ID's duplicated In-Reply-To: References: <9bc19ef30709271339s979e7d9k30a6466406efa4c1@mail.gmail.com> Message-ID: <9bc19ef30709271413v91d70fdvb738a8d4a0b9feb7@mail.gmail.com> In the mysql appear two registries with the same ID, as if two mailscanner child take the same emails, and one of them process it before the other one. On 9/27/07, Scott Silva wrote: > on 9/27/2007 1:39 PM Dario Hernan spake the following: > > Hi all! I have a problem with mailscanner, in the maillog file appears > > errors of unlinking > > > > this is the error: > > > > grep Unlinking /var/log/maillog > > Sep 23 08:32:27 xxxxxx MailScanner[16352]: Unlinking > > /var/spool/mqueue.in/qfl8NDW7N0015922 failed: No such file or > > directory > > Sep 23 08:32:27 xxxxxx MailScanner[16352]: Unlinking > > /var/spool/mqueue.in/dfl8NDW7N0015922 failed: No such file or > > directory > > > > I was looking in google, but all posts talk about the lock type. > > in my conhnfiguration the lock type is posix. > > > > sendmail version is 8.13.8 > > SpamAssassin version 3.2.1 > > the version of the mailscanner is the lastest > > > > can anybody help me?? > > > > Thanks in advance > > Dario > That looks like something removed or renamed the files before mailscanner was > done. > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From slacker.ar at gmail.com Thu Sep 27 22:14:17 2007 From: slacker.ar at gmail.com (Dario Hernan) Date: Thu Sep 27 22:14:21 2007 Subject: Error in mailscanner with ID's duplicated In-Reply-To: <9bc19ef30709271413v91d70fdvb738a8d4a0b9feb7@mail.gmail.com> References: <9bc19ef30709271339s979e7d9k30a6466406efa4c1@mail.gmail.com> <9bc19ef30709271413v91d70fdvb738a8d4a0b9feb7@mail.gmail.com> Message-ID: <9bc19ef30709271414s2eb225b6se2cd3173cb52115e@mail.gmail.com> yes, the lock type es posix On 9/27/07, Dario Hernan wrote: > In the mysql appear two registries with the same ID, as if two > mailscanner child take the same emails, and one of them process it > before the other one. > > > On 9/27/07, Scott Silva wrote: > > on 9/27/2007 1:39 PM Dario Hernan spake the following: > > > Hi all! I have a problem with mailscanner, in the maillog file appears > > > errors of unlinking > > > > > > this is the error: > > > > > > grep Unlinking /var/log/maillog > > > Sep 23 08:32:27 xxxxxx MailScanner[16352]: Unlinking > > > /var/spool/mqueue.in/qfl8NDW7N0015922 failed: No such file or > > > directory > > > Sep 23 08:32:27 xxxxxx MailScanner[16352]: Unlinking > > > /var/spool/mqueue.in/dfl8NDW7N0015922 failed: No such file or > > > directory > > > > > > I was looking in google, but all posts talk about the lock type. > > > in my conhnfiguration the lock type is posix. > > > > > > sendmail version is 8.13.8 > > > SpamAssassin version 3.2.1 > > > the version of the mailscanner is the lastest > > > > > > can anybody help me?? > > > > > > Thanks in advance > > > Dario > > That looks like something removed or renamed the files before mailscanner was > > done. > > > > -- > > MailScanner is like deodorant... > > You hope everybody uses it, and > > you notice quickly if they don't!!!! > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > From ecasarero at gmail.com Fri Sep 28 03:17:38 2007 From: ecasarero at gmail.com (Eduardo Casarero) Date: Fri Sep 28 03:17:47 2007 Subject: Error in mailscanner with ID's duplicated In-Reply-To: References: <9bc19ef30709271339s979e7d9k30a6466406efa4c1@mail.gmail.com> Message-ID: <7d9b3cf20709271917q284d69e8w69b82c1f12f876c5@mail.gmail.com> 2007/9/27, Scott Silva : > on 9/27/2007 1:39 PM Dario Hernan spake the following: > > Hi all! I have a problem with mailscanner, in the maillog file appears > > errors of unlinking > > > > this is the error: > > > > grep Unlinking /var/log/maillog > > Sep 23 08:32:27 xxxxxx MailScanner[16352]: Unlinking > > /var/spool/mqueue.in/qfl8NDW7N0015922 failed: No such file or > > directory > > Sep 23 08:32:27 xxxxxx MailScanner[16352]: Unlinking > > /var/spool/mqueue.in/dfl8NDW7N0015922 failed: No such file or > > directory > > > > I was looking in google, but all posts talk about the lock type. > > in my conhnfiguration the lock type is posix. > > > > sendmail version is 8.13.8 > > SpamAssassin version 3.2.1 > > the version of the mailscanner is the lastest > > > > can anybody help me?? > > > > Thanks in advance > > Dario > That looks like something removed or renamed the files before mailscanner was > done. > Can that happen if you shutdown MailScanner not in a polite way with stop-mailscanner? How does the MS Batch process the group of emails, moving step by step all the emails togheter? something like this?: check all emails in rbl check all emails on spamassasing check all emails on anti-virus check spam actions do "always looked up last" for all the batch? what happens if a kill signal is recieved? > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From email at ace.net.au Fri Sep 28 04:59:17 2007 From: email at ace.net.au (Peter Nitschke) Date: Fri Sep 28 05:00:36 2007 Subject: SpamAssassin Rule Actions enhancement (UNCLASSIFIED) In-Reply-To: <88991ECEE371C644986F0C8837C207B701CC314E@ARLABML01.DS.ARL.ARMY.MIL> References: <46CA0340.6050701@ecs.soton.ac.uk> <88991ECEE371C644986F0C8837C207B701CC314E@ARLABML01.DS.ARL.ARMY.MIL> Message-ID: <200709281329170953.03DBC34F@dns3.ace.net.au> On 20/08/2007 at 7:38 PM Kash, Howard (Civ, ARL/CISD) wrote: >Classification: Caveats: *NOTICE: > >Would anyone else be interested in an option to the 'store' action to >specify a directory relative to 'Quarantine Dir'? This way various >levels of spamness can be stored in different directories. For example: > >SpamAssassin Rule Actions = SpamScore>25=>store HIGH, >SpamScore>15=>store MED, SpamScore>=5=>store LOW, SpamScore<5=>deliver > >would store messages with SA scores between 5 and 15 in >/var/spool/MailScanner/quarantine/spam/LOW, scores between 15 and 25 in >/var/spool/MailScanner/quarantine/spam/MED, and scores over 25 in >/var/spool/MailScanner/quarantine/spam/HIGH. I would love this. Currently it's a pain to search through all spams collected to find the one I am investigating. Peter From uxbod at splatnix.net Fri Sep 28 09:52:29 2007 From: uxbod at splatnix.net (UxBoD) Date: Fri Sep 28 09:52:23 2007 Subject: GPL v3 In-Reply-To: <46FAD045.3080705@ecs.soton.ac.uk> Message-ID: <9035493.4181190969549275.JavaMail.root@office.splatnix.net> IIRC Linus was not that happy about GPLv3. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Wednesday, September 26, 2007 10:33:57 PM (GMT) Europe/London Subject: GPL v3 I'm sure there are several of you who understand the new GPL v3 better than I do. What would be the consequences of me moving MailScanner to the GPL v3? Are there any other licences that might be a better choice than any of the GPLs? (Please state your standpoint if answering any of this lot!). Thanks, Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Kit at simplysites.co.uk Fri Sep 28 12:48:52 2007 From: Kit at simplysites.co.uk (Kit Wong) Date: Fri Sep 28 12:48:47 2007 Subject: Including popip.db into whitelist In-Reply-To: References: Message-ID: on 9/26/2007 1:54 AM Kit Wong spake the following: > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott > Silva > Sent: 25 September 2007 17:44 > To: mailscanner@lists.mailscanner.info > Subject: Re: Including popip.db into whitelist > > on 9/25/2007 6:52 AM Kit Wong spake the following: >> Hi All >> I have searched everywhere on the internet for an answer and have >> decided to email those who know. >> I have mailscanner/spamassassin running + MailWatch. I have noticed > the >> a lot of my client's emails are getting scanner and some are marked > as >> spam. Since the server uses pop-before-smtp a list of valid ip address >> are stored within popip.db >> >> Is there a way of dynamically querying popip.db to not scan emails > from >> those ips. I have already whitelisted/bypassed 127.0.0.1 as described > on >> a post somewhere. >> >> Adding domain names which are hosted on the server will not work due > to >> spoof emails. >> >> Hope someone can help >> Kit >> >> >> > Are they getting marked as spam because they are on dynamic ip's or are > they > getting marked as spam because they look spammy? > One is easy to fix, but the other will start getting your server on > blacklists. > >I am not too concerned about what the content is on the email, its just >that the popip.db holds valid ips that have been successfully logged in >via pop. Emails from ips listed within the db shouldn't need to be >scanned. Its just if there is a simple way of including this list then >it would make life easier. You could have remote users come in on a different port like 587 and have that go to a different queue. Or find a way to add a authed header with something like mimedefang, or see if you can write a rule in spamassassin to check if they are authed and give a negative score. ------------------------------------------------------ I thought it would be an obvious hack. Installing mimedefang is beyond my knowledge. I have found a plugin that can read access.db and pick out ipaddress in there to add to spamassassin's trusted_network list http://wiki.apache.org/spamassassin/POPAuthPlugin I have installed it and within spamassassin -D --lint it shows ipaddress I have added within access.db. Excellent, so I thought changing it to read popip.db would solve this issue but it will not pickout the ipaddress in there. POPAuth.pm may need to be customized to read what is produced within /etc/mail/popip.db by /etc/mail/poprelay.conf I am a web designer so don't really understand the code. Any help would be very much appreciated. I can copy and paste both poprelay.conf and POPAuth.pm if someone can help. Thanks -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From do.not.eat.yellow.snow at gmail.com Fri Sep 28 13:48:26 2007 From: do.not.eat.yellow.snow at gmail.com (Martin Strand) Date: Fri Sep 28 13:48:35 2007 Subject: Discard virus infected messages Message-ID: I want to discard virus infected messages but am not sure how to do that. I tried "Deliver Disinfected Files = no" but MS still disinfects and delivers with that inline report. What I'm after is something like "Virus Actions = delete". Help? Thanks, Martin From prandal at herefordshire.gov.uk Fri Sep 28 15:50:22 2007 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Sep 28 15:50:33 2007 Subject: minor bug in 4.64.1-1 Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA01BEAA68@HC-MBX02.herefordshire.gov.uk> Julian, There's a minor bug in MS 4.64.1-1 in Message.pm, to do with the new feature of adding points to SA score when "Treat Invalid Watermarks With No Sender as Spam" is set to a number greater than zero. You test the spamminess based on the number to increment by, instead of the revised score. The patch is trivial: --- Message.pm.old 2007-09-28 15:41:32.000000000 +0100 +++ Message.pm 2007-09-28 15:43:15.000000000 +0100 @@ -548,8 +548,8 @@ } # spam/high/normal can also be a number, which is added to the Spam Score elsif (($mshmacnull+0.0) > 0.01) { - my($mshspam, $mshhigh) = MailScanner::SA::SATest_spam($this, 0.0, $mshmacnull+0.0); $this->{sascore} += $mshmacnull+0.0; + my($mshspam, $mshhigh) = MailScanner::SA::SATest_spam($this, 0.0, $this->{sascore}); $this->{isspam} = 1 if $mshspam; $this->{ishigh} = 1 if $mshhigh; $this->{spamreport} = ($mshspam?$LocalSpamText:$LocalNotSpamText) . "(no\ watermark or sender address)"; Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK From MailScanner at ecs.soton.ac.uk Fri Sep 28 15:52:11 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Sep 28 15:52:30 2007 Subject: GPL v3 In-Reply-To: <223f97700709271216i1b6eaf29m5d1be2ffc65f1752@mail.gmail.com> References: <46FBCCA0.4000606@sendit.nodak.edu> <223f97700709271216i1b6eaf29m5d1be2ffc65f1752@mail.gmail.com> Message-ID: <46FD151B.9070900@ecs.soton.ac.uk> Glenn Steen wrote: > On 27/09/2007, Scott Silva wrote: > >> on 9/27/2007 11:47 AM Scott Silva spake the following: >> >>> on 9/27/2007 8:44 AM Martin.Hepworth spake the following: >>> >>>> BSD - >>>> >>>> http://www.itwire.com/content/view/14361/1091/ >>>> >>>> To quote from the licence template itself: "Redistribution and use in >>>> source and binary forms, with or without modification, are permitted >>>> provided that the following conditions are met: >>>> >>>> "Redistributions of source code must retain the above copyright >>>> notice, this list of conditions and the following disclaimer. >>>> "Redistributions in binary form must reproduce the above copyright >>>> notice, this list of conditions and the following disclaimer in the >>>> documentation and/or other materials provided with the distribution. >>>> "Neither the name of the nor the names of its >>>> contributors may be used to endorse or promote products derived from >>>> this software without specific prior written permission." >>>> >>>> >>>> >>>> The third condition here would help with the 3 companies I've heard of >>>> that are taking the MailScanner code and perhaps not feeding anything >>>> back (code or money). >>>> >>>> >>> What are the three companies doing this? >>> Just curious... Inquiring minds want to know . >>> I always wodered if Opencomputing was doing that (Openprotect). >>> >> But they do contribute the sa-update channel for the sare rules. >> Replying to myself ... I must have postfix running somewhere. ;-P >> > Wellcome to the family:-D;-) > > My view on all this license stuff is ... why change? Newer > license/higher version number doesn't necessarily mean "better". What > goal do you aim at Jules? > I wasn't planning on changing or anything. I just wondered if there were any advantages in moving to GPLv3. Sounds like the answer is no, so I'll stick with GPLv2. Thanks for all your contributions to this discussion. Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From Denis.Beauchemin at USherbrooke.ca Fri Sep 28 16:17:30 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Sep 28 16:19:23 2007 Subject: Discard virus infected messages In-Reply-To: References: Message-ID: <46FD1B0A.6010906@USherbrooke.ca> Martin Strand a ?crit : > I want to discard virus infected messages but am not sure how to do > that. I tried "Deliver Disinfected Files = no" but MS still disinfects > and delivers with that inline report. What I'm after is something like > "Virus Actions = delete". Help? > > Thanks, > Martin Martin, I think you are looking for: # Still deliver (after cleaning) messages that contained viruses listed # in the above option ("Silent Viruses") to the recipient? # Setting this to "yes" is good when you are testing everything, and # because it shows management that MailScanner is protecting them, # but it is bad because they have to filter/delete all the incoming virus # warnings. # # Note: Once you have deployed this into "production" use, you should set # Note: this option to "no" so you don't bombard thousands of people with # Note: useless messages they don't want! # # This can also be the filename of a ruleset. Still Deliver Silent Viruses = %rules-dir%/virus.to.quarantine.rules [bead2306@smtpe3 st_localbin]$ cat /etc/MailScanner/rules/virus.to.quarantine.rules Virus: BackDoor- no Virus: Email.Hdr no Virus: Email.Loan no Virus: Email.Malware no Virus: Email.Phishing no Virus: Email.ScamL no Virus: Email.Spam no Virus: Email.Webaccount no Virus: Email.FreeGame no Virus: Exploit.HTML.IFrame no Virus: fragmented no Virus: Generic.Peed no Virus: HTML.Malware no Virus: HTML.Phishing no Virus: Html.ScamL no Virus: MSRBL-Images no Virus: MSRBL-SPAM no Virus: Phish-BankFraud no Virus: Sanesecurity no Virus: Trojan no Virus: W32/ no Virus: Win32 no Virus: Worm no Virus: default yes Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From KGoods at AIAInsurance.com Fri Sep 28 16:21:36 2007 From: KGoods at AIAInsurance.com (Ken Goods) Date: Fri Sep 28 16:24:45 2007 Subject: Discard virus infected messages Message-ID: <13C0059880FDD3118DC600508B6D4A6D01C295F3@aiainsurance.com> Martin Strand wrote: > I want to discard virus infected messages but am not sure how to do > that. I tried "Deliver Disinfected Files = no" but MS still > disinfects and delivers with that inline report. What I'm after is > something like "Virus Actions = delete". Help? > > Thanks, > Martin Did you do a "service MailScanner restart"? If so, also check your Silent Virus settings. HTH, Ken Ken Goods Network Administrator CropUSA Insurance, Inc. From do.not.eat.yellow.snow at gmail.com Fri Sep 28 16:32:17 2007 From: do.not.eat.yellow.snow at gmail.com (Martin Strand) Date: Fri Sep 28 16:32:23 2007 Subject: Discard virus infected messages In-Reply-To: <46FD1B0A.6010906@USherbrooke.ca> References: <46FD1B0A.6010906@USherbrooke.ca> Message-ID: On Fri, 28 Sep 2007 17:17:30 +0200, Denis Beauchemin wrote: > Martin Strand a ?crit : >> I want to discard virus infected messages but am not sure how to do >> that. I tried "Deliver Disinfected Files = no" but MS still disinfects >> and delivers with that inline report. What I'm after is something like >> "Virus Actions = delete". Help? >> >> Thanks, >> Martin > Martin, > > I think you are looking for: > # Still deliver (after cleaning) messages that contained viruses listed > # in the above option ("Silent Viruses") to the recipient? > # Setting this to "yes" is good when you are testing everything, and > # because it shows management that MailScanner is protecting them, > # but it is bad because they have to filter/delete all the incoming virus > # warnings. > # > # Note: Once you have deployed this into "production" use, you should set > # Note: this option to "no" so you don't bombard thousands of people with > # Note: useless messages they don't want! > # > # This can also be the filename of a ruleset. > Still Deliver Silent Viruses = %rules-dir%/virus.to.quarantine.rules > > [bead2306@smtpe3 st_localbin]$ cat > /etc/MailScanner/rules/virus.to.quarantine.rules > Virus: BackDoor- no > Virus: Email.Hdr no > Virus: Email.Loan no > Virus: Email.Malware no > Virus: Email.Phishing no > Virus: Email.ScamL no > Virus: Email.Spam no > Virus: Email.Webaccount no > Virus: Email.FreeGame no > Virus: Exploit.HTML.IFrame no > Virus: fragmented no > Virus: Generic.Peed no > Virus: HTML.Malware no > Virus: HTML.Phishing no > Virus: Html.ScamL no > Virus: MSRBL-Images no > Virus: MSRBL-SPAM no > Virus: Phish-BankFraud no > Virus: Sanesecurity no > Virus: Trojan no > Virus: W32/ no > Virus: Win32 no > Virus: Worm no > Virus: default yes > > Denis > Thanks Denis, I already had "Still Deliver Silent Viruses = no" but now that I looked in MailScanner.conf again I found this: Deliver Cleaned Messages = yes which I set to "no" and now it works fine. I can't believe I missed that the first time. :=) Martin From slacker.ar at gmail.com Fri Sep 28 17:46:57 2007 From: slacker.ar at gmail.com (Dario Hernan) Date: Fri Sep 28 17:47:01 2007 Subject: Error in mailscanner with ID's duplicated In-Reply-To: <7d9b3cf20709271917q284d69e8w69b82c1f12f876c5@mail.gmail.com> References: <9bc19ef30709271339s979e7d9k30a6466406efa4c1@mail.gmail.com> <7d9b3cf20709271917q284d69e8w69b82c1f12f876c5@mail.gmail.com> Message-ID: <9bc19ef30709280946p48ab5116vad1b217e78765a78@mail.gmail.com> I will give more info about the problem. this error appear in random form, three or four times per day, receiving between 10000 and 20000 emails per day, in at least 10 servers, all with mailscanner 4.55 or higher some advice about it?? thanks Dario On 9/27/07, Eduardo Casarero wrote: > 2007/9/27, Scott Silva : > > on 9/27/2007 1:39 PM Dario Hernan spake the following: > > > Hi all! I have a problem with mailscanner, in the maillog file appears > > > errors of unlinking > > > > > > this is the error: > > > > > > grep Unlinking /var/log/maillog > > > Sep 23 08:32:27 xxxxxx MailScanner[16352]: Unlinking > > > /var/spool/mqueue.in/qfl8NDW7N0015922 failed: No such file or > > > directory > > > Sep 23 08:32:27 xxxxxx MailScanner[16352]: Unlinking > > > /var/spool/mqueue.in/dfl8NDW7N0015922 failed: No such file or > > > directory > > > > > > I was looking in google, but all posts talk about the lock type. > > > in my conhnfiguration the lock type is posix. > > > > > > sendmail version is 8.13.8 > > > SpamAssassin version 3.2.1 > > > the version of the mailscanner is the lastest > > > > > > can anybody help me?? > > > > > > Thanks in advance > > > Dario > > That looks like something removed or renamed the files before mailscanner was > > done. > > > Can that happen if you shutdown MailScanner not in a polite way with > stop-mailscanner? > > How does the MS Batch process the group of emails, moving step by step > all the emails togheter? something like this?: > check all emails in rbl > check all emails on spamassasing > check all emails on anti-virus > check spam actions > do "always looked up last" for all the batch? > > what happens if a kill signal is recieved? > > > > > -- > > MailScanner is like deodorant... > > You hope everybody uses it, and > > you notice quickly if they don't!!!! > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From campbell at cnpapers.com Fri Sep 28 19:09:21 2007 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Sep 28 19:09:59 2007 Subject: What causes this type of address in envelopes? Message-ID: <46FD4351.8090903@cnpapers.com> I have a little problem with a from envelop address. All of the header addresses are normal type somebody@somedomain.com, but the envelop from address takes the form prvs=somebody=7848db996@somedomain.com. The recipient is a little mad, because I had the address whitelisted using the normal type address and it used to work. They want me to whitelist it again. I guess I could resave my file, but.... Is it a proxy, or one of those dang MS products? Any clues? Thanks in advance. Steve Campbell From wolf at zim.goe.net Fri Sep 28 19:11:25 2007 From: wolf at zim.goe.net (Wolf) Date: Fri Sep 28 19:11:29 2007 Subject: release mail from quarantine AND modify message-id Message-ID: <637e55b80709281111l29d90471xdf4bb6f8c1b9d1ac@mail.gmail.com> Hello. My setup has a postfix with mailscanner working okay. My problem arises when I release mail from the quarantine (Quarantine Whole Messages As Queue Files = yes) with the bash-scipt (release.sh provided by wiki) that more or less just copies the queue-file into postfix incoming-queue works like it should. Postfix relays the mail to the final-mailserver. This final-destination-mailserver is a postfix with cyrus which is just dropping the released mail as it has the same message-id as the previous original disinfected mail that came first. When I first change the message-id by one character and then release it, cyrus provides the mail. So how can I modify the message id? I tried to extend the message-id by 4 characters with a sed-script before releasing it but the queue-file gets corrupted then. -- Wolf Hees http://alphawolf.blogg.de From dgottsc at emory.edu Fri Sep 28 19:15:18 2007 From: dgottsc at emory.edu (Gottschalk, David) Date: Fri Sep 28 19:15:28 2007 Subject: What causes this type of address in envelopes? In-Reply-To: <46FD4351.8090903@cnpapers.com> References: <46FD4351.8090903@cnpapers.com> Message-ID: <8D2EFA3D9FD29C45BCEC3B532F0E23084135C38676@RDPEXCH2.Eu.Emory.Edu> I have something similar going on, just that it rewrites addresses to user@serverhostname.com. David Gottschalk UTS Infrastructure Technology Services david.gottschalk@emory.edu -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Campbell Sent: Friday, September 28, 2007 2:09 PM To: mailscanner@lists.mailscanner.info Subject: What causes this type of address in envelopes? I have a little problem with a from envelop address. All of the header addresses are normal type somebody@somedomain.com, but the envelop from address takes the form prvs=somebody=7848db996@somedomain.com. The recipient is a little mad, because I had the address whitelisted using the normal type address and it used to work. They want me to whitelist it again. I guess I could resave my file, but.... Is it a proxy, or one of those dang MS products? Any clues? Thanks in advance. Steve Campbell -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USherbrooke.ca Fri Sep 28 20:10:46 2007 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Sep 28 20:12:05 2007 Subject: What causes this type of address in envelopes? In-Reply-To: <46FD4351.8090903@cnpapers.com> References: <46FD4351.8090903@cnpapers.com> Message-ID: <46FD51B6.3020802@USherbrooke.ca> Steve Campbell a ?crit : > I have a little problem with a from envelop address. All of the header > addresses are normal type somebody@somedomain.com, but the envelop > from address takes the form > > prvs=somebody=7848db996@somedomain.com. > > The recipient is a little mad, because I had the address whitelisted > using the normal type address and it used to work. They want me to > whitelist it again. I guess I could resave my file, but.... > > Is it a proxy, or one of those dang MS products? Any clues? > > Thanks in advance. > > Steve Campbell > Steve, I think this is something that could track your user if he replied to the email. Quite harmless. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From campbell at cnpapers.com Fri Sep 28 20:29:04 2007 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Sep 28 20:29:20 2007 Subject: What causes this type of address in envelopes? In-Reply-To: <46FD51B6.3020802@USherbrooke.ca> References: <46FD4351.8090903@cnpapers.com> <46FD51B6.3020802@USherbrooke.ca> Message-ID: <46FD5600.3070009@cnpapers.com> OK, thanks to all. It's sort of a problem in that it's not that easy to whitelist with that type of address, I'm not sure it they only have one server or IP they send from. It's clunky in my opinion. Again, thanks Steve Denis Beauchemin wrote: > Steve Campbell a ?crit : >> I have a little problem with a from envelop address. All of the >> header addresses are normal type somebody@somedomain.com, but the >> envelop from address takes the form >> >> prvs=somebody=7848db996@somedomain.com. >> >> The recipient is a little mad, because I had the address whitelisted >> using the normal type address and it used to work. They want me to >> whitelist it again. I guess I could resave my file, but.... >> >> Is it a proxy, or one of those dang MS products? Any clues? >> >> Thanks in advance. >> >> Steve Campbell >> > Steve, > > I think this is something that could track your user if he replied to > the email. Quite harmless. > > Denis > From ssilva at sgvwater.com Sat Sep 29 00:31:09 2007 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Sep 29 00:31:35 2007 Subject: Error in mailscanner with ID's duplicated In-Reply-To: <9bc19ef30709280946p48ab5116vad1b217e78765a78@mail.gmail.com> References: <9bc19ef30709271339s979e7d9k30a6466406efa4c1@mail.gmail.com> <7d9b3cf20709271917q284d69e8w69b82c1f12f876c5@mail.gmail.com> <9bc19ef30709280946p48ab5116vad1b217e78765a78@mail.gmail.com> Message-ID: on 9/28/2007 9:46 AM Dario Hernan spake the following: > I will give more info about the problem. > this error appear in random form, three or four times per day, > receiving between 10000 and 20000 emails per day, in at least 10 > servers, all with mailscanner 4.55 or higher > some advice about it?? > > thanks > Dario If you look at the log grepping the mail id that errors out, do you see a full progression of the mail or does the message disappear? Are you using any kind of milters or sendmail parameters that might disconnect a remote server during the data phase like connection timeouts? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From glenn.steen at gmail.com Sat Sep 29 11:49:17 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Sep 29 11:49:18 2007 Subject: release mail from quarantine AND modify message-id In-Reply-To: <637e55b80709281111l29d90471xdf4bb6f8c1b9d1ac@mail.gmail.com> References: <637e55b80709281111l29d90471xdf4bb6f8c1b9d1ac@mail.gmail.com> Message-ID: <223f97700709290349p7243def1jd9143e871df0b74e@mail.gmail.com> On 28/09/2007, Wolf wrote: > Hello. > > My setup has a postfix with mailscanner working okay. My problem > arises when I release mail from the quarantine (Quarantine Whole > Messages As Queue Files = yes) with the bash-scipt (release.sh > provided by wiki) that more or less just copies the queue-file into > postfix incoming-queue works like it should. Postfix relays the mail > to the final-mailserver. This final-destination-mailserver is a > postfix with cyrus which is just dropping the released mail as it has > the same message-id as the previous original disinfected mail that > came first. > When I first change the message-id by one character and then release > it, cyrus provides the mail. > > So how can I modify the message id? I tried to extend the message-id > by 4 characters with a sed-script before releasing it but the > queue-file gets corrupted then. "Not easily" is one answer:-) If you had MailWatch and used the "old-style" method of delivering the released mail as an attachment, you wouldn't have this problem (M-Sexchange does pretty much the same thing as Cyrus... You might find advice about it in the list archives...)... This implies having the Quarantine As Queue Files setting at "no", and working with the RFC822 message text file... You kind of need MailWatch, to keep track of the _envelope_ sender/recipient with that set to "no"... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sat Sep 29 11:53:08 2007 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Sep 29 11:53:09 2007 Subject: What causes this type of address in envelopes? In-Reply-To: <46FD5600.3070009@cnpapers.com> References: <46FD4351.8090903@cnpapers.com> <46FD51B6.3020802@USherbrooke.ca> <46FD5600.3070009@cnpapers.com> Message-ID: <223f97700709290353m1ea80030gc08389868317b0c7@mail.gmail.com> On 28/09/2007, Steve Campbell wrote: > OK, thanks to all. > > It's sort of a problem in that it's not that easy to whitelist with that > type of address, I'm not sure it they only have one server or IP they > send from. It's clunky in my opinion. Yes, it is..... So going for IP as whitelist criterion is probably your only safe bet. Perhaps you should take it up _with the sender_...? > Again, thanks > > Steve > > Denis Beauchemin wrote: > > Steve Campbell a ?crit : > >> I have a little problem with a from envelop address. All of the > >> header addresses are normal type somebody@somedomain.com, but the > >> envelop from address takes the form > >> > >> prvs=somebody=7848db996@somedomain.com. > >> > >> The recipient is a little mad, because I had the address whitelisted > >> using the normal type address and it used to work. They want me to > >> whitelist it again. I guess I could resave my file, but.... > >> > >> Is it a proxy, or one of those dang MS products? Any clues? > >> > >> Thanks in advance. > >> > >> Steve Campbell > >> > > Steve, > > > > I think this is something that could track your user if he replied to > > the email. Quite harmless. > > > > Denis > > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From steve.freegard at fsl.com Sat Sep 29 13:56:25 2007 From: steve.freegard at fsl.com (Steve Freegard) Date: Sat Sep 29 13:56:26 2007 Subject: release mail from quarantine AND modify message-id In-Reply-To: <637e55b80709281111l29d90471xdf4bb6f8c1b9d1ac@mail.gmail.com> References: <637e55b80709281111l29d90471xdf4bb6f8c1b9d1ac@mail.gmail.com> Message-ID: <46FE4B79.3060001@fsl.com> Hi Wolf, Wolf wrote: > Hello. > > My setup has a postfix with mailscanner working okay. My problem > arises when I release mail from the quarantine (Quarantine Whole > Messages As Queue Files = yes) with the bash-scipt (release.sh > provided by wiki) that more or less just copies the queue-file into > postfix incoming-queue works like it should. Postfix relays the mail > to the final-mailserver. This final-destination-mailserver is a > postfix with cyrus which is just dropping the released mail as it has > the same message-id as the previous original disinfected mail that > came first. > When I first change the message-id by one character and then release > it, cyrus provides the mail. > > So how can I modify the message id? I tried to extend the message-id > by 4 characters with a sed-script before releasing it but the > queue-file gets corrupted then. Try something like this: postcat | grep -Evi '^Message-ID:' | sendmail -oi Untested - but it should work. HTH, Steve. From MailScanner at ecs.soton.ac.uk Sat Sep 29 15:04:11 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Sep 29 15:04:32 2007 Subject: MailScanner & Zenoss In-Reply-To: <3512594.1071190644617496.JavaMail.root@office.splatnix.net> References: <3512594.1071190644617496.JavaMail.root@office.splatnix.net> Message-ID: <46FE5B5B.9060303@ecs.soton.ac.uk> Just seen your posting on the zenoss forums about this. All the MailScanner process names start with MailScanner: so can't you just look for that instead of a complete line? Zenoss must have the same problem with sendmail, as that does the same thing I do, change the ps listing depending on what it's doing. Any monitoring package that can't monitor something as common as sendmail is surely pretty broken :-( Jules. UxBoD wrote: > Steve, > > The problem is that even though Zenoss can use regex and detect all instances of MailScanner running, but even with the parent process changing its description line it can sometimes see it as a failure. Basically what it is doing is grabbing the process list from the SNMP tree. > > May have to write a zenoss script to do it, which is a pain, as clamd, postfix etc are all okay. Perhaps if MailScanner kept its parent process static with respect to the name ie. MailScanner and the child processes can report their own state. > > I would imagine that this could also occur on other monitoring systems IMHO. > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > From: "Steve Freegard" > To: "MailScanner discussion" > Sent: Monday, September 24, 2007 3:23:03 PM (GMT) Europe/London > Subject: Re: MailScanner & Zenoss > > UxBoD wrote: > >> Hi, >> >> Is anybody using Zenoss to monitor MailScanner ? The issue I am having is that due to MailScanner showing its current state on the process line ie. Checking with SpamAssassin, Waiting for Messages there is no one process line to check and ensure MailScanner is running. >> >> Any ideas ? >> > > How about: > > [root@mail soaplite]# ps axf | grep `cat /var/run/MailScanner.pid` | > grep -v grep > 889 ? Ss 0:00 MailScanner: master waiting for children, > sleeping > > Cheers, > Steve. > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From uxbod at splatnix.net Sun Sep 30 15:14:58 2007 From: uxbod at splatnix.net (UxBoD) Date: Sun Sep 30 15:15:23 2007 Subject: MailScanner & Zenoss In-Reply-To: <46FE5B5B.9060303@ecs.soton.ac.uk> Message-ID: <29796287.4721191161698493.JavaMail.root@office.splatnix.net> Hi Jules, The problem is that it sees each description as a seperate process. Zenoss automatically adds each one to the process list, and when it changes description it thinks that MailScanner has crashed/stopped :( Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Saturday, September 29, 2007 2:04:11 PM (GMT) Africa/Casablanca Subject: Re: MailScanner & Zenoss Just seen your posting on the zenoss forums about this. All the MailScanner process names start with MailScanner: so can't you just look for that instead of a complete line? Zenoss must have the same problem with sendmail, as that does the same thing I do, change the ps listing depending on what it's doing. Any monitoring package that can't monitor something as common as sendmail is surely pretty broken :-( Jules. UxBoD wrote: > Steve, > > The problem is that even though Zenoss can use regex and detect all instances of MailScanner running, but even with the parent process changing its description line it can sometimes see it as a failure. Basically what it is doing is grabbing the process list from the SNMP tree. > > May have to write a zenoss script to do it, which is a pain, as clamd, postfix etc are all okay. Perhaps if MailScanner kept its parent process static with respect to the name ie. MailScanner and the child processes can report their own state. > > I would imagine that this could also occur on other monitoring systems IMHO. > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > From: "Steve Freegard" > To: "MailScanner discussion" > Sent: Monday, September 24, 2007 3:23:03 PM (GMT) Europe/London > Subject: Re: MailScanner & Zenoss > > UxBoD wrote: > >> Hi, >> >> Is anybody using Zenoss to monitor MailScanner ? The issue I am having is that due to MailScanner showing its current state on the process line ie. Checking with SpamAssassin, Waiting for Messages there is no one process line to check and ensure MailScanner is running. >> >> Any ideas ? >> > > How about: > > [root@mail soaplite]# ps axf | grep `cat /var/run/MailScanner.pid` | > grep -v grep > 889 ? Ss 0:00 MailScanner: master waiting for children, > sleeping > > Cheers, > Steve. > Jules -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.